| --- Log opened Tue May 15 00:00:16 2007 |
| --- Day changed Tue May 15 2007 |
| 00:00 | <@AnnoDomini> | Takyoji: The concept of KarmaBot is that it is supposed to be a dicebot, with some roleplaying games utilities. |
| 00:01 | < MyCatVerbs> | Takyoji: \\ |
| 00:01 | < Takyoji> | AnnoDomini: Ahh, interesting. What language are you compiling it in? |
| 00:01 | < Takyoji> | oh k |
| 00:01 | <@AnnoDomini> | It's a mIRC instance with scripts. |
| 00:02 | < Takyoji> | MyCatVerbs: Sorry for my stupid question. I actually meant the character that represents a deletion of the previous character... |
| 00:02 | < MyCatVerbs> | Backspace? oO |
| 00:02 | < Takyoji> | Perl? |
| 00:03 | < MyCatVerbs> | No clue. |
| 00:03 | < Takyoji> | MyCatVerbs, I don't specifically know.. >_> |
| 00:05 | < Takyoji> | * if it exists at all, that is |
| 00:08 | <@gnolam> | Try \b. |
| 00:08 | < Takyoji> | Tried it, but it failed |
| 00:09 | | * gnolam shrugs. |
| 00:09 | < Takyoji> | I'm just trying to manipulate a string in PHP which is then printed in HTML |
| 00:10 | < Takyoji> | I guess I shouldn't have really brought it up since it's nothing big of a difference anyway |
| 00:10 | <@gnolam> | \b is the usual escape sequence for it. |
| 00:10 | < Takyoji> | yea, that's what I thought |
| 00:13 | < Takyoji> | Yea, I guess it doesn't accept that escape sequence.. |
| 00:17 | | ToxicFrog|wr0k [~ToxicFrog@Admin.Nightstar.Net] has quit [Client exited] |
| 00:23 | | MahalErrand is now known as Mahal |
| 00:29 | | GeekSoldier [~Rob@Nightstar-5397.pools.arcor-ip.net] has quit [Ping Timeout] |
| 00:31 | | GeekSoldier [~Rob@Nightstar-5397.pools.arcor-ip.net] has joined #code |
| 00:38 | | ToxicFrog [~ToxicFrog@Admin.Nightstar.Net] has joined #code |
| 00:38 | | mode/#code [+o ToxicFrog] by ChanServ |
| 00:57 | | TakyojiClone [~Takyoji@Nightstar-25812.dhcp.roch.mn.charter.com] has joined #code |
| 00:58 | | Takyoji [~Takyoji@Nightstar-25812.dhcp.roch.mn.charter.com] has quit [Killed (NickServ (GHOST command used by TakyojiClone))] |
| 00:58 | | TakyojiClone is now known as Takyoji |
| 01:37 | | Mahal is now known as MahalOut |
| 01:38 | | Takyoji is now known as Takyoji2 |
| 01:39 | | Takyoji2 is now known as Takyoji |
| 01:41 | | gnolam [lenin@Nightstar-13557.8.5.253.se.wasadata.net] has quit [Quit: Z?] |
| 02:00 | | Syloq [Syloq@NetAdmin.Nightstar.Net] has joined #code |
| 02:16 | | Thaqui [~Thaqui@Nightstar-25913.jetstream.xtra.co.nz] has joined #code |
| 02:16 | | mode/#code [+o Thaqui] by ChanServ |
| 02:22 | | Syloq [Syloq@NetAdmin.Nightstar.Net] has quit [Ping Timeout] |
| 02:30 | | KarmaBot [~karma.bot@Nightstar-29204.neoplus.adsl.tpnet.pl] has quit [Ping Timeout] |
| 02:34 | < MyCatVerbs> | Haskell is fun. |
| 02:35 | < MyCatVerbs> | You can define arbitrary datatypes and all sorts of standard relations between them, sometimes in totally nonstandard ways. |
| 02:36 | < MyCatVerbs> | Hate your colleagues? Officepolitik your way into forcing them to use a class in which (==) is not transient. Hours of fun! \o/ |
| 02:47 | < Takyoji> | Which OS is it for? Or is it cross-compatible? |
