a111: Logged on 2018-01-26 19:46 douchebag: Well, I'm just trying to figure out where my skillset could be best put to use, I would be more than capable of writing a V implementation or setting up an IRC bot. I'm trying to leave it to you guys to tell me where my skillset could best be put to use
a111: Logged on 2018-03-22 11:14 douchebag: I don't understand what a V is I have read about it, I have looked at examples and I still don't understand
a111: Logged on 2018-03-22 11:15 douchebag: If I understood it completely it would be no problem coding it.
ben_vulpes: oh and other obvious pentesting targets douchebag: qrrqobg jnyyrg (rot13)
ben_vulpes: douchebag: but it doesn't have the ssl lock
ben_vulpes: consumers know not to trust websites without the magic green thingy
ben_vulpes: or do i not understand how fake content works, because actually i'm certain that i don't understand what this gpg-signed fake content is.
douchebag: Listen, I understand that you're all upset that I made you look like an idiot for not sanitizing all user input. These are habits that are picked up after you learn about programming a secure web application.
ben_vulpes: douchebag: what is the concept again that you have proven? i am still waiting for the explanation of what precisely this social engineering attack does.
ben_vulpes: i'm clearly just an amateur, but an advanced security consultant like yourself should have no troubles explaining it to a civvy
asciilifeform: for that matter, why does douchebag settle for small change of www ? a remote ex for trb or even prb will easily bring in enuff loot to buy a battleship. without having to convince anybody, i'll note, of anything.
douchebag: Okay, why do you guys liek arguing so much? Is this why you guys don't get anything done?
ben_vulpes: douchebag: gonna explain, per request, or continue faffing
ben_vulpes: threat model etc, like a Real Professional?
trinque: dispense the food pellet already ben_vulpes. dude said smartwords.
douchebag: I have the feeling that even if I got remote code execution
ben_vulpes: what, we'd argue with your sending btc to yourself?
douchebag: you guys would just be like "Oh well you told us about the RCE and we fixed it before you could do anything with it"
asciilifeform: ben_vulpes: there's quite likely enuff coin just in trb hotwallets, to buy a flotilla. and if you can get to it, it's as yours as your own nose, nobody could do a thing about it. so wtf are you doing fucking with php.
a111: Logged on 2017-08-31 19:11 mircea_popescu: can't say i've encountered that many ; and can say that from actual lived experience, the "thinks he's jeddi" heuristic is a fine indicator for "head so far up ass the net result of sufficient whipping will be soap", ie http://trilema.com/2015/the-anal-child/
mircea_popescu: im starting to understand that "the opposite of talking is not listening, the opposite of talking is waiting for your turn" quip may have been adequate in the early postmodern stage ; but by now it's truly a case of "work efficiency is most work with least read." chucka wins in the end.
trinque is aware of both of these types of problems
trinque: but then what, now you're on the deedbot server and ?
mircea_popescu: what, making deedbot go "trinque sniffs dirty undies" isn't bereft of lulz value.
douchebag: I would then look around and determine how it could be best leveraged
trinque: mind giving me a sentence that isn't so widely applicable?
mircea_popescu: anyway, what we have here is a tacit miss-standard, and the discussion is probably of most interest to people who aim to make their own blog thing, phf spyked whoever was looking at lisping it. because on one hand there's the older trilema standard that's web compatible, and on the other hand there's the emerging no shits given approach like on the deedbot site say, "what am i going to do now, alter deeds to mitigate sht brow
trinque: at any rate I'm not questioning you to make you not diddle the XML holes. in your log reading you might've heard me refer to servers as outdoor toilets.
mircea_popescu: we'll have to come to a unified set of something here in any case. as it stands right now it's not obvious whether one can or can't point shitfox at random republican website ; nor where to look to find out.
trinque can trivially make the thing serve up text/plain right now
trinque: but the gentleman's browser on the other side is still the mess it was
mircea_popescu: possibly that's the correct cut of this knot, "if you're not sanitizing force pages be text/plain"
mircea_popescu: trinque yes, but we don't care about that. we just care about our not being dumb.
