***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
nukefree is now known as nuke`
cmeiklejohn has quit IRC (Quit: WeeChat 0.3.3)
cmeiklejohn has joined #arpnetworks
cubelogic has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 260 seconds)
Sheath is now known as husky
HighJinx has joined #arpnetworks
slashnick has joined #arpnetworks
jdoe has quit IRC (Ping timeout: 240 seconds) slashnick: something up with the network? I'm getting massive packet loss to my vps. ***: jdoe has joined #arpnetworks
slashnick has quit IRC (Client Quit) jdoe: ... guess not anymore. Heh.
80% loss to the machine itself, or at least, 80% loss after any2-ix.la.arpnetworks.com novemberico: nah, i just get high latency at any2ix.coresite.com
no loss though ***: slashnick has joined #arpnetworks
jdoe has quit IRC (Ping timeout: 250 seconds)
bitslip has quit IRC (Ping timeout: 240 seconds)
koan has quit IRC (Ping timeout: 246 seconds)
bitslip has joined #arpnetworks
jdoe has joined #arpnetworks
koan has joined #arpnetworks
koan has quit IRC (Changing host)
koan has joined #arpnetworks RandalSchwartz: I'm seeing a bit of dataloss at br01-1-1.lax4.net2ez.com
according to an mtr I've been running for the past few minutes
and a bit of congestion at any2-ix.la.arpnetworks.com jdoe: I imagine it's probably related to those two other dudes who pinged out with me.
an issue with a specific host I guess? RandalSchwartz: maybe ***: dferris has quit IRC (Ping timeout: 252 seconds)
koan has quit IRC (Ping timeout: 252 seconds)
dferris has joined #arpnetworks
jdoe has quit IRC (Remote host closed the connection)
jdoe has joined #arpnetworks
koan has joined #arpnetworks
koan has quit IRC (Changing host)
koan has joined #arpnetworks jdoe: looking increasingly like that :P ***: toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
rcsheets has joined #arpnetworks up_the_irons: RandalSchwartz: jdoe : i got alerts for kvr06 around 11am
looked like high host traffic for a bit RandalSchwartz: o/~ he's got... high host... he's got... high host... o/~ up_the_irons: lol ***: bitslip has quit IRC (Ping timeout: 252 seconds)
bitslip has joined #arpnetworks
koan has quit IRC (Ping timeout: 244 seconds)
koan has joined #arpnetworks
koan has quit IRC (Changing host)
koan has joined #arpnetworks
amdprophet has joined #arpnetworks amdprophet: wow, this room is larger than i remember RandalSchwartz: we had some remodelling done
do you like the fireplace? ***: bitslip has quit IRC (Ping timeout: 240 seconds) mike-burns: It's the mirrors; they make the place look bigger. RandalSchwartz: and the smoke! Must have both smoke and mirrors! ***: dferris has quit IRC (Ping timeout: 252 seconds)
koan has quit IRC (Ping timeout: 244 seconds)
dferris has joined #arpnetworks
koan has joined #arpnetworks
koan has quit IRC (Changing host)
koan has joined #arpnetworks up_the_irons: offending customer on kvr06 shutdown
just got some more packet loss alerts, but won't be a problem anymore ***: koan has quit IRC (Read error: Connection reset by peer)
bitslip has joined #arpnetworks
koan has joined #arpnetworks
koan has quit IRC (Changing host)
koan has joined #arpnetworks vcs: o.O
bad customers! slashnick: up_the_irons: huzzah, thanks! ***: bGeorge has quit IRC (Quit: Bye.)
bGeorge has joined #arpnetworks
Ehtyar has quit IRC (Remote host closed the connection)
fink has joined #arpnetworks
wickedSA has joined #arpnetworks
wickedSA has quit IRC (Client Quit)
wickedSA_ has joined #arpnetworks wickedSA_: up_the_irons: is it fixed? what is status? just kidding. all clear. up_the_irons: wickedSA_: go f yourself
;)
anyone have a Cisco ASA using RADIUS auth? I have some software I want to test and see if radius auth works on the ASA through some rails code dxtr: up_the_irons: No, but I got coffee. Does that count? up_the_irons: dxtr: 'fraid no dxtr: Oh c'mon!
