[00:06] I'm thinking that using http://www.twospy.com/galleriffic/#1, then some custom code to generate the static html based on a directory structure seems to be about as simple as it can be [00:27] *** ballen has quit IRC (Remote host closed the connection) [00:27] *** ballen has joined #arpnetworks [00:27] *** ChanServ sets mode: +o ballen [00:30] *** ballen has quit IRC (Read error: Connection reset by peer) [00:30] *** ballen has joined #arpnetworks [00:30] *** ballen has quit IRC (Changing host) [00:30] *** ballen has joined #arpnetworks [00:30] *** ChanServ sets mode: +o ballen [00:34] *** ballen has quit IRC (Read error: Connection reset by peer) [00:37] *** ballen has joined #arpnetworks [00:37] *** ChanServ sets mode: +o ballen [00:46] *** ballen_ has joined #arpnetworks [00:46] *** ballen_ has quit IRC (Changing host) [00:46] *** ballen_ has joined #arpnetworks [00:46] *** ChanServ sets mode: +o ballen_ [00:49] *** ballen has quit IRC (Ping timeout: 240 seconds) [00:50] *** ballen_ has quit IRC (Ping timeout: 272 seconds) [01:01] *** fink has quit IRC (Quit: fink) [03:13] *** mattx86 has quit IRC (Ping timeout: 240 seconds) [03:17] *** mattx86 has joined #arpnetworks [03:21] *** mattx86 has quit IRC (Ping timeout: 240 seconds) [03:31] *** mattx86 has joined #arpnetworks [03:45] *** mattx86 has quit IRC (Quit: Leaving) [03:45] *** mattx86 has joined #arpnetworks [04:07] *** mattx86 has quit IRC (Quit: Leaving) [04:08] *** mattx86 has joined #arpnetworks [04:11] *** mattx86 has quit IRC (Client Quit) [04:11] *** mattx86 has joined #arpnetworks [04:14] *** mattx86 has quit IRC (Client Quit) [05:05] *** nerdd has joined #arpnetworks [05:07] *** nerdd_ has quit IRC (Ping timeout: 276 seconds) [06:44] *** heavysixer has joined #arpnetworks [06:44] *** ChanServ sets mode: +o heavysixer [07:36] Hey guys [07:36] hey [07:36] Just the guy I wanted to get ahold of! [07:36] in what sense? :) [07:37] I want to run my (untrusted) users in a separate jail. But I've got into problems when I'm running an identd on the host [07:37] Specifically the identd on the host listens to all available IPs [07:37] And that's not good [07:37] well - the WTF there is "identd??" [07:37] * RandalSchwartz looks at the calendar [07:37] yeah, 2010 [07:38] What's the future then? :) [07:38] identd was invented in 1990 to solve a non-problem, badly [07:38] just stop running it [07:38] Bleh [07:39] why should *that* machine over *there* care which *username* I've assigned to *this* process *here*? [07:39] it's a different protection realm [07:39] there's a fakeidentd that just answers "root" to all requests" [07:39] you could run that one :) [07:39] hehe [07:39] it's just as fvalid [07:40] The problems come with IRC ;) [07:40] again, anyone who demands identd on IRC is nuts [07:40] I'm not running it here. [07:41] Some IRC servers (I think I'm looking at you, EFNet) won't let people connect without an identd and as I'm running a small shell I need an identd to allow more than X hosts on some servers [07:41] ... The ident protocol is considered dangerous because it allows crackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to set up a generic/generated identifier, returning node information or even gibberish (from the requesters point of view) rather than usernames. [07:41] I'm on EFNet all the time without identd [07:42] seriously.. just run the fake one that returns gibberish [07:42] Hmm.. Yeah [07:42] ... http://www.freshports.org/net/widentd/ [07:42] ... widentd is a small ident/rfc1413 deamon which provides a fixed [07:42] (and fake) auth reply regardless of the ip/port pair quoted. [07:42] see, that's why I asked you [07:43] :) [07:43] indeed [07:43] I am a veritable font of knowledge [07:43] You learn something every day! [07:43] something new* [07:43] I learn *two* new things a day to keep up with your questions. :) [07:43] If i had the money I would have you kidnapped and use you as my information slave [07:44] * RandalSchwartz wanders off now [07:45] Anyway, thanks [08:12] Shouldn't be too hard to create my own [08:12] why bother when it's a port? [08:14] I can't find one that always replies with a random string [08:14] That would be awesome [08:15] That's why I'd like to create my own [08:15] hidentd is apparently capable of that but it doesn't