Cryto! 16 April 2013
00:00:24 x_ has quit (User quit: farted in yo face~)
00:02:33 x (foobar@C5729E2F.43D2C6FB.5D12EECE.IP) has joined #crytocc
00:22:18 x has quit (Input/output error)
00:44:06 watup (watup@2C0DE135.DA3E8586.A0534C64.IP) has joined #crytocc
01:03:29 dirtyhary has quit (Ping timeout)
01:24:36 pzuraq has quit (Input/output error)
01:37:52 Gatsby_ (Gatsby@207E556E.4D8F9F70.15D792E2.IP) has joined #crytocc
01:40:18 Gatsby has quit (Ping timeout)
01:44:36 pzuraq (pzuraq@cryto-F9B1C1C6.ucsc.edu) has joined #crytocc
01:46:15 pzuraq has quit (Input/output error)
01:59:01 pzuraq (pzuraq@cryto-F9B1C1C6.ucsc.edu) has joined #crytocc
03:15:46 lady-3jane has quit (User quit: Leaving)
03:54:39 lady-3jane (lady3jane@lady-3jane.users.cryto) has joined #crytocc
04:03:08 <lady-3jane> ryan:) you should be less obvious with your prescience on linode's situation :)
04:19:09 dirtyhary (dirtyhary@B9F148D.6F361041.5AB15294.IP) has joined #crytocc
04:30:45 <ryan> mayb
04:46:20 Ari has quit (Connection reset by peer)
04:46:35 Ari (Ari@Ari.users.cryto) has joined #crytocc
06:25:47 <MK_FG> twitchyliquid64, TCPforward - look at socat or haproxy, both do that well
06:55:32 *** Xeross|AFK is now known as Xeross
07:05:02 MRdjst0rm (MRdjst0rm@cryto-4293BCB0.compute-1.amazonaws.com) has joined #crytocc
07:06:23 MRdjst0rm has quit (User quit: Connection closed)
07:08:48 devslashrnd (devslashrn@cryto-AC70B974.dip.t-dialin.net) has joined #crytocc
07:16:05 LastOneStanding (lalalala@cryto-99A4FB1F.lv.lv.cox.net) has joined #crytocc
07:21:57 LastOneStanding has quit (Connection reset by peer)
07:36:47 Ari has quit (Ping timeout)
07:51:44 pzuraq has quit (Input/output error)
07:54:37 ElectRo` (electro@A7044D1C.3CD1955A.B2EBD6BC.IP) has joined #crytocc
07:56:29 *** Xeross is now known as Xeross|AFK
08:02:56 <ElectRo`> well lets ride the gentle wave down on bitcoin beach
08:04:49 BLTGeno (BLTGeno4@D68C9ED.3BC0875E.71C5A468.IP) has joined #crytocc
08:14:00 watup has quit (Ping timeout)
08:30:31 watup (watup@cryto-DFEC3329.snydernet.net) has joined #crytocc
08:33:03 watup has quit (Input/output error)
09:03:29 Taz (Onyx@cryto-BBEECF30.rev.sfr.net) has joined #crytocc
09:07:57 watup (watup@2C0DE135.DA3E8586.A0534C64.IP) has joined #crytocc
09:15:16 crytoweb137 (crytoweb13@cryto-4CDD23A3.lightspeed.stlsmo.sbcglobal.net) has joined #crytocc
09:15:41 crytoweb137 has quit (User quit: Page closed)
09:25:30 <twitchyliquid64> MK_FG: should of told me that 22 hours ago, I just wrote the thing :P
09:28:56 <MK_FG> Nah, I don't thnk it should matter - most stuff becomes obsolete as soon as it's written ;)
09:29:09 <twitchyliquid64> regardless, I liek my solution
09:29:13 <twitchyliquid64> it w orks well
09:29:18 <twitchyliquid64> and is dam easy to deply
09:29:29 <twitchyliquid64> tcpforward localhost:80 ciphersink.net:80
09:29:35 <twitchyliquid64> does what is say s on the box ;)
09:29:42 <twitchyliquid64> ***deploy
09:31:03 <MK_FG> Should be "socat tcp:localhost:80,fork tcp:ciphersink.net:80" with socat, I think
09:32:26 <MK_FG> Wrt Backuptrans - sounds a lot like what rsync does (it always checks hashes of what it just piped through)
09:33:40 <MK_FG> Also non-interactive, but can ask (or read from env/file iirc) for password, and go-to thing for any kind of transfers and backups
09:35:33 <MK_FG> You can get fairly complete LinSum thing from the tools pentesters use, btw ;)
09:35:57 <MK_FG> There are lot of scripts to with very-very similar requirements there
09:36:25 <MK_FG> Like, no dependencies, just upload and let it get everything possible about the system given access level
09:36:52 <MK_FG> (though usually there's a heavy focus on credentials and detection of various av/security tools)
09:40:25 <MK_FG> I'm curious what you meant by "dalvik cpu" in "android-ex" there - dalvik runs JVM bytecode, does it not? So you can think of Java or Scala being it's assembler, no?
