#arpnetworks 2015-07-28,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***jpalmer_ has quit IRC (Quit: leaving)
jpalmer has joined #arpnetworks
[07:10]
.... (idle for 16mn)
mkb has quit IRC (Remote host closed the connection)
mkb has joined #arpnetworks
[07:26]
................................... (idle for 2h54mn)
7F1AAAAA7 has joined #arpnetworks [10:22]
7F1AAAAA7 has quit IRC (*.net *.split) [10:27]
mjp_ has joined #arpnetworks [10:32]
pjs6/
oops
[10:43]
m0unds>:| [10:53]
brycec:) [10:57]
m0unds`;->~ [10:59]
...................................... (idle for 3h8mn)
moar freebsd vulns
tcp, openssh and bind
[14:07]
***m0unds has quit IRC (Quit: bork bork bork)
m0unds has joined #arpnetworks
[14:08]
mercutiom0unds: yeh it's insane
there seems to be way more vulnerabilities recently
there've been a few more qemu vulnerabilities that are fine with apparmor
and quite a lot of linux vulnerabilities
the bind one is kind of scary, did you read it?
only kind of - you can crash bind even with acl's in place by sending special packets to it
[14:15]
m0undsah [14:17]
mercutioi'm surprised stuff like that doesn't get used more
but whenever acls are bypassed it's scary
[14:17]
m0undsdidn't impact my system, only worried about the other two [14:18]
........................... (idle for 2h13mn)
gizmoguyhttp://www.cardsagainstsecurity.com/?g=ND9ULG
come join my cards against security game
[16:31]
grodywhats scarier some of these things have been vulnerable since older versions (freebsd) [16:42]
.......... (idle for 48mn)
***Seji has quit IRC (Remote host closed the connection) [17:30]
.... (idle for 15mn)
KILLALLHUMANS01 has quit IRC (Remote host closed the connection) [17:45]
Seji has joined #arpnetworks [17:56]
.............. (idle for 1h9mn)
RandalSchwartz1 has joined #arpnetworks [19:05]
RandalSchwartz1something going on with kvr05? [19:05]
brycecNobody else has mentioned anything [yet] [19:07]
RandalSchwartz1well, my system froze.
responded to soft shutdown though
[19:07]
BryceBotThat's what she said!! [19:07]
RandalSchwartz1looks like it also responded to boot request [19:08]
brycecMaybe the serial cable came loose? :P [19:08]
RandalSchwartz1zfs up
ok, still no password prompt, and no ssh access
Hmm. dovecot won't restart
[19:09]
BryceBotThat's what she said!! [19:11]
brycecBryceBot: no [19:12]
BryceBotOh, okay... I'm sorry. 'Hmm. dovecot won't restart' [19:12]
RandalSchwartz1time just moved backward by 25199 seconds [19:12]
brycec420ish minutes? sounds like timezone fun
420 = 7 horus
*hours
[19:12]
RandalSchwartz1ahh, there I got it
ok, everything is looking mostly normal
I wonder why it was frozen up though
ok… going back to emacs-based IRC
[19:13]
***RandalSchwartz1 has quit IRC (Quit: Leaving.) [19:17]
.... (idle for 16mn)
RandalSchwartz has joined #arpnetworks [19:33]
RandalSchwartzback again. [19:34]
brycecwoo [19:37]
....... (idle for 33mn)
m0undsi'm trying to confuse spotify's "discover" algorithm for that playlist they generate each week [20:10]
brycecI'm reading the credits.rtf from Windows 10 while I wait
Just passed the FreeBSD acknowledgement
And there's NetBSD too
[20:12]
m0undsnice
i got my windows cat ninja sticker today
it's a ninja cat riding a t-rex
https://www.stickermule.com/marketplace/6478-windows-ninja-cat-t-rex
[20:12]
.... (idle for 19mn)
mercutioi still don't know if i should upgrade to windows 10
you have to use msn :(
i mean to current windows 10, i am on insider
[20:32]
brycecNo you don't?
At least on insider, you don't need a Live account
[20:32]
mercutioyes you do [20:33]
brycecthey don't make it blatantly obvious, but it's there. [20:33]
mercutioto upgrade to recent builds you do
you have to login with it with the recent builds
or it won't continue updating
i'm on 10162; there's 101240 now i think
[20:33]
brycecYeah 10240 has been out for weeks, it became the RTM release [20:34]
mercutioyeah i should read up about it
it just feels dirty logging in with msn account rather than local account
[20:34]
BryceBotThat's what she said!! [20:34]
mercutiolike you're locking your machine into the microsoft eco system. [20:35]
m0undsmeh [20:36]
mercutiono rush at the moment, things are stable anyway [20:36]
m0undsyou can make a local acct
unless they took that out
didn't the last time i tried a win10 build
hadn't* rather
[20:36]
mercutiom0unds: that's what i did on install [20:36]
brycecI guess I can't speak to *installing* and running updates without a msft account. But I was able to add a local account without problem. [20:36]
mercutioyou just can't update it anymore [20:36]
brycecbrycec shrugs [20:36]
mercutioyeh i installed without msn [20:36]
mkbit has to be in there somewhere to satisfy domain users... I hope [20:37]
mercutiodoes it require the internet to login? [20:37]
brycecNot after the first login [20:37]
mercutioahh [20:37]
brycecthe hashed password is stored with the account [20:37]
mercutiomaybe it's not too bad then [20:37]
m0undsyea, if you don't have connectivity and you mis-enter a pw, it just says "use the pw you used last time you logged in online" or something [20:38]
mkbthey don't bill this as a way to prevent someone snooping the password then stealing a laptop from logging in I hope... [20:39]
m0undseh? [20:40]
brycecI still feel really wrong looking forward to Win10 [20:40]
m0undsm0unds shrugs [20:40]
mkbIt's no worse than status quo but it feels wrong to have the security and threat model so complex [20:40]
m0undsonly for a non ad user
haven't deployed win8 or newer on a domain, but i'd imagine it's likely not as "Friendly"
[20:40]
mercutiobrycec: a lot of people seem to like it [20:41]
brycecSpeaking as a Win8.1 user in an AD, it's not friendly, no. [20:41]
m0undsi know it was annoying to login to win7 w/systems joined to multiple domains [20:41]
mercutiotbh, for me it's much of a muchness. [20:41]
brycecmercutio: I've been fairly happy with the TP [20:41]
staticsafemy university is deploying Win8 to laptop images this year and those are joined to the university domain [20:41]
m0undse.g. if your user is dumb and doesn't know what domain they're on, it sucks
because you have to do domainusername
[20:41]
mercutiobrycec: yeh same
but it's not way better than windows 2008/windows 7 to me
[20:41]
m0undsthe jump between the last two win10 tps on mobile was insane
went from unusable to amazingly usable in the span of three weeks
[20:42]
bryceclol [20:42]
mnathani_staticsafe: what university? [20:42]
staticsafeUOIT [20:42]
mercutioat least windows remembers your smb login for network shares these days
that seemed to be one of the most annoying bugs ever.
[20:42]
brycecAccording to a buddy @ MSFT, that's the par for the Windows team. They do their best work in the last 6mos. [20:42]
mercutiothere was a workaround, but i mean a shipping OS that can't remember credentials for a network share...
so my friend says that fcc are mandating to block openwrt on new routers
anyone heard about htis?
[20:43]
staticsafethat sounds unlikely [20:44]
brycecYes I did. [20:44]
mercutiois it legit
the site he sent me looks iffy
http://www.cnx-software.com/2015/07/27/new-fcc-rules-may-prevent-installing-openwrt-on-wifi-routers/
[20:45]
brycecLooking like it.
