Cryto! 11 January 2014
00:19:37 zest has quit (Ping timeout)
01:06:01 monod (none@cryto-41046937.retail.telecomitalia.it) has joined #crytocc
01:06:18 <monod> loggy, pointer?
01:06:18 <loggy> http://wire.cryto.net/logs/crytocc/2014-01-11#T01-06-18
01:06:50 <monod> hi all
01:18:20 mama has quit (Ping timeout)
01:28:31 <monod> gotta go
01:28:33 monod has quit (User quit: )
01:42:08 iceTwy has quit (Input/output error)
01:48:11 joepie91 (joepie91@cryto-3E6002EF.direct-adsl.nl) has joined #crytocc
02:39:09 Thor (numz@cryto-70E29873.torservers.net) has joined #crytocc
02:54:16 joepie91 has quit (Ping timeout)
03:05:05 tmbucky (tmbucky@cryto-A7509DED.us-west-1.compute.amazonaws.com) has joined #crytocc
03:06:26 tmbucky has quit (User quit: Connection closed)
03:28:48 joepie91 (joepie91@cryto-3E6002EF.direct-adsl.nl) has joined #crytocc
04:12:36 <joepie91> MK_FG: hai, your tahoe node seems down?
04:30:45 <MK_FG> joepie91, Yeah, hdd bricked with some "ata2: SError: { UnrecovData 10B8B BadCRC }"
04:30:57 <joepie91> MK_FG: :(
04:31:07 <MK_FG> Not the one with tahoe data though
04:31:18 <MK_FG> Just the properly backed-up system
04:31:36 <joepie91> well to be fair, tahoe HDD bricking shouldn't matter :)
04:32:05 <MK_FG> In theory ;)
04:32:17 <MK_FG> Lots of tahoe repairs are pain!
04:33:42 <MK_FG> It's weird how hdds are supposed to be better than ssd in lack of that "suddenly brick" scenario, but nope - same crappy controllers are now in both
05:30:50 Thor has quit (User quit: Quitte)
05:59:46 DrWhat (KepiaGod@cryto-270C699F.threembb.co.uk) has joined #crytocc
05:59:58 DrWhat has quit (User quit: Powered by fIRC v1.0.1 (r130) the Android IRC client.)
06:00:02 DrWhat (KepiaGod@cryto-270C699F.threembb.co.uk) has joined #crytocc
06:14:45 mint (mint@cryto-1DE70A98.dyn.optonline.net) has joined #crytocc
06:15:21 <mint> What is everyone's thoughts on Linux Mint?
06:16:16 <mint> I am curious. I've seen Joepie's blog a few times and I like his post on why windows doesn' 'work fine'
06:24:39 <DrWhat> mint, its ok, i find it basic.
06:25:02 <DrWhat> i last used it 3 years ago
06:35:24 <DrWhat> battlelog.battlefield.com/bf3/servers/show/pc/b6a25a57-3129-44a2-a81a-cccae8b39bb6/Webhallen-01-Ziba-Tower-1000-tickets/
06:35:34 <DrWhat> how have they done that then
06:35:47 <DrWhat> its a ranked server with punkbuster disabled
06:35:58 <DrWhat> thats impossible
06:36:08 <DrWhat> if pb is off ranking is diabled
06:47:24 <pzuraq> any idea how to find all the places where my PATH is set?
06:58:10 <mint> DrWhat: Now it looks amazing.
06:58:25 <mint> The menu popup is awesome and slightly transparent
06:58:35 <mint> and terminal windows are low in opacity
06:58:37 <joepie91> mint: I've heard a few good things about Mint, but personally it's a turn-off for me that it's based on Ubuntu
06:58:51 <joepie91> pzuraq: how do you mean?
06:58:54 <mint> joepie91: It really isn't Ubuntu at all
06:59:08 <joepie91> all the places that your PATH is set to _in your current session_, or all possible PATH settings on your system?
06:59:35 <joepie91> mint: afaik they use a bunch of upstream stuff, and I don't like the (lack of) stability of Ubuntu :)
06:59:35 <pzuraq> joepie91: Was trying to remove RVM but it kept showing up in the path. Restarted my computer and it's all good now :)
06:59:41 <pzuraq> shoulda done that sooner
06:59:42 <mint> The windows look completely different, the settings are different, the bottom bar looks different
06:59:48 <mint> not even the same settings
06:59:49 <joepie91> I also don't think Mint has something like the opensuse build service
06:59:57 <joepie91> mint: don't care about looks, I run XFCE anyway
07:00:06 <joepie91> it's about the technical/functional aspect
07:00:14 <joepie91> in particular stability
07:00:23 <joepie91> pzuraq: RVM?
