So, hacker folk, apparently good Pastor Manul is publishing a bible of POC||GTFO - https://www.nostarch.com/gtfo
I heartily encourage you to peruse this with careful attention.
[ And grab the PDFs* from your local mirror]
* PDFs may also be virtual machine images, zip files, or web servers, depending on issue.
If anyone would like to watch some live deep sea floor exploration, NOAA Okeanos is streaming: https://www.youtube.com/watch?v=xmVT36Axtn0
Sitting in the break room with my team of mathy coworkers after 6h of meetings:
<me> I'm considering switching my BSc from CS to math.
<boss> Huh, why?
<me> Because I suck at it. It's a stereotype, but CS students are terrible at math, I'm no exception. Doing more of it will force me to get better.
<boss> We should get you to do a PhD in math. It'll be fun.
TIL Intel ME can communicate over Ethernet while the PC is turned off by encapsulating Ethernet packets in SMBus (aka I2C) packets to the PHY, in a really awkward way https://mastodon.social/media/qAZWVwTpIrq1q3N8NSc
So much this!!! http://theoatmeal.com/comics/believe
Wow, guess this is a big deal. Remote unauthenticated control of provisioned Intel AMT. CVSSv3 9.8 Critical https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
This also contains a pure awk implementation of decimal -> binary conversion (restricted to values < 2^8 because, uh, IPv4 octets), if anyone wants to kang it.
You can also give it an optional minimum and maximum prefix length to search for (default: 16-31). This is mainly for performance reasons, searching for short prefixes usually wastes time and searching for /30 and /31 does a lot of failing `grep` calls.
Here's a present from not-invented-here land:
http://lpaste.net/355117
ips-to-cidr.sh, a script to aggregate a list of IPv4 addresses into CIDR nets.
The idea is that you start out with a list like this:
$ cat ip-list
173.0.52.58
173.0.52.59
173.0.52.63
173.0.52.73
And aggregate addresses into CIDR nets:
$ ./ips-to-cidr.sh ip-list
173.0.52.58/31
173.0.52.63/32
173.0.52.73/32
which are nicer for firewall tables etc.
There must be existing tools to do this, but I don't know them :/
Slightly surreal email exchange:
<me> Hey, these IPs have been sending spam to my box and they're also listed in this DNSBL, can you investigate?
<abuse@poweruphosting.com> Okay, I'll be working on delisting them.
...what fresh amateur hour hell is this?
I will now attempt to write the most compatible FLAC metadata to ID3v2 converter, based on a library of 30k FLAC files.
That's the only hard part about transcoding them.
#OpenSSH has fully deleted SSHv1. It was disabled at run time, then disabled at compile time, and now it's completely gone.
It's been recommended to use SSHv2 for at least 10 years, so even hardware routers should be compatible.
Good riddance SSHv1, we won't miss you.
Oh well. One project failed.
Just noticed that my crate for DJing on the Windows partition is 50GB, mostly because there's lots of FLAC.
The advantage of FLAC compared to ID3v2 is that you have Vorbis Comments, basically free-form key-value pairs. That's also the disadvantage.
There's no standard on tag names, capitalisation etc. People can't even agree on how to store multiple artists for one song. The recommendation says to use multiple ARTIST tags, but real-world users don't do that.
This also means that my "switching to BSD" project is currently dead in the water, because I can't really work on a laptop without X.
Most other things seem to be working, most importantly the WiFi card just needs to have its firmware manually installed because of restrictive licensing.
The drawback of having a relatively recent, fast laptop: FOSS support is very limited.
#OpenBSD has no support for Skylake IGPs (e.g. HD 530) or NVidia GM107 (Quadro M1000M) yet.
#Nouveau's support for it is very basic, so a GPU that's massively faster than the IGP still stutters during basic tasks like video playback.
And I can't use the binary NVidia drivers because grsecurity says no.
I have no idea about writing GPU drivers, but if I can help anyone with accelerating this, please do tell.
Bad idea of the day: an instance where all toots are encoded with a vignere cypher, with the key chosen at random from a dictionary every 3 hours. The key is kept secret from the users. If a user determines the key & types it, s/he is put in a "hall of fame" list & the key is reset.
Trying to figure out how to shuffle around partitions to install OpenBSD when Linux & Windows need two each and MBR can have a total of four. https://octodon.social/media/1HHuBU_S4TmqzClSk6A
Running a daemon is now an "open port attack"?
Man, the public will hate to learn how most remote *nix boxes are administered today…
This is on the same level as the good old "Your computer is broadcasting an IP! Install this tool to be safe!" scare.
My house is broadcasting a street address and you'll still need a crowbar to get in, unless someone forgets to lock the door (or doesn't install one…or installs a crappy lock). Having an entrance is not the problem.
Random statistic, maybe someone has a use for it:
Almost exactly 2/3 of all mail servers that make it through greylisting on my box are still spammers according to the Spamhaus ZEN DNSBL.
(n=1333, 888 in DNSBL)
Of all commands I did not expect to run today, `I_KNOW_WHAT_I_AM_DOING=1 emerge -uDNav --with-bdeps y --backtrack 100 @world` is pretty high up the list.
On Gentoo, that's what you run when you want to use a machine as a space heater or have to upgrade perl, because portage is written in it & you have to reinstall all modules.
I_KNOW_WHAT_I_AM_DOING because I don't wanna recompile everything on a SSD, Chromium/Firefox ebuilds check for free space and ramfs always says it has 0 bytes available.
python 4.0 will bring tepathic communication but everyone will still be using 2.7