mircea_popescu: consider something simple : i took pride publicly on how trilema doesn't load google analytics, thereby giving away the usual set of telemetrics to the usg. fine and good. but your site can be coaxed to load ???.burpcollaborator.net by 3rd party ? so every time a "normal" browser goes by it looks up wtf that doctype is and so on ?
trinque: this line of reasoning leads to me going and getting an SSL cert
trinque: because mitm can do the same thing to you
mircea_popescu: hence my comment above,. " we'll have to come to a unified set of something here". just because the line isn't drawn.
trinque: on my end, JS is off and otherwise whitelisted where used.
a111: Logged on 2018-03-22 17:06 douchebag: Wouldn't it make sense to make sure you're doing something the right way before you go ahead and do it?
mircea_popescu: in the end there's two broken points of old html, not merely the whole "statefulness on stateless protocol" cookies bs ; but also the "will mix code in the data nyah nyah nyah".
mircea_popescu: amusingly enough, the WHOLE UTILITY, and in any case the absolutely only reasons people use, like and like to use the web is specifically because of those two things. which makes naggum's perl rant misplaced : perl exhibits the characteristics he bemoans incidentally ; html is fundamentally build out of them and would not interest any of the webtards if it weren't, because it interests ~for them~ specifically.
a111: Logged on 2018-03-23 04:52 mircea_popescu: we'll have to come to a unified set of something here in any case. as it stands right now it's not obvious whether one can or can't point shitfox at random republican website ; nor where to look to find out.
asciilifeform: there exists for instance the ipnoje, which famously chokes on some particular hindu glyph.
asciilifeform: so, what nao, onus on unicodists to avoid emitting it??
asciilifeform: or why not instead crapple fixes the box. or dies.
asciilifeform: in re inbanditry -- recall misfortunate boy without t-cells; ~he~ went in a plastic bubble, observe. him, rather than every possible other people who might sneeze on him.
trinque: douchebag: ^ if you want honest work, I will pay you for a demonstration that you can discover the balance of an arbitrary deedbot wallet user, on the condition that if in one month you can't, you drop this web security herp and take a task from me and complete it.
jhvh1: douchebag: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin. You may also want to use the 'list' command to list all available plugins and commands.
jhvh1: douchebag: (list [--private] [--unloaded] [<plugin>]) -- Lists the commands available in the given plugin. If no plugin is given, lists the public plugins available. If --private is given, lists the private plugins. If --unloaded is given, it will list available plugins that are not loaded.
jhvh1: douchebag: (unix ping [--c <count>] [--i <interval>] [--t <ttl>] [--W <timeout>] <host or ip>) -- Sends an ICMP echo request to the specified host. The arguments correspond with those listed in ping(8). --c is limited to 10 packets or less (default is 5). --i is limited to 5 or less. --W is limited to 10 or less.
deedbot: 2018/03/08 17:52:20 <phf> lisp failed to even identify the need for ffi, when it was standardized i don't think there even were lisps that could or needed to ffi, since they all ran on lisp machines
mircea_popescu: i was trying to figure out wtf is going on, which link in the chain is not performing.
mircea_popescu: in other news, earthquake last night unhooked this coil of rope that was resting inside an anal hook hanging from the ceiling of a corridor. plus knocked over girl's essential oils bottles, sent some coffee bags off to seek their fortune about the kitchen floor and so forth!
asciilifeform: ( disregarding, even, the hieroglyphs : picture eurolang with declensions , but instead of inflecting nouns per se, they are standalone words, 'particles' . and instead of 6 or 7, there's a coupla dozen. )
lobbes: Post detailing my own compendium of notes to come prolly tonight. Aim is for it to supplement hanbot's existing compendium (e.g. will include notes on how to prime mysql and wp-config.php for mp-wp's auto table-creation process)