--- Log opened Tue Sep 10 00:00:02 2013
00:03 < Evilpig_> well got me a slurpee and two slices of pizza.  shit shuts down here about like nashville
00:05 < Evilpig_> I see there is a new show coming to scifi that might be amusing for a few minuites.   "heroes of cosplay"
00:09 -!- Bahhumbug [jrd@serentos/admin/jrd] has quit [Ping timeout: 268 seconds]
00:40 -!- northrup [~jjn@link.8bitwizard.net] has joined #se2600
00:47 -!- Bahhumbug [jrd@serentos/admin/jrd] has joined #se2600
00:47 -!- mode/#se2600 [+o Bahhumbug] by ChanServ
01:06 -!- GateKeeper [~gatekeepr@unaffiliated/gerdesas/bot/jrd-bots] has quit [Remote host closed the connection]
01:06 -!- GateKeeper [~gatekeepr@unaffiliated/gerdesas/bot/jrd-bots] has joined #se2600
01:08 -!- brookshi1e [mbrooks@hijacked.us] has quit [Ping timeout: 245 seconds]
01:09 -!- brookshire [mbrooks@hijacked.us] has joined #se2600
01:09 -!- mode/#se2600 [+o brookshire] by ChanServ
01:47 -!- RangerZ [~mike@c-98-211-46-74.hsd1.tn.comcast.net] has quit [Quit: Leaving.]
02:06 -!- RangerZ [~rangerz@c-98-211-46-74.hsd1.tn.comcast.net] has joined #se2600
03:03 -!- northrup [~jjn@link.8bitwizard.net] has quit [Quit: leaving]
04:11 -!- Netsplit *.net <-> *.split quits: @eryc, @peacebyfire, @brookshire, @aestetix, @sasquatc4, @Bahhumbug, K4k, GateKeeper, Vyrus001_, @Dickie,  (+1 more, use /NETSPLIT to show all of them)
04:16 -!- opticron [~opticron@pianoben.ch] has quit [Ping timeout: 250 seconds]
04:16 -!- opticron [~opticron@pianoben.ch] has joined #se2600
04:16 -!- mode/#se2600 [+o opticron] by ChanServ
04:17 -!- Netsplit over, joins: @brookshire, GateKeeper, @Bahhumbug, @rhia, K4k
04:20 -!- eryc [eric@unaffiliated/internetjanitor] has joined #se2600
04:20 -!- aestetix [~aestetix@173.203.198.40] has joined #se2600
04:20 -!- sasquatc4 [~sasquatc4@c-24-9-178-168.hsd1.co.comcast.net] has joined #se2600
04:20 -!- Vyrus001_ [~Vyrus001@209.159.137.117] has joined #se2600
04:20 -!- peacebyfire [~peacebyfi@hercules.bytesized-hosting.com] has joined #se2600
04:20 -!- ServerMode/#se2600 [+oooo eryc aestetix sasquatc4 peacebyfire] by wolfe.freenode.net
04:20 -!- Dickie [~Dickie@unaffiliated/dickie] has joined #se2600
04:20 -!- ServerMode/#se2600 [+o Dickie] by wolfe.freenode.net
06:34 -!- Dolemite [80db310d@gateway/web/freenode/ip.128.219.49.13] has joined #se2600
06:34 -!- mode/#se2600 [+o Dolemite] by ChanServ
06:34 <@Dolemite> mr0ning, be0tches and h0ez!
06:39 <@Catonic> man, I missed a lot yesterday
06:39 <@Catonic> Dolemite: sorry to hear how things with you and VU, but higher ed is it's own special brand of politics, power games, and lack of funding
06:40 <@Dolemite> Eh, it wasn't that bad for me
06:40 <@Dolemite> Not like it is for Wilpig, Mirage, and Dagmar
06:40 <@Catonic> I've worked public/private sector... for govt agencies and higher ed.. and I have visibility into state employment
06:40 <@Dolemite> I just left because the opportunity came up and ORNL called me - I wasn't at the point where I was looking...   yet
06:41 <@Catonic> higher ed, you always got to move your own paperwork around, and you've always got to look out for #1.
06:42 <@Catonic> which, at times, makes it difficult to be a team player.
06:51 -!- spaceB0x [~spaceB0x@c-68-52-126-92.hsd1.tn.comcast.net] has quit [Ping timeout: 264 seconds]
07:15 -!- northrup [~jjn@173-14-101-193-nashville.hfc.comcastbusiness.net] has joined #se2600
07:53 < frsilent> gm *
08:01 <@Shadow404> waz up slackers
08:03 <@Dolemite> Of course.  I finally block off an hour to add some new metered power strips to Cacti, and there's a network issue preventing me from talking to them.
08:03 <@Dolemite> I'm sure they'll get it resolved right before my next meeting.
08:09 <@Shadow404> yep, of course
08:09 <@Shadow404> why dont you just go talk to them in person
08:09 <@Shadow404> bring them some coffee, i bet it gets cold in that datacenter
08:12 <@Dolemite> The power strips are on the hot side.  Besides, no drinks in the data center.
08:14 <@Dolemite> The sad thing is, it took me 3 years to finally get the "no drinks in the data center" rule added.
08:14 <@Dolemite> I about freaked out the first day I got here and a CRAYon was walking across the data center floor with a cup of coffee in his hand.
08:28 <@Shadow404> meh, i almost shit a brick when i was in the datacenter replacing some equipment and they were getting setup for the holiday party and some idiot thought it would be a good idea to let the buffet people roll their food carts and supplies through the datacenter as a shortcut to get past the peopple setting up decorations
08:28 <@Shadow404> i was livid and kicked them right out
08:28 <@Shadow404> the person that was gonna let them cut through went to my boss and complained
08:28 <@Shadow404> boss later came to me and said he laughed right in her face and said she deserved it
08:34 <@Shadow404> some people just shouldnt have access to the datacenter and the only reason she had it was for marketing tours
08:44 <@opticron> that's not a valid reason to have access to the datacenter
08:45 <@rattle> If I was being taken on a facility tour, and the marketing people had access to everything..  I would be seriously concerned about the security of the facility.
08:46 <@opticron> that's actually an issue where I work
08:46 <@rattle> Those folks should be accompanied by the facility's operational staff.  Period.
08:46 <@opticron> we've had marketing tours come through the hardware dev lab
08:46 <@rattle> Seeing that kinda loose security might be enough to make me decide not to put equipment in a facility.
08:46 <@opticron> where there are unreleased products and prototypes sitting around
08:46 <@opticron> with no notice whatsoever
08:47 <@rattle> Having a tour come through is one thing..  That's ok unless they are being shown something that should be proprietary and they don't have an NDA or something..
08:47 <@opticron> and they let the people on the tour take pics with their DSLR cameras
08:47 <@rattle> Tours are fine..
08:47 <@rattle> But the facility staff should be present with a tour group.  Not a marketing person.
08:47 <@rattle> Yeah, that's bad.  Pictures of facilities should be forbidden.
08:49 <@rattle> However, the right way to do it is also something that's usable to the marketing folks.  "And this is blah blah, one of our senior SOC/NOC analysts.  He will be accompanying us on the tour and facilitating access."
08:49 <@Shadow404> yeah, pictures forbidden
08:49 <@Shadow404> i dont work at that datacenter anymore
08:49 <@Shadow404> but yeah, security was a bit lax
08:51 <@Shadow404> the tour portion was fortunately on the core router side and was mostly hidden behind closets other than a few catalyst. If they wanted to see the customer side where they would be leasing space, they had to sign an NDA and be accompanied by a NOC engineer
08:52 <@rattle> Most dcs I've done work in recent years have a strict no pictures policy, with the exception of being able to take pictures of your own equipment in the facility.
08:53 <@rattle> Which is kinda necessary..  If you forbid that, people are gonna do it anyway.  When documenting a rack, it's just too damn easy to be able to take cell phone snaps for later reference when working on Visio diagrams and whatnot.
08:54 <@Dolemite> We allow a few people access to give tours in the data center, but they have to pass training that informs them of what people are/are not allowed to take pictures of
08:54 <@Dolemite> Given who we are, people want to take pictures
08:55 <@Dolemite> Anything is allowed from the Nerdquarium.  Inside the data center you can take pictures of the closed cabinets, but nothing can be opened.  No pictures of the infrastructure, either (switch gear, VESDA, chilled water moniters, etc).
08:55 <@Shadow404> Dolemite: yeah, been at one facility where you get a lock box and a key, you have to drop your cellphone, wallet, your own keys and pull your pockets out
08:56 <@Shadow404> then they lock the box and give you a key to use to get your stuff later
08:56 <@Dolemite> Up the hill in the building with no windows, they have lockers that all electronic devices have to go into
08:56 <@Shadow404> overkill, but i like the how serious they are
08:57 <@rattle> You mean I can't take my pwnie in? Aw sucks..
08:58 <@rattle> PAIX used to be pretty hardcore.  They assigned a person to watch you the entire time you were in the facility, and they would yell at you if you so much as looked at a rack/cage that wasn't yours.
08:59 <@rattle> The original PAIX that is, in downtown PaloAlto..
09:00 <@rattle> The other PAIX facilities that S&W (now Equinix) owned were "average" in terms of physical security.
09:01 <@rattle> Two factor sign in, ID checks, serial number logging on removed equipment, video monitoring, etc..  But no mandatory minders or anything like that.
09:04 <@Shadow404> naps of america (now VZ) is interesting facility
09:05 <@rattle> The Beijing IX had a specific rule forbidding white people from entering.