09:40:57 <twitchyliquid64> Dalvik does NOT run JVM bytecode
09:41:12 <twitchyliquid64> thats how google circumvented Oracles copyright on the Java JVM
09:41:24 <twitchyliquid64> Java is free, but JVM/their-implementation is not
09:41:39 <MK_FG> Huh, interesting
09:41:39 <twitchyliquid64> Dalvik is an entirely separate instruction set
09:41:55 BLTGeno has quit (Client exited)
09:42:03 <twitchyliquid64> I have already written part of twitch
09:42:10 <twitchyliquid64> the vcpu, AND an assembler
09:42:15 <twitchyliquid64> its pretty cool actually
09:42:31 <twitchyliquid64> I could turn it into a PaaS and make money
09:45:43 <twitchyliquid64> MK_FG: does rsync require the rsyncd to be running on either machine? or can it run via ssh only?
09:57:19 <MK_FG> ssh only, of course
09:57:27 <twitchyliquid64> ahh goodies
09:57:34 <twitchyliquid64> example usage for transferring a folder/file?
09:57:40 <MK_FG> It just runs "rsync --server" on the side ;)
09:57:49 <MK_FG> rsync file host:/
09:58:13 <MK_FG> "rsync [OPTION...] SRC... [USER@]HOST:DEST" (manpage)
10:01:28 <twitchyliquid64> have you ever used it MK_FG
10:01:29 <twitchyliquid64> ?
10:01:36 <MK_FG> rsync!?
10:01:45 <MK_FG> You didn't ever use rsync!?
10:01:50 <twitchyliquid64> no
10:01:51 <twitchyliquid64> never
10:01:59 <MK_FG> Heh, wow ;)
10:02:09 <twitchyliquid64> so its as easy as that?
10:02:32 <MK_FG> I use it all the time, it's like "cp" with networking and resume and delta-transfers, filters, ...
10:02:34 <twitchyliquid64> rsync backup.zip twitchyliquid64@ciphersink.net:~/backup.zip
10:02:40 <twitchyliquid64> is that right?
10:02:42 <MK_FG> Yep
10:02:48 <twitchyliquid64> can you do folders aswell?
10:03:05 <MK_FG> Of course, read the manpage
10:03:29 <MK_FG> It can (and usually used to-) compare them by different criterias and update only missing stuff
10:03:47 <twitchyliquid64> but i dont wanna read the man page :P
10:04:04 <MK_FG> Options like "--link-dest" (hardlinking files from older backups to newer) are usually used for rsync-based backups
10:04:18 <ryan> h
10:04:45 <MK_FG> Just list of options there should help you figure out all the things rsync much better than anyone can explain from memory ;)
10:07:54 <twitchyliquid64> Which option should I use to make it skip already-existing files which are identical?
