I'm thinking that using http://www.twospy.com/galleriffic/#1, then some custom code to generate the static html based on a directory structure seems to be about as simple as it can be
Hey guys
hey
Just the guy I wanted to get ahold of!
in what sense? :)
I want to run my (untrusted) users in a separate jail. But I've got into problems when I'm running an identd on the host
Specifically the identd on the host listens to all available IPs
And that's not good
well - the WTF there is "identd??"
yeah, 2010
What's the future then? :)
identd was invented in 1990 to solve a non-problem, badly
just stop running it
Bleh
why should *that* machine over *there* care which *username* I've assigned to *this* process *here*?
it's a different protection realm
there's a fakeidentd that just answers "root" to all requests"
you could run that one :)
hehe
it's just as fvalid
The problems come with IRC ;)
again, anyone who demands identd on IRC is nuts
I'm not running it here.
Some IRC servers (I think I'm looking at you, EFNet) won't let people connect without an identd and as I'm running a small shell I need an identd to allow more than X hosts on some servers
... The ident protocol is considered dangerous because it allows crackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to set up a generic/generated identifier, returning node information or even gibberish (from the requesters point of view) rather than usernames.
I'm on EFNet all the time without identd
seriously.. just run the fake one that returns gibberish
Hmm.. Yeah
... http://www.freshports.org/net/widentd/
... widentd is a small ident/rfc1413 deamon which provides a fixed
(and fake) auth reply regardless of the ip/port pair quoted.
see, that's why I asked you
:)
indeed
I am a veritable font of knowledge
You learn something every day!
something new*
I learn *two* new things a day to keep up with your questions. :)
If i had the money I would have you kidnapped and use you as my information slave
Anyway, thanks
Shouldn't be too hard to create my own
why bother when it's a port?
I can't find one that always replies with a random string
That would be awesome
That's why I'd like to create my own
hidentd is apparently capable of that but it doesn't seem to work :P
did you look at widentd?
the one I linked?
Yeah
it's fixed reply
oh.  didn't see
Anyway
shouldn't be too hard to modify
RandalSchwartz: Fixed it
fixed what?
Modified widentd and added a random string-generator from hidentd :p
Booya!
oh heh!
yeay
Under 220 lines of code
That was awesome
It even has ipv6 support I think :p
Now... don't you feel more safe and secure?
see how identd really makes a difference? :)
which is why ircd's that demand it are being stupid
Hehe
Are there any noteworthy irc networks that still demand ident?
Some servers on EFNet I think (i've seen them) - and QuakeNet if you want more than five connections per host :P
ident is still important on places like EFNet
what if you had a wraith/eggdrop net with all the same ident, they could be banned with one mode change and the channel taken over
vcs: Solution: Don't run an identd
:P
uhhh
 /mode +b *!~*@*
the correct solution is to use oidentd, and spoof each bots ident to its nickname
The correct solution would be for the irc server to not prepend ~ to users without an identd and/or run each bot as different users
thats stupid
....there's a correct solution to irc?
;-)
being able to ban ~ is an effecient way of banning drones
Not really
and also non technical users
And the point with that being?
Elitism?
also, often trolls will keep changing their ident
so i guess it is kindof pointless
And that isn't possible with an identd?
but then you can just ban by host
the real point of identd
is to stop abuse on shells
by banning ident, not hostname
so non abusive users are not effective
it also links users back to their accounts for filing abuse repots
ident definitley is still relevant on networks like EFNet
where most people connect from a shell
how is it relevent?
unless you control root on the box you're getting identd from
otherwise, the data is completely untrustworthy
the point is
as dxtr just demostrated
most people who have a shell for IRC
do NOT have root
so at least to some extent
that's not true for most of freenode
maybe some other nets
EFNet is very unlike freenode...
it's still putting trust in something fundamentally untrustworthy
that's worse than not doing it at all
that's fake security
RandalSchwartz: after being on EFNet many years
it has served me well
and who cares if they spoof and come back?
that's an indepdendent variable
alot of the time, you can stop after you ban their ident
it has nothing to do with identid
it can be fake security
but it also can be very useful
when dealing with abusive shell users
RandalSchwartz: http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzab6/xacceptboth.htm <- according to that binding to in6addr_any should bind to both :: and 0.0.0.0
Do you know anything about that+
Because I can't get it to work in FreeBSD
when I go there... I get blank
I bet it's frames
which you can't bookmark properly
what language are you in?
