04:45 |
spyked |
!S ssh github.com |
04:45 |
spykedbot |
SSH banner of github.com: SSH-2.0-libssh_0.7.0 |
04:45 |
spyked |
!S ssh 197.53.92.104 |
04:45 |
spyked |
!S ssh 115.84.92.92 |
04:45 |
spykedbot |
SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 |
04:47 |
spyked |
^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this. |
| |
↖ |
| |
~ 5 hours 17 minutes ~ |
10:05 |
jurov |
spyked: when querying via DNS, perhaps show the IP address, too? |
10:06 |
jurov |
and github.com resolves to two IPs (but that'd be perhaps too complicated to implement) |
10:17 |
spyked |
jurov, thanks for the idea! sbcl's resolver (sb-bsd-sockets:get-host-by-name) returns both addresses on my machine, but querying each of them for the banner might break the one-response-per-command rule (I could try to string them all together in one response, but I find that ugly). so maybe I could add DNS resolution as a separate command? |
10:20 |
spyked |
some tests using sbcl, for reference: http://p.bvulpes.com/pastes/lMcV9/?raw=true |
10:29 |
jurov |
yes, extra dns resolution could prove useful |
| |
↖ |
10:32 |
jurov |
in the light of https://archive.is/PLWLd |
10:36 |
jurov |
while !S can be kept as is, only show the one IP banner is from. |
| |
~ 16 minutes ~ |
10:53 |
asciilifeform |
'Mozilla wants to override any configured DNS server with Cloudflare' << pretty lulzy |
10:53 |
asciilifeform |
( nao whether somebody, somewhere, still uses recent mozilla, is separate q ) |
| |
↖ |
10:53 |
asciilifeform |
mod6: new rk kernel baked, tested, worx. |
10:57 |
BingoBoingo |
asciilifeform: Ready for the swappy dance? |
10:57 |
asciilifeform |
BingoBoingo: zipping up kernel, will ping you |
10:57 |
BingoBoingo |
Standing by |
| |
~ 19 minutes ~ |
11:17 |
asciilifeform |
BingoBoingo: ok to swap |
11:17 |
BingoBoingo |
asciilifeform: Alright, walking over |
| |
~ 20 minutes ~ |
11:37 |
BingoBoingo |
Drive C is in Dulap |
11:37 |
asciilifeform |
ty |
11:39 |
asciilifeform |
snapshotting nao |
11:39 |
BingoBoingo |
Standing by |
11:48 |
asciilifeform |
BingoBoingo: ok to remove and boot C back up |
11:48 |
asciilifeform |
BingoBoingo: you mentioned that you want yours reimaged ? didja back up the thing ? |
11:49 |
BingoBoingo |
asciilifeform: I have the stuff I need off of it. |
11:49 |
asciilifeform |
BingoBoingo: incl any /etc configolade ? |
11:49 |
asciilifeform |
it'll all vanish |
11:49 |
asciilifeform |
if this worx for you, go ahead and move your drive over to dulap |
11:50 |
asciilifeform |
which unit were you again ? 'E' ? |
11:50 |
BingoBoingo |
F |
11:50 |
asciilifeform |
ok |
11:50 |
BingoBoingo |
C is back |
11:50 |
asciilifeform |
lemme know when F's disk is in |
11:51 |
BingoBoingo |
<asciilifeform> BingoBoingo: incl any /etc configolade ? << I have my custom stuff. F is in |
11:51 |
asciilifeform |
ok, this'll take 20-30min, can go eat |
11:51 |
BingoBoingo |
tyvm |
11:54 |
asciilifeform |
BingoBoingo: let's take the rest of this to #p, to reduce log pollution. ping me there when you get back. |
| |
~ 17 minutes ~ |
12:12 |
asciilifeform |
meanwhile, in heathendom, https://archive.is/aiaQH << linux 4.xx arbitrary r/w 0day |
12:13 |
asciilifeform |
'The bug only affects kernels that have CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE enabled, which is done by a lot of modern distros' << i.e. none of asciilifeform's kernels |
12:14 |
asciilifeform |
but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...' |
| |
↖ |
12:16 |
asciilifeform |
and the cucks entertain, https://archive.is/4L8IS >> from one 'Solar Designer' , kernelist, 'However, with CERT involved and with related issues affecting more than just Linux, there was little I could do, short of playing full BOFH and breaking the semi-embargo for everyone. While I think that would have been for the general public's benefit overall, I didn't feel about it strongly enough to actually do it this time. I apologize f |
12:16 |