09:05 <@rattle> Not Chinese nationals only, or something like that.  Specifically, no white people.
09:06 <@Shadow404> lawl, thats awesome
09:07 <@Dagmar> NO GWAILOS ALLOWED
09:07 <@Dagmar> heh
09:09 <@Shadow404> hehe, been in this new position 4 weeks and the QA team already knows and hates my name
09:09 <@Shadow404> woot
09:10 <@Shadow404> already found 4 major defects they missed and offered fixes that would save more time than the one project they been working on for over a month
09:10 <@Shadow404> that was not a fun meeting for them
09:12 <@rattle> Our boss had an awesome story about being removed by the facility a gunpoint.
09:12 <@rattle> Hands down, best datacenter story I've ever heard though was from the unix guy on my team at CAP.
09:13 <@rattle> He was working in a facility once, when a disgruntled former employee shows up armed to the teeth and held up in the primary power room threatening to shoot up the power system and kill himself.
09:13 <@rattle> This room where the guy was holding himself up, was between him and the exit to the facility.
09:13 <@Shadow404> thats messed up
09:14 <@rattle> He just climbed into a rack, closed it, and waited the situation out.
09:14 <@Shadow404> well at least he didnt get cold
09:14 <@Dagmar> heh
09:15 <@rattle> Said at first he was scared shitless, but then an hour in, he just wanted to pee and wished he had mobile coverage.
09:17 <@Dagmar> I feel good.
09:17 <@Dagmar> I got sleep last night, and I'm doing exactly what I should about this place.
09:18 <@Dagmar> The quality of the work exactly matches the level of my pay
09:19 <@Dagmar> I had someone request a CNAME in the root of a zone (although we've been over this again and again, it can't happen) so I finally said "fuck it" and put it in the zone anyway
09:19 <@Dagmar> The only people affected were the people making the idiotic request.
09:24 <@Shadow404> woot, if you explain what it will do, not work or break the record and they still request it done, just do it and hold the fact you warned them in their face when they come back and complain
09:25 <@Shadow404> done that so many times, then they request a copy of the zone record and accept their fault
09:25 <@Dagmar> We've been over this about a half-dozen times in the last two years
09:25 <@Shadow404> meanwhile, i have a copy of their zone record, once they notice it broke everything i can fall back to with one command and force on the dns server
09:26 <@Dagmar> ...and the request came from the guy who runs the medical center's nameservers, so fuck him
09:26 <@Shadow404> of course add the propogation time which i have no controll over and they didnt want to lower the ttl
09:29 <@Shadow404> then they come back and say, alright our fault, but i want you to expedite the changes back to they were in the next hour
09:30 <@Shadow404> then you have to explain you have no control over propogation and they get all pissy
09:32 <@Dagmar> I'm just tired of people trying to use me like a remote-operated keyboard
09:32 <@Dagmar> ...then blaming me when they fuck up.
09:32 <@Dagmar> NOW we're going to see some fuck ups.
09:32 <@Shadow404> yep, gotta love being dns admin
09:32 <@Shadow404> so heres what i do
09:32 <@Shadow404> in those cases i disagree
09:32 <@Dagmar> I'm basically no longer going to perform a safety-check function on anything.
09:32 <@Dagmar> If you ask me to delete your primary database, I will fucking do it.
09:32 <@Shadow404> i send them the zone file, they modify it, i send it back
09:33 <@Shadow404> copy and paste the new file in and force the changes
09:33 <@Shadow404> then its on them
09:33 <@Shadow404> tis broke????? really, i copied exactly what you sent, see (run dig command)
09:34 <@Dagmar> If you ask me to power off an auth server that I had to go find the IP address of _in the hosts file of it's neighbor-pair_ because some assholes removed all other references to it in DNS and can't be bothered to tell me it's real name, then by god I *will* turn off that server.
09:34 <@Dagmar> Shadow404: That's going to happen on Thursday by the way
09:34 <@Dagmar> They claim they've changed all DNS references to no longer use it.
09:35 <@Dagmar> ...but I had to find it's IP address in the hosts file of the _other_ auth server.  Not commented out.  Live.
09:35 <@Dagmar> Should be a real hoot.
09:35 <@Dagmar> I'm going to power it off and then turn off my phone.
09:35 <@Shadow404> yep, did you even mention that?
09:36 <@Dagmar> Shadow404: Nope.
09:36 <@Dagmar> LIke I said, I'm done with being used like a remote-operated keyboard.
09:36 <@Shadow404> oh man, make sure you keep that email saying they removed all references
09:36 <@Shadow404> proof in writing
09:36 <@Dagmar> Whatever dumbass thing they request while telling me as little as possible about what is going on, *is going to happen*
09:36 <@Dagmar> Hell they put this stuff in the service request
09:36 <@Dolemite> Well, now.  Looks like my firewall rule to allow SNMP queries from my Cacti box got dropped.  It should only take 30 days to go through the red tape with Cyber to get it reinstated.
09:37 <@Shadow404> Dolemite: oh fun, love red tape
09:37 <@Dementia> Hi Dol
09:37 <@Dolemite> Heya, Dementia!  Long time no see!
09:37  * Shadow404 runs up and hug pounces Dementia 
09:37 <@Dementia> I lurk
09:37 <@Dementia> Hey Shadow
09:37 <@Shadow404> long time no see gal
09:37 <@Dolemite> You only come out when you know Wilpig isn't on
09:37 <@Dolemite> ha!
09:37 <@Dementia> Do you blame me?
09:37 <@Dementia> :)
09:38 <@Shadow404> no one does
09:38 <@Shadow404> :)
09:38 <@Dolemite> Not really, no
09:38 <@Dementia> Unfortunately I waited too long to buy my plane tix
09:38 <@Dementia> so I don't think I'm coming to pn
09:38 <@Dolemite> I can't make it, either :(
09:39 <@Dementia> bummer
09:39 <@Dementia> That whole 'wife and kids' thing?
09:39 <@Dagmar> Shadow404: I'm especially pissed that other than repeatedly demanding we report "wins" so that he can tout them upstairs (yes, good job making sure you take credit for our work) he's utterly failed to do anything about the shorthandedness.  ANYTHING.  We can't report any "wins" becuase we can't make any significant _forward progress_
09:39 <@Dagmar> He's been going out of his way to avoid me.
09:39 <@Dolemite> We are heading to Florida the following week, so I need to prepare for that trip, plus work.  Last month of goverment FY = madhouse.
09:39 <@Dagmar> A couple of weeks of this, and he'll have to call me in to have a meeting
09:40 <@Dagmar> ...and I'll be sitting there with my virtual trollface on
09:40 <@Dolemite> So when PN was in October, it was the first month of the FY, when things are back to normal
09:40 <@Dementia> Gotcha.
09:40 <@Dementia> Things have been nuts around here too. Working for an education company means not much in the way of summer vacation.
09:41 <@Dementia> Florida sounds fun. Me and the hubby went there last October.
09:42 <@Dolemite> But for some reason, EVERYTHING seems to be scheduled for a 10 day span for me this year, and I'm not happy about having to give so many of them up.  Data Center World (which I'm going to) is causing a conflict for PhreakNIC, Cub Scouts Fall Camping Trip, and a bunch of other local stuff.
09:43 <@Dolemite> So I'll be in a conference while Pamela and the kids are enjoying the pool or amusement parks.  We're staying +3 days afterwards, though, so that I can have some fun, too.
09:43 <@Shadow404> i think pn should come first
09:43 <@Shadow404> just saying
09:43 <@Dolemite> You know, other than driving 10 hours in a car with two small kids.
09:44 <@Shadow404> are we there yet?
09:44 <@Dolemite> I am going to try to flip back to attending the Spring DCW conference next year, I think
09:44 <@Dolemite> There's a reason I'm getting up at 3 AM to put everybody in the car and get on the road.  It means I get to spend half of the time with everybody else asleep.
09:44 <@rattle> Next week I'm speaking locally..  So I'm not going to make it to PhreakNIC.
09:45 <@Shadow404> are we there yet?
09:45 <@Dolemite> Actually with LTE coverage pretty much over the whole interstate, we're going to hotspot my phone and have tablets for the kids to watch Netflix on.  Sanity will be salvaged.
09:45 <@Shadow404> damn, thats gonna eat into the data bill
09:46 <@Dolemite> No, I have Sprint.  Unlimited data.
09:47 <@Dolemite> Sprint does a good job of covering the interstates, and a shitty job of covering rural areas.
09:47 <@Shadow404> nice, ive been looking at possible plans, but there arent many sprint brick and mortar stores nearby
09:47 <@Corydon76-home> Which will cut out as soon as you receive a phone call.
09:47 <@Shadow404> are we there yet?
09:48 <@Dolemite> Corydon76-home: Only if I answer it
09:48 <@Corydon76-home> Or do you have a separate LTE device?
09:48 <@Dolemite> I'm on vacation, bitches!
09:48 <@Dolemite> My wife and I both have LTE phones.  Either of us can set up the hot spot, but she's more likely to talk on the phone than me.
09:48 <@Dolemite> I rarely get phone calls
09:49 <@Dementia> I get great coverage except for about half my train commute. Which blows.
09:50 <@Corydon76-home> I only notice the lack of coverage when I'm in Bum Fuck Tennessee, which is really not all that often
09:50 <@Shadow404> are we there yet?
09:51  * Corydon76-home makes plans to bum fuck Shadow404.