10:07:59 * twitchyliquid64 pokes MK_FG
10:08:50 <MK_FG> By default (no extra options) it compares mtime/ctime and size, so should skip perfectly identical files
10:09:06 <MK_FG> (unless tampered with w/o modifying that stuff)
10:09:16 <MK_FG> (actually, I think it's just mtime, not mtime+ctime)
10:09:26 <MK_FG> Anyway, --size-only or -c (--checksum)
10:09:51 <MK_FG> With former it'll only check sizes of matching files, latter - checksum both to see if transfer is necessary
10:11:02 <MK_FG> Also, even if it "transfers" the matching files, it usually doesn't - it does all transfers with rolling checksums and skips similar blocks within files, so if files identical, it'll just checksum (read) them on both ends
10:11:24 <MK_FG> (which is similar to --checksum, but a bit more traffic)
10:12:08 <MK_FG> (and it probably should be noted that it *always* does full checksum of files after transfer, if it was needed)
10:13:01 <twitchyliquid64> use -c, roger that
11:36:57 Beta (Beta@EFC5C0FD.D3E9AE46.6188FA09.IP) has joined #crytocc
12:09:04 watup_ (watup@6C3FBDE9.C43BFE9A.D6654D06.IP) has joined #crytocc
12:09:48 watup has quit (Ping timeout)
12:52:11 *** watup_ is now known as watup
13:06:34 *** Xeross|AFK is now known as Xeross
13:48:29 Kamonra has quit (Ping timeout)
14:01:25 monod (~pmpf@monod.users.cryto) has joined #crytocc
14:01:35 ElectRo` has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 dirtyhary has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 crates has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 HiveResearch has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 foolex has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 ebola has quit (nexus.cryto.net buffalo.cryto.net)
14:01:35 jamesbt has quit (nexus.cryto.net buffalo.cryto.net)
14:01:59 <monod> quick guys, someone's fine with probabilities? I got to find the prob. that a coin is heads after an even number of tosses xD
14:02:14 <monod> I'm runnin gout mad xD
14:02:52 <monod> I found that the probability is 1 (where probabilities are 0 <= prob. <= 1)
14:03:10 <monod> if any wants to help, text me!
14:04:03 <MK_FG> "coin is heads after an even number of tosses"?
14:04:27 <MK_FG> If it's a "coin" in a traditional sense - 50%, no matter after how many tosses ;)
14:05:20 Kamonra (kamonra@cryto-348E1525.hostedby.us) has joined #crytocc
14:38:33 * joepie91 stares angrily at buffalo
14:40:04 ElectRo` (electro@A7044D1C.3CD1955A.B2EBD6BC.IP) has joined #crytocc
14:40:04 dirtyhary (dirtyhary@B9F148D.6F361041.5AB15294.IP) has joined #crytocc
14:40:04 crates (crates@cryto-B98FADA2.boingboing.net) has joined #crytocc
14:40:04 HiveResearch (HiveResear@developers.developers.developers) has joined #crytocc
14:40:04 foolex (foolex@AD356075.7DC890E0.CEC56216.IP) has joined #crytocc
14:40:04 ebola (ebola@ebola.users.cryto) has joined #crytocc
14:40:04 jamesbt (jamesbt@E62F62BC.DCD17C32.959A841C.IP) has joined #crytocc
14:40:59 <joepie91> monod: it depends on what your question is
14:41:20 <joepie91> if the question is "what is the probability of tossing it X times and always coming up heads"
14:41:31 <joepie91> the answer is 0.5 to the power of X
14:41:46 <joepie91> if the question is "what is the probability of it coming up heads the Xth time"
14:41:54 <joepie91> then MK_FG is correct and the answer is 0.5
14:42:02 <joepie91> because previous tosses do not affect those that come after it
14:42:15 <monod> sorry, MK_FG I haven't saw you because you didn't highlighted me :) anyway, that's what I thought! joepie91: ok
14:42:23 <monod> joepie91, the last one :thumbup:
14:42:30 <monod> so I am wrong xD
14:43:03 <monod> (oh, btw, learned LaTeX syntax while doing this homework.. gooosh.. :))
14:43:36 <MK_FG> Better than learning MS Word magical UI
14:44:40 <monod> and also it is fun! (tex)
14:44:49 <monod> (after you've got some time to play with it)
14:45:07 <monod> this is the funniest homework ever
14:45:22 <monod> "probability,, 6 exercises, preferably do it on latex"
14:45:39 <MK_FG> Hahah
14:46:09 <MK_FG> Pretty sure LaTeX people take offense on that spelling or similar mispronounciation ;)
14:46:49 <monod> oh, you sure???