asciilifeform |
or letting this happen. (At the same time, I did force another semi-public issue to oss-security right away since that one didn't involve coordination with so many parties.)' |
12:20 |
asciilifeform |
for non-expert entomologists : the perps ( i dun distinguish b/w 'bug'-inserters and coverup-artists ) ~continue~ to spew the squid ink where the patch is disguised as 'for denial of service bug' rather than arbitrary r/w -- despite the cat being out of the bag for nearly whole day nao |
12:22 |
asciilifeform |
'responsible disclosure'(tm)(r), didjaknow. |
12:24 |
asciilifeform |
( consists, in practice, of regular warm, wet kisses from usg.nsa straight into mouths of folx still using 'modern distros' , followed up by generous cocktail of obfuscatory lies to the public , then exposure, then the usual fudstorm to try an' keep the ruse alive for a bonus day or three ) |
12:27 |
asciilifeform |
BingoBoingo: i gotta step into meatspace for a spell, see #p log for next instruction |
| |
~ 18 minutes ~ |
12:45 |
mod6 |
<+asciilifeform> mod6: new rk kernel baked, tested, worx. << nice! thanks for baking. |
12:49 |
asciilifeform |
mod6: http://p.bvulpes.com/pastes/0bETd/?raw=true |
12:49 |
asciilifeform |
mod6: plox to test and confirm. |
| |
↖ |
| |
~ 22 minutes ~ |
13:11 |
mod6 |
Ok will check it out when I can. |
| |
~ 58 minutes ~ |
14:09 |
asciilifeform |
mod6: it's simply the launch codes for rk 'C' ( previously occupied by mats ) , it is ready for new user. |
14:22 |
mod6 |
Ah, thanks alf. Much appreciated. |
| |
~ 1 hours 9 minutes ~ |
15:31 |
asciilifeform |
in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.' |
| |
↖ |
15:31 |
asciilifeform |
'Like I said, what we're supporting with (linux-)distros is a certain kind of "selective disclosure".' |
15:35 |
asciilifeform |
( for folx who dun feel like digging through that particular latrine pit -- they have an explicit '14 day embargo' to give nsa time to drill new holes into victims ) |
15:35 |
BingoBoingo |
So on this third day of baking, the dough may become a pizza crust instead of a bread. We'll see after incoming Qntra |
| |
~ 17 minutes ~ |
15:53 |
deedbot |
http://qntra.net/2018/08/emergency-wireless-gateways-making-holes-in-substantial-numbers-of-usg-assets/ << Qntra - "Emergency" Wireless Gateways Making Holes in Substantial Numbers Of USG Assets |
| |
~ 1 hours 14 minutes ~ |
17:07 |
asciilifeform |
in other lulz, 'The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations.' |
17:08 |
asciilifeform |
Run Moar Googlelade. |
17:08 |
asciilifeform |
'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc. |
| |
↖ |
| |
~ 28 minutes ~ |
17:36 |
BingoBoingo |
lol |
17:46 |
asciilifeform |
meanwhile, in castles, http://logs.bvulpes.com/asciilifeform?d=2018-8-9#411725 << thread of interest to phuctor readership |
17:46 |
mimisbrunnr |
Logged on 2018-08-09 21:08 mats: fun |
17:53 |
asciilifeform |
about half of the 1st ( of 24!) parcel of 27M keyz from mats , eaten up nao. by end of next wk, will grind. |
17:54 |
asciilifeform |
( eater is order of magnitude faster today than last yr, but still slowest component ) |
| |
~ 1 hours 35 minutes ~ |
19:29 |
mircea_popescu |
asciilifeform any pops ? |
| |
↖ |
19:34 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840430 << very nice ; and could drop a "IP not known" on failure, sure. |
19:34 |
a111 |
Logged on 2018-08-09 08:47 spyked: ^ note that the default behaviour now is "say nothing on failure". I'm not convinced that this is the proper way to interact, would like to hear opinions on this. |
19:35 |
mircea_popescu |
http://btcbase.org/log/2018-08-08#1840385 << hurr. idiots. |
19:35 |
a111 |
Logged on 2018-08-08 17:04 asciilifeform: 'The security researcher also recommended we consider using GPG signing for Homebrew/homebrew-core. The Homebrew project leadership committee took a vote on this and it was rejected non-unanimously due to workflow concerns.' |
