HomeSearchPrevious dayNext day

00:14:16Meli quits [Ping timeout: 260 seconds]
00:17:20<pabs>JAA: sure, they are related at least though? was thinking on a separate page, like the Relay one
00:17:23<pabs>"Right now, I think it's probably best if you uninstall atop. I don't mean just stopping it, but actually keep it from being executed." https://rachelbythebay.com/w/2025/03/25/atop/
00:21:29<myself>That's.... ominous.
00:24:27etnguyen03 quits [Client Quit]
00:32:46Chris5010 quits [Quit: Ping timeout (120 seconds)]
00:33:05Chris5010 (Chris5010) joins
00:37:06vitzli (vitzli) joins
00:49:16grill quits [Ping timeout: 260 seconds]
00:50:38grill (grill) joins
00:58:26etnguyen03 (etnguyen03) joins
01:04:16fionera quits [Quit: fionera]
01:04:55fionera (Fionera) joins
01:04:59fionera quits [Client Quit]
01:07:48grill quits [Ping timeout: 250 seconds]
01:31:52<nukke>oh boy
01:40:53<LunarianBunny1147>ominous warning is very ominous
02:06:04yasomi is now known as Xe
02:09:54<steering>o_O
02:09:59steering wonders what atop is
02:11:34<steering>looking at screenshots i think i prefer htop anyway :P
02:22:48BennyOtt_ joins
02:24:04BennyOtt quits [Ping timeout: 250 seconds]
02:24:04BennyOtt_ is now known as BennyOtt
02:32:44sparky14921 (sparky1492) joins
02:36:12sparky1492 quits [Ping timeout: 250 seconds]
02:36:13sparky14921 is now known as sparky1492
02:38:19<nukke>There's a lot of speculation about why, with the answer almost certainly security / exploitable (or backdoor), and I'll just throw an extra little tidbit in:
02:38:21<nukke>atop seems to run persistently as root, which may be the reason for preventing it from running/uninstalling.
02:38:23<nukke>the netatop part of atop installs a persistent kernel module, netatop.ko, as part of its installation. The module hooks netfilter to be able to monitor all traffic.
02:38:25<nukke>If there's an exploitable flaw in the kernel module, this would be a max-severity CVE.
02:38:27<nukke>netatop _also_ runs a persistent daemon, netatopd, which I believe from inspecting the source runs as root.
02:38:29<nukke>The article's language about uninstalling it kinda sorta makes you think one of these three parts is in some way exploitable or backdoored -- any which way it's a privileged process, and one that's monitoring network traffic.
02:38:39<nukke>oops I meant to copy the comment link: https://news.ycombinator.com/item?id=43477510
02:49:15<steering>hmm, it also says to "keep it from being executed", which wouldn't help if it was in either of those components?
02:49:37<steering>but also wow yeah I definitely prefer htop :D
02:50:52<@JAA>htop++
02:50:52<eggdrop>[karma] 'htop' now has 1 karma!
02:56:51<@JAA>pabs: I should've actually looked at the Relay page; I don't consider those AT channels either. (I had assumed you meant the read-only relay channels #archivebot-chat etc.)
03:01:09<pabs>ah, I forgot the -chat channels. the current list is less AT-owned channels and more useful-to-AT channels
03:03:08<pabs>I'll make a separate table for the -chat ones
03:03:35etnguyen03 quits [Remote host closed the connection]
03:09:05<pabs>I think documenting the non-AT-but-useful-to-AT-folks channels is valuable to help get new folks more integrated into the community and knowledgeable about AT methods
03:23:57<steering>hmm, speaking of scanning things, I just noticed something: $ nc scanme.nmap.org 22
03:24:00<steering>SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
03:24:32<steering>Ubuntu 14.04!
03:39:19<myself>btop looks cooler than htop though...
03:45:39<nukke>btop has like 1000000 python dependencies
03:46:05<nukke>the smart thing to do is to memorize all pids and just use `ps`
03:48:02<myself>brb writing qbasictop
03:48:31<nicolas17>I have an idea for a faster top/ps
03:49:20<nicolas17>process tools need to open/read/close a crapload of pseudo-files in /proc, which means a lot of syscalls and context switches
03:49:47<nicolas17>has anyone tried using io_uring to optimize that?
03:50:19pabs wonders if any of them use proc events for realtime updates
03:50:34<nicolas17>1. there are proc events?
