00:02.47 | *** join/#buglabs VishMac (~VishMac@cpe-74-73-151-138.nyc.res.rr.com) |
00:58.04 | *** join/#buglabs jedahan (~jedahan@subtle/user/jedahan) |
01:15.30 | *** join/#buglabs jedahan (~jedahan@subtle/user/jedahan) |
01:39.18 | *** join/#buglabs haveahennessy (~openpeak@c-76-110-76-214.hsd1.fl.comcast.net) |
04:06.38 | *** join/#buglabs c4milo (~c4milo@207-38-137-125.c3-0.avec-ubr2.nyr-avec.ny.cable.rcn.com) |
04:24.47 | *** join/#buglabs jedahan (~jedahan@subtle/user/jedahan) |
04:26.49 | *** join/#buglabs c4milo (~c4milo@207-38-137-125.c3-0.avec-ubr2.nyr-avec.ny.cable.rcn.com) |
06:10.40 | *** join/#buglabs Marrs (~marrs@planetmarrs.xs4all.nl) |
07:06.13 | *** join/#buglabs Marrs (~marrs@planetmarrs.xs4all.nl) |
07:54.29 | *** join/#buglabs Marrs (~marrs@095-097-179-234.static.chello.nl) |
08:38.03 | *** join/#buglabs jkridner___ (~jason@pdpc/supporter/active/jkridner) |
12:54.15 | *** join/#buglabs GNUtoo|laptop (~gnutoo@host29-81-dynamic.48-82-r.retail.telecomitalia.it) |
13:55.59 | *** join/#buglabs guillaum1 (~gl@AMontsouris-153-1-39-200.w90-2.abo.wanadoo.fr) |
14:19.21 | *** join/#buglabs barberdt (~barberdt@66.43.64.66) |
14:33.20 | *** join/#buglabs c4milo (~c4milo@66.43.64.66) |
15:44.50 | *** join/#buglabs jedahan (~textual@subtle/user/jedahan) |
15:45.05 | jedahan | http://www.leggetter.co.uk/real-time-web-technologies-guide << get on that list! |
15:48.09 | theterg_ | nyahhah, pusher |
15:49.33 | theterg | jedahan: i've passed the link along, thanks! |
15:51.06 | *** join/#buglabs VishMac (~VishMac@66.43.64.66) |
15:53.13 | jedahan | cool did you Yam it? |
15:54.19 | theterg | nahbro, there's this awesome new rfc we're using as a social media platform |
15:54.22 | theterg | it's rfc1149 |
15:54.52 | theterg | we're also going to be using it for the next generation of BUGswarm |
15:55.12 | jedahan | I heard AVIAN is going to be wrapped in a REST api for the next release of nodesocketjsio |
15:55.22 | theterg | TOTALLY ASYNCHRONOUS bro |
15:55.33 | theterg | packet order isn't even *ENFORCED* |
15:58.52 | jedahan | sounds like http://artoffailure.free.fr/index.php?/projects/laps/ theterg |
15:59.16 | jedahan | or rather http://artoffailure.free.fr/index.php?/projects/internet-erosion/ |
15:59.17 | jedahan | so close |
16:00.54 | theterg | neato |
16:01.02 | haveahennessy | you divas dont live together no more? |
16:01.50 | theterg | thereheis |
16:02.13 | haveahennessy | watching.. like an eagle |
16:02.37 | theterg | nahbro, we're still in park slope |
16:03.05 | haveahennessy | romance supercaliente |
16:03.16 | haveahennessy | amirite c4milo? |
16:03.24 | theterg | hey, thats *bromance* good sir |
16:03.27 | theterg | I mean, wait |
16:03.47 | theterg | damn. |
16:03.54 | haveahennessy | ha |
16:04.47 | c4milo | ohboy |
16:05.06 | c4milo | haveahennessy: you should play the Stripe capture the flag war game |
16:05.19 | haveahennessy | should I? |
16:05.22 | haveahennessy | convince me.. |
16:05.25 | c4milo | hehe |
16:05.27 | VishMac | shouldnt you |
16:05.29 | haveahennessy | do i have to purchase anything? |
16:05.36 | c4milo | haveahennessy: nah |
16:05.43 | haveahennessy | link? |
16:05.44 | c4milo | https://stripe.com/blog/capture-the-flag |
16:05.54 | haveahennessy | gracias |
16:06.03 | VishMac | i couldnt even ssh in properly |
16:06.15 | VishMac | so if you get past that…you're well on your way to dominance |
16:06.21 | jedahan | challenge: decode ==^^^bbeimmmovv |
16:06.32 | jedahan | i have guesses where to start but I know nothing about ciphers |
16:06.36 | jedahan | hints on how to learn ciphers? |
16:06.37 | haveahennessy | ha.. this looks interesting |
16:07.18 | c4milo | huh? |
16:07.30 | c4milo | haveahennessy: I got third level last night, then I got stuck |
16:07.43 | c4milo | then I had to go to sleep |
16:08.12 | c4milo | waiting for lunch time to continue trying |
16:09.18 | haveahennessy | ha |
16:09.40 | c4milo | it's fairly easy to get to the third level |
16:10.09 | jedahan | nice c4milo |
16:10.14 | c4milo | third level I think is a buffer overflow or stack overflow |
16:10.45 | c4milo | I don't have experience exploiting those |
16:10.47 | c4milo | :/ |
16:10.58 | haveahennessy | d-: |
16:11.04 | haveahennessy | first time for everything |
16:12.16 | c4milo | has to read Smashing the stack for fun and profit |
16:37.28 | jconnolly | heh, I sent that link out earlier too jedahan |
16:37.33 | jconnolly | scrolls back |
16:38.17 | jconnolly | c4milo: davidbalbert got to level4 with some help |
16:38.49 | jedahan | c4milo that paper seems like a great read |
16:38.57 | jedahan | ITS NOT MUNGing THE STACK |