seem to work :P [08:19] did you look at widentd? [08:19] the one I linked? [08:20] Yeah [08:20] it's fixed reply [08:21] oh. didn't see [08:21] Anyway [08:21] shouldn't be too hard to modify [08:37] *** mattx86 has joined #arpnetworks [10:14] RandalSchwartz: Fixed it [10:14] fixed what? [10:14] Modified widentd and added a random string-generator from hidentd :p [10:14] Booya! [10:15] oh heh! [10:15] yeay [10:15] Under 220 lines of code [10:15] That was awesome [10:15] It even has ipv6 support I think :p [10:16] Now... don't you feel more safe and secure? [10:16] see how identd really makes a difference? :) [10:16] which is why ircd's that demand it are being stupid [10:19] Hehe [10:53] Are there any noteworthy irc networks that still demand ident? [11:03] *** tinono has joined #arpnetworks [11:03] *** tinono has quit IRC (Client Quit) [11:08] Some servers on EFNet I think (i've seen them) - and QuakeNet if you want more than five connections per host :P [11:38] *** owda has joined #arpnetworks [13:15] *** sentabi has quit IRC (Changing host) [13:15] *** sentabi has joined #arpnetworks [13:51] ident is still important on places like EFNet [13:51] what if you had a wraith/eggdrop net with all the same ident, they could be banned with one mode change and the channel taken over [13:52] vcs: Solution: Don't run an identd [13:52] :P [13:52] uhhh [13:53] /mode +b *!~*@* [13:53] the correct solution is to use oidentd, and spoof each bots ident to its nickname [13:54] The correct solution would be for the irc server to not prepend ~ to users without an identd and/or run each bot as different users [13:55] thats stupid [13:55] ....there's a correct solution to irc? [13:55] ;-) [13:55] being able to ban ~ is an effecient way of banning drones [13:55] Not really [13:55] and also non technical users [13:55] And the point with that being? [13:56] Elitism? [13:56] also, often trolls will keep changing their ident [13:56] so i guess it is kindof pointless [13:56] And that isn't possible with an identd? [13:56] but then you can just ban by host [13:56] the real point of identd [13:56] is to stop abuse on shells [13:56] by banning ident, not hostname [13:56] so non abusive users are not effective [13:57] it also links users back to their accounts for filing abuse repots [13:57] ident definitley is still relevant on networks like EFNet [14:03] where most people connect from a shell [14:03] how is it relevent? [14:04] unless you control root on the box you're getting identd from [14:04] otherwise, the data is completely untrustworthy [14:04] the point is [14:04] as dxtr just demostrated [14:04] most people who have a shell for IRC [14:04] do NOT have root [14:04] so at least to some extent [14:05] that's not true for most of freenode [14:05] maybe some other nets [14:05] EFNet is very unlike freenode... [14:05] it's still putting trust in something fundamentally untrustworthy [14:05] that's worse than not doing it at all [14:05] that's fake security [14:05] RandalSchwartz: after being on EFNet many years [14:05] it has served me well [14:06] and who cares if they spoof and come back? [14:06] that's an indepdendent variable [14:06] alot of the time, you can stop after you ban their ident [14:06] it has nothing to do with identid [14:06] it can be fake security [14:06] but it also can be very useful [14:06] when dealing with abusive shell users [14:08] RandalSchwartz: http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzab6/xacceptboth.htm <- according to that binding to in6addr_any should bind to both :: and 0.0.0.0 [14:08] Do you know anything about that+ [14:08] Because I can't get it to work in FreeBSD [14:10] when I go there... I get blank [14:10] I bet it's frames [14:10] which you can't bookmark properly [14:12] what language are you in? [14:12] C? [14:12] Yeah [14:12] It work for me, btw :P [14:13] wait - you just said "can't get it to work" [14:13] which is it? [14:13] I was about to start helping you [14:13] I can't get ipv4/ipv6-stuff to work, but that page I sent you works for me [14:14] Oh - you probably have a cookie or something [14:14] What I can get to work is ipv6 connectivity. But, as I said, according to that page in6addr_any should listen to both ipv4 and ipv6 [14:14] Then I thought that it might be Linux-specific - but I