Forum logs for 09 Aug 2018
| spyked: | !S ssh github.com | [04:45] |
| spykedbot: | SSH banner of github.com: SSH-2.0-libssh_0.7.0 | [04:45] |
| spyked: | !S ssh 197.53.92.104 | [04:45] |
| spyked: | !S ssh 115.84.92.92 | [04:45] |
| spykedbot: | SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 | [04:45] |
| spyked: | ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this. | [04:47] |
| jurov: | spyked: when querying via DNS, perhaps show the IP address, too? | [10:05] |
| jurov: | and github.com resolves to two IPs (but that'd be perhaps too complicated to implement) | [10:06] |
| spyked: | jurov, thanks for the idea! sbcl's resolver (sb-bsd-sockets:get-host-by-name) returns both addresses on my machine, but querying each of them for the banner might break the one-response-per-command rule (I could try to string them all together in one response, but I find that ugly). so maybe I could add DNS resolution as a separate command? | [10:17] |
| spyked: | some tests using sbcl, for reference: http://p.bvulpes.com/pastes/lMcV9/?raw=true | [10:20] |
| jurov: | yes, extra dns resolution could prove useful | [10:29] |
| jurov: | in the light of https://archive.is/PLWLd | [10:32] |
| jurov: | while !S can be kept as is, only show the one IP banner is from. | [10:36] |
| asciilifeform: | 'Mozilla wants to override any configured DNS server with Cloudflare' << pretty lulzy | [10:53] |
| asciilifeform: | ( nao whether somebody, somewhere, still uses recent mozilla, is separate q ) | [10:53] |
| asciilifeform: | mod6: new rk kernel baked, tested, worx. | [10:53] |
| BingoBoingo: | asciilifeform: Ready for the swappy dance? | [10:57] |
| asciilifeform: | BingoBoingo: zipping up kernel, will ping you | [10:57] |
| BingoBoingo: | Standing by | [10:57] |
| asciilifeform: | BingoBoingo: ok to swap | [11:17] |
| BingoBoingo: | asciilifeform: Alright, walking over | [11:17] |
| BingoBoingo: | Drive C is in Dulap | [11:37] |
| asciilifeform: | ty | [11:37] |
| asciilifeform: | snapshotting nao | [11:39] |
| BingoBoingo: | Standing by | [11:39] |
| asciilifeform: | BingoBoingo: ok to remove and boot C back up | [11:48] |
| asciilifeform: | BingoBoingo: you mentioned that you want yours reimaged ? didja back up the thing ? | [11:48] |
| BingoBoingo: | asciilifeform: I have the stuff I need off of it. | [11:49] |
| asciilifeform: | BingoBoingo: incl any /etc configolade ? | [11:49] |
| asciilifeform: | it'll all vanish | [11:49] |
| asciilifeform: | if this worx for you, go ahead and move your drive over to dulap | [11:49] |
| asciilifeform: | which unit were you again ? 'E' ? | [11:50] |
| BingoBoingo: | F | [11:50] |
| asciilifeform: | ok | [11:50] |
| BingoBoingo: | C is back | [11:50] |
| asciilifeform: | lemme know when F's disk is in | [11:50] |
| BingoBoingo: | <asciilifeform> BingoBoingo: incl any /etc configolade ? << I have my custom stuff. F is in | [11:51] |
| asciilifeform: | ok, this'll take 20-30min, can go eat | [11:51] |
| BingoBoingo: | tyvm | [11:51] |
| asciilifeform: | BingoBoingo: let's take the rest of this to #p, to reduce log pollution. ping me there when you get back. | [11:54] |
| asciilifeform: | meanwhile, in heathendom, https://archive.is/aiaQH << linux 4.xx arbitrary r/w 0day | [12:12] |
| asciilifeform: | 'The bug only affects kernels that have CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE enabled, which is done by a lot of modern distros' << i.e. none of asciilifeform's kernels | [12:13] |
| asciilifeform: | but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...' | [12:14] |
| asciilifeform: | and the cucks entertain, https://archive.is/4L8IS >> from one 'Solar Designer' , kernelist, 'However, with CERT involved and with related issues affecting more than just Linux, there was little I could do, short of playing full BOFH and breaking the semi-embargo for everyone. While I think that would have been for the general public's benefit overall, I didn't feel about it strongly enough to actually do it this time. I apologize f | [12:16] |
