something up with the network? I'm getting massive packet loss to my vps.
... guess not anymore. Heh.
80% loss to the machine itself, or at least, 80% loss after any2-ix.la.arpnetworks.com
nah, i just get high latency at any2ix.coresite.com
no loss though
I'm seeing a bit of dataloss at br01-1-1.lax4.net2ez.com
according to an mtr I've been running for the past few minutes
and a bit of congestion at any2-ix.la.arpnetworks.com
I imagine it's probably related to those two other dudes who pinged out with me.
an issue with a specific host I guess?
maybe
looking increasingly like that :P
RandalSchwartz: jdoe : i got alerts for kvr06 around 11am
looked like high host traffic for a bit
o/~ he's got... high host... he's got... high host... o/~
lol
wow, this room is larger than i remember
we had some remodelling done
do you like the fireplace?
It's the mirrors; they make the place look bigger.
and the smoke!  Must have both smoke and mirrors!
offending customer on kvr06 shutdown
just got some more packet loss alerts, but won't be a problem anymore
o.O
bad customers!
up_the_irons: huzzah, thanks!
up_the_irons: is it fixed? what is status? just kidding. all clear.
wickedSA_: go f yourself
;)
anyone have a Cisco ASA using RADIUS auth?  I have some software I want to test and see if radius auth works on the ASA through some rails code
up_the_irons: No, but I got coffee. Does that count?
dxtr: 'fraid no
Oh c'mon!
Don't be picky
heh, sony got hacked agains
Again!?
fink: Link!
http://it.slashdot.org/story/11/06/02/2348233/Sony-Compromised-Again?utm_source=rss1.0&utm_medium=feed
plaintext passwords!  Gah!
in 2011!
and sql injection!
what are they using, php?
It's Sony.  PHP may be asking too much.
Also, plaintext password storage is required for certain common forms of secure password transmission, since both ends need to know the password.
nope.  I don't buy it
there's never a reason the thing you're auth'ing to needs to store anything more than a hash these days.
anything after that, you use public-key encryption (SSL, etc)
so, absolutely no excuse.  at all.
I worked for a large online meeting company in 2004 and nothing sensative was stored in the clear
heh yeah, that Sony hack is crazy
RandalSchwartz: cram-md5 and digest-md5 sasl authentication require knowledge of the password.
and md5 is lame. :)
new starts don't use it
cleartext transmission of the SASL protocol is also broken
people should be using SSL
again - this is 2011
There are instances where SSL isn't possible.
not 1997
Nope.  SSL is always possible.
implemented, maybe not.
but that's the #fail then
digest-md5 is used in secure http authentication.
again - fail
if you aren't SSL, you're broken
and http auth is 1997, not 2011
and if you're SSL, you can use basic auth. :)
SSL and certs, or SSL and basic auth, or just plan SSL and sessions.
no need for server to know a cleartext password.  EVER.
SSL+basic auth is still just transmission protection.
and sufficient
the server still doesn't have a cleartext password
winer
winner
it's also subject to the strength of the certificate structure you're using.
sure, so is any combination of security
so be careful
cleartext passwords are below the threshold
yes, it does, basic auth sends the server the base64-encoded version of the password.
yes - and the server hashes that, to compare against a hash
bingo - server doesn't need cleartext password
ok - not as good as yubikey or securicard.  But whatever.
if you care, use a OTP stack
but basic SSL is pretty damn impenetrable
and far better than storing plaintext on server
if I have control of both endpoints, stored shared secrets aren't a big deal, but security relying on third parties creates additional issues.
and sony proves that the pot is too sweet at the endpoint
who cares about the middle
they get one password each
and if people can intercept your SSL traffic, you don't belong on the net
heh
RandalSchwartz: how'd your 8.2 upgrade go?
didn't do any of them yet
that's on the short to-do list
I might even farm that out (nudge nudge)
RandalSchwartz: mine went swimmingly
no probls
cool