Cryto! 14 October 2013

00:07:12 <botpie91> 04joepie91 made 2 commit(s) to 03pytahoe on branch 10master: '02Proper subclassing', '02Path tracking and node unlinking' (https://github.com/joepie91/pytahoe/compare/2e432dfa61...6a97992294)
00:28:41 joepie91 has quit (Ping timeout)
01:00:04 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
01:33:26 x has quit (Input/output error)
02:04:26 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
03:38:34 x has quit (Input/output error)
03:55:20 tintin has quit (Ping timeout)
05:37:01 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
06:46:41 GHOSTnew has quit (Ping timeout)
06:48:13 GHOSTnew (GHOSTnew@cryto-5DF0BFF3.anthony-simonet.fr) has joined #crytocc
07:35:02 GHOSTnew has quit (Ping timeout)
07:38:58 GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc
10:40:46 x has quit (Input/output error)
11:02:42 monod (~pmpf@cryto-F67EACC9.retail.telecomitalia.it) has joined #crytocc
11:02:57 <monod> hi :)
11:04:53 <monod> "Now, with more dpk!" ?
11:05:41 iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc
11:11:17 monod has quit (User quit:  Quit)
11:25:47 iceTwy has quit (Ping timeout)
11:36:50 joepie91 (joepie91@E0EF0B4E.8949E6E0.92880880.IP) has joined #crytocc
12:14:19 complex (complex@complex.users.cryto) has joined #crytocc
13:05:05 Mighty0wl (Mighty0wl@cryto-27F3C3A3.us-west-1.compute.amazonaws.com) has joined #crytocc
13:06:27 Mighty0wl has quit (User quit:  Connection closed)
13:18:43 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
13:24:50 x has quit (Ping timeout)
13:28:01 <joepie91> .title https://www.globalsign.com/ssl/ssl-open-source/
13:28:02 <botpie91> joepie91: Free Wildcard SSL for Open Source Projects
13:28:11 <joepie91> but requires an OSI-approved license
13:28:11 <joepie91> so fuck that
13:30:23 <Zoned> :o
13:30:35 * joepie91 doesn't like OSI
13:32:40 <Zoned> same
13:33:09 <joepie91> Comments: It's no different from dedication to the public domain. Author has submitted license approval request -- author is free to make public domain dedication. Although he agrees with the recommendation, Mr. Michlmayr notes that public domain doesn't exist in Europe. Recommend: Reject
13:33:11 <joepie91> cc Zoned
13:33:30 <joepie91> "we acknowledge that public domain is not a reasonable alternative in Europe BUT WE WILL STILL REJECT THE WTFPL"
13:33:42 <Zoned> (facepalm)
13:34:24 <joepie91> (also, "it's no different from dedication to the public domain" is complete and utter bullshit legally; the WTFPL doesn't make you give up your copyright)
13:36:24 <Zoned> wow
13:39:20 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
13:53:33 <norbert79> joepie91: OSI approved license??? for an Open Source Project? :)
13:53:49 <joepie91> norbert79: that's what globalsign requires, yes
13:53:52 <norbert79> joepie91: So basically they are asking money from people, who probably don't ask for a huge contribution
13:54:01 <joepie91> norbert79: ?
13:54:08 <joepie91> I'm not sure I follow
13:54:22 <norbert79> joepie91: Let me check the first, maybe I understand something wrong here
13:54:25 <cayce> isc is on the list, I'm happy
13:54:33 <joepie91> I'm not
13:54:34 <joepie91> fuck OSI
13:54:36 <joepie91> :(
13:54:45 <norbert79> Aside that joepie91 :)
13:54:49 <cayce> well fuck your shitty not-actually-a-license :P
13:55:00 * cayce pokes the bear
13:55:09 * joepie91 throws the bear at cayce
13:55:17 <norbert79> cayce: Well fuck your nice income from which you can buy a nice wildcard ssl cert for $150 yearly
13:55:24 <norbert79> Because I can't
13:55:50 <norbert79> Wildcard SSL certs start at $120-$200
13:57:07 <norbert79> I guess independant sites with minor content are not offered such
13:58:05 <norbert79> "Not be a site that is also used for commercial purposes"
13:58:20 <norbert79> I wonder if contributions are considered "commercial"
14:00:24 <norbert79> https://www.globalsign.com/repository/globalsign-subscriber-agreement-digital-certificates-and-services.pdf - Seriously I would not eat for a month and buy an own SSL (even if not wildcard), than following all their requirements as written
14:00:31 <norbert79> it's just pain and suffering
14:00:37 * cayce is confused as to how joepie91 can throw himself at me
14:01:00 * cayce dodges
14:02:34 <cayce> but it doesn't matter, I have hand-ground french-pressed coffee from ethiopia
14:02:55 <cayce> (not as good as sumatran, but the hands used to collect the coffee are smaller)
14:03:00 <joepie91> damn you cayce
14:03:09 * cayce grins
14:03:13 <cayce> what I do
14:03:20 <joepie91> having french-pressed coffee
14:03:24 <cayce> :3
14:03:35 <cayce> somebody bought me one! You can't just expect me NOT to use it >:D
14:03:44 <joepie91> buy me one!
14:03:44 <joepie91> :P
14:03:50 <cayce> I did!
14:03:52 * cayce kekeke's
14:03:56 <cayce> two, by this thing's costs
14:03:57 <cayce> lol
14:04:13 <cayce> and maybe yeah
14:04:40 <joepie91> lol
14:05:23 * cayce waits for 4.5lbs of beef to bake
14:05:38 <cayce> only 13.50$!
