[00:35] *** anis_ has joined #arpnetworks
[00:38] *** anis has quit IRC (*.net *.split)
[00:38] *** z310 has quit IRC (*.net *.split)
[00:38] *** anis_ is now known as anis
[00:43] *** z310 has joined #arpnetworks
[09:56] *** toddf has quit IRC (Ping timeout: 245 seconds)
[10:01] *** toddf has joined #arpnetworks
[10:01] *** ChanServ sets mode: +o toddf
[10:11] *** toddf_ has joined #arpnetworks
[10:11] *** toddf has quit IRC (Remote host closed the connection)
[10:16] *** toddf_ has quit IRC (Remote host closed the connection)
[10:17] *** toddf has joined #arpnetworks
[10:17] *** ChanServ sets mode: +o toddf
[10:21] *** toddf has quit IRC (Ping timeout: 245 seconds)
[10:22] *** toddf has joined #arpnetworks
[10:22] *** ChanServ sets mode: +o toddf
[10:41] *** toddf has quit IRC (Ping timeout: 240 seconds)
[10:41] *** toddf has joined #arpnetworks
[10:41] *** ChanServ sets mode: +o toddf
[10:54] *** toddf has quit IRC (Remote host closed the connection)
[10:56] *** toddf has joined #arpnetworks
[10:56] *** ChanServ sets mode: +o toddf
[11:00] *** toddf has quit IRC (Ping timeout: 252 seconds)
[11:01] *** toddf has joined #arpnetworks
[11:01] *** ChanServ sets mode: +o toddf
[11:10] *** toddf has quit IRC (Ping timeout: 264 seconds)
[11:11] *** toddf has joined #arpnetworks
[11:11] *** ChanServ sets mode: +o toddf
[11:36] *** toddf has quit IRC (Ping timeout: 264 seconds)
[11:36] *** toddf has joined #arpnetworks
[11:36] *** ChanServ sets mode: +o toddf
[11:42] <RandalSchwartz> toddf is testing the revolving door recently installed on this channel.
[11:43] <toddf> oh I am flapping?
[11:44] <toddf> bah
[11:44] <brycec> quite a bit, yes toddf. Every 15-20 minutes, a "Ping timeout"
[11:45] <toddf> then something has become unstable about the tor network every 15-20 minutes
[11:46] <toddf> no I'm not using it for anon I'm just testin to see how stable it is. has been forever and now today .. you see a difference ..
[11:46] <brycec> tor? just looks like a shitty HE.net tunnel from hhere
[11:46] <brycec> 11:36:17 ::: toddf [~todd@2001:470:817c:10:207:e9ff:fe10:a36c] has quit [Ping timeout: 264 seconds]
[11:47] <toddf> oh I'm coming in over IPv6? bah
[11:47] <toddf> ok so he.net to blame this time
[11:48] <toddf> someday I'll get pissed enough with he.net to redo my tunnel to go to arpnetworks, but until that day, I've got higher priorities *grin*
[11:49] <brycec> heh, I have the tunnel setup, just not the routing and firewalling... Like you said, higher priorities
[11:49] <toddf> its not that the tunnel itself is hard to move. its the renumbering of all my stuff at home that is the pain.
[11:49] * brycec nods
[11:49] <brycec> (and so much DNS updates to go along with it)
[11:49] <brycec> *many
[11:51] <staticsafe> my tserv has been super stable <3
[12:17] <mercutio> has anyone here used startssl free?
[12:17] <mike-burns> Yes.
[12:17] <mercutio> works fine?
[12:17] <mike-burns> No complaints.
[12:17] <mercutio> i found cacert was no better than self-signed
[12:18] <mike-burns> Ugly Web site, hard to navigate, have to pay to revoke - but once you have the cert, it works fine.
[12:18] <mercutio> pay to revoke haha
[12:18] <mercutio> so that the only catch
[12:18] <mercutio> not that i need to revoke
[12:18] <mercutio> is it a normal fee to revoke or something stupid?
[12:18] <mike-burns> They cashed in during Heartbleed.
[12:19] <mike-burns> Not sure, but I think it's not terribly expensive.
[12:19] <mike-burns> (My certs weren't affected by Heartbleed.)
[12:19] <ant> mercutio: $25
[12:19] <mercutio> ahh that not insane
[12:19] <mercutio> it's not like $250 or something
[12:21] <mercutio> their web site is pretty bad
[12:22] <mercutio> but fpr  personal stuff it seems silly to pay $10 a year even
[12:22] <mercutio> but some jabber security check thing didn't seem to like me having self-signed certificate
[12:22] <brycec> Yes mercutio, I use it, no issues.
[12:23] <mercutio> i dunno if it matters, but i have to keep clicking accept when i login to jabber :/
[12:23] <mercutio> so may as well do something about it
[12:23] <brycec> And yeah, the pay-to-revoke is not unheard of, but it does seem awfully silly.
