--- Log opened Fri Dec 02 00:00:13 2016
00:34 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-kgrhtombxoqqzudq] has quit [Quit: Connection closed for inactivity]
03:47 < aestetix> ok, so the new york times has TWO authors I can respect
03:47 < aestetix> http://www.nytimes.com/2016/12/01/opinion/who-can-tell-the-future-of-the-democratic-party.html
03:47 < PigBot> "Couldn't snarf url: HTTP Error 303: The HTTP server returned a redirect error that would lead to an infinite loop.\nThe last 30x error message was:\nSee Other. http://tinyurl.com/ju25834"
03:48  * aestetix is a big fan of articulate opinions backed by data
05:14 <@Dolemite> mr0ning, be0tches and h0ez!
05:14  * aestetix hugs Dolemite 
05:34 -!- xray [~xray@boppity.cc.gatech.edu] has joined #se2600
05:58 < aestetix> wow
05:58 < aestetix> xray: I shared that video with someone in another channel
05:58 < aestetix> the reaction was immediate, swift, and stron
05:58 < operat0r[m]> I am sorry I did not catch that let me transfer you to a representative
05:58 < aestetix> (I'm pretty sure they are young, probably in college right now)
06:00 < xray> I think all the people moaning about the election would take issue with the video.
06:00 < _NSAKEY> aestetix: Did somebody get triggered?
06:00 < aestetix> well they claim they watched a couple minutes of it and then turned it off
06:01 < aestetix> and proceeded to spew some nonsense about how language works
06:01 < xray> They are all about personal freedom except when it comes to your freedom to disagree with them.
06:01 < aestetix> my only hope is that in a few years some of these kids have to deal with real life and grow up a little
06:01 < aestetix> It reminds me a bit of how many tech workers I know who have never had a non-computer job
06:02 <@Dolemite> What video?
06:02 < aestetix> (this was shocking to me. I thought everyone had at least some shitty job in highschool)
06:02 <@Dolemite> I want some trigger warnings
06:02 < xray> A radio talk show host here once said, "I wish I was 20 again and back in college so I could know everything."
06:02 < aestetix> https://www.youtube.com/watch?v=04wyGK6k6HE
06:02 < PigBot> Title: Joe Rogan Experience #877 - Jordan Peterson - YouTube (at www.youtube.com) http://tinyurl.com/zvwphvd
06:03 < xray> Jordan Peterson also has his own Youtube channel but I haven't checked it out yet.
06:03 < aestetix> well I'm fascinated with the holocaust and how the nazis happened
06:04 < aestetix> I don't know a lot about the gulag though
06:04 < xray> They touched on that in the video
06:04 < aestetix> right
06:04 < aestetix> the US is in a very precarious position right now
06:04 < aestetix> I'm kind of glad Trump won because Hillary relied way too much on identity politics
06:04 < aestetix> but I will never say that anyone outside here ;)
06:05 < xray> In trying to be inclusive they excluded everyone else that doesn't think that way.
06:06 < operat0r[m]> Talking about security is enough to get everyone on a soap box we don't need to add politics wait am I on a soapbox
06:06 < xray> Society is based on common purpose and values. If everyone is a special snowflake with different values then society crumbles.
06:08 < xray> This is why we will never get the "average person" to be security conscious. http://boingboing.net/2016/11/28/people-really-really-suck-at.html
06:08 < xray> People really, really suck at using computers
06:08 < _NSAKEY> xray: You could have stopped at "People really, really suck" and wouldn't have been inaccurate.
06:08 < xray> LoL
06:09 < xray> brimstone and I are hosting NetKotH at the atl2600 meeting tonight.
06:10 < _NSAKEY> Has anyone built Metasploitable3 on Linux yet?
06:11 < xray> It is a Windows Vm so you could host it on Linux
06:12 < xray> Since it uses Virtual Box it should be buildable on a Linux host.
06:14 < _NSAKEY> xray: I'm more interested in building a Linux VM, but don't want to be the trailblazer who does it first.