C?
Yeah
It work for me, btw :P
wait - you just said "can't get it to work"
which is it?
I was about to start helping you
I can't get ipv4/ipv6-stuff to work, but that page I sent you works for me
Oh - you probably have a cookie or something
What I can get to work is ipv6 connectivity. But, as I said, according to that page in6addr_any should listen to both ipv4 and ipv6
Then I thought that it might be Linux-specific - but I found that FreeBSD also has the IPV6_V6ONLY flag
And what's the point of having that flag if it doesn't do anything anyway?
I know it works on OSX
I've connected to apps and gotten an IPv6 addr of 0::nnnn
Yeah, that should work
which is the way v4 gets mapped in v6 for these sockets
Exactly
did you look at the manpage?
I've look at many man pages
setsockopt doesn't appear to have a v6-only flag
nor is there such a definition in /usr/incldue
man 4 ip6
/IPV6_V6ONLY
didn't make its way to setsockopt() though
Yeah, I noticed :P
ahh - what happens if you get that option?
http://www.ops.ietf.org/lists/v6ops/v6ops.2003/msg01141.html
I was just about to try it
Uhh - not sure why you keep bringing up non-freebsd URLs :)
if you're asking about freebsd
you *are* using AF_INET6, right?
Yeah
That URL was kind of relevant
ok
not authoritative though
"do you know of any OS that sets the IPV6_V6ONLY socket option on by default?" "netbsd, freebsd (version >= 5), openbsd"
sure - one guy says that
is he on the freebsd dev team?
Oh - right
on by default would be bad
for you anyway
so set it off :)
Yeah
And as I thought
It's on
And it works
Awesome!
vcs: My identd will revolutionize identds
Reconnect and you get a new ident!
Bwahaha!
lol
the one thing you two do not understand
is shell providers DO NOT allow spoofs
so it is relevant in context of shell providers
sure, on any of my boxes i cant do whatever i want with ident
but not everyone has their own VPS / Colo box
evening
BarberRonny: afternoon! (PST)
finally published a piece-meal price list (see "Extras"), b/c I keep getting asked for it
http://arpnetworks.com/vps
awesoem
Awesome*
up_the_irons: you might want to add what the price is for things like bandwidth overages.  as in,  lets say I have 200gb/mo included.. but use 250gb
oh yeah.. it's in the FAQ, but i should put it there, yes
*nod*
it's always nice to have a centralized "what will it cost me if..." page
oh,  I have to get you the UUID of my vps where the disk changed on me.  one sec
not PST yet
up_the_irons: What benefits would I get from running my own caching DNS server vs. using your?
not for another few weeks
yours*
dxtr: yours would be faster
Would it?
well,  it kinda depends actually.
if you're using a cache only NS,  that only serves a few clients..  and you're doing lookups for hosts that'd be present in the providers NS's.. (ie, already cached)  the ARP NS's would be faster.
Yeah
up_the_irons: But you know what you should do? have your DNS servers on IPv6 too :)
That would be sweet
yeah i know
(and website!)
that too :)
from my short time here,   it sounds like up_the_irons is neck deep in work already, though.  ;)
that's why these things don't get done :)
it's the chicken/egg problem.  sounds like you need to write some automation processes for some of these things.. but you don't have time to automate because you're too busy doing the things you need to automate.  heh
yup, exactly
or i just need to hire someone to do the small support tasks (change ISOs, DNS, etc...)
I'll offer this:  I don't have a strong programming background..  but if you want some additional help for things where you don't need to hand me keys to the castle,  I'd happily help.  I enjoy doing DNS stuff ;)  ISO's would probably be simple-ish.
thanks for the offer!
need to cut my hair, bbl
later
but not everyone has their own VPS / Colo box
woops, wrong screen
ment to up + enter into bash >_>