[12:23] <mercutio> i wonder if namecheap charge to revoke
[12:24] <brycec> (I seem to recall that several did/do)
[12:24] <mercutio> namecheap is pretty cheap for certificates
[12:25] <ant> afaik startcom's certs are free b/c issuing them doesn't require manual interaction while revoking does, so they charge for it
[12:25] <brycec> (but not cheaper than free, and already in the trust chain)
[12:26] <mercutio> the whole model is screwed to me :/
[12:26] <mike-burns> Yes.
[12:27] <mercutio> and startssl isn't letting me continue with my email code
[12:27] <mercutio> i clicked it a few times with doing other stuff in the background and still doing nothing gah
[12:31] <mercutio> weird it's being held for review
[12:31] <mercutio> needs up to 6 hours apparently
[12:31] <mercutio> so they must be doing manual verification some of the time at least
[12:33] <mercutio> i suppose i'll have to delay this jabber thing
[12:33] <brycec> Yeah happens sometimes. No big deal, really. At least never has been for me
[12:34] <mercutio> well i was hoping to do this jabber thing :)
[12:34] <mercutio> i thinking of moving it another server too though
[12:34] <mercutio> and from memory ejabberd is a bit mental with that
[12:34] <ant> it never took that long for me. and i guess there's just some operator checking that you don't get a cert for m1crosoft.com or something and then clicks yes
[12:34] <brycec> heh they email you when it's ready, and then you just drop it in then :p
[12:34] <mercutio> it seems ubuntu has outdated no-longer-supported ejabberd version
[12:34] <mercutio> (in trusty)
[12:35] <mercutio> it wasn't for a cert, it was for the signup so i can get a cert
[12:35] <mercutio> i had to redo it because it didn't wrok the first time
[12:35] <ant> oh
[12:35] <mercutio> i tried going away from the page and back to it
[12:35] <mercutio> which then gave an error saying i had to resign up
[12:35] <mercutio> and sohuldn't move away from the page
[12:35] <mercutio> so it may be cos of double signup
[12:35] <mercutio> which wouldn't be my preference normally :)
[12:36] <mercutio> it also seems to use frames..
[12:36] <mercutio> so the url is constant
[12:38] <mercutio> what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet
[12:38] <mercutio> well microsoft at least :/
[12:39] <mercutio> browsers don't tell you when you change to a diff cert issuer
[12:39] <mercutio> and it seems trust is global
[12:42] <mercutio> oh they responded already
[12:46] <ant> there haven been cases of abused intermediate certificates and stolen private keys. so that compromising is already happening
[12:47] <ant> also after heartbleed people pointed out that revoking certs is more or less useless, b/c when browsers can't check the revokations status they just assume that the certs hasn't been revoked
[12:48] <mike-burns> 15:26:15 <mercutio> the whole model is screwed to me :/
[12:48] <mike-burns> ^ that.
[12:50] <ant> yeah. i hope that one can relay on dane $soon
[13:01] <mercutio> oh my chrome isn't set to check for revoked certificates
[13:02] <mercutio> so maybe it common not to check
[13:02] <mike-burns> It's common not to check, and the Chromium team is opposed to checking.
[13:03] <mercutio> oh
[13:05] <mike-burns> https://code.google.com/p/chromium/issues/detail?id=361820 - here's a thread on it.
[13:06] <mercutio> i think there should be localised trust chains
[13:06] <mercutio> like say trust google, trust microsoft etc
[13:06] <mercutio> trust chinese government
[13:06] <mike-burns> The xombrero browser, IIRC, starts without any trust; you have to trust each CA yourself.
[13:07] <mercutio> i think chained trust is better
[13:07] <mercutio> it's like uac with windows
[13:07] <mercutio> people just get used to clicking accept
[13:07] <mercutio> cos it comes up all the time
[13:07] <mike-burns> I think web of trust is best, but it's a major hassle.
[13:07] <mercutio> less so than trusting each cert individually
[13:07] <mike-burns> Agreed.
[13:08] <brycec> Also, CA's verify things like domain ownership, as one step in the "prevent mercutio from grabbing a microsoft.com cert" process 12:38:21 < mercutio> what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet
[13:08] <brycec> Good CAs do a lot of verification
[13:09] <mercutio> do all CA's check
[13:09] <mercutio> but ppor CA's can still issue certificates
[13:09] <brycec> Probably.
[13:09] <mercutio> taht are just as trustworthy
[13:09] <mercutio> i know about the various verified levels etc
[13:09] <mercutio> but it's not exposed nicely
[13:09] <brycec> Yeah, see remakrs about "screwed up"
[13:09] <mercutio> and screwed if i want to pay $250 for a personal domain
[13:10] <brycec> There is the "EV cert, supposed to show up bright green etc on the user's computer, that indicate LOTS of background checks etc
[13:10] <brycec> *remarks
[13:10] <brycec> Fuck my connection :(
[13:11] <mercutio> i only see green yellow red i think?
[13:12] <brycec> I know paypal.com has one
[13:13] <mercutio> looks the same as facebook
[13:13] * brycec can't tell... since his Internet is being A TOTAL FUCKING DICK right now
[13:13] <brycec> (See https://smokeping.cobryce.com/?displaymode=n;start=2014-05-19%2023:08;end=now;target=ARP.ARPWebsite for bbevidence on that)
[13:14] <mercutio> wow what
[13:14] <mercutio> what happened
[13:14] <brycec> no idea
[13:14] <brycec> it just started the other day
[13:14] <brycec> random bursts of lag
[13:14] <mercutio> that web site loaded ok
[13:14] <brycec> Haven't been able to figure out the cause or source yet
[13:15] <mercutio> is it to next hop even?
[13:15] <brycec> mercutio: that website is hosted on ARP :) See the lines for TWC (TimeWarner Business Cable)
[13:15] <brycec> mercutio: yeah, seems like it I think
[13:15] <brycec> (think because I can't remember)
[13:16] <mercutio> hmm was i smokepining you
[13:16] <mercutio> or was it someone else
[13:16] <mercutio> nah it won't have been you it was someone on verizon
[13:16] <mercutio> and it stopped working it seems
[13:16] <brycec> heh yeah not me
[13:16] <mercutio> oh all of my smokeing stopped working
[13:17] <brycec> haha
[13:17] <brycec> er, I mean, bummer
[13:17] <mercutio> heh i ran out of disk
[13:17] <mercutio> before
[13:17] <mercutio> so it prob got confused
[13:17] <brycec> LOL
[13:17] <mercutio> i fixed it..
[13:17] <mercutio> yeah ikr
[13:17] <brycec> I had similar issues when I tried to add too man
[13:17] <mercutio> small root partition with most stuff in other places
[13:18] <mercutio> well systemd-journald takes up shit loads of space by default
[13:19] <brycec> (Ah right, I'm seeing separate issues with my next hop too)
[13:19] * brycec burns TWC down
[13:20] <mercutio> my curl testing kept working
[13:20] <mercutio> only my ping broke
[13:20] <mercutio> with smokeping
[14:04] <m0unds> the svc that chrome/chromium uses for revocation checks regularly times out during lookups
[14:04] <m0unds> that's part of why it's disabled by default in chrome now - it was returning invalid CA stuff for valid certs
[16:35] *** Konata has joined #arpnetworks
[19:28] <mercutio> hmm i'm surprised, cheap chromebook does 190 megabit wireless throughput in the same room.
[19:31] <brycec> That's good
[19:33] <mercutio> yeh
[19:34] <mercutio> i'm surprised
[19:34] <mercutio> i tried doing 250 megabit udp flodo at it, and it struggles with packet loss for a bit, then stops getting packet loss
[19:35] <mercutio> so if tcp/ip was more wireless friendly it could probably go faster
[19:35] <mercutio> now i wonder if can put a wireless ac card in it heh
[19:45] <hazardous> hi nerds!
[19:45] <hazardous> and/or geeks
[19:46] <brycec> Just ipv6-enabled my guest network, woo!
[19:46] <staticsafe> hi
[19:46] <brycec> Now if only I had guests, let alone guest that would appreciate ipv6 connectivity
[19:47] <hazardous> ha
[19:47] * staticsafe visits
[19:48] <brycec> creeeepy
[19:53] <mercutio> heh
[20:28] * RandalSchwartz has no guests
[20:45] <brycec> Aaaaand I now have a little private IPv6 VPN (well, I added the appropriate server-inet6 configuration to my management vpn)
[20:49] <RandalSchwartz> a little private ipv6 that can enumerate the grains of sand on all the beaches in the world. :)
[21:09] *** Konata has quit IRC (Quit: Leaving...)
[21:16] *** brycec has quit IRC (Quit: Back in a few minutes...)
[21:17] *** BryceBot has quit IRC (Quit: Standby for reinitialization...)
[21:19] *** Guest86537 has joined #arpnetworks
[21:30] *** brycec has joined #arpnetworks
[21:48] *** Guest86537 has quit IRC (Changing host)
[21:48] *** Guest86537 has joined #arpnetworks
[21:48] *** Guest86537 is now known as BryceBot
[23:08] *** novae has quit IRC (Remote host closed the connection)
[23:09] *** novae has joined #arpnetworks
[23:48] *** novae has quit IRC (Ping timeout: 240 seconds)
[23:58] <up_the_irons> haha
[23:59] *** novae has joined #arpnetworks