06:16 < xray> If you build it on Windows wouldn't the resulting VM files be portable to a Linux host.
06:17 < _NSAKEY> I want the VM itself to be a Linux VM.
06:17 < _NSAKEY> <---- Militantly anti-Windows, and will choose not running Metasploitable 3 if it means not having to interact with Microsoft products.
06:17 < xray> The Metasploitable GitHub site says it only works on a Windows server VM.
06:18 < xray> I suppose you could reverse engineer the build process and substitute Linux.
06:19 < xray> I was surprised to see that it required Windows.
06:19 < xray> Previous versions didn't
06:19 < _NSAKEY> Yeah, I think that windows as a requirement is total bullshit.
06:20 < _NSAKEY> I already have enough complexity with my NetKotH setup, just based on the fact that I won't use VirtualBox or VMWare.
06:21 < xray> What are you using?
06:21 < _NSAKEY> KVM/libvirt. I have to keep VirtualBox around to make life a little easier.
06:22 < _NSAKEY> The conversion process consists of starting to import the OVA long enough to see what OS/version is used, converting to qcow2, and then using a hand-rolled XML file + "virsh define" to set up the VM.
06:23 < _NSAKEY> I installed a lot of random stuff by hand to get base system templates, and just re-use the XML files that define those VMs to make those converted disks play nice with my set-up.
06:23 < _NSAKEY> Metasploitable2 is supposed to be used with VirtualBox, but I was able to get it working on my headless KVM box.
06:24 < xray> I can understand not liking VMware but what's wrong with VirtualBox (besides Oracle).
06:24 < xray> and the VirtulBox tools license.
06:24 < _NSAKEY> I could probably have added a decent GPU to the particular server I used this year and gone with VirtualBox, but 1. I don't hate myself that much, and 2. I'm moving the NetKotH VMs to a 1u for next year.
06:25 < _NSAKEY> xray: I have a fetish for using terminal tools if it means I can get out of using a GUI.
06:25 < xray> VirtualBox has a robust command line.
06:25 < _NSAKEY> It does, but I also wanted to learn to deal with KVM.
06:26 < _NSAKEY> At this point, I'm more comfortable with KVM vs VirtualBox.
06:26 < xray> My biggest gripe with virtualbox is the PUEL license for the tools. They changed it to be much more restrictive.
06:26 < _NSAKEY> There's also the fact, as you pointed out, that Larry Ellison is the devil incarnate.
06:27 < xray> I use all three here but I do most of my experimentation in VirtualBox
06:27 < _NSAKEY> VirtualBox is great for experimenting on your desktop. I can't knock it for that.
06:28 < xray> We use Red Hat for production Linux but I prefer Debian.
06:28 < _NSAKEY> But, I had access to better hardware that wouldn't have lended itself to dealing with VirtualBox in a very meaningful way, and I didn't feel like keeping a cheat sheet on hand.
06:28 < _NSAKEY> By contrast, I can deal with virsh while being at a black-out level of tiredness.
06:30 < _NSAKEY> If I was going to replicate the general VM server set-up using something like VirtualBox, I would just say to hell with it and use the GUI and get my hands on something like an old HP z-series workstation to manage it.
06:31 < _NSAKEY> To be fair though, the way I ran NetKotH this year was hilariously over-engineered. I'm pretty sure benthemeek thinks I'm crazy.
06:33 < xray> For the first NetKotH I installed Kali as the host O/S and then installed VirtualBox for all the VMS. I used the console on the server to manage the VMs with the GUI. Since I used Kali I had all the tools I could ever need to analyze the network traffic.
06:34 < xray> brimestone has been looking at ways to simplify NetKotH setup for the average user.
06:34 < _NSAKEY> Was that for PN18?
06:34 < xray> Yes
06:34 < _NSAKEY> Did you save the pcaps?
06:35 < xray> I hadn't considered that until someone at the con suggested it. I put it on my list of mods for the next one.