07:00:33 <joepie91> isn't that a Ruby thing
07:00:37 <pzuraq> it's a ruby version manager
07:00:41 <joepie91> urgh
07:00:41 <pzuraq> I prefer rbenv
07:00:42 <joepie91> yeah
07:00:44 <joepie91> well
07:00:48 <joepie91> I'm not sure which of the two it was
07:00:57 <joepie91> but either RVM or rbenv was a complete disaster last time I used it
07:01:10 <pzuraq> rbenv is nice and simple
07:01:18 <pzuraq> RVM seems to be terrible
07:01:22 <joepie91> I'm sure it makes sense to Ruby devs
07:01:29 <joepie91> but I'm not a Ruby dev and have no intention of becoming one
07:01:32 <joepie91> I just want to run $thing
07:02:04 <joepie91> anyway, mint, the issue I'm constantly seeing with Ubuntu is poor quality control of updates
07:02:10 <joepie91> both package updates and distro upgrades
07:02:36 <joepie91> my personal experience has been them shipping a non-wubi-compatible kernel to wubi setups
07:02:42 <joepie91> thus bricking the entire OS
07:02:47 <joepie91> (and they did that several times in a row, too)
07:02:57 <mint> joepie what distro do you like most? what is your linux of choice?
07:03:06 <joepie91> I've heard many update woes from others, and even package updates tend to wreak havoc apparently
07:03:12 <joepie91> mint: for desktop usage, openSUSE
07:03:14 <joepie91> Debian for servers
07:03:31 <mint> lm really looks like openSUSE i think
07:03:52 <joepie91> mint: it's important to realize that opensuse is not a single-environment distro :)
07:04:00 <joepie91> (and not, despite what people often say, a "KDE distro")
07:04:12 <joepie91> linux mint is primarily based on Cinnamon
07:04:20 <joepie91> and that is what you're assumed to use in most cases
07:04:33 <joepie91> opensuse ships with GNOME3, KDE, XFCE and LXDE
07:04:37 <joepie91> and all are basically equally supported
07:04:55 <joepie91> it used to be a KDE distro but that's a loooooong time ago
07:05:04 <joepie91> I think they stepped off that in 10.x
07:05:04 <mint> true
07:05:46 <joepie91> afaik Mint's "flavours" (XFCE etc.) are like Ubuntu's flavours
07:05:51 <pzuraq> joepie91: Are the instability issues in Ubuntu that common? I've never had issues, always had it work ootb
07:05:51 <joepie91> technically they exist, as a separate distro
07:05:55 <joepie91> but you're not assumed to use them
07:06:02 <joepie91> and they're treated as "alternatives" rather than "options"
07:06:13 <joepie91> pzuraq: yes.
07:06:27 <joepie91> you might want to knock on wood :P
07:06:40 <Ari> do you guys do foo == false or false == foo?
07:06:56 <joepie91> foo === false
07:06:58 <joepie91> >:P
07:06:59 <joepie91> :P *
07:07:27 <pzuraq> Ari: the first one
07:07:41 <Ari> most people do
07:07:48 <Ari> second is just typo padding i guess
07:08:45 <joepie91> Ari: the idea behind value == variable is to prevent accidental assignments instead of equality testing
07:08:57 <joepie91> because false = foo will throw a compile-time error
07:09:02 <Ari> yeah exactly
07:09:09 <Ari> but like
07:09:10 <Ari> why not
07:09:16 <Ari> !foo
07:09:31 <pzuraq> I dot that a lot
07:09:39 <joepie91> but given that A. that makes no semantic sense and B. one of the languages I work in lets you redefine True and False (Python) and C. there's no such thing as "compile time" in the languages I use.... that is kind of pointless for me
07:10:03 <pzuraq> also, is fugly
07:10:06 <pzuraq> :p
07:10:09 <Ari> wait what
07:10:12 <joepie91> pzuraq: see A
07:10:23 <Ari> I thought they removed assigning to t/f in python..
07:10:30 <joepie91> Ari : in Python 3, yes
07:10:31 <joepie91> I use Python 2
07:10:46 <Ari> aah.
07:10:47 <joepie91> <Ari>why not
07:10:47 <joepie91> <Ari>!foo
07:10:51 <joepie91> this is not always as raedable
07:10:52 <joepie91> readable *
07:10:52 <Ari> so
07:10:54 <Ari> if not foo
07:10:58 <Ari> instead of
07:11:01 <Ari> if foo == false
07:11:02 <joepie91> it's sometimes better to write it out explicitly, for clarity and ease of reading
07:11:12 <Ari> not seems even clearer
07:11:12 <joepie91> False, not false
07:11:13 <Ari> but yeah
07:11:14 <joepie91> but yes
07:11:15 <joepie91> not
07:11:15 <Ari> i understand
07:11:17 <joepie91> is the way to go really
07:11:19 <Ari> mhm
07:11:28 <joepie91> but in languages where it's !, that's often not very readable
07:11:32 <joepie91> it depends on the language really
07:11:39 <joepie91> there's not one right cross-language answer
07:13:19 <pzuraq> I read ! as not now
07:13:28 <pzuraq> so if there is no not, I go for !