03:51:11<nicolas17>2. many pseudo files inside /proc/$pid/ change *all* the time so "notifications of updates" don't make much sense :)
03:51:16<pabs>https://lwn.net/Articles/157150/
03:51:37<nicolas17>omg
03:51:56<nicolas17>I didn't know of this
03:52:18<pabs>Python client https://github.com/dbrandt/proc_events
03:52:22<pabs>(looks ancient)
03:52:25<nicolas17>I tried monitoring process start and exit by hooking libc functions with LD_PRELOAD and it did not work well
03:52:51<nicolas17>I think some of the processes I wanted to watch used _exit() and bypassed my atexit hook
03:53:55<nicolas17>then I looked into some bpf thing to monitor syscalls and it seemed way too complicated
03:55:29<pabs>yeah syscall filtering with bpf/seccomp isn't great, since syscalls get added a lot and the numbers aren't portable anyway
03:56:18<nicolas17>I think I was also missing some processes due to posix_spawn
03:57:02<nicolas17>anyway my goal was timing all subprocesses of 'make' and making a timeline
03:57:51<pabs>hmm, reminds me of bootchart and the systemd replacement for it
03:59:01<nicolas17>is that recursive, or only watches systemd's direct children via systemd telling you their timing?
04:00:03<pabs>I think it was everything during boot
04:01:24<nicolas17>oh fun
04:01:40<nicolas17>bootchart works by polling /proc
04:03:02<nicolas17>basically "while true; do ps aux >> log; sleep $veryshorttime; done" but more efficiently in C
04:35:13<pabs>ew
05:01:38fuzzy80211 quits [Read error: Connection reset by peer]
05:02:14fuzzy80211 (fuzzy80211) joins
05:09:50MetaNova quits [Excess Flood]
05:11:11MetaNova (MetaNova) joins
05:11:19BlueMaxima quits [Read error: Connection reset by peer]
05:20:30fuzzy80211 quits [Read error: Connection reset by peer]
05:22:14AlsoHP_Archivist joins
05:22:15fuzzy80211 (fuzzy80211) joins
05:24:36HP_Archivist quits [Ping timeout: 260 seconds]
05:49:36ThetaDev quits [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
05:49:59ThetaDev joins
05:51:02midou quits [Read error: Connection reset by peer]
05:51:08midou joins
06:01:52sec^nd quits [Remote host closed the connection]
06:02:07sec^nd (second) joins
06:02:31midou quits [Ping timeout: 260 seconds]
06:03:04fuzzy8021 (fuzzy80211) joins
06:05:22midou joins
06:05:30fuzzy80211 quits [Ping timeout: 250 seconds]
06:08:53SootBector quits [Ping timeout: 276 seconds]
06:27:50fuzzy80211 (fuzzy80211) joins
06:30:13fuzzy8021 quits [Read error: Connection reset by peer]
07:03:31Meli (Meli) joins
07:46:21midou quits [Ping timeout: 260 seconds]
07:55:22midou joins
08:01:45sec^nd quits [Remote host closed the connection]
08:01:56sec^nd (second) joins
08:16:09kuroger quits [Quit: ZNC 1.9.1 - https://znc.in]
08:21:07kuroger (kuroger) joins
09:04:23Naruyoko5 joins
09:07:30Naruyoko quits [Ping timeout: 250 seconds]
09:38:45kuroger quits [Client Quit]
09:46:46kuroger (kuroger) joins
10:36:47nothere quits [Read error: Connection reset by peer]
10:45:30systwi_ quits [Quit: systwi_]
10:48:23Dango360 quits [Read error: Connection reset by peer]
10:52:33Dango360 (Dango360) joins
11:00:02Bleo18260072271962345 quits [Quit: The Lounge - https://thelounge.chat]
11:02:50Bleo18260072271962345 joins
11:04:18kuroger quits [Client Quit]
11:11:15kuroger (kuroger) joins
12:05:14nothere joins
12:09:23kuroger quits [Client Quit]
12:13:21BornOn420 quits [Remote host closed the connection]
12:13:55BornOn420 (BornOn420) joins
12:23:03kuroger (kuroger) joins
