[02:52:39] *** Quits: skasturi (~srijayk@april-fools/2014/runnerup/skasturi) (Ping timeout: 264 seconds) [03:03:13] *** Joins: skasturi (~srijayk@april-fools/2014/runnerup/skasturi) [13:59:38] *** Quits: skasturi (~srijayk@april-fools/2014/runnerup/skasturi) (Ping timeout: 244 seconds) [14:50:06] *** Joins: cold_sau- (~cold_sauc@border.phoenix.squiffypwn.com) [14:50:15] *** Joins: ngomez (~nsgomez@2001:19f0:5c00:8965:22f2:77ed:e053:d8be) [14:50:16] *** Joins: sivoais_ (~zaki@199.19.225.239) [14:50:19] *** Quits: woodruffw (~yossarian@unaffiliated/cpt-yossarian/x-8375832) (*.net *.split) [14:50:19] *** Quits: nsgomez (~nsgomez@108.61.229.127) (*.net *.split) [14:50:20] *** Quits: sivoais (~zaki@unaffiliated/sivoais) (*.net *.split) [14:50:24] *** Quits: anosh (~anosh@unaffiliated/anosh) (*.net *.split) [14:50:24] *** Quits: cold_sauce (~cold_sauc@border.phoenix.squiffypwn.com) (*.net *.split) [14:50:26] *** cold_sau- is now known as cold_sauce [14:50:27] *** Joins: yossarian (~yossarian@user-12hdv1d.cable.mindspring.com) [14:50:27] *** Quits: yossarian (~yossarian@user-12hdv1d.cable.mindspring.com) (Excess Flood) [14:50:27] *** Joins: anosh_ (~anosh@unaffiliated/anosh) [14:50:53] *** Joins: woodruffw (~yossarian@unaffiliated/cpt-yossarian/x-8375832) [15:36:26] *** Joins: skasturi (~srijayk@april-fools/2014/runnerup/skasturi) [16:42:27] https://github.com/lunixbochs/patchkit [16:42:28] Title: GitHub - lunixbochs/patchkit: powerful binary patching from Python [17:21:28] *** sivoais_ is now known as sivoais [17:21:32] *** Quits: sivoais (~zaki@199.19.225.239) (Changing host) [17:21:32] *** Joins: sivoais (~zaki@unaffiliated/sivoais) [17:27:40] *** Quits: yossarian-bot (~yossarian@104.131.177.124) (Remote host closed the connection) [17:27:52] *** Joins: yossarian-bot (~yossarian@104.131.177.124) [17:27:55] *** ChanServ sets mode: +v yossarian-bot [19:02:06] on thing I keep on hitting when I want to do cool things with the web is iframe security and websites that break out of them [19:03:50] s/^on/one/ [19:03:50] sivoais probably meant: one thing I keep on hitting when I want to do cool things with the web is iframe security and websites that break out of them [19:04:28] lololol [19:05:11] I'm looking at a SO solution and they said that they did it by putting an iframe inside another iframe so that it only broke out of the first one... not sure if that would work [19:08:08] *evil mastermind laugh* "haha, you thought you escaped my maze, but you just escaped into my even more challenging maaaaze" [19:10:59] oooh, the solution is HTML5 sandbox attr [19:11:09] [19:11:09] Title: Play safely in sandboxed IFrames - HTML5 Rocks [19:11:38] as well as installing a plugin to squash the X-Frame-Options: header [19:11:55] like [19:11:55] Title: firefox - Disable X-Frame-Option on client side - Stack Overflow [19:12:49] excuse me while I do a celebratory dance [19:29:38] well, the bad thing is that I'm opening myself up to some attacks [19:29:56] I guess I could have a separate browser session for this application specifically [19:47:02] sivoais: that shouldn't work? [19:47:12] an iframe in an iframe breakout, that is [19:55:09] this sounds so horrible [19:55:11] what are you doing [19:57:52] um, I'll make a video and share on HX. Gotta go get groceries. [19:58:28] Teaser: Vim buffer -> browser : live editing and such [19:58:59] I wrote it a couple weeks ago, but just needed to add this one feature. [21:26:45] lol https://github.com/natemara/schwift [21:26:46] Title: GitHub - natemara/schwift: An actual programming language for some reason [21:35:43] I mean, isn't there more than one swift language anyway [21:36:00] http://swift-lang.org/main/ [21:36:00] Title: The Swift Parallel Scripting Language [21:36:01] that's the one [21:37:54] lol [21:38:01] i think you're missing the point [21:38:25] oh yes, I know [21:38:45] wait [21:38:48] I went to high school with this guy [21:38:49] lmao [21:38:59] we played clarinet together [21:39:07] haha, that's hilarious [21:53:35] I did mean to look into this second swift though [21:54:05] I was at the book store and I happened across a "programming models for parallel computing" in the bargain bin :p [21:54:53] oh what, it's from november 2015 and $60 online :| [22:10:14] if you try it out, let me know [22:10:55] i think most functional languages do a good job making parallel programming easy [22:11:03] so i'd be interested in a comparison [22:12:42] i remember messing with mozart oz a while ago too: https://mozart.github.io/mozart-v1/doc-1.4.0/tutorial/index.html [22:12:42] Title: Tutorial of Oz [22:12:44] it was neat [22:12:51] but looks like they've made v2 since then [22:18:12] oh I've never