| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | anis_ has joined #arpnetworks
anis has quit IRC (*.net *.split) z310 has quit IRC (*.net *.split) anis_ is now known as anis | [00:35] |
| z310 has joined #arpnetworks | [00:43] | |
| ............................................................................................................... (idle for 9h13mn) | ||
| toddf has quit IRC (Ping timeout: 245 seconds) | [09:56] | |
| toddf has joined #arpnetworks
ChanServ sets mode: +o toddf | [10:01] | |
| toddf_ has joined #arpnetworks
toddf has quit IRC (Remote host closed the connection) | [10:11] | |
| toddf_ has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf toddf has quit IRC (Ping timeout: 245 seconds) toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [10:16] | |
| .... (idle for 19mn) | ||
| toddf has quit IRC (Ping timeout: 240 seconds)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [10:41] | |
| toddf has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf toddf has quit IRC (Ping timeout: 252 seconds) toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [10:54] | |
| toddf has quit IRC (Ping timeout: 264 seconds)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [11:10] | |
| ...... (idle for 25mn) | ||
| toddf has quit IRC (Ping timeout: 264 seconds)
toddf has joined #arpnetworks ChanServ sets mode: +o toddf | [11:36] | |
| RandalSchwartz | toddf is testing the revolving door recently installed on this channel. | [11:42] |
| toddf | oh I am flapping?
bah | [11:43] |
| brycec | quite a bit, yes toddf. Every 15-20 minutes, a "Ping timeout" | [11:44] |
| toddf | then something has become unstable about the tor network every 15-20 minutes
no I'm not using it for anon I'm just testin to see how stable it is. has been forever and now today .. you see a difference .. | [11:45] |
| brycec | tor? just looks like a shitty HE.net tunnel from hhere
11:36:17 ::: toddf [~todd@2001:470:817c:10:207:e9ff:fe10:a36c] has quit [Ping timeout: 264 seconds] | [11:46] |
| toddf | oh I'm coming in over IPv6? bah
ok so he.net to blame this time someday I'll get pissed enough with he.net to redo my tunnel to go to arpnetworks, but until that day, I've got higher priorities *grin* | [11:47] |
| brycec | heh, I have the tunnel setup, just not the routing and firewalling... Like you said, higher priorities | [11:49] |
| toddf | its not that the tunnel itself is hard to move. its the renumbering of all my stuff at home that is the pain. | [11:49] |
| brycec | brycec nods
(and so much DNS updates to go along with it) *many | [11:49] |
| staticsafe | my tserv has been super stable <3 | [11:51] |
| ...... (idle for 26mn) | ||
| mercutio | has anyone here used startssl free? | [12:17] |
| mike-burns | Yes. | [12:17] |
| mercutio | works fine? | [12:17] |
| mike-burns | No complaints. | [12:17] |
| mercutio | i found cacert was no better than self-signed | [12:17] |
| mike-burns | Ugly Web site, hard to navigate, have to pay to revoke - but once you have the cert, it works fine. | [12:18] |
| mercutio | pay to revoke haha
so that the only catch not that i need to revoke is it a normal fee to revoke or something stupid? | [12:18] |
| mike-burns | They cashed in during Heartbleed.
