IRC logs of #boinc for Saturday, 2009-06-13

00:14 *** jackygrahamez_ has quit IRC

00:29 *** infinisoft has quit IRC

01:01 *** yoyo[RKN] has joined #boinc

01:09 *** efc has quit IRC

01:22 <yoyo[RKN]> moin

01:23 <yoyo[RKN]> &wx sxf

01:23 <Romulus> yoyo[RKN]: Temperature: 50°F / 10°C | Humidity: 76% | Pressure: 30.01in / 1016hPa | Conditions: Mostly Cloudy | Wind Direction: West | Wind Speed: 22mph / 35km/h | Updated: 6:50 AM CEST; Unknown. High:57 F.; Chance of Rain. Low:48 F.; Clear. High:68 F.; Clear. Low:46 F.; Chance of Rain. High:73 F.; Chance of Rain. Low:55 F.;

01:34 *** MTughan is now known as IntelligentGuy

01:34 *** IntelligentGuy is now known as MTughan

01:43 <jasong> You guys heard of the Kindle?  i was looking at their advert online, and that text-to-speech thing reminds me of the Starship Enterprise computer.  Not good

01:44 <jasong> When those things can do color and act like regular notebook paper for less than about $400, that's when I open my wallet

01:44 <PovAddict> color? get a netbook

01:44 *** desti_T2 is now known as desti

01:45 <MTughan> Or a tablet.

02:04 *** CoderForLife has quit IRC

02:17 <jasong> um, duh, you can't take notes on a netbook, and the whole point is to use the thing like a book

02:17 <jasong> Besides, with e-ink, the battery lasts a ton longer

02:17 <MTughan> Books don't have colour if they don't have pictures.

02:18 <MTughan> Covers might, but do you need a colour screen just for covers?

02:18 <jasong> Yes, but magazines have color, and that's one of the things I want in a netbook, the ability to read magazines

02:19 <jasong> I hoard magazines, but with an e-book that could do magazines, I wouldn't look like an insane person when people come in my room

02:20 <jasong> Another thing is that I wouldn't have to have a physical space for every book or magazine I owned

02:20 <jasong> (I don't have a lot of room for stuff)

02:21 <jasong> netbook should be e-book in what I wrote

02:25 <jasong> Isn't Google thinking about entering the e-book market with their own e-book?

02:26 <MTughan> I don't know about their own e-book, but they are looking at an e-book library. :P

02:26 <jasong> oh, sorry, I meant e-reader

02:26 <MTughan> I don't know about that.

02:29 <jasong> I don't think people really understand the whole idea of not needing a wireless contract or a computer to use the Kindle.  When I try to explain, people just assume they're misunderstanding me

02:42 <Tank_Master> holy shyt

02:42 <Tank_Master> you know how in windows when you share a folder, its limited to 10 people by default?

02:43 <Tank_Master> well in server 2008 R2 its 16777216 by default

04:20 *** Aeternus has joined #boinc

04:36 *** yoyo[RKN] has quit IRC

05:13 *** CoderForLife has joined #boinc

05:13 *** ChanServ sets mode: +o CoderForLife

06:09 *** _tty0 has joined #Boinc

06:09 <_tty0> Hi friends

06:10 <_tty0> when i want use boinc for x86 Linux (Arch) from the origial source code (the web)

06:10 <_tty0> it's fail with a segmentation fault, and try made a smash of the stack

06:10 <MTughan> Do you have the stacktrace?

06:11 <_tty0> yes boinc trace all the stack in the terminal

06:11 <_tty0> stack, heap, etc.

06:11 <_tty0> i don't have a core

06:11 <_tty0> because my ulimit -c were not configure in this moment

06:12 <MTughan> Can you pastebin the stacktrace at least? I don't have a use for the others, but there is someone else who might be able to use them.

06:13 <_tty0> MTughan: i don't have the stack trace in this moment

06:13 <MTughan> Okay.

06:13 <_tty0> because i install boinc in the servers of my work

06:13 <MTughan> When are you able to get to it?

06:14 <MTughan> Also, where did you get the source from?

06:14 <_tty0> sorry my english is bad and i can't understand your question

06:14 <_tty0> from the official page of boinc

06:14 <MTughan> So you downloaded from http://boinc.berkeley.edu/download_all.php ?

06:14 <Romulus> Title: Download BOINC client software (at boinc.berkeley.edu)

06:15 <_tty0> yes of course

06:15 <_tty0> the latest version

06:15 <MTughan> So that's not source, but a binary version.

06:16 <_tty0> ok want compile it next

06:16 <_tty0> i want sorry

06:16 <MTughan> It's already compile from there though.

06:16 <MTughan> compiled*

06:16 <_tty0> and try from the arch repository (pacman) install and it fail too

06:17 <_tty0> tryed is in the past? dot not?

06:17 <_tty0> i tryed install it from the arch repository and it failed too

06:17 <MTughan> You said you're trying to run these on servers at work?

06:17 <_tty0> MTughan: yes :P

06:17 <_tty0> is a important cause

06:18 <MTughan> And the stacktraces and other dumps are on those servers?

06:18 <_tty0> yes

06:18 <MTughan> When are you able to get to them?

06:18 <MTughan> Because I don't think anyone can do anything without seeing where it crashed.