seen this before [22:18:24] I do love me some good logic programming languages though [22:21:33] oh this is unrelated gsingh93 but do you have any suggestions for testing web apis for timing attack vulnerabilities? [22:23:31] my first thought is to just like, throw curl at it and time that :p but I don't know how well that would actually work [22:24:30] what are you looking for, race conditions? [22:26:02] * sivoais loves logic PLs [22:26:15] woodruffw: specifically string comparison timing attacks [22:26:30] in an open id connect server ;) [22:26:31] though I've mostly stuck with Prolog and the DSLs on top of that, like CLP(FD) and Logtalk [22:26:41] hmm [22:26:43] fuzzing and code audits [22:28:02] there's always fun to be had in throwing bad codepoints at it/control codes and seeing what happens [22:28:30] let's pretend for the sake of discussion I cant see the source code [22:28:35] if it uses regular expressions anywhere, you can try to craft an input that'll cause quadratic/exponential time [22:28:38] fuzzing [22:31:04] like, fuzzing and timing it to see if they're different between inputs? [22:31:08] mess with http headers, use a fuzzer on the parameters (as gsingh93 said) [22:31:09] over just a bunch? [22:31:22] that's worth a try [22:56:24] https://www.reddit.com/r/firefox/comments/4wpd23/popads_just_announced_that_they_have_a_new_method/ [22:56:25] Title: Unknown [22:56:33] yossarian-bot-- [22:56:52] but yeah, guess it's time to activate uBlock Origin medium mode at least [23:01:48] !slap yossarian-bot [23:01:48] * yossarian-bot slaps yossarian-bot with a large trout [23:04:11] * sivoais is amused [23:04:43] it probably shouldn't be a truly random fuzzer, but more of a mutation fuzzer [23:04:45] adding, deleting, mutating bytes [23:04:47] then grouping by request time and observing patterns [23:05:37] can you have your own man page sections? [23:05:43] like `man 10 foo` [23:05:51] i want to generate man page for assembly instructions [23:05:59] because that would just be so much more convenient [23:06:09] but i don't want to polute another man page section [23:07:03] yes, you can [23:07:23] each manual section is just a subdirectory in $MANPATH, usually [23:07:31] awesome [23:08:03] a good example of a custom man section is 6x (xscreensaver), if you want a reference [23:08:20] usually you add a suffix for a subsection [23:08:48] mhm [23:09:07] i think something like this would be it's own section [23:09:08] ah, yes, 6 (Games and screensavers) + x (X Windows System) [23:09:41] there are also lettered sections sometimes in old unices, although i'm not sure what convention they follow [23:09:46] perhaps just alphabetical [23:09:54] it's system-specific [23:10:09] I think there is a POSIX bit which might discuss it [23:10:16] probably, yeah [23:12:25] you can create your own of course... and you can just add them to the MANPATH instead of system-wide [23:12:42] mhm, i have a ~/man [23:12:54] (which i think gets picked up automatically, since i didn't modify MANPATH) [23:13:28] If you don't want to write troff, there are converters [23:13:50] pandoc might work, but I don't know how well it formats [23:14:06] POD has a pod2man that is used for every Perl module [23:14:26] Tcl also creates manpages, but I've never created a Tcl package [23:14:46] i don't think writing to troff would be that hard [23:15:32] ah, you're generating them, not maintaining by hand [23:15:52] i've written troff by hand, it's not too bad once you remember the 4-5 primary macros [23:16:11] but yeah, generators will always do a better job and spare you the pain [23:16:30] yup [23:16:41] i'm going to try to use pdfminer to generate them from the intel manuals [23:17:02] oh haha, gl;hf ... PDFs *sigh* [23:17:51] pdftotext might be helpful [23:18:24] those PDFs might be regular... but just so you know... word-splitting in all those tools is based on heuristics [23:18:51] the text stream in PDFs just tells you how much pixel space is between each character [23:36:20] pdfminer takes a different approach i think than just reading the streams: http://www.unixuser.org/~euske/python/pdfminer/programming.html [23:36:21] Title: Programming with PDFMiner [23:42:57] yeah, that's what you have to do. Render to a "in-memory device" and start looking at bounding boxes and joining them together base don the distance [23:43:13] s/ don/d on/ [23:43:13] sivoais probably meant: yeah, that's what you have to do. Render to a "in-memory device" and start looking at bounding boxes and joining them together based on the distance [23:45:04] with OCR, the layout analysis is done using an algorithm like [23:45:04] Title: Recursive XY-cut - Wikipedia, the free encyclopedia