06:37 < xray> He and I have discussed a bootable image that could be installed on an external hard drive that is a completely self contained NetKotH.
06:37 < _NSAKEY> As in, you boot it up and you have a VM server, scoring system, etc?
06:38 < xray> yep
06:39 < _NSAKEY> I think it's good that we're thinking of different approaches to the back-end administration of the game.
06:39 < xray> If there is only one graphics interface on the machine you could use any computer with a browser connected to a projector to display the scores but technically the contestants can do that for themselves.
06:40 < xray> I kind of take building complex systems from bare metal for granted.
06:40 < _NSAKEY> I'll probably borrow a projector for next year. It's a good idea, and I can position it so that any asshat who tries to mess with the AC is forced to blind themselves.
06:40 < xray> It dawned on me that most of the students here would love to run one but don't have the technical skill to build it.
06:41 < _NSAKEY> This year's sudden death round might have had more people watching if there had been a projector showing the scores.
06:41 < xray> Don't look into the light!
06:41 < xray> It would also be kind of cool to show the scores in other rooms.
06:41 < xray> Like a sports bar for hackers.
06:44 < xray> I would love to have a build system that works like Metasploit. Connect bare hardware to the net (behind a firewall), boot from a DVD or USB drive, pick an O/S, pick the challenge VMs, and push the button. Presto, NetKotH.
06:44 < _NSAKEY> That could be fun.
06:45 < xray> I need to start a list of our favorite challenge VMs
06:46 < xray> I'll talk with brimstone tonight about how we want to organize the GitHub site.
06:46 < _NSAKEY> My particular set-up is complex enough that I'm going to have to build a bus folder for it. I already found the actual folder, selected because it was in the clearance aisle and because it has a pocket that will hold a USB stick with copies of VMs.
06:46 < _NSAKEY> I've got some ideas about that, re: The GitHub site and projects on it.
06:46 < xray> Excellent.
06:47 < xray> I will have time over the holidays to do some hacking.
06:47 < xray> I may be getting some servers for my portable rack after the first of the year. I have a router and switch already.
06:48 < _NSAKEY> Are the router/switch managed? After seeing how the game got utterly ruined by arpspoof, I won't be allowing that again.
06:48 < xray> In the mean time I have my own research rack full of servers I can experiment with as soon as they finish the machine room renovations.
06:48 < xray> All the machines are off so they don't suck in the dust.
06:49 < xray> Yes its enterprise class Cisco gear.
06:50 < xray> The switch is a 48 port 3560 with POE. The router is a 2800 series.
06:51 < xray> lavalamp donated them to the cause.
06:52 < xray> It is also possible to build a software defined network with vlan isolation to prevent the arpspoofing.
06:53 < xray> NetKotH could eventually have some serious features/engineering behind it and still be easy to setup.
06:54 < _NSAKEY> I might take some of this bus folder stuff I'm going to write up and put it on github.
06:54 < xray> I have discovered that what I consider simple is not really that simple so I have to be careful how far I push the envelope.
07:26 < aestetix> so I have not tested, but I think my german is definitely to A2 level
07:27 < aestetix> Ich will Deutschsprechen. Wo ist klixa?
07:40 <@Dolemite>  WTF.  People actually believed that there was a pedophile ring run out of a DC pizza joint by Hillary Clinton and John Podesta?
07:40 < aestetix> hahahaha
07:40 <@Dolemite> I just.   I just.  Fuck.  We're fucked.
07:40 < aestetix> is that actually on a news site?
07:40 <@Dolemite> http://www.cnn.com/2016/12/02/politics/russia-fake-news-reality/index.html
07:40 < PigBot> Title: The reality behind Russia's fake news - CNNPolitics.com (at www.cnn.com) http://tinyurl.com/gl75aa2
07:40 <@Dolemite> Of course, now people are going to say that it's just the liberal media trying to save face.
07:41 < aestetix> so wait a second
07:41 < aestetix> isn't the role of journalists to filter out fake news?
07:41 < aestetix> although 'pizzagate" is so fucking stupid who would actually believe that?