14:46:52 <monod> damn it
14:46:57 <monod> LaTeX*
14:46:59 <monod> U_U
14:51:03 <monod> thanks guys
14:53:41 idkwhatmynameis (idkwhatmyn@cryto-E871F6D6.kelvn3.qld.optusnet.com.au) has joined #crytocc
14:53:55 <idkwhatmynameis> hello :D
14:54:51 <MK_FG> And your name is Bob
14:55:16 <watup> lol
14:55:17 <idkwhatmynameis> ok its bob
14:55:18 <idkwhatmynameis> haha
14:55:29 <idkwhatmynameis> well I have to idle now its sleep time :D yayy
14:55:59 <idkwhatmynameis> got fucking school tomorrow :/
14:58:40 *** idkwhatmynameis is now known as bob
14:59:25 <monod> lol ^ ^ ^"and your name is bob"
15:02:50 Gatsby_ has quit (Ping timeout)
15:04:10 Gatsby (Gatsby@207E556E.4D8F9F70.15D792E2.IP) has joined #crytocc
15:08:13 *** Xeross is now known as Xeross|AFK
15:49:16 Beta has quit (Ping timeout)
16:03:49 *** Xeross|AFK is now known as Xeross
16:16:51 Cryto875 (Cryto875@cryto-8E645EB7.hsd1.nj.comcast.net) has joined #crytocc
16:16:59 Cryto875 has quit (User quit: Cryto875)
16:26:08 pzuraq (pzuraq@cryto-F9B1C1C6.ucsc.edu) has joined #crytocc
16:52:39 anonnews890 (anonnews89@D4B8B74D.B1CD12E7.3FD288CE.IP) has joined #crytocc
17:05:47 zxcvbnm (zxcvbnm@zxcvbnm.users.cryto) has joined #crytocc
17:29:21 *** anonnews890 is now known as ____
17:49:16 ____ has quit (User quit: We are anonymous !)
17:55:59 <zxcvbnm> who are my BTC experts in here
17:56:06 <zxcvbnm> or BTC trading peeps
17:56:14 <ryan> slush is down expect crash
17:56:41 <ryan> not necessarily fast one
17:56:47 <zxcvbnm> are there any btc exchanges that don't use sketchy/unconventional payment methods ?
17:56:59 <ryan> what's conventional?
17:57:02 <zxcvbnm> paypal?
17:57:08 <ryan> that's the definition of sketchy
17:57:10 <ryan> at least for the receiver
17:57:22 <ryan> have you ever deal with mass amounts of potentailly fraudulent paypal transactions?
17:57:28 <zxcvbnm> nope
17:57:33 <ryan> well it's
17:57:36 <ryan> very very annoying
17:57:44 <zxcvbnm> I see.
17:57:47 <ryan> as paypal will gladly reverse the payments
17:57:56 <ryan> and you can't revers bitcoin payments
17:58:01 <zxcvbnm> so the retailer gets bit
17:58:02 <ryan> and the same thing applies to credit cards
17:58:03 <zxcvbnm> ahh
17:58:15 <zxcvbnm> brilliant. must be a lot of fraud $$$ in that
17:58:27 <zxcvbnm> too bad for the honest people
17:58:31 <ryan> that is why nobody ever accepts those
17:58:43 <zxcvbnm> well, ryan, do you recommend an exchange platform for btc
17:58:50 <ryan> mtgox
17:58:51 <ryan> or bitstamp
17:58:57 <ryan> bitstamp is less shit
17:59:01 <zxcvbnm> advantages/disadvantages
17:59:17 <ryan> mtgox: down all the time
17:59:23 <ryan> bitstamp: looks prettier
18:00:12 <zxcvbnm> appreciated
18:00:51 <zxcvbnm> now, are you interested in explaining the slush ?