19:35 |
mircea_popescu |
their fucking "workflow". as if anyone "working" for github ever did any work. |
19:37 |
mircea_popescu |
http://btcbase.org/log/2018-08-08#1840398 << let me guess, argentine national. |
19:37 |
a111 |
Logged on 2018-08-08 17:32 ben_vulpes: inserter-between-in-chief |
19:50 |
mircea_popescu |
!S ssh 106.242.174.238 |
19:51 |
mircea_popescu |
!S ssh 115.84.92.92 |
19:51 |
spykedbot |
SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 |
19:51 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840435 << useful in more than one way, actually ; we've had cases before where people dig'd by hand to see whether dns problem local or what. |
19:51 |
a111 |
Logged on 2018-08-09 14:29 jurov: yes, extra dns resolution could prove useful |
19:51 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840439 << or whether someone somewhere doesn't have cloudflare drop'd |
19:51 |
a111 |
Logged on 2018-08-09 14:53 asciilifeform: ( nao whether somebody, somewhere, still uses recent mozilla, is separate q ) |
19:52 |
mircea_popescu |
for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers. |
| |
↖ |
19:53 |
mircea_popescu |
tsk. turns out spykedbot does not actually answer in pm ;/ |
19:53 |
* |
mircea_popescu apologizes for teh incoming spam. |
19:53 |
mircea_popescu |
!S ssh 106.242.174.238 |
19:53 |
mircea_popescu |
!S ssh 106.84.44.243 |
19:53 |
mircea_popescu |
!S ssh 106.87.14.22 |
19:53 |
mircea_popescu |
!S ssh 110.9.75.121 |
19:53 |
mircea_popescu |
!S ssh 112.171.197.223 |
19:53 |
mircea_popescu |
!S ssh 113.169.16.251 |
19:53 |
mircea_popescu |
!S ssh 113.173.165.248 |
19:53 |
mircea_popescu |
!S ssh 113.179.70.53 |
19:53 |
mircea_popescu |
!S ssh 113.195.163.247 |
19:53 |
mircea_popescu |
!S ssh 114.205.80.49 |
19:53 |
mircea_popescu |
!S ssh 114.67.143.10 |
19:53 |
mircea_popescu |
!S ssh 115.49.57.28 |
19:53 |
mircea_popescu |
!S ssh 115.84.92.92 |
19:53 |
spykedbot |
SSH banner of 114.67.143.10: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 |
19:53 |
mircea_popescu |
!S ssh 117.196.233.112 |
19:53 |
spykedbot |
SSH banner of 115.84.92.92: SSH-2.0-dropbear_2013.62 |
19:53 |
mircea_popescu |
!S ssh 117.7.182.97 |
19:54 |
mircea_popescu |
!S ssh 118.69.64.157 |
19:54 |
mircea_popescu |
!S ssh 119.195.172.233 |
19:54 |
mircea_popescu |
!S ssh 119.207.206.122 |
19:54 |
mircea_popescu |
!S ssh 119.42.81.39 |
19:54 |
mircea_popescu |
!S ssh 119.42.86.179 |
19:54 |
mircea_popescu |
!S ssh 121.129.179.28 |
19:54 |
mircea_popescu |
!S ssh 121.130.237.112 |
19:54 |
mircea_popescu |
!S ssh 121.140.73.245 |
19:54 |
mircea_popescu |
!S ssh 121.167.20.54 |
19:54 |
mircea_popescu |
!S ssh 121.55.180.50 |
19:54 |
mircea_popescu |
!S ssh 122.130.80.150 |
19:54 |
mircea_popescu |
!S ssh 122.179.50.205 |
19:54 |
mircea_popescu |
!S ssh 122.225.94.226 |
19:54 |
spykedbot |
SSH banner of 122.225.94.226: SSH-1.99-OpenSSH_3.7.1p2 |
19:54 |
mircea_popescu |
!S ssh 123.21.14.197 |
19:54 |
mircea_popescu |
!S ssh 123.21.165.68 |
19:54 |
mircea_popescu |
!S ssh 123.21.229.66 |
19:54 |
mircea_popescu |
!S ssh 123.28.232.86 |
19:54 |
mircea_popescu |
!S ssh 125.132.47.77 |
19:54 |
mircea_popescu |
!S ssh 125.86.179.173 |
19:54 |
mircea_popescu |
!S ssh 128.0.12.139 |
19:54 |
spykedbot |
SSH banner of 128.0.12.139: SSH-1.99-OpenSSH_5.1 |
19:54 |
mircea_popescu |
!S ssh 14.100.10.86 |
19:54 |
mircea_popescu |
!S ssh 14.169.218.153 |
19:54 |
mircea_popescu |
!S ssh 14.187.228.175 |
19:54 |
spykedbot |
SSH banner of 14.187.228.175: SSH-2.0-dropbear_2013.62 |
19:54 |
mircea_popescu |
!S ssh 14.32.233.240 |
19:54 |
mircea_popescu |
!S ssh 143.255.154.52 |
19:54 |
spykedbot |
SSH banner of 143.255.154.52: SSH-2.0-dropbear_2013.62 |
19:54 |
mircea_popescu |
!S ssh 143.255.154.65 |
19:54 |
spykedbot |
SSH banner of 143.255.154.65: SSH-2.0-dropbear_2013.62 |
19:54 |
mircea_popescu |
!S ssh 143.255.155.51 |
19:54 |
spykedbot |
SSH banner of 143.255.155.51: SSH-2.0-dropbear_2013.62 |