| asciilifeform: | or letting this happen. (At the same time, I did force another semi-public issue to oss-security right away since that one didn't involve coordination with so many parties.)' | [12:16] |
| asciilifeform: | for non-expert entomologists : the perps ( i dun distinguish b/w 'bug'-inserters and coverup-artists ) ~continue~ to spew the squid ink where the patch is disguised as 'for denial of service bug' rather than arbitrary r/w -- despite the cat being out of the bag for nearly whole day nao | [12:20] |
| asciilifeform: | 'responsible disclosure'(tm)(r), didjaknow. | [12:22] |
| asciilifeform: | ( consists, in practice, of regular warm, wet kisses from usg.nsa straight into mouths of folx still using 'modern distros' , followed up by generous cocktail of obfuscatory lies to the public , then exposure, then the usual fudstorm to try an' keep the ruse alive for a bonus day or three ) | [12:24] |
| asciilifeform: | BingoBoingo: i gotta step into meatspace for a spell, see #p log for next instruction | [12:27] |
| mod6: | <+asciilifeform> mod6: new rk kernel baked, tested, worx. << nice! thanks for baking. | [12:45] |
| asciilifeform: | mod6: http://p.bvulpes.com/pastes/0bETd/?raw=true | [12:49] |
| asciilifeform: | mod6: plox to test and confirm. | [12:49] |
| mod6: | Ok will check it out when I can. | [13:11] |
| asciilifeform: | mod6: it's simply the launch codes for rk 'C' ( previously occupied by mats ) , it is ready for new user. | [14:09] |
| mod6: | Ah, thanks alf. Much appreciated. | [14:22] |
| asciilifeform: | in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.' | [15:31] |
| asciilifeform: | 'Like I said, what we're supporting with (linux-)distros is a certain kind of "selective disclosure".' | [15:31] |
| asciilifeform: | ( for folx who dun feel like digging through that particular latrine pit -- they have an explicit '14 day embargo' to give nsa time to drill new holes into victims ) | [15:35] |
| BingoBoingo: | So on this third day of baking, the dough may become a pizza crust instead of a bread. We'll see after incoming Qntra | [15:35] |
| deedbot: | http://qntra.net/2018/08/emergency-wireless-gateways-making-holes-in-substantial-numbers-of-usg-assets/ << Qntra - "Emergency" Wireless Gateways Making Holes in Substantial Numbers Of USG Assets | [15:53] |
| asciilifeform: | in other lulz, 'The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations.' | [17:07] |
| asciilifeform: | Run Moar Googlelade. | [17:08] |
| asciilifeform: | 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc. | [17:08] |
| BingoBoingo: | lol | [17:36] |
| asciilifeform: | meanwhile, in castles, http://logs.bvulpes.com/asciilifeform?d=2018-8-9#411725 << thread of interest to phuctor readership | [17:46] |
| mimisbrunnr: | Logged on 2018-08-09 21:08 mats: fun | [17:46] |
| asciilifeform: | about half of the 1st ( of 24!) parcel of 27M keyz from mats , eaten up nao. by end of next wk, will grind. | [17:53] |
| asciilifeform: | ( eater is order of magnitude faster today than last yr, but still slowest component ) | [17:54] |
| mircea_popescu: | asciilifeform any pops ? | [19:29] |
| mircea_popescu: | http://trilema.com/forum-logs-for-09-aug-2018#2464658 << very nice and could drop a "IP not known" on failure, sure. | [19:34] |
| a111: | Logged on 2018-08-09 08:47 spyked: ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this. | [19:34] |
| mircea_popescu: | http://btcbase.org/log/2018-08-08#1840385 << hurr. idiots. | [19:35] |
| a111: | Logged on 2018-08-08 17:04 asciilifeform: 'The security researcher also recommended we consider using GPG signing for Homebrew/homebrew-core. The Homebrew project leadership committee took a vote on this and it was rejected non-unanimously due to workflow concerns.' | [19:35] |
| mircea_popescu: | their fucking "workflow". as if anyone "working" for github ever did any work. | [19:35] |