09:51 <@Shadow404> pass, but i am DM'ing at a Gay Event 2 weekends from now
09:52 <@Dagmar> Dolemite: LTE through who is the question.
09:52 < frsilent> Dolemite: what part of Fl?
09:52 <@Dagmar> A hotspot with no Internet on the backend isn't exactly a useful thing
09:52 <@Dolemite> frsilent: Whorelando
09:52 <@Corydon76-home> Shadow404: 2 weekends from now is PhreakNIC
09:52 <@Shadow404> Dagmar: aside from peer to peer transfer or a local lan party
09:53 <@Dolemite> Dagmar: The LTE up here in East TN is pretty solid.  I hear that it's the suck in Nashville, according to Troy and Wilbur.
09:53 < frsilent> ah gotcha, should be fun
09:53 <@Shadow404> Corydon76-home: im gonna be stuck in town for my solo cross country flight
09:53 <@Shadow404> Corydon76-home: ah, then you'll miss the event
09:53 < frsilent> PN next weekend?
09:53 <@Dolemite> The tablets will have some movies on their SD cards, too.  I'm not stupid. :P
09:53 <@Corydon76-home> No, in 2 weekends
09:53 <@Shadow404> are we there yet?
09:54 < frsilent> ah gotcha, just saw that
09:54 < frsilent> hmm
09:54 <@Dagmar> LTE through Sprint is completely shit in Nashville.
09:54 <@Dagmar> ABout a third of the towers don't appear to fucking work
09:54 <@Dagmar> You wind up having to turn *off* 4G
09:54 <@Dolemite> I will find out for myself next Thursday.  Have the TN Chapter of AFCOM meeting in the Hill Center.
09:54 <@Shadow404> tmobile had pretty solid coverage the last few year i was up there
09:55 <@Dagmar> With the Sprint firmware, changing from EVDO/CDMA to EVDO/CDMA/LTE requires a _reboot_
09:55 <@Dagmar> ...which is the main reason I finally said "Fuck it" and went to CM10.2
09:55 <@Dolemite> For East TN, both US Cellular and Sprint lease their tower coverage from other companies - and whoever that third party is has done a good job.
09:55 <@Shadow404> are we there yet?
09:55 <@Dagmar> I know what the problem is.  Sprint are fuckups.
09:56 <@Dagmar> Apparently they had three engineers over in the MC facility working on their equipment there in an "almost done" state for _ten hours_
10:07 -!- RangerZ [~rangerz@c-98-211-46-74.hsd1.tn.comcast.net] has quit [Ping timeout: 240 seconds]
10:22 -!- ZeroMinuS|Work [~zerominus@68.208.149.253] has quit []
10:39 -!- RangerZ [~rangerz@129.59.115.4] has joined #se2600
10:40 <@Dagmar> SUPER AWESOME!
10:41 <@Dagmar> I think our new "architect" just tried to do a nod-and-smile when I asked for his public key
10:43 <@Shadow404> are we there yet?
10:44  * Shadow404 pokes the irc bus driver (dolemite)
10:44 <@Shadow404> and by bus i mean short bus
10:46 <@Dagmar> I hope like hell they didn't hire a bullshit artist for this
11:02 -!- oddball [~oddball@c-98-193-232-23.hsd1.tn.comcast.net] has joined #se2600
11:03 -!- mode/#se2600 [+o oddball] by ChanServ
11:06 -!- x86Daddy [~z@32.145.158.221] has joined #se2600
11:21 <@Dolemite> Shadow404: I have to go pee pee
11:22 -!- x86Daddy [~z@32.145.158.221] has quit [Ping timeout: 264 seconds]
11:23 <@Corydon76-home> Shadow404: yeah, what do you do if you suddenly have to pee while you're in one of those small cockpit planes?
11:23 <@Corydon76-home> I know there's no toilet in that bitch.
11:25 <@Shadow404> Corydon76-home: two options, well really thre
11:25 <@Shadow404> *three
11:25  * Shadow404 kicks wilfor taking up all the b/w with torrents
11:26 <@Shadow404> *evilpig
11:26 <@Shadow404> anywho, option 1 is use a pee receptacle thingy that looks like a modified jug, option 2 land, hold it
11:31 <@Corydon76-home> How forgiving is the FAA on unscheduled pit stops?
11:33 <@Shadow404> uh, you just tell them your taking  pit stop and they just modify your flgith log when u tqake off again and re-cehck in
11:35 <@Shadow404> for the most part, i will be doing whats called flight tracking, where i say im going from here to here and they just hand me off from center to center, but im not IFR which is far more strict
11:45 <@Dagmar> wait... What's IFR again?
11:45 <@Dagmar> I was under the impression it was slang for "I Follow Roads" which doesn't sound particularly strict.
11:46 <@Dagmar> The military guys tend to use the I Follow Rivers variant when going to the Tyson airport that's like four miles north of my place
11:46 <@Dagmar> Super awesome to hear five Hueys rolling by my window at a distance of about 300 yards.
11:47 <@Dagmar> *CHUFF*CHUFF*CHUFF*CHUFF*CHUFF*CHUFF*
11:47 <@Shadow404> Intrument flight rating
11:47 <@Shadow404> or what they are doing in the huey's is
11:47 <@Shadow404> visual flgiht rating
11:48 <@Shadow404> what im doing is flight tracking which is 95% vfr, aisde from a few commands from traffic control
11:49 <@Shadow404> since i dont have my intrsument rating, i  cant fly in no visibility or night
11:49 <@Shadow404> traffic control will keep me apprised of any weather or large traffic
11:50 <@rattle> Once I get my status in the grand conspiracy upgraded from American Folk Hero to Eccentric Millionaire, I'm going to get my PPL/IR and buy a Corvalis TTx.
11:55 <@Dagmar> I'll stick with deliberately firing bottle rockets at passing 737s
12:04 <@Shadow404> Dagmar: that will make oyu real popular with the feds, just saying
12:07 <@Dagmar> If I can hit a 737 with a bottle rocket, it is flying far too fucking low.
12:07 <@Dagmar> If it could actually do any damage, then they have been *seriously* neglecting maintenance.
12:07 <@Dagmar> If anyone thinks this is a serious threat, they need their head examined.
12:08 <@Dagmar> ...becuase there might be terrorists hiding inside it.
12:09 <@Shadow404> hehe, its not the possible effects, its how it scares the masses
12:09 <@Shadow404> aka, to keep us in line, that would be illegal
12:11 <@Dagmar> If someone is terrified of a man thousands of yards away firing a bottle rocket at them, the same goes for their head.
12:14 <@Shadow404> and the way the media is able ot warp the masses and their belifs, same goes for that too
12:14 -!- RangerZ [~rangerz@129.59.115.4] has quit [Quit: Leaving.]
12:14 <@Shadow404> all it would take is for somebody on fox television making a comparison to that and a terrorist with a shoulder loaunched rocket
12:15 <@Dagmar> Yeah and I could easily get three minutes of airtime to hold up a black cat bottle rocket next to a picture of a rocket to destroy their credibility.
12:16 <@oddball> Dagmar: haha!  You're funny.  Trust me... pro-gun folks have been doing exactly that for years, and yet the mis-information continues to be preached as gospel.
12:16 <@Shadow404> yeah, but i could see it get blown out of proportion so quick
12:16 <@Shadow404> you know how they can spin and hype anything on tv
12:16 <@Dagmar> You underestimate how much of a bastard I am.
12:17 <@Dagmar> People who don't understand math and physics might be confused into thinking you could possibly hit a passing jet with a handgun or a rifle.
12:17 <@Dagmar> EVERYONE's shot off bottle rockets before.
12:17 -!- RangerZ [~rangerz@129.59.115.4] has joined #se2600
12:17 <@oddball> And you underestimate how much the media fails to care if it goes against their narrative.
12:18 <@Dagmar> ...which is why I have no problems suggesting we check inside the skulls of reporters for terrorists in hiding.
12:18 <@Dagmar> Clearly there's not a working brain in there, but *something* is pulling the switches and levers.
12:18 <@oddball> I approve of this idea.
12:18 <@Dagmar> It's also altogether possible that the reporters _are_ the terrorists.
12:18 <@Dagmar> *ahem*
12:18 <@aestetix> vagina
12:19 <@Dagmar> I can VERY much make the argument that the reporters are in fact, terrorists.
12:19 <@Shadow404> are we there yet?
12:19 <@Dagmar> That I'd lead with requesting a physical inspection of their skull before making that point is why I'm a bastard.
12:20 <@rattle> Green <airquotes> Lasers </airquotes>
12:21 <@Dagmar> Well, those they make powerful enough to burn a hole in a plain
12:21 <@Dagmar> er plane.
12:21 <@Dagmar> 'cept you'll never find them for sale at the gas station.
12:26 <@Shadow404> and import laws now forbid anything close to burning poower nowadays
12:26 <@Shadow404> and if you purchase inside the country, better have a damn good cover story/reason
12:28 -!- v4mp [~v4mp@unaffiliated/v4mp] has joined #se2600
12:29 <@Dagmar> Reason: I want to be a fucking Jedi.
12:29 <@Shadow404> yeah, that will go over well
12:29 <@Shadow404> like going to an explosive manufacture and saying you need gopher repellant
12:30 <@rattle> The whole Jedi thing became totally unappealing after the whole celibacy thing was made clear.
12:32 <@Shadow404> huh? maybe im not enough of a geek to get that
12:33 <@Corydon76-home> A lifetime of celibacy is a requirement for the Jedi knights.