19:54 |
mircea_popescu |
!S ssh 146.115.241.104 |
19:55 |
mircea_popescu |
!S ssh 149.71.237.206 |
19:55 |
mircea_popescu |
!S ssh 156.194.216.250 |
19:55 |
mircea_popescu |
!S ssh 156.213.183.52 |
19:55 |
mircea_popescu |
!S ssh 159.192.248.185 |
19:55 |
mircea_popescu |
!S ssh 173.245.202.70 |
19:55 |
mircea_popescu |
!S ssh 175.115.29.17 |
19:55 |
mircea_popescu |
!S ssh 175.122.60.179 |
19:55 |
mircea_popescu |
!S ssh 175.127.155.212 |
19:55 |
mircea_popescu |
!S ssh 175.194.18.167 |
19:55 |
mircea_popescu |
!S ssh 175.204.176.181 |
19:55 |
mircea_popescu |
!S ssh 179.39.225.64 |
19:55 |
mircea_popescu |
!S ssh 180.101.125.226 |
19:55 |
spykedbot |
SSH banner of 180.101.125.226: SSH-2.0-OpenSSH_6.6.1 |
19:55 |
mircea_popescu |
!S ssh 180.93.110.100 |
19:55 |
mircea_popescu |
!S ssh 181.105.2.222 |
19:55 |
mircea_popescu |
!S ssh 182.72.180.58 |
19:55 |
mircea_popescu |
!S ssh 186.178.75.194 |
19:55 |
mircea_popescu |
!S ssh 186.223.65.189 |
19:55 |
mircea_popescu |
!S ssh 186.47.170.45 |
19:55 |
spykedbot |
SSH banner of 186.47.170.45: SSH-2.0-dropbear_2013.62 |
19:55 |
mircea_popescu |
!S ssh 188.255.132.97 |
19:55 |
spykedbot |
SSH banner of 188.255.132.97: SSH-2.0-dropbear_2014.63 |
19:55 |
mircea_popescu |
!S ssh 189.110.232.164 |
19:55 |
mircea_popescu |
!S ssh 190.3.49.221 |
19:55 |
spykedbot |
SSH banner of 190.3.49.221: SSH-2.0-dropbear_2013.62 |
19:55 |
mircea_popescu |
!S ssh 192.140.93.67 |
19:55 |
mircea_popescu |
!S ssh 197.39.84.100 |
19:55 |
mircea_popescu |
!S ssh 197.41.151.9 |
19:55 |
mircea_popescu |
!S ssh 197.50.31.129 |
19:55 |
mircea_popescu |
!S ssh 197.53.92.104 |
19:55 |
mircea_popescu |
!S ssh 200.5.122.129 |
19:55 |
spykedbot |
SSH banner of 200.5.122.129: SSH-1.99-OpenSSH_5.8 |
19:55 |
mircea_popescu |
!S ssh 200.71.93.77 |
19:56 |
mircea_popescu |
!S ssh 202.58.97.178 |
19:56 |
spykedbot |
SSH banner of 202.58.97.178: SSH-2.0-ROSSSH |
| |
↖ |
19:56 |
mircea_popescu |
!S ssh 203.251.62.131 |
19:56 |
mircea_popescu |
!S ssh 203.81.155.53 |
19:56 |
mircea_popescu |
!S ssh 205.185.223.162 |
19:56 |
mircea_popescu |
!S ssh 209.107.210.162 |
19:56 |
mircea_popescu |
!S ssh 209.107.214.95 |
19:56 |
mircea_popescu |
!S ssh 209.197.30.231 |
19:56 |
mircea_popescu |
!S ssh 210.96.184.134 |
19:56 |
mircea_popescu |
!S ssh 211.209.60.145 |
19:56 |
mircea_popescu |
!S ssh 213.242.26.225 |
19:56 |
mircea_popescu |
!S ssh 216.151.183.64 |
19:56 |
mircea_popescu |
!S ssh 219.255.51.23 |
19:56 |
mircea_popescu |
!S ssh 221.156.54.207 |
19:56 |
mircea_popescu |
!S ssh 31.131.122.188 |
19:56 |
mircea_popescu |
!S ssh 31.148.232.210 |
19:56 |
mircea_popescu |
!S ssh 31.45.134.254 |
19:56 |
mircea_popescu |
!S ssh 32.212.87.18 |
19:56 |
mircea_popescu |
!S ssh 37.245.139.74 |
19:56 |
mircea_popescu |
!S ssh 41.210.24.47 |
19:56 |
mircea_popescu |
!S ssh 41.235.243.110 |
19:56 |
mircea_popescu |
!S ssh 5.152.157.238 |
19:56 |
mircea_popescu |
!S ssh 58.238.124.19 |
19:56 |
mircea_popescu |
!S ssh 58.82.130.170 |
19:56 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos. |
| |
↖ |
19:56 |
a111 |
Logged on 2018-08-09 16:14 asciilifeform: but still lulzy wankage, e.g., https://archive.is/qeO5s >> 'Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members ...' |
19:57 |
mircea_popescu |
anyway. dropbear_2013.62 worth a looksee ? |
| |
↖ |
20:00 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr. |
| |
↖ |
20:00 |
a111 |
Logged on 2018-08-09 19:31 asciilifeform: in continuing lulz, 'Which "club"? If you're an Open Source operating system distro, you can now apply to join (linux-)distros under our published criteria. Otherwise, yes, you're out of luck joining that "club". This is "selective disclosure", and it has drawbacks. There's no perfect alternative.' |
20:02 |
mircea_popescu |
http://btcbase.org/log/2018-08-09#1840487 << and i'm sure http://trilema.com/2016/and-they-wont-fucking-yield/ "we" have to "explain" why some randos calling themselves names aren't the names they chose but the names we chose. |
