User Controls
Hey Lan, why don't you get into sec related programming.
-
2015-12-28 at 7:14 PM UTCSo i was checking out muh github and such and my oh my look at all those stars, https://github.com/NullArray then i thought, Lanny is objectively the better programmer and you have helped on just about each of the projects i have on github either with advice or code examples and such. Then i looked at your github and saw you had no stars at all so i felt bad and starred Yinch because i am all about charity. Point being, look at sec repos in general here the repo for commix, OS command injection tool https://github.com/stasinopoulos/commix GOT DANG 500+ stars.
Infosec programming is hot shit Lan, you should write a virus or something, then i'll promote you on muh twitter and it will be win/win because i got the scoup on a dank ass new virus and you will get lots of stars and e-cred.
Also, talk about programming, remember how i had issues with output retrieval of PyCat when i had it on a compromised server? You said because the script didn't finsih it's process within 30 seconds CGI's execution model was cramping my style. So i took that advice to heart and added a timer on the main loop.
So where initially the main loop in the scanner was:
while True:
I changed it to:
import time
try:
start = time.time()
while (time.time() - start < 15):
To solve that particular problem. <3 -
2015-12-29 at 7:01 AM UTCFormula for getting lots of github stars:
1) Pick a project idea that has viral potential. It doesn't have to be some great technical feat, just something that can be easily understood by the average layman and does something useful or quirky.
2) Make a good readme. There should be some kind of demo or usage example front-and-center. I honestly like to put a gif in there of the repo in action.
3) Post it on /r/programming and hacker news.
Thank me later. -
2015-12-29 at 7:50 AM UTC
Formula for getting lots of github stars:
1) Pick a project idea that has viral potential. It doesn't have to be some great technical feat, just something that can be easily understood by the average layman and does something useful or quirky.
2) Make a good readme. There should be some kind of demo or usage example front-and-center. I honestly like to put a gif in there of the repo in action.
3) Post it on /r/programming and hacker news.
Thank me later.
Protips right here, matter of fact my scripts were featured on security network so lol exposure. I got one and two down to a tee. -
2015-12-29 at 8:47 AM UTC
So i was checking out muh github and such and my oh my look at all those stars, https://github.com/NullArray then i thought, Lanny is objectively the better programmer and you have helped on just about each of the projects i have on github either with advice or code examples and such. Then i looked at your github and saw you had no stars at all so i felt bad and starred Yinch because i am all about charity. Point being, look at sec repos in general here the repo for commix, OS command injection tool https://github.com/stasinopoulos/commix GOT DANG 500+ stars.
Infosec programming is hot shit Lan, you should write a virus or something, then i'll promote you on muh twitter and it will be win/win because i got the scoup on a dank ass new virus and you will get lots of stars and e-cred.
Also, talk about programming, remember how i had issues with output retrieval of PyCat when i had it on a compromised server? You said because the script didn't finsih it's process within 30 seconds CGI's execution model was cramping my style. So i took that advice to heart and added a timer on the main loop.
So where initially the main loop in the scanner was:
while True:
I changed it to:
import time
try:
start = time.time()
while (time.time() - start < 15):
To solve that particular problem. <3
Glad to see you got PyCat over shellshock working.
I'm not particularly concerned about stars, I mean there is a certain values in the "prestige" a high star repo carries but I mean what's the point in trying to game that? Epeen and I guess some points with some interviewers maybe. Also most of my repos aren't library stuff (except the celery worker one which I should start back up and try to hype on HN because it's a great idea), not something other people are going to use (or at least that github users are going to use), so the only point staring it would be if you were a contributor or something.
Infosec stuff is interesting through, or at least exploits are. But then exploit discovery is kind of a tedious process, you either read a lot of source most of which will be secure or you try a lot of blind attacks and see if they work. Attack surface is what produces exploits like 90% of the time, it's comparatively rare that a genuinely novel idea rolls around. Like you find out SQLi is a thing which is cool followed by decades of people finding examples of SQLi vulnerabilities is like, good to know but in the same sense that it's good to know that a given streetlight in your city is out. You want to know that someone knows it, and someone has a pressing need to know it, but you only care in the most detached sense. And then there's opsec which is definitely important but man I just can't be fucked with most of the time, it's just feels like hoops.
There's almost definitely more to it than that, I should probably learn more about a field before dismissing it like that. It's interesting, I think I picked up that attitude ages ago. Do you know the etymology/history of the term hacker? I remember the first time I ever realized there was a culture around programming was when I read ESR's "how to become a hacker" textfile (probably copy pasted onto totse, damn...) and like one of the first things he does there is to be like "infosec people are 'crackers'* and fuck them" and that was a real attitude at the time it was written, I guess founded in the kind of persecution a lot of "hackers"(by ERS's definition) experienced as backlash to copy-paste "skiddie" thing that was feasible for a few years there.
*as far as I know it's a term that community never picked for itself
​Formula for getting lots of github stars:
1) Pick a project idea that has viral potential. It doesn't have to be some great technical feat, just something that can be easily understood by the average layman and does something useful or quirky.
2) Make a good readme. There should be some kind of demo or usage example front-and-center. I honestly like to put a gif in there of the repo in action.
3) Post it on /r/programming and hacker news.
Thank me later.
Yeah, I mean that sounds about right. But again, what do you even do with that? Fake internet points, wooo! -
2015-12-29 at 11:25 AM UTC
Glad to see you got PyCat over shellshock working.
I'm not particularly concerned about stars, I mean there is a certain values in the "prestige" a high star repo carries but I mean what's the point in trying to game that? Epeen and I guess some points with some interviewers maybe. Also most of my repos aren't library stuff (except the celery worker one which I should start back up and try to hype on HN because it's a great idea), not something other people are going to use (or at least that github users are going to use), so the only point staring it would be if you were a contributor or something.
Infosec stuff is interesting through, or at least exploits are. But then exploit discovery is kind of a tedious process, you either read a lot of source most of which will be secure or you try a lot of blind attacks and see if they work. Attack surface is what produces exploits like 90% of the time, it's comparatively rare that a genuinely novel idea rolls around. Like you find out SQLi is a thing which is cool followed by decades of people finding examples of SQLi vulnerabilities is like, good to know but in the same sense that it's good to know that a given streetlight in your city is out. You want to know that someone knows it, and someone has a pressing need to know it, but you only care in the most detached sense. And then there's opsec which is definitely important but man I just can't be fucked with most of the time, it's just feels like hoops.
There's almost definitely more to it than that, I should probably learn more about a field before dismissing it like that. It's interesting, I think I picked up that attitude ages ago. Do you know the etymology/history of the term hacker? I remember the first time I ever realized there was a culture around programming was when I read ESR's "how to become a hacker" textfile (probably copy pasted onto totse, damn…) and like one of the first things he does there is to be like "infosec people are 'crackers'* and fuck them" and that was a real attitude at the time it was written, I guess founded in the kind of persecution a lot of "hackers"(by ERS's definition) experienced as backlash to copy-paste "skiddie" thing that was feasible for a few years there.
*as far as I know it's a term that community never picked for itself
Thank you for your thoughts and yeah, you should start your celery stuff back up. Also exploit development is well beyond my capabilities as of yet so idk you're probably right. Also i wasn't aware of the etymology of the word 'hacker' so that's interesting as well.
Anyway, i like it i got some stars because it's kind of an acknowledgement i am improving my skills so that's some good positive reinforcement for me right there. It keeps me motivated even though it's only "fake internet points" real people did give them so you know they saw what you did and at the very least found it useful or interesting so that's nice IMO.
​Fake internet points, wooo!
I live for that shit breh. It's what gets me up in the morning. Kek.
-
2015-12-30 at 4:31 AM UTC
Yeah, I mean that sounds about right. But again, what do you even do with that? Fake internet points, wooo!
Well it's like having a bigger dick, it just looks nice. When people go to your github account and see that big dick, they get jelly and want to hire you. I kid a bit, obviously, but that kind of shit does have an impact on people unfortunately.Infosec stuff is interesting through, or at least exploits are. But then exploit discovery is kind of a tedious process, you either read a lot of source most of which will be secure or you try a lot of blind attacks and see if they work. Attack surface is what produces exploits like 90% of the time, it's comparatively rare that a genuinely novel idea rolls around. Like you find out SQLi is a thing which is cool followed by decades of people finding examples of SQLi vulnerabilities is like, good to know but in the same sense that it's good to know that a given streetlight in your city is out. You want to know that someone knows it, and someone has a pressing need to know it, but you only care in the most detached sense. And then there's opsec which is definitely important but man I just can't be fucked with most of the time, it's just feels like hoops.
It's the sort of thing that I feel doing professionally would completely destroy the fun of. That's just a guess though. Most of the fun in doing security stuff is getting into places you're not supposed to be in and exploring. If you had to turn that into a day job where they were expecting you to jump in and as soon as you found a hole you couldn't explore more, I'm guessing that would get old. -
2015-12-30 at 7:55 AM UTC
Also i wasn't aware of the etymology of the word 'hacker' so that's interesting as well.
Yeah, it's an interesting history. ERS's two famous textfiles (How to be a Hacker and The Cathedral and the Bazaar) are still worthwhile reads today I think. They may not represent what hacking, cracking, or programming in the mainstream is today but it's hard to talk about the current state of things without reference to the era that he largely enshrines in those two texts.Well it's like having a bigger dick, it just looks nice. When people go to your github account and see that big dick, they get jelly and want to hire you. I kid a bit, obviously, but that kind of shit does have an impact on people unfortunately.
That's true, employers do actually care about that kind of thing I'm afraid but then employers care about linkedin profiles but I'm not signing up for that since I'm not a hardcore faggot so I guess I'll just take it on the chin and hope someone who's willing to actually open a repo and look at the code is who will be making the hiring decision.It's the sort of thing that I feel doing professionally would completely destroy the fun of. That's just a guess though. Most of the fun in doing security stuff is getting into places you're not supposed to be in and exploring. If you had to turn that into a day job where they were expecting you to jump in and as soon as you found a hole you couldn't explore more, I'm guessing that would get old.
Yeah, I could definitely see that. Even the more mundane activity of programming, shit being on a deadline where you can never make anything good, just barely good enough to pass muster and a smoke test, it can rip all the fun out of it. I've found as one gets faster, better, you learn to pretend to be mediocre/slow and use the time that buys you to do actual good work and that restores some of the joy to things. I imagine there's an analog in infosec but I wouldn't know from experience. -
2015-12-30 at 9:04 AM UTC
But then exploit discovery is kind of a tedious process, you either read a lot of source most of which will be secure or you try a lot of blind attacks and see if they work. Attack surface is what produces exploits like 90% of the time, it's comparatively rare that a genuinely novel idea rolls around.
Very true. -
2015-12-30 at 6:36 PM UTCDon't mind me, just stroking my dick while i look at all the stars PyCat got, lol 70, this is getting ridiculous. I don't even feel it deserves that much, but lol Python Trending and Security Network, gave my github exposure so now my repo is all hyped up.