06:19 <_tty0> yes, i can debbug it latter

06:19 <_tty0> but when i will go to my job

06:20 <_tty0> whit this error is possible generate a buffer overflow very easy

06:20 <MTughan> Yeah, the BOINC code has a lot of that.

06:20 <MTughan> Stuff like char s[256].

06:20 <_tty0> ok, then it's not secure application

06:21 <_tty0> for networks eviroments and productions servers

06:21 <MTughan> It's being worked on in a fork called Synecdoche. Replaced a lot with std::strings.

06:21 <MTughan> I don't know how that compares to BOINC yet though.

06:22 <_tty0> ok, then i try with Synecdoche

06:23 <_tty0> this project is important but, with this errors i cant donate my CPU time for contribute

06:23 <_tty0> because the security is important for my servers

06:23 <_tty0> :(

06:23 <MTughan> Hold off until that other person I mentioned comes. He should be waking up in 1-2 hours, and he knows both BOINC and Synecdoche a lot better than I do.

06:24 <MTughan> PovAddict?

06:24 <_tty0> ok MTughan :)

06:24 <_tty0> PovAddict?

06:24 <MTughan> I did that to flash him. PovAddict is the other I was talking about.

06:25 <_tty0> PovAddict is a fork of Boinc?

06:25 <MTughan> No, PovAddict is a person in here.

06:25 <_tty0> sorry MTughan my english is reallity bad i'm learning it now

06:25 <_tty0> ahhh ok ok

06:35 <_tty0> i'm compiling it in my housse now

07:12 *** ChanServ sets mode: -o CoderForLife

07:36 <_tty0> DanceForLife

07:49 *** yoyo[RKN] has joined #boinc

07:52 <CoderForLife> it's all in Coding

08:08 *** MikeChelen has quit IRC

08:11 *** MikeChelen has joined #boinc

08:18 *** xcamel has quit IRC

08:40 *** yoyo[RKN] has quit IRC

08:46 *** xcamel has joined #boinc

08:46 *** ChanServ sets mode: +o xcamel

08:49 <xcamel> 'lo

08:51 *** wdsmia has left #Boinc

08:51 *** wdsmia has joined #Boinc

08:51 *** wdsmia has left #Boinc

08:51 *** wdsmia has joined #Boinc

08:51 *** wdsmia has quit IRC

08:52 *** wdsmia has joined #Boinc

08:54 <xcamel> http://antwrp.gsfc.nasa.gov/apod/ap090613.html

08:54 <Romulus> Title: APOD: 2009 June 13 - The Milky Road (at antwrp.gsfc.nasa.gov)

09:03 *** siofwolves has joined #boinc

09:07 <kathryn_> anyone here good with css?

09:07 *** kathryn_ is now known as KathrynM

09:07 <MTughan> I can do some. Why?

09:14 <KathrynM> I want to change one thing on my blog, but I can't figure it out.

09:14 <KathrynM> http://www.esladventures.net/blog/

09:14 <Romulus> Title: ESL Adventures (at www.esladventures.net)

09:14 <KathrynM> see how the links are highlighted in black?  I'd rather they not do that.

09:15 <KathrynM> But I know next to nothing about CSS and I couldn't figure it out using Firebug

09:15 <MTughan> The ones in the right-hand column?

09:16 <KathrynM> yeah

09:17 <KathrynM> actually the pink in the main posts too

09:17 <KathrynM> god that's a horrible color

09:17 <KathrynM> maybe I should just find a new theme ;)

09:17 <MTughan> The black is from style.css, Firebug reports line 572.

09:18 <MTughan> Look for background-color: #252525;

09:18 <MTughan> Want me to look for the pink too? ;)

09:18 <KathrynM> please :)

09:19 <MTughan> That's the pink on "Dalk-yachae-bokum-bap"?

09:20 <MTughan> Or rather, all the post titles?

09:21 <MTughan> Found the pink, although it's in an odd spot...

09:22 <KathrynM> holy heck, getting rid of that black makes it look 1000000 times better

09:22 <MTughan> Did you modify the stylesheet?

09:24 <KathrynM> just in firebug

09:25 <MTughan> Ah... That would explain why it doesn't show up in a refresh.

09:25 <MTughan> To get rid of the pink there'll be two changes you'll have to make: one to get rid of the pink, another to change the text colour, as after the pink is gone, it'll be white on white.

09:27 <KathrynM> gah.  stupid slow server

09:27 <KathrynM> refresh now

09:27 <KathrynM> see if the black is gone for you too

09:27 <MTughan> Black gone here.

09:28 <KathrynM> I think it looks a lot better, don't you?

09:28 <MTughan> Yep. :)

09:29 <KathrynM> ok, now for the pink

09:29 <MTughan> All right...

09:30 <MTughan> The white colour is in style.css, around line 471.

09:30 <MTughan> The pink is in an embedded stylesheet in the page itself, around line 39.

09:30 <KathrynM> color: white;

09:30 <MTughan> That would be it.

09:30 <KathrynM> so change that to color: black;?

09:31 <MTughan> If you want the text to be black. It changed to blue when I just ignored it.

09:32 <KathrynM> I don't understand the embedded stylesheet part

09:32 <MTughan> If you look at the HTML page itself, go to line 40.