20:02 |
a111 |
Logged on 2018-08-09 21:08 asciilifeform: 'In about 500 submissions on average we recover the whole key' << from e.g. montrezor, other shitwallets, etc. |
20:04 |
asciilifeform |
ohai mircea_popescu ! wb. |
20:04 |
* |
asciilifeform eats log.. |
20:05 |
asciilifeform |
http://btcbase.org/log/2018-08-09#1840493 << i'ma fire'em 1 full parcel at a time ( i.e. weekly ) ; output will ( per trinque's earlier note ) land in #asciilifeform for all interested. |
20:05 |
a111 |
Logged on 2018-08-09 23:29 mircea_popescu: asciilifeform any pops ? |
20:06 |
asciilifeform |
at current rate , 1st parcel oughta be fully eaten by monday |
20:07 |
asciilifeform |
http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4 |
| |
↖ |
20:07 |
a111 |
Logged on 2018-08-09 23:52 mircea_popescu: for future entomologists : entire list of http://p.bvulpes.com/pastes/akDqm/?raw=true (seeming fixed ips in the recent bot attack) produced 0 matches. home routers. |
20:08 |
asciilifeform |
http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367 |
| |
↖ |
20:08 |
a111 |
Logged on 2018-08-09 23:56 spykedbot: SSH banner of 202.58.97.178: SSH-2.0-ROSSSH |
20:11 |
asciilifeform |
http://btcbase.org/log/2018-08-09#1840619 << would be lulzy to watch the scorpion sting itself, tho |
20:11 |
a111 |
Logged on 2018-08-09 23:56 mircea_popescu: http://btcbase.org/log/2018-08-09#1840467 << o look, they're gonna sue their own cvasi orc republic because nonos. |
20:18 |
asciilifeform |
http://btcbase.org/log/2018-08-09#1840621 << a random sampling of your dropbears reveals them to huawei ( e.g. 143.255.155.51 is a HG8247H , 14.187.228.175 -- a HG8045A ) , and ubiquiti ( 188.255.132.97 -- 'air os' ) |
20:18 |
a111 |
Logged on 2018-08-09 23:57 mircea_popescu: anyway. dropbear_2013.62 worth a looksee ? |
20:18 |
asciilifeform |
with working www-facing admin prompts |
20:19 |
asciilifeform |
143.255.154.65 -- HG8247H |
20:19 |
asciilifeform |
and they're ~all in orcistans, argentina, vietnam, etc ; |
20:20 |
asciilifeform |
and pretty busy bees -- loading the admin prompt takes almost whole minute for some of these |
20:20 |
* |
asciilifeform suspects the most elementary default creds shitrouter worm |
20:22 |
asciilifeform |
http://btcbase.org/log/2018-08-10#1840631 << btw i dun have'em all unpacked yet, but estimate the net weight to be somewhere b/w 300 and 500 mil. rsa mods |
20:22 |
a111 |
Logged on 2018-08-10 00:07 asciilifeform: http://btcbase.org/log/2018-08-09#1840508 << will be interesting to check these against mats's mega-collection ( subj above ) , as i understand it is reasonably fresh and covers good % of ipv4 |
20:26 |
asciilifeform |
http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains |
| |
↖ |
20:26 |
a111 |
Logged on 2018-08-10 00:00 mircea_popescu: http://btcbase.org/log/2018-08-09#1840480 << forgot to mention which log they read to get the "idea". because totally, it'll no longer be "we copied tmsr" if they don't admit they copied tmsr. |
20:27 |
mod6 |
http://btcbase.org/log/2018-08-09#1840476 << Ok, Sir! Thanks, looks good :] |
20:27 |
a111 |
Logged on 2018-08-09 16:49 asciilifeform: mod6: plox to test and confirm. |
20:27 |
asciilifeform |
ty mod6 |
20:27 |
mod6 |
np |
20:28 |
mod6 |
Lords and Ladies: We have a rockchip ready to go! Let us know if interested, details here if you didn't know already: http://pizarroisp.net/pizarro-hosting-rate-sheet/ |
20:28 |
asciilifeform |
^ nao with out-of-the-crate iptables support |
20:29 |
* |
asciilifeform doesn't anticipate making any further changes to the pizarro rk kernel, at least while we use same iron |
20:30 |
asciilifeform |
mod6: iirc there's another unit that will be vacant next wk. it will get same setup. |
20:30 |
asciilifeform |
( unless , i suppose , trinque proclaims arm64 cuntoo release b/w nao and then ) |
20:32 |
mod6 |
About 10 days until that one expires, ya. |