found that FreeBSD also has the IPV6_V6ONLY flag [14:15] And what's the point of having that flag if it doesn't do anything anyway? [14:15] I know it works on OSX [14:16] I've connected to apps and gotten an IPv6 addr of 0::nnnn [14:16] Yeah, that should work [14:16] which is the way v4 gets mapped in v6 for these sockets [14:16] Exactly [14:16] did you look at the manpage? [14:18] I've look at many man pages [14:19] setsockopt doesn't appear to have a v6-only flag [14:19] nor is there such a definition in /usr/incldue [14:19] man 4 ip6 [14:19] /IPV6_V6ONLY [14:19] didn't make its way to setsockopt() though [14:20] Yeah, I noticed :P [14:20] ahh - what happens if you get that option? [14:20] http://www.ops.ietf.org/lists/v6ops/v6ops.2003/msg01141.html [14:21] I was just about to try it [14:21] Uhh - not sure why you keep bringing up non-freebsd URLs :) [14:21] if you're asking about freebsd [14:22] you *are* using AF_INET6, right? [14:23] Yeah [14:23] That URL was kind of relevant [14:23] ok [14:23] not authoritative though [14:23] "do you know of any OS that sets the IPV6_V6ONLY socket option on by default?" "netbsd, freebsd (version >= 5), openbsd" [14:25] sure - one guy says that [14:25] is he on the freebsd dev team? [14:25] Oh - right [14:25] on by default would be bad [14:25] for you anyway [14:25] so set it off :) [14:28] Yeah [14:28] And as I thought [14:28] It's on [14:31] And it works [14:31] Awesome! [14:40] vcs: My identd will revolutionize identds [14:40] Reconnect and you get a new ident! [14:40] Bwahaha! [14:40] lol [14:40] the one thing you two do not understand [14:41] is shell providers DO NOT allow spoofs [14:41] so it is relevant in context of shell providers [14:41] sure, on any of my boxes i cant do whatever i want with ident [14:41] but not everyone has their own VPS / Colo box [14:50] evening [14:51] BarberRonny: afternoon! (PST) [14:53] finally published a piece-meal price list (see "Extras"), b/c I keep getting asked for it [14:54] http://arpnetworks.com/vps [14:54] awesoem [14:54] Awesome* [14:57] up_the_irons: you might want to add what the price is for things like bandwidth overages. as in, lets say I have 200gb/mo included.. but use 250gb [14:57] oh yeah.. it's in the FAQ, but i should put it there, yes [14:58] *nod* [14:58] it's always nice to have a centralized "what will it cost me if..." page [14:59] oh, I have to get you the UUID of my vps where the disk changed on me. one sec [15:00] not PST yet [15:00] up_the_irons: What benefits would I get from running my own caching DNS server vs. using your? [15:00] not for another few weeks [15:00] yours* [15:02] dxtr: yours would be faster [15:05] Would it? [15:08] well, it kinda depends actually. [15:08] *** owda has quit IRC (Quit: Leaving) [15:08] if you're using a cache only NS, that only serves a few clients.. and you're doing lookups for hosts that'd be present in the providers NS's.. (ie, already cached) the ARP NS's would be faster. [15:09] Yeah [15:11] up_the_irons: But you know what you should do? have your DNS servers on IPv6 too :) [15:11] That would be sweet [15:11] yeah i know [15:11] (and website!) [15:11] that too :) [15:12] from my short time here, it sounds like up_the_irons is neck deep in work already, though. ;) [15:12] that's why these things don't get done :) [15:13] it's the chicken/egg problem. sounds like you need to write some automation processes for some of these things.. but you don't have time to automate because you're too busy doing the things you need to automate. heh [15:15] yup, exactly [15:16] or i just need to hire someone to do the small support tasks (change ISOs, DNS, etc...) [15:17] I'll offer this: I don't have a strong programming background.. but if you want some additional help for things where you don't need to hand me keys to the castle, I'd happily help. I enjoy doing DNS stuff ;) ISO's would probably be simple-ish. [15:17] thanks for the offer! [15:18] need to cut my hair, bbl [15:18] later [15:44] but not everyone has their own VPS / Colo box [15:44] woops, wrong screen [15:44] ment to up + enter into bash >_> [19:11] *** fink has joined #arpnetworks [20:48] *** fink has quit IRC (Quit: fink) [23:15] *** [FBI] starts logging #arpnetworks at Sun Oct 10 23:15:50 2010 [23:15] *** [FBI] has joined #arpnetworks