09:32 <MTughan> There's a stylesheet in the page.

09:32 <MTughan> Which is why I said it was in an odd location.

09:33 <KathrynM> .post .title a {

09:33 <KathrynM> background-color: #FE0059;

09:33 <KathrynM> that?

09:33 <Romulus> or what drives many of the ATA crowd

09:33 <KathrynM> shut up rommie

09:33 <MTughan> Yep.

09:34 <KathrynM> but where do I change it?

09:34 <KathrynM> I'm an idiot

09:34 <MTughan> How is that page made?

09:34 <KathrynM> dunno

09:35 <KathrynM> it's wordpress

09:35 <KathrynM> runs on a lamp stack

09:35 <MTughan> Do you have command line access to the server root?\

09:35 <KathrynM> think so

09:35 <MTughan> Try doing a grep for the colour.

09:35 <KathrynM> ugh

09:35 <KathrynM> head hurts

09:35 <MTughan> cd <dir>

09:35 <KathrynM> too late

09:35 <KathrynM> too tired

09:36 <MTughan> grep -r FE0059 .

09:36 <KathrynM> don't feel like grepping right now

09:36 <KathrynM> I'm happy just having gotten rid of that black

09:36 <MTughan> Fair enough.

09:38 <KathrynM> thanks for your help

09:38 <MTughan> np

10:08 *** jackygrahamez has joined #boinc

10:08 <jackygrahamez> hi

10:12 *** zombie67 has quit IRC

10:21 <KathrynM> hiya Jack

10:21 <jackygrahamez> hi KathrynM

10:21 <KathrynM> how's life in DC?

10:21 <jackygrahamez> Good weather for now

10:22 <jackygrahamez> How is S. Korea?

10:22 <KathrynM> nice

10:22 <KathrynM> OK.

10:22 <KathrynM> keeping an eye on N. Korea

10:22 <jackygrahamez> I was afraid of that

10:22 <KathrynM> par for the course here :/

10:23 <KathrynM> just started my new contract the other day.

10:23 <KathrynM> I'm officially a manager.

10:23 <KathrynM> But title only.  I have no power :)

10:23 <jackygrahamez> congratulations

10:23 <jackygrahamez> I know the feeling

10:23 <jackygrahamez> I supervise the Helpdesk supposedly

10:23 <KathrynM> :

10:23 <KathrynM> gah

10:23 <KathrynM> stupid tired fingers

10:24 <KathrynM> been up for the last 18 hours

10:24 <jackygrahamez> dang

10:24 <KathrynM> had open house too today

10:24 <KathrynM> and had the cat spayed yesterday

10:24 * jackygrahamez raw

10:25 * MTughan has been up for about 21 hours now

10:25 <KathrynM> ah yes, but MTughan  is young

10:25 <MTughan> And no caffeine.

10:26 * jackygrahamez ponders if MTughan live in the land of the midnight sun?

10:26 <MTughan> 10:30AM here now.

10:41 *** Aeternus has quit IRC

10:51 *** _tty0 has left #Boinc

11:02 *** zombie67 has joined #boinc

11:10 <Tank_Master> huh

11:11 <Tank_Master> winrar beta 3.9 comes in both 32bit and 64bit

11:12 <MTughan> Why are you using WinRAR? 7zip supports rar archives.

11:16 <Tank_Master> why would I want to use 7zip?

11:16 <MTughan> Because it's free, has supported 64-bit Windows for a while, and supports many archive types.

11:16 <Tank_Master> so does winrar

11:19 <MTughan> Okay... Looks like they both support essentially all the same format for extraction. But 7zip supports more for compression, and is still free.

11:20 <Tank_Master> winrar is free to

11:20 <MTughan> From what I see, only the extractor is free, and it's still shareware.

11:20 <Tank_Master> nope

11:21 <Tank_Master> after about 60 or 90 days it pops up a messages saying "please donate". just click ok and it gose away

11:22 <MTughan> How does it extract? Do you open an archive and then extract it?

11:22 <MTughan> 7zip installs itself as an Explorer extension, so you can extract a file while in Explorer.

11:23 <Tank_Master> you can rtclick from explorer and it gives you a few options

11:23 <Tank_Master> extract ehre, extract to folder, specify woere to extract to

11:23 <Tank_Master> handy for iso files

11:23 <MTughan> Same method as 7zip then.

11:24 <Tank_Master> so the only diffrence might be the speed

11:24 <MTughan> Well, the only difference I can see then is that 7zip is open source. I'm sticking with 7z myself.

11:24 <Tank_Master> I could care less about it being open or not

11:24 <Tank_Master> I aint never gonna mess with it anyway :P

11:24 <MTughan> True about speed... Depends on if 64-bit really does help.

11:24 <Tank_Master> yeah

11:24 <MTughan> I believe 7zip is threaded.

11:24 <Tank_Master> no clue

11:25 <MTughan> So it can take use of multiple processors.

11:25 <Tank_Master> I thing winrar is to, but Im not sure on that

11:25 <MTughan> It's hard to tell except with a really big archive.

11:25 <Tank_Master> yeah

11:25 <MTughan> Wikipedia says it's threaded.

11:25 <MTughan> (7zip)

11:26 <MTughan> Looks like WinRAR does have some threading for compression, but I don't know about decompression.