20:32 |
asciilifeform |
aah |
20:38 |
* |
mircea_popescu waves |
20:39 |
asciilifeform |
how was crocodile central , mircea_popescu ? |
20:39 |
mircea_popescu |
aactualy arenal is a volcano, no crocs there. |
20:39 |
asciilifeform |
oh neato |
20:40 |
mircea_popescu |
however, nude beauties bathe in waterfalls. not a complete loss. |
20:40 |
* |
asciilifeform naively assumed an 'arenal' to be a beach |
20:40 |
mircea_popescu |
well, there's a lake, and of course jacuzzipools etc. but anyways. |
20:41 |
mircea_popescu |
in this country water's a safe assumption. if none on the ground, some will coming in via aeropost soon enough. |
20:41 |
asciilifeform |
it gotta go somewhere, neh. |
20:42 |
mircea_popescu |
there's also you know, 200m drop bridges and gazebos overlooking miles of jungle and stuff like that. |
20:42 |
asciilifeform |
i gotta go and see some of this.. |
20:43 |
mircea_popescu |
i expect you'd enjoy. |
20:48 |
mod6 |
hola mircea_popescu |
20:48 |
mircea_popescu |
hey hey |
20:49 |
mod6 |
sounds like a serene trip 'eh! |
20:49 |
mircea_popescu |
pretty good |
20:50 |
mircea_popescu |
meanwhile the pantsuit wank is overpowering, both odorously and lulzy. "digital divide" for instance ? totally term of pantsuit (idiocy is not an art). |
20:50 |
asciilifeform |
i had to look that one up, lol |
20:51 |
mircea_popescu |
http://btcbase.org/log/2018-08-10#1840633 << wowza, we actually have the ssh keys for some of these ? |
20:51 |
a111 |
Logged on 2018-08-10 00:08 asciilifeform: http://btcbase.org/log/2018-08-09#1840596 >> e.g. http://phuctor.nosuchlabs.com/factor/5411 , http://phuctor.nosuchlabs.com/factor/5367 |
20:51 |
mod6 |
they're fuckin everywhere |
20:51 |
mircea_popescu |
inb4 tmsr did it |
20:52 |
asciilifeform |
mircea_popescu: not only do we , but http://logs.bvulpes.com/asciilifeform?d=2018-8-10#411746 ( and elsewhere, earlier ), if can find how they constrained the keyspace, can pop ~all~ of'em |
20:52 |
mimisbrunnr |
Logged on 2018-08-09 21:21 asciilifeform: if can find the originating booby, can potentially turn half dozen pops, into several 10k. |
20:52 |
asciilifeform |
elementarily. |
20:52 |
mircea_popescu |
http://btcbase.org/log/2018-08-10#1840646 << i don't mean that, i mean specifically http://btcbase.org/log/2018-05-22#1816498 part. |
20:52 |
a111 |
Logged on 2018-08-10 00:26 asciilifeform: http://btcbase.org/log/2018-08-10#1840622 << the shitstains have been doing their 'coordinated disclosure' for , what , 20yrs nao , it isn't particularly 'idea', but rather the default herd-biological behaviour of shitstains |
20:52 |
a111 |
Logged on 2018-05-22 05:11 mircea_popescu: this paradigm readily explains the soviet state - "rock and roll" relationship, and moreover that historical accident had a lot to do with why alphabet even ~exists~ today. otherwise, on the naked strength of imaginary "advertising revenue" google is worth ~dozen stackexchanges/slashdots/sourceforges. but, generals always fight last year's war, and so here we are, "bayesian lesswisdom". |
20:53 |
asciilifeform |
hmm, not sure i get it |
20:54 |
mircea_popescu |
ummm wtf happened here. |
20:54 |
mircea_popescu |
http://btcbase.org/log/2018-07-16#1834921 << i mislinked. |
20:54 |
a111 |
Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers. |
20:54 |
asciilifeform |
aaa |
20:55 |
mircea_popescu |
"digital divide" a-ok nao, for reasons (see "code of conduct", i'm sure it explains why they can blather all they want for as long as they do exactly what we say etc) |
20:58 |
asciilifeform |
mircea_popescu: 'seclist' lulzfest linked specifically for the laugh where some boeck figure loses his shit because some 'traitor' didn't wait the requisite 14days usg wanted etc |
21:00 |
asciilifeform |
!!up rain2 |
21:00 |
deedbot |
rain2 voiced for 30 minutes. |
21:00 |
asciilifeform |
rain2: hello ? |
21:00 |
rain2 |
thanks |
21:01 |
asciilifeform |