14:06:19 <cayce> I don't ask what's in my meat, cannot afford to yet e.e
14:08:01 <cayce> NP: [Uffie - Hot Chick (Produced By Mr. Oizo)] [Hot Chick / In Charge] [904kbps] DeaDBeeF 0.5.6-3jane
14:08:56 <cayce> ooof
14:09:02 <cayce> yahoo is churning publicly again
14:11:28 <cayce> NP: [alabama 3 - ain't goin' to goa] [exile on coldharbour lane] [906kbps] DeaDBeeF 0.5.6-3jane
14:16:01 anon (anon@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc
14:19:28 anon has quit (User quit:  Mango IRC for iOS and OS X, http://mediaware.sk/mango)
14:43:35 x has quit (Input/output error)
14:44:58 iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc
14:47:01 Topiary (Topiary@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc
14:47:10 * joepie91 blinks
14:48:06 * Zoned would like to speak with iceTwy on xmpp
14:48:14 <joepie91> ohai iceTwy
14:48:19 <joepie91> and ohai... Topiary?
14:49:32 <Zoned> joepie91, thoughts on typescript?
14:49:52 <norbert79> Fuck https://sslcheck.globalsign.com/ ... Whatever I do, despite proper configuring the site says, that my site uses weak ciphers, where I don't...
14:50:08 <cayce> topiary always reminded me of zephyr
14:50:10 <Topiary> hello
14:50:10 <Topiary> oh sorry wasnt checking
14:50:10 <Topiary> so wait why am i here?
14:50:24 <Topiary> lol
14:50:33 <joepie91> Zoned: I'm not familiar with typescript
14:50:48 <norbert79> joepie91: Got some page for testing? I mean I am not sure I lack the right knowledge or the globalsign page is lying to me...
14:50:54 <Zoned> joepie91, I am not also, I haven't really seen much of it.
14:51:19 <joepie91> Topiary: I... don't know? you're the one that joined here :P
14:51:30 <joepie91> I'm also assuming you're not Jake Davis Topiary?
14:52:02 <Topiary> nah
14:52:12 <joepie91> right, I was a little confused there for a moment :p
14:52:18 <Topiary> i like the name :P
14:53:23 <joepie91> fair enough
14:53:29 <joepie91> <norbert79>joepie91: Got some page for testing? I mean I am not sure I lack the right knowledge or the globalsign page is lying to me...
14:53:34 <joepie91> I don't, cayce probably does
14:53:39 <cayce> sup
14:53:40 <norbert79> joepie91: Cheers
14:53:42 <cayce> sorry hi hello
14:53:47 <joepie91> :P
14:54:09 <cayce> are you allowing rc4? it's weak
14:54:25 <Topiary> cayce: previously u mentioned zephyr whats that lol
14:54:26 <joepie91> (cayce: you are now our resident SSL/TLS expert :) )
14:54:38 <joepie91> also, I am considering offering free Tahoe-LAFS nodes\
14:54:39 <cayce> and if they're retarded they might say cbc ciphers are weak (due to it being a client side mitigation, but that mitigation is done in all but desktop safari)
14:54:48 <cayce> joepie91:) I know, it's fucking annoying lol
14:54:51 <cayce> Topiary:) another cool word
14:55:02 <Topiary> ...
14:55:22 <norbert79> Ok, globalsign SSL checker can suck my... thumb... they report the lack AND the presence of SSL v3.0 for my device within the same report...
14:55:34 <cayce> wtf are you trying to do
14:55:41 <norbert79> Checking if my SSL is configured well
14:55:49 <cayce> use this https://www.ssllabs.com/ssltest/index.html
14:55:56 <norbert79> ook
14:55:59 <norbert79> let's see
14:56:02 <cayce> it's somewhat finicky, but very decent
14:56:14 <norbert79> Thank you, checking
14:56:45 <cayce> If you linkme (in pm if that's more appropriate) I can give recs on what to do
14:56:47 <cayce> otherwise, cheers
14:56:48 <cayce> :)
14:57:13 <cayce> and would someone tell me how I managed to be 1 hour ahead of schedule today
14:57:14 <cayce> wtf
14:57:20 <norbert79> It gives me F because of the self-certificate, but aside that an A
14:57:23 <norbert79> :)
14:57:24 <cayce> I HAVE AN ENTIRE UNSCHEDULED HOUR
14:57:24 <norbert79> Good
14:57:28 <cayce> AGH
14:57:32 * cayce BACKFLIPS
14:57:43 <cayce> yeah just look for red
14:57:56 <cayce> self signed is fine if you don't care about idiots
14:58:01 <norbert79> Aside from the cer it shows yellow and green
14:58:08 <cayce> nice, what's yella?
14:58:13 <norbert79> Meh, I need a proper one, but have no money yet
14:58:18 <norbert79> Forward Secrecy With some browsers (more info)
14:58:23 <cayce> ahh
14:58:24 <norbert79> BEAST attack Not mitigated server-side (more info)
14:58:35 <norbert79> probably because I didabled SSLv2
14:58:39 <norbert79> disabled
14:58:44 <cayce> pfs is more important
14:58:49 <cayce> beast isn't mitigated on mine either
14:59:00 <cayce> if you mitigate all attacks serverside you end up with tls1.2 only cipher list
14:59:10 <cayce> and that's not much of the market
14:59:17 <cayce> (a few %)
14:59:23 <norbert79> I wish for security
14:59:31 <norbert79> not much of a user base I have
14:59:51 <cayce> I recommend against rc4 usage, but if you want IE to access you'll want it
15:00:05 <cayce> well, older IE
15:00:08 <norbert79> meh, I would need a proper cipher list
15:00:09 <cayce> I've had less issues with new ones
15:00:10 <Topiary> hey joepie91  r u the guy who needs fininacial assistance?
15:00:30 <Topiary> coz i saw ur name somewhere on the website
15:00:35 <cayce> I forget, I'm on ie10 I think (random pc) and it connects using my stupid cipher list
15:00:48 <norbert79> cayce: If you got a good config exceprt for a regulary acceptable config but not vulnerable to attacks that much I woul├ęd be happy to see... :)
15:00:50 <cayce> but 8 most certainly doesn't
15:01:04 <joepie91> Topiary: yes (and you probably saw that on AnonNews)
15:01:07 <cayce> so much grammar
15:01:07 <norbert79> cayce: Mine is pretty strict right now
15:01:24 <Topiary> i see..