07:13:43 <pzuraq> but that's because I have spent too much time with JS
07:13:51 <joepie91> pzuraq: keep in mind that you should be writing what is most readable to _people_, not to _you_ :)
07:14:02 <joepie91> similarly, always keep in mind that you're developing for others, not yourself
07:14:09 <pzuraq> true
07:14:22 <joepie91> (which is almost always the case - even personal projects tend to be copypasted into public stuff later on)
07:14:29 <pzuraq> and I like to think my code is very readable and sensible
07:14:45 <pzuraq> so which would you use, !foo or foo == false?
07:15:01 <joepie91> I normally go for foo === false in PHP/JS
07:15:10 <joepie91> in Python, usually 'not'
07:15:27 <pzuraq> mm
07:15:33 <joepie91> oh, by the way
07:15:37 <joepie91> pzuraq, http://thejh.net/misc/website-terminal-copy-paste
07:16:38 <DrWhat> joe does cphp support mod rewrite
07:16:55 <joepie91> DrWhat: define "support mod rewrite"
07:16:59 <pzuraq> joepie91: Yeah, saw this once
07:17:00 <DrWhat> also cgit is 500 ing
07:17:05 <pzuraq> slightly terrifying
07:17:12 <joepie91> DrWhat: quite possibly, cgit is kind of shit
07:17:38 <joepie91> there, fixed
07:17:43 <joepie91> pzuraq: indeed
07:18:05 <DrWhat> i want to make a minamilstic blog both in code and looks
07:18:27 <DrWhat> but also want to make it seo freindly eith uri rewriting
07:18:32 <Ari> DrWhat: look into Haml and Sass
07:18:34 <Ari> it's beautiful
07:18:46 <DrWhat> ok tha ks
07:19:01 <joepie91> DrWhat: you don't need URL rewriting for that
07:19:13 <joepie91> but yes, CPHP does what you want
07:19:16 <joepie91> that's what the router is for
07:19:48 <joepie91> only httpd config is a FallbackResource (Apache 2.4+), fallback mod_rewrite rules (older Apache), server.error-handler-404 (lighttpd) or whatever the equivalent in nginx is
07:19:58 <joepie91> CPHP handles the rest of the parsing etc.
07:20:55 <DrWhat> ok
07:47:22 Ari has quit (User quit: Leaving)
08:12:53 ElectRo` (x@cryto-11FFD52D.foebud.org) has joined #crytocc
08:16:29 Cryto111 (Cryto111@cryto-596113D.rev.sfr.net) has joined #crytocc
08:18:46 mint has quit (User quit: Leaving)
08:19:32 Cryto111 has quit (User quit: Page closed)
08:43:58 <DrWhat> lol
08:44:05 <DrWhat> there was a guy i. here called mint
08:44:18 <DrWhat> i bet hese pissed with how many times you guys said mint
09:00:13 <joepie91> never knew you could do this as a file: http://www.cyberciti.biz/faq/linux-add-a-swap-file-howto/
09:37:26 zest (zest@F1987B83.AC927571.8EAF9109.IP) has joined #crytocc
09:48:40 zest has quit (Ping timeout)
10:12:20 DrWhat has quit (Client exited)
10:23:56 zest (zest@cryto-14F170CB.snydernet.net) has joined #crytocc
10:27:30 zest has quit (Ping timeout)
10:40:28 Moh has quit (Ping timeout)
10:42:33 iceTwy (iceTwy@iceTwy.users.cryto) has joined #crytocc
10:43:57 <iceTwy> ah, well, this is one of those sad days again
10:55:23 Amineddz (Amineddz@B9CDCD9A.715D7A33.1896E47.IP) has joined #crytocc
10:57:09 oka (oka@7CB60438.4DDE2936.AC87F901.IP) has joined #crytocc
10:57:39 <oka> هيه
10:58:17 <Amineddz> hi oka
10:58:23 <oka> صحيت
10:58:44 <Amineddz> IP rahi hexadicemal kho
10:58:55 <oka> مايهمش
10:59:00 <oka> اي بلاد ميكي
11:01:31 <Amineddz> wth wach dkhl blad micky yaw 3bad micky
11:02:13 <oka> منعرف بصح يبان سخون الحال ليوم
11:03:51 <Amineddz> قالك باربعاد راح يجي البرد
11:03:56 <Amineddz> سميقري ربي يستر
