lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
36aa12acb5ce22fe1d3adaa3e06509350a2f576f
hpr-knowledge-base/hpr_transcripts/hpr4307.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

275 lines
18 KiB
Plaintext
Raw Blame History

Episode: 4307
Title: HPR4307: Chat with Sgoti
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4307/hpr4307.mp3
Transcribed: 2025-10-25 22:45:26
---
This is Hacker Public Radio Episode 4307 for Tuesday the 4th of February 2025.
Today's show is entitled, Jet with Eskody.
It is hosted by some guy on the internet, and is about 20 minutes long.
It carries an explicit flag.
The summary is, Eskody gives a quick update.
Hello and welcome to another episode of Hacker Public Radio.
I am your host, some guy on the internet.
And today I just want to talk to you for a little bit.
But once again ever playing around with a little bit of bash, and I decided to play around
with the arrays, now I learned that there is the associate of arrays, which are just
the key value pairs within an array.
And then there is just, I am assuming like an index based array, where you will have
values that can be called based on indexes.
So that is sort of like a key value, but I am assuming that you are not actually setting
the key.
It is just based on when the value was added.
That is what the way to keep.
Anywho, I have been playing around with that, and it has been pretty fun.
I decided that I needed to get the rest of this wonderful podcast that Mordancy told
me about the Critical Role podcast.
So I went over to the website, using Firefox of course, navigated there, opened up the
dev tools, grabbed the section on the site that held all the links, copied the inner HTML
from there.
And then over to them, well, in the terminal first, where I created a new script using a
function that I typically keep in my bash RC, loaded all of that HTML into the script.
And because I am in them, now I get to play around with some more cool stuff from them.
Now what was interesting is, I am used to using said for a lot of rejects stuff, and I did
show in a pass on using the pattern hold spaces inside.
And I was wondering, like, you know, in them, they have, I guess it is from eggs, or is
it ed?
It might be eggs, ex, where, you know, they have very similar to said that, that, you know,
you can do similar rejects stuff with substitutions and all that good stuff.
And I decided, I'm just going to try and see if I can do the same thing with the pattern
hold spaces here in them.
And yes, it's very much possible, you can do it.
So I did that and manipulated the HTML removing all of the unnecessary things, just maintaining
the links that I wanted to download and the names associated with the files, because these
are MP3 files, but when they're stored on the server, they have, I don't want to say
a hashed name, but it's, it's an awkward alpha numeric name.
They have the Vox Machina episodes.
That's the ones that I wanted, which is like the first campaign that they made over on
the critical role website.
And we deal with files, especially music files, normally with regular files, I'll turn
all spaces into hyphens, because I don't want to have to use the shift key, dealing with
camel case or any kind of capitalization, I'd much rather all lowercase, and if I'm going
to separate words, which I do, I like to use just a hyphen versus an underscore, because
the underscore requires the shift key to acquire the underscore.
And yes, I have tried all one word, just all lowercase, and that's fine for some things,
but I try not to do that too much, because in some situations when you're dealing with
acronyms that are a part of the file name as well, reading, reading a, for instance,
if you have a book that has a learning SQL for beginners or something, that's an example.
That one might be a little bit easier, but you get what I'm saying, right?
Sometimes that acronym in the middle somewhere I'll throw you off, so if it's all one word,
all lowercase, it can get a little bit troublesome.
So separators are nice hyphens.
When I'm dealing with music files, however, I do use underscores for music files.
So when I'm separating words, there'll be underscores, but when I'm separating the artist
or group, in this case, critical, excuse me, Vox Machina, which is the campaign from
the title of the episode, there'll be a hyphen separating Vox Machina from the title,
but Vox Machina itself will be separated by underscores.
Hopefully that makes sense.
Also within the titles, they have things like commas and other characters I don't want
into file name.
For some reason, they end for sand, so they have an episode titled Dungeons and Dragons,
and they use an end for sand for the end that gets converted to the, I don't know, what
is the unicode code for that character or whatever, and you know, you got to convert
that back over, or I don't want the end for sand in the file name, so I'll just, you
know, you can set up a quick little rejects that'll capture that and turn that into the
word and moving forward, cleaned up all of the file names, used a pattern hold spaces to
configure W get at the beginning of the line, followed by the options that I wanted.
So you know, if you want some rate limiting, because you're pulling down, you know, in
this case, it was 116 files, if I'm not mistaken, from this website, from the server,
and I don't want to be, you know, I don't want to be a jerk about this, just spamming
their side downloads and all this crap and getting banned.
So you slap on some rate limiting, because I'm just going to set it up and let it run
overnight.
W gets great for that, and I was looking at curl, but curl had a ton of options, and I
was like, no more for me with W get.
So I'll just go ahead and use that, you know, I've, I've once downloaded the entire internet
or attempted to anyways.