15:01:35 <cayce> mine is
15:01:36 <cayce> ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA;
15:01:49 <norbert79> no ! ?
15:01:49 <cayce> but again, lack of explicit IE support there
15:01:51 Topiary has quit (Client exited)
15:01:54 <norbert79> I see
15:01:57 <cayce> no !
15:02:04 <cayce> I've individually specified every cipher
15:02:05 <cayce> no need
15:02:06 <cayce> lol
15:02:07 <norbert79> So no exceptions
15:02:12 <norbert79> makes sense
15:02:18 <cayce> some of them are "classes"
15:02:21 <norbert79> hmm, might going to try that
15:02:26 <cayce> like putting -sha will give you *any* sha combo
15:02:31 <norbert79> right
15:02:49 <cayce> and you could go one farther and take all AES128 to AES which covers more shit
15:02:53 <cayce> but I was optimizing for speed a bit
15:03:28 <cayce> the big fancy one chrome runs is ECDHE-ECDSA-AES128-GCM-SHA256 which is why it's first
15:03:45 <cayce> (assuming system-level openssl being new enough to support it)
15:03:59 <cayce> they aren't implementing aes256-gcm though
15:04:15 <cayce> which is fine, gcm ciphers are plenty fast
15:04:23 <cayce> (and secure :D )
15:04:38 <cayce> anyway, though, that's a purely tls1.2 cipher
15:04:41 <norbert79> Ciphers are still a bit of grey area to me, I lack the info on them knowing the differences in every detail
15:04:56 <norbert79> so I only have an average knowledge about them
15:05:05 <cayce> it's fine, I don't understand the math very well but I've got all of the vulns and support grids down pat
15:05:13 <cayce> :P
15:05:28 Topiary (Topiary@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc
15:05:36 <cayce> oh and the reason I put camellia in there is actually for firefox
15:05:46 <cayce> because it doesn't support anything newer than tls1.0
15:05:48 <norbert79> I would be interested, but I am more trying to get things fixed during last vulnerability scan :)
15:05:48 <cayce> because they're fags
15:06:37 <cayce> just remember, IE doesn't support any ephemeral key exchange (dhe ecdhe)
15:06:51 <cayce> 10 or 11 might but old does NOT
15:06:55 <norbert79> what a lovely brwoser, isn't it? :)
15:07:09 <cayce> well it's dumb because the OS does as of vista
15:07:16 <cayce> SChannel has full tls1.2 support
15:07:22 <cayce> but of course, they ship with it turned off
15:07:43 <cayce> (they didn't want to break fragile enterprise bullshit)
15:07:48 * cayce shakes fist
15:08:09 <norbert79> Fragile Enterprise... It means a bunch of idiots using old techniques and tools and they need to get supported too
15:08:28 <cayce> unfortunately yes
15:08:44 <cayce> I don't care for them to be supported if they won't write their shit in a reasonably future-thinking way
15:09:08 <norbert79> I am working for a such company, not easy staying actual all the time
15:09:20 <cayce> yeah
15:09:22 <norbert79> but aside that luckily the current at least supports users with latest browsers
15:09:31 <norbert79> so at least that's covered
15:09:37 <cayce> that's awesome :P
15:09:48 <norbert79> you would wonder how paranoid some companies are
15:09:56 <norbert79> or how close-minded
15:10:07 <norbert79> Bear with IE8, and nothing else
15:10:11 <norbert79> Chrome is baaaad
15:10:13 <norbert79> FF is baaad
15:10:16 <norbert79> mmmkay?
15:10:22 <norbert79> seen that
15:10:37 <cayce> lol it's so dumb though, because the new autoupdating browsers keep you safe from driveby data extraction
15:10:44 <norbert79> Still :)
15:10:47 <cayce> or at least much much safer than ie fucking 8
15:10:48 <cayce> lol
15:11:14 <cayce> I forget, gotta see how the tls1.2 rollback went in chrome
15:11:34 <cayce> they were gonna turn it off for a release or two because all of estonia uses ID tokens to access govt sites and chrome's tls1.2 broke their shit
15:11:35 <norbert79> Well, I started using Seamonkey again
15:11:36 <cayce> made me lol
15:11:47 <cayce> but there's 500k chrome users there that want their govt sites
15:11:48 <norbert79> luckily Mozilla keeps the engine relatively recent
15:12:47 <cayce> yeah I'm generally unhappy with mozilla until they figure out how to parse real js (not asm.js) faster and support tls>1.0
15:14:01 <norbert79> Well, meh... Call me an idiot, but Seamonkey is more satisfying for me as having all in one and looks at least old-school with all the recent changes
15:14:02 <cayce> agh man twitter I wish they'd make their buttons smaller
15:14:09 <cayce> so much detritus in their fallback code
15:14:23 <norbert79> Topiary: Why so curious btw?
15:14:23 <cayce> aye, I don't like that
15:14:31 <norbert79> :)
15:14:52 <norbert79> Topiary: You could have just asked me about my time and version :)
15:15:00 <norbert79> people nowadays...
15:15:01 <cayce> There's a ton of people that still complain about the "lack of control" that the magic autoupdating does, but I actively hate things that don't keep themselves up to date
15:15:01 <norbert79> :)
15:15:14 <norbert79> well, that's why I prefer Linux
15:15:21 <cayce> there are a few apps that doesn't need to be up to date
15:15:27 <norbert79> nothing beats package management... well, sort of :)
15:15:31 <cayce> but things that are as big an attack surface as a browser? better fucking do it
15:15:43 <joepie91> norbert79: absolutely
15:15:48 <Topiary> what
15:15:51 <joepie91> nowadays when I touch a Windows PC
15:16:01 <joepie91> I just go "wait what, why is this software outdated? oh, right..."