11:04:24 <oka> ان شاء الله
11:04:41 <oka> ياي مابقاش لمان ياو
11:04:59 <oka> مع برنامج يصور الشاشة ماتسلكش خلاص
11:05:23 <oka> ويندوز يصور وحدو تلقائيا ساعات
11:09:00 <oka> ايفون وﻻ اندرويد كيفكيف
11:09:47 <joepie91> what
11:10:06 <joepie91> oka, amanda_s4942, I'm pretty sure you're in the wrong channel
11:10:26 <oka> ههههههههههه
11:10:49 <oka> اسمع انا مانيش مالف ندردش هنا بزاف
11:11:16 <oka> بسك الناس مايعرفوهاش
11:11:51 <joepie91> oka, I have no idea what you're saying
11:11:55 <joepie91> but this is an English channel
11:12:33 <oka> علاه ماتروحش تبيع اللفت مش خير؟
11:12:41 <oka> اي بلاد ميكي
11:18:21 crytoweb372 (crytoweb37@7CB60438.4DDE2936.AC87F901.IP) has joined #crytocc
11:18:38 crytoweb372 has quit (User quit: Page closed)
11:18:45 oka (oka@7CB60438.4DDE2936.AC87F901.IP) has joined #crytocc
11:18:59 <oka> بصح مش حكاية خلاص
11:19:07 <joepie91> oh jesus christ
11:19:30 <Amineddz> hi all what you have for subject here ??
11:19:36 <joepie91> .welcome Amineddz
11:19:36 <botpie91> Amineddz: welcome to #crytocc! Please be aware that this channel is publicly logged, and make sure to read the rules in the channel topic. You may hide messages from the public logs by prefixing them with [off].
11:23:44 foolex has quit (Ping timeout)
11:24:08 <joepie91> http://owely.com/01nlLyB
11:24:10 <joepie91> whoop
11:25:58 crytoweb207 (crytoweb20@cryto-91A00DD0.torservers.net) has joined #crytocc
11:26:14 <crytoweb207> صاي رجعت !!
11:26:23 foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc
11:26:41 <crytoweb207> علاه مايسيبورتيوش العربية هذو
11:27:24 <joepie91> you have got to be fucking kidding me
11:27:37 <joepie91> crytoweb207: get the fuck out
11:27:55 <crytoweb207> لاه تع باباك هذي؟
11:28:40 <crytoweb207> مليحة نحط روبو هنا ونخليك تودر وقتك معاه
11:29:42 foolex has quit (Ping timeout)
11:29:57 crytoweb824 (crytoweb82@5F0885F8.545AC356.4472014D.IP) has joined #crytocc
11:30:28 <crytoweb824> HI
11:31:24 <joepie91> .welcome crytoweb824
11:31:25 <botpie91> crytoweb824: welcome to #crytocc! Please be aware that this channel is publicly logged, and make sure to read the rules in the channel topic. You may hide messages from the public logs by prefixing them with [off].
11:32:33 <crytoweb824> what do you talk about here ?
11:33:05 <Amineddz> i think about D-Link Devices UPnP SOAP Telnetd Command Execution !
11:33:09 <joepie91> crytoweb824: programming, mostly.
11:33:26 <joepie91> Amineddz: read the rules in the topic
11:34:00 <Amineddz> where is Topic ! joepie91
11:34:15 <joepie91> ...
11:34:21 <joepie91> Amineddz: it's on your screen.
11:34:29 <joepie91> at the top of the page.
11:35:04 <Amineddz> Ok im sorry ,
11:35:41 <crytoweb824> Cryto Coding Collective
11:36:38 <crytoweb824> kach ZD's hna
11:38:03 Amineddz has quit (Ping timeout)
11:38:48 <crytoweb824> )
11:38:56 crytoweb824 has quit (User quit: Page closed)
11:45:04 foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc
12:05:03 ttmbRAT (ttmbRAT@cryto-705F0D89.us-west-1.compute.amazonaws.com) has joined #crytocc
12:06:24 ttmbRAT has quit (User quit: Connection closed)
12:09:41 zest (zest@cryto-5270CF27.rev.poneytelecom.eu) has joined #crytocc
12:31:23 zest has quit (Ping timeout)
13:00:24 foolex has quit (Ping timeout)
13:04:53 <iceTwy> erm.
13:10:27 foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc
13:24:26 <joepie91> hai iceTwy!