16:38.59 | jedahan | NO MUNG |
16:39.01 | jedahan | , mang |
16:40.35 | jedahan | man who is this Clay Shirky guy he is everywhere |
16:45.05 | c4milo | jconnolly: nice |
16:45.38 | c4milo | jconnolly: is level04 a stack overflow right? |
16:46.42 | jconnolly | [11:46] <jconnolly> is level04 a stack overflow exploit? |
16:46.42 | jconnolly | [11:46] <davidbalbert> yeah |
16:46.43 | jconnolly | indeed |
16:46.58 | c4milo | cool |
16:47.11 | c4milo | jconnolly: in what level are you? |
16:47.24 | jconnolly | I'm not, I didn't get to it last night |
16:48.12 | jconnolly | davidbalbert irl: well it's a buffer overflow, but you overflow the stack so that you execute the code in the overflowed buffer, so it's both a buffer overflow that is exploited via a stack overflow |
16:50.44 | GNUtoo|laptop | hi, I think tslib is broken in core-based oe for the bug2.0 |
16:51.24 | c4milo | jconnolly: interesting. I identified the stack overflow but I haven't identify the buffer overflow. |
16:51.47 | c4milo | jconnolly: my first attempt was using gdb. lol |
16:52.58 | c4milo | jconnolly: then I realized gdb doesn't run the binary with suid for security purposes. |
16:53.05 | c4milo | ^.^ |
16:53.48 | jconnolly | ;D |
16:54.00 | GNUtoo|laptop | who should I talk to ? stefen is not there currently |
16:54.16 | GNUtoo|laptop | basically the problem is that angstrom uses more recent kernel headers |
16:55.25 | haveahennessy | jconnolly: has dalbert finished it? |
16:56.40 | jconnolly | I don't think so, I think he stopped at 4 |
16:56.56 | jconnolly | GNUtoo|laptop: stefan schmidt is no longer employed by buglabs. |
16:57.15 | GNUtoo|laptop | ahh that's why I don't see him anymore here |
16:57.19 | jconnolly | indeed |
16:57.24 | GNUtoo|laptop | who does the oe part then? |
16:57.48 | jconnolly | if you can describe the problem I can take a stab at it. |
16:58.17 | GNUtoo|laptop | yes but the solution requires a more recent kernel |
16:58.34 | c4milo | or we kindly accept pull requests :) |
16:58.34 | GNUtoo|laptop | tslib: Selected device uses a different version of the event protocol than tslib was compiled for |
16:59.17 | GNUtoo|laptop | the thing is that angstrom woulnd't allow to use another kernel headers version |
16:59.34 | GNUtoo|laptop | wouldn't allow means that you get insulted if you send a patch for it or something like that |
16:59.56 | GNUtoo|laptop | I must look |
17:00.02 | GNUtoo|laptop | I should ask how palmpre handle that |
17:00.13 | GNUtoo|laptop | maybe there is another way than upgrading the kernel |
17:00.26 | taylor|s1ries | i'm not sure palmpre is a good example for much these days. |
17:00.40 | GNUtoo|laptop | * it uses tslib |
17:00.47 | GNUtoo|laptop | * it's a very old 2.6.24 kernel |
17:00.49 | jconnolly | or support for bug hardware is only for angstrom 2008 or 03/2011 |
17:01.03 | GNUtoo|laptop | yes but I work only with core-based oe |
17:01.13 | GNUtoo|laptop | until now I used the xfce46-image |
17:01.26 | GNUtoo|laptop | so that didn't need a tslib driver |
17:02.33 | GNUtoo|laptop | byw I still must test the kernel patch for fixing the i2c |
17:02.38 | GNUtoo|laptop | s/i2c/spi |
17:03.10 | GNUtoo|laptop | so you have no one working on oe anymore? |
17:03.22 | GNUtoo|laptop | why did stefen leave? |
17:04.20 | taylor|s1ries | GNUtoo|laptop: we don't have a lot of work for him right now. |
17:04.34 | GNUtoo|laptop | ah ok |
17:04.52 | GNUtoo|laptop | you're busy with java stuff I guess |
17:05.00 | taylor|s1ries | something like that, yes. |
17:14.15 | c4milo | GNUtoo|laptop: Javascript stuff ^.^ |
17:14.48 | GNUtoo|laptop | ok |
17:14.55 | GNUtoo|laptop | the thing for the automotive |
17:15.04 | c4milo | haveahennessy: where are you? |
17:15.24 | c4milo | haveahennessy: level03? |
17:17.21 | GNUtoo|laptop | and there is the boss at the end of the level( ambigious) |
17:17.50 | haveahennessy | camilo.. dont have much time to play now.. |
17:17.59 | haveahennessy | i did the first one quick |
17:18.14 | haveahennessy | i'll try the next one later tonight maybe |
17:18.26 | haveahennessy | i dont know anything about web exploits |
17:42.36 | *** join/#buglabs Marrs (~marrs@planetmarrs.xs4all.nl) |
18:48.56 | *** join/#buglabs guillaum1 (~gl@AMontsouris-153-1-38-234.w90-2.abo.wanadoo.fr) |
19:10.55 | *** join/#buglabs c4milo_ (~c4milo@66.43.64.66) |
20:38.09 | *** join/#buglabs jkridner (~jason@pdpc/supporter/active/jkridner) |
21:15.09 | *** join/#buglabs c4milo (~c4milo@66.43.64.66) |
23:10.45 | *** join/#buglabs c4milo (~c4milo@66.43.64.66) |
23:37.04 | *** join/#buglabs jedahan (~jedahan@subtle/user/jedahan) |