log
▁▁▁▁▁▁▁▁▁▁▁⏐▁▁
spyked: !S ssh github.com
spykedbot: SSH banner of github.com: SSH-2.0-libssh_0.7.0
spyked: !S ssh 197.53.92.104
spyked: !S ssh 115.84.92.92
spykedbot: SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
spyked: ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this.
jurov: spyked: when querying via DNS, perhaps show the IP address, too?
jurov: and github.com resolves to two IPs (but that'd be perhaps too complicated to implement)
spyked: jurov, thanks for the idea! sbcl's resolver (sb-bsd-sockets:get-host-by-name) returns both addresses on my machine, but querying each of them for the banner might break the one-response-per-command rule (I could try to string them all together in one response, but I find that ugly). so maybe I could add DNS resolution as a separate command?
spyked: some tests using sbcl, for reference: http://p.bvulpes.com/pastes/lMcV9/?raw=true
jurov: yes, extra dns resolution could prove useful
jurov: in the light of https://archive.is/PLWLd
jurov: while !S can be kept as is, only show the one IP banner is from.
asciilifeform: 'Mozilla wants to override any configured DNS server with Cloudflare' << pretty lulzy
asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q )
asciilifeform: mod6: new rk kernel baked, tested, worx.
BingoBoingo: asciilifeform: Ready for the swappy dance?
asciilifeform: BingoBoingo: zipping up kernel, will ping you
BingoBoingo: Standing by
asciilifeform: BingoBoingo: ok to swap
BingoBoingo: asciilifeform: Alright, walking over
BingoBoingo: Drive C is in Dulap
asciilifeform: ty
asciilifeform: snapshotting nao
BingoBoingo: Standing by
asciilifeform: BingoBoingo: ok to remove and boot C back up
asciilifeform: BingoBoingo: you mentioned that you want yours reimaged ? didja back up the thing ?
BingoBoingo: asciilifeform: I have the stuff I need off of it.
asciilifeform: BingoBoingo: incl any /etc configolade ?
asciilifeform: it'll all vanish
asciilifeform: if this worx for you, go ahead and move your drive over to dulap
asciilifeform: which unit were you again ? 'E' ?
BingoBoingo: F
asciilifeform: ok
BingoBoingo: C is back
asciilifeform: lemme know when F's disk is in
BingoBoingo: <asciilifeform> BingoBoingo: incl any /etc configolade ? << I have my custom stuff. F is in
asciilifeform: ok, this'll take 20-30min, can go eat
BingoBoingo: tyvm
asciilifeform: BingoBoingo: let's take the rest of this to #p, to reduce log pollution. ping me there when you get back.
asciilifeform: meanwhile, in heathendom, https://archive.is/aiaQH << linux 4.xx arbitrary r/w 0day
asciilifeform: 'The bug only affects kernels that have CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE enabled, which is done by a lot of modern distros' << i.e. none of asciilifeform's kernels
asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...'
asciilifeform: and the cucks entertain, https://archive.is/4L8IS >> from one 'Solar Designer' , kernelist, 'However, with CERT involved and with related issues affecting more than just Linux, there was little I could do, short of playing full BOFH and breaking the semi-embargo for everyone. While I think that would have been for the general public's benefit overall, I didn't feel about it strongly enough to actually do it this time. I apologize f
asciilifeform: or letting this happen. (At the same time, I did force another semi-public issue to oss-security right away since that one didn't involve coordination with so many parties.)'
asciilifeform: for non-expert entomologists : the perps ( i dun distinguish b/w 'bug'-inserters and coverup-artists ) ~continue~ to spew the squid ink where the patch is disguised as 'for denial of service bug' rather than arbitrary r/w -- despite the cat being out of the bag for nearly whole day nao
asciilifeform: 'responsible disclosure'(tm)(r), didjaknow.
asciilifeform: ( consists, in practice, of regular warm, wet kisses from usg.nsa straight into mouths of folx still using 'modern distros' , followed up by generous cocktail of obfuscatory lies to the public , then exposure, then the usual fudstorm to try an' keep the ruse alive for a bonus day or three )
asciilifeform: BingoBoingo: i gotta step into meatspace for a spell, see #p log for next instruction
mod6: <+asciilifeform> mod6: new rk kernel baked, tested, worx. << nice! thanks for baking.
asciilifeform: mod6: http://p.bvulpes.com/pastes/0bETd/?raw=true
asciilifeform: mod6: plox to test and confirm.
mod6: Ok will check it out when I can.
asciilifeform: mod6: it's simply the launch codes for rk 'C' ( previously occupied by mats ) , it is ready for new user.
