Show Idle (>14 d.) Chans
← 2018-08-08 | 2018-08-10 →
04:45 spyked !S ssh github.com
04:45 spykedbot SSH banner of github.com: SSH-2.0-libssh_0.7.0
04:45 spyked !S ssh 197.53.92.104
04:45 spyked !S ssh 115.84.92.92
04:45 spykedbot SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
04:47 spyked ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this.
~ 5 hours 17 minutes ~
10:05 jurov spyked: when querying via DNS, perhaps show the IP address, too?
10:06 jurov and github.com resolves to two IPs (but that'd be perhaps too complicated to implement)
10:17 spyked jurov, thanks for the idea! sbcl's resolver (sb-bsd-sockets:get-host-by-name) returns both addresses on my machine, but querying each of them for the banner might break the one-response-per-command rule (I could try to string them all together in one response, but I find that ugly). so maybe I could add DNS resolution as a separate command?
10:20 spyked some tests using sbcl, for reference: http://p.bvulpes.com/pastes/lMcV9/?raw=true
10:29 jurov yes, extra dns resolution could prove useful
10:32 jurov in the light of https://archive.is/PLWLd
10:36 jurov while !S can be kept as is, only show the one IP banner is from.
~ 16 minutes ~
10:53 asciilifeform 'Mozilla wants to override any configured DNS server with Cloudflare' << pretty lulzy
10:53 asciilifeform ( nao whether somebody, somewhere, still uses recent mozilla, is separate q )
10:53 asciilifeform mod6: new rk kernel baked, tested, worx.
10:57 BingoBoingo asciilifeform: Ready for the swappy dance?
10:57 asciilifeform BingoBoingo: zipping up kernel, will ping you
10:57 BingoBoingo Standing by
~ 19 minutes ~
11:17 asciilifeform BingoBoingo: ok to swap
11:17 BingoBoingo asciilifeform: Alright, walking over
~ 20 minutes ~
11:37 BingoBoingo Drive C is in Dulap
11:37 asciilifeform ty
11:39 asciilifeform snapshotting nao
11:39 BingoBoingo Standing by
11:48 asciilifeform BingoBoingo: ok to remove and boot C back up
11:48 asciilifeform BingoBoingo: you mentioned that you want yours reimaged ? didja back up the thing ?
11:49 BingoBoingo asciilifeform: I have the stuff I need off of it.
11:49 asciilifeform BingoBoingo: incl any /etc configolade ?
11:49 asciilifeform it'll all vanish
11:49 asciilifeform if this worx for you, go ahead and move your drive over to dulap
11:50 asciilifeform which unit were you again ? 'E' ?
11:50 BingoBoingo F
11:50 asciilifeform ok
11:50 BingoBoingo C is back
11:50 asciilifeform lemme know when F's disk is in
11:51 BingoBoingo <asciilifeform> BingoBoingo: incl any /etc configolade ? << I have my custom stuff. F is in
11:51 asciilifeform ok, this'll take 20-30min, can go eat
11:51 BingoBoingo tyvm
11:54 asciilifeform BingoBoingo: let's take the rest of this to #p, to reduce log pollution. ping me there when you get back.
~ 17 minutes ~
12:12 asciilifeform meanwhile, in heathendom, https://archive.is/aiaQH << linux 4.xx arbitrary r/w 0day
12:13 asciilifeform 'The bug only affects kernels that have CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE enabled, which is done by a lot of modern distros' << i.e. none of asciilifeform's kernels
12:14 asciilifeform but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...'
12:16 asciilifeform and the cucks entertain, https://archive.is/4L8IS >> from one 'Solar Designer' , kernelist, 'However, with CERT involved and with related issues affecting more than just Linux, there was little I could do, short of playing full BOFH and breaking the semi-embargo for everyone. While I think that would have been for the general public's benefit overall, I didn't feel about it strongly enough to actually do it this time. I apologize f
12:16 asciilifeform or letting this happen. (At the same time, I did force another semi-public issue to oss-security right away since that one didn't involve coordination with so many parties.)'