15:16:05 <joepie91> :|
15:16:08 <cayce> foobar2000 doesn't need to be updated, for instance, but chrome or firefox or IE? ugh
15:16:41 <norbert79> cayce: Well, I don't know, sometimes updates are nice... ProcessExplorer has been kept up-to-date, just realized, when I added it to a Windows XP VM.
15:16:42 <Topiary> curious abt the money stuff?
15:16:52 <Topiary> -lost-
15:16:57 <norbert79> Topiary: No, I am curious about your curiosity about my client :)
15:17:05 <cayce> ^
15:17:11 <joepie91> I feel like there may be a case of a client auto-doing CTCPs here?
15:17:14 <norbert79> cayce: then I realized, oh, wait, I installed it once, forgat to update it :)
15:17:16 <cayce> norbert79:) yeah, I love processxp. great shit.
15:17:26 <norbert79> joepie91: I dislike such
15:17:35 <norbert79> joepie91: auto CTCP my ... thumb
15:17:38 <Topiary> ohhh. okay telk u what, im a n00b here so yeah. until now i still dk what im doing here
15:17:42 <Topiary> xD
15:17:49 <cayce> well I haven't gotten one, so it's not auto (assuming it'd hit everyone)
15:17:50 <joepie91> norbert79: so do I, but a few clients do it
15:17:57 <norbert79> Topiary: Well, CTCP-ing is like peeking into my screen
15:18:02 <joepie91> especially OSX clients have a habit of doing this
15:18:02 <joepie91> and iOS
15:18:07 <cayce> huh
15:18:09 <Topiary> without auto correct my typing goes haywire
15:18:28 <norbert79> Topiary: Old-School IRC users don't like being CTCP-d unless approved :)
15:19:00 <joepie91> :P
15:19:00 <norbert79> Topiary: Also don't trust the results of CTCP neither all the time as it can be faked too
15:19:14 <cayce> (easily)
15:19:24 <norbert79> exactly, but sssh :)
15:19:25 <cayce> I think there's a menu to edit my responses here somewhere
15:19:26 <cayce> lol
15:19:34 * cayce pees on parade
15:19:43 <norbert79> I used to use mIRC as reply
15:19:49 <norbert79> wherever I was
15:20:01 <norbert79> I mean whereever as in whatever OS
15:20:13 <cayce> hmm I should find a twitter email and start accosting their webdev guys about their tweet button code
15:20:18 <cayce> that sounds like a good way to get a job
15:20:39 <joepie91> cayce: heh
15:20:56 <Topiary> i see so many unknown terms
15:20:59 <cayce> last time I picked it apart I found like half a kb of code that literally wasn't supported by any browser
15:21:01 <Topiary> damn...
15:21:16 <cayce> old standards that were thrown out and all major browsers went "WILL NOT IMPLEMENT"
15:21:18 <cayce> made me lol
15:21:42 <cayce> I yelled at them on twitter but of course they probably don't check that ;)
15:21:43 <norbert79> Topiary: Takes some time, but I would suggest checking the following terms like: channel, IRC networks, CTCP, DCC
15:22:13 <cayce> oh fuck I've committed a mortal sin
15:22:23 <norbert79> joepie91: Don't love me this much :)
15:22:30 <joepie91> heh
15:22:32 <cayce> returning an HSTS header on http connection
15:22:44 <cayce> (it's expressely forbidden by the spec)
15:22:55 <norbert79> ok got some work to do which is left, need to finish off...
15:23:39 <joepie91> Ryan Gubele, 27, is employed as a reliability engineer for the Twitter website [...]
15:23:43 <joepie91> http://www.scmagazine.com/alleged-anonymous-members-indicted-last-thursday-led-unassuming-lives/article/315630/
15:24:25 <Topiary> so what discussions do u guys have?
15:24:55 <cayce> code
15:24:57 <cayce> and derp
15:25:03 <cayce> and the relatively small size of my penis
15:25:50 <Topiary> oh idk anything bout code..is it like programming and stuff coz once i tried learning python and i gave up
15:26:04 <cayce> 08:25:24 up 14 days, 16:55,  4 users,  load average: 32.24, 11.18, 4.20
15:26:09 <cayce> Y U SO LOAD
15:26:16 <cayce> I'm so sorry
15:26:22 <Topiary> it seemed like gibberish
15:26:24 <cayce> yes programming stuff
15:26:33 <cayce> basic logic, mostly
15:26:41 <cayce> eventually it becomes nontrivial logic, but meh
15:27:04 <cayce> do try it again, I highly recommend learning a language
15:27:14 <cayce> even just enough to script tiny shits here and there
15:27:22 <Topiary> it seems fun but so confusing
15:27:45 <Topiary> but i hace questioned the use of learning programming
15:27:50 <Topiary> *have
15:28:00 <Topiary> probably u cld enlighten me
15:28:58 <cayce> no, I can't
15:29:18 <cayce> It teaches you too much for me to waste my time explaining why it's a good thing
15:29:20 <Topiary> mk
15:29:34 <cayce> Have you taken math?
15:30:14 <cayce> if you complete trigonometry, you're able to describe most things in the universe in an in-exact way. I highly recommend that too. (calculus if you want exact answers)
15:30:34 complex_ (complex@1FB20456.69AC617A.F6E1C77B.IP) has joined #crytocc
15:31:37 <norbert79> cayce: Errr, Neil deGrasse Tyson might disagree with you there, and many others too :)
15:31:49 <Topiary> and so do u guys render ur skills to anonymous (being an anon)
15:32:39 <cayce> this is not an "Anonymous" channel, Topiary
15:32:56 <joepie91> see topic etc.
15:32:58 <Topiary> i was just asking...