mod6: Ah, thanks alf. Much appreciated.
asciilifeform: in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.'
asciilifeform: 'Like I said, what we're supporting with (linux-)distros is a certain kind of "selective disclosure".'
asciilifeform: ( for folx who dun feel like digging through that particular latrine pit -- they have an explicit '14 day embargo' to give nsa time to drill new holes into victims )
BingoBoingo: So on this third day of baking, the dough may become a pizza crust instead of a bread. We'll see after incoming Qntra
deedbot: http://qntra.net/2018/08/emergency-wireless-gateways-making-holes-in-substantial-numbers-of-usg-assets/ << Qntra - "Emergency" Wireless Gateways Making Holes in Substantial Numbers Of USG Assets
asciilifeform: in other lulz, 'The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations.'
asciilifeform: Run Moar Googlelade.
asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc.
BingoBoingo: lol
asciilifeform: meanwhile, in castles, http://logs.bvulpes.com/asciilifeform?d=2018-8-9#411725 << thread of interest to phuctor readership
mimisbrunnr: Logged on 2018-08-09 21:08 mats: fun
asciilifeform: about half of the 1st ( of 24!) parcel of 27M keyz from mats , eaten up nao. by end of next wk, will grind.
asciilifeform: ( eater is order of magnitude faster today than last yr, but still slowest component )
mircea_popescu: asciilifeform any pops ?
mircea_popescu: http://btcbase.org/log/2018-08-09#1840430 << very nice ; and could drop a "IP not known" on failure, sure.☝︎
a111: Logged on 2018-08-09 08:47 spyked: ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this.
mircea_popescu: http://btcbase.org/log/2018-08-08#1840385 << hurr. idiots.☝︎
a111: Logged on 2018-08-08 17:04 asciilifeform: 'The security researcher also recommended we consider using GPG signing for Homebrew/homebrew-core. The Homebrew project leadership committee took a vote on this and it was rejected non-unanimously due to workflow concerns.'
mircea_popescu: their fucking "workflow". as if anyone "working" for github ever did any work.
mircea_popescu: http://btcbase.org/log/2018-08-08#1840398 << let me guess, argentine national.☝︎
a111: Logged on 2018-08-08 17:32 ben_vulpes: inserter-between-in-chief
mircea_popescu: !S ssh 106.242.174.238
mircea_popescu: !S ssh 115.84.92.92
spykedbot: SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
mircea_popescu: http://btcbase.org/log/2018-08-09#1840435 << useful in more than one way, actually ; we've had cases before where people dig'd by hand to see whether dns problem local or what.☝︎
a111: Logged on 2018-08-09 14:29 jurov: yes, extra dns resolution could prove useful
mircea_popescu: http://btcbase.org/log/2018-08-09#1840439 << or whether someone somewhere doesn't have cloudflare drop'd☝︎
a111: Logged on 2018-08-09 14:53 asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q )
mircea_popescu: for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers.
mircea_popescu: tsk. turns out spykedbot does not actually answer in pm ;/
mircea_popescu apologizes for teh incoming spam.
mircea_popescu: !S ssh 106.242.174.238
mircea_popescu: !S ssh 106.84.44.243
mircea_popescu: !S ssh 106.87.14.22
mircea_popescu: !S ssh 110.9.75.121
mircea_popescu: !S ssh 112.171.197.223
mircea_popescu: !S ssh 113.169.16.251
mircea_popescu: !S ssh 113.173.165.248
mircea_popescu: !S ssh 113.179.70.53
mircea_popescu: !S ssh 113.195.163.247
mircea_popescu: !S ssh 114.205.80.49
mircea_popescu: !S ssh 114.67.143.10
mircea_popescu: !S ssh 115.49.57.28
mircea_popescu: !S ssh 115.84.92.92
spykedbot: SSH banner of 114.67.143.10: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
mircea_popescu: !S ssh 117.196.233.112
spykedbot: SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 117.7.182.97
mircea_popescu: !S ssh 118.69.64.157
mircea_popescu: !S ssh 119.195.172.233
mircea_popescu: !S ssh 119.207.206.122