Don't be picky fink: heh, sony got hacked agains -: RandalSchwartz is safely in SLC dxtr: Again!?
fink: Link! fink: http://it.slashdot.org/story/11/06/02/2348233/Sony-Compromised-Again?utm_source=rss1.0&utm_medium=feed RandalSchwartz: plaintext passwords! Gah! -: RandalSchwartz looks up at calendar RandalSchwartz: in 2011!
and sql injection!
what are they using, php? ***: cubelogic has quit IRC (Ping timeout: 240 seconds) pilgrimd: It's Sony. PHP may be asking too much.
Also, plaintext password storage is required for certain common forms of secure password transmission, since both ends need to know the password. RandalSchwartz: nope. I don't buy it
there's never a reason the thing you're auth'ing to needs to store anything more than a hash these days.
anything after that, you use public-key encryption (SSL, etc)
so, absolutely no excuse. at all. dferris: I worked for a large online meeting company in 2004 and nothing sensative was stored in the clear G: heh yeah, that Sony hack is crazy pilgrimd: RandalSchwartz: cram-md5 and digest-md5 sasl authentication require knowledge of the password. RandalSchwartz: and md5 is lame. :)
new starts don't use it
cleartext transmission of the SASL protocol is also broken
people should be using SSL
again - this is 2011 pilgrimd: There are instances where SSL isn't possible. RandalSchwartz: not 1997
Nope. SSL is always possible.
implemented, maybe not.
but that's the #fail then ***: HighJinx has quit IRC (Ping timeout: 260 seconds) pilgrimd: digest-md5 is used in secure http authentication. RandalSchwartz: again - fail
if you aren't SSL, you're broken
and http auth is 1997, not 2011
and if you're SSL, you can use basic auth. :)
SSL and certs, or SSL and basic auth, or just plan SSL and sessions.
no need for server to know a cleartext password. EVER. pilgrimd: SSL+basic auth is still just transmission protection. RandalSchwartz: and sufficient
the server still doesn't have a cleartext password
winer
winner pilgrimd: it's also subject to the strength of the certificate structure you're using. RandalSchwartz: sure, so is any combination of security
so be careful
cleartext passwords are below the threshold pilgrimd: yes, it does, basic auth sends the server the base64-encoded version of the password. RandalSchwartz: yes - and the server hashes that, to compare against a hash
bingo - server doesn't need cleartext password
ok - not as good as yubikey or securicard. But whatever.
if you care, use a OTP stack
but basic SSL is pretty damn impenetrable
and far better than storing plaintext on server pilgrimd: if I have control of both endpoints, stored shared secrets aren't a big deal, but security relying on third parties creates additional issues. RandalSchwartz: and sony proves that the pot is too sweet at the endpoint
who cares about the middle
they get one password each
and if people can intercept your SSL traffic, you don't belong on the net fink: heh
RandalSchwartz: how'd your 8.2 upgrade go? RandalSchwartz: didn't do any of them yet
that's on the short to-do list
I might even farm that out (nudge nudge) fink: RandalSchwartz: mine went swimmingly
no probls RandalSchwartz: cool ***: mike-burns has quit IRC (Read error: Operation timed out)
up_the_irons has quit IRC (Read error: Operation timed out)
Yamazaki-kun has quit IRC (Read error: Operation timed out)
up_the_irons has joined #arpnetworks
ChanServ sets mode: +o up_the_irons
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns
Yamazaki-kun has joined #arpnetworks
cubelogic has joined #arpnetworks
fink has quit IRC (Quit: fink)
HighJinx has joined #arpnetworks
Yamazaki-kun has quit IRC (Write error: Broken pipe)
mike-burns has quit IRC (Read error: Connection reset by peer)
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns
Yamazaki-kun has joined #arpnetworks
cubelogic has quit IRC (Ping timeout: 246 seconds)