| 02:48 | < MyCatVerbs> | Cross-platform in theory. In practice, it's a *lot* easier to run under, erm, any Unix at all on the planetr |
| 02:48 | < MyCatVerbs> | *planet than under Windows. |
| 02:50 | < Takyoji> | ahh |
| 03:08 | <@ToxicFrog> | MyCatVerbs: you know, that sounds a lot like C++, only without the added fun of using templates that generate incorrect code under some, but not all, compilers. |
| 03:08 | < MyCatVerbs> | Ah, heh. |
| 03:08 | < MyCatVerbs> | With Haskell, you have to be a total cunt on purpose. ^^ |
| 03:08 | <@Vornicus> | "transitive", not "transient" |
| 03:08 | <@ToxicFrog> | (or, if you're using MSVC, semantically incorrect code that somehow generates the correct machine code) |
| 03:08 | < MyCatVerbs> | Vornicus: thanks. |
| 03:10 | <@Vornicus> | and I've done nontransitive == |
| 03:10 | <@Vornicus> | Real easy, it's floating point with epsilon |
| 03:11 | < MyCatVerbs> | Vornicus: eh? But that won't make mistakes when the arguments are the results of copying, only from arithmetic expressions that ought to come out the same but don't. |
| 03:12 | <@Vornicus> | O.o |
| 03:13 | < MyCatVerbs> | float a = pi; float b = asin(1)*2; if (a==b) /* no way of telling */ |
| 03:13 | <@Vornicus> | Well, yeah, but |
| 03:13 | < MyCatVerbs> | float a = pi; float b = a; if ((a==b)==(b==a)) /* always true */ |
| 03:13 | <@Vornicus> | Why would you want a nontransitive equality any other way? |
| 03:14 | < MyCatVerbs> | Vornicus: you shouldn't, ever. It's one of those things that you can do, but shouldn't. |
| 03:14 | <@Vornicus> | THen why is this so fun? |
| 03:15 | < MyCatVerbs> | Because it gives you the ability to hurt people who have to use your code. I did say so. :/ |
| 03:15 | <@Vornicus> | How is driving your coworkers insane fun? i mean, it seriously increases your risk of getting chainsawed. |
| 03:16 | < MyCatVerbs> | You boobytrap your office or cube doorway. |
| 03:17 | < MyCatVerbs> | Coworker shows up with a chainsaw to cut you in half, BLAM! Claymore goes off, map (\Person x -> Dogmeat x) [angrypeople] |
| 03:21 | | MahalOut is now known as Mahal |
| 03:25 | | ReivZzz is now known as Reiver |
| 03:30 | <@ToxicFrog> | ... |
| 03:47 | | Takyoji [~Takyoji@Nightstar-25812.dhcp.roch.mn.charter.com] has quit [Quit: Leaving] |
| 04:27 | | Pi [~sysop@Nightstar-6875.hsd1.wa.comcast.net] has quit [Ping Timeout] |
| 04:29 | | Pi [~sysop@Nightstar-6875.hsd1.wa.comcast.net] has joined #code |
| 04:29 | | mode/#code [+o Pi] by ChanServ |
| 04:37 | | Mahal is now known as MahalBread |
| 04:48 | | Reiver is now known as ReivClass |
| 04:51 | <@Vornicus> | "Engineering the killer app isn't exactly childs play. But using it better be." |
| 04:51 | < ReivClass> | I like that. |
| 05:05 | | MahalBread is now known as MahalLaundrywench |
| 05:27 | | Vornicus is now known as Vornicus-Latens |
| 05:39 | | MahalLaundrywench is now known as Mahal |
| 06:06 | | Serah [~Z@87.72.36.ns-26407] has joined #Code |
| 06:06 | | mode/#code [+o Serah] by ChanServ |
| 06:16 | | ReivClass is now known as Reiver |
| 06:56 | | GeekSoldier is now known as GeekSoldier|wr0k |
| 07:26 | | Forjadon [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has joined #code |
