| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| ballen | I'm thinking that using http://www.twospy.com/galleriffic/#1, then some custom code to generate the static html based on a directory structure seems to be about as simple as it can be | [00:06] |
| ..... (idle for 21mn) | ||
| *** | ballen has quit IRC (Remote host closed the connection)
ballen has joined #arpnetworks ChanServ sets mode: +o ballen ballen has quit IRC (Read error: Connection reset by peer) ballen has joined #arpnetworks ballen has quit IRC (Changing host) ballen has joined #arpnetworks ChanServ sets mode: +o ballen ballen has quit IRC (Read error: Connection reset by peer) ballen has joined #arpnetworks ChanServ sets mode: +o ballen | [00:27] |
| ballen_ has joined #arpnetworks
ballen_ has quit IRC (Changing host) ballen_ has joined #arpnetworks ChanServ sets mode: +o ballen_ ballen has quit IRC (Ping timeout: 240 seconds) ballen_ has quit IRC (Ping timeout: 272 seconds) | [00:46] | |
| fink has quit IRC (Quit: fink) | [01:01] | |
| ........................... (idle for 2h12mn) | ||
| mattx86 has quit IRC (Ping timeout: 240 seconds)
mattx86 has joined #arpnetworks mattx86 has quit IRC (Ping timeout: 240 seconds) | [03:13] | |
| mattx86 has joined #arpnetworks | [03:31] | |
| mattx86 has quit IRC (Quit: Leaving)
mattx86 has joined #arpnetworks | [03:45] | |
| ..... (idle for 22mn) | ||
| mattx86 has quit IRC (Quit: Leaving)
mattx86 has joined #arpnetworks mattx86 has quit IRC (Client Quit) mattx86 has joined #arpnetworks mattx86 has quit IRC (Client Quit) | [04:07] | |
| ........... (idle for 51mn) | ||
| nerdd has joined #arpnetworks
nerdd_ has quit IRC (Ping timeout: 276 seconds) | [05:05] | |
| .................... (idle for 1h37mn) | ||
| heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [06:44] | |
| ........... (idle for 52mn) | ||
| dxtr | Hey guys | [07:36] |
| RandalSchwartz | hey | [07:36] |
| dxtr | Just the guy I wanted to get ahold of! | [07:36] |
| RandalSchwartz | in what sense? :) | [07:36] |
| dxtr | I want to run my (untrusted) users in a separate jail. But I've got into problems when I'm running an identd on the host
Specifically the identd on the host listens to all available IPs And that's not good | [07:37] |
| RandalSchwartz | well - the WTF there is "identd??"
RandalSchwartz looks at the calendar yeah, 2010 | [07:37] |
| dxtr | What's the future then? :) | [07:38] |
| RandalSchwartz | identd was invented in 1990 to solve a non-problem, badly
just stop running it | [07:38] |
| dxtr | Bleh | [07:38] |
| RandalSchwartz | why should *that* machine over *there* care which *username* I've assigned to *this* process *here*?
it's a different protection realm there's a fakeidentd that just answers "root" to all requests" you could run that one :) | [07:39] |
| dxtr | hehe | [07:39] |
| RandalSchwartz | it's just as fvalid | [07:39] |
| dxtr | The problems come with IRC ;) | [07:40] |
| RandalSchwartz | again, anyone who demands identd on IRC is nuts
I'm not running it here. | [07:40] |
| dxtr | Some IRC servers (I think I'm looking at you, EFNet) won't let people connect without an identd and as I'm running a small shell I need an identd to allow more than X hosts on some servers | [07:41] |
| RandalSchwartz | ... The ident protocol is considered dangerous because it allows crackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to set up a generic/generated identifier, returning node information or even gibberish (from the requesters point of view) rather than usernames.
I'm on EFNet all the time without identd seriously.. just run the fake one that returns gibberish | [07:41] |
| dxtr | Hmm.. Yeah | [07:42] |
| RandalSchwartz | ... http://www.freshports.org/net/widentd/
... widentd is a small ident/rfc1413 deamon which provides a fixed (and fake) auth reply regardless of the ip/port pair quoted. | [07:42] |
| dxtr | see, that's why I asked you
:) | [07:42] |
| RandalSchwartz | indeed
I am a veritable font of knowledge | [07:43] |
| dxtr | You learn something every day!
something new* | [07:43] |
| RandalSchwartz | I learn *two* new things a day to keep up with your questions. :) | [07:43] |
| dxtr | If i had the money I would have you kidnapped and use you as my information slave | [07:43] |
| RandalSchwartz | RandalSchwartz wanders off now | [07:44] |
| dxtr | Anyway, thanks | [07:45] |
| ...... (idle for 27mn) | ||
| Shouldn't be too hard to create my own | [08:12] | |
| RandalSchwartz | why bother when it's a port? | [08:12] |
| dxtr | I can't find one that always replies with a random string
That would be awesome That's why I'd like to create my own hidentd is apparently capable of that but it doesn't seem to work :P | [08:14] |
| RandalSchwartz | did you look at widentd?
the one I linked? | [08:19] |
| dxtr | Yeah
it's fixed reply | [08:20] |
| RandalSchwartz | oh. didn't see | [08:21] |
| dxtr | Anyway
shouldn't be too hard to modify | [08:21] |
| .... (idle for 16mn) | ||
| *** | mattx86 has joined #arpnetworks | [08:37] |
| .................... (idle for 1h37mn) | ||
| dxtr | RandalSchwartz: Fixed it | [10:14] |
| RandalSchwartz | fixed what? | [10:14] |
| dxtr | Modified widentd and added a random string-generator from hidentd :p
Booya! | [10:14] |
| RandalSchwartz | oh heh!
yeay | [10:15] |
| dxtr | Under 220 lines of code
That was awesome It even has ipv6 support I think :p | [10:15] |
| RandalSchwartz | Now... don't you feel more safe and secure?
see how identd really makes a difference? :) which is why ircd's that demand it are being stupid | [10:16] |
| dxtr | Hehe | [10:19] |
| ....... (idle for 34mn) | ||
| hawk | Are there any noteworthy irc networks that still demand ident? | [10:53] |
| *** | tinono has joined #arpnetworks
tinono has quit IRC (Client Quit) | [11:03] |
| dxtr | Some servers on EFNet I think (i've seen them) - and QuakeNet if you want more than five connections per host :P | [11:08] |
| ....... (idle for 30mn) | ||
| *** | owda has joined #arpnetworks | [11:38] |
| .................... (idle for 1h37mn) | ||
| sentabi has quit IRC (Changing host)
sentabi has joined #arpnetworks | [13:15] | |
| ........ (idle for 36mn) | ||
| vcs | ident is still important on places like EFNet
what if you had a wraith/eggdrop net with all the same ident, they could be banned with one mode change and the channel taken over | [13:51] |
| dxtr | vcs: Solution: Don't run an identd
:P | [13:52] |
| vcs | uhhh
/mode +b *!~*@* the correct solution is to use oidentd, and spoof each bots ident to its nickname | [13:52] |
| dxtr | The correct solution would be for the irc server to not prepend ~ to users without an identd and/or run each bot as different users | [13:54] |
| vcs | thats stupid | [13:55] |
| tooth | ....there's a correct solution to irc?
;-) | [13:55] |
| vcs | being able to ban ~ is an effecient way of banning drones | [13:55] |
| dxtr | Not really | [13:55] |
| vcs | and also non technical users | [13:55] |
| dxtr | And the point with that being?