18:01:05 <ryan> second biggest bitcoin mining pool
18:01:18 <zxcvbnm> ah
18:01:20 <ryan> they are apparently
18:01:32 <ryan> experiencing 'hardware issues' on both of their servers
18:02:01 <zxcvbnm> oh yes, this was my other question about btc, i stumbled across the pool concept. is this at all profitable for the end-users or just highway robbery by those running the pool?
18:02:14 <ryan> profitable for both
18:02:18 <ryan> well mining isn't
18:02:20 <ryan> really profitable anymore
18:02:56 <joepie91> the amount of retard is strong with this one: http://www.lowendbox.com/blog/bandwagonhost-1-99month-512mb-openvz-vps-in-phoenix/#comment-111487
18:02:57 <zxcvbnm> so, since the second biggest mining pool isn't generating any new btc, this has an adverse effect on the market ?
18:03:15 <joepie91> hurr durr I'm not gonna bother setting up SSL for client area because it doesn't bring in more sales
18:03:42 <ryan> since a big part of the bitcoin network is missing
18:03:45 <ryan> there'll be slight issues
18:03:52 <ryan> joepie91: ssl is useless
18:04:04 <joepie91> SSL is most definitely not useless
18:04:11 <joepie91> it's just not as useful as some people make it out to be
18:04:35 <ryan> It's useful in a very few situations
18:04:55 <ryan> Of course 'ssl is useless' is a massive exaggeration
18:05:14 <ryan> but if you're getting mitmed, you have way more problems than your host control panel not having ssl support
18:06:03 <MK_FG> And it's tls, ssl is indeed useless
18:07:36 <zxcvbnm> ^^ but if you're getting mitmed, you have way more problems
18:07:51 * zxcvbnm concurs
18:08:27 <MK_FG> Do you refer to the fact that mitm usually comes from trojan on a local machine?
18:08:46 <ryan> I refer to the fact that most of your other networking won't be encrypted
18:09:10 <MK_FG> Hmm
18:09:30 <ryan> and to the fact that in that situation there's a million ways for someone to own you
18:09:44 <ryan> + you probably will just click "yes" if it bitches about wrong ssl cert
18:10:36 <zxcvbnm> "omgomgomg why so slow why so slow? next next next yes finish"
18:11:13 <ryan> + if you're already logged in they can just steal your cookie
18:11:13 <MK_FG> True, but with "determined attacker" threat in mind
18:11:40 <zxcvbnm> bitstamp sends you your password in cleartext in an email when you register..
18:11:47 <ryan> just 302 some non https session to your own thing and hijack the cookies
18:11:50 <ryan> zxcvbnm: well change it
18:11:55 <zxcvbnm> ryan: well.. duh
18:12:07 <ryan> them sending you the hash of the pass wouldn't be too useful either
18:12:17 <zxcvbnm> ryan: but if they are retrieving a password and sending it to me in cleartext.. wonder what their DB looks like
18:12:41 <MK_FG> I wonder if botnets bother to do any kind of mitm these days
18:12:56 <ryan> it probably looks like insert_to_sql(pass=hash($pass)) && mail(stuff and ur $pass)
18:12:59 <ryan> MK_FG: formgrabbing, yes
18:13:09 <ryan> zeus et cetera
18:13:17 <ryan> even though that's not actually mitm
18:13:52 <MK_FG> Passive listening, yeah, that's been around for a while
18:14:15 <zxcvbnm> ryan: my concerns went away when I saw the two-factor authentication option.
18:14:22 <zxcvbnm> that is always re-assuring.