15:32:59 <cayce> ^
15:33:10 <Topiary> i know that lol
15:33:13 <cayce> No, it's not just asking, the topic is specifically forbidden
15:33:22 complex has quit (Ping timeout)
15:33:32 *** complex_ is now known as complex
15:33:39 <cayce> :P
15:33:45 <Topiary> soz man. why is it forbidden?0_o
15:33:51 <Topiary> thats just
15:34:00 <Topiary> removing the whole purpose
15:34:02 <cayce> it's not up for discussion
15:34:29 <cayce> there are many other channels on this server where it is plainly acceptable, this is not one of them
15:34:30 <Topiary> but why??? :0
15:35:04 <cayce> norbert79:) why would they disagree? Do they not understand math?
15:35:23 <norbert79> cayce: Well, let's not get into this topic, I wish to flee my workplace soon :)
15:35:31 <cayce> norbert79:) perhaps like many others they are too far into their specific study to see the broader picture
15:35:36 <cayce> hehe alright
15:36:05 <cayce> I doubt my statement for degrasse tyson, but not others. I think he would agree that everyone should learn at least trig
15:37:19 <zxcvbnm> what are you guys getting trolled ?
15:37:20 <Topiary> anyway,sayonara folks! See yall another time. and if u know JD tell him hes awesome.
15:37:30 Topiary has parted #crytocc (None)
15:37:41 * zxcvbnm is boggled w/ confusion
15:38:19 <cayce> sup?
15:39:00 * zxcvbnm just boggling. don't mind me
15:39:16 * cayce hits zxcvbnm on the head and watches the dice bounce
15:39:20 <zxcvbnm> 7!
15:39:29 <cayce> :D
15:39:36 <zxcvbnm> hehe
15:40:10 * cayce goes to prepare lunch
15:54:48 GHOSTnew has quit (Ping timeout)
15:57:46 GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc
16:11:16 <cayce> yay, people are noticing my dig at thenextweb
16:15:05 <cayce> .tw https://twitter.com/Aranjedeath/status/389774410837946368
16:15:06 <botpie91> http://b.explodie.org/1ehwCeQ > This is my dig at @TheNextWeb for their site. It's a good example of what not to do. 365 resources. 6.1mb of code. (@Aranjedeath)
16:18:29 <iceTwy> wow
16:18:33 <iceTwy> erm
16:18:48 <iceTwy> Zoned: can't atm, too much homework
16:18:51 <iceTwy> assignments, etc.
16:18:56 <Zoned> grr
16:19:00 <iceTwy> heh man
16:19:04 <iceTwy> physics + maths + bio for tomorrow
16:19:20 <iceTwy> so yeah
16:20:08 <Zoned> usuck
16:20:09 <Zoned> lol
16:23:25 <joepie91> so again
16:23:30 <joepie91> I am considering free tahoe-lafs node hosting
16:23:32 <joepie91> thoughts?
16:26:51 <Zoned> why
16:32:36 fr0z3n (fr0z3n@60F0BC49.9144D476.78C94033.IP) has joined #crytocc
16:46:20 <MK_FG> I'd think if you have N spare vps'es, then you can just start nodes there and instead of "node hosting" allow "grid access"
16:49:29 <MK_FG> cayce, norbert79, You probably heard, but wrt tls ciphers, there's interesting https://www.imperialviolet.org/2013/10/07/chacha20.html and https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-02
16:50:34 <joepie91> MK_FG: grid access is a disaster access-control-wise
16:50:40 <joepie91> for automated stuff
16:50:47 complex has quit (User quit:  Going offline, see ya! (www.adiirc.com))
16:50:49 <Zoned> joepie91, read that quickly lol
16:51:04 <joepie91> cayce: no XMPP?
16:51:10 <MK_FG> Hmm, so by hosting node you want to look at the content people upload?
16:51:21 <MK_FG> And see if it's ok and do access control?
16:51:22 <joepie91> MK_FG: no, I want to separate access to space
16:51:36 <joepie91> giving someone grid access == allowing them to use whatever they want in terms of space
16:51:54 <joepie91> giving someone a node === ability to restrict node storage space without breaking tahoe-lafs security model
16:52:00 <MK_FG> Ah, yes, that leasedb accounting stuff probably it's quite there yet
16:52:03 <joepie91> nop
16:52:21 <joepie91> MK_FG: and I've seen a "soon" milestone appear on the tahoe bugtracker
16:52:30 <joepie91> which doesn't give me much confidence as to it being implemented in the very near future
16:52:33 <joepie91> thus, this idea :)
16:53:34 <MK_FG> Yeah, easy way to make different "users" now is to run each on in it's own "grid", it seems
16:54:18 <MK_FG> But I think it should be much easier to do ad-hoc accounting still
16:55:14 <MK_FG> Like, just allow N keys in foolscap tubs (I think that's already implemented) and on each share upload, store share-id:key in some db
16:55:29 <MK_FG> Accounting in tahoe probably will do something similar...
16:55:45 <MK_FG> ...but proper implementation requires clean code, tests for everything, etc
16:55:47 <joepie91> MK_FG: I don't know much about tahoe internals but what you describe sounds like it breaks the confidentiality model?
16:55:53 <MK_FG> ad-hoc one doesn't need any of that! ;)
16:55:57 <joepie91> unless I'm missing something?
16:56:33 <MK_FG> No, why? You're running the storage node, of course you'll be able to see if/when someone uploads a share
16:56:42 <MK_FG> You don't know what's in it though
16:56:51 <MK_FG> Or what it represents at all...
16:56:54 <joepie91> right, I thought with 'key' you meant the access key
16:56:54 <joepie91> :P
16:56:58 <joepie91> like, readcap
16:57:07 <MK_FG> No no, foolscap key, from furl
16:57:21 <joepie91> anyway, MK_FG, the idea I had was using a combination of Xen (for memory deduplication) and OpenVZ (for container isolation and disk space restrictions as well as easy migration)
16:57:22 <MK_FG> Like pb://asdfg@<ip>/object
16:57:30 <MK_FG> ("asdfg" being teh key)
16:57:30 <joepie91> to set up an efficient dedicated tahoe-lafs hosting environment
16:57:31 <joepie91> and, right
16:58:27 <MK_FG> Seem like a lot of waste running one grid per user, with any kind of dedup
16:58:42 <MK_FG> But I wonder how much it'll help for N tahoe pids
16:59:25 <MK_FG> Also, maybe something lighter than xen would be ok, you won't need dedup for anything like kernel or userspace with containers like docker
16:59:37 <MK_FG> (or openvz, yeah)
17:00:12 <MK_FG> And hmmm...
17:00:49 <MK_FG> Given that I already run a few tahoe nodes for diff grids on same machine with new kernel and mem pages dedup enabled, I should probably check how well it works
17:01:04 <joepie91> MK_FG: any stats on that would be very welcome
17:01:32 <joepie91> also, afaik Xen can only dedup within a VM
17:01:35 <joepie91> not across VMs
17:01:40 <joepie91> from what I've heard so far
17:01:46 <joepie91> I don't know much about Xen so it warrants some more research
17:01:53 <joepie91> but that was my reasoning for using OpenVZ inside Xen
17:02:01 <MK_FG> Maybe xen, kvm would be a better solution of the same kind then
17:02:01 <joepie91> which should, afaik, theoretically be possible
17:02:09 <MK_FG> kvm allocates all ram for pid
17:02:17 <MK_FG> And os deduplicates pages b/w these pids
17:02:51 <joepie91> MK_FG: according to someone else, openvz could run inside xen pv
17:02:56 <joepie91> xen hvm or kvm is not a possibility
17:02:59 <MK_FG> But for tahoe, you can just run every node in the same os
17:03:02 <joepie91> because hardware VT is not always available
17:03:35 <MK_FG> I mean "same os" without containers, or maybe with just security containment like e.g. apparmor
17:04:08 <MK_FG> Surely there's no need to give each user a shell if all they have is a node?
17:04:27 <joepie91> MK_FG: the shell is for disk space restriction purposes
17:04:31 <MK_FG> openvz/docker/lxc should run just fine within hvm
17:04:34 <joepie91> and ease of migration
17:04:42 <joepie91> tahoe doesn't have disk space restriction
17:04:45 <joepie91> only reserved space
17:04:45 <joepie91> afaik
17:05:04 <MK_FG> Hmmh? If you run each node from it's uid you have fs quotas
17:05:18 <MK_FG> I.e. uid=1001 has N GiB, period
17:05:26 <joepie91> MK_FG: does that work reliably inside Xen PV?
17:05:31 <MK_FG> That's what openvz and co probably use
17:05:39 <MK_FG> Quotas? Sure
17:05:50 <MK_FG> They work with any kernel, it's just fs code
17:06:04 <MK_FG> No ties to on which hw (or vm type) it runs
17:07:18 <MK_FG> openvz/lxc/docker use uid namespace, so each container's "root" (uid=0) is mapped to some distinct uid in top-level namespace...
17:07:33 <MK_FG> ...so even if containers share filesystem, they still have distinct uid's
17:08:01 <MK_FG> And I bet they didn't invent new quota-by-uid mechanism, which'd be kinda redundant here
17:08:09 <joepie91> I see
17:08:11 <MK_FG> (and I never heard of it)
17:09:02 <MK_FG> (and parallels folks of openvz merge it all to linux anyways, so it would've been there)
17:10:34 <joepie91> okay so then theoretically
17:10:38 <joepie91> it should be possible to do Xen PV
17:10:43 <joepie91> with uid fs limits
17:10:49 <joepie91> any caveats you can think of?
17:12:08 <MK_FG> I'd further use (and I DO use it) something like apparmor to limit each tahoe node pid access to its own storage path and only system code/subset it needs
17:12:29 <joepie91> security reasons or...?
17:12:46 <MK_FG> E.g. https://github.com/mk-fg/apparmor-profiles/blob/master/profiles/opt.bin.tahoe
17:12:47 <MK_FG> Yeah
17:13:07 <MK_FG> So that if someone compromises their own node, they won't be able to mess up with the system
17:13:14 <MK_FG> And other nodes in particular
17:14:07 <MK_FG> I realize that tahoe nodes are kinda-designed to be untrusted...
17:14:17 <MK_FG> ...but grids are formed among trusted peers
17:14:48 <MK_FG> So I don't think there's that much testing on e.g. whether foolscap deserializer might have any remote execution vulns
17:14:57 <joepie91> I see
17:15:06 <MK_FG> (after all, it's secure rpc mechanism with auth)
17:15:25 <MK_FG> (so no vulns w/o auth, and with auth, who knows...)
17:15:26 <joepie91> quite a lot of useful info, thanks :)
17:15:31 <joepie91> I do have another question
17:15:33 <joepie91> unrelated to this
17:15:36 <joepie91> but about tahoe
17:15:41 <joepie91> what's the current state of MDMF?
17:15:47 <joepie91> on a scale of 1 to 10
17:15:56 <joepie91> 1 being "completely unusable/reliable" and 10 being "awesome"
17:16:44 <MK_FG> Hm, I don't think I've used mutables there much, except for top-level dirs with list of all backups, so didn't look into these closely and don't have much xp working with them
17:17:19 <MK_FG> Immutables are perfect for backups (and dedup there)... so can't comment ;)
17:17:37 <MK_FG> Didn't see any issues with these from limited exposure though
17:18:31 <MK_FG> Iirc they're just split into larger-ish blocks, as with e.g. regular zfs/ssd and these are kinda-mutable
17:18:40 <MK_FG> Having their own caps/keys
17:18:57 <joepie91> I see
17:19:05 <joepie91> sounds reliable enough for file sync
17:19:08 <MK_FG> But dunno, don't recall even reading full docs on these ;)
17:19:18 <joepie91> also, MK_FG, what are your stats on RAM usage with dedup?