11:32 <Tank_Master> and liek you said, you may only see the difference if thearchive is large

12:01 *** jackygrahamez has quit IRC

13:01 *** jasong has quit IRC

13:08 *** Wombatsmann has joined #boinc

13:14 *** jasong has joined #boinc

13:15 *** ELGono has quit IRC

13:19 *** mejla has joined #boinc

13:35 <RomW> MTughan, Pov, use of character arrays by themselves do not lead to explotable code, BOINC goes through roughly 3 security audits a year.  The last time an exploitable chunk of code was found client-side was 3 years ago.

13:35 <RomW> MTughan, Pov, use of character arrays by themselves do not lead to explotable code, BOINC goes through roughly 3 security audits a year.  The last time an exploitable chunk of code was found client-side was 3 years ago.

13:35 <RomW> MTughan, Pov, use of character arrays by themselves do not lead to explotable code, BOINC goes through roughly 3 security audits a year. The last time an exploitable chunk of code was found client-side was 3 years ago.

13:35 <RomW> MTughan, Pov, use of character arrays by themselves do not lead to explotable code, BOINC goes through roughly 3 security audits a year.

13:35 <MTughan> RomW: Client trouble?

13:35 <RomW> MTughan, Pov, use of character arrays by themselves do not lead to explotable code, BOINC goes through roughly 3 security audits a year.

13:35 <RomW> doah

13:35 <RomW> sorry

13:35 <RomW> mirc didn't display the text

13:35 <RomW> ouch

13:36 <MTughan> You pasted it 5 times.

13:36 <RomW> well, i hit the up arrow and enter, and the text still didn't display...

13:36 <MTughan> Anyway... No, character arrays by themselves aren't necessarily exploitable. But they are up for more possibility of a problem than C++ string objects.

13:36 <RomW> I didn't realize mirc locks the scrollbar until you get back down to the bottom

13:39 <RomW> Well the fact of the matter is that stating synecdoche is more secure than the BOINC client is misleading people

13:40 <MTughan> I didn't meant to imply that.

13:40 <MTughan> Hmm, seems I did anyway...

13:41 <MTughan> Nice, he's still signed on... Let me see if I can bring him back.

13:42 *** _tty0 has joined #Boinc

13:42 <_tty0> Hi!

13:43 <MTughan> RomW would be the BOINC developer I mentioned. He can probably help you better than I can.

13:43 <_tty0> Hi RomW!

13:43 <RomW> Howdy

13:43 <_tty0> Ok i say to you my problem

13:44 *** Wombatsmann has quit IRC

13:44 <_tty0> Today, i'm installing BOINC in a computer of my job, then, i execute it, and this program crash with a segmentation fault, smashing data on the stack

13:44 <RomW> I want to clear something up real quick, BOINC goes through at least security audits a year, IBM being one of the companies that audits the code regularly.

13:44 <_tty0> but i have'nt the core because my ulimit was 0 in this moment

13:44 <RomW> okay

13:45 <RomW> three security audits a year

13:45 <_tty0> RomW: sorry for my english

13:45 <RomW> no worries, isn't any worse than mine at the moment.

13:46 <RomW> Which version of the client are you using?

13:46 <MTughan> He said latest, I didn't get an exact version. It was a binary download from what I can tell.

13:47 <_tty0> 6.4.5 RomW

13:47 <RomW> Which Linux distro?

13:47 <_tty0> Arch Linux

13:47 <_tty0> with kernel 2.6.29

13:48 <RomW> I haven't ever played with that one...

13:48 <RomW> Are you using the compat client? or the one with the full GUI?

13:48 <_tty0> In the crash, Boinc try write protected memory address

13:49 <_tty0> In the compat client, and in the GUI too

13:50 <RomW> Do you get a better callstack if you launch the client under gdb?

13:50 <_tty0> i want get a core file and view ir with gdb

13:51 <_tty0> RomW: no, i not try with gdb

13:51 <_tty0> i install boinc in my personal PC now, and it found ok

13:51 <RomW> crud, to much to do, so little time...

13:53 <RomW> Are you also using Arch Linux?

13:54 <_tty0> yes RomW i'm using archlinux now

13:54 <_tty0> in my housse and in my job

13:54 <RomW> so it works on your personal pc but not on your work pc?

13:54 <_tty0> yes RomW

13:56 <_tty0> i want help you in more details, but my english is reallity bad and i can't say the problem

13:56 <_tty0> exactly

13:57 <RomW> Well when next you try it on your work computer, could you use this package:

13:57 <RomW> http://boinc.berkeley.edu/dl/boinc_6.4.5_i686-pc-linux-gnu_debug.sh

13:57 <Romulus> <http://tinyurl.com/kke2tt> (at boinc.berkeley.edu)

13:57 <RomW> it still contains all the debug symbols

13:57 <_tty0> Ok downloading

13:57 <_tty0> ok thanks!

13:57 *** Celelibi has quit IRC

14:05 *** CoderForLife has quit IRC

14:06 *** CoderForLife has joined #boinc

14:06 *** ChanServ sets mode: +o CoderForLife

14:11 <PovAddict> RomW: well, I spent a few days digging through server code and I found an exploitable buffer overflow; so much for security audits

14:12 <MTughan> 'lo Pov

14:14 <RomW> exploited by the client sending a request?