Not sure, but I think it's not terribly expensive. (My certs weren't affected by Heartbleed.) | [12:18] |
| ant | mercutio: $25 | [12:19] |
| mercutio | ahh that not insane
it's not like $250 or something their web site is pretty bad but fpr personal stuff it seems silly to pay $10 a year even but some jabber security check thing didn't seem to like me having self-signed certificate | [12:19] |
| brycec | Yes mercutio, I use it, no issues. | [12:22] |
| mercutio | i dunno if it matters, but i have to keep clicking accept when i login to jabber :/
so may as well do something about it | [12:23] |
| brycec | And yeah, the pay-to-revoke is not unheard of, but it does seem awfully silly. | [12:23] |
| mercutio | i wonder if namecheap charge to revoke | [12:23] |
| brycec | (I seem to recall that several did/do) | [12:24] |
| mercutio | namecheap is pretty cheap for certificates | [12:24] |
| ant | afaik startcom's certs are free b/c issuing them doesn't require manual interaction while revoking does, so they charge for it | [12:25] |
| brycec | (but not cheaper than free, and already in the trust chain) | [12:25] |
| mercutio | the whole model is screwed to me :/ | [12:26] |
| mike-burns | Yes. | [12:26] |
| mercutio | and startssl isn't letting me continue with my email code
i clicked it a few times with doing other stuff in the background and still doing nothing gah weird it's being held for review needs up to 6 hours apparently so they must be doing manual verification some of the time at least i suppose i'll have to delay this jabber thing | [12:27] |
| brycec | Yeah happens sometimes. No big deal, really. At least never has been for me | [12:33] |
| mercutio | well i was hoping to do this jabber thing :)
i thinking of moving it another server too though and from memory ejabberd is a bit mental with that | [12:34] |
| ant | it never took that long for me. and i guess there's just some operator checking that you don't get a cert for m1crosoft.com or something and then clicks yes | [12:34] |
| brycec | heh they email you when it's ready, and then you just drop it in then :p | [12:34] |
| mercutio | it seems ubuntu has outdated no-longer-supported ejabberd version
(in trusty) it wasn't for a cert, it was for the signup so i can get a cert i had to redo it because it didn't wrok the first time | [12:34] |
| ant | oh | [12:35] |
| mercutio | i tried going away from the page and back to it
which then gave an error saying i had to resign up and sohuldn't move away from the page so it may be cos of double signup which wouldn't be my preference normally :) it also seems to use frames.. so the url is constant what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet well microsoft at least :/ browsers don't tell you when you change to a diff cert issuer and it seems trust is global oh they responded already | [12:35] |
| ant | there haven been cases of abused intermediate certificates and stolen private keys. so that compromising is already happening
also after heartbleed people pointed out that revoking certs is more or less useless, b/c when browsers can't check the revokations status they just assume that the certs hasn't been revoked | [12:46] |
| mike-burns | 15:26:15 <mercutio> the whole model is screwed to me :/
^ that. | [12:48] |
| ant | yeah. i hope that one can relay on dane $soon | [12:50] |
| mercutio | oh my chrome isn't set to check for revoked certificates
so maybe it common not to check | [13:01] |
| mike-burns | It's common not to check, and the Chromium team is opposed to checking. | [13:02] |
| mercutio | oh | [13:03] |
| mike-burns | https://code.google.com/p/chromium/issues/detail?id=361820 - here's a thread on it. | [13:05] |
| mercutio | i think there should be localised trust chains
like say trust google, trust microsoft etc trust chinese government | [13:06] |
| mike-burns | The xombrero browser, IIRC, starts without any trust; you have to trust each CA yourself. | [13:06] |
| mercutio | i think chained trust is better
it's like uac with windows people just get used to clicking accept cos it comes up all the time | [13:07] |
| mike-burns | I think web of trust is best, but it's a major hassle. | [13:07] |
| mercutio | less so than trusting each cert individually | [13:07] |
| mike-burns | Agreed. | [13:07] |
| brycec | Also, CA's verify things like domain ownership, as one step in the "prevent mercutio from grabbing a microsoft.com cert" process 12:38:21 < mercutio> what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet
Good CAs do a lot of verification | [13:08] |
| mercutio | do all CA's check
but ppor CA's can still issue certificates | [13:09] |
| brycec | Probably. | [13:09] |
| mercutio | taht are just as trustworthy
i know about the various verified levels etc but it's not exposed nicely | [13:09] |
| brycec | Yeah, see remakrs about "screwed up" | [13:09] |
| mercutio | and screwed if i want to pay $250 for a personal domain | [13:09] |
| brycec | There is the "EV cert, supposed to show up bright green etc on the user's computer, that indicate LOTS of background checks etc
*remarks Fuck my connection :( | [13:10] |
| mercutio | i only see green yellow red i think? | [13:11] |
| brycec | I know paypal.com has one | [13:12] |
| mercutio | looks the same as facebook | [13:13] |
| brycec | brycec can't tell... since his Internet is being A TOTAL FUCKING DICK right now
(See https://smokeping.cobryce.com/?displaymode=n;start=2014-05-19%2023:08;end=now;target=ARP.ARPWebsite for bbevidence on that) | [13:13] |
| mercutio | wow what
what happened | [13:14] |
| brycec | no idea
it just started the other day random bursts of lag | [13:14] |
| mercutio | that web site loaded ok | [13:14] |
| brycec | Haven't been able to figure out the cause or source yet | [13:14] |
| mercutio | is it to next hop even? | [13:15] |
| brycec | mercutio: that website is hosted on ARP :) See the lines for TWC (TimeWarner Business Cable)
mercutio: yeah, seems like it I think (think because I can't remember) | [13:15] |
| mercutio | hmm was i smokepining you
or was it someone else nah it won't have been you it was someone on verizon and it stopped working it seems | [13:16] |
| brycec | heh yeah not me | [13:16] |
| mercutio | oh all of my smokeing stopped working | [13:16] |
| brycec | haha
er, I mean, bummer | [13:17] |
| mercutio | heh i ran out of disk
before so it prob got confused | [13:17] |
| brycec | LOL | [13:17] |
| mercutio | i fixed it..