17:19:39 <joepie91> just got some stats on average disk usage for storage VPSes, so now I just need to consider the RAM usage
17:19:50 <joepie91> to get an idea of how many 'slots' I can have on one server
17:21:39 <MK_FG> http://bpaste.net/raw/140419/
17:21:47 <MK_FG> Output from smem
17:22:06 <MK_FG> http://dpaste.com/1416669/plain/
17:22:20 <MK_FG> (check out what columns mean in description there)
17:22:40 <MK_FG> PSS vs RSS I think is the measure of dedup
17:25:06 <MK_FG> Which seem to be pretty much not-a-thing ;)
17:26:25 <MK_FG> Oh, "[ ] Enable KSM for page merging"
17:26:37 <MK_FG> So forget these results ;)
17:26:46 <joepie91> haha
17:26:58 <MK_FG> Weird, fairly sure I had that enabled at some point
17:26:59 <joepie91> "it doesn't dedup anything... oh wait, maybe I should plug it in first..."
17:27:16 <MK_FG> Probably disabled again when had some issues with kswapd eating cpu
17:27:34 <MK_FG> Actually, good thing
17:27:45 <MK_FG> Will enable and reboot soonishly
17:27:52 <MK_FG> Should give some baseline
17:28:18 <MK_FG> Currently, I'd say it's just python binary and .so libs that get dedup
17:28:32 <MK_FG> (given the size)
17:29:54 <MK_FG> Hmm, though I see that KSM requires pid to do madvise() with MADV_MERGEABLE
17:30:19 <joepie91> .title http://istruecryptauditedyet.com/
17:30:20 <botpie91> joepie91: Is TrueCrypt Audited Yet?
17:30:22 <MK_FG> Can bet twisted doesn't do that, python maybe can
17:30:37 <MK_FG> Easy to check..
17:31:32 <MK_FG> g -r MADV_MERGEABLE Python-2.7.5: 0 hits
17:31:48 <MK_FG> So I'd be skeptical for dedup within same vm
17:31:57 <joepie91> hmm.
17:32:03 <MK_FG> But if you run each python in its own vm, kvm does that
17:32:24 <MK_FG> So might - paradoxically - be more memory-efficient for large python pids ;)
17:33:07 <MK_FG> Or maybe there are more to KSM than that in ksm.txt in kernel Documentation dir
17:33:26 <joepie91> MK_FG: I need to assume that I can't use KVM
17:33:31 <joepie91> because likely no VT
17:34:28 <MK_FG> I wonder if hack with LDPRELOAD=libKSM.so that does madvise() after each malloc() will break stuff ;)
17:34:47 <MK_FG> I mean, what's the worst that can happen? ;)
17:35:48 <joepie91> lol
17:36:23 <MK_FG> If kernel does the right thing and cow's pages, should be fine to madvise() all the things
17:36:52 <MK_FG> (although maybe a lot of load for like 95% of stuff that really can't be merged)
17:38:17 <MK_FG> joepie91, Wrt istruecryptauditedyet.com - did you notice that zooko went for cryptocat at the same time
17:38:35 <MK_FG> It's like cyber-9/11 happened, and crypto folks went to audit all the things :P
17:39:46 <MK_FG> Also, why inotify? fanotify!
17:39:53 <MK_FG> Check out fatrace tool
17:40:07 <joepie91> cyber-9/11 DID happen, finally
17:40:20 <MK_FG> inotify is terrible with large dirs and very-very racy with something like rsync running around creating dirs
17:40:26 <joepie91> and intofiy because wide support, existing libs, documented well enough
17:40:33 <joepie91> will consider fanotify implementation later
17:40:38 <MK_FG> As it has to get fd before rsync creates files there, which is pretty much impossible
17:40:40 <joepie91> just trying to get a first working implementation done
17:41:01 <MK_FG> Makes sense too, I guess ;)
17:42:52 GHOSTnew has quit (Ping timeout)
17:49:11 GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc
18:15:46 GHOSTnew has quit (Ping timeout)
18:15:46 puhrps has quit (User quit:  Konversation terminated!)
18:17:10 mama (me@cryto-35BD8DF.csail.mit.edu) has joined #crytocc
18:17:49 GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc
18:18:34 <MK_FG> joepie91, "<zooko> Please re-send anything you wanted me to see since the last message I sent to this channel." (was wondering why there was no ack/nak on that last wtfpl statement) ;)
18:21:22 lathe (lathe@lathe.users.cryto) has joined #crytocc
18:26:57 mama has quit (User quit:  ciao ciao)
18:30:40 tintin (tintin@BC528341.BC88B0C2.A27E456C.IP) has joined #crytocc
18:34:32 foolex has quit (Ping timeout)
18:34:33 mama (me@cryto-54326F0E.ipredator.se) has joined #crytocc
18:38:25 mama has quit (Ping timeout)
18:39:52 GHOSTnew has quit (Ping timeout)
18:40:59 GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc
18:53:06 foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc
19:01:38 lblissett has quit (Ping timeout)
19:07:00 lblissett (lblissett@E8B0C89.47606522.4B0B4D05.IP) has joined #crytocc
19:11:53 mama (me@cryto-105D9F5B.torservers.net) has joined #crytocc
19:13:34 Zoned has quit (User quit:  Leaving)
19:28:07 complex (complex@complex.users.cryto) has joined #crytocc
19:28:23 <complex> anyone here know any hackers from china?
19:29:03 <complex> one of the most serious newspapers in my country reports that i should be the most aware of chinese hacktivists, even though i have never heard about one of them :P
19:29:45 <joepie91> zxcvbnm might know more?
19:30:06 <joepie91> or maybe norbert79
19:41:45 <joepie91> MK_FG: there still?
19:42:02 <MK_FG> Should be
19:42:07 <joepie91> :p
19:42:13 <joepie91> that KSM hack you were talking about
19:42:17 <joepie91> LDPRELOAD=libKSM.so
19:42:21 <joepie91> how would that work in practice?
19:42:22 <joepie91> as in
19:42:27 <joepie91> 1. is this a good idea?
19:42:34 <joepie91> 2. okay, how bad of an idea is it then?