| mircea_popescu: | http://btcbase.org/log/2018-08-08#1840398 << let me guess, argentine national. | [19:37] |
| a111: | Logged on 2018-08-08 17:32 ben_vulpes: inserter-between-in-chief | [19:37] |
| mircea_popescu: | !S ssh 106.242.174.238 | [19:50] |
| mircea_popescu: | !S ssh 115.84.92.92 | [19:51] |
| spykedbot: | SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 | [19:51] |
| mircea_popescu: | http://btcbase.org/log/2018-08-09#1840435 << useful in more than one way, actually we've had cases before where people dig'd by hand to see whether dns problem local or what. | [19:51] |
| a111: | Logged on 2018-08-09 14:29 jurov: yes, extra dns resolution could prove useful | [19:51] |
| mircea_popescu: | http://btcbase.org/log/2018-08-09#1840439 << or whether someone somewhere doesn't have cloudflare drop'd | [19:51] |
| a111: | Logged on 2018-08-09 14:53 asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q ) | [19:51] |
| mircea_popescu: | for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers. | [19:52] |
| mircea_popescu: | tsk. turns out spykedbot does not actually answer in pm / | [19:53] |
| * mircea_popescu | apologizes for teh incoming spam. | [19:53] |
| mircea_popescu: | !S ssh 106.242.174.238 | [19:53] |
| mircea_popescu: | !S ssh 106.84.44.243 | [19:53] |
| mircea_popescu: | !S ssh 106.87.14.22 | [19:53] |
| mircea_popescu: | !S ssh 110.9.75.121 | [19:53] |
| mircea_popescu: | !S ssh 112.171.197.223 | [19:53] |
| mircea_popescu: | !S ssh 113.169.16.251 | [19:53] |
| mircea_popescu: | !S ssh 113.173.165.248 | [19:53] |
| mircea_popescu: | !S ssh 113.179.70.53 | [19:53] |
| mircea_popescu: | !S ssh 113.195.163.247 | [19:53] |
| mircea_popescu: | !S ssh 114.205.80.49 | [19:53] |
| mircea_popescu: | !S ssh 114.67.143.10 | [19:53] |
| mircea_popescu: | !S ssh 115.49.57.28 | [19:53] |
| mircea_popescu: | !S ssh 115.84.92.92 | [19:53] |
| spykedbot: | SSH banner of 114.67.143.10: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 | [19:53] |
| mircea_popescu: | !S ssh 117.196.233.112 | [19:53] |
| spykedbot: | SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 | [19:53] |
| mircea_popescu: | !S ssh 117.7.182.97 | [19:53] |
| mircea_popescu: | !S ssh 118.69.64.157 | [19:54] |
| mircea_popescu: | !S ssh 119.195.172.233 | [19:54] |
| mircea_popescu: | !S ssh 119.207.206.122 | [19:54] |
| mircea_popescu: | !S ssh 119.42.81.39 | [19:54] |
| mircea_popescu: | !S ssh 119.42.86.179 | [19:54] |
| mircea_popescu: | !S ssh 121.129.179.28 | [19:54] |
| mircea_popescu: | !S ssh 121.130.237.112 | [19:54] |
| mircea_popescu: | !S ssh 121.140.73.245 | [19:54] |
| mircea_popescu: | !S ssh 121.167.20.54 | [19:54] |
| mircea_popescu: | !S ssh 121.55.180.50 | [19:54] |
| mircea_popescu: | !S ssh 122.130.80.150 | [19:54] |
| mircea_popescu: | !S ssh 122.179.50.205 | [19:54] |
| mircea_popescu: | !S ssh 122.225.94.226 | [19:54] |
| spykedbot: | SSH banner of 122.225.94.226: SSH-1.99-OpenSSH_3.7.1p2 | [19:54] |
| mircea_popescu: | !S ssh 123.21.14.197 | [19:54] |
| mircea_popescu: | !S ssh 123.21.165.68 | [19:54] |
| mircea_popescu: | !S ssh 123.21.229.66 | [19:54] |
| mircea_popescu: | !S ssh 123.28.232.86 | [19:54] |
| mircea_popescu: | !S ssh 125.132.47.77 | [19:54] |
| mircea_popescu: | !S ssh 125.86.179.173 | [19:54] |
| mircea_popescu: | !S ssh 128.0.12.139 | [19:54] |
| spykedbot: | SSH banner of 128.0.12.139: SSH-1.99-OpenSSH_5.1 | [19:54] |
| mircea_popescu: | !S ssh 14.100.10.86 | [19:54] |
| mircea_popescu: | !S ssh 14.169.218.153 | [19:54] |
| mircea_popescu: | !S ssh 14.187.228.175 | [19:54] |
| spykedbot: | SSH banner of 14.187.228.175: SSH-2.0-dropbear_2013.62 | [19:54] |
| mircea_popescu: | !S ssh 14.32.233.240 | [19:54] |
| mircea_popescu: | !S ssh 143.255.154.52 | [19:54] |
| spykedbot: | SSH banner of 143.255.154.52: SSH-2.0-dropbear_2013.62 | [19:54] |
| mircea_popescu: | !S ssh 143.255.154.65 | [19:54] |
| spykedbot: | SSH banner of 143.255.154.65: SSH-2.0-dropbear_2013.62 | [19:54] |