| 07:26 | | mode/#code [+o Forjadon] by ChanServ |
| 07:31 | | Forjehdon [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has joined #code |
| 07:32 | | Forjadon [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has quit [Ping Timeout] |
| 07:32 | | Forjehdon is now known as Forjadon |
| 08:12 | | KarmaBot [~karma.bot@Nightstar-29204.neoplus.adsl.tpnet.pl] has joined #Code |
| 08:21 | | You're now known as TheWatcher |
| 08:51 | | KBot [~karma.bot@Nightstar-29222.neoplus.adsl.tpnet.pl] has joined #Code |
| 08:52 | | AnnoDomini [~farkoff@Nightstar-29204.neoplus.adsl.tpnet.pl] has quit [Ping Timeout] |
| 08:52 | | KarmaBot [~karma.bot@Nightstar-29204.neoplus.adsl.tpnet.pl] has quit [Ping Timeout] |
| 08:52 | | KBot is now known as KarmaBot |
| 08:53 | | Forjehdon [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has joined #code |
| 08:54 | | Forjadon [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has quit [Ping Timeout] |
| 08:55 | | Forjehdon is now known as Forjadon |
| 08:59 | | AnnoDomini [~farkoff@Nightstar-29222.neoplus.adsl.tpnet.pl] has joined #Code |
| 08:59 | | mode/#code [+o AnnoDomini] by ChanServ |
| 09:04 | | You're now known as TheWatcher[afk] |
| 09:05 | | Forjadon is now known as ForjadonMoveh |
| 09:33 | | Mahal is now known as MahalBed |
| 09:51 | | You're now known as TheWatcher[wr0k] |
| 10:32 | | Chalcedon [~Chalcedon@Nightstar-1216.ue.woosh.co.nz] has quit [Quit: Gone] |
| 10:46 | | GeekSoldier|wr0k is now known as GeekSoldier |
| 11:21 | | GeekSoldier is now known as GeekSoldier|work |
| 11:38 | | GeekSoldier_ [~Rob@Nightstar-4958.pools.arcor-ip.net] has joined #code |
| 11:39 | | GeekSoldier|work [~Rob@Nightstar-5397.pools.arcor-ip.net] has quit [Ping Timeout] |
| 12:13 | | ForjadonMoveh [~Forjadon@Nightstar-1216.ue.woosh.co.nz] has quit [Quit: Leaving] |
| 12:20 | | gnolam [lenin@Nightstar-13557.8.5.253.se.wasadata.net] has joined #Code |
| 12:20 | | mode/#code [+o gnolam] by ChanServ |
| 13:08 | | Thaqui [~Thaqui@Nightstar-25913.jetstream.xtra.co.nz] has left #code [Leaving] |
| 14:33 | | GeekSoldier_ is now known as GeekSoldier |
| 14:35 | | Vornicus-Latens is now known as Vornicus |
| 14:41 | | [0]ToxicFrog [~ToxicFrog@Admin.Nightstar.Net] has joined #code |
| 14:42 | | [0]ToxicFrog is now known as ToxicFrog|W`rkn |
| 14:49 | < TheWatcher[wr0k]> | Idly TF, did you track down that type signature? |
| 15:00 | < ToxicFrog|W`rkn> | Yeah, it's declared in a really weird way, which is why grep didn't pick it up. |
| 15:00 | < ToxicFrog|W`rkn> | typedef struct { ... } type_1, type_2, type_3; |
| 15:01 | < TheWatcher[wr0k]> | ... |
| 15:01 | < TheWatcher[wr0k]> | eugh |
| 15:04 | | Reiver is now known as ReizVvv |
| 15:06 | < ToxicFrog|W`rkn> | I have no idea what that syntax even does. |
| 15:07 | < ToxicFrog|W`rkn> | The code on the whole is pretty clean and straightforward, though. |
| 15:07 | < ToxicFrog|W`rkn> | The documentation, on the other hand, is sorely lacking |
| 15:08 | < TheWatcher[wr0k]> | type_1, type_2 and type_3 are all aliases for the same thing. |
