something up with the network? I'm getting massive packet loss to my vps. ... guess not anymore. Heh. 80% loss to the machine itself, or at least, 80% loss after any2-ix.la.arpnetworks.com nah, i just get high latency at any2ix.coresite.com no loss though I'm seeing a bit of dataloss at br01-1-1.lax4.net2ez.com according to an mtr I've been running for the past few minutes and a bit of congestion at any2-ix.la.arpnetworks.com I imagine it's probably related to those two other dudes who pinged out with me. an issue with a specific host I guess? maybe looking increasingly like that :P RandalSchwartz: jdoe : i got alerts for kvr06 around 11am looked like high host traffic for a bit o/~ he's got... high host... he's got... high host... o/~ lol wow, this room is larger than i remember we had some remodelling done do you like the fireplace? It's the mirrors; they make the place look bigger. and the smoke! Must have both smoke and mirrors! offending customer on kvr06 shutdown just got some more packet loss alerts, but won't be a problem anymore o.O bad customers! up_the_irons: huzzah, thanks! up_the_irons: is it fixed? what is status? just kidding. all clear. wickedSA_: go f yourself ;) anyone have a Cisco ASA using RADIUS auth? I have some software I want to test and see if radius auth works on the ASA through some rails code up_the_irons: No, but I got coffee. Does that count? dxtr: 'fraid no Oh c'mon! Don't be picky heh, sony got hacked agains Again!? fink: Link! http://it.slashdot.org/story/11/06/02/2348233/Sony-Compromised-Again?utm_source=rss1.0&utm_medium=feed plaintext passwords! Gah! in 2011! and sql injection! what are they using, php? It's Sony. PHP may be asking too much. Also, plaintext password storage is required for certain common forms of secure password transmission, since both ends need to know the password. nope. I don't buy it there's never a reason the thing you're auth'ing to needs to store anything more than a hash these days. anything after that, you use public-key encryption (SSL, etc) so, absolutely no excuse. at all. I worked for a large online meeting company in 2004 and nothing sensative was stored in the clear heh yeah, that Sony hack is crazy RandalSchwartz: cram-md5 and digest-md5 sasl authentication require knowledge of the password. and md5 is lame. :) new starts don't use it cleartext transmission of the SASL protocol is also broken people should be using SSL again - this is 2011 There are instances where SSL isn't possible. not 1997 Nope. SSL is always possible. implemented, maybe not. but that's the #fail then digest-md5 is used in secure http authentication. again - fail if you aren't SSL, you're broken and http auth is 1997, not 2011 and if you're SSL, you can use basic auth. :) SSL and certs, or SSL and basic auth, or just plan SSL and sessions. no need for server to know a cleartext password. EVER. SSL+basic auth is still just transmission protection. and sufficient the server still doesn't have a cleartext password winer winner it's also subject to the strength of the certificate structure you're using. sure, so is any combination of security so be careful cleartext passwords are below the threshold yes, it does, basic auth sends the server the base64-encoded version of the password. yes - and the server hashes that, to compare against a hash bingo - server doesn't need cleartext password ok - not as good as yubikey or securicard. But whatever. if you care, use a OTP stack but basic SSL is pretty damn impenetrable and far better than storing plaintext on server if I have control of both endpoints, stored shared secrets aren't a big deal, but security relying on third parties creates additional issues. and sony proves that the pot is too sweet at the endpoint who cares about the middle they get one password each and if people can intercept your SSL traffic, you don't belong on the net heh RandalSchwartz: how'd your 8.2 upgrade go? didn't do any of them yet that's on the short to-do list I might even farm that out (nudge nudge) RandalSchwartz: mine went swimmingly no probls cool