Elitism? | [13:55] |
| vcs | also, often trolls will keep changing their ident
so i guess it is kindof pointless | [13:56] |
| dxtr | And that isn't possible with an identd? | [13:56] |
| vcs | but then you can just ban by host
the real point of identd is to stop abuse on shells by banning ident, not hostname so non abusive users are not effective it also links users back to their accounts for filing abuse repots ident definitley is still relevant on networks like EFNet | [13:56] |
| where most people connect from a shell | [14:03] | |
| RandalSchwartz | how is it relevent?
unless you control root on the box you're getting identd from otherwise, the data is completely untrustworthy | [14:03] |
| vcs | the point is | [14:04] |
| RandalSchwartz | as dxtr just demostrated | [14:04] |
| vcs | most people who have a shell for IRC
do NOT have root so at least to some extent | [14:04] |
| RandalSchwartz | that's not true for most of freenode
maybe some other nets | [14:05] |
| vcs | EFNet is very unlike freenode... | [14:05] |
| RandalSchwartz | it's still putting trust in something fundamentally untrustworthy
that's worse than not doing it at all that's fake security | [14:05] |
| vcs | RandalSchwartz: after being on EFNet many years
it has served me well and who cares if they spoof and come back? | [14:05] |
| RandalSchwartz | that's an indepdendent variable | [14:06] |
| vcs | alot of the time, you can stop after you ban their ident | [14:06] |
| RandalSchwartz | it has nothing to do with identid | [14:06] |
| vcs | it can be fake security
but it also can be very useful when dealing with abusive shell users | [14:06] |
| dxtr | RandalSchwartz: http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzab6/xacceptboth.htm <- according to that binding to in6addr_any should bind to both :: and 0.0.0.0
Do you know anything about that+ Because I can't get it to work in FreeBSD | [14:08] |
| RandalSchwartz | when I go there... I get blank
I bet it's frames which you can't bookmark properly what language are you in? C? | [14:10] |
| dxtr | Yeah
It work for me, btw :P | [14:12] |
| RandalSchwartz | wait - you just said "can't get it to work"
which is it? I was about to start helping you | [14:13] |
| dxtr | I can't get ipv4/ipv6-stuff to work, but that page I sent you works for me | [14:13] |
| RandalSchwartz | Oh - you probably have a cookie or something | [14:14] |
| dxtr | What I can get to work is ipv6 connectivity. But, as I said, according to that page in6addr_any should listen to both ipv4 and ipv6
Then I thought that it might be Linux-specific - but I found that FreeBSD also has the IPV6_V6ONLY flag And what's the point of having that flag if it doesn't do anything anyway? | [14:14] |
| RandalSchwartz | I know it works on OSX
I've connected to apps and gotten an IPv6 addr of 0::nnnn | [14:15] |
| dxtr | Yeah, that should work | [14:16] |
| RandalSchwartz | which is the way v4 gets mapped in v6 for these sockets | [14:16] |
| dxtr | Exactly | [14:16] |
| RandalSchwartz | did you look at the manpage? | [14:16] |
| dxtr | I've look at many man pages | [14:18] |
| RandalSchwartz | setsockopt doesn't appear to have a v6-only flag
nor is there such a definition in /usr/incldue | [14:19] |
| dxtr | man 4 ip6
/IPV6_V6ONLY | [14:19] |
| RandalSchwartz | didn't make its way to setsockopt() though | [14:19] |
| dxtr | Yeah, I noticed :P | [14:20] |
| RandalSchwartz | ahh - what happens if you get that option? | [14:20] |
| dxtr | http://www.ops.ietf.org/lists/v6ops/v6ops.2003/msg01141.html
I was just about to try it | [14:20] |
| RandalSchwartz | Uhh - not sure why you keep bringing up non-freebsd URLs :)
if you're asking about freebsd you *are* using AF_INET6, right? | [14:21] |
| dxtr | Yeah
That URL was kind of relevant | [14:23] |
| RandalSchwartz | ok
not authoritative though | [14:23] |
| dxtr | "do you know of any OS that sets the IPV6_V6ONLY socket option on by default?" "netbsd, freebsd (version >= 5), openbsd" | [14:23] |
| RandalSchwartz | sure - one guy says that
is he on the freebsd dev team? Oh - right on by default would be bad for you anyway so set it off :) | [14:25] |
| dxtr | Yeah
And as I thought It's on And it works Awesome! | [14:28] |
| vcs: My identd will revolutionize identds
Reconnect and you get a new ident! Bwahaha! | [14:40] | |
| vcs | lol
the one thing you two do not understand is shell providers DO NOT allow spoofs so it is relevant in context of shell providers sure, on any of my boxes i cant do whatever i want with ident but not everyone has their own VPS / Colo box | [14:40] |
| BarberRonny | evening | [14:50] |
| up_the_irons | BarberRonny: afternoon! (PST)
finally published a piece-meal price list (see "Extras"), b/c I keep getting asked for it http://arpnetworks.com/vps | [14:51] |
| dxtr | awesoem
Awesome* | [14:54] |
| jpalmer | up_the_irons: you might want to add what the price is for things like bandwidth overages. as in, lets say I have 200gb/mo included.. but use 250gb | [14:57] |
| up_the_irons | oh yeah.. it's in the FAQ, but i should put it there, yes | [14:57] |
| jpalmer | *nod*
it's always nice to have a centralized "what will it cost me if..." page oh, I have to get you the UUID of my vps where the disk changed on me. one sec | [14:58] |
| RandalSchwartz | not PST yet | [15:00] |
| dxtr | up_the_irons: What benefits would I get from running my own caching DNS server vs. using your? | [15:00] |
| RandalSchwartz | not for another few weeks | [15:00] |
| dxtr | yours* | [15:00] |
| up_the_irons | dxtr: yours would be faster | [15:02] |
| dxtr | Would it? | [15:05] |
| jpalmer | well, it kinda depends actually. | [15:08] |
| *** | owda has quit IRC (Quit: Leaving) | [15:08] |
| jpalmer | if you're using a cache only NS, that only serves a few clients.. and you're doing lookups for hosts that'd be present in the providers NS's.. (ie, already cached) the ARP NS's would be faster. | [15:08] |
| dxtr | Yeah
up_the_irons: But you know what you should do? have your DNS servers on IPv6 too :) That would be sweet | [15:09] |
| up_the_irons | yeah i know | [15:11] |
| jpalmer | (and website!) | [15:11] |
| up_the_irons | that too :) | [15:11] |
| jpalmer | from my short time here, it sounds like up_the_irons is neck deep in work already, though. ;) | [15:12] |
| up_the_irons | that's why these things don't get done :) | [15:12] |
| jpalmer | it's the chicken/egg problem. sounds like you need to write some automation processes for some of these things.. but you don't have time to automate because you're too busy doing the things you need to automate. heh | [15:13] |
| up_the_irons | yup, exactly
or i just need to hire someone to do the small support tasks (change ISOs, DNS, etc...) | [15:15] |
| jpalmer | I'll offer this: I don't have a strong programming background.. but if you want some additional help for things where you don't need to hand me keys to the castle, I'd happily help. I enjoy doing DNS stuff ;) ISO's would probably be simple-ish. | [15:17] |
| up_the_irons | thanks for the offer!
need to cut my hair, bbl | [15:17] |
| jpalmer | later | [15:18] |
| ...... (idle for 26mn) | ||
| vcs | but not everyone has their own VPS / Colo box
woops, wrong screen ment to up + enter into bash >_> | [15:44] |
| .......................................... (idle for 3h27mn) | ||
| *** | fink has joined #arpnetworks | [19:11] |
| .................... (idle for 1h37mn) | ||
| fink has quit IRC (Quit: fink) | [20:48] | |
| .............................. (idle for 2h27mn) | ||
| [FBI] starts logging #arpnetworks at Sun Oct 10 23:15:50 2010
[FBI] has joined #arpnetworks | [23:15] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |