toddf is testing the revolving door recently installed on this channel. oh I am flapping? bah quite a bit, yes toddf. Every 15-20 minutes, a "Ping timeout" then something has become unstable about the tor network every 15-20 minutes no I'm not using it for anon I'm just testin to see how stable it is. has been forever and now today .. you see a difference .. tor? just looks like a shitty HE.net tunnel from hhere 11:36:17 ::: toddf [~todd@2001:470:817c:10:207:e9ff:fe10:a36c] has quit [Ping timeout: 264 seconds] oh I'm coming in over IPv6? bah ok so he.net to blame this time someday I'll get pissed enough with he.net to redo my tunnel to go to arpnetworks, but until that day, I've got higher priorities *grin* heh, I have the tunnel setup, just not the routing and firewalling... Like you said, higher priorities its not that the tunnel itself is hard to move. its the renumbering of all my stuff at home that is the pain. (and so much DNS updates to go along with it) *many my tserv has been super stable <3 has anyone here used startssl free? Yes. works fine? No complaints. i found cacert was no better than self-signed Ugly Web site, hard to navigate, have to pay to revoke - but once you have the cert, it works fine. pay to revoke haha so that the only catch not that i need to revoke is it a normal fee to revoke or something stupid? They cashed in during Heartbleed. Not sure, but I think it's not terribly expensive. (My certs weren't affected by Heartbleed.) mercutio: $25 ahh that not insane it's not like $250 or something their web site is pretty bad but fpr personal stuff it seems silly to pay $10 a year even but some jabber security check thing didn't seem to like me having self-signed certificate Yes mercutio, I use it, no issues. i dunno if it matters, but i have to keep clicking accept when i login to jabber :/ so may as well do something about it And yeah, the pay-to-revoke is not unheard of, but it does seem awfully silly. i wonder if namecheap charge to revoke (I seem to recall that several did/do) namecheap is pretty cheap for certificates afaik startcom's certs are free b/c issuing them doesn't require manual interaction while revoking does, so they charge for it (but not cheaper than free, and already in the trust chain) the whole model is screwed to me :/ Yes. and startssl isn't letting me continue with my email code i clicked it a few times with doing other stuff in the background and still doing nothing gah weird it's being held for review needs up to 6 hours apparently so they must be doing manual verification some of the time at least i suppose i'll have to delay this jabber thing Yeah happens sometimes. No big deal, really. At least never has been for me well i was hoping to do this jabber thing :) i thinking of moving it another server too though and from memory ejabberd is a bit mental with that it never took that long for me. and i guess there's just some operator checking that you don't get a cert for m1crosoft.com or something and then clicks yes heh they email you when it's ready, and then you just drop it in then :p it seems ubuntu has outdated no-longer-supported ejabberd version (in trusty) it wasn't for a cert, it was for the signup so i can get a cert i had to redo it because it didn't wrok the first time oh i tried going away from the page and back to it which then gave an error saying i had to resign up and sohuldn't move away from the page so it may be cos of double signup which wouldn't be my preference normally :) it also seems to use frames.. so the url is constant what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet well microsoft at least :/ browsers don't tell you when you change to a diff cert issuer and it seems trust is global oh they responded already there haven been cases of abused intermediate certificates and stolen private keys. so that compromising is already happening also after heartbleed people pointed out that revoking certs is more or less useless, b/c when browsers can't check the revokations status they just assume that the certs hasn't been revoked 15:26:15 the whole model is screwed to me :/ ^ that. yeah. i hope that one can relay on dane $soon oh my chrome isn't set to check for revoked certificates so maybe it common not to check It's common not to check, and the Chromium team is opposed to checking. oh https://code.google.com/p/chromium/issues/detail?id=361820 - here's a thread on it. i think there should be localised trust chains like say trust google, trust microsoft etc trust chinese government The xombrero browser, IIRC, starts without any trust; you have to trust each CA yourself. i think chained trust is better it's like uac with windows people just get used to clicking accept cos it comes up all the time I think web of trust is best, but it's a major hassle. less so than trusting each cert individually Agreed. Also, CA's verify things like domain ownership, as one step in the "prevent mercutio from grabbing a microsoft.com cert" process 12:38:21 < mercutio> what i don't understand, is like you said, why can't one of these just allow microsoft.com and compromise the whole internet Good CAs do a lot of verification do all CA's check but ppor CA's can still issue certificates Probably. taht are just as trustworthy i know about the various verified levels etc but it's not exposed nicely Yeah, see remakrs about "screwed up" and screwed if i want to pay $250 for a personal domain There is the "EV cert, supposed to show up bright green etc on the user's computer, that indicate LOTS of background checks etc *remarks Fuck my connection :( i only see green yellow red i think? I know paypal.com has one looks the same as facebook (See https://smokeping.cobryce.com/?displaymode=n;start=2014-05-19%2023:08;end=now;target=ARP.ARPWebsite for bbevidence on that) wow what what happened no idea it just started the other day random bursts of lag that web site loaded ok Haven't been able to figure out the cause or source yet is it to next hop even? mercutio: that website is hosted on ARP :) See the lines for TWC (TimeWarner Business Cable) mercutio: yeah, seems like it I think (think because I can't remember) hmm was i smokepining you or was it someone else nah it won't have been you it was someone on verizon and it stopped working it seems heh yeah not me oh all of my smokeing stopped working haha er, I mean, bummer heh i ran out of disk before so it prob got confused LOL i fixed it.. yeah ikr I had similar issues when I tried to add too man small root partition with most stuff in other places well systemd-journald takes up shit loads of space by default (Ah right, I'm seeing separate issues with my next hop too) my curl testing kept working only my ping broke with smokeping the svc that chrome/chromium uses for revocation checks regularly times out during lookups that's part of why it's disabled by default in chrome now - it was returning invalid CA stuff for valid certs hmm i'm surprised, cheap chromebook does 190 megabit wireless throughput in the same room. That's good yeh i'm surprised i tried doing 250 megabit udp flodo at it, and it struggles with packet loss for a bit, then stops getting packet loss so if tcp/ip was more wireless friendly it could probably go faster now i wonder if can put a wireless ac card in it heh hi nerds! and/or geeks Just ipv6-enabled my guest network, woo! hi Now if only I had guests, let alone guest that would appreciate ipv6 connectivity ha creeeepy heh Aaaaand I now have a little private IPv6 VPN (well, I added the appropriate server-inet6 configuration to my management vpn) a little private ipv6 that can enumerate the grains of sand on all the beaches in the world. :) haha