***: anis has quit IRC (*.net *.split)
z310 has quit IRC (*.net *.split)
anis_ is now known as anis
z310 has joined #arpnetworks
toddf has quit IRC (Ping timeout: 245 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf_ has joined #arpnetworks
toddf has quit IRC (Remote host closed the connection)
toddf_ has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Ping timeout: 245 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Ping timeout: 240 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Remote host closed the connection)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Ping timeout: 252 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Ping timeout: 264 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
toddf has quit IRC (Ping timeout: 264 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf RandalSchwartz: toddf is testing the revolving door recently installed on this channel. toddf: oh I am flapping?
bah brycec: quite a bit, yes toddf. Every 15-20 minutes, a "Ping timeout" toddf: then something has become unstable about the tor network every 15-20 minutes
no I'm not using it for anon I'm just testin to see how stable it is. has been forever and now today .. you see a difference .. brycec: tor? just looks like a shitty HE.net tunnel from hhere
11:36:17 ::: toddf [~todd@2001:470:817c:10:207:e9ff:fe10:a36c] has quit [Ping timeout: 264 seconds] toddf: oh I'm coming in over IPv6? bah
ok so he.net to blame this time
someday I'll get pissed enough with he.net to redo my tunnel to go to arpnetworks, but until that day, I've got higher priorities *grin* brycec: heh, I have the tunnel setup, just not the routing and firewalling... Like you said, higher priorities toddf: its not that the tunnel itself is hard to move. its the renumbering of all my stuff at home that is the pain. -: brycec nods brycec: (and so much DNS updates to go along with it)
*many staticsafe: my tserv has been super stable <3 mercutio: has anyone here used startssl free? mike-burns: Yes. mercutio: works fine? mike-burns: No complaints. mercutio: i found cacert was no better than self-signed mike-burns: Ugly Web site, hard to navigate, have to pay to revoke - but once you have the cert, it works fine. mercutio: pay to revoke haha
so that the only catch
not that i need to revoke
is it a normal fee to revoke or something stupid? mike-burns: They cashed in during Heartbleed.
Not sure, but I think it's not terribly expensive.
(My certs weren't affected by Heartbleed.) ant: mercutio: $25 mercutio: ahh that not insane
it's not like $250 or something
their web site is pretty bad
but fpr personal stuff it seems silly to pay $10 a year even
but some jabber security check thing didn't seem to like me having self-signed certificate brycec: Yes mercutio, I use it, no issues. mercutio: i dunno if it matters, but i have to keep clicking accept when i login to jabber :/
so may as well do something about it brycec: And yeah, the pay-to-revoke is not unheard of, but it does seem awfully silly. mercutio: i wonder if namecheap charge to revoke brycec: (I seem to recall that several did/do) mercutio: namecheap is pretty cheap for certificates ant: afaik startcom's certs are free b/c issuing them doesn't require manual interaction while revoking does, so they charge for it brycec: (but not cheaper than free, and already in the trust chain) mercutio: the whole model is screwed to me :/ mike-burns: Yes. mercutio: and startssl isn't letting me continue with my email code
i clicked it a few times with doing other stuff in the background and still doing nothing gah
weird it's being held for review
needs up to 6 hours apparently
so they must be doing manual verification some of the time at least
i suppose i'll have to delay this jabber thing brycec: Yeah happens sometimes. No big deal, really. At least never has been for me mercutio: well i was hoping to do this jabber thing :)
i thinking of moving it another server too though
and from memory ejabberd is a bit mental with that ant: it never took that long for me. and i guess there's just some operator checking that you don't get a cert for m1crosoft.com or something and then clicks yes brycec: heh they email you when it's ready, and then you just drop it in then :p mercutio: it seems ubuntu has outdated no-longer-supported ejabberd version
(in trusty)
it wasn't for a cert, it was for the signup so i can get a cert
i had to redo it because it didn't wrok the first time ant: oh mercutio: i tried going away from the page and back to it
which then gave an error saying i had to resign up
and sohuldn't move away from the page
so it may be cos of double signup
which wouldn't be my preference normally :)
it also seems to use frames..
