Cryto! 19 August 2013

00:56:47 Fuwb4R ( has joined #crytocc
00:56:52 <Fuwb4R> ohhh
00:59:58 <joepie91>
01:01:14 <Fuwb4R> hmm
01:01:17 <Fuwb4R> nononon
01:16:09 Fuwb4R has parted #crytocc ()
01:41:20 <cayce> I wonder if I should just build my own kernel again
01:44:32 AnonO_o (AnonO_o@anonO_o) has joined #crytocc
01:57:40 skill3r (skill3r@developers.developers.developers) has joined #crytocc
02:23:05 ilikeapricot (app@ilikeapricot.users.cryto) has joined #crytocc
02:26:29 Ari has quit (User quit:  Leaving)
03:08:38 LastOneStanding (lalalala@5C0B2CEF.B458528D.147E7205.IP) has joined #crytocc
03:19:33 ilikeapricot has quit (Ping timeout)
04:20:27 x ( has joined #crytocc
04:32:33 AnonO_o has quit (User quit:  twitter: @anonO_o)
04:45:36 cayce has quit (User quit:  Leaving)
04:51:15 mama has quit (Ping timeout)
04:51:22 mama_ ( has joined #crytocc
04:51:27 *** mama_ is now known as mama
05:28:41 skill3r has quit (User quit:  skill3r)
08:15:59 cayce (cayce@cayce.users.cryto) has joined #crytocc
08:24:30 z4H4R ( has joined #crytocc
08:45:25 x has quit (Input/output error)
09:46:03 joepie91 has quit (Broken pipe)
10:16:45 mikaa has quit (Ping timeout)
10:24:25 LastOneStanding has quit (No route to host)
10:25:02 LastOneStanding (lalalala@5C0B2CEF.B458528D.147E7205.IP) has joined #crytocc
11:19:58 z4H4R has quit (User quit:  Lost terminal)
11:54:16 ilikeapricot (app@ilikeapricot.users.cryto) has joined #crytocc
12:02:10 mama_ ( has joined #crytocc
12:02:45 mama has quit (Ping timeout)
12:02:45 *** mama_ is now known as mama
12:43:32 dpk has quit (Ping timeout)
12:51:16 ebola has quit (User quit:  Leaving)
13:05:04 ttmbRAT ( has joined #crytocc
13:06:26 ttmbRAT has quit (User quit:  Connection closed)
13:19:27 joepie91 ( has joined #crytocc
13:41:49 Cryto401 (Cryto401@D76842D3.8D0FDBA3.DA81B437.IP) has joined #crytocc
13:42:43 Cryto401 has quit (User quit:  Page closed)
13:50:48 aHlTat (aHlTat@aHlTat.users.cryto) has joined #crytocc
14:45:25 monod (~pmpf@monod.users.cryto) has joined #crytocc
14:45:31 <monod> hey fellaz
14:45:35 <monod> (hi everybody)
14:45:43 <monod> what about mozilla's personas?
14:46:14 <monod> I can see the usual problem with storing everything in one single account
14:46:19 <monod> that's my worry
14:46:46 <monod> otherwise, it seems an optimal solution, for a non-techy person like me
14:49:24 ebola (ebola@ebola.users.cryto) has joined #crytocc
15:16:50 zxcvbnm (~crack7765@zxcvbnm.users.cryto) has joined #crytocc
15:19:52 landrone has parted #crytocc (None)
16:00:12 <cayce> If you value convenience over federation, you'll love personas
16:01:06 <lysobit> Isn't this basically decentralised OpenID?
16:02:32 <lysobit> In fact, it still looks somewhat centralised because it still relies on a central mail server of your choice
16:03:50 <joepie91> is there a sane description of the technology behind Persona by now?
16:04:11 <joepie91> I remember that when I first looked at it (a few years ago?) there was not a single explanation around that actually *explained* to a random passer-by how it worked behind the scenes
16:04:12 <lysobit> It seems to be an attempt to fix the password reuse problem--but in fact it looks like its making it even worse because now all your accounts will be behind one password - your email account's password
16:04:21 <lysobit> joepie91:
16:09:39 <joepie91> so, a Mozilla blog tells me this:
16:09:41 <joepie91> With BrowserID, by design, your identity providers are not involved in the login transaction. This means they need not be aware of your entire Web activity, a significant privacy advantage. With OpenID, your identity provider is, unfortunately, a necessary participant in the login flow.
16:09:55 <joepie91> how exactly is this accomplished? the post you linked is far too verbose to take it in right now
16:10:46 <lysobit> With BrowserID, there is no communication whatsoever between the email server and the login server.
16:11:03 <lysobit> There is only communication between you and the two servers - you are the 'middle man'
16:11:30 <joepie91> okay, and that is accomplished how?
16:12:28 <lysobit> Your browser logs into the email server and requests an authentication 'certificate' that lasts for a few minutes, that your browser presents to the login server
16:12:41 <lysobit> Hence the login server can verify that you really own that email
16:12:49 <lysobit> Through public-key cryptography
16:13:26 <lysobit> (I'm not sure how the login server knows the certificates of the email server though)
16:14:25 <lysobit> if I'm getting this right, that is
16:16:05 <cayce> It also assumes that you're fine with 1browser=1human, which may or may not apply to your personal context
16:16:27 <lysobit> Anyway, it seems like a more privacy-respecting alternative to 'login with Facebook' and 'login with blabla', but that's all
16:16:36 <cayce> ^
16:16:58 <lysobit> I doubt Facebook will implement this for example, it's against their business model
16:17:47 <lysobit> Plus in practice it's going to be as centralised as OpenID, since let's face it, the majority of typical users use GMail/Yahoo/Outlook/whatever
16:18:26 <lysobit> Though, it does seem neater than have a zillion 'login with this' 'login with that' buttons
16:19:49 <lysobit> cayce: at least in the current implementation, your browser isn't tied to your email... you enter your email everytime you want to login, and then you have to login to your email first
16:20:50 <joepie91>
16:20:58 <joepie91> not that they even *looked* at the issue report or anything
16:21:05 <joepie91> and it's only been there for 10 months so hey
16:21:18 <joepie91> lysobit:
16:21:19 <joepie91> <lysobit>(I'm not sure how the login server knows the certificates of the email server though)
16:21:22 <joepie91> this is what I am concerned about
16:21:52 <joepie91> because I feel an SSL-like weakness coming up here
16:24:17 <lysobit> "Public key(s) for are obtained from a well-known location on their servers (specifics TBD)."
16:24:41 <joepie91> lol
16:24:49 <joepie91> that sounds bad
16:26:25 <cayce> joepie91:) how do you mean fixed? As in fixed by accident? and has the fix shipped?
16:27:57 <joepie91> cayce: fixed as a result of a dupe issue
16:28:01 <joepie91> (apparently)
16:28:08 <joepie91> and yes, I can confirm that it actually does work correctly now
16:28:41 mama has quit (User quit:  ciao ciao)
16:29:54 <cayce> Linux 3.10.7 #1 SMP Sun Aug 18 20:57:28 PDT 2013 x86_64 x86_64
16:29:57 <cayce> :D
16:31:32 <cayce> joepie91:)
16:33:15 <joepie91> cayce: that ended up sounding far better together with some Venetian Snares than it should have
16:33:31 <joepie91> quite nice, though :)
16:33:52 <cayce> :)
16:38:19 mama ( has joined #crytocc
16:52:39 mama has quit (User quit:  ChatZilla [Firefox 17.0.6/20130511124515])
17:00:10 mama (me@975991F2.710198AB.DC50EE23.IP) has joined #crytocc
18:48:42 mama has quit (Client exited)
18:50:13 mama (me@F0845C18.5982FCB.42C12FD2.IP) has joined #crytocc
19:18:07 mama has quit (Client exited)
19:21:14 mama ( has joined #crytocc
19:24:19 lolpwn has quit (User quit:  lolpwn)
19:30:33 LastOneStanding has quit (Connection reset by peer)
19:31:04 LastOneStanding (lalalala@5C0B2CEF.B458528D.147E7205.IP) has joined #crytocc
19:50:00 Cryto021 (Cryto021@282C93F.B370D9BE.22FD4FE0.IP) has joined #crytocc
19:50:08 Cryto021 has quit (User quit:  Cryto021)
19:55:02 stanone (Adrian@LapAnon.users.cryto) has joined #crytocc
20:33:13 stanone has quit (Input/output error)
20:35:18 <monod> announcement: 'dnshistory' in debian's repo
20:35:21 <monod> check it out ;)
20:35:38 <monod> stores IP <--> domain names to avoid the lookup step
20:35:57 <monod> obviously, there will be some way to ad hoc lookup some hosts for updating IPs
20:36:02 <monod> (I hope)
21:09:16 x ( has joined #crytocc
21:12:07 <zxcvbnm> anyone know of a online chinese electronics surplus store?
21:12:29 * monod zomgs.
21:14:01 <zxcvbnm> lol
21:14:06 <zxcvbnm> a bit random :P
21:14:52 * monod zomgs again. This time, pointing at that direction with his finger, trying to avoid responsabilities. (lulz)
21:17:56 <monod> gotta go dear friends!
21:18:01 <monod> the nighta is calling
21:18:04 <monod> byebyeeee
21:18:06 monod has quit (User quit:  Quit)
21:32:37 LastOneStanding has quit (Connection reset by peer)
21:33:02 LastOneStanding (lalalala@5C0B2CEF.B458528D.147E7205.IP) has joined #crytocc
22:07:11 landrone (Adrian@LapAnon.users.cryto) has joined #crytocc
22:32:30 joepie91 has quit (Broken pipe)
22:32:39 joepie91 ( has joined #crytocc
22:40:18 x has quit (Input/output error)
23:05:03 eggtimer ( has joined #crytocc
23:06:25 eggtimer has quit (User quit:  Connection closed)
23:11:56 cayce has quit (User quit:  Leaving)
23:46:07 LastOneStanding has quit (Connection reset by peer)
23:47:22 LastOneStanding (lalalala@5C0B2CEF.B458528D.147E7205.IP) has joined #crytocc