So clearly, I should be using W get, but once we get our rate limiting in there, there's
a couple of other options in there like there's a weight that you can put in there as well.
And I put a decent weight in between each download, again, this is all to be respectful
because I'm hitting the server quite a bit.
Throw in your, your continuing options, the number retries that you might want.
And you know, all of this is in the set whole space, whole pattern space, because it's
going to use the first pattern, which was the link to the download, move it to the end,
the second pattern, which was the episode title, move it forward.
So that now W get with the O option, right?
So when you're saving it local, you're using W get with the O option to change the file
name on your local system.
And again, all that rejects that I discussed before about file names, all of that gets
applied to the file name ahead of time.
So when I use the O option, it's going to give me that, that file name that I want.
Place that first pattern there with the O, the second pattern, which was originally the
first one, you know, the first pattern now gets moved to the end of the command, because
that pattern contains the web link.
And there you go.
And you have a script, which contains all 1116 episodes laid out ready to go.
Now I tried to get a little bit more fancy what I was thinking about doing in the first
place.
And I wasn't going to tell you guys this, but I figured why not?
Hey, this is a quick episode.
So I was going to use a sociative arrays and then use the file name link in an associative
array.
The file name will be the key and the link will be the value.
And I was going to run that with curl, but again, curl got a little tricky and there were
some problems.
And I was like, man, I'm probably going to get banned if I keep this up.
So when I just switched to W getting to the right way, stop fooling around.
But after I got all that downloaded and everything is working out well, it was on my, I was
about to say C drive because I've been in Windows doing some work with JavaScript and
that is, I'm not going to get into that at the moment.
After I pulled everything down, I needed to move the files to a different disk, not my
NAS, but a different disk within my machine.
And that's why I decided to use an array, you know, array over files within the directory
for item in array, do, and you have your MV command to, you know, move all the things
over what they need to be.
Run another function just to correct the permissions on each of the file, make them all read only
and change the permissions down to just the owner has access to them later on what I need
to do.
And you guys tell me if this is crazy or not or even necessary because I've been wondering
about privilege, privilege escalation and having a generic user around, I'm going to use
System D to limit this user's abilities on the system, but I want to play around with
this right.
So I'm going to have this user around to change the permissions of a file and the ownership
of the file as well to this generic user.
So I'm trying to better understand them and some of the information I came across, they
use different like older vulnerabilities for certain applications from what I've been
able to see so far, right?
And that's how they obtained the privilege escalation.
I haven't seen any other way to sort of for an attacker to just gain access to either root
or a user that has a pseudo access or whatever.
So by having that generic user, which has no pseudo access and is limited to only certain
actions, should there be an issue that user is contained by the system using System D?
And it, you know, basically, you can still access your files and if something goes wrong,
you don't only happen with that users what I'm trying to, trying to do.
So if you guys know any links that can help me, you know, try any sources that I can read
over and gain a better understanding of this, that'd be helpful.
Whoops.
Future editing Scotty here.
I totally forgot to tell you guys about the work that was being done over with GNU screen.
Well, if you guys have ever used a Terminal Multiplexer before, T-MUX is a popular one
that people like to use, but I typically stick with GNU screen because it's shipped with
Ubuntu or POPOS.
I think even Fedora comes with GNU screens.
It does what I needed to do and because I don't work in tech, I don't have a need for
more functionality.
From what I understand from people who do work in tech, they prefer T-MUX over GNU screen
because it does a little bit more or does certain things better, you know, more to their
liking, any who.
One of the things that I used to do with screen is I would always take my sessions and plug
them into multiple sockets.
That's what screen calls it whenever you create a new screen.
It will be a new socket.
Now within those sockets, you can have multiple windows and I was afraid to do too much within
one socket because I thought it was sharing the same environment within the socket.
So you know how in your Terminal Session.
If you started dumping a whole bunch of variables and everything in there, exporting variables,
you'd basically muddy up your session and you'd probably have to bash exec or whatever
just to kind of clean things up or just drop the session all together and if you're using
a Terminal Emulator that allows for tabs, you can open up a new tab and get a new session
that way as well.
I thought that's what screen was doing whenever you work in one session or one socket.
What I sense learned was that each window created within that socket is a separate session.
So I didn't need to create multiple sockets.
I can just create one socket, have, you know, as many windows as I need within that socket.
And each one will be their own session.
So now with my Control Panel, I have buttons and switches on my Control Panel.
These are all scripts, by the way, just bash scripts and the naming, the nomenclature would
be buttons for things that run standalone, so sub-processes for those and for things that
need to run in the current environment, the current session, those will be switches.
So you know, you open up a couple of windows, you got one window here for, let's just
say creating an HBR show, you got a switch that you need to go ahead and import for that
session.
That switch is going to do just a couple of simple things.
Load up your directories, set up your push D stack as well, because you want to be able
to move through the stack with minimal worry.
I mean, who uses CD anymore these days, right, when push D is there.
And then what's so great about it is you can just jump back to another window really quickly.
And there's a couple of ways that you can do it.
You can use screen with X, you know, capital X, run a command to the windows.
I think it's the window list command, and you can give it the B option, which will give
you your window list, or you can run with the keyboard combination of Control A, followed
by double quotes, so that's going to be shift and the, I guess, comma or whatever that
will give you the double quotes key.
And that'll also give you your screen list.
But if you, anyway, if you know how to use screen, I'm not going to go into all the different
keyboard combinations and things of that nature, you go ahead and hop to the window that
you need, and it's all in a separate session.
So in each of these sessions, you can have your environment set up for every different
thing that's going on.
So in one session, it's completely polluted with variables and crap, where I'm experimenting
and testing all sorts of wonderful things that's probably going to require a reinstall
pretty soon.
If I keep it up, and over here in the other session, there's me recording an HBR show.
By the way, and one of my experimentation sessions that was going on, I accidentally locked
myself out of my computer.
I made a mistake in my Bashar C, and it would not load up my desktop anymore.
So I had to take a Fedora live install that had lying around on the truck on a thumb drive,
use that to gain access to my system.
But because my, my disk is encrypted, you know, put in the encryption key, yada yada, go
through all of that crap just to get down into the system, edit the Bashar C, take those
old set, those new settings out of the way, just so I can log back in, because it would
not let me get back into my system otherwise.
I couldn't even, and here's the thing, even though I wouldn't load up the desktop environment,
I still could not even drop down to just like that default terminal, what is it like
old and one of the F1 through 4 keys or whatever.
I could not drop down to a terminal and try and fix it that way.
So I had to use this live session to get in any who, once I got all that out the way,
I made sure to back up all of my latest changes, because that was a little too close for
comfort.
I had a word with noodle as well.
So hopefully I'll get that edited and we'll have another show with a noodle pretty soon.
I'm getting noodle more and more comfortable with coming to the community discussing things.
Yadia, hopefully she'll do her own shows in the future, but if not, I have no problem
in, you know, sitting down with her and we doing shows together, it was super fun.
I can't go into detail, but noodle has a really cool job, and I'm hoping that in the future
she is willing to share more detail about that with the community, because I'm pretty
sure you hackers out there are going to want to know more about it.
It's super interesting, I'll talk to her, maybe she will, maybe she won't.
We don't know.
But one way or another, she's willing to do more shows and that's the beginning of it.
So back to the new screen, you know, loading up a ton of windows, having fun.
Now when you're done, you can still just close down a session and that'll clear all your
windows out.
All right, so when you're done with each window, you can just close that window and all
of those changes, you know, that environment can just be easily discarded, it's super
convenient.
And I've just been enjoying screen more and more.
One other thing before we go ahead and quit this, I like to launch app images and other
things through the terminal so that way I can get that output.
And I've launched them with the background process so you can launch the binary or the
app image, whatever it is.
And if you do anything about job spec, you can use the ampersand at the end of the command
to launch it in the background.
But even if you don't do that, because again, it's going to be in its own window.
So it's on environment, you can monitor everything that's going on with these processes.
All of that additional data and see what's going on.
So if you use bit warden, the app image, one of the things that's really cool that I didn't
know about until I did this, bit warden actually updates their app image.
And I thought that was super cool, but also super annoying.
The reason why I use app image because it doesn't update automatically, but somehow bit warden
had a way to update their app image.
You can see what's going on in the background by launching the app image through the terminal
and getting that output that way and see how they're doing that.
So you know, a thing that you can do using the new screen without polluting your main
terminal session, you can just have a window for that session to monitor what's occurring,
switch away from that window because you don't want that output just constantly in your
face.
You can go back and scroll through it or whatever, and you can log that as well.
There's this different, well, any who, that's enough of that.
I just wanted to pop in and let you guys know that the new screen is awesome.
I'm using it and this is one of the ways that I'm using that's enough.
Yapin for me.
I'll catch you guys in the next episode.
Thank you guys for listening to Hacker Public Radio.
If you haven't done the show yet, it's 2025, go ahead and drop us a show, get you in
the next episode.
You have been listening to Hacker Public Radio at Hacker Public Radio does work.
Today's show was contributed by a HBR listener like yourself.
If you ever thought of recording podcasts, click on our contribute link to find out how
easy it really is.
The hosting for HBR has been kindly provided by an honesthost.com, the internet archive
and our syncs.net.
On the Sadois stages, today's show is released under Creative Commons, Attribution 4.0 International
License.
Reference in New Issue View Git Blame Copy Permalink