mircea_popescu: !S ssh 119.42.81.39
mircea_popescu: !S ssh 119.42.86.179
mircea_popescu: !S ssh 121.129.179.28
mircea_popescu: !S ssh 121.130.237.112
mircea_popescu: !S ssh 121.140.73.245
mircea_popescu: !S ssh 121.167.20.54
mircea_popescu: !S ssh 121.55.180.50
mircea_popescu: !S ssh 122.130.80.150
mircea_popescu: !S ssh 122.179.50.205
mircea_popescu: !S ssh 122.225.94.226
spykedbot: SSH banner of 122.225.94.226: SSH-1.99-OpenSSH_3.7.1p2
mircea_popescu: !S ssh 123.21.14.197
mircea_popescu: !S ssh 123.21.165.68
mircea_popescu: !S ssh 123.21.229.66
mircea_popescu: !S ssh 123.28.232.86
mircea_popescu: !S ssh 125.132.47.77
mircea_popescu: !S ssh 125.86.179.173
mircea_popescu: !S ssh 128.0.12.139
spykedbot: SSH banner of 128.0.12.139: SSH-1.99-OpenSSH_5.1
mircea_popescu: !S ssh 14.100.10.86
mircea_popescu: !S ssh 14.169.218.153
mircea_popescu: !S ssh 14.187.228.175
spykedbot: SSH banner of 14.187.228.175: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 14.32.233.240
mircea_popescu: !S ssh 143.255.154.52
spykedbot: SSH banner of 143.255.154.52: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 143.255.154.65
spykedbot: SSH banner of 143.255.154.65: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 143.255.155.51
spykedbot: SSH banner of 143.255.155.51: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 146.115.241.104
mircea_popescu: !S ssh 149.71.237.206
mircea_popescu: !S ssh 156.194.216.250
mircea_popescu: !S ssh 156.213.183.52
mircea_popescu: !S ssh 159.192.248.185
mircea_popescu: !S ssh 173.245.202.70
mircea_popescu: !S ssh 175.115.29.17
mircea_popescu: !S ssh 175.122.60.179
mircea_popescu: !S ssh 175.127.155.212
mircea_popescu: !S ssh 175.194.18.167
mircea_popescu: !S ssh 175.204.176.181
mircea_popescu: !S ssh 179.39.225.64
mircea_popescu: !S ssh 180.101.125.226
spykedbot: SSH banner of 180.101.125.226: SSH-2.0-OpenSSH_6.6.1
mircea_popescu: !S ssh 180.93.110.100
mircea_popescu: !S ssh 181.105.2.222
mircea_popescu: !S ssh 182.72.180.58
mircea_popescu: !S ssh 186.178.75.194
mircea_popescu: !S ssh 186.223.65.189
mircea_popescu: !S ssh 186.47.170.45
spykedbot: SSH banner of 186.47.170.45: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 188.255.132.97
spykedbot: SSH banner of 188.255.132.97: SSH-2.0-dropbear_2014.63
mircea_popescu: !S ssh 189.110.232.164
mircea_popescu: !S ssh 190.3.49.221
spykedbot: SSH banner of 190.3.49.221: SSH-2.0-dropbear_2013.62
mircea_popescu: !S ssh 192.140.93.67
mircea_popescu: !S ssh 197.39.84.100
mircea_popescu: !S ssh 197.41.151.9
mircea_popescu: !S ssh 197.50.31.129
mircea_popescu: !S ssh 197.53.92.104
mircea_popescu: !S ssh 200.5.122.129
spykedbot: SSH banner of 200.5.122.129: SSH-1.99-OpenSSH_5.8
mircea_popescu: !S ssh 200.71.93.77
mircea_popescu: !S ssh 202.58.97.178
spykedbot: SSH banner of 202.58.97.178: SSH-2.0-ROSSSH
mircea_popescu: !S ssh 203.251.62.131
mircea_popescu: !S ssh 203.81.155.53
mircea_popescu: !S ssh 205.185.223.162
mircea_popescu: !S ssh 209.107.210.162
mircea_popescu: !S ssh 209.107.214.95
mircea_popescu: !S ssh 209.197.30.231
mircea_popescu: !S ssh 210.96.184.134
mircea_popescu: !S ssh 211.209.60.145
mircea_popescu: !S ssh 213.242.26.225
mircea_popescu: !S ssh 216.151.183.64
mircea_popescu: !S ssh 219.255.51.23
mircea_popescu: !S ssh 221.156.54.207
mircea_popescu: !S ssh 31.131.122.188
mircea_popescu: !S ssh 31.148.232.210
mircea_popescu: !S ssh 31.45.134.254
mircea_popescu: !S ssh 32.212.87.18
mircea_popescu: !S ssh 37.245.139.74
mircea_popescu: !S ssh 41.210.24.47
mircea_popescu: !S ssh 41.235.243.110
mircea_popescu: !S ssh 5.152.157.238
mircea_popescu: !S ssh 58.238.124.19
mircea_popescu: !S ssh 58.82.130.170
mircea_popescu: http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos.☝︎
a111: Logged on 2018-08-09 16:14 asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...'
mircea_popescu: anyway. dropbear_2013.62 worth a looksee ?