13:24:43 <joepie91> iceTwy: http://remotestorage.io/
13:26:22 <iceTwy> joepie91: wtf Intel: http://www.theverge.com/2014/1/6/5282472/intel-announces-edison-a-computer-the-size-of-an-sd-card
13:30:09 <joepie91> iceTwy: tbh, I don't see what the fuss is about
13:31:21 <joepie91> bb
13:31:22 <joepie91> brb *
13:34:45 DrWhat (KepiaGod@cryto-270C699F.threembb.co.uk) has joined #crytocc
13:34:53 <DrWhat> weeee
13:49:27 <joepie91> back
13:49:28 <joepie91> hai DrWhat
14:25:28 DrWhat has quit (Client exited)
15:08:35 iceTwy has quit (Ping timeout)
15:17:48 foolex has quit (Ping timeout)
15:20:30 foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc
15:29:59 <MK_FG> Every single sd card kinda have a computer in it already ;)
15:37:40 hrh23 has quit (Input/output error)
15:38:03 hrh23 (trubo@hrh23.users.cryto) has joined #crytocc
15:43:49 <joepie91> The information that a client needs to receive in order to be able
15:43:49 <joepie91> to connect to a server SHOULD reach the client as described in the
15:43:49 <joepie91> 'bearer token issuance' sections below. It consists of:
15:43:57 <joepie91> why do they always need to use complex grammar in specs
15:44:05 <joepie91> absolutely no need for that
15:48:24 <MK_FG> Hm, are you writing remotestorage.js backend?
15:52:32 <joepie91> MK_FG: planning to, yes
15:52:47 <joepie91> my brain tuned out at section 11
15:53:09 <MK_FG> I think they actually simplified it since 2011 draft
15:53:22 <MK_FG> Recall it being much longer
15:53:30 <joepie91> When the user gestures she wants to use a certain application whose
15:53:31 <joepie91> manifest is present on the dashboard, the dashboard SHOULD redirect
15:53:31 <joepie91> to the application or open it in a new window. To mimic coming back
15:53:31 <joepie91> from the OAuth dialog, it MAY add 'access_token' and 'scope'
15:53:31 <joepie91> parameters to the URL fragment.
15:53:37 <joepie91> ... URL fragment?
15:53:46 <joepie91> that makes no sense
15:53:56 <MK_FG> That means after #
15:54:01 <joepie91> I know
15:54:01 <MK_FG> Accessible to js
15:54:20 <MK_FG> Oh, you mean why it's "MAY"?
15:54:24 <joepie91> is it even possible to issue for example a 301 redirect to something with a URL fragment
15:55:13 <MK_FG> I'd think it should be rather 302 in this case
15:55:21 <joepie91> er 302
15:55:26 <joepie91> question remains
15:55:27 <MK_FG> But should be possible, of course
15:56:50 <joepie91> To prevent man-in-the-middle attacks, the use of https instead of
15:56:51 <joepie91> http is important for both the interface itself and all end-points
15:56:51 <joepie91> involved in webfinger, OAuth, and (if present) the storage-first
15:56:51 <joepie91> application launch dashboard.
15:56:51 <joepie91> bah
15:59:02 <joepie91> Where the use of bearer tokens is impractical, a user may choose to
15:59:02 <joepie91> store documents on hard-to-guess URLs whose path after
15:59:02 <joepie91> <storage_root> starts with '/public/', while sharing this URL only
15:59:02 <joepie91> with the intended audience. That way, only parties who know the
15:59:02 <joepie91> document's hard-to-guess URL, can access it. The server SHOULD
15:59:02 <joepie91> therefore make an effort to detect and stop brute-force attacks that
15:59:02 <joepie91> attempt to guess the location of such documents.
15:59:06 <joepie91> ................
15:59:08 <joepie91> why
15:59:11 <MK_FG> Amazingly enough, 2011 spec seem to be still supported, just "deprecated"
15:59:11 <joepie91> for $deity's sake
15:59:14 <joepie91> is there not a 'public' flag
15:59:35 <joepie91> I do not like security through obscurity being literally in the spec
16:00:11 <MK_FG> Is it really?
