Conversation
Notices
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Thursday, 30-Jan-2025 06:15:47 JST 
✙ dcc :pedomustdie: :phear_slackware:
Rust mem eror'd....
thread 'tokio-runtime-worker' panicked at src/player.rs:97:55:
called `Option::unwrap()` on a `None` value
I THOUGH IT WAS MEMEORY SAFE SAAR :troll:-
Embed this notice
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 06:17:34 JST 
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@dcc yeah it stopped you from dereferencing null, and told you where it was doing it from, quite helpful actually. in C it would've just told you "Segmentation Fault" and left you to eat shit -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Thursday, 30-Jan-2025 06:18:09 JST
✙ dcc :pedomustdie: :phear_slackware:
@nyanide I did not do anything lol, thats the code the inv thing uses. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 06:18:28 JST 
Phantasm
@dcc Never talk about std::mem::forget to Rust evangelists. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 06:18:49 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@dcc you may want to report this as a bug -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Thursday, 30-Jan-2025 06:19:26 JST
✙ dcc :pedomustdie: :phear_slackware:
@nyanide I'm not making a git hub acount lol, we will see if it happens again. -
Embed this notice
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 06:19:36 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@phnt @dcc what's so bad about it -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 06:23:31 JST
Phantasm
@nyanide @dcc It leaks memory, something _some_ Rust programmers refuse to acknowledge that Rust can do.
To be more precise it takes ownership of the argument and forgets it without running it's destructor.
By it self it's basically harmless as you have to call it manually, but it could possibly be leveraged to force a specific heap order that you can then exploit if you find a way to break out of the Rust bounds checking. The chance of this getting exploited in the future is near zero. -
Embed this notice
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:03:47 JST 
tsoifan1997
@ins0mniak @dcc @phnt @nyanide @mr64bit
Nothing says "h4ck3r" more than a flashy rainbow diglet title that's a wrapper another script. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:03:49 JST
Phantasm
@mr64bit @dcc @nyanide It's been a long time since I saw someone like this. They seemingly mostly went away after the rewrite in Rust meme died out. Recently it's mostly people that actually write Rust trying to force Rust onto other projects, because muh memory safety and other stuff.
The last time I had any kind of discussion with someone that could be described as a Rust evangelist was during the Lina Linux drm threads. It was about why Rust shouldn't be used in Linux due to its non-existent ABI and other related stuff. They deleted their replies a few days after for whatever reason.
But I still like to shitpost about Rust every once in a while, because somehow barely funny posts make them react every time. That includes today's posts.
In the end, I don't have a problem when a project is written in it, but I still stand by my opinion that it shouldn't be used for low-level programming. It's just not a language for it. There's no stable ABI, interacting with Rust code outside of Rust is painful, static-linking everything is stupid and cargo is borderline garbage. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:03:49 JST 
ins0mniak
@phnt @dcc @nyanide @mr64bit nyanide :nyancat_rainbow::nyancat_body::nyancat_face: repeated this. -
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 30-Jan-2025 07:03:50 JST 
mr64bit
@phnt @dcc @nyanide I'm convinced there's basically no overlap between the rust evangelists everyone complains about and people who actually write rust. Then again, I never see the evangelists either, seems be a strawman for the most part. -
Embed this notice
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:04:00 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@sysrq @ins0mniak @dcc @mr64bit @phnt nmap poopsock.org | lolcat -
Embed this notice
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:07:02 JST
tsoifan1997
@nyanide @dcc @ins0mniak @mr64bit @phnt -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:08:16 JST
Phantasm
@ins0mniak @dcc @nyanide @mr64bit You probably don't use Arch, or know about it's "drama", but literally the only reason why paru, the AUR helper, was created, is because the creator of yay, written in Golang, and a co-maintainer of it had a dispute over why it should be rewritten in Rust.
To this day they are mostly the same minus the language used.✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 30-Jan-2025 07:08:19 JST 
@ins0mniak @dcc @phnt @nyanide @sysrq @mr64bit Read it, supposedly it advertises itself as a "modern day Rust port scanner" while simply calling nmap underneath. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:08:20 JST
ins0mniak
@sysrq @dcc @phnt @nyanide @mr64bit Ikr? what the hell is the point even?
nmap works just fine, I don't see what it brings to the table.nyanide :nyancat_rainbow::nyancat_body::nyancat_face: repeated this. -
Embed this notice
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:12:07 JST
tsoifan1997
@ins0mniak @dcc @phnt @nyanide @mr64bit
I have no fucking clue, I think it's for street cred "look at my flashy h4cker tool!". Like a few years ago I was looking into stuff like GSM and SMS spoofing and found a bunch of github repos belonging to kids all showing off their "SMS spoofing" scripts, but all of them were just the same bash script that used a free texting API but with different names/colour schemes. -
Embed this notice
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:12:56 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@sysrq @ins0mniak @dcc @mr64bit @phnt welcome to the wonderful world of script kiddie communities, it's changed since 2008 -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:15:40 JST
ins0mniak
@mint @dcc @phnt @nyanide @sysrq @mr64bit yeah i saw that.
There are a few alternative projects out there if on wanted one.
https://github.com/projectdiscovery/naabu.git
I haven't used this one much but it is pretty speedy. Although that's not always a good thing. You don't want to be just sling packets at a server like that if you want to be on the sly likes this. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:54:17 JST
ins0mniak
@phnt @dcc @nyanide @sysrq @mr64bit ha! nice man.
its wild to me how insecure this stuff is. I mean it literally broadcastes what it is.
I was fucking with the washing machines in my building. Like it was such shit that you could used hack rf to signal it to turn on so free laundry.
I was annoyed because some douche white hat nerds went online and made a big stink about it but they still havent' fixed it lol✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:54:18 JST
Phantasm
@ins0mniak @dcc @nyanide @sysrq @mr64bit I had some fun with a Samsung smart fridge open WiFi AP in December. Got bored around the third time it showed up presumably after the real owners factory reset it in some way. I guess it prevented them from registering it with the app and it started beeping after I connected to it.
Got them to print out an angry letter about that and tape it to the apartment complex bulletin board. :lainsip:
e932b3dc-e246-4bbf-8583-d9d56b002716.jpg -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:54:19 JST
ins0mniak
@sysrq @dcc @phnt @nyanide @mr64bit I keep mdk4 running pretty much non-stop.
my apartment complex just sees bssids saying stuff like "your body my choice" or like "the guy in 203 is a homo" -
Embed this notice
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Thursday, 30-Jan-2025 07:54:20 JST
tsoifan1997
@ins0mniak @dcc @phnt @nyanide @mr64bit
I am uncertified and unethical, I am broadcasting bullshit Wi-Fi packets containing "nigger" because funny -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:54:21 JST
ins0mniak
@nyanide @dcc @phnt @sysrq @mr64bit Certified Ethical Hackers!!! -
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 30-Jan-2025 07:54:38 JST
mr64bit
@ins0mniak @dcc @phnt @nyanide @sysrq I've got a bunch of wifi cameras from a coworker that I want to use by gutting the chinese crapware they come with and writing my own. getting into them initially was hilariously trivial, root ftp with no creds, then I RE'd a binary to find command injection to get a shell. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:54:39 JST
ins0mniak
@phnt @dcc @nyanide @sysrq @mr64bit Oh agreed dude. IoT is so freaking fun.
I got that no starch book a while ago so I've been playing around with it a lot. The best are those shitty Chinese security cameras. wow! those things.
I keep a kit in my bag. just a pi, with some dongles and my flipper.
That damn thing is rediculous. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:54:40 JST
Phantasm
@ins0mniak @dcc @nyanide @sysrq @mr64bit IoT is a goldmine of security vulns. It almost seems impossible to someone that hasn't dabbled in it. Like UART root shells, hard-coded passwords across multiple products, weak custom encryption and raw HTTP traffic are basically the norm to this day. Especially on products from Asia.
To this day basically no sysadmin updates firmware for most of the embedded devices on network. The Hollywood camera stuff presented at Blackhat a decade ago still mostly holds true. It's ridiculous. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Thursday, 30-Jan-2025 07:58:21 JST
✙ dcc :pedomustdie: :phear_slackware:
@phnt @nyanide @sysrq @ins0mniak @mr64bit Btw the rust program crashed again (same shit) :alex_lol: -
Embed this notice
ins0mniak (ins0mniak@majestic12.airforce)'s status on Thursday, 30-Jan-2025 07:59:01 JST
ins0mniak
@mr64bit @dcc @phnt @nyanide @sysrq well people put them on their shitty networks too.
Resturants do that crap all the time. You know like, they offer free wifi, which is on the same network as their pos systems, and of course the cameras.
Hell they love using super old micros systems because oracle charged upwards of 10k for them. I've seen them running on windows CE.
ill just walk around and use my phone to shell into my pi and just poke around the whole town.✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 07:59:25 JST
Phantasm
@mr64bit @dcc @nyanide By low-level I mean things like kernels, bootloaders, base system libraries and such. Systems programming is probably a better word for that.
It's fine for writing userspace applications, not so much for libraries that other non-Rust programs would like to use (the equivalent of glibc and similar). That makes it essentially almost useless everywhere but at the end of the whole software chain. Nothing but Rust code can interact with it without breaking easily.✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 30-Jan-2025 07:59:26 JST
mr64bit
@phnt @dcc @nyanide ah, guess I'd forgotten about the 'rewrite it in rust' crazyness. I've never had problems doing low-level stuff with it, but maybe it helps that a lot of my use cases are pretty unorthodox. I agree about cargo, definitely my biggest complaint. rust may be a systems programming language, but cargo is by no means systems programming build system. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Thursday, 30-Jan-2025 08:07:53 JST
Phantasm
@dcc @nyanide @sysrq @ins0mniak @mr64bit Yeah, that's very likely a bug. It threw it's hands up before dereferencing NULL. That it compiled doesn't mean it's _correct_.
Just by looking at the code very quickly, I think it improperly handles the case where it failed to get the resolve the sigs. It initializes it to None, tries to match some sig with a regex in a for loop and when every single one fails, it still is None. Which would later cause the crash when it tries to unwrap NULL.
https://github.com/iv-org/inv_sig_helper/blob/master/src/player.rs#L77✙ dcc :pedomustdie: :phear_slackware: likes this.
-
Embed this notice
All GNU social JP content and data are available under the 