↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
mercutio | brycec: apparently that got fixed (the ipv6 issue)
although i dunno what they'redoing now but yeah i don't have a high opinion of it | [00:27] |
.............. (idle for 1h9mn) | ||
*** | dwarren has quit IRC (*.net *.split)
Seji has quit IRC (*.net *.split) dwarren has joined #arpnetworks Seji has joined #arpnetworks | [01:37] |
......................................................................... (idle for 6h0mn) | ||
JC_Denton | if it's the cp to your email, you're probably screwed | [07:39] |
grody | they use CloudFlare, so no surprise they got owned | [07:39] |
BryceBot | That's what she said!! | [07:39] |
grody | that company has a track hostory of "issues" | [07:39] |
JC_Denton | not sure how you would get pwned "thru" cloudflare, unless you redirected an admin page or something | [07:39] |
grody | not sure why i put cloudflare.. meant to say godaddy
they used to be so easy to social engineer it wasn't even funny the CSRF vuln. earlier this year is also another example | [07:50] |
smells of an SEA hack | [07:57] | |
............................ (idle for 2h19mn) | ||
up_the_irons | brycec: an EU location is much more of a possibility now :) | [10:16] |
brycec | Neat. | [10:16] |
......... (idle for 41mn) | ||
hazardous | https://googlechrome.github.io/samples/subresource-integrity/index.html
very happy about this | [10:57] |
...................................... (idle for 3h5mn) | ||
mercutio | oh nice, eu? :) | [14:02] |
............... (idle for 1h14mn) | ||
gizmoguy | right, I'm running synergy v1.7.4-rc5. lets see if this fixes my crash every time I copy and paste bug
mercutio: https://www.youtube.com/watch?v