| mircea_popescu: | !S ssh 143.255.155.51 | [19:54] |
| spykedbot: | SSH banner of 143.255.155.51: SSH-2.0-dropbear_2013.62 | [19:54] |
| mircea_popescu: | !S ssh 146.115.241.104 | [19:54] |
| mircea_popescu: | !S ssh 149.71.237.206 | [19:55] |
| mircea_popescu: | !S ssh 156.194.216.250 | [19:55] |
| mircea_popescu: | !S ssh 156.213.183.52 | [19:55] |
| mircea_popescu: | !S ssh 159.192.248.185 | [19:55] |
| mircea_popescu: | !S ssh 173.245.202.70 | [19:55] |
| mircea_popescu: | !S ssh 175.115.29.17 | [19:55] |
| mircea_popescu: | !S ssh 175.122.60.179 | [19:55] |
| mircea_popescu: | !S ssh 175.127.155.212 | [19:55] |
| mircea_popescu: | !S ssh 175.194.18.167 | [19:55] |
| mircea_popescu: | !S ssh 175.204.176.181 | [19:55] |
| mircea_popescu: | !S ssh 179.39.225.64 | [19:55] |
| mircea_popescu: | !S ssh 180.101.125.226 | [19:55] |
| spykedbot: | SSH banner of 180.101.125.226: SSH-2.0-OpenSSH_6.6.1 | [19:55] |
| mircea_popescu: | !S ssh 180.93.110.100 | [19:55] |
| mircea_popescu: | !S ssh 181.105.2.222 | [19:55] |
| mircea_popescu: | !S ssh 182.72.180.58 | [19:55] |
| mircea_popescu: | !S ssh 186.178.75.194 | [19:55] |
| mircea_popescu: | !S ssh 186.223.65.189 | [19:55] |
| mircea_popescu: | !S ssh 186.47.170.45 | [19:55] |
| spykedbot: | SSH banner of 186.47.170.45: SSH-2.0-dropbear_2013.62 | [19:55] |
| mircea_popescu: | !S ssh 188.255.132.97 | [19:55] |
| spykedbot: | SSH banner of 188.255.132.97: SSH-2.0-dropbear_2014.63 | [19:55] |
| mircea_popescu: | !S ssh 189.110.232.164 | [19:55] |
| mircea_popescu: | !S ssh 190.3.49.221 | [19:55] |
| spykedbot: | SSH banner of 190.3.49.221: SSH-2.0-dropbear_2013.62 | [19:55] |
| mircea_popescu: | !S ssh 192.140.93.67 | [19:55] |
| mircea_popescu: | !S ssh 197.39.84.100 | [19:55] |
| mircea_popescu: | !S ssh 197.41.151.9 | [19:55] |
| mircea_popescu: | !S ssh 197.50.31.129 | [19:55] |
| mircea_popescu: | !S ssh 197.53.92.104 | [19:55] |
| mircea_popescu: | !S ssh 200.5.122.129 | [19:55] |
| spykedbot: | SSH banner of 200.5.122.129: SSH-1.99-OpenSSH_5.8 | [19:55] |
| mircea_popescu: | !S ssh 200.71.93.77 | [19:55] |
| mircea_popescu: | !S ssh 202.58.97.178 | [19:56] |
| spykedbot: | SSH banner of 202.58.97.178: SSH-2.0-ROSSSH | [19:56] |
| mircea_popescu: | !S ssh 203.251.62.131 | [19:56] |
| mircea_popescu: | !S ssh 203.81.155.53 | [19:56] |
| mircea_popescu: | !S ssh 205.185.223.162 | [19:56] |
| mircea_popescu: | !S ssh 209.107.210.162 | [19:56] |
| mircea_popescu: | !S ssh 209.107.214.95 | [19:56] |
| mircea_popescu: | !S ssh 209.197.30.231 | [19:56] |
| mircea_popescu: | !S ssh 210.96.184.134 | [19:56] |
| mircea_popescu: | !S ssh 211.209.60.145 | [19:56] |
| mircea_popescu: | !S ssh 213.242.26.225 | [19:56] |
| mircea_popescu: | !S ssh 216.151.183.64 | [19:56] |
| mircea_popescu: | !S ssh 219.255.51.23 | [19:56] |
| mircea_popescu: | !S ssh 221.156.54.207 | [19:56] |
| mircea_popescu: | !S ssh 31.131.122.188 | [19:56] |
| mircea_popescu: | !S ssh 31.148.232.210 | [19:56] |
| mircea_popescu: | !S ssh 31.45.134.254 | [19:56] |
| mircea_popescu: | !S ssh 32.212.87.18 | [19:56] |
| mircea_popescu: | !S ssh 37.245.139.74 | [19:56] |
| mircea_popescu: | !S ssh 41.210.24.47 | [19:56] |
| mircea_popescu: | !S ssh 41.235.243.110 | [19:56] |
| mircea_popescu: | !S ssh 5.152.157.238 | [19:56] |
| mircea_popescu: | !S ssh 58.238.124.19 | [19:56] |
| mircea_popescu: | !S ssh 58.82.130.170 | [19:56] |
| mircea_popescu: | http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos. | [19:56] |
| a111: | Logged on 2018-08-09 16:14 asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...' | [19:56] |
| mircea_popescu: | anyway. dropbear_2013.62 worth a looksee ? | [19:57] |
| mircea_popescu: | http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr. | [20:00] |
| a111: | Logged on 2018-08-09 19:31 asciilifeform: in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.' | [20:00] |