| 15:09 | < TheWatcher[wr0k]> | I've seen it before, and the general comment applied at that point is /* for the love of God, /WHY/ */ |
| 15:10 | < ToxicFrog|W`rkn> | Well. Let's find out. |
| 15:10 | < ToxicFrog|W`rkn> | ...or not, because I can't SSH into the box at the moment. Right. |
| 15:10 | | * ToxicFrog|W`rkn flails |
| 15:25 | < ToxicFrog|W`rkn> | There we go |
| 15:26 | < ToxicFrog|W`rkn> | Aha. |
| 15:27 | < ToxicFrog|W`rkn> | Ok, it's "Csp1OperationBuffer" because that's what it needs to be called for consistency with the SSL API, and it's "n1_request_buffer" because that's what it actually is, and it's "n1_operation_buffer" because in the current implementation those are the same type undernearth. |
| 15:27 | < ToxicFrog|W`rkn> | So this is actually the right thing to do, I think. |
| 16:06 | | You're now known as TheWatcher |
| 16:52 | | * ToxicFrog|W`rkn sads at this opcode |
| 16:52 | < ToxicFrog|W`rkn> | opcode = |
| 16:52 | < ToxicFrog|W`rkn> | <7:0> 0x05 (64<= modlength <= 128) or |
| 16:52 | < ToxicFrog|W`rkn> | 0x03 (_large) (128< modlength <= 256) |
| 16:52 | < ToxicFrog|W`rkn> | <8:12> MBZ |
| 16:52 | < ToxicFrog|W`rkn> | <13> verify/finish |
| 16:52 | < ToxicFrog|W`rkn> | 0 = verify, RSA_VERIFY |
| 16:52 | < ToxicFrog|W`rkn> | 1 = finished, RSA_FINISH |
| 16:53 | < ToxicFrog|W`rkn> | <14> return encrypted master secret? |
| 16:53 | < ToxicFrog|W`rkn> | 0 = is not returned |
| 16:53 | < ToxicFrog|W`rkn> | 1 = is returned |
| 16:53 | < ToxicFrog|W`rkn> | <15> MBZ |
| 17:17 | | You're now known as TheWatcher[afk] |
| 18:28 | | You're now known as TheWatcher |
| 19:17 | | MahalBed is now known as Mahal |
| 20:49 | | GeekSoldier is now known as GeekSoldier|Sleep |
| 21:35 | | Chalcedon [~Chalcedon@Nightstar-1216.ue.woosh.co.nz] has joined #code |
| 21:35 | | mode/#code [+o Chalcedon] by ChanServ |
| 22:28 | | Takyoji [~Takyoji@Nightstar-25812.dhcp.roch.mn.charter.com] has joined #code |
| 22:29 | < Takyoji> | So I'm trying to work on a SQL-injection finder which is going to be server-side. Any suggestions? |
| 22:31 | < Takyoji> | Would having it checking the variables with the following RegEx be a good consideration? (.*)['|"]; (.*); -- |
| 22:34 | < ToxicFrog|W`rkn> | | is a SQL reserved character? |
| 22:34 | < Takyoji> | whoops |
| 22:34 | < Takyoji> | ('|") I meant |
| 22:35 | < ToxicFrog|W`rkn> | Or you could just use ['"] |
| 22:35 | < Takyoji> | Could |
| 22:36 | < ToxicFrog|W`rkn> | Anyways. I know very little about SQL, so, probably not the right person to ask. |
| 22:36 | < ToxicFrog|W`rkn> | This is a nonissue in Lua once you twig to using return-prefixing~ |
| 22:36 | < Takyoji> | Cookies can obviously be modified so that it could be used as a MySQL injection, right? |
| 22:36 | < ToxicFrog|W`rkn> | I know nothing of cookies. |
| 22:37 | < Takyoji> | oh, okay |
| 22:40 | <@Vornicus> | um |
| 22:41 | <@Vornicus> | PHP or the SQL library you're using will probably have data cleansing tools. |
| 22:41 | < ToxicFrog|W`rkn> | s/will/should/ |
| 22:41 | <@Vornicus> | true |
| 22:41 | < ToxicFrog|W`rkn> | In particular I wouldn't assume anything about PHP's safety. |