14:15 <RomW> Did you report it?

14:22 <PovAddict> nope, I went to read tutorials on how to write shellcode, just for fun

14:22 <PovAddict> but it seemed quite over my head so I might just report it

14:26 <RomW> So the exploit is in the admin tools? i.e. not an interface point open to the public

14:27 <PovAddict> no, it's exploitable from clients

14:27 <PovAddict> I didn't mean shellcode as in "shell script"

14:27 <PovAddict> http://en.wikipedia.org/wiki/Shellcode

14:27 <Romulus> Title: Shellcode - Wikipedia, the free encyclopedia (at en.wikipedia.org)

14:28 <_tty0> I wrote a shellcode yesterday

14:29 <_tty0> the shellcode execute /bin/sh

14:29 <_tty0> in 32 bytes, i'm reading the shellcoders handbook, 800 pages about how to write shellcodes and explotis

14:29 <_tty0> :)

14:29 <PovAddict> see, that's the problem :)

14:29 <PovAddict> 800 pages?

14:30 <_tty0> yes

14:30 <_tty0> i a good book

14:30 <_tty0> i was mading this video about how to exploit a buffer overflow bug with address space layout randomizacion

14:30 <_tty0> http://blip.tv/file/2219632/

14:30 <Romulus> Title: Buffer Overflow with ASLR (at blip.tv)

14:33 <RomW> Well if you found a server side exploit you should report it, it affects synecdoche just as muhc as the BOINC client.

14:35 <PovAddict> it's actually a pattern that appears often, but I don't know which cases actually matter or which can be exploited by clients (as opposed to "exploitable" by a project admin)

14:35 <PovAddict> char buf[256]; sprintf(buf, "Result name is %s\n", res.name); where res.name is a char[256] too

14:37 <PovAddict> from there, you have to analyze whether you can actually put more than 241 characters into res.name in practice

14:38 <PovAddict> sometimes you can't; for example, it may be parsed from XML like <result>%s</result>, and the parser is using a char[256] to put a whole line of the XML file (checking for buffer size correctly)

14:39 <PovAddict> in 256 chars you can't fit those XML tags *and* more than 241 characters inside them

14:40 <PovAddict> if all ways to get data into such res.name have that issue, then it cannot be exploited

14:40 <PovAddict> "issue"

14:40 <PovAddict> from the point of view of a hacker that is :)

14:50 <RomW> it appears that code has been removed from the server

14:51 <RomW> replaced by id's

14:51 <PovAddict> it was just an example of a pattern that appears often

14:51 <PovAddict> sprintf(buf, "Result %s is no longer usable", orp.name); here's a real example copied from server code

14:52 <PovAddict> (in that particular case, I think orp is generated by the server by reading the DB, so it's not important)

14:57 *** biteable has joined #boinc

14:57 *** biteable is now known as BiteAbleKat

14:57 <PovAddict> &seen BiteAbleKat

14:57 <Romulus> PovAddict: BiteAbleKat was last seen in #boinc 43 weeks, 5 days, 14 hours, 52 minutes, and 50 seconds ago: <BiteAbleKat> how goes it quail

14:57 <PovAddict> &seen BiteAble

14:57 <Romulus> PovAddict: I have not seen BiteAble.

14:57 <PovAddict> long time :)

14:58 <BiteAbleKat> heh yup

14:58 <BiteAbleKat> :D

14:59 <BiteAbleKat> hows things povaddict

15:09 *** efc has joined #boinc

15:15 <efc> Thx google for "googleupdate.exe". Do no evil my butt.

15:17 <MTughan> It's installed with any Google product.

15:17 <efc> Yeah, I really need that running 24/7...

15:19 <PovAddict> it updates things like Google Chrome without even a notification

15:19 <PovAddict> open the about box every day and eventually you'll see a bigger number, but you won't know when it happened

15:21 <efc> Its a service. Disabled now.

15:22 <PovAddict> look at Windows Task Scheduler

15:23 <RomW> Pov: How about this, when you only think you have found something, say it as though you think you have found a possible exploit, instead of saying you have found one. File a bug and get it verified. Until then it is all FUD

15:24 <efc> I don't really mind if it runs when their software runs.. But I like to limit the amount of junk at startup and resident all the time.

15:24 <PovAddict> I knew I found one when I tested it and it printed "**stack smashing detected**" on my console

15:24 <PovAddict> so there

15:25 <PovAddict> I don't know if it's really exploitable because I haven't learned to exploit that kind of thing yet

15:26 <RomW> file a bug

15:26 <PovAddict> but if you think I'm spreading FUD and you want proof that I did find something, fine; I will stop talking about it, buy the shellcoders handbook, learn how to exploit it, pwn a project, and file a bug

15:27 <PovAddict> IBM audit might find it before that anyway

15:27 <RomW> Look, i'll grant you crashes are the places to look for that kind of thing.