| mircea_popescu: | http://btcbase.org/log/2018-08-09#1840487 << and i'm sure http://trilema.com/2016/and-they-wont-fucking-yield/ "we" have to "explain" why some randos calling themselves names aren't the names they chose but the names we chose. | [20:02] |
| a111: | Logged on 2018-08-09 21:08 asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc. | [20:02] |
| asciilifeform: | ohai mircea_popescu ! wb. | [20:04] |
| * asciilifeform | eats log.. | [20:04] |
| asciilifeform: | http://btcbase.org/log/2018-08-09#1840493 << i'ma fire'em 1 full parcel at a time ( i.e. weekly ) output will ( per trinque's earlier note ) land in #asciilifeform for all interested. | [20:05] |
| a111: | Logged on 2018-08-09 23:29 mircea_popescu: asciilifeform any pops ? | [20:05] |
| asciilifeform: | at current rate , 1st parcel oughta be fully eaten by monday | [20:06] |
| asciilifeform: | http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4 | [20:07] |
| a111: | Logged on 2018-08-09 23:52 mircea_popescu: for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers. | [20:07] |
| asciilifeform: | http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367 | [20:08] |
| a111: | Logged on 2018-08-09 23:56 spykedbot: SSH banner of 202.58.97.178: SSH-2.0-ROSSSH | [20:08] |
| asciilifeform: | http://btcbase.org/log/2018-08-09#1840619 << would be lulzy to watch the scorpion sting itself, tho | [20:11] |
| a111: | Logged on 2018-08-09 23:56 mircea_popescu: http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos. | [20:11] |
| asciilifeform: | http://btcbase.org/log/2018-08-09#1840621 << a random sampling of your dropbears reveals them to huawei ( e.g. 143.255.155.51 is a HG8247H , 14.187.228.175 -- a HG8045A ) , and ubiquiti ( 188.255.132.97 -- 'air os' ) | [20:18] |
| a111: | Logged on 2018-08-09 23:57 mircea_popescu: anyway. dropbear_2013.62 worth a looksee ? | [20:18] |
| asciilifeform: | with working www-facing admin prompts | [20:18] |
| asciilifeform: | 143.255.154.65 -- HG8247H | [20:19] |
| asciilifeform: | and they're ~all in orcistans, argentina, vietnam, etc | [20:19] |
| asciilifeform: | and pretty busy bees -- loading the admin prompt takes almost whole minute for some of these | [20:20] |
| * asciilifeform | suspects the most elementary default creds shitrouter worm | [20:20] |
| asciilifeform: | http://btcbase.org/log/2018-08-10#1840631 << btw i dun have'em all unpacked yet, but estimate the net weight to be somewhere b/w 300 and 500 mil. rsa mods | [20:22] |
| a111: | Logged on 2018-08-10 00:07 asciilifeform: http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4 | [20:22] |
| asciilifeform: | http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains | [20:26] |
| a111: | Logged on 2018-08-10 00:00 mircea_popescu: http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr. | [20:26] |
| mod6: | http://btcbase.org/log/2018-08-09#1840476 << Ok, Sir! Thanks, looks good :] | [20:27] |
| a111: | Logged on 2018-08-09 16:49 asciilifeform: mod6: plox to test and confirm. | [20:27] |
| asciilifeform: | ty mod6 | [20:27] |
| mod6: | np | [20:27] |
| mod6: | Lords and Ladies: We have a rockchip ready to go! Let us know if interested, details here if you didn't know already: http://pizarroisp.net/pizarro-hosting-rate-sheet/ | [20:28] |
| asciilifeform: | ^ nao with out-of-the-crate iptables support | [20:28] |
| * asciilifeform | doesn't anticipate making any further changes to the pizarro rk kernel, at least while we use same iron | [20:29] |
| asciilifeform: | mod6: iirc there's another unit that will be vacant next wk. it will get same setup. | [20:30] |
| asciilifeform: | ( unless , i suppose , trinque proclaims arm64 cuntoo release b/w nao and then ) | [20:30] |
| mod6: | About 10 days until that one expires, ya. | [20:32] |
| asciilifeform: | aah | [20:32] |
| * mircea_popescu | waves | [20:38] |
| asciilifeform: | how was crocodile central , mircea_popescu ? | [20:39] |
| mircea_popescu: | aactualy arenal is a volcano, no crocs there. | [20:39] |
| asciilifeform: | oh neato | [20:39] |