yeah ikr | [13:17] |
| brycec | I had similar issues when I tried to add too man | [13:17] |
| mercutio | small root partition with most stuff in other places
well systemd-journald takes up shit loads of space by default | [13:17] |
| brycec | (Ah right, I'm seeing separate issues with my next hop too)
brycec burns TWC down | [13:19] |
| mercutio | my curl testing kept working
only my ping broke with smokeping | [13:20] |
| ......... (idle for 44mn) | ||
| m0unds | the svc that chrome/chromium uses for revocation checks regularly times out during lookups
that's part of why it's disabled by default in chrome now - it was returning invalid CA stuff for valid certs | [14:04] |
| ............................... (idle for 2h31mn) | ||
| *** | Konata has joined #arpnetworks | [16:35] |
| ................................... (idle for 2h53mn) | ||
| mercutio | hmm i'm surprised, cheap chromebook does 190 megabit wireless throughput in the same room. | [19:28] |
| brycec | That's good | [19:31] |
| mercutio | yeh
i'm surprised i tried doing 250 megabit udp flodo at it, and it struggles with packet loss for a bit, then stops getting packet loss so if tcp/ip was more wireless friendly it could probably go faster now i wonder if can put a wireless ac card in it heh | [19:33] |
| hazardous | hi nerds!
and/or geeks | [19:45] |
| brycec | Just ipv6-enabled my guest network, woo! | [19:46] |
| staticsafe | hi | [19:46] |
| brycec | Now if only I had guests, let alone guest that would appreciate ipv6 connectivity | [19:46] |
| hazardous | ha | [19:47] |
| staticsafe | staticsafe visits | [19:47] |
| brycec | creeeepy | [19:48] |
| mercutio | heh | [19:53] |
| ........ (idle for 35mn) | ||
| RandalSchwartz | RandalSchwartz has no guests | [20:28] |
| .... (idle for 17mn) | ||
| brycec | Aaaaand I now have a little private IPv6 VPN (well, I added the appropriate server-inet6 configuration to my management vpn) | [20:45] |
| RandalSchwartz | a little private ipv6 that can enumerate the grains of sand on all the beaches in the world. :) | [20:49] |
| ..... (idle for 20mn) | ||
| *** | Konata has quit IRC (Quit: Leaving...) | [21:09] |
| brycec has quit IRC (Quit: Back in a few minutes...)
BryceBot has quit IRC (Quit: Standby for reinitialization...) Guest86537 has joined #arpnetworks | [21:16] | |
| brycec has joined #arpnetworks | [21:30] | |
| .... (idle for 18mn) | ||
| Guest86537 has quit IRC (Changing host)
Guest86537 has joined #arpnetworks Guest86537 is now known as BryceBot | [21:48] | |
| ................. (idle for 1h20mn) | ||
| novae has quit IRC (Remote host closed the connection)
novae has joined #arpnetworks | [23:08] | |
| ........ (idle for 39mn) | ||
| novae has quit IRC (Ping timeout: 240 seconds) | [23:48] | |
| up_the_irons | haha | [23:58] |
| *** | novae has joined #arpnetworks | [23:59] |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |