Re^3: Strict Clean JAPH

Replies are listed 'Best First'.
Re^4: Strict Clean JAPH (reap socket obfuscation) by Anonymous Monk on Aug 10, 2014 at 07:19 UTC
Hi marto I'd hope that this is obvious to most. It's not a good idea to send an "unknown" payload to a system which you do not own. The link I gave shows what the tool this script is based on (well, essentially is) does. It's downright dishonest to post this here under the guise of an obfuscated JAPH Yeah, it was obvious without running the "obfuscation" that it opens a Socket and talks on it What is not obvious is why that should be reaped You offered a link as a reason to reap, but the link is also obfuscated :) it doesn't explain the reasoning The posting qualifies under ?node_id=237057#obfu The current guidelines say To reap a highly offensive posting Reap -- Please only do this for true troll posts and true duplicate posts. reapage is not for useless, stupid, off-topic, and annoying nodes: ignore them Obscure quite graphic material or material inviting legal action So , where does sending unknown payloads to systems you don't own fall? I think it falls under stupid/annoying... Consider simple eval Considered by idsfa: "Delete: Network based system exploit"! Final vote: (keep/edit/delete) = 6/4/21. Unconsidered by davido: Keep and Edit votes were sufficient to block reaping. Caveat Emptor. Consider Re: perl Tk help and Re^2: How should Perlmonks deal with Plagiarism? (legalese) Hi marto	[reply]
Re^5: Strict Clean JAPH (reap socket obfuscation) by marto (Cardinal) on Aug 10, 2014 at 08:25 UTC
Point taken, it won't happen again. In my defence I felt pressured to do this quickly. A senior monk had mentioned in the CB that some investigation should be done to determine what this code does, in addition to this I couldn't be as verbose as I should have due to parenting issues. I did manage to discuss the issue in some detail in the CB a short while after raising the consideration.	[reply]
Re^6: Strict Clean JAPH (vector) by tye (Sage) on Aug 10, 2014 at 17:06 UTC
There is no way to know what the code does... other than it being a vector for whatever code the author chooses to offer up at that IP address/port. When I saw this code I tried to download from the address but the service at that port had already been taken down. But it wouldn't have mattered if the code I had gotten was completely innocent. Because there is nothing to stop the author from changing what code is offered. The service can offer the same innocent code 99% of the time but add a malicious part 1% of the time. This type of code is simply unsafe to run. It is good that the node was reaped. - tye	[reply]
Re^7: Strict Clean JAPH (reap malicious code) by Anonymous Monk on Aug 11, 2014 at 08:35 UTC
Re^5: Strict Clean JAPH (reap socket obfuscation) by Anonymous Monk on Aug 10, 2014 at 14:06 UTC
Where does spam/ads fall? Useless, stupid, off-topic?	[reply]
Re^6: Strict Clean JAPH (reap socket obfuscation) by Anonymous Monk on Aug 10, 2014 at 18:28 UTC
Where does spam/ads fall? Useless, stupid, off-topic? Read the PerlMonks FAQ, search it, find Only actual duplicates, spam, and obvious trolling should be deleted., Similarly, requests to have your nodes reaped (except in the obvious cases of duplication or spam) will not be honored.	[reply]
Re^7: Strict Clean JAPH (reap socket obfuscation) by ww (Archbishop) on Aug 11, 2014 at 12:08 UTC
Re^8: Strict Clean JAPH (reap socket obfuscation) by Anonymous Monk on Aug 11, 2014 at 21:49 UTC
Some notes below your chosen depth have not been shown here
Re^4: Strict Clean JAPH by hookbot (Acolyte) on Aug 09, 2014 at 19:39 UTC
Well, I actually thought it would be a fun exercise to de-obfuscate. There was no malicious intent. It actually works just fine and doesn't do anything wrong. But yeah, that does make sense about the "unknown" payload. Sorry if that offended anyone. I'll be more careful in the future.	[reply]
Re^5: Strict Clean JAPH by jdporter (Paladin) on Aug 10, 2014 at 13:15 UTC
I want to know exactly what this program does. Please document it, here. It is hard for an emptor to caveat without knowing these details. Thanks!	[reply]