| mircea_popescu: | however, nude beauties bathe in waterfalls. not a complete loss. | [20:40] |
| * asciilifeform | naively assumed an 'arenal' to be a beach | [20:40] |
| mircea_popescu: | well, there's a lake, and of course jacuzzipools etc. but anyways. | [20:40] |
| mircea_popescu: | in this country water's a safe assumption. if none on the ground, some will coming in via aeropost soon enough. | [20:41] |
| asciilifeform: | it gotta go somewhere, neh. | [20:41] |
| mircea_popescu: | there's also you know, 200m drop bridges and gazebos overlooking miles of jungle and stuff like that. | [20:42] |
| asciilifeform: | i gotta go and see some of this.. | [20:42] |
| mircea_popescu: | i expect you'd enjoy. | [20:43] |
| mod6: | hola mircea_popescu | [20:48] |
| mircea_popescu: | hey hey | [20:48] |
| mod6: | sounds like a serene trip 'eh! | [20:49] |
| mircea_popescu: | pretty good | [20:49] |
| mircea_popescu: | meanwhile the pantsuit wank is overpowering, both odorously and lulzy. "digital divide" for instance ? totally term of pantsuit (idiocy is not an art). | [20:50] |
| asciilifeform: | i had to look that one up, lol | [20:50] |
| mircea_popescu: | http://btcbase.org/log/2018-08-10#1840633 << wowza, we actually have the ssh keys for some of these ? | [20:51] |
| a111: | Logged on 2018-08-10 00:08 asciilifeform: http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367 | [20:51] |
| mod6: | they're fuckin everywhere | [20:51] |
| mircea_popescu: | inb4 tmsr did it | [20:51] |
| asciilifeform: | mircea_popescu: not only do we , but http://logs.bvulpes.com/asciilifeform?d=2018-8-10#411746 ( and elsewhere, earlier ), if can find how they constrained the keyspace, can pop ~all~ of'em | [20:52] |
| mimisbrunnr: | Logged on 2018-08-09 21:21 asciilifeform: if can find the originating booby, can potentially turn half dozen pops, into several 10k. | [20:52] |
| asciilifeform: | elementarily. | [20:52] |
| mircea_popescu: | http://btcbase.org/log/2018-08-10#1840646 << i don't mean that, i mean specifically http://btcbase.org/log/2018-05-22#1816498 part. | [20:52] |
| a111: | Logged on 2018-08-10 00:26 asciilifeform: http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains | [20:52] |
| a111: | Logged on 2018-05-22 05:11 mircea_popescu: this paradigm readily explains the soviet state - "rock and roll" relationship, and moreover that historical accident had a lot to do with why alphabet even ~exists~ today. otherwise, on the naked strength of imaginary "advertising revenue" google is worth ~dozen stackexchanges/slashdots/sourceforges. but, generals always fight last year's war, and so here we are, "bayesian lesswisdom". | [20:52] |
| asciilifeform: | hmm, not sure i get it | [20:53] |
| mircea_popescu: | ummm wtf happened here. | [20:54] |
| mircea_popescu: | http://btcbase.org/log/2018-07-16#1834921 << i mislinked. | [20:54] |
| a111: | Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) b) releases precompiled binaries for allcomers. | [20:54] |
| asciilifeform: | aaa | [20:54] |
| mircea_popescu: | "digital divide" a-ok nao, for reasons (see "code of conduct", i'm sure it explains why they can blather all they want for as long as they do exactly what we say etc) | [20:55] |
| asciilifeform: | mircea_popescu: 'seclist' lulzfest linked specifically for the laugh where some boeck figure loses his shit because some 'traitor' didn't wait the requisite 14days usg wanted etc | [20:58] |
| asciilifeform: | !!up rain2 | [21:00] |
| deedbot: | rain2 voiced for 30 minutes. | [21:00] |
| asciilifeform: | rain2: hello ? | [21:00] |
| rain2: | thanks | [21:00] |
| asciilifeform: | rain2: who are you , and what brings you to #trilema ? | [21:01] |
| rain2: | mircea_popescu | [21:01] |
| asciilifeform: | mircea_popescu: seems like one of yer patients, showing signs of life ! | [21:02] |
| rain2: | this seems very interesting and i want to learn about it | [21:03] |
| mod6: | get in the wot, rent a rockchip, become a start | [21:03] |