12:34 <@Shadow404> dude, forget that
12:34 <@Shadow404> its like a high school celibacy promise drive
12:34 <@Shadow404> i never signed that thing and was talked to by the school conselour for being a rebel
12:35 <@Corydon76-home> If you never had the experience, though, how would you know what you're missing
12:35 <@Shadow404> Corydon76-home: um, feedback from those that have
12:35 -!- x86Daddy [~z@32.145.158.221] has joined #se2600
12:35 <@rattle> Ok, so this is just a joy to watch..  http://www.youtube.com/watch?v=bKgf5PaBzyg
12:35 < GateKeeper> Title: How To Uninstall McAfee Antivirus - YouTube (at www.youtube.com)
12:35 <@Corydon76-home> That's also why the Jedi were recruited as children
12:36 <@Shadow404> ok, worse, children/teens are super curious about sex
12:36 <@Shadow404> only strict discipline and order would keep them in line from having sex
12:39  * Corydon76-home disciplines Shadow404...
12:43 -!- RangerZ [~rangerz@129.59.115.4] has quit [Quit: Leaving.]
12:49 <@Dagmar> God damn that's hilarious
12:49 <@rattle> Dagmar: I know, right?
12:51 <@Dagmar> It's great
12:51 <@Dagmar> Maybe they'll do something about their software now that the founder is ridiculing them
13:12 <@rattle> Yeah, don't count on that.
13:12 <@rattle> He's been ridiculing them for years.
13:13 <@rattle> Elvis Costello is playing Veronica at the Apple launch event. Hipster level has exceeded nominal.
13:13 <@rattle> (Very good song though)
13:14 <@aestetix> Yeah, that fingerprint scanner.
13:14 <@aestetix> I guess I need to wear gloves any time I accidentally need to touch an iPhone now
13:14 <@rattle> I actually think the fingerprint scanner is the best thing about the phone.
13:15 <@rattle> Seriously, dude.  Your fingerprints are already on file.  And if they aren't, the government (or virtually anyone else) doesn't need to do anything as ridiculous as hack your phone to get them.
13:15 <@aestetix> How likely do you think it is that the NSA got Apple to submit all fingerprints to them?
13:16 <@aestetix> There's a difference between being on file and geotimestamped
13:16 <@rattle> If they know your phone#, they can _already_ geotimestamp you.
13:16 <@aestetix> No, they can geotimestamp the phone.
13:16 <@aestetix> Big difference.
13:17 <@rattle> Not much in pratice.
13:18 <@aestetix> And how often do governments follow the law in practice? ;)
13:19 <@aestetix> I imagine this will make fingerprint theft that much easier.
13:19 <@rattle> Anyway? In practice, the fingerprints obtained by biometric scanners are only really useful for that model of biometric scanner.  They aren't like pictures, they are curve data aligned to a certain number of points.
13:20 <@rattle> Given the massive weakness of four digit pins, and the PITA of using anything more than a four digit pin?  Having a fingerprint scanner on a phone that works, is a really nice advance for security.
13:32 -!- RangerZ [~rangerz@129.59.115.4] has joined #se2600
13:34 <@Shadow404> Corydon76-home: nope, still having sex
13:35 -!- mikep [~mikep@cpe-76-189-152-61.neo.res.rr.com] has joined #se2600
13:36 <@Shadow404> dino?
13:38 -!- mikep is now known as NeXXus
13:43 <@Dagmar> rattle: I'm kinda peeved I missed the NFC Ring kickstarter, but it looks like they'll have more ready to go to market before Christmas
13:54 <@aestetix> Hmm. The more I think about it, the more I find it interesting that I'm in a position where I have to justify why I don't want something I consider invasive.
13:54 <@aestetix> Then again, I have no desire for an iPhone anyways, so it's a moot point.
13:55 <@aestetix> Anyways, if your fingerprint is all over the place already, then it's a poor security model.
13:55 <@aestetix> There's also no way to fix it if someone steals your fingerprint.
13:56 <@rattle> It doesn't work that way.
13:57 <@rattle> Unless Apple did something radically different than is the norm for hand readers..  It's _very_ hard to go from a fingerprint scan to a fingerprint model that can unlock a devices with a fingerprint scanner.
13:58 <@rattle> If you have a high-resolution sub-dermal scan of someone's finger..  In theory, you may be able to have something molded that could fake the scan..  But it would be _very_ expensive.  You're not talking about something you can 3d print.
13:58 <@rattle> And a high-resolution sub-dermal scan is also different than the type of fingerprint scan you'd find in a fingerprint database.
13:59 <@rattle> And for that matter, the "signature" derived from fingerprint scans on biometric devices that's used to authenticate a scan, is different from both the type of scan you'd have in a fingerprint database and a high-resolution sub-dermal scan.
13:59 <@rattle> It's all different.
13:59 <@aestetix> Would you say they are *not* linkable?
14:00 <@aestetix> I mean, sure, I think it's great that Apple might have just reopened a huge debate.
14:01 <@rattle> But, we don't know exactly what Apple did at this point.  We'll have to wait to hear what the fingerprint signature model is, how many points of comparison it uses, in addition to the key metrics used for measuring the effectiveness of these kinda of solutions..  False acceptance rate, false rejection rate, crossover error rate, etc..
14:01 <@rattle> But yes, they are _not_ linkable.
14:01 <@aestetix> Still not using it. I don't like biometrics in general.
14:02 <@rattle> When you enroll in a fingerprint reader, you take multiple scans, until it's able to build a signature for your fingerprint based on points of comparison..  Usually, you keep scanning until it hits a certain desired ratio between failure/success rates.
14:02 <@aestetix> At this point, I pretty much trust nothing.
14:03 <@rattle> Then, based on that signature..  The strength of the whole shebang is based on the points of comparison, false acceptance rate, and false rejection rate.
14:03 <@rattle> But in the end..  What the devices matches against is far more like a "signature" of your fingerprint, than anything that resembles your fingerprint in any reproducible form.
14:04 <@rattle> And, that "signature" is usually specific to type of scanner in play, and the processor brains behind it.
14:04 <@rattle> ? because it's based on their capabilities.
14:06 -!- Vyrus001_ [~Vyrus001@209.159.137.117] has quit [Ping timeout: 260 seconds]
14:07 <@Shadow404> are we there yet?
14:14 <@Dolemite> Shadow404: Don't make me turn this bus around!
14:17 <@Shadow404> why?
14:18 <@Dolemite> Because I said so.  Who's the boss?
14:20 <@Shadow404> why?
14:21 <@Shadow404> Dolemite: mom
14:22 <@Dolemite> Remember, son, you're the reason Mommy drinks.
14:24 -!- jonnyx [~jonnyx@adsl-74-179-37-81.bna.bellsouth.net] has joined #se2600
14:25 <@Shadow404> Dolemite: is that why she also hits daddy?
14:25 -!- jonny_X [~jonnyx@adsl-74-179-194-228.bna.bellsouth.net] has quit [Ping timeout: 241 seconds]
14:25 <@Dolemite> No, that's a game that Mommy and Daddy play.  Let's not mention it again.
14:25 <@Shadow404> is that why you had that silly red ball in your mouth
14:26 <@Shadow404> mom said that was a halloween costume you were both wearing, but its not even october yet.
14:32 <@Shadow404> dammit, i need to smack a bitch, wheres palindrome?
14:34 < frsilent> do geese see god?
14:35 <@Dagmar> So... THe new "architect" here is Tim Sheets, who from the look of his LinkedIn profile is a paperwork monkey
14:35 <@Dagmar> I wish them well with that plan
14:36 <@Dagmar> Mirage's replacement is David Todd.  Someone with about five years experience, possibly less
14:36 <@Dagmar> This should be fun.
14:36 <@Dagmar> I'm going to maybe get to destroy two souls at once.
14:38 <@Dagmar> I'm going to have to maybe make a LinkedIn account so I can see the full details
14:39 -!- jonny_X [~jonnyx@adsl-74-179-42-169.bna.bellsouth.net] has joined #se2600
14:40 < frsilent> fyi linkedin will alert you to another user viewing your profile
14:40 <@Dagmar> That's fine.
14:40 < frsilent> in case you care if they know you're scoping them out
14:40 <@Dagmar> I didn't say I was going to make an account with my actual name on it
14:40 -!- jonnyx [~jonnyx@adsl-74-179-37-81.bna.bellsouth.net] has quit [Ping timeout: 264 seconds]
14:40 < frsilent> I think you can opt in to be seen as anonymous
14:41 < frsilent> can test against mine if you'd like
14:41 <@Dagmar> ...and the point of that would be what exactly?
14:41 <@Dagmar> I have no (as in zero, none, nada) of submitting my information to LinkedIn.
14:41 <@Dagmar> No intention whatsoever.
14:42 < frsilent> lol
14:43 < frsilent> was just volunteering
14:47 <@Dagmar> Seriously the architect has "PHB" written all over him.  LOts of experience with log analysis tools.  Nothing hardcore technical.
14:47 <@Dagmar> ...and he's supposed to be managing an LTM.