16:00:18 <joepie91> MK_FG: yes, see aove
16:00:20 <joepie91> above *
16:00:24 <MK_FG> I mean, token is also part of the same http request
16:00:26 <MK_FG> Same as url
16:00:27 <joepie91> everything is available through a public URI
16:00:28 <joepie91> no
16:00:32 <joepie91> tokens don't count for public reqs
16:00:37 <joepie91> that relies entirely on not being able to guess filenames
16:00:40 <joepie91> and does not allow listing dirs
16:00:51 <joepie91> public reqs are 'anonymous' in that they do not require any form of auth
16:00:56 <joepie91> and apparently all docs are public by default
16:00:57 <MK_FG> And tokens rely on not listing tokens
16:01:00 <joepie91> and there is no way to make them not be
16:01:09 <MK_FG> Tahoe also relies on unguessable urls, for instance
16:01:17 <joepie91> MK_FG: not quite
16:01:28 <joepie91> tahoe separates the unguessable URLs from the human-readable filesystem
16:01:35 <joepie91> remoteStorage does not
16:01:42 <joepie91> thus you get to pick
16:01:45 <joepie91> either sensible names
16:01:50 <joepie91> or unguessable gibberish
16:02:12 <MK_FG> Um
16:02:29 <MK_FG> So you have unguessable gibberish as an url of some file in both cases
16:02:43 <joepie91> MK_FG: no, you don't
16:02:47 <MK_FG> Sure, you can build a nicely-titled link wherever
16:02:51 <joepie91> in tahoe you can have a base directory
16:02:58 <joepie91> with a sensible filesystem structure
16:03:07 <joepie91> you cannot do that with remoteStorage without foregoing security
16:03:08 <MK_FG> Base will still have gibs
16:03:14 <joepie91> which is fine if it's hardcoded
16:03:17 <joepie91> in a config
16:03:18 <joepie91> or whatever
16:03:36 <joepie91> the problem is the lack of an abstraction
16:03:48 <joepie91> from a developer point of view, this is a nightmare to do securely
16:04:01 <joepie91> because you need to keep track of all your files separately
16:04:51 <joepie91> and that doesn't even touch on the fact that tahoe-lafs has secure random cap generation
16:05:00 <MK_FG> Hmmh
16:05:02 <joepie91> remoteStorage provides 0 resources for that
16:05:02 hrh23 has quit (Ping timeout)
16:05:05 <joepie91> and in almost all cses
16:05:07 <joepie91> cases *
16:05:11 <joepie91> people will end up doing insecure crap
16:05:18 <joepie91> this is an awful idea
16:05:20 hrh23 (trubo@hrh23.users.cryto) has joined #crytocc
16:05:33 <joepie91> brb
16:07:48 <MK_FG> I think I see your point
16:09:21 <MK_FG> Wonder if you can even address such thing sanely in a spec though - describng some specific algo to generate such caps and store file metadata sounds almost like a book of tahoe docs in the spec ;)
16:20:35 <joepie91> MK_FG: hence, public flag
16:20:43 <joepie91> entire problem solved
16:20:54 <joepie91> you already have to store the content-type anyway
16:20:59 <joepie91> so some kind of metadata store is required
16:21:15 <joepie91> might as well have a 'public' flag that indicates whether it may be accessed over the public URI
16:22:58 <MK_FG> Um, but the whole thing with unguessable urls is to be able to link the thing from wherever directly
16:23:07 <joepie91> MK_FG: ?
16:24:52 <MK_FG> Well, the way I kinda-remember it, /public/ is for stuff you want to link directly, and it's app's or user's (if app delegates that) pick if you use (or should use) unguessable name there so it won't be that kind of public
16:25:23 <joepie91> MK_FG: and a flag is a worse solution because...?
16:25:28 <MK_FG> So sure, you either get security or a nice name there
16:26:02 <MK_FG> And if you store stuff under "/wherever/guessable_whatever", you don't get security with a flag either?
16:26:13 <MK_FG> (if you still want it to be linkable)
16:26:33 <joepie91> ...
16:26:37 <joepie91> <MK_FG>(if you still want it to be linkable)
16:26:42 <joepie91> the point of it not having a public flag
16:26:45 <joepie91> is that it isn't linkable
16:26:49 <joepie91> :|
16:26:58 <joepie91> and only accessible over an authenticated interface
16:27:36 <MK_FG> Mmm
16:27:47 <MK_FG> Still trying to parse that
16:28:34 <MK_FG> By "public flag" I think you mean some attr you can set for URL so it'd be "public", no?
16:28:55 <joepie91> by public flag I mean that the object can be accessed over the /public/ interface which does not require authentication
16:29:06 <MK_FG> Any object?
16:29:08 <joepie91> if it is not set, it can only be accessed over the regular (authenticated) private interface
16:29:15 <joepie91> any file node
16:29:18 <joepie91> or data node, rather
16:31:11 <MK_FG> And url of that node under /public/ should be generated securely as specified in spec?
16:31:36 <joepie91> not necessarily
16:31:39 <MK_FG> Or it'd be /public/my/data/node
16:31:40 <joepie91> if it's public, it's public
16:31:47 <joepie91> so the guessability won't matter
16:31:55 <joepie91> if it's not public, it wasn't accessible through the interface in the first place
16:33:02 <MK_FG> Oh, so you argue that there only needs to be fully-public-or-not thing, no "public if you get a link only" thing
16:33:30 <MK_FG> So no point in such obfuscation
16:38:41 <joepie91> MK_FG: https://github.com/remotestorage/spec/issues/57
16:38:45 <joepie91> MK_FG: pretty much
16:38:52 <joepie91> hell, add ephemeral URLs if you want
16:38:55 <joepie91> but it's not even necessary
16:39:03 <joepie91> that would significantly complicate the spec
16:39:13 <joepie91> as you'd have to deal with expiry and all that crap
16:39:46 <MK_FG> Also two urls to same thing doesn't sound like a good idea in general
16:40:20 <MK_FG> Hmm
16:40:54 <MK_FG> I didn't get "was somewhat unpleasantly surprised to find that apparently all files stored in a remoteStorage endpoint are publicly accessible by default" from all of the above ;)
16:41:16 <joepie91> ah
16:41:19 <joepie91> oh
16:41:20 <joepie91> sarcasm?
