I was annoyed that the bank my biz uses is increasing prices by 80%, and then I looked at NatWest and see that they charge at least £0.35 to do anything (receiving money, cash, paying something on card, really, the whole lot!) and now I am somewhat less upset
benjojo rss
Hope you never notice the outages I cause. Knows where the RFC2616 bodies are buried. recurse.com SP'2 18
Follow me using: @benjojo@benjojo.co.uk
in your client
benjojo
reposted 12 Dec 2024 11:15 +0000
original: equinox@chaos.social
Y'all know what... this #X11 -> #Wayland switch is a great parallel on why we haven't ditched and rewritten #FRRouting yet: Yes, it's >25 year old code, some of it truly toxic and radioactive, and some really poor design too. But writing a new one is yrs of pain to get it to 90% (that also need to be funded = 404 here), and then a decade to fix half the edge case hellbugs. It's written in the blood of previous users&bugs. (h/t @benjojo for that idiom, I had no wording for that concept before)
One for the Brits at the moment
benjojo
reposted 10 Dec 2024 13:22 +0000
original: q3k@social.hackerspace.pl
Double ~~barrelled~~ RJ45 QSFP+ module anyone? This monstrosity gets you 2x10G BASE-T in a single QSFP+ port (you are still throwing away 50% of port capacity here though) It bends around tight spots by the looks of it as well!
HPE Synergy Dual 10GBASE-T QSFP+ 30m RJ45 Transceiver 838327-B21
ooh, Kernel space OpenVPN dataplane on net-dev https://lore.kernel.org/netdev/20241209-b4-ovpn-v14-0-ea243cf16417@openvpn.net/T/ The KEX/Auth,etc stuff is still user space with this, vs wg being entirely kernel space Unsure what to think about this, seems like a "well if wg can do it, why can't we"
Keep having to slap my wrist whenever I nearly use sudo in VSCode terminals, like no! A chrome window does not get to elevate to root in any way!
benjojo
reposted 09 Dec 2024 11:54 +0000
original: HeNeArXn@chaos.social
Thinking about that NASA branded tank I saw at NASA Ames a few months ago Why did/does NASA need a tank
mmm, the average internet background noise per /24 is about 92 pps at the moment
I mean sure, You can spend all of this time evading advanced memory corruption detection, ASLR, W^X, etc. But have you considered just shoving funny bash strings into every possible hole and seeing if stuff is so busted that it will just run it anyway? (This compromised a non zero amount of people)
Wow, when did 28TB 3.5" CMR drives show up on the casual market?! Though looking at ST28000NM000C, the transfer speeds are still not really getting any better. You are still looking at less than 300MiB/s on a 28T spinner... (You can get 32T SMR from Seagate)
I love the idea of the DoD using Matrix during what may turn out to be pretty eventful next few years. Coast Guard: We are seeing unknown boats on the western sea board
Air Force: [Unable to decrypt message]
Army: [Unable to decrypt message]
NATO: [Unable to decrypt message]
New blog post! Ever wondered about the process that grants RFC numbers for documents? Well, worry no more, introducing: -- The “simple” 38 step journey to getting an RFC
Ah yes, the .va (Holy See/Vatican) TLD had a .com NXDOMAIN=NOERROR moment it seems, just without the site finder and more weird fingerprinted CNAMEs https://lists.dns-oarc.net/pipermail/dns-operations/2024-December/022734.html
Maybe I just have a aversion to calling myself a director/ceo/whatever, But I can't think of a good and non eww thing to put into a "Position" box for a single guy company
Why must
$ javaws Downloads/launch\(1\).jnlp
...