14:47 <@Dagmar> LOL
14:52 < frsilent> lol
14:52 -!- Dolemite [80db310d@gateway/web/freenode/ip.128.219.49.13] has quit [Quit: Page closed]
14:54 -!- jonny_X [~jonnyx@adsl-74-179-42-169.bna.bellsouth.net] has quit [Read error: Connection reset by peer]
14:58 -!- jonnyx [~jonnyx@adsl-74-179-239-34.bna.bellsouth.net] has joined #se2600
15:02 -!- jonny_X [~jonnyx@adsl-74-179-236-144.bna.bellsouth.net] has joined #se2600
15:03 -!- jonnyx [~jonnyx@adsl-74-179-239-34.bna.bellsouth.net] has quit [Ping timeout: 264 seconds]
15:05 <@Shadow404> are we there yet?
15:09 -!- jonnyx [~jonnyx@adsl-74-179-38-220.bna.bellsouth.net] has joined #se2600
15:10 <@Dagmar> Also... My rant against Comcast's technical support has attracted the attention of a social media puppet
15:10 <@Dagmar> Game on motherfuckers.
15:10 -!- jonny_X [~jonnyx@adsl-74-179-236-144.bna.bellsouth.net] has quit [Ping timeout: 248 seconds]
15:10 <@Shadow404> i lost it on comcast the other day
15:15 -!- jonny_X [~jonnyx@adsl-74-179-36-250.bna.bellsouth.net] has joined #se2600
15:16 -!- jonnyx [~jonnyx@adsl-74-179-38-220.bna.bellsouth.net] has quit [Ping timeout: 245 seconds]
15:17 -!- northrup [~jjn@173-14-101-193-nashville.hfc.comcastbusiness.net] has quit [Ping timeout: 276 seconds]
15:19 -!- jonnyx [~jonnyx@adsl-74-179-238-134.bna.bellsouth.net] has joined #se2600
15:20 -!- jonny_X [~jonnyx@adsl-74-179-36-250.bna.bellsouth.net] has quit [Ping timeout: 276 seconds]
15:22 -!- jonny_X [~jonnyx@adsl-74-179-233-164.bna.bellsouth.net] has joined #se2600
15:23 -!- jonnyx [~jonnyx@adsl-74-179-238-134.bna.bellsouth.net] has quit [Ping timeout: 240 seconds]
15:24 <@Dagmar> Shadow404: Had to talk to Technical support did yo?
15:24 <@Dagmar> I'm just astonished that the shill read the detailed post I made, and then just says "Can I help you?"
15:24 <@Dagmar> Nothing useful... Still just reading from a damn cue card basically.
15:26 <@Shadow404> Dagmar: yeah, and then my simple request, they didnt understand and offered me premium tech support in the states for a price
15:26 <@Dagmar> rattle: As far as I've been able to tell the problem with fingerprint readers is that apparently the people holding the patent are under the impression that reading a fingerprint should cost as much as a blowjob from a professional escort.
15:26 -!- jonnyx [~jonnyx@adsl-74-179-212-245.bna.bellsouth.net] has joined #se2600
15:26 <@Dagmar> Shodow404: Holy shit I would have flipped my wig
15:27 <@Shadow404> i asked for them to bridge my new modem they replaced the bad one with to my router
15:27 <@Dagmar> "You mean you expect me to pay extra money in order to talk to someone who isn't a fucking parrot?"
15:27 <@Shadow404> they didnt know how to do it
15:27 <@Dagmar> lol
15:27 -!- jonny_X [~jonnyx@adsl-74-179-233-164.bna.bellsouth.net] has quit [Ping timeout: 246 seconds]
15:27 <@Shadow404> so i had to go itno the comcast customer forums, pull the how to from their side
15:27 <@Shadow404> and paste it into chat
15:27 <@Shadow404> 10 minutes later she comes back thats it done
15:27 <@Dagmar> God damn
15:27 <@Shadow404> yeah, i have to do the tech work
15:28 <@Shadow404> how the fuck does that make sense
15:28 <@Shadow404> Dagmar: exactly, i spoke to customer assurance the next day
15:28 <@Shadow404> and they say they are getting alot of complaints about the new support scheme and appreciate my input
15:28 <@aestetix> oh Dagmar that reminds me
15:28 <@aestetix> msg
15:28 <@Shadow404> i dont know how to take that
15:28 <@Shadow404> is it gonna force them to go back to what they had in the states
15:29 <@Dagmar> Shadow404: Ask them if they're going to start flavoring their techs
15:29 <@Shadow404> or they gonna try to modify/fix a broken sysem
15:29 <@Dagmar> Oh so I was probably talking to a genuine Mexican the other day, then?
15:29 <@Shadow404> cause a year ago, i never had so much trouble with comcast
15:29 <@Shadow404> i got on the phone, maybe...2min and the problem was understood and in the works
15:30 <@Shadow404> now it takes 15 muinutes to just get through the script they have to follow for them to grasp my issue and another 10min mininum to fix or say they cant do it and refer me to their signature pay for support
15:30 <@Shadow404> and its not my issue, its their equipment, nothing changed on my side
15:30 -!- jonnyx [~jonnyx@adsl-74-179-212-245.bna.bellsouth.net] has quit [Ping timeout: 245 seconds]
15:31 <@Dagmar> Man I nearly turned inside out when after 20 minutes the dude finally sees some packet loss and STILL tries to schedule someone to come out to my house
15:32 <@Dagmar> I'm acutally paying the $5/month "not my fault" fee just so that if they have to send someone out I don't have to threaten to skin someone alive for charging me for proving their equipment is screwed up
15:33 <@Dagmar> ..but for fuck's sake I don't know how many times I have to say "Take this IP address and kick it over to Network Operations".
15:33 <@Shadow404> not questioning your skills, but what about last mile from the road demarc to your house, maybe their last mile cable is bad
15:33 <@Dagmar> I'll show you why I know this
15:33 -!- jonnyx [~jonnyx@adsl-74-179-194-42.bna.bellsouth.net] has joined #se2600
15:33 <@Shadow404> is it at the core?
15:33 <@aestetix> http://icontherecord.tumblr.com/
15:33 < GateKeeper> Title: IC ON THE RECORD (at icontherecord.tumblr.com)
15:33 <@aestetix> this is big
15:33 <@Dagmar> http://dagmar.evilgiggle.com/~dagmar/networkmap.png
15:34 <@Shadow404> Dagmar: ill take your word on it, on the work laptop atm
15:35 <@Dagmar> Shadow404: I was pinging a network peer at the time.  That goes over the HFC network but doesn't involve the headend
15:36 <@Dagmar> Shadow404: My communications to the nearby network peer were never interrupted
15:36 <@Dagmar> That rules out anything like the coax itself being bad
15:37 <@rattle> THIS TUMBLR HAS NO PICTURES OF TITTIES. TL;DR
15:37 -!- jonny_X [~jonnyx@adsl-74-179-219-227.bna.bellsouth.net] has joined #se2600
15:37 -!- jonnyx [~jonnyx@adsl-74-179-194-42.bna.bellsouth.net] has quit [Ping timeout: 240 seconds]
15:37 <@Dagmar> rattle: Yes I was personally very astonished to find there were pictures of titties on Tumblr
15:38 <@Dagmar> It took me a few hours to determine that i was in fact astonished by the titties and not by the idea that tumblr exists.
15:39 <@rattle> Dagmar, it's the FUCKING INTERNET.  Of course there are pictures of tits.  There's only one thing there's more of than tits on the Internet:  Cats.
15:39 <@aestetix> god I love my life
15:39 <@aestetix> two hot girls are coming over to do a photo shoot in my living room tonight
15:40 <@Dagmar> Well, like I said, it took a few hours to decide exactly why i was astonished
15:40 <@Dagmar> Mainly it's because there's very little organization of the pictures of titties
15:40 <@Dagmar> aestetix: YAY!
15:41 <@aestetix> I do not yet know how scantily clad they plan on being
15:44 <@Dagmar> Be up front with them.
15:44 < frsilent> speaking of tits, anyone else read the latest issue about tits and developers?
15:45 < frsilent> http://it.slashdot.org/story/13/09/09/124215/sexist-presentations-at-startup-competition-prompt-techcrunch-apology
15:45 < GateKeeper> Title: Sexist Presentations At Startup Competition Prompt TechCrunch Apology - Slashdot (at it.slashdot.org)
15:45 < frsilent> ^regarding
15:45 <@Dagmar> Tell them that it might make you feel slightly uncomfortable for them to be naked in your house, but that you'll cheerfully endure it in the name of art.
15:45 <@Dagmar> frsilent: yes.  The attention whores haven't figured out they can gain no purchase with that one
15:45 -!- jonnyx [~jonnyx@adsl-74-179-220-85.bna.bellsouth.net] has joined #se2600
15:45 <@Dagmar> frsilent: The worst of it would warrant a PG-13 rating.
15:45 < frsilent> lol
15:45 <@aestetix> oh is that the titstare thing?
15:45 <@Dagmar> Yes.
15:46 <@aestetix> you know
15:46 <@aestetix> it seems like if you really want to hide something important from the general public, put a dude saying offensive things right next to it
15:46 <@aestetix> and everyone will focus on the dude
15:46 <@Dagmar> hehe
15:48 <@aestetix> just sayin
15:48 -!- jonny_X [~jonnyx@adsl-74-179-219-227.bna.bellsouth.net] has quit [Ping timeout: 248 seconds]
15:48 -!- northrup [~jjn@173-14-101-193-nashville.hfc.comcastbusiness.net] has joined #se2600
15:49 -!- northrup is now known as Guest87156
15:53 -!- v4mp|2 [~v4mp@216.162.35.202] has joined #se2600
15:53 -!- v4mp [~v4mp@unaffiliated/v4mp] has quit [Read error: Connection reset by peer]
15:54 -!- jonny_X [~jonnyx@adsl-74-240-222-246.bna.bellsouth.net] has joined #se2600
15:55 -!- RangerZ [~rangerz@129.59.115.4] has quit [Quit: Leaving.]