| 22:41 | < EvilDarkLord> | PHP has them, this I know. Whether people use them is another matter. |
| 22:42 | < ToxicFrog|W`rkn> | I seem to recall that for several versions QUERY_STRING could overwrite language builtins, etc. |
| 22:42 | <@Vornicus> | Anyway you're generally better off finding an established library; they generally are the focus of a lot of attack attempts, and will therefore be hardened against some really wacky things. |
| 22:43 | < Takyoji> | First off: I know there is a command for escaping characters in a string for MySQL. But of which can't tell if it's an injection |
| 22:44 | < Takyoji> | Additionally I'm trying to make it find common patterns of an injection and report it if found |
| 22:45 | < Takyoji> | I know it sounds kinda senseless, but it's another way to crack down on people who are trying to screw up a DB with injections |
| 22:45 | <@Vornicus> | Generally you really only want escaping; you can go through and examine the logs to check for injection attacks. |
| 22:47 | < Takyoji> | Are you talking about mysql_real_escape_string() right? |
| 22:47 | < Takyoji> | http://us.php.net/mysql_real_escape_string Look in the notes |
| 22:48 | < Takyoji> | "Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks." |
| 22:48 | < Takyoji> | erm |
| 22:48 | < Takyoji> | stupid me, read it wrong |
| 22:50 | < EvilDarkLord> | That's the one. Also remember to check for html injection if the data is something that will later be showed publicly in raw format. |
| 22:51 | | ToxicFrog|W`rkn [~ToxicFrog@Admin.Nightstar.Net] has quit [Quit: Leaving] |
| 22:54 | < Takyoji> | HTML injection meaning? |
| 22:54 | < Takyoji> | HTML injection, meaning what? * |
| 22:54 | < Takyoji> | Spam? |
| 22:55 | <@Vornicus> | Meaning that someone could embed a <script> tag. |
| 22:55 | < Takyoji> | ahh |
| 22:55 | <@Vornicus> | or similar madness |
| 22:55 | | You're now known as TheWatcher[T-2] |
| 22:59 | | You're now known as TheWatcher[zZzZ] |
| 23:01 | < MyCatVerbs> | Vornicus: or put in a floating head banner with hello.jpg in it. |
| 23:01 | <@Vornicus> | Or use CSS to make a fake toolbar appear where the real one would be. |
| 23:03 | < Takyoji> | ahh |
| 23:03 | < MyCatVerbs> | The hello.jpg thing happened on dailywtf a while back. |
| 23:03 | < MyCatVerbs> | Their site really *is* the real wtf. |
| 23:04 | < Takyoji> | By the way, does anyone how you can recieve money from a PayPal account? Meaning, the transaction method. |
| 23:04 | < Takyoji> | Let's say I don't have a credit card, but have a bank account.. do they mail the payment to you? Or do they deposit it in your bank account? |
| 23:06 | < MyCatVerbs> | Try asking paypal's site instead of us. |
| 23:06 | < Takyoji> | I guess that would be wise... |
| 23:16 | < MyCatVerbs> | I for one have no clue. |
| 23:21 | <@Vornicus> | EFT |
| 23:26 | < MyCatVerbs> | EFT? |
| 23:28 | < EvilDarkLord> | Electronic Funds Transfer? |
| 23:58 | | [0]ToxicFrog [~ToxicFrog@Admin.Nightstar.Net] has joined #code |
| 23:59 | | ToxicFrog [~ToxicFrog@Admin.Nightstar.Net] has quit [Client exited] |
| 23:59 | | [0]ToxicFrog is now known as ToxicFrog |
| --- Log closed Wed May 16 00:00:18 2007 |