07:41 <@Dolemite> Not according to those who want to believe the fake news
07:41 <@Dolemite> Ok, what about the Trump spokesperson that yesterday stated that there's no longer such a thing as facts?
07:42 < aestetix> well that's a bit different
07:42 <@Dolemite> If enough people believe something, it's true, according to her.
07:42 < aestetix> if you have functional journalism that fact-checks things, and people still want to believe idioy, that's one thing
07:42 < aestetix> idiocy*
07:43 < aestetix> Also, if Clinton's health were an issue, there are tools in the fucking constitution to deal with it
07:43 <@Dolemite> Because an orange skinned septagenarian is the picture of health.
07:43 < aestetix> especially mental health
07:44 <@Dolemite> Crooked Hillary!
07:48 < _NSAKEY> Dolemite: Quit exhibiting your racial prejudice against orangekind. There are (probably) other channels for that.
07:49 <@Dolemite> Trigger Warning:  I squeeze the life out of oranges and drink them for breakfast.
07:49 < _NSAKEY> That sounds like a hate crime.
07:49 <@Dolemite> No, it's all passion
07:50 < aestetix> the passion of the orange?
07:50 <@Dolemite> Actually, I don't do the squeezing.  I have immigrant workers do that for me.
07:50 < aestetix> I do have to ask though
07:50 < aestetix> why was Trump able to get Carrier "fixed" so quickly?
07:50 < aestetix> Like, why didn't Obama do anything?
07:51 <@Dolemite> Because two days ago Bernie Sanders recommended that Trump act like an oligarch (not using that word, but that's essentially what he asked for) and take away Carrier's parent company's defense contracts.
07:52 <@Dolemite> Now if you were the head of United Technologies (Carrier's parent) and paid any attention to how vindictive The Orange One is, wouldn't you bow?
07:52 < aestetix> So Obama could have done that, but differentl.
07:52 < aestetix> er, but didn't
07:53 <@Dolemite> Well, sure, if he were acting like The Mad King
07:53 < aestetix> Well if it's the difference between thousands of jobs leaving the US, a king does not sound so bad
07:54 <@Dolemite> Ok, so we're back to the government spending being influenced by who kisses his ass the best, rather than who does the best job?
07:55 < aestetix> I don't mean this to be a precedent to be universally applied
07:56 < aestetix> But I suspect those Carrier factory workers will have a much better christmas now
07:56 <@Dolemite> The tax deal that they got was also on the table before the election even happened
07:57 <@Dolemite> It's 100% about fear of retribution from the king
07:57 < aestetix> interesting
07:57 < aestetix> So the big difference is that everything thinks Obama is a pussy and everyone is scared shitless of Trump?
08:00 <@Dolemite> That's one way to interpret it
08:00 <@Dolemite> Trump has already shown that he doesn't even see the lines that he's not supposed to cross in relation to business and government
08:00 < aestetix> This is true.
08:01 < aestetix> plus it's clear that Trump is all about the optics
08:02 < xray> like Iraw hostages with Reagan and Carter?
08:02 < xray> As soon as Reagan got elected, Iraq released them.
08:03 < aestetix> good point
08:03 < aestetix> well there was other stuff going on there too
08:03 < aestetix> but yeah
08:03 < aestetix> (IE carter also lost because he appointed volcker to the federal reserve...)
08:28 < aestetix> ok xray the last hour of this is REALLY good
08:28 < aestetix> well last 30 minutes
08:45 <@opticron> are there any southeast infosec conferences happening in the next 6 months?
08:52 < _NSAKEY> opticron: SouthEast LinuxFest is generally held in June. That's slightly outside your 6 month window, but it's the first thing that came to mind.
08:52 < _NSAKEY> There are also countless BSides events.