15:28 <RomW> The bug doesn't need exploit code included

15:28 <PovAddict> I didn't find it because it crashed

15:28 <RomW> Just file a bug with the callstack of the crash and it'll get fixed

15:29 <PovAddict> I found it because I spent two or three days searching for unchecked sprintfs on fixed-size char buffers

15:29 <RomW> Well, file a bug with whatever information you have

15:29 <PovAddict> if I had started with the assumption of "use of character arrays by themselves do not lead to explotable code" I wouldn't have even looked

15:30 <efc> "C considered harmful"

15:31 <PovAddict> I never wrote down exactly what case I had found, so I forgot about it when I gave up learning how to exploit (because it's too hard and time-consuming)

15:32 * BiteAbleKat jams:-Grateful Dead - Without A Net Second Set - 07 - Dear Mr - Fantasy.mp3

15:32 <efc> Moo BAK

15:33 <BiteAbleKat> moo

15:33 <BiteAbleKat> :D

15:33 <PovAddict> last time I found a bug with possible security implications (DoS), David applied a hack that only fixed remote exploiting (not local) and broke BoincView; I regretted reporting anything

15:34 <RomW> How does CoderForLife's quote go?

15:35 <RomW> Fixing stuff with security implications is important, and should be done, even if it breaks BOINCView.

15:36 <RomW> Although I suspect a work-around could be applied most of the time

15:37 <PovAddict> there were a bunch of workarounds applied for BoincView compatibility afterwards

15:37 <RomW> then things sorted themselves out and life goes on

15:39 <PovAddict> nope, then I removed the hack from synecdoche and fixed it correctly

15:40 <RomW> lol, the correctness factor is a point of view thing

15:40 <PovAddict> now BOINC client can be still DoS'd locally without GUI RPC password and still drops connection after a failed auth attempt (who knows what 3rd party apps, other than BOINCView, have problems with that?)

15:40 <PovAddict> agreed, correctness is a point of view thing

15:41 <PovAddict> since apparently I have a different point of view, I'll keep doing it my way locally

15:42 <RomW> Well all you can really say is that you and David decided on a different way of doing things, until somebody else steps up to the plate with a broken app that proves what David did as not enough

15:43 <PovAddict> without a protocol spec saying whether it's OK to close the connection after a failed auth, it'd hard to say who's fault it would be

15:59 <CoderForLife> re-hi

16:00 <efc> moo cfl

16:00 <CoderForLife> moo efc

16:00 <CoderForLife> BiteAbleKat!  wb!

16:00 *** ChanServ sets mode: -o CoderForLife

16:01 <CoderForLife> &wx 45140

16:01 <Romulus> CoderForLife: Temperature: 74.3F / 23.5C | Humidity: 74% | Pressure: 29.67in / 1004.6hPa (Steady) | Conditions: Mostly Cloudy | Wind Direction: North | Wind Speed: 0.0mph / 0.0km/h ; Tonight - Partly cloudy. A slight chance of showers and thunderstorms this evening. Lows in the upper 50s. Northeast winds around 5 mph. Chance of rain 20 percent.; Sunday - Partly sunny. Highs in the lower 80s. East (1 more message)

16:01 <CoderForLife> &more

16:01 <Romulus> CoderForLife: winds around 5 mph...becoming south in the afternoon.; Sunday Night - Partly cloudy. Lows in the lower 60s. Northeast winds around 5 mph.;

16:02 <XioNYC> &wx LGA

16:02 <Romulus> XioNYC: Temperature: 66F / 19C | Humidity: 84% | Pressure: 29.93in / 1013hPa (Steady) | Conditions: Light Rain | Wind Direction: NE | Wind Speed: 7mph / 11km/h ; Tonight - Mostly cloudy. Numerous showers and scattered thunderstorms. Some thunderstorms may produce heavy rainfall. Lows in the lower 60s. Southeast winds 5 to 10 mph. Chance of rain 60 percent.; Sunday - Mostly cloudy in the (1 more message)

16:02 <XioNYC> &more

16:02 <Romulus> XioNYC: morning...then becoming partly sunny. Isolated showers. Isolated thunderstorms in the afternoon. Highs in the mid 70s. Northeast winds 5 to 10 mph. Chance of rain 20 percent.; Sunday Night - Mostly cloudy in the evening...then becoming partly cloudy. Lows in the lower 60s. East winds 5 to 10 mph.;

16:15 *** jackygrahamez_ has joined #boinc

16:15 <jackygrahamez_> hi

16:16 <jackygrahamez_> anyone want to help me with this cuda app?

16:33 <wdsmia> anyone want to help me cut the grass?

16:34 <BiteAbleKat> http://www.asianews.it/index.php?l=en&art=15456&size=A

16:34 <Romulus> <http://tinyurl.com/mxc4za> (at www.asianews.it)

16:38 *** _tty0 has quit IRC

16:41 <efc> We have robots for that  now, wdsmia

16:47 *** yoyo[RKN] has joined #boinc

17:00 *** siofwolves has quit IRC

17:20 <Tank_Master> jackygrahamez_

17:20 <Tank_Master> you need someone to test run it?