13:08:25kuroger quits [Client Quit]
13:08:44SootBector (SootBector) joins
13:11:52kuroger (kuroger) joins
13:32:56kuroger quits [Client Quit]
13:44:54kuroger (kuroger) joins
14:02:10anarcat quits [Quit: rebooting]
14:03:34anarcat (anarcat) joins
14:06:32anarcat quits [Client Quit]
14:07:53sparky1492 quits [Remote host closed the connection]
14:08:14sparky1492 (sparky1492) joins
14:08:19anarcat (anarcat) joins
15:00:39FiTheArchiver joins
15:06:12sparky14921 (sparky1492) joins
15:10:16sparky1492 quits [Ping timeout: 260 seconds]
15:10:16sparky14921 is now known as sparky1492
15:22:31NatTheCat quits [Ping timeout: 260 seconds]
15:24:34vitzli quits [Quit: Leaving]
15:25:43NatTheCat (NatTheCat) joins
15:49:37arch quits [Remote host closed the connection]
15:49:45arch joins
15:50:34arch quits [Remote host closed the connection]
15:50:43arch joins
15:59:29HackMii quits [Remote host closed the connection]
15:59:51HackMii (hacktheplanet) joins
16:20:16kuroger quits [Client Quit]
16:21:45DLoader quits [Changing host]
16:21:45DLoader (DLoader) joins
16:24:45kuroger (kuroger) joins
16:32:11kuroger quits [Read error: Connection reset by peer]
16:35:14grill (grill) joins
16:37:29sparky14920 (sparky1492) joins
16:37:46sparky1492 quits [Ping timeout: 260 seconds]
16:37:46sparky14920 is now known as sparky1492
17:26:44nomead joins
17:31:01sparky14925 (sparky1492) joins
17:34:30sparky1492 quits [Ping timeout: 250 seconds]
17:34:31sparky14925 is now known as sparky1492
17:50:59Lord_Nightmare2 (Lord_Nightmare) joins
17:51:50Lord_Nightmare quits [Ping timeout: 250 seconds]
17:51:50Lord_Nightmare2 is now known as Lord_Nightmare
18:19:24nomead quits [Client Quit]
18:37:54AlsoHP_Archivist quits [Read error: Connection reset by peer]
19:25:29<sparky1492>lack of OPSec update
19:25:29<sparky1492>https://12ft.io/https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176/
19:29:45Dango360_ (Dango360) joins
19:33:14Dango360 quits [Ping timeout: 250 seconds]
19:34:31MetaNova quits [Ping timeout: 260 seconds]
19:40:48MetaNova (MetaNova) joins
19:43:33Dango360_ quits [Client Quit]
19:43:42Dango360 (Dango360) joins
19:51:26Meli quits [Ping timeout: 260 seconds]
20:05:10Meli (Meli) joins
20:31:59BlueMaxima joins
20:57:20sparky14924 (sparky1492) joins
21:00:51sparky1492 quits [Ping timeout: 260 seconds]
21:00:51sparky14924 is now known as sparky1492
21:15:12<@JAA>atop update: https://rachelbythebay.com/w/2025/03/26/atop/
21:18:05<Fijxu|m>That doesn't seem to mean anything
21:25:34<@JAA>Yeah, doesn't clarify much. It could mean LPE or even RCE, or ... not.
21:36:53etnguyen03 (etnguyen03) joins
22:07:27Dango360 quits [Client Quit]
22:07:45Dango360 (Dango360) joins
22:15:36@imer quits [Quit: Oh no]
22:16:12imer (imer) joins
22:16:12@ChanServ sets mode: +o imer
22:33:13etnguyen03 quits [Client Quit]
22:36:31etnguyen03 (etnguyen03) joins
22:54:44BornOn420 quits [Remote host closed the connection]
22:55:18BornOn420 (BornOn420) joins
22:59:30sparky14921 (sparky1492) joins
23:02:58sparky1492 quits [Ping timeout: 250 seconds]
23:02:59sparky14921 is now known as sparky1492
23:05:57sparky14920 (sparky1492) joins
23:09:28sparky1492 quits [Ping timeout: 250 seconds]
23:09:29sparky14920 is now known as sparky1492
23:13:26etnguyen03 quits [Client Quit]
23:19:52grill quits [Ping timeout: 250 seconds]
23:50:56CraftByte quits [Quit: Ping timeout (120 seconds)]
23:53:01etnguyen03 (etnguyen03) joins

HomeSearchPrevious dayNext day