09:00 <@opticron> thanks, the guy running the asterisk project is looking to do more in the community
09:02 <@Dolemite> He used to come present at PhreakNIC back in the day
09:04 <@opticron> yeah, but that was mark and he's not involved anymore
09:05 <@opticron> he's busy making experimental flight controls using commodity hardware
09:06 <@opticron> there have been several project owners since then
09:06 <@opticron> kpfleming, mspiceland, mjordan, and now mfredrickson/creslin
09:11 < aestetix> xray: just finished it
09:12 < aestetix> that might be the best podcast I have ever heard
09:13 < xray> I'm about 1/3 of the way through.
09:13 < xray> So far it has been awesome.
09:13 <@Dolemite> The Joe Rogen one?
09:13 < xray> yes
09:13 <@Dolemite> I stopped after about an hour
09:14 < xray> The guy he is interviewing has his own youtube site. I want to check that out as well.
09:14 < aestetix> near the end he gets into some really deep stuff
09:15 < aestetix> what's ironic is that this is the same stuff I've run into with nymrights
09:15 < aestetix> but the reaction is completely flipped
09:17 <@Dolemite> He was spot on calling the whole pronouns issue a manifestation of narcissim.  At that point I'd hit my trigger of what I could listen to without wanting to explode like the man at the end of Monty Python and the Meaning of Life.
09:19 < aestetix> yep
09:19 < aestetix> I'd say the key difference with what I've been doing and these pronoun activists is that I try very hard to work within the system.
09:20 < aestetix> IE I have no issue with a police officer requesting government issued ID. I have a major issue with Facebook requesting it.
09:21 <@Dolemite> Well, Facebook isn't a necessity.  It's a luxury that you are asking to participate in, so they should be able to set the terms.
09:21 < aestetix> Well sure
09:21 <@Dolemite> Is it necessary for them to need to verify your identity?  Hell no.
09:21 < aestetix> But the actual issue is that a government issued ID is a legal document, and police officers are agents of the law. So it actually completely falls within their domain.
09:21 <@Dolemite> So socially, they're shitheads.  Legally, though, they're within their rights.
09:22 < aestetix> Facebook is not within the realm of law, therefore it is illogical to make such a demand.
09:22 < xray> What is this Facebook you speak of? :-D
09:22 < aestetix> haha
09:22 < xray> I think I have heard of them. They facilitate destruction of your OPSEC.
09:23 < aestetix> That is a very mild way of putting it ;)
09:23 < aestetix> BTW, you guys are lucky you're only dealing with pronoun nonsense
09:23 <@Dolemite> xray: It's a reference tool utilized by divorce lawyers
09:23 < aestetix> I have several friends in the bay who regularly change their names, usually after some major event, but sometimes just due to their mood
09:24 < aestetix> So not only do you have all these fucking gender types, but you have to remember whether your friend has a new name or not
09:24 < aestetix> And it's not a matter of self expression, because usually actual self expression has some kind of meaning behind it. It's completely narcissism.
09:25 < aestetix> I just hope this trend dies down soon.
09:25 < xray> AirDroid == pwned
09:26 < xray> https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
09:26 < PigBot> Title: Analysis of multiple vulnerabilities in AirDroid Zimperium Mobile Security Blog (at blog.zimperium.com) http://tinyurl.com/jgjygxw
09:27 < aestetix> oh wow
09:27 < aestetix> http://www.sflrcs.org/conference/vancouver-2/
09:28 < PigBot> Title: Upcoming Conferences 2016 Vancouver Regional Conference Students For Liberty Regional Conferences 2016 | North America (at www.sflrcs.org) http://tinyurl.com/hqq4vm9
09:28 <@Dolemite> AirDroid seems like a thing that shouldn't even really exist.  You carry a phone to give you some of your PCs features when you're not at your desk...   so now you want to control your phone from a PC?