| mod6: | *star | [21:03] |
| asciilifeform: | rain2: consider reading The Log , http://btcbase.org/log/ , until he wakes up | [21:04] |
| * mod6 | sales moad - active | [21:04] |
| asciilifeform: | rain2: chances are, more or less any interesting subj you've ever thought about , is somewhere in the log. make use of the search. | [21:05] |
| rain2: | I will! | [21:05] |
| asciilifeform: | rain2: while you have the microphone, want to say something about yerself ? | [21:07] |
| asciilifeform: | on my planet, folx introduce themselves, e.g. 'i am bob and i drive a rubbish truck' | [21:07] |
| asciilifeform: | 'i am joe, and i recycle baby pandas' . etc | [21:08] |
| asciilifeform: | rain2: ... and if you have a www , link it . | [21:10] |
| rain2: | if you like the scheme programming language, i have blogged about it https://rain-1.github.io/scheme | [21:11] |
| rain2: | I think V is cool | [21:12] |
| asciilifeform: | rain2: 'The compiler doesn’t actually emit a sequence of 64 bit words though. It emits a “tokens” which the virtual machine can read in and translate into 64 bit words before they get executed.' << out of curiosity, why didja do this | [21:13] |
| asciilifeform: | why not output threadedcode, a la Forth, directly | [21:14] |
| rain2: | i'm not that good with forth - I want to learn it better but it's difficult. I think if we did output threaded code directly that could be a real improvement | [21:15] |
| trinque: | rain2: by chance is english not your first language? | [21:15] |
| asciilifeform: | rain2: incidentally you will prolly find the recent work by spyked , http://thetarpit.org/posts/y04/074-adalisp-prototype.html + http://btcbase.org/patches/adalisp_genesis , to be of interest | [21:16] |
| rain2: | nice | [21:17] |
| asciilifeform: | rain2: i recommend to register with deedbot : | [21:18] |
| asciilifeform: | !!help | [21:18] |
| deedbot: | http://deedbot.org/help.html | [21:18] |
| asciilifeform: | rain2: ... and then i will rate you , and you will be able to self-voice. | [21:18] |
| * asciilifeform | will bbl | [21:18] |
| rain2: | !!register https://pgp.mit.edu/pks/lookup?op=get&search=0x4CF88D683C827AC8 | [21:19] |
| deedbot: | 891F03D110B58CD7985D5FBB4CF88D683C827AC8 registered as rain2. | [21:19] |
| trinque: | !!rate rain2 1 schemer | [21:20] |
| deedbot: | Get your OTP: http://p.bvulpes.com/pastes/197ss/?raw=true | [21:20] |
| rain2: | thank you | [21:20] |
| trinque: | !!v 0378023FB86518671AAB8A0EFD9E4919E599AAF780052962140933C41F7F052E | [21:21] |
| deedbot: | trinque rated rain2 1 << schemer | [21:21] |
| trinque: | sure thing, you can now pm deedbot !!up | [21:22] |
| rain2: | how are you? | [21:22] |
| trinque: | winding down after a long day yourself? | [21:22] |
| rain2: | yep just poking around online | [21:23] |
| trinque: | you said mp brought you? are you a reader of his blog? | [21:23] |
| mircea_popescu: | trinque i said something in <wsm> kaniini has invited you to join #litepub | [21:23] |
| trinque: | ah ok | [21:24] |
| rain2: | oh he didn't bring me, ifollowed | [21:24] |
| mircea_popescu: | !!up kaniini | [21:25] |
| deedbot: | kaniini voiced for 30 minutes. | [21:25] |
| mircea_popescu: | asciilifeform fellow's about to discover phuctor, i guess. | [21:25] |
| kaniini: | well, i am not surprised by the finding that the keys are weak, given it is embedded shitboxes | [21:25] |
| mircea_popescu: | ~relevant bit being i guess "<kaniini> now that's a nick i haven't seen in a while. there is already https://github.com/kaniini/antissh that pops most of them. this stuff about keys is interesting though" | [21:25] |
| mircea_popescu: | i hope you don't mind the quote. | [21:26] |
| kaniini: | i didn't bother to check the keys yet | [21:26] |
| mircea_popescu: | anyway tmsr has been running a ~yearly survey of the ipv4 space. results are lulzy, likle http://trilema.com/2016/internet-census-2016/ | [21:27] |
| mircea_popescu: | (various other lulzolade, say http://trilema.com/2017/the-incidental-humiliation-of-obamas-clean-energy-policies-marc-andreessens-internet-of-farts-and-other-such-comedic-gold-bricks/ sorta 2nd step from there) | [21:28] |
| kaniini: | i guess, the question is, i wonder if we can check somehow in real time | [21:33] |
| kaniini: | if a key is vulnerable | [21:33] |
| kaniini: | if key is good, then we can skip scanning it | [21:33] |
| kaniini: | a lot of the devices will let you log in anyway, | [21:34] |
| kaniini: | and then it will send something like "Invalid password" | [21:34] |
| kaniini: | but you can open direct-tcpip channels | [21:34] |
| kaniini: | i'd say at least half of the ips i have seen are like that | [21:34] |
| mircea_popescu: | kaniini ~new~ keys are generally queued because the factorization process is somewhat involved. but there's a real time rss in #asciilifeform | [21:38] |
| mircea_popescu: | wtf do you mean "log you in anyway" | [21:39] |
| mircea_popescu: | rain2 say !!up to deedbot in pm, then !!v the string it gives you. | [21:39] |
| rain2: | super! | [21:39] |
| kaniini: | mircea_popescu i mean, it will open a terminal channel and dump you into a login(1) type program, instead of rejecting the password | [21:40] |
| kaniini: | mircea_popescu so from perspective of sshd, you're fully logged in and can do whatever you want | [21:40] |
| mircea_popescu: | jaysus | [21:40] |
| kaniini: | mircea_popescu but you have this worthless terminal channel | [21:41] |
| mircea_popescu: | who does this ? huawei ? all of em ? | [21:41] |
| kaniini: | those are the huaweis | [21:41] |
| kaniini: | mikrotik routeros is thankfully not that bad | [21:41] |
| mircea_popescu: | aha! so that's why they keep popping up. | [21:41] |
| kaniini: | i wonder if checking exponent on these huawei keys will be interesting | [21:42] |
| kaniini: | if they are non-prime that would be an easy thing to check | [21:42] |
| mircea_popescu: | not hard to extract e from pubkey. | [21:43] |
| kaniini: | yeah | [21:43] |
| mircea_popescu: | pretty sure someone published python to do it, even. jurov mebbe ? or spyked ? | [21:43] |
| mircea_popescu: | !!up kaniini | [22:16] |
| deedbot: | kaniini voiced for 30 minutes. | [22:16] |
| mircea_popescu: | hey, got a pgp key ? | [22:16] |
| kaniini: | i don't | [22:17] |
| kaniini: | i can create one i suppose | [22:17] |
| mircea_popescu: | there's no other basis of identity online. people gotta know who they talk to. | [22:19] |
| mircea_popescu: | http://trilema.com/wp-content/uploads/2014/06/mircea_popescu.jpg << like this, you know ? | [22:24] |
| kaniini: | the huaweis use static kexinit data too it seems | [22:26] |
| Mocky: | so in reading the logs I see that musl is a libc which is smaller and stricter than glibc. is there such a thing for c++ standard library or is it not needed? | [23:03] |
| asciilifeform: | Mocky: cpp proggy always rides on libc. witness trb, the orig experiment with musl here. | [23:22] |
| asciilifeform: | !#s rotor | [23:22] |
| a111: | 493 results for "rotor", http://btcbase.org/log-search?q=rotor | [23:22] |
| asciilifeform: | ^ some history. | [23:22] |
| asciilifeform: | http://btcbase.org/log/2018-08-10#1840769 << nonprime e per se dun make for simple break ( tho it tends to go along with other sad, which is why i mark'em in phuctor ) | [23:25] |
| a111: | Logged on 2018-08-10 01:42 kaniini: if they are non-prime that would be an easy thing to check | [23:25] |
| asciilifeform: | http://btcbase.org/log/2018-08-10#1840780 << can't be ~entirely~ static seedturd , or they'd all have exactly same key gotta be something moar along the lines of the debian lulz | [23:26] |
| a111: | Logged on 2018-08-10 02:26 kaniini: the huaweis use static kexinit data too it seems | [23:26] |
| * asciilifeform | bbl,meat | [23:27] |
| mircea_popescu: | asciilifeform entirely possible they actually do, say very narrow keyspace. | [23:52] |
Category: Logs