18:15:46 <ryan> p sure
18:15:52 <ryan> the email was sent with ssl
18:15:53 <ryan> anyways
18:16:10 <zxcvbnm> still. I have doubts about companies that send me passwords in cleartext
18:16:17 <zxcvbnm> thats all
18:16:51 <MK_FG> And smtps tend not to check tls certs, I think
18:18:04 <ryan> well if someone was mitming bitstamp -> google
18:18:09 <ryan> there'd be huge problems
18:18:13 <ryan> but well
18:18:18 <ryan> you can say that about mostly anything
18:18:46 <zxcvbnm> especially for unregulated digital currency traders
18:20:33 devslashrnd has quit (Ping timeout)
18:21:36 <MK_FG> Actually, I think I'll need a vps for smtp with controllable ptr records soon anyway, so planning to ditch gmail from there on
18:22:32 <MK_FG> Or rather phase-out gradually, before they'll do something horrible to it
18:23:15 <MK_FG> (or reveal themselves as Evil Empire at last)
18:29:30 pzuraq has quit (Input/output error)
18:31:55 <lady-3jane> heh
18:32:06 <lady-3jane> I'm foolish and let gandi do my mail
18:32:13 <lady-3jane> but I don't care to set up email
18:34:05 <lady-3jane> huh
18:34:22 <lady-3jane> funny that wp-supercache generates 500's when installed
18:34:23 <lady-3jane> assholes
19:06:04 <lady-3jane> joepie91:) if you ever make an 80x15 for cryto, gimme it :)
19:36:30 <joepie91> <zxcvbnm>ryan: but if they are retrieving a password and sending it to me in cleartext.. wonder what their DB looks like
19:36:34 <joepie91> that has nothing to do with their db
19:36:48 <lady-3jane> dude chiaroscuro is the scourge of art
19:36:51 <joepie91> storing something in a db as a hash does not magically make the original stop existing
19:36:54 <joepie91> within the same request
19:37:06 <joepie91> they could very well store it in the db and then send the original to you
19:37:09 <joepie91> without ever storing the original
19:37:27 <zxcvbnm> the original is generated on their end w/o input from user
19:37:53 <lady-3jane> it's a possible indicator of bad practices though, that's the issue
19:38:03 <zxcvbnm> that is my implication, lady-3jane
19:38:07 <lady-3jane> I know
19:38:33 <MK_FG> zxcvbnm, Here's a style to go with that logo - http://divshot.github.io/geo-bootstrap/
19:38:50 <lady-3jane> oh man
19:38:54 <lady-3jane> oh fucking man
19:39:02 <lady-3jane> I have found my calling in life
19:39:09 <lady-3jane> right fucking there
19:39:20 <zxcvbnm> agghhh
19:39:38 <zxcvbnm> ommmmg this isn't r
19:39:41 <zxcvbnm> i'm breaking..
19:39:45 * zxcvbnm collapses.
20:03:39 unknownfoobars (x@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc
20:20:54 *** unknownfoobars is now known as x
20:24:49 Taz has quit (User quit: )
20:24:50 x has quit (User quit: www.lulzsec.us)
20:51:05 Xeross has quit (User quit: ZNC - http://znc.in)
20:51:47 Xeross (Xeross@F31F8942.7789B1E3.813EF599.IP) has joined #crytocc
21:25:08 lady-3jane has quit (User quit: Leaving)
21:59:50 monod has quit (Client exited)
22:14:19 lady-3jane (lady3jane@lady-3jane.users.cryto) has joined #crytocc
22:21:44 AnonForecast_ has quit (Connection reset by peer)
22:22:04 AnonForecast_ (AnonForeca@cryto-999D5D74.dhcp.insightbb.com) has joined #crytocc
22:44:09 Kamonra has quit (User quit: irc.divineirc.net)
22:44:20 Kamonra (kamonra@cryto-348E1525.hostedby.us) has joined #crytocc
22:50:53 mcy (matthewmcc@cryto-1172ED28.socal.res.rr.com) has joined #crytocc
22:54:12 AnonForecast_ has quit (Connection reset by peer)
22:54:24 AnonForecast_ (AnonForeca@cryto-999D5D74.dhcp.insightbb.com) has joined #crytocc
22:54:42 bob has quit (Ping timeout)
23:48:18 mcy has quit (User quit: mcy)