Yeah that's what I read earlier today
[20:45]
mercutiothey'll just get hacked i suppose
but the signing could be a pita
[20:45]
brycecI expect no more than they do now, just that there's a US law telling them they should instead of the manufacturer's own desire to lock you out. [20:46]
mercutiosome of the new modems have shifted to signing i think
a while back
but no-one paid much attention because openwrt doesn't work properly on modems.
i myself like the idea of a dumb access point with no routing though
[20:47]
brycecOverall though, it sounds plausible. Ostensibly that's the reason for BIOS whitelists in laptops - the manufacturer has a specific configuration FCC licensed and cannot "allow" you to alter that. [20:48]
mercutioahh
but hp do that in non-US markets too
hmm what about using wireless cards on linux?
linux lets you force weird channels etc.
[20:48]
brycec(Which is why the 'custom built' models, which probably slide under the rules being not sold en-masse, don't have whitelists)
I'd assume HP just does the same thing everywhere because it's simpler and easier.
[20:49]
mercutioyeah
that's my concern about this FCC openwrt thing :)
[20:50]
brycecAnd yeah, not just Linux. Even some Windows drivers let you play with things. [20:50]
mercutioahh true [20:51]
brycecBut it comes down to what can be regulated, i.e large-scale SKUs vs "one-off" stuff [20:53]
mercutioi think forcing people to comply with regulations on consumer gear is actually probably sensible
but blocking openwrt, etc is not so much
i suppose the problem is what happens when you use a wireless ap in a country it wasn't designed for
even if you force it in eeprom or such
like i bought my wireless router from amazon, so it's a US model...
but i'm still using NZ region.
[20:56]
brycecAs I interpreted everything, it's not "blocking openwrt" per se, as just preventing consumers from fuckign with it. And there are similar regulations in other industries [20:59]
mercutiocan you still set country code? [21:00]
brycecI didn't see any mention of that, so I can't say one way or another [21:00]
grodyopenwrt does appear to be becoming FCC compliant.. in the later versions of CC they have been locking down the maximum EIRP
older firmware i could push wifi to 760mW EIRP (using 3dbi antenna) - now i can only get it to 96mW
dd-wrt has a "super-channel" function which allows use of channels outside of the normal band
you can still alter country codes, bt there seems to be some kind of checking going on
spotted the oddities of it with the new wireless router i got.. it had issues running on certain channels in the 5GHz band and was actually forcing a set DFS Master region: FCC, then "applying" Regulatory domain changed to country: GB - then doing DFS Master region: ETSI
im guessing it did that through NTP as i never set a region
[21:08]
................ (idle for 1h19mn)
brycecHello from Win10
(and it's only 22:33 here)
[22:35]
m0undssweet
two of my cats are fighting over who gets to stare at a flying insect on the wall
[22:44]
brycecsweet. [22:48]
m0undsone stares at it, the other comes up, sits down, gets hissed at, half heartedly bats the other one in the face til it walks away
then sits and stares at it, then repeat
not doing anything about it, just staring at it
brycec: did your update require much interaction?
[22:49]
brycecNope not much. Once I'd clicked through the EULA and "yeah, do an upgrade" prompts, 3 reboots later here I am [22:56]
m0undsok [22:57]
brycec(and yes it did the rebooting on its own) [23:00]
m0undsfigured as much, that's how the win81 update went
was gonna let it run overnight. if it borks something on this machine...ehhh
[23:02]
brycecheh, cool. Though it didn't take more than a half hour or so [23:02]
m0undsoh.
there it goes
was taking a bit for it to start downloading
[23:03]
brycecprotip: Be sure to install the Win10-specific AMD drivers, or the AMD tools aren't going to work quite right. (But they will tell you to install the latest Win10 drivers) [23:12]
m0undsi don't have any amd hardware
i remember hearing the rtm had an issue w/nv gpu chipset drivers, but someone else said they fixed it
[23:15]
mercutioit was nvidia-specific
but it's kind of disconcerting that you can't opt out of video driver updates
[23:19]
m0undsyou can
http://www.tenforums.com/attachments/windows-updates-activation/18274d1430590254-refuse-driver-updates-windows-10-a-capture.png
screenshot from the option that allows you to opt out
allegedly
haha
cpl > system > hardware tab > device installation settings
[23:21]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)