19:42:39 <joepie91> 3. how do I enable it anyway?
19:42:40 <joepie91> :P
19:43:05 <MK_FG> As you probably know, LDPRELOAD is a thing that allows to override things like C functions
19:43:34 <MK_FG> So that you can have some libKSM intercepting malloc() (libc call to allocate more memory) and do random stuff there instead
19:43:49 <MK_FG> ....like calling libc's mallic and then doing madvise()
19:43:53 <MK_FG> *malloc
19:44:16 <MK_FG> Enabling would require writing some really simple 3-liner C lib
19:44:38 <MK_FG> Which would do that, and if madvise() fails - whatevers, no big deal
19:45:04 <MK_FG> Whether it's good idea I think depends entirely on how ksm actually works ;)
19:45:43 <MK_FG> I didn't read ksm.txt and probably only know about it from lwn and menuconfig/nconfig description
19:46:04 <MK_FG> But I think it hashes all "allowed for merge" pages in ram
19:46:14 <MK_FG> So it should a) waste a lot of ram to keep hash table
19:46:25 <MK_FG> b) take a lot of cpu to do the scans and hashing like that
19:46:36 <joepie91> the idea is that it dedups all advised pages and does a copy on write
19:46:37 <MK_FG> c) take even more cpu for copy-on-write when these desync
19:46:43 <joepie91> yeah
19:46:50 <joepie91> hm.
19:46:53 <MK_FG> It has to merge pages though
19:47:01 <MK_FG> As tahoe pids aren't forked from each other
19:47:17 <MK_FG> So it needs to actively scan ram and hash/detect same stuff
19:47:40 <MK_FG> (and forking has cow for free anyway, without ksm)
19:48:12 <MK_FG> So I think it might be generally a bad idea to make everything do ksm, but I'm a big believer in metrics ;)
19:48:20 <joepie91> heh
19:48:23 <MK_FG> So who the fuck knows, let's test the shit!
19:48:26 <joepie91> well, I just asked zooko
19:48:33 <joepie91> about running multiple nodes
19:48:35 <joepie91> in one process
19:48:44 <joepie91> <zooko>joepie91: it requires hacking, but shouldn't be too hard.
19:48:44 <joepie91> <zooko>The internals are pretty modular and O-O.
19:48:54 <joepie91> so that's the alternative
19:48:57 <joepie91> :)
19:49:20 <MK_FG> It'd save amount of ram required for py bytecode and dedup some immutable py objects like small integers, I think...
19:49:47 <MK_FG> ...but also no telling how efficient it might be w/o testing ;)
19:49:53 <joepie91> you'd be running one interpreter with one copy of each module
19:49:56 <joepie91> one event loop
19:49:59 <joepie91> (probably)
19:50:00 <joepie91> and so on
19:50:06 <MK_FG> Yeah
19:50:14 <joepie91> should dedup a lot
19:50:18 <joepie91> Python is pretty efficient
19:50:22 <joepie91> in theory
19:50:38 <joepie91> you'd basically be left with just the actual RAM usage for processing whatever data comes in and goes out
19:50:44 <joepie91> again, in theory
19:50:44 <joepie91> :p
19:50:54 <MK_FG> Weell...
19:51:11 <MK_FG> If all types are static - that's good
19:51:25 <MK_FG> Like, no shit creating ad-hoc classes
19:51:34 <MK_FG> ...and their instances
19:51:59 <MK_FG> And not that many objects
19:52:17 <MK_FG> If there are like 9000+ instances and 100 types, nothing's gained
19:53:00 <MK_FG> But that said, twisted has a lot of static types and generally conservative with extra instances, so sounds promising
19:55:23 <MK_FG> I'd look at tahoe binary - it should create application (twisted Service) instance
19:55:40 <MK_FG> And you can start however many of these with different parameters within one pid
19:56:05 <MK_FG> Unless there are some globals tahoe uses, which is kinda unlikely and probably a bug
20:26:37 LS17 (LS17@cryto-2496909C.hsd1.il.comcast.net) has joined #crytocc
20:47:10 iceTwy has quit (User quit:  Disconnecting from server)
20:47:15 iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc
20:50:22 Zoned (sexybitch@Zoned.users.cryto) has joined #crytocc
21:15:42 complex has quit (User quit:  Going offline, see ya! (www.adiirc.com))
21:18:17 norbert79_xchat (Norbi@cryto-FD58F5CC.pool.digikabel.hu) has joined #crytocc
21:43:42 <botpie91> 04FichteFoll made 2 commit(s) to 03package_control_channel on branch 10master: '02Fix sublime text version to allow v3', '02Merge pull request #2151 from rwoody/masterFix sublime text version to allow v3' (https://github.com/wbond/package_control_channel/compare/0ebe829f45...fad887484d)
21:45:44 <botpie91> 04FichteFoll made 2 commit(s) to 03package_control_channel on branch 10master: '02Add Date Formatter', '02Merge pull request #2123 from pjdietz/masterAdd Date Formatter' (https://github.com/wbond/package_control_channel/compare/080a965d47...9017774fc7)
22:05:01 LS17 has quit (Ping timeout)
22:05:04 THX1337b (THX1337b@cryto-582BCD72.us-west-1.compute.amazonaws.com) has joined #crytocc
22:06:26 THX1337b has quit (User quit:  Connection closed)
22:32:19 iceTwy has quit (Ping timeout)
22:40:39 norbert79_xchat has quit (User quit:  Leaving for now. Bye everyone!)
23:26:09 HiveResearch has quit (Ping timeout)
23:36:29 x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc
23:36:54 <Zoned> x
23:39:30 <x> Zoned
23:39:36 <Zoned> hai
23:47:26 <botpie91> 04joepie91 made 1 commit(s) to 03Envoy on branch 10feature/client-tide: '02I have no idea why I didn't track these files' (https://github.com/KnightSwarm/Envoy/compare/d56327df41...46479d5ab3)