Unrecognized VM option 'PermSize=32M'
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
javaws
be like this (every major version breaks most workarounds to make BMC console applets work)
TIL (complete with a moment of "oh shit, what now?") that bellingcat mentions AS206924 (my ASN), but actually it's so much cooler, they have what is partly a "how to use bgp.tools for journalism investigations": https://www.bellingcat.com/resources/2024/03/01/using-open-source-internet-routing-tools-to-monitor-a-sanctioned-russian-bank/
Signs that your SEO game was is so good that everyone* hates you for it * "everyone", being the 34,696 who seemingly pay for a search engine
My brand new (and expensive) 1G DWDM optic doesn't work so I will likely have to go back to slough >:C
So there is the term "COTS" for Commercial-Off-The-Shelf, however we could just rearrange all of the main L3 router vendors at the moment to form: "JANC" (Juniper Arista Nokia Cisco) Much better
Wondering if I should rig up a LiveSpit for my ccc talk... Not to make me speed through the slides, but to keep me at a predictable pace as I tend to go way too fast otherwise. Seems like a "fun"/easy to grasp way to gauge if I am over/under pace
benjojo
reposted 26 Nov 2024 22:31 +0000
original: mattgrayyes@chaos.social
Proud of myself that if I type "tw" into the browser bar it no longer suggests twitter, simply because I dont go there enough anymore to have it weigh in as the ranking (also I assume because the x . com domain move has stolen all of the thunder)
Packaging on my box of green tea claims it has "all natural ingredients" Which needs me to wonder what a "all unnatural ingredients" tea would be like, like how far can science go? What would it even taste like?
Taking a glance at the orange news website's "Whos Hiring" thread and I get the following impressions: A) Everything is US healthcare tech now? B) Some YC companies names are so far detached from meaning (What do you think "goblins", "bloop", "Peanut" do?) C) I see why friends are staying in their semi-grim situation jobs right now (It should be made clear, I'm not looking)
I went back into my "stupid blog post ideas" and one of them was "can you boot from FUSE filesystems?", well I'm happy to report that @ersei beat me to it! (Though my plan was to have a FUSE FS backed by MySQL, so you only needed one place for state (!) when netbooting a box)
Booting Linux off of Google Drive
Stacking the "please be dim/quiet" bits for testing
It so wimndy that over 69% of all power (20.54GW) in the UK is currently generated via wind farms according to https://grid.iamkate.com/
Ever wanted to see what every(?) Lenovo BIOS is like for the last 10 years? Useful+Strangely Lenovo have you covered with a simulator for a shockingly huge amount of models: https://download.lenovo.com/bsco/index.html#/textsimulator/ThinkPad%20T430%20(2347,2342,2344,2345,2349,2350,2351) Useful I guess if you want to use it blind?
A true chaos thread where only people named Ben can participate
sigh I see, I mean, at least I know what is coming when I fill this out
Grafana stop randomly logging me out challenge (impossible)
Doing a bit of aliexpress safari again, and while this motherboard looks incredibly silly if you added a load of PLX PCIe switch/failover chips you would basically have a motherboard+CPU that is functionally the same as most big carrier routers
Mildly interesting, got a alert of a box going mental on the load avg dmesg said It turned out that one sshfs PID had decided to become a slow moving fork bomb..? Sure I guess, that's a new one
Tasks: 155, 243 thr; 2 running
Load average: 5922.82 4616.68 2131.84
Uptime: 151 days(!), 22:30:04
[12507760.522357] INFO: task kcompactd0:32 blocked for more than 1208 seconds.
[12507760.522411] Not tainted 5.10.[redacted]
[12507760.522446] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12507760.522491] task:kcompactd0 state:D stack: 0 pid: 32 ppid: 2 flags:0x00004000
benjojo
reposted 20 Nov 2024 08:43 +0000
original: chort@infosec.exchange
LMAO, does OkCupid run on Excel now??? This just happened recently. I bet this was a botched database migration. Maybe that explains why chat messages are showing out of order too. LOL, what a dumpster fire.
When stuff says "doing x 100% of the time", like surely that's not very efficient doing something for only 1 amount of time per thread/time Over in bgptools land, im doing BGP and BGP related processing approximately 24000% of the time
Did you bgp.tools sessions go down ~1 hour ago? Here is the RFO: It turns out the locking mechanism on one of the uplink ports on a satellite PoP doesn't work, and the RJ45 can move about ~5mm, enough to drop a link when you are fiddling doing something else
Google Earth now has a good web client! And the historical imagery feature is now easily hyperlinkable, I have already wasted a unreasonable amount of time playing with this. And look! One of the days sat/aerial photos were taken was during Bristol Pride!
