[00:26] *** EhtyarWRK has quit IRC (Quit: There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence.) [04:57] *** heavysixer has joined #arpnetworks [04:57] *** ChanServ sets mode: +o heavysixer [05:49] *** nukefree is now known as nuke` [09:33] *** cmeiklejohn has quit IRC (Quit: WeeChat 0.3.3) [09:34] *** cmeiklejohn has joined #arpnetworks [09:50] *** cubelogic has joined #arpnetworks [10:00] *** HighJinx has quit IRC (Ping timeout: 260 seconds) [10:25] *** Sheath is now known as husky [10:37] *** HighJinx has joined #arpnetworks [10:40] *** slashnick has joined #arpnetworks [10:40] *** jdoe has quit IRC (Ping timeout: 240 seconds) [10:42] something up with the network? I'm getting massive packet loss to my vps. [10:42] *** jdoe has joined #arpnetworks [10:44] *** slashnick has quit IRC (Client Quit) [10:44] ... guess not anymore. Heh. [10:44] 80% loss to the machine itself, or at least, 80% loss after any2-ix.la.arpnetworks.com [10:49] nah, i just get high latency at any2ix.coresite.com [10:49] no loss though [10:51] *** slashnick has joined #arpnetworks [10:53] *** jdoe has quit IRC (Ping timeout: 250 seconds) [10:54] *** bitslip has quit IRC (Ping timeout: 240 seconds) [10:55] *** koan has quit IRC (Ping timeout: 246 seconds) [10:56] *** bitslip has joined #arpnetworks [10:59] *** jdoe has joined #arpnetworks [11:01] *** koan has joined #arpnetworks [11:01] *** koan has quit IRC (Changing host) [11:01] *** koan has joined #arpnetworks [11:07] I'm seeing a bit of dataloss at br01-1-1.lax4.net2ez.com [11:08] according to an mtr I've been running for the past few minutes [11:08] and a bit of congestion at any2-ix.la.arpnetworks.com [11:09] I imagine it's probably related to those two other dudes who pinged out with me. [11:09] an issue with a specific host I guess? [11:10] maybe [11:29] *** dferris has quit IRC (Ping timeout: 252 seconds) [11:30] *** koan has quit IRC (Ping timeout: 252 seconds) [11:30] *** dferris has joined #arpnetworks [11:30] *** jdoe has quit IRC (Remote host closed the connection) [11:31] *** jdoe has joined #arpnetworks [11:31] *** koan has joined #arpnetworks [11:31] *** koan has quit IRC (Changing host) [11:31] *** koan has joined #arpnetworks [12:05] looking increasingly like that :P [12:18] *** toddf has quit IRC (Quit: leaving) [12:21] *** toddf has joined #arpnetworks [12:21] *** ChanServ sets mode: +o toddf [12:56] *** rcsheets has joined #arpnetworks [13:29] RandalSchwartz: jdoe : i got alerts for kvr06 around 11am [13:29] looked like high host traffic for a bit [13:30] o/~ he's got... high host... he's got... high host... o/~ [13:30] lol [13:33] *** bitslip has quit IRC (Ping timeout: 252 seconds) [13:34] *** bitslip has joined #arpnetworks [13:36] *** koan has quit IRC (Ping timeout: 244 seconds) [13:37] *** koan has joined #arpnetworks [13:37] *** koan has quit IRC (Changing host) [13:37] *** koan has joined #arpnetworks [13:45] *** amdprophet has joined #arpnetworks [13:45] wow, this room is larger than i remember [13:46] we had some remodelling done [13:47] do you like the fireplace? [13:48] *** bitslip has quit IRC (Ping timeout: 240 seconds) [13:49] It's the mirrors; they make the place look bigger. [13:49] and the smoke! Must have both smoke and mirrors! [13:49] *** dferris has quit IRC (Ping timeout: 252 seconds) [13:51] *** koan has quit IRC (Ping timeout: 244 seconds) [13:51] *** dferris has joined #arpnetworks [13:51] *** koan has joined #arpnetworks [13:51] *** koan has quit IRC (Changing host) [13:51] *** koan has joined #arpnetworks [13:54] offending customer on kvr06 shutdown [13:54] just got some more packet loss alerts, but won't be a problem anymore [13:54] *** koan has quit IRC (Read error: Connection reset by peer) [13:56] *** bitslip has joined #arpnetworks [13:56] *** koan has joined #arpnetworks [13:56] *** koan has quit IRC (Changing host) [13:56] *** koan has joined #arpnetworks [14:14] o.O [14:14] bad customers! [14:40] up_the_irons: huzzah, thanks! [15:02] *** bGeorge has quit IRC (Quit: Bye.) [15:03] *** bGeorge has joined #arpnetworks [15:56] *** Ehtyar has quit IRC (Remote host closed the connection) [16:17] *** fink has joined #arpnetworks [16:42] *** wickedSA has joined #arpnetworks [16:43] *** wickedSA has quit IRC (Client Quit) [16:49] *** wickedSA_ has joined #arpnetworks [17:01] up_the_irons: is it fixed? what is status? just kidding. all clear. [17:06] wickedSA_: go f yourself [17:06] ;) [17:22] anyone have a Cisco ASA using RADIUS auth? I have some