16:41:20 <joepie91> idk
16:41:24 <joepie91> sarcasm + internet = boom
16:41:34 <joepie91> brain failure beep beep beep
16:41:42 <MK_FG> "Where the use of bearer tokens is impractical, a user may choose to store documents on hard-to-guess URLs whose path after <storage_root> starts with '/public/' ..."
16:42:01 <joepie91> I hope I'm misreading
16:42:06 <MK_FG> So unless you choose to store stuff as public, you most certainly don't have to
16:42:28 <MK_FG> I actually recall addressing the similar thing for performance...
16:42:56 <MK_FG> https://github.com/remotestorage/django-remotestorage#storage--webdav -- check out "Do not" at the bottom there
16:43:45 <joepie91> man
16:43:48 <joepie91> this is all too confusing
16:43:51 <joepie91> they really need to clarify this :P
16:43:59 <MK_FG> So you can misconfigure stuff to not check Auth header, but otherwise you can't just access anything...
16:44:13 <joepie91> it's also not like the /public/ interface is documented in the API docs or anything
16:44:16 <joepie91> :|
16:44:39 <joepie91> MK_FG: I'm still torn on how to interpret it
16:45:47 <MK_FG> I'm probably as confused at this point by all above as you are and not sure what we're still talking about :P
16:46:02 <joepie91> haha
16:46:04 <MK_FG> So guess I'll shut up to not add any more of it
16:46:26 x (foobar@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc
16:47:14 <joepie91> https://storage.5apps.com/joepie91/public/shares/140111-1646-housey.png
16:47:15 <joepie91> meh
16:49:12 <MK_FG> Actually, I think I might be misleading you as I only know 2011 spec, and latest one might just allow everything - I just don't know it
16:49:29 <MK_FG> That django thing is for 2011 spec, never got around to updating it to support latest one
16:49:42 <joepie91> mmm
16:49:56 <joepie91> MK_FG: unrelated, do you know of anything for Tornado in terms of OpenID server
16:50:10 <joepie91> or am I going to implement my own again
16:50:10 <joepie91> lol
16:50:18 <joepie91> not sure I want to but okay
16:50:19 <MK_FG> No, never touched openid really
16:50:44 <MK_FG> Did you look at Persona thing btw?
16:51:20 <joepie91> meh
16:51:28 <MK_FG> OpenID iirc forces a rather inferior (to Persona) schema with some extra unnecessary lock-in, but I don't recall more specifics
16:55:18 <joepie91> mm
16:55:24 <joepie91> guess I'll have to read more tomorrow
16:57:12 <MK_FG> I probably was reading it bad, but iirc I got "aha! that's why it's better" moment not while *reading* how it works, but watching Dan Callahan (of mozilla) talk about it at some conf
16:57:46 <MK_FG> I think it was like 30min and explained it perfectly, but that's just my xp, of course ;)
16:58:45 <MK_FG> (or maybe it was more useful because there was explicit openid comparison and brain works better at comparing to something known already)
16:59:54 <joepie91> MK_FG: https://github.com/remotestorage/spec/issues/57#issuecomment-32100963
17:00:00 <joepie91> looks like we were both half right
17:00:01 <joepie91> lol
17:02:04 <joepie91> link me the talk if you find it, MK_FG :P
17:02:36 <MK_FG> https://www.youtube.com/watch?v=nJff23UdNAI
17:03:05 <joepie91> also, MK_FG, an interesting discussion has surfaced here: http://www.reddit.com/r/lolphp/comments/1twal5/really_php_really/
17:03:17 <joepie91> I see
17:03:21 <joepie91> that's on my to-watch list for when I wake up
17:03:22 <joepie91> thanks :)
17:06:41 <MK_FG> Hm, I don't see why michiel linked to 2011.04 spec where /public was not special and required Auth header (as I understand it)
17:07:31 <MK_FG> You seem to say that "apparently all files stored ... are publicly accessible by default", which wasn't true back then either!
17:08:02 <MK_FG> In fact, was especially not true, as every request needed that auth header
17:08:14 <MK_FG> /public or not...