17:23 *** infinisoft has joined #boinc

17:24 <jackygrahamez_> I was looking for a little help compiling

17:24 <jackygrahamez_> I'm not sure what I'm doing wrong

17:25 <jackygrahamez_> http://sourceforge.net/forum/forum.php?thread_id=3301315&forum_id=945126

17:25 <Romulus> <http://tinyurl.com/lff4m5> (at sourceforge.net)

17:27 <Tank_Master> I cant help with coding, sorry :P

17:27 <Tank_Master> but I do have a GPU now to test on if you need it at some point

17:30 <Tank_Master> ill bbl

17:45 *** Rebirther has joined #boinc

17:47 *** Aeternus has joined #boinc

17:52 <wdsmia> zombie67 Beep Beep Move over...  http://boincstats.com/stats/compare_graph.php?pr=bo&table=users&id%5B%5D=129572&id%5B%5D=100947

17:52 <Romulus> <http://tinyurl.com/lcj8e8> (at boincstats.com)

17:53 *** Rebirther has quit IRC

18:03 <Nickuwo> jackygrahamez: is nvcc in your path?

18:03 <MTughan> Did you install the CUDA toolkit too?

18:04 *** _Danilo_ has joined #boinc

18:04 <_Danilo_> hi all

18:04 <yoyo[RKN]> hi

18:04 <yoyo[RKN]> moin

18:05 <efc> moo

18:05 <jackygrahamez_> yes

18:05 <jackygrahamez_> yes to all

18:06 <jackygrahamez_> you know what I'm doing now...I'm testing if I can compile any cuda samples no luck

18:06 <MTughan> So if you type "nvcc" in a command line, it finds something?

18:06 <jackygrahamez_> yes

18:06 <Nickuwo> hmm

18:06 <jackygrahamez_> I added

18:06 <jackygrahamez_> I added it to the variables

18:07 <jackygrahamez_> to the system PATH

18:07 <jackygrahamez_> but I guess this is telling if I cannot compile samples provided by nvidia in VS C++ Express 2008

18:08 <jackygrahamez_> maybe I should haras some folks on the CUDA chanel

18:08 <Nickuwo> why r u using command line?

18:08 <Nickuwo> F5?

18:09 <Nickuwo> samples come with .sln i think...

18:09 <jackygrahamez_> Ok so for the gpu autodock it has a ./configure make make install...I don't know a way to build that in Visual Studio

18:10 <jackygrahamez_> now I'm troubleshooting by trying NVIDIA's Sample code

18:10 <jackygrahamez_> that I'm using the .sln

18:10 <Nickuwo> ah i c

18:10 <Nickuwo> samples arent working either?

18:11 <jackygrahamez_> yes :-(

18:11 <jackygrahamez_> now its funny I got further using the emulator on a non-gpu machine

18:12 <jackygrahamez_> Ok so my laptop is running xp no-gpu and I was able to load a couple .slns

18:12 <jackygrahamez_> but the vista machine with the gpu could not even load the .sln files

18:13 <jackygrahamez_> when I use the emulator on the laptop I am missing a header

18:14 <jackygrahamez_> I think I just found that missing header

18:17 <jackygrahamez_> ok so my emulator is working now on xp...why no luck on vista

18:17 <jackygrahamez_> where I actually have the gpu

18:20 <jackygrahamez_> Message: Custom build rules file 'c:\Users\jshultz\Documents\Visual Studio 2008\common\Cuda.rules' was not found or failed to load. The file 'C:\Users\jshultz\Documents\Visual Studio 2008\Projects\simpleD3D10Texture\simpleD3D10Texture.vcproj' has failed to load.  Project upgrade failed.

18:28 <jackygrahamez_> ok I fixed that with a permissions

18:29 <jackygrahamez_> but now I have the same issue is Visual studio I had in compiling in the command line

18:29 <jackygrahamez_> vcc fatal   : Visual Studio configuration file '(null)' could not be found for installation at 'C:/Program Files (x86)/Microsoft Visual Studio 9.0/VC/bin/../..' 1>Linking...

18:32 *** yoyo[RKN] has quit IRC

18:48 <jackygrahamez_> well I tried building it both 32bit and 64bit no luck

19:05 <Tank_Master> ib

19:18 *** Tyro_68 has joined #boinc

19:20 <Tyro_68> &wx yaw

19:20 <Romulus> Tyro_68: Temperature: 59.9°F / 15.5°C | Humidity: 55% | Pressure: 29.91in / 1012.8hPa | Conditions: Mostly Cloudy | Wind Direction: NE | Wind Speed: 0.0mph / 0.0km/h | Updated: 8:20 PM ADT; Tonight - Clearing early this evening. Fog patches developing overnight. Low 8C(46F).; Sunday - Sunny. Increasing cloudiness late in the morning. Fog patches dissipating in the morning. High 18C(64F) except (1 more message)

19:20 <Tyro_68> &more

19:20 <Romulus> Tyro_68: 13C(55F) along the coast. UV index 8 or very high. Sunday night cloudy periods. Low 9C(48F).; Monday - A mix of sun and cloud. High 16C(61F).;

19:21 <MTughan> Rookie?

19:21 <Tyro_68> Tyro...

19:21 <MTughan> Nvm.

19:22 <Tyro_68> Lol.

19:22 <Tank_Master> your thinking of rookie_67

19:22 <Tank_Master> I think

19:22 <PovAddict> I recognize that lol

19:22 <Tank_Master> then again there zombie_67

19:22 <Tyro_68> Just playing with Mibbit.

19:22 <MTughan> I thought it was Rookie_69?