rain2: who are you , and what brings you to #trilema ? |
21:01 |
rain2 |
mircea_popescu |
21:02 |
asciilifeform |
mircea_popescu: seems like one of yer patients, showing signs of life ! |
21:03 |
rain2 |
this seems very interesting and i want to learn about it |
21:03 |
mod6 |
get in the wot, rent a rockchip, become a start |
21:03 |
mod6 |
*star |
21:04 |
asciilifeform |
rain2: consider reading The Log , http://btcbase.org/log/ , until he wakes up |
21:04 |
* |
mod6 sales moad - active |
21:05 |
asciilifeform |
rain2: chances are, more or less any interesting subj you've ever thought about , is somewhere in the log. make use of the search. |
21:05 |
rain2 |
I will! |
21:07 |
asciilifeform |
rain2: while you have the microphone, want to say something about yerself ? |
21:07 |
asciilifeform |
on my planet, folx introduce themselves, e.g. 'i am bob and i drive a rubbish truck' |
21:08 |
asciilifeform |
'i am joe, and i recycle baby pandas' . etc |
21:10 |
asciilifeform |
rain2: ... and if you have a www , link it . |
21:11 |
rain2 |
if you like the scheme programming language, i have blogged about it https://rain-1.github.io/scheme |
21:12 |
rain2 |
I think V is cool |
21:13 |
asciilifeform |
rain2: 'The compiler doesn’t actually emit a sequence of 64 bit words though. It emits a “tokens” which the virtual machine can read in and translate into 64 bit words before they get executed.' << out of curiosity, why didja do this |
21:14 |
asciilifeform |
why not output threadedcode, a la Forth, directly |
21:15 |
rain2 |
i'm not that good with forth - I want to learn it better but it's difficult. I think if we did output threaded code directly that could be a real improvement |
21:15 |
trinque |
rain2: by chance is english not your first language? |
21:16 |
asciilifeform |
rain2: incidentally you will prolly find the recent work by spyked , http://thetarpit.org/posts/y04/074-adalisp-prototype.html + http://btcbase.org/patches/adalisp_genesis , to be of interest |
21:17 |
rain2 |
nice |
21:18 |
asciilifeform |
rain2: i recommend to register with deedbot : |
21:18 |
asciilifeform |
!!help |
21:18 |
deedbot |
http://deedbot.org/help.html |
21:18 |
asciilifeform |
rain2: ... and then i will rate you , and you will be able to self-voice. |
21:18 |
* |
asciilifeform will bbl |
21:19 |
rain2 |
!!register https://pgp.mit.edu/pks/lookup?op=get&search=0x4CF88D683C827AC8 |
21:19 |
deedbot |
891F03D110B58CD7985D5FBB4CF88D683C827AC8 registered as rain2. |
| |
↖ |
21:20 |
trinque |
!!rate rain2 1 schemer |
21:20 |
deedbot |
Get your OTP: http://p.bvulpes.com/pastes/197ss/?raw=true |
21:20 |
rain2 |
thank you |
21:21 |
trinque |
!!v 0378023FB86518671AAB8A0EFD9E4919E599AAF780052962140933C41F7F052E |
21:21 |
deedbot |
trinque rated rain2 1 << schemer |
21:22 |
trinque |
sure thing, you can now pm deedbot !!up |
21:22 |
rain2 |
how are you? |
21:22 |
trinque |
winding down after a long day; yourself? |
21:23 |
rain2 |
yep just poking around online |
| |
↖ |
21:23 |
trinque |
you said mp brought you? are you a reader of his blog? |
21:23 |
mircea_popescu |
trinque i said something in <wsm> kaniini has invited you to join #litepub |
21:24 |
trinque |
ah ok |
21:24 |
rain2 |
oh he didn't bring me, ifollowed |
21:25 |
mircea_popescu |
!!up kaniini |
21:25 |
deedbot |
kaniini voiced for 30 minutes. |
21:25 |
mircea_popescu |
asciilifeform fellow's about to discover phuctor, i guess. |
21:25 |
kaniini |
well, i am not surprised by the finding that the keys are weak, given it is embedded shitboxes |
21:25 |
mircea_popescu |
~relevant bit being i guess "<kaniini> now that's a nick i haven't seen in a while. there is already https://github.com/kaniini/antissh that pops most of them. this stuff about keys is interesting though" |
21:26 |
mircea_popescu |
i hope you don't mind the quote. |
21:26 |
kaniini |
i didn't bother to check the keys yet |
21:27 |
mircea_popescu |