Super weird that for the past year+ you just can't transit TCP connections for port 646 (IE: ldp) towards AS6939/Hurricane Electric Are they patching over some horrible bug in their stack? I mean I don't think anyone is doing multihop LDP, but it's still _weird_ for a carrier to ACL off a TCP/UDP port Reminds me of the days (maybe still) of Virgin Media dropping all SMB connections at the edge
Even after the bombs hit and there are no humans left, there will be two things that live on: 1) Some perl scripts on running crontab 2) Updates to the Google Cloud Third-Party Subprocessors list
benjojo
reposted 18 Nov 2024 16:22 +0000
original: demize@unstable.systems
someone posted this to the drum and bass subreddit and it's unreasonably cool and I have to share pretty sick dnb track, made in LSDJ, on an actual gameboy! https://www.youtube.com/watch?v=dFiwCy4cLu8
Friend sent this to me earlier, Yell not into the abyss, lest you become recognised as an abyss domain expert, and they expect you keep yelling into the damn thing
In the continuing tradition of "everything is AI", Apparently DDoS attacks smarter than a cURL in a while(true){} loop is now AI according to this Nokia slide deck The idea that botnets are a 2020 thing is a insane assertion to put on a slide deck that is trying to sell people who have DDoS problems mitigation appliances. There is a conundrum with these kinds of talks, because they are almost always conference sponsor talks. I feel a weird obligation to not call out the insane stuff in their slides, but also. This is such a warped reality being presented. gah.
CCC / #38C3 goers, Help the schedule team figure out what talks should not clash with each other by tagging (and pressing submit) the talks you would go to if you could: https://halfnarp.events.ccc.de/ (boots ok etc)
At some point I do feel a little sorry for the Iridium Satellite Network, it seems to be the punching bag of security research. On the other hand, it is the most accessible and... vintage/accessible tech
I have a better thermal camera for a few days, one of the infiray sensors that does not have the 9hz ITAR limits! Little USB-C thing, and only requires a little bit of messing with to give some kind of output in Linux. Is needed, and then the UVC interface "works" (obviously without any of the post processing that is offered by the smart phone apps) near 30FPS thermal performance is soooo nice, the extra resolution also is welcome
sudo rmmod uvcvideo
sudo modprobe uvcvideo quirks=0x02
Hmmmm. "cool" feature of some IX's combined with some IX participants. First, find a IX address that is not in use: Then hard set it's neighbour mac address to something that is not on the IXP Then set a destination route to go via the mac-address-that-does-not-exist and then ping it Cool right?? What is happening here is nuts on many different levels. To start, the non existent MAC address forces this IX (LINX) to treat any packets send to as "BUM" traffic, LINX could have prevented this by using static MAC like quite a lot of the other big ones do. That however does not explain why we got ping responses... It turns out some routers on the peering LAN don't check if the destination MAC address for a packet is their own before forwarding the traffic! in this case 3 different LINX member routers saw my unknown unicast packet and was like "sure, why not, I'll route that!", and the packet routed all the way through to 9.9.9.9, and a response came back to me. Mental!
root@linx-ns:~# ping 195.66.231.230
PING 195.66.231.230 (195.66.231.230) 56(84) bytes of data.
^C
--- 195.66.231.230 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
root@linx-ns:~# ip neigh replace 195.66.231.230 lladdr de:ad:ad:dd:dd:dd dev enp129s0f0.700
root@linx-ns:~# ip route add 9.9.9.9/32 via 195.66.231.230
root@linx-ns:~# ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
From 195.66.226.119: icmp_seq=1 Redirect Host(New nexthop: 195.66.225.238)
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=0.720 ms
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=0.756 ms (DUP!)
64 bytes from 9.9.9.9: icmp_seq=1 ttl=63 time=1.47 ms (DUP!)
^C
--- 9.9.9.9 ping statistics ---
1 packets transmitted, 1 received, +2 duplicates, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.720/0.981/1.468/0.344 ms
mmm, LHR<->SFO per flow latency graph sometimes looking like artwork