17:09:57 <MK_FG> Oh, I see EDIT
17:10:05 <MK_FG> And I guess he was replyng to that
17:10:09 <MK_FG> So nevermind ;)
17:15:21 joepie91 has quit (Ping timeout)
17:55:25 crytoweb963 (crytoweb96@cryto-EB13E417.plebia.org) has joined #crytocc
17:55:59 crytoweb963 has quit (User quit: Page closed)
18:18:20 Ari (Ari@Ari.users.cryto) has joined #crytocc
18:43:07 Ari has quit (haless.cryto.net nexus.cryto.net)
18:43:07 hrh23 has quit (haless.cryto.net nexus.cryto.net)
18:43:07 ElectRo` has quit (haless.cryto.net nexus.cryto.net)
18:43:07 ^Xires has quit (haless.cryto.net nexus.cryto.net)
18:43:07 c0y has quit (haless.cryto.net nexus.cryto.net)
18:43:07 MK_FG has quit (haless.cryto.net nexus.cryto.net)
18:43:07 pzuraq has quit (haless.cryto.net nexus.cryto.net)
18:43:07 soxfive has quit (haless.cryto.net nexus.cryto.net)
18:43:07 achus has quit (haless.cryto.net nexus.cryto.net)
18:43:07 twitchyliquid64 has quit (haless.cryto.net nexus.cryto.net)
18:43:07 lysobit has quit (haless.cryto.net nexus.cryto.net)
18:43:07 SpaghettiCode has quit (haless.cryto.net nexus.cryto.net)
18:44:49 Ari (Ari@Ari.users.cryto) has joined #crytocc
18:44:49 hrh23 (trubo@hrh23.users.cryto) has joined #crytocc
18:44:49 ElectRo` (x@cryto-11FFD52D.foebud.org) has joined #crytocc
18:44:49 ^Xires (xires@cryto-FE316B49.feedthetrolls.net) has joined #crytocc
18:44:49 c0y (c0y@5E67662.9D07014B.251D49E0.IP) has joined #crytocc
18:44:49 soxfive (soxfive@soxfive.users.cryto) has joined #crytocc
18:44:49 MK_FG (MK_FG@MKFG-91968.users.cryto) has joined #crytocc
18:44:49 pzuraq (pzuraq@cryto-BAE76FBA.hsd1.ca.comcast.net) has joined #crytocc
18:44:49 achus (achus@achus.users.cryto) has joined #crytocc
18:44:49 twitchyliquid64 (twitchyliq@cryto-4C6807BE.cinfuserver.com) has joined #crytocc
18:44:49 lysobit (musalbas@localhost) has joined #crytocc
18:44:49 SpaghettiCode (pasta@code.bonanza) has joined #crytocc
19:11:38 iceTwy (iceTwy@iceTwy.users.cryto) has joined #crytocc
19:17:23 Coyote (Coyote@cryto-F822BC55.rev.sfr.net) has joined #crytocc
19:17:29 Coyote has quit (User quit: Coyote)
19:37:35 Cypher (Cypher@Cypher.users.cryto) has joined #crytocc
19:38:02 <iceTwy> holy shit OHLY SHIT HOLYSHIT
19:38:16 <iceTwy> Zhou Tonged is releasing an album in early 2014!1
19:43:19 staticsafe has quit (Ping timeout)
19:43:31 staticsafe (ss@cryto-56866F57.asininetech.com) has joined #crytocc
19:43:32 Goochy has quit (Connection reset by peer)
19:44:23 Sonic has quit (Ping timeout)
19:44:28 Sonic (Mcloven@cryto-9F42E372.static.internode.on.net) has joined #crytocc
19:47:54 Goochy (coolstory@cryto-E510ECB4.perfect-privacy.com) has joined #crytocc
20:05:04 THX1337b (THX1337b@cryto-D996B9AE.us-west-1.compute.amazonaws.com) has joined #crytocc
20:06:26 THX1337b has quit (User quit: Connection closed)
21:42:22 x has quit (Ping timeout)
21:42:51 mama (me@37EBD46F.66539DA9.F2BBAEEC.IP) has joined #crytocc
22:44:13 Cypher has quit (Ping timeout)
22:47:19 Cypher (Cypher@Cypher.users.cryto) has joined #crytocc
22:50:08 <Cypher> .ping 8.8.8.8
22:50:09 <botpie91> Response times: 0.826ms, 0.823ms, 0.824ms, 0.819ms
22:50:10 <botpie91> Statistics: min 0.819, avg 0.823, max 0.826, mdev 0.002, packet loss 0%
23:18:20 Cypher has quit (User quit: Leaving)
23:18:54 Cypher (Cypher@Cypher.users.cryto) has joined #crytocc
23:47:45 Cypher has quit (User quit: Leaving)