so the url is constant
what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet
well microsoft at least :/
browsers don't tell you when you change to a diff cert issuer
and it seems trust is global
oh they responded already ant: there haven been cases of abused intermediate certificates and stolen private keys. so that compromising is already happening
also after heartbleed people pointed out that revoking certs is more or less useless, b/c when browsers can't check the revokations status they just assume that the certs hasn't been revoked mike-burns: 15:26:15 <mercutio> the whole model is screwed to me :/
^ that. ant: yeah. i hope that one can relay on dane $soon mercutio: oh my chrome isn't set to check for revoked certificates
so maybe it common not to check mike-burns: It's common not to check, and the Chromium team is opposed to checking. mercutio: oh mike-burns: https://code.google.com/p/chromium/issues/detail?id=361820 - here's a thread on it. mercutio: i think there should be localised trust chains
like say trust google, trust microsoft etc
trust chinese government mike-burns: The xombrero browser, IIRC, starts without any trust; you have to trust each CA yourself. mercutio: i think chained trust is better
it's like uac with windows
people just get used to clicking accept
cos it comes up all the time mike-burns: I think web of trust is best, but it's a major hassle. mercutio: less so than trusting each cert individually mike-burns: Agreed. brycec: Also, CA's verify things like domain ownership, as one step in the "prevent mercutio from grabbing a microsoft.com cert" process 12:38:21 < mercutio> what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet
Good CAs do a lot of verification mercutio: do all CA's check
but ppor CA's can still issue certificates brycec: Probably. mercutio: taht are just as trustworthy
i know about the various verified levels etc
but it's not exposed nicely brycec: Yeah, see remakrs about "screwed up" mercutio: and screwed if i want to pay $250 for a personal domain brycec: There is the "EV cert, supposed to show up bright green etc on the user's computer, that indicate LOTS of background checks etc
*remarks
Fuck my connection :( mercutio: i only see green yellow red i think? brycec: I know paypal.com has one mercutio: looks the same as facebook -: brycec can't tell... since his Internet is being A TOTAL FUCKING DICK right now brycec: (See https://smokeping.cobryce.com/?displaymode=n;start=2014-05-19%2023:08;end=now;target=ARP.ARPWebsite for bbevidence on that) mercutio: wow what
what happened brycec: no idea
it just started the other day
random bursts of lag mercutio: that web site loaded ok brycec: Haven't been able to figure out the cause or source yet mercutio: is it to next hop even? brycec: mercutio: that website is hosted on ARP :) See the lines for TWC (TimeWarner Business Cable)
mercutio: yeah, seems like it I think
(think because I can't remember) mercutio: hmm was i smokepining you
or was it someone else
nah it won't have been you it was someone on verizon
and it stopped working it seems brycec: heh yeah not me mercutio: oh all of my smokeing stopped working brycec: haha
er, I mean, bummer mercutio: heh i ran out of disk
before
so it prob got confused brycec: LOL mercutio: i fixed it..
yeah ikr brycec: I had similar issues when I tried to add too man mercutio: small root partition with most stuff in other places
well systemd-journald takes up shit loads of space by default brycec: (Ah right, I'm seeing separate issues with my next hop too) -: brycec burns TWC down mercutio: my curl testing kept working
only my ping broke
with smokeping m0unds: the svc that chrome/chromium uses for revocation checks regularly times out during lookups
that's part of why it's disabled by default in chrome now - it was returning invalid CA stuff for valid certs ***: Konata has joined #arpnetworks mercutio: hmm i'm surprised, cheap chromebook does 190 megabit wireless throughput in the same room. brycec: That's good mercutio: yeh
i'm surprised
i tried doing 250 megabit udp flodo at it, and it struggles with packet loss for a bit, then stops getting packet loss
so if tcp/ip was more wireless friendly it could probably go faster
now i wonder if can put a wireless ac card in it heh hazardous: hi nerds!
and/or geeks brycec: Just ipv6-enabled my guest network, woo! staticsafe: hi brycec: Now if only I had guests, let alone guest that would appreciate ipv6 connectivity hazardous: ha -: staticsafe visits brycec: creeeepy mercutio: heh -: RandalSchwartz has no guests brycec: Aaaaand I now have a little private IPv6 VPN (well, I added the appropriate server-inet6 configuration to my management vpn) RandalSchwartz: a little private ipv6 that can enumerate the grains of sand on all the beaches in the world. :) ***: Konata has quit IRC (Quit: Leaving...)
brycec has quit IRC (Quit: Back in a few minutes...)
BryceBot has quit IRC (Quit: Standby for reinitialization...)
Guest86537 has joined #arpnetworks
brycec has joined #arpnetworks
Guest86537 has quit IRC (Changing host)
Guest86537 has joined #arpnetworks
Guest86537 is now known as BryceBot
novae has quit IRC (Remote host closed the connection)
novae has joined #arpnetworks
novae has quit IRC (Ping timeout: 240 seconds) up_the_irons: haha ***: novae has joined #arpnetworks