12:20 asciilifeform for non-expert entomologists : the perps ( i dun distinguish b/w 'bug'-inserters and coverup-artists ) ~continue~ to spew the squid ink where the patch is disguised as 'for denial of service bug' rather than arbitrary r/w -- despite the cat being out of the bag for nearly whole day nao
12:22 asciilifeform 'responsible disclosure'(tm)(r), didjaknow.
12:24 asciilifeform ( consists, in practice, of regular warm, wet kisses from usg.nsa straight into mouths of folx still using 'modern distros' , followed up by generous cocktail of obfuscatory lies to the public , then exposure, then the usual fudstorm to try an' keep the ruse alive for a bonus day or three )
12:27 asciilifeform BingoBoingo: i gotta step into meatspace for a spell, see #p log for next instruction
~ 18 minutes ~
12:45 mod6 <+asciilifeform> mod6: new rk kernel baked, tested, worx. << nice! thanks for baking.
12:49 asciilifeform mod6: http://p.bvulpes.com/pastes/0bETd/?raw=true
12:49 asciilifeform mod6: plox to test and confirm.
~ 22 minutes ~
13:11 mod6 Ok will check it out when I can.
~ 58 minutes ~
14:09 asciilifeform mod6: it's simply the launch codes for rk 'C' ( previously occupied by mats ) , it is ready for new user.
14:22 mod6 Ah, thanks alf. Much appreciated.
~ 1 hours 9 minutes ~
15:31 asciilifeform in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.'
15:31 asciilifeform 'Like I said, what we're supporting with (linux-)distros is a certain kind of "selective disclosure".'
15:35 asciilifeform ( for folx who dun feel like digging through that particular latrine pit -- they have an explicit '14 day embargo' to give nsa time to drill new holes into victims )
15:35 BingoBoingo So on this third day of baking, the dough may become a pizza crust instead of a bread. We'll see after incoming Qntra
~ 17 minutes ~
15:53 deedbot http://qntra.net/2018/08/emergency-wireless-gateways-making-holes-in-substantial-numbers-of-usg-assets/ << Qntra - "Emergency" Wireless Gateways Making Holes in Substantial Numbers Of USG Assets
~ 1 hours 14 minutes ~
17:07 asciilifeform in other lulz, 'The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations.'
17:08 asciilifeform Run Moar Googlelade.
17:08 asciilifeform 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc.
~ 28 minutes ~
17:36 BingoBoingo lol
17:46 asciilifeform meanwhile, in castles, http://logs.bvulpes.com/asciilifeform?d=2018-8-9#411725 << thread of interest to phuctor readership
17:46 mimisbrunnr Logged on 2018-08-09 21:08 mats: fun
17:53 asciilifeform about half of the 1st ( of 24!) parcel of 27M keyz from mats , eaten up nao. by end of next wk, will grind.
17:54 asciilifeform ( eater is order of magnitude faster today than last yr, but still slowest component )
~ 1 hours 35 minutes ~
19:29 mircea_popescu asciilifeform any pops ?
19:34 mircea_popescu http://btcbase.org/log/2018-08-09#1840430 << very nice ; and could drop a "IP not known" on failure, sure.
19:34 a111 Logged on 2018-08-09 08:47 spyked: ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this.
19:35 mircea_popescu http://btcbase.org/log/2018-08-08#1840385 << hurr. idiots.
19:35 a111 Logged on 2018-08-08 17:04 asciilifeform: 'The security researcher also recommended we consider using GPG signing for Homebrew/homebrew-core. The Homebrew project leadership committee took a vote on this and it was rejected non-unanimously due to workflow concerns.'
19:35 mircea_popescu their fucking "workflow". as if anyone "working" for github ever did any work.
19:37 mircea_popescu http://btcbase.org/log/2018-08-08#1840398 << let me guess, argentine national.
19:37 a111 Logged on 2018-08-08 17:32 ben_vulpes: inserter-between-in-chief
19:50 mircea_popescu !S ssh 106.242.174.238
19:51 mircea_popescu !S ssh 115.84.92.92
19:51 spykedbot SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
19:51 mircea_popescu http://btcbase.org/log/2018-08-09#1840435 << useful in more than one way, actually ; we've had cases before where people dig'd by hand to see whether dns problem local or what.
19:51 a111 Logged on 2018-08-09 14:29 jurov: yes, extra dns resolution could prove useful
19:51 mircea_popescu http://btcbase.org/log/2018-08-09#1840439 << or whether someone somewhere doesn't have cloudflare drop'd
19:51 a111 Logged on 2018-08-09 14:53 asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q )
19:52 mircea_popescu for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers.
19:53 mircea_popescu tsk. turns out spykedbot does not actually answer in pm ;/
19:53 * mircea_popescu apologizes for teh incoming spam.
19:53 mircea_popescu !S ssh 106.242.174.238
19:53 mircea_popescu !S ssh 106.84.44.243
19:53 mircea_popescu !S ssh 106.87.14.22
19:53 mircea_popescu !S ssh 110.9.75.121
19:53 mircea_popescu !S ssh 112.171.197.223
19:53 mircea_popescu !S ssh 113.169.16.251
19:53 mircea_popescu !S ssh 113.173.165.248
19:53 mircea_popescu !S ssh 113.179.70.53
19:53 mircea_popescu !S ssh 113.195.163.247
19:53 mircea_popescu !S ssh 114.205.80.49
19:53 mircea_popescu !S ssh 114.67.143.10
19:53 mircea_popescu !S ssh 115.49.57.28
19:53 mircea_popescu !S ssh 115.84.92.92
19:53 spykedbot SSH banner of 114.67.143.10: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
19:53 mircea_popescu !S ssh 117.196.233.112
19:53 spykedbot SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62
19:53 mircea_popescu !S ssh 117.7.182.97
19:54 mircea_popescu !S ssh 118.69.64.157
19:54 mircea_popescu !S ssh 119.195.172.233
19:54 mircea_popescu !S ssh 119.207.206.122
19:54 mircea_popescu !S ssh 119.42.81.39
19:54 mircea_popescu !S ssh 119.42.86.179
19:54 mircea_popescu !S ssh 121.129.179.28
19:54 mircea_popescu !S ssh 121.130.237.112
19:54 mircea_popescu !S ssh 121.140.73.245
19:54 mircea_popescu !S ssh 121.167.20.54
19:54 mircea_popescu !S ssh 121.55.180.50
19:54 mircea_popescu !S ssh 122.130.80.150
19:54 mircea_popescu !S ssh 122.179.50.205
19:54 mircea_popescu !S ssh 122.225.94.226
19:54 spykedbot SSH banner of 122.225.94.226: SSH-1.99-OpenSSH_3.7.1p2
19:54 mircea_popescu !S ssh 123.21.14.197
19:54 mircea_popescu !S ssh 123.21.165.68
19:54 mircea_popescu !S ssh 123.21.229.66
19:54 mircea_popescu !S ssh 123.28.232.86
19:54 mircea_popescu !S ssh 125.132.47.77
19:54 mircea_popescu !S ssh 125.86.179.173
19:54 mircea_popescu !S ssh 128.0.12.139
19:54 spykedbot SSH banner of 128.0.12.139: SSH-1.99-OpenSSH_5.1
19:54 mircea_popescu !S ssh 14.100.10.86
19:54 mircea_popescu !S ssh 14.169.218.153
19:54 mircea_popescu !S ssh 14.187.228.175
19:54 spykedbot SSH banner of 14.187.228.175: SSH-2.0-dropbear_2013.62
19:54 mircea_popescu !S ssh 14.32.233.240
19:54 mircea_popescu !S ssh 143.255.154.52
19:54 spykedbot SSH banner of 143.255.154.52: SSH-2.0-dropbear_2013.62
19:54 mircea_popescu !S ssh 143.255.154.65
19:54 spykedbot SSH banner of 143.255.154.65: SSH-2.0-dropbear_2013.62
19:54 mircea_popescu !S ssh 143.255.155.51
19:54 spykedbot SSH banner of 143.255.155.51: SSH-2.0-dropbear_2013.62
19:54 mircea_popescu !S ssh 146.115.241.104
19:55 mircea_popescu !S ssh 149.71.237.206
19:55 mircea_popescu !S ssh 156.194.216.250
19:55 mircea_popescu !S ssh 156.213.183.52
19:55 mircea_popescu !S ssh 159.192.248.185
19:55 mircea_popescu !S ssh 173.245.202.70
19:55 mircea_popescu !S ssh 175.115.29.17
19:55 mircea_popescu !S ssh 175.122.60.179
19:55 mircea_popescu !S ssh 175.127.155.212
19:55 mircea_popescu !S ssh 175.194.18.167
19:55 mircea_popescu !S ssh 175.204.176.181
19:55 mircea_popescu !S ssh 179.39.225.64
19:55 mircea_popescu !S ssh 180.101.125.226
19:55 spykedbot SSH banner of 180.101.125.226: SSH-2.0-OpenSSH_6.6.1
19:55 mircea_popescu !S ssh 180.93.110.100
19:55 mircea_popescu !S ssh 181.105.2.222
19:55 mircea_popescu !S ssh 182.72.180.58
19:55 mircea_popescu !S ssh 186.178.75.194
19:55 mircea_popescu !S ssh 186.223.65.189
19:55 mircea_popescu !S ssh 186.47.170.45
19:55 spykedbot SSH banner of 186.47.170.45: SSH-2.0-dropbear_2013.62
19:55 mircea_popescu !S ssh 188.255.132.97
19:55 spykedbot SSH banner of 188.255.132.97: SSH-2.0-dropbear_2014.63
19:55 mircea_popescu !S ssh 189.110.232.164
19:55 mircea_popescu !S ssh 190.3.49.221
19:55 spykedbot SSH banner of 190.3.49.221: SSH-2.0-dropbear_2013.62
19:55 mircea_popescu !S ssh 192.140.93.67
19:55 mircea_popescu !S ssh 197.39.84.100
19:55 mircea_popescu !S ssh 197.41.151.9
19:55 mircea_popescu !S ssh 197.50.31.129
19:55 mircea_popescu !S ssh 197.53.92.104
19:55 mircea_popescu !S ssh 200.5.122.129
19:55 spykedbot SSH banner of 200.5.122.129: SSH-1.99-OpenSSH_5.8
19:55 mircea_popescu !S ssh 200.71.93.77
19:56 mircea_popescu !S ssh 202.58.97.178
19:56 spykedbot SSH banner of 202.58.97.178: SSH-2.0-ROSSSH
19:56 mircea_popescu !S ssh 203.251.62.131
19:56 mircea_popescu !S ssh 203.81.155.53
19:56 mircea_popescu !S ssh 205.185.223.162
19:56 mircea_popescu !S ssh 209.107.210.162
19:56 mircea_popescu !S ssh 209.107.214.95
19:56 mircea_popescu !S ssh 209.197.30.231
19:56 mircea_popescu !S ssh 210.96.184.134
19:56 mircea_popescu !S ssh 211.209.60.145
19:56 mircea_popescu !S ssh 213.242.26.225
19:56 mircea_popescu !S ssh 216.151.183.64
19:56 mircea_popescu !S ssh 219.255.51.23
19:56 mircea_popescu !S ssh 221.156.54.207
19:56 mircea_popescu !S ssh 31.131.122.188
19:56 mircea_popescu !S ssh 31.148.232.210
19:56 mircea_popescu !S ssh 31.45.134.254
19:56 mircea_popescu !S ssh 32.212.87.18
19:56 mircea_popescu !S ssh 37.245.139.74
19:56 mircea_popescu !S ssh 41.210.24.47
19:56 mircea_popescu !S ssh 41.235.243.110
19:56 mircea_popescu !S ssh 5.152.157.238
19:56 mircea_popescu !S ssh 58.238.124.19
19:56 mircea_popescu !S ssh 58.82.130.170
19:56 mircea_popescu http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos.
19:56 a111 Logged on 2018-08-09 16:14 asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...'
19:57 mircea_popescu anyway. dropbear_2013.62 worth a looksee ?
20:00 mircea_popescu http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr.
20:00 a111 Logged on 2018-08-09 19:31 asciilifeform: in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.'
20:02 mircea_popescu http://btcbase.org/log/2018-08-09#1840487 << and i'm sure http://trilema.com/2016/and-they-wont-fucking-yield/ "we" have to "explain" why some randos calling themselves names aren't the names they chose but the names we chose.
20:02 a111 Logged on 2018-08-09 21:08 asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc.
20:04 asciilifeform ohai mircea_popescu ! wb.
20:04 * asciilifeform eats log..
20:05 asciilifeform http://btcbase.org/log/2018-08-09#1840493 << i'ma fire'em 1 full parcel at a time ( i.e. weekly ) ; output will ( per trinque's earlier note ) land in #asciilifeform for all interested.
20:05 a111 Logged on 2018-08-09 23:29 mircea_popescu: asciilifeform any pops ?
20:06 asciilifeform at current rate , 1st parcel oughta be fully eaten by monday
20:07 asciilifeform http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4
20:07 a111 Logged on 2018-08-09 23:52 mircea_popescu: for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers.
20:08 asciilifeform http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367
20:08 a111 Logged on 2018-08-09 23:56 spykedbot: SSH banner of 202.58.97.178: SSH-2.0-ROSSSH
20:11 asciilifeform http://btcbase.org/log/2018-08-09#1840619 << would be lulzy to watch the scorpion sting itself, tho
20:11 a111 Logged on 2018-08-09 23:56 mircea_popescu: http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos.
20:18 asciilifeform http://btcbase.org/log/2018-08-09#1840621 << a random sampling of your dropbears reveals them to huawei ( e.g. 143.255.155.51 is a HG8247H , 14.187.228.175 -- a HG8045A ) , and ubiquiti ( 188.255.132.97 -- 'air os' )
20:18 a111 Logged on 2018-08-09 23:57 mircea_popescu: anyway. dropbear_2013.62 worth a looksee ?
20:18 asciilifeform with working www-facing admin prompts
20:19 asciilifeform 143.255.154.65 -- HG8247H
20:19 asciilifeform and they're ~all in orcistans, argentina, vietnam, etc ;
20:20 asciilifeform and pretty busy bees -- loading the admin prompt takes almost whole minute for some of these
20:20 * asciilifeform suspects the most elementary default creds shitrouter worm
20:22 asciilifeform http://btcbase.org/log/2018-08-10#1840631 << btw i dun have'em all unpacked yet, but estimate the net weight to be somewhere b/w 300 and 500 mil. rsa mods
20:22 a111 Logged on 2018-08-10 00:07 asciilifeform: http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4
20:26 asciilifeform http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains
20:26 a111 Logged on 2018-08-10 00:00 mircea_popescu: http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr.
20:27 mod6 http://btcbase.org/log/2018-08-09#1840476 << Ok, Sir! Thanks, looks good :]
20:27 a111 Logged on 2018-08-09 16:49 asciilifeform: mod6: plox to test and confirm.
20:27 asciilifeform ty mod6
20:27 mod6 np
20:28 mod6 Lords and Ladies: We have a rockchip ready to go! Let us know if interested, details here if you didn't know already: http://pizarroisp.net/pizarro-hosting-rate-sheet/
20:28 asciilifeform ^ nao with out-of-the-crate iptables support
20:29 * asciilifeform doesn't anticipate making any further changes to the pizarro rk kernel, at least while we use same iron
20:30 asciilifeform mod6: iirc there's another unit that will be vacant next wk. it will get same setup.
20:30 asciilifeform ( unless , i suppose , trinque proclaims arm64 cuntoo release b/w nao and then )
20:32 mod6 About 10 days until that one expires, ya.
20:32 asciilifeform aah
20:38 * mircea_popescu waves
20:39 asciilifeform how was crocodile central , mircea_popescu ?
20:39 mircea_popescu aactualy arenal is a volcano, no crocs there.
20:39 asciilifeform oh neato
20:40 mircea_popescu however, nude beauties bathe in waterfalls. not a complete loss.
20:40 * asciilifeform naively assumed an 'arenal' to be a beach
20:40 mircea_popescu well, there's a lake, and of course jacuzzipools etc. but anyways.
20:41 mircea_popescu in this country water's a safe assumption. if none on the ground, some will coming in via aeropost soon enough.
20:41 asciilifeform it gotta go somewhere, neh.
20:42 mircea_popescu there's also you know, 200m drop bridges and gazebos overlooking miles of jungle and stuff like that.
20:42 asciilifeform i gotta go and see some of this..
20:43 mircea_popescu i expect you'd enjoy.
20:48 mod6 hola mircea_popescu
20:48 mircea_popescu hey hey
20:49 mod6 sounds like a serene trip 'eh!
20:49 mircea_popescu pretty good
20:50 mircea_popescu meanwhile the pantsuit wank is overpowering, both odorously and lulzy. "digital divide" for instance ? totally term of pantsuit (idiocy is not an art).
20:50 asciilifeform i had to look that one up, lol
20:51 mircea_popescu http://btcbase.org/log/2018-08-10#1840633 << wowza, we actually have the ssh keys for some of these ?
20:51 a111 Logged on 2018-08-10 00:08 asciilifeform: http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367
20:51 mod6 they're fuckin everywhere
20:51 mircea_popescu inb4 tmsr did it
20:52 asciilifeform mircea_popescu: not only do we , but http://logs.bvulpes.com/asciilifeform?d=2018-8-10#411746 ( and elsewhere, earlier ), if can find how they constrained the keyspace, can pop ~all~ of'em
20:52 mimisbrunnr Logged on 2018-08-09 21:21 asciilifeform: if can find the originating booby, can potentially turn half dozen pops, into several 10k.
20:52 asciilifeform elementarily.
20:52 mircea_popescu http://btcbase.org/log/2018-08-10#1840646 << i don't mean that, i mean specifically http://btcbase.org/log/2018-05-22#1816498 part.
20:52 a111 Logged on 2018-08-10 00:26 asciilifeform: http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains
20:52 a111 Logged on 2018-05-22 05:11 mircea_popescu: this paradigm readily explains the soviet state - "rock and roll" relationship, and moreover that historical accident had a lot to do with why alphabet even ~exists~ today. otherwise, on the naked strength of imaginary "advertising revenue" google is worth ~dozen stackexchanges/slashdots/sourceforges. but, generals always fight last year's war, and so here we are, "bayesian lesswisdom".
20:53 asciilifeform hmm, not sure i get it
20:54 mircea_popescu ummm wtf happened here.
20:54 mircea_popescu http://btcbase.org/log/2018-07-16#1834921 << i mislinked.
20:54 a111 Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers.
20:54 asciilifeform aaa
20:55 mircea_popescu "digital divide" a-ok nao, for reasons (see "code of conduct", i'm sure it explains why they can blather all they want for as long as they do exactly what we say etc)
20:58 asciilifeform mircea_popescu: 'seclist' lulzfest linked specifically for the laugh where some boeck figure loses his shit because some 'traitor' didn't wait the requisite 14days usg wanted etc
21:00 asciilifeform !!up rain2
21:00 deedbot rain2 voiced for 30 minutes.
21:00 asciilifeform rain2: hello ?
21:00 rain2 thanks
21:01 asciilifeform rain2: who are you , and what brings you to #trilema ?
21:01 rain2 mircea_popescu
21:02 asciilifeform mircea_popescu: seems like one of yer patients, showing signs of life !
21:03 rain2 this seems very interesting and i want to learn about it
21:03 mod6 get in the wot, rent a rockchip, become a start
21:03 mod6 *star
21:04 asciilifeform rain2: consider reading The Log , http://btcbase.org/log/ , until he wakes up
21:04 * mod6 sales moad - active
21:05 asciilifeform rain2: chances are, more or less any interesting subj you've ever thought about , is somewhere in the log. make use of the search.
21:05 rain2 I will!
21:07 asciilifeform rain2: while you have the microphone, want to say something about yerself ?
21:07 asciilifeform on my planet, folx introduce themselves, e.g. 'i am bob and i drive a rubbish truck'
21:08 asciilifeform 'i am joe, and i recycle baby pandas' . etc
21:10 asciilifeform rain2: ... and if you have a www , link it .
21:11 rain2 if you like the scheme programming language, i have blogged about it https://rain-1.github.io/scheme
21:12 rain2 I think V is cool
21:13 asciilifeform rain2: 'The compiler doesn’t actually emit a sequence of 64 bit words though. It emits a “tokens” which the virtual machine can read in and translate into 64 bit words before they get executed.' << out of curiosity, why didja do this
21:14 asciilifeform why not output threadedcode, a la Forth, directly
21:15 rain2 i'm not that good with forth - I want to learn it better but it's difficult. I think if we did output threaded code directly that could be a real improvement
21:15 trinque rain2: by chance is english not your first language?
21:16 asciilifeform rain2: incidentally you will prolly find the recent work by spyked , http://thetarpit.org/posts/y04/074-adalisp-prototype.html + http://btcbase.org/patches/adalisp_genesis , to be of interest
21:17 rain2 nice
21:18 asciilifeform rain2: i recommend to register with deedbot :
21:18 asciilifeform !!help
21:18 deedbot http://deedbot.org/help.html
21:18 asciilifeform rain2: ... and then i will rate you , and you will be able to self-voice.
21:18 * asciilifeform will bbl
21:19 rain2 !!register https://pgp.mit.edu/pks/lookup?op=get&search=0x4CF88D683C827AC8
21:19 deedbot 891F03D110B58CD7985D5FBB4CF88D683C827AC8 registered as rain2.
21:20 trinque !!rate rain2 1 schemer
21:20 deedbot Get your OTP: http://p.bvulpes.com/pastes/197ss/?raw=true
21:20 rain2 thank you
21:21 trinque !!v 0378023FB86518671AAB8A0EFD9E4919E599AAF780052962140933C41F7F052E
21:21 deedbot trinque rated rain2 1 << schemer
21:22 trinque sure thing, you can now pm deedbot !!up
21:22 rain2 how are you?
21:22 trinque winding down after a long day; yourself?
21:23 rain2 yep just poking around online
21:23 trinque you said mp brought you? are you a reader of his blog?
21:23 mircea_popescu trinque i said something in <wsm> kaniini has invited you to join #litepub
21:24 trinque ah ok
21:24 rain2 oh he didn't bring me, ifollowed
21:25 mircea_popescu !!up kaniini
21:25 deedbot kaniini voiced for 30 minutes.
21:25 mircea_popescu asciilifeform fellow's about to discover phuctor, i guess.
21:25 kaniini well, i am not surprised by the finding that the keys are weak, given it is embedded shitboxes
21:25 mircea_popescu ~relevant bit being i guess "<kaniini> now that's a nick i haven't seen in a while. there is already https://github.com/kaniini/antissh that pops most of them. this stuff about keys is interesting though"
21:26 mircea_popescu i hope you don't mind the quote.
21:26 kaniini i didn't bother to check the keys yet
21:27 mircea_popescu anyway ; tmsr has been running a ~yearly survey of the ipv4 space. results are lulzy, likle http://trilema.com/2016/internet-census-2016/
21:28 mircea_popescu (various other lulzolade, say http://trilema.com/2017/the-incidental-humiliation-of-obamas-clean-energy-policies-marc-andreessens-internet-of-farts-and-other-such-comedic-gold-bricks/ sorta 2nd step from there)
21:33 kaniini i guess, the question is, i wonder if we can check somehow in real time
21:33 kaniini if a key is vulnerable
21:33 kaniini if key is good, then we can skip scanning it
21:34 kaniini a lot of the devices will let you log in anyway,
21:34 kaniini and then it will send something like "Invalid password"
21:34 kaniini but you can open direct-tcpip channels
21:34 kaniini i'd say at least half of the ips i have seen are like that
21:38 mircea_popescu kaniini ~new~ keys are generally queued because the factorization process is somewhat involved. but there's a real time rss in #asciilifeform
21:39 mircea_popescu wtf do you mean "log you in anyway"
21:39 mircea_popescu rain2 say !!up to deedbot in pm, then !!v the string it gives you.
21:39 rain2 super!
21:40 kaniini mircea_popescu i mean, it will open a terminal channel and dump you into a login(1) type program, instead of rejecting the password
21:40 kaniini mircea_popescu so from perspective of sshd, you're fully logged in and can do whatever you want
21:40 mircea_popescu jaysus
21:41 kaniini mircea_popescu but you have this worthless terminal channel
21:41 mircea_popescu who does this ? huawei ? all of em ?
21:41 kaniini those are the huaweis
21:41 kaniini mikrotik routeros is thankfully not that bad
21:41 mircea_popescu aha! so that's why they keep popping up.
21:42 kaniini i wonder if checking exponent on these huawei keys will be interesting
21:42 kaniini if they are non-prime that would be an easy thing to check
21:43 mircea_popescu not hard to extract e from pubkey.
21:43 kaniini yeah
21:43 mircea_popescu pretty sure someone published python to do it, even. jurov mebbe ? or spyked ?
~ 33 minutes ~
22:16 mircea_popescu !!up kaniini
22:16 deedbot kaniini voiced for 30 minutes.
22:16 mircea_popescu hey, got a pgp key ?
22:17 kaniini i don't
22:17 kaniini i can create one i suppose
22:19 mircea_popescu there's no other basis of identity online. people gotta know who they talk to.
22:24 mircea_popescu http://trilema.com/wp-content/uploads/2014/06/mircea_popescu.jpg << like this, you know ?
22:26 kaniini the huaweis use static kexinit data too it seems
~ 37 minutes ~
23:03 Mocky so in reading the logs I see that musl is a libc which is smaller and stricter than glibc. is there such a thing for c++ standard library or is it not needed?
~ 18 minutes ~
23:22 asciilifeform Mocky: cpp proggy always rides on libc. witness trb, the orig experiment with musl here.
23:22 asciilifeform !#s rotor
23:22 a111 493 results for "rotor", http://btcbase.org/log-search?q=rotor
23:22 asciilifeform ^ some history.
23:25 asciilifeform http://btcbase.org/log/2018-08-10#1840769 << nonprime e per se dun make for simple break ( tho it tends to go along with other sad, which is why i mark'em in phuctor )
23:25 a111 Logged on 2018-08-10 01:42 kaniini: if they are non-prime that would be an easy thing to check
23:26 asciilifeform http://btcbase.org/log/2018-08-10#1840780 << can't be ~entirely~ static seedturd , or they'd all have exactly same key; gotta be something moar along the lines of the debian lulz
23:26 a111 Logged on 2018-08-10 02:26 kaniini: the huaweis use static kexinit data too it seems
23:27 * asciilifeform bbl,meat
~ 25 minutes ~
23:52 mircea_popescu asciilifeform entirely possible they actually do, say very narrow keyspace.
← 2018-08-08 | 2018-08-10 →

Random(trilema) | Download hourly DB snapshot | Get Source Code

Theme: Light | Dark | System Default