software I want to test and see if radius auth works on the ASA through some rails code [18:18] up_the_irons: No, but I got coffee. Does that count? [18:18] dxtr: 'fraid no [18:19] Oh c'mon! [18:19] Don't be picky [18:27] heh, sony got hacked agains [18:28] * RandalSchwartz is safely in SLC [18:28] Again!? [18:28] fink: Link! [18:28] http://it.slashdot.org/story/11/06/02/2348233/Sony-Compromised-Again?utm_source=rss1.0&utm_medium=feed [18:32] plaintext passwords! Gah! [18:33] * RandalSchwartz looks up at calendar [18:33] in 2011! [18:33] and sql injection! [18:33] what are they using, php? [18:35] *** cubelogic has quit IRC (Ping timeout: 240 seconds) [18:37] It's Sony. PHP may be asking too much. [18:37] Also, plaintext password storage is required for certain common forms of secure password transmission, since both ends need to know the password. [18:40] nope. I don't buy it [18:40] there's never a reason the thing you're auth'ing to needs to store anything more than a hash these days. [18:40] anything after that, you use public-key encryption (SSL, etc) [18:41] so, absolutely no excuse. at all. [18:42] I worked for a large online meeting company in 2004 and nothing sensative was stored in the clear [18:48] heh yeah, that Sony hack is crazy [18:53] RandalSchwartz: cram-md5 and digest-md5 sasl authentication require knowledge of the password. [18:54] and md5 is lame. :) [18:54] new starts don't use it [18:54] cleartext transmission of the SASL protocol is also broken [18:54] people should be using SSL [18:54] again - this is 2011 [18:54] There are instances where SSL isn't possible. [18:54] not 1997 [18:55] Nope. SSL is always possible. [18:55] implemented, maybe not. [18:55] but that's the #fail then [18:55] *** HighJinx has quit IRC (Ping timeout: 260 seconds) [18:57] digest-md5 is used in secure http authentication. [18:57] again - fail [18:57] if you aren't SSL, you're broken [18:57] and http auth is 1997, not 2011 [18:57] and if you're SSL, you can use basic auth. :) [18:58] SSL and certs, or SSL and basic auth, or just plan SSL and sessions. [18:58] no need for server to know a cleartext password. EVER. [18:59] SSL+basic auth is still just transmission protection. [18:59] and sufficient [18:59] the server still doesn't have a cleartext password [18:59] winer [18:59] winner [18:59] it's also subject to the strength of the certificate structure you're using. [18:59] sure, so is any combination of security [18:59] so be careful [18:59] cleartext passwords are below the threshold [18:59] yes, it does, basic auth sends the server the base64-encoded version of the password. [19:00] yes - and the server hashes that, to compare against a hash [19:00] bingo - server doesn't need cleartext password [19:00] ok - not as good as yubikey or securicard. But whatever. [19:01] if you care, use a OTP stack [19:01] but basic SSL is pretty damn impenetrable [19:01] and far better than storing plaintext on server [19:02] if I have control of both endpoints, stored shared secrets aren't a big deal, but security relying on third parties creates additional issues. [19:04] and sony proves that the pot is too sweet at the endpoint [19:04] who cares about the middle [19:04] they get one password each [19:04] and if people can intercept your SSL traffic, you don't belong on the net [19:30] heh [19:31] RandalSchwartz: how'd your 8.2 upgrade go? [19:34] didn't do any of them yet [19:34] that's on the short to-do list [19:34] I might even farm that out (nudge nudge) [19:41] RandalSchwartz: mine went swimmingly [19:41] no probls [19:44] cool [20:01] *** mike-burns has quit IRC (Read error: Operation timed out) [20:01] *** up_the_irons has quit IRC (Read error: Operation timed out) [20:01] *** Yamazaki-kun has quit IRC (Read error: Operation timed out) [20:01] *** up_the_irons has joined #arpnetworks [20:01] *** ChanServ sets mode: +o up_the_irons [20:02] *** mike-burns has joined #arpnetworks [20:02] *** ChanServ sets mode: +o mike-burns [20:06] *** Yamazaki-kun has joined #arpnetworks [20:12] *** cubelogic has joined #arpnetworks [20:16] *** fink has quit IRC (Quit: fink) [20:18] *** HighJinx has joined #arpnetworks [20:38] *** Yamazaki-kun has quit IRC (Write error: Broken pipe) [20:38] *** mike-burns has quit IRC (Read error: Connection reset by peer) [20:40] *** mike-burns has joined #arpnetworks [20:40] *** ChanServ sets mode: +o mike-burns [20:43] *** Yamazaki-kun has joined #arpnetworks [22:47] *** cubelogic has quit IRC (Ping timeout: 246 seconds)