15:55 -!- jonnyx [~jonnyx@adsl-74-179-220-85.bna.bellsouth.net] has quit [Ping timeout: 245 seconds]
16:12 -!- jonnyx [~jonnyx@adsl-74-179-41-39.bna.bellsouth.net] has joined #se2600
16:13 -!- jonny_X [~jonnyx@adsl-74-240-222-246.bna.bellsouth.net] has quit [Ping timeout: 260 seconds]
16:20 <@aestetix> vagina
16:31 -!- jonny_X [~jonnyx@adsl-74-179-39-159.bna.bellsouth.net] has joined #se2600
16:33 -!- jonnyx [~jonnyx@adsl-74-179-41-39.bna.bellsouth.net] has quit [Ping timeout: 246 seconds]
16:35 <@Dagmar> sheesh
16:35 <@Dagmar> damn users
16:37 <@Dagmar> Someone who will remain nameless uploaded >33gb of raw video camera footage to a shared webserver and filled it
17:04 -!- v4mp|2 [~v4mp@216.162.35.202] has quit [Ping timeout: 276 seconds]
17:09 <@aestetix> wow
17:09 <@aestetix> http://www.youtube.com/watch?v=jjnrLt3VuSM
17:09 < GateKeeper> Title: EAT DA POO POO [AFRICA DO NOT WANT THIS SICKNESS] - YouTube (at www.youtube.com)
17:13 <@aestetix> I don't even
17:24 -!- RangerZ [~mike@c-98-211-46-74.hsd1.tn.comcast.net] has joined #se2600
17:27 -!- x86Daddy [~z@32.145.158.221] has quit [Ping timeout: 264 seconds]
17:31 -!- brimstone [~brimstone@unaffiliated/brimstone] has quit [Remote host closed the connection]
17:32 -!- brimstone [~brimstone@unaffiliated/brimstone] has joined #se2600
17:32 -!- mode/#se2600 [+o brimstone] by ChanServ
17:33 -!- RangerZ1 [~rangerz@c-98-211-46-74.hsd1.tn.comcast.net] has joined #se2600
17:48 -!- Guest87156 [~jjn@173-14-101-193-nashville.hfc.comcastbusiness.net] has quit [Quit: leaving]
18:50 -!- frenzy [~fre3nzy@74.197.33.168] has joined #se2600
18:50 < frenzy> elo
18:50 < frenzy> anyone in here know a thing or two re: xss?
18:50 < frenzy> working on a lab and i'm stuck. would love some feedback
18:53 < frenzy> so...
18:53 <@aestetix> what are you trying to do?
18:54 < frenzy> CSRF basically.
18:54 <@aestetix> ok
18:55 <@aestetix> share the problem :)
18:55 < frenzy> only place I can input anything is in the login form and the page I get redirected to if i try to login as admin (error.php) which I can insert a script into
18:56 < frenzy> The goal is to get logged into the admin page. It is a LAB so I can't just send someone a link
18:57 < frenzy> All i can get so far is a reflected xss that tells me my phpsession id
18:57 < frenzy> which to me seems useless
18:57 < frenzy> i feel like there is something in the pass between the login form POST to the login.php file
18:58 < frenzy> which is passed in plain txt
18:58 < frenzy> i tried sql injection and got it to through an error but couldn't get it to dump anything etc..
18:59 < frenzy> *throw
19:02 < frenzy> any ideas? i know that's kinda vague
19:05 < frenzy> i just need some general ideas of things to try next. not expecting "an answer"... i'm just roadblocked. and frustrated.
19:08 <@aestetix> what kind of error?
19:09 <@aestetix> although sql injection and xss are different...
19:09 < frenzy> mysql_fetch_array() expects parameter 1 to be resource, ....
19:09 < frenzy> yes. I just felt like I exhausted it.
19:10 <@aestetix> what's the reflected xss?
19:10 < frenzy> I url encoded the ' and it threw the error
19:11 < frenzy> error.php?e=admin'>'<script>alert(document.cookie)<script>&rpath=default
19:12 < frenzy> Basically page A has a login form which passes the information to login.php. If the the login fails it just sends me back to index.php
19:13 < frenzy> If however i try to login as admin it sends me to the error.php page.
19:13 < frenzy> the php error is on a redirect page that I see through Burpsuite only
19:13 < frenzy> i mean sql error
19:19 < frenzy> I cant find any other injectable params. I have beat the site to death with sqlmap. The lab does have "simulated user interaction" but that means nothing because I cant figure out how to inercept that traffic
19:19 < frenzy> on day 12 of this.
19:34 < frenzy> so no ideas?
19:37 <@Dagmar> You're getting an SQL error.
19:37 <@Dagmar> Make *certain* you are properly de-tainting your inputs.
19:38 <@Dagmar> ...because if you're getting an SQL error then you're almost certainly not doing that.
19:38 < frenzy> de-tainting? you mean passing sanitation?
19:38 <@Dagmar> Not passing.  Just plain sanitizing the input
19:39 <@Dagmar> At the first hint of evil, you just discard the entire thing and throw an error.
19:39 <@Dagmar> ...and you do not involve any of the input in the error message, or you've just created another vector by which the user can supply evil which will then be sent back from the websevrer.
19:40 -!- spaceB0x [~spaceB0x@c-68-52-126-92.hsd1.tn.comcast.net] has joined #se2600
19:40 <@Dagmar> Oh wait you're *trying* to do wvil
19:40 <@Dagmar> Focus on that SQL error then
19:40 < frenzy> so is there a way to be certain our payload is legit?
19:40 < frenzy> lol, yes. it's a pentest lab
19:40 <@Dagmar> That you even got it says someone wasn't sanitizing input data properly
19:41 < frenzy> right, so if i'm getting an error then at least we are making it "to the db" right?
19:41 <@Dagmar> The way to be sure the data is safe is to construct a regexp that extracts only information that is safe from the input.  Anything left over should mean it's time to abort and throw an error
19:42 <@Dagmar> Yeah if you're getting an SQL error the information you're passing it is making it to the database server.
19:42 < frenzy> i encoded in utf-8 to pass a ' and it seemed to "work" but trying to add any payload after that hasn't been fruitful
19:42 <@Dagmar> So someone's using "VALUE='blah'" and not making damn sure the user can't pass a ' in
19:43 <@Dagmar> Shit like this is why stored procedures and DBI interfaces were invented... To take all the input fields and put them in their own "channel" so to speak
19:44 < frenzy> right, so you think i'm on the right path... now how do i narrow down what string to pass to either extract user names or dump the db?
19:44 <@Dagmar> select *?
19:44 < frenzy> i've tried some basics, kind of like that.
19:44 <@Dagmar> ...or the all-time favorite, DROP TABLES
19:44 < frenzy> SELECT @@version = nothin
19:44 < frenzy> lol
19:44 < frenzy> i think that is an instant fail.
19:45 < frenzy> "who broke the sandbox?"
19:45 < frenzy> our goal is to access the admin page.
19:45 <@Dagmar> Hell it's their damn fault
19:45 < spaceB0x> what sqli lab are you guys using...out of curiosity
19:46 <@Dagmar> Do you know what SQL server is on the backside?
19:46 < frenzy> mysql, i can try to check version
19:46 <@Dagmar> Looking around i"m not sure @@version is valid for anything but MSSQL
19:46 < spaceB0x> gotcha
19:46  * frenzy is not a db expert by any stretch
19:47 <@Dagmar> You need SELECT VERSION(); for MySQL.
19:47 <@Dagmar> Tip: Penetration exploits require you know everything about everything, man
19:47 < frenzy> even generic stuff doesnt work... like or 1=1--
19:47 <@Dagmar> Define "doesnt work"
19:47 < frenzy> haha, i know, i know some things, about a few things.
19:47 < frenzy> "doesn't work" = we get the same sql error as above
19:48 <@Dagmar> The information you're getting in the "doesnt work" is the reason things like mod_security are so anal about checking the output and calling foul if something in "server-ese" appears
19:48 <@Dagmar> Every little error message contains a nugget of information for the attacker
19:48 < frenzy> mysql_fetch_array() expects parameter 1 to be resource, ....
19:48 <@Dagmar> Have.  You.  Asked.  Google?
19:48 < frenzy> i could post the whole error, one sec
19:49 < frenzy> yes, i have yelled at google, sweet talked google, cried over google...
19:49 <@Dagmar> Throw that into Google, and Google will show you all kinds of posts from people trying to solve it as a _problem*
19:49 < frenzy> Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\inetpub\vhosts\foomegahost.com\subdomains\me\httpdocs\include\login.php on line 69
19:49 <@Dagmar> You don't want to *solve* it necessarily, but understanding more about the problem you caused will let you reshape that problem into something more specific.
19:50 <@Dagmar> Specifically you will see something like http://stackoverflow.com/questions/2697438/mysql-fetch-array-expects-parameter-1-to-be-resource-problem
19:50 < GateKeeper> Title: php - mysql_fetch_array() expects parameter 1 to be resource problem - Stack Overflow (at stackoverflow.com)
19:50 < frenzy> right, just aside from cracking open a intro to SQL book, i'm trying to find the best approach
19:50 < frenzy> read the SO post above already
19:51 < frenzy> also, haha just noticed this guy posted his plain text pw to SO article : http://stackoverflow.com/questions/2697438/mysql-fetch-array-expects-parameter-1-to-be-resource-problem
19:51 < GateKeeper> Title: php - mysql_fetch_array() expects parameter 1 to be resource problem - Stack Overflow (at stackoverflow.com)
19:52 <@aestetix> Dagmar: want to see something beautiful?
19:52 <@aestetix> http://mail.idecosystem.org/pipermail/taxonomy_idecosystem.org/2013-September/000141.html
19:52 < GateKeeper> Title: [Taxonomy] IMPORTANT: Taxonomy AHG Terms List for Comment - Please Provide Feedback by Sept 17 (at mail.idecosystem.org)
19:52 <@Dagmar> Okay, so from this you should know you've managed to break their SELECT
19:53 <@Dagmar> So you need to make their SELECT work again, or at least _not throw an error_, and include after it something you *do* want to happen
19:53 < frenzy> yes, got that
19:53 < frenzy> just can't "make it work again"
19:54 <@Dagmar> So follow the fucker up with some semicolons, or everyone's personal favorite delimiter //
19:54 <@aestetix> Dagmar: that innocent little question is designed to totally unravel their definitions :)
19:54 < frenzy> broke it with : username=%c0%a7% with %c0%a7% being a UTF-8 encoded tick mark " ' "
19:54 <@Dagmar> ...or feed it some shit from /dev/urandom like the "expert fuzzers" do
19:55 < frenzy> tried all that (except the urandom)
19:55 <@Dagmar> *sigh* so add _two_ tick-marks
19:56 < frenzy> hahaha
19:56  * frenzy weeps
19:57 <@Dagmar> You draft up what you *think* they might be running on the other end... then you look at the variable you *think* your input is going into.
19:57 <@Dagmar> Then you put it in there and look at the result.  Is the entire thing valid anymore?  If not, what do you need to do to make it valid.
19:58 <@Dagmar> SELECT fullname,lastlogin,rights FROM blah.users WHERE username=\'$tainted_input\' AND PASSWORD=\'$more_taint\'; is rather likely what it looks like
19:59 <@Dagmar> So... ''';SELECT * from mysql.user; might be all the luls you need
20:00 < frenzy> where * is what we would assume the variable the input is going into?
20:00 <@Dagmar> If injecting one quote mark makes the query valid, it's a "you've opened it and you have to close it" issue as far as the syntax is concerned, as if the query were SELECT foo FRom table WHERE username='blah and PASSWORD='12345';
20:00 <@Dagmar> username winds up being "blah and PASSWORD='
20:00 <@Dagmar> er but with balanced quotes
20:01 <@Dagmar> frenzy: This is where you need to learn a little MySQL to get the job done
20:01 < frenzy> i know, i know...
20:01  * frenzy rolls up sleeves
20:02 <@Dagmar> It's SELECT (list of fields in table) FROM (tablename) WHERE (fieldname)="(some value)";
20:02 < frenzy> i do understand what you are saying. i just need to figure out the syntax.
20:02 < frenzy> i'll keep plugging away
20:02 <@Dagmar> Like SELECT user,host FROM mysql.db; will generally list you out the user@host stuff for who has access (if you have privs to read that table)
20:03 <@Dagmar> Did you set up a MySQL server at home?
20:03 <@Dagmar> Slap Ubuntu on something and turn it on, get to the mysql> prompt and start plugging it at
20:03 < frenzy> but just for reassurance, if i'm breaking it and generating the mysql error then i am infact in the right spot to add something after my ' to "close" the select?
20:03 <@Dagmar> If your ' broke it then another one will probably result in a syntax that at least doesn't have unbalanced quote marks
20:04 < frenzy> yeah i have a vm running with ubuntu. i'll just see if I can recon the db version some other way, install and start playing
20:04 <@Dagmar> It might freak out a different way bacause you're specifying '' (i.e., empty string) for an argument but it's a step in the right direction
20:04 < frenzy> gotcha
20:04 <@Dagmar> Try ''SELECT VERSION(); all encoded up
20:05 <@Dagmar> *derp* make that ''; SELECT VERSION();
20:05 <@Dagmar> Actually.  *facepalm* I should not do this shit while I'm eating
20:05 <@Dagmar> I can't brain
20:06 < frenzy> lol
20:07 <@Dagmar> They're using ' for quote marks.  Very fun.  Yours makes a new closing quote.... '; SELECT VERSION(); SELECT * WHERE user='lol
20:07 < frenzy> do i still need to pass shit after my encoded ' encoded? all of it in utf-8?
20:07 <@Dagmar> If encoding the quote got it past some filter and into a "live" context, then you mgiht as well encode the whole payload
20:07 <@Dagmar> You know it's going to be unwrapped
20:07 < frenzy> got it
20:08 <@Dagmar> This is why you should immedaitely consider it suspect when you're looking  at someone's PHP and you see some shit like urlencoded(httpencoded(omgwtfencoded(bbqencoded($value))))
20:08 <@Dagmar> Someone threw everything at some shit without thinking
20:11 < frenzy> ahhaha
20:11 <@Dagmar> Also stacked(encoding(mania(is(frequently(used(to(avoid(detainting($lol))))))
20:12 <@Dagmar> There's a difference between sanitization/de-tainting and data validation, but for the purposes of our discussion, no one gives a fuck
20:13 <@Dagmar> ...although I can argue that English makes this exceptionally fun.
20:13 <@Dagmar> ...since data valdation frequently involves checking for values that are just fucking insane, it's a different type of sanity
20:13 <@Dagmar> ...or sanitization.  ...or perhaps sanification.
20:14 <@Dagmar> Like ORDERQUANTITY > 99999999 == FUCK THAT
20:16 <@Dagmar> Mmmm... delicious English magnets.
20:17 < frenzy> if doing a SELECT do we have to have a FROM? also, where the f do i find from...
20:17 < frenzy> can i jump to WHERE without it?
20:17 <@Dagmar> Umm... maybe
20:17 <@Dagmar> I r not DBA
20:18 <@Dagmar> FROM specifies the table or possible some other really arcane construct in SQL-ese.  It's been my experience that if you've already selected the particular table through some other way (like "use goddamntable;" it can be omitted.
20:18 <@Dagmar> If you were going to be all teenage boy about it and go straight for mysql.db, you'd probably want to use FROM mysql.db
20:18 < frenzy> kk, well thanks for the helps, i think i can't avoid reading some booksqls
20:19 < frenzy> haha, ok roger that
20:19 <@Dagmar> Yes, you'll need to know just enough MySQL to get by
20:20 <@Dagmar> You don't need to be a DBA, but you can't very well instruct the MySQL server to do your bidding if all you say to it is incoherent gibberish.
20:20 < frenzy> right... i'm speaking msql ebonics
20:20 < frenzy> close but not correct.
20:20 <@Dagmar> Yep.  :)
20:22 < Evilpig_> if you knew what sql statement was being called and thepoint at which you're injecting it would be a little easier to write a good injection
20:22 <@Dagmar> Yep.
20:23 < frenzy> im pretty sure it's a SELECT being called.
20:24 < Evilpig_> that's almost a given
20:24 < frenzy> but yeah, i'll keep digging. thanks for the guidance
20:24 <@Dagmar> I don't even know what kind of shit you would do with user input that wouldn't involve a select
20:25 < Evilpig_> an update or possibly truncate
20:25 <@Dagmar> Again, I r not dba
20:25 <@Dagmar> :)
20:27 -!- Vyrus001 [~Vyrus001@209.159.137.117] has joined #se2600
20:30 < Evilpig_> the phrase you want to inject and try to get to run that will give you the most ammo is "show tables;"
20:30 < Evilpig_> getting it to run that is the trick
20:32 < frenzy> well at least that narrows it down. i'll do some digging on variants on show tables
20:34 < Evilpig_> assuming the variable you're injecting is on the where clause. you should be able to do something like:
20:35 < Evilpig_> name';show tables;
20:35 <@Dagmar> aestetix: So how is it that someone on this mailing list is even bothering to include a footer full of legal bullshit we know to be completely unenforceable?
20:35 < Evilpig_> you'll still have the last quote to deal with but build another simple statement to use it
20:36 <@Dagmar> easy-mode solution: Go find someone else's injection exploit and see what they used.
20:36 <@Dagmar> Only bitches reinvent the entire wheel every time.
20:37 <@Dagmar> For the rest of us it's called "learning by example".
20:37 < frenzy> .
20:37 <@Dagmar> ...what they used for the _third_ piece you need.
20:37 < frenzy> yeah, this is good though. it's making me learn what's actually going on(ish)
20:37 <@Dagmar> Not the whole thing
20:38 < frenzy> besides, i tried a lot of canned inputs and nothing seems to work. it might be my encoding i guess.
20:38 <@Dagmar> Very possibly
20:38 < frenzy> also, will it always require a closing ' ?
20:38 < Evilpig_> basically once you get to where it will barf out the tables. it's owned
20:38 < Evilpig_> cause at that point you just change out that middle statement to whatever you want to probe with, add something, etc
20:39 < frenzy> right
20:39 <@Dagmar> http://sqlzoo.net/hack/ may help
20:39 < GateKeeper> Title: SQL Injection Attack (at sqlzoo.net)
20:40 <@Dagmar> Specifically http://sqlzoo.net/hack/12access.htm talks about the third part that always returns true and is just there to gobble up the ' that's on the far right of your evil input
20:40 < GateKeeper> Title: SQL Injection Attack - Gain Access (at sqlzoo.net)
20:40 < frenzy> thank you. will check out now
20:43 < frenzy> thank you all for your patience, i know this is silly newb stuff. just trying to get my head around basic web security shiz.