anyway ; tmsr has been running a ~yearly survey of the ipv4 space. results are lulzy, likle http://trilema.com/2016/internet-census-2016/ |
21:28 |
mircea_popescu |
(various other lulzolade, say http://trilema.com/2017/the-incidental-humiliation-of-obamas-clean-energy-policies-marc-andreessens-internet-of-farts-and-other-such-comedic-gold-bricks/ sorta 2nd step from there) |
21:33 |
kaniini |
i guess, the question is, i wonder if we can check somehow in real time |
21:33 |
kaniini |
if a key is vulnerable |
21:33 |
kaniini |
if key is good, then we can skip scanning it |
21:34 |
kaniini |
a lot of the devices will let you log in anyway, |
21:34 |
kaniini |
and then it will send something like "Invalid password" |
21:34 |
kaniini |
but you can open direct-tcpip channels |
21:34 |
kaniini |
i'd say at least half of the ips i have seen are like that |
21:38 |
mircea_popescu |
kaniini ~new~ keys are generally queued because the factorization process is somewhat involved. but there's a real time rss in #asciilifeform |
21:39 |
mircea_popescu |
wtf do you mean "log you in anyway" |
21:39 |
mircea_popescu |
rain2 say !!up to deedbot in pm, then !!v the string it gives you. |
21:39 |
rain2 |
super! |
21:40 |
kaniini |
mircea_popescu i mean, it will open a terminal channel and dump you into a login(1) type program, instead of rejecting the password |
21:40 |
kaniini |
mircea_popescu so from perspective of sshd, you're fully logged in and can do whatever you want |
21:40 |
mircea_popescu |
jaysus |
21:41 |
kaniini |
mircea_popescu but you have this worthless terminal channel |
21:41 |
mircea_popescu |
who does this ? huawei ? all of em ? |
21:41 |
kaniini |
those are the huaweis |
21:41 |
kaniini |
mikrotik routeros is thankfully not that bad |
21:41 |
mircea_popescu |
aha! so that's why they keep popping up. |
21:42 |
kaniini |
i wonder if checking exponent on these huawei keys will be interesting |
21:42 |
kaniini |
if they are non-prime that would be an easy thing to check |
| |
↖ |
21:43 |
mircea_popescu |
not hard to extract e from pubkey. |
21:43 |
kaniini |
yeah |
21:43 |
mircea_popescu |
pretty sure someone published python to do it, even. jurov mebbe ? or spyked ? |
| |
~ 33 minutes ~ |
22:16 |
mircea_popescu |
!!up kaniini |
22:16 |
deedbot |
kaniini voiced for 30 minutes. |
22:16 |
mircea_popescu |
hey, got a pgp key ? |
22:17 |
kaniini |
i don't |
22:17 |
kaniini |
i can create one i suppose |
22:19 |
mircea_popescu |
there's no other basis of identity online. people gotta know who they talk to. |
22:24 |
mircea_popescu |
http://trilema.com/wp-content/uploads/2014/06/mircea_popescu.jpg << like this, you know ? |
22:26 |
kaniini |
the huaweis use static kexinit data too it seems |
| |
↖ |
| |
~ 37 minutes ~ |
23:03 |
Mocky |
so in reading the logs I see that musl is a libc which is smaller and stricter than glibc. is there such a thing for c++ standard library or is it not needed? |
| |
~ 18 minutes ~ |
23:22 |
asciilifeform |
Mocky: cpp proggy always rides on libc. witness trb, the orig experiment with musl here. |
23:22 |
asciilifeform |
!#s rotor |
23:22 |
a111 |
493 results for "rotor", http://btcbase.org/log-search?q=rotor |
23:22 |
asciilifeform |
^ some history. |
23:25 |
asciilifeform |
http://btcbase.org/log/2018-08-10#1840769 << nonprime e per se dun make for simple break ( tho it tends to go along with other sad, which is why i mark'em in phuctor ) |
23:25 |
a111 |
Logged on 2018-08-10 01:42 kaniini: if they are non-prime that would be an easy thing to check |
23:26 |
asciilifeform |
http://btcbase.org/log/2018-08-10#1840780 << can't be ~entirely~ static seedturd , or they'd all have exactly same key; gotta be something moar along the lines of the debian lulz |
23:26 |
a111 |
Logged on 2018-08-10 02:26 kaniini: the huaweis use static kexinit data too it seems |
23:27 |
* |
asciilifeform bbl,meat |
| |
~ 25 minutes ~ |
23:52 |
mircea_popescu |
asciilifeform entirely possible they actually do, say very narrow keyspace. |