09:31 < aestetix> This professor is awesome
09:36 < xray> Possible cyber war in Saudi Arabia
09:36 < xray> https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
09:36 < PigBot> Title: Destructive Hacks Strike Saudi Arabia, Posing Challenge to Trump - Bloomberg (at www.bloomberg.com) http://tinyurl.com/hhq789j
09:41 < xray> http://www.theregister.co.uk/2016/12/02/hackers_waste_xbox_one_ps4_macbook_pixel_with_usb_zapper/
09:41 < PigBot> Title: Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper • The Register (at www.theregister.co.uk) http://tinyurl.com/zxr7agp
09:51 <@rattle> That situation is fairly complex.  The IR/SA conflict is in many ways, the central conflict of the region, even though it's never heated up.  Either the US or Iraq has been there to dethorn it..
09:52 <@rattle> Oblique references to the Syrian refugee crisis in the malware code too.
09:53 <@rattle> I think Iran is expecting the new administration to play hands off as much as possible in the region, so is poking the Saudis with a stick because it knows they can get away with it.
09:59 -!- fie [~fie@ip72-206-22-57.fv.ks.cox.net] has joined #se2600
10:28 < xray> just saw a rumor that Solaris and Sun hardware are headed to the scrap heap https://www.thelayoff.com/t/KBEVoB1
10:28 < PigBot> Title: Solaris being canned, at least 50% of teams to be RIFd in short term - post regarding Oracle Corp. layoffs (at www.thelayoff.com) http://tinyurl.com/zsyge9h
10:47 <@Dagmar> Someone needs to slap the shit out of that Bloomberg reporter for trying so hard to put explosives metaphors in the article
10:51 <@Dagmar> The humor that they used some malware which became a _known_ in 2012 tells me someone wasn't protecting their mission critical assets properly.
11:34 < _NSAKEY> xray: I thought about buying a USBKill, but then realized that there would be very few circumstances in which it could be used while not being totally rude.
11:40 < operat0r[m]> _NSAKEY the 3D cards are really cheap right now
12:15 <@Dagmar> Define "really cheap"
12:56 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-puhotwzfvtmizxlx] has joined #se2600
12:56 -!- mode/#se2600 [+o klixa-cloud] by ChanServ
13:04 < aestetix> http://edition.cnn.com/2016/12/02/politics/michigan-attorney-general-files-suit-to-stop-recount/index.html
13:04 < PigBot> Title: Michigan attorney general files suit to stop recount - CNNPolitics.com (at edition.cnn.com) http://tinyurl.com/zy2a9yu
13:05 < aestetix> klixa-cloud: wie gehts?
13:09 <@klixa-cloud> Gut, du?
13:09 < aestetix> Möde
13:09 < aestetix> er müde
13:10 <@klixa-cloud> Ich Auch
13:10 < aestetix> wenn besuchst du mir?
13:10 <@klixa-cloud> Nicht
13:10 < aestetix> warum?
13:12 < aestetix> Hasst du mich? :(
14:22 -!- xray [~xray@boppity.cc.gatech.edu] has quit [Quit: Leaving.]
16:20 < dasunt> Great, Trump gets elected and now people are speaking Nazi.
16:24 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-puhotwzfvtmizxlx] has quit [Quit: Connection closed for inactivity]
17:35 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-tpwossmwhrgvydvc] has joined #se2600
17:35 -!- mode/#se2600 [+o klixa-cloud] by ChanServ
21:14 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-tpwossmwhrgvydvc] has quit [Quit: Connection closed for inactivity]
21:18 -!- scottmjones [~scott@107-215-62-148.lightspeed.tukrga.sbcglobal.net] has joined #se2600
21:58 -!- scottmjones [~scott@107-215-62-148.lightspeed.tukrga.sbcglobal.net] has left #se2600 []
22:36 -!- klixa-cloud [uid861@gateway/web/irccloud.com/x-ytqffwbfswrrtblk] has joined #se2600
22:36 -!- mode/#se2600 [+o klixa-cloud] by ChanServ
23:26 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has quit [Ping timeout: 240 seconds]
23:38 -!- rhia [~rhia@2601:601:4000:da79:82ee:73ff:fe64:1308] has joined #se2600
23:38 -!- mode/#se2600 [+o rhia] by ChanServ
--- Log closed Sat Dec 03 00:00:16 2016