20:46 < Evilpig_> the thing to take away from this is always properly escape your strings.  users are evil, never trust them.
20:47 < frenzy> fo sho
20:50 <@aestetix> vagina
20:51 <@aestetix> Dagmar: yes I know
20:52 <@Dagmar> frenzy: Unfortunately since my concience won't shut the fuck up about it, I am now forced to point out that if this is supposed to be about cross-site request forgery, that perhaps compromising the database _directly_ is not what they're looking for.  ;)
20:53 <@Dagmar> ...but hey they shoudln't be teaching hacking with systems quite so vulnerable as all that
20:53 <@Dagmar> hehe
20:53 < frenzy> yeah, i know, that is in the back of my head. i think there might be something else involving the POST to the login.php file. or the fact that the login forwards to a subdomain
20:55 <@Dagmar> Well, typically you convince the user's browser to go from your springboard site back to the site you want to use them as a puppet on
20:55 < frenzy> yeah but i have no way to add a site or phish a user
20:56 <@Dagmar> ...which is sort of part of the reason for the difference in idempotence between GET and POST but who really pays attention to that anyway... Arguments are arguments, I always say.
20:58  * frenzy just googled idempotence
20:59  * frenzy feels impotent
21:03 -!- whisk3y [~whisk3y@74.197.65.10] has joined #se2600
21:04 <@Dagmar> Basically it indictes whether or not the query can be repeated with the same result, particularly because it changes no data on the remote end.
21:04 <@Dagmar> Like, a GET is not allowed to give an instruction to delete a file.
21:04 <@Dagmar> You are supposed to do a POST for that.
21:04 <@Dagmar> Otherwise, Google comes along and rapes your webserver.
21:05 <@Dagmar> It follows GETs.  *All* GETs that look even remotely interesting.
21:05 < frenzy> hey this is whisk3y, friend of mine. working on this with me..
21:05  * frenzy points at whisk3y
21:05 <@Dagmar> Hm... Don't mind if I do!
21:06 <@Dagmar> lol
21:06 <@Dagmar> My backpack contains exactly no laundry.  Let's try that again
21:06 < whisk3y> lol sup
21:18 < frenzy> MySQL 5.0.11
21:21 < spaceB0x> frenzy: what is this for exactly? class?
21:26 <@aestetix> well
21:26 <@aestetix> Dagmar: you know, if they are there to teach him SQL injection among other things, it's not his fault if the lesson was in the wrong module
21:28 < whisk3y> Yes. its a Pentest course we have both been working on. Our material lays the basics but since it is online and mainly slide based for self study it leaves a lot of grey area at times.
21:30 < spaceB0x> whisk3y: ahh I see. I have actually been working on similar stuff
21:30 < frenzy> yes and this module had csrf and other topics but is building on xss lessons from the past so ya know, who fucking knows.
21:30 < spaceB0x> not for class but for grins...
21:30 < whisk3y> basically same thing we are doing. its in our free time.
21:31 < frenzy> but it's not 'free' right whisk3y, haha
21:31 < whisk3y> lol true dat
21:31 < whisk3y> chained to the computer. because im so pissed off this shit wont work.
21:32 < frenzy> have fun. i'm going to watch netflix
21:33 < whisk3y> later
21:37 < spaceB0x> well good luck to you both
21:37 < whisk3y> thaks man
21:37 < frenzy> thanks spaceB0x
21:37 <@Dagmar> Damnit I updated all the things last night
21:42 < whisk3y> This might be a dumb question but could the fact that the page is trying to redirect me be an issue? i.e. <head><title>Document Moved</title></head>
21:42 < whisk3y> <body><h1>Object Moved</h1>This document may be found <a HREF="../index.php">here</a></body>
21:42 < whisk3y> Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
21:55 <@Dagmar> It's probably an idiotic attempt to send you to a 403 page.
22:15 < whisk3y> Can someone explain this a little better? If we are getting a mysql_fetch_array() error, and lets say that the way it is used is as follows: ($row = mysql_fetch_array($result)) and $result=mysql_query("SELECT * FROM `users` WHERE username='$username'"); am still just breaking the query since the array is using $result? Or am i just completely over thinking this?
22:20 <@Catonic> drank
22:21 -!- frenzy [~fre3nzy@74.197.33.168] has quit [Ping timeout: 256 seconds]
22:25 -!- whisk3y [~whisk3y@74.197.65.10] has quit [Quit: Leaving]
22:26 <@aestetix> ok this is great
22:26 <@aestetix> two hot girls are in the next room taking their clothes off
22:26 < spaceB0x> can you see through walls?
22:26 <@aestetix> well there is a sort of curtain hanging between the rooms
22:27 < spaceB0x> lol
22:27 <@aestetix> I am enjoying the view
22:28 <@aestetix> coding and watching a photo shoot
22:28 < spaceB0x> are they aware of your presence?
22:28 <@aestetix> yes
22:28 <@aestetix> they are in my living room :)
22:28 < spaceB0x> well that's good at least heh
22:29 <@aestetix> you know the night is good when you can answer "what color panties is she weawring"
22:31 < spaceB0x> do you live with models or something?
22:31 <@aestetix> sometimes
22:32 < spaceB0x> lol. That is the Charlie Sheen answer.
22:38 -!- spaceB0x [~spaceB0x@c-68-52-126-92.hsd1.tn.comcast.net] has quit [Quit: leaving]
22:39 -!- frenzy [frenzy@74.197.33.168] has joined #se2600
22:49 < RangerZ> I've dated models, not that rare actually, lol, though aestetix has to be careful, most of his partners are coming down with pron-HIV now
22:52 <@aestetix> har har
22:54 < RangerZ> 4th porn star now with HIV
22:58 < RangerZ> so Larry Page is being Demo'd the MakeWithMoto device we made at Vandy
22:58 < RangerZ> that aught to be pretty cool
23:06 -!- frenzy [frenzy@74.197.33.168] has quit []
23:06 <@Dagmar> Damn the humidity is awful
23:16 < RangerZ> http://www.youtube.com/watch?v=PI4VGCy10FY
23:16 < GateKeeper> Title: Racists Receipt Goes Viral, Waitress Suspended - YouTube (at www.youtube.com)
23:16 < RangerZ> fucking nashville....
23:17 <@Dagmar> She was suspended with pay.
23:17 <@Dagmar> _with_ pay
23:17 < RangerZ> i'm not upset about the suspension
23:17 < RangerZ> the couple
23:17 < RangerZ> is what is the problem
23:18 <@Dagmar> Yeah, they were dicks
23:18 <@Dagmar> As long as this "pay" isn't $2.13/hour, it sounds like she's getting some paid nights off.  Heh
23:18 < RangerZ> it is
23:18 < RangerZ> b/c thats how TN rolls
23:19 < RangerZ> i can't wait for VW to give a union to the workers in TN
23:19 < RangerZ> and PISS OFF all the GOP politicans down here
23:19 < RangerZ> lol
23:19 <@Dagmar> I'd like to see someone make an IT worker's union
23:19 <@Dagmar> You know their website would be *pimp*
23:20 < RangerZ> they were reporting on NPR that they were  bitching and moaning about that , lol
23:20 <@Dagmar> If a union managed to get in the door, you weren't paying your people well
23:20 < RangerZ> VW offered it
23:20 <@Dagmar> Interesting
23:20 < RangerZ> b/c they don't want the bad PR back home of taking advantage of a 3rd world nation
23:20 < RangerZ> i mean...
23:21 < RangerZ> lol
23:21 <@Dagmar> lol
23:21 < RangerZ> and yeah, i think IT and CS , etc
23:21 < RangerZ> all need to go the way of the 'engineer'
23:22 <@Dagmar> Hell we _are_ engineers
23:22 < RangerZ> have it be a crime to state you're an engineer, without passing the state exam
23:22 < RangerZ> HousePlant can put "networking engineer", "software engineer", and "Communications Security Engineer" on his resume
23:22 < RangerZ> ....thats a problem....
23:23 <@Dagmar> Yes, well, I'm starting to think he's exactly the kind of employee Vandy needs
23:24 <@Dagmar> If they're not going to pay people, and continue to hire people who are just barely qualified for the job, they deserve the mediocrity they get
23:24 <@Dagmar> The admin position open in EAI was opened because the last guy they hired turned out to be full of hot air
23:25 < RangerZ> I actually think you 'should' hire people like that, but at starting wage employees, testing them out, and training them
23:25 <@Dagmar> Yes, I did say they actually _fired_ someone
23:25 <@Dagmar> They were apparently unsuited to the task
23:25 < RangerZ> wow, didn't know that
23:25 <@Dagmar> It makes me want back over there even more
23:25 < RangerZ> nice
23:25 <@Dagmar> There is no hope of advancement at ITS
23:25 <@Dagmar> None.
23:26 <@Dagmar> THe guy they hired as an architect, by his resume, appears to be a master of self-promotion and reading reports
23:27 < RangerZ> nice...
23:27 <@Dagmar> The admin they hired, I'm going to tell point blank, "Stick with it.  Be prepared for anything.  Learn some new stuff.  BUild your resume items up... and for god's sake get the hell out before two years goes by."
23:48 <@aestetix> https://medium.com/surveillance-state/8962748ae446
--- Log closed Wed Sep 11 00:00:03 2013