19:22 <Tank_Master> mibbit rocks

19:22 <PovAddict> bipbip

19:22 <MTughan> &seen rookie_69

19:22 <Romulus> MTughan: rookie_69 was last seen in #boinc 20 hours, 57 minutes, and 30 seconds ago: <Rookie_69> NN.

19:22 <Tank_Master> bah, I dont remember :P

19:23 <Tank_Master> 69 it is

19:23 *** Tyro_68 is now known as Rookie_69

19:23 <Tank_Master> lol

19:23 <PovAddict> it's not hard to remember that number...

19:23 <Tank_Master> so we have zombie_67, tyro_68 and rookie_69

19:24 <Rookie_69> That sounds too complicated.

19:25 <MTughan> I can tell Rookie_69's IP address from here.

19:25 <Rookie_69> Oh... I'm talking to my server...

19:25 *** desti_T2 has joined #boinc

19:26 <MTughan> He's at 24.222.167.84.

19:27 <Tank_Master> and is on eastlink

19:27 <Tank_Master> in kallifornia

19:27 <Rookie_69> I have a big pot of soup simmering on the stove... I wonder if I'll get to eat any of it before I go to bed.

19:27 <Tank_Master> lol

19:27 <Rookie_69> Ca, mot CA.

19:27 <PovAddict> better than earthlink (dialup afaik)

19:27 <Rookie_69> ?

19:27 <MTughan> Dartmouth, NS, Canada.

19:28 <Rookie_69> ...not...

19:28 <MTughan> How close are you to Halifax?

19:28 <PovAddict> darthmouth?

19:28 <Rookie_69> Across the harbour.

19:28 <MTughan> So you are in Dartmouth.

19:29 <Rookie_69> Ottawa... Hull... Halifax... Dartmouth.

19:29 <Rookie_69> Same similar.

19:29 <Tank_Master> it was .ca from what I read, so that couda ben either

19:29 <MTughan> Except Hull is in a different province from Ottawa.

19:30 <MTughan> Tank_Master: The .ca TLD is Canada.

19:30 <Rookie_69> Halifax seems like a different province sometimes.

19:30 <MTughan> heh.

19:31 <MTughan> For those confused by this conversation... http://maps.google.ca/maps?f=q&source=s_q&hl=en&geocode=&q=Dartmouth,+Nova+Scotia&sll=50.233152,-97.119141&sspn=35.429382,87.714844&ie=UTF8&t=h&z=12&iwloc=A

19:31 <Romulus> <http://tinyurl.com/lwhton> (at maps.google.ca)

19:32 <Rookie_69> We have a map???

19:32 *** Rookie_69 has quit IRC

19:33 *** Rookie_69 has joined #boinc

19:33 <Rookie_69> Oops.

19:34 <MTughan> Also, PovAddict: You know how Mibbit addresses work?

19:34 <PovAddict> <hexadecimal IP>@gateway/wb/ajax/mibbit.com/x-<random numbers>

19:34 <MTughan> Or anyone else who is interested...

19:34 <MTughan> Yeah, okay... And my apostrophe key has screwed up again...

19:35 <Rookie_69> Go northwest then northeast then northwest and then northeast iirc... to get to my dump.

19:36 <Rookie_69> Beat on it with a postrophe.

19:37 <MTughan> Your garbage dump?

19:37 <Rookie_69> Close enough... Where I am now.

19:37 <MTughan> Also, won't northwest then northeast take you just straight north?

19:38 <Rookie_69> Home is where the junk is.

19:38 <Tank_Master> sshhh

19:38 <Tank_Master> you make his sound dumb

19:38 <Tank_Master> :P

19:38 <Rookie_69> Follow the roads...

19:38 <Rookie_69> They go not north.

19:39 <Rookie_69> North is where Sandy Claws lives...

19:40 <Tank_Master> he's the one with the free crabs right?

19:40 <Rookie_69> I dunno... I never got crabs from him.

19:41 <jasong> He just gives them to Mrs. Claus on their special night

19:41 <jasong> ;)

19:42 *** desti has quit IRC

19:44 <Rookie_69> Google Earth is my friend and travel companion... I just wish it wasn't such a CPU whore.

19:44 *** desti_T2 is now known as desti

19:46 <Rookie_69> When I can almost count the dog turds in Doug's back yard, I guess it's worth it though.

20:13 *** silet1 has joined #boinc

20:14 *** silet1 has left #boinc

20:35 *** Aeternus has quit IRC

20:44 *** synapt has quit IRC

20:45 *** XioNYC has quit IRC

20:50 *** mejla has quit IRC

21:02 *** XioNYC has joined #boinc

21:13 *** MacG has quit IRC

21:20 *** KathrynM has quit IRC

21:22 *** KathrynM has joined #boinc

21:30 *** MacG has joined #boinc

21:49 *** MacG has quit IRC

21:51 *** MacG has joined #boinc

21:57 *** synapt has joined #boinc

22:44 *** BiteAbleKat has quit IRC

23:02 * Rookie_69 wakes up in time for bed... NN.

23:03 *** Rookie_69 has quit IRC

23:04 *** infinisoft has quit IRC

23:21 <Tank_Master> jackygrahamez_ still here?

23:46 *** jasong has quit IRC

Generated by irclog2html.py 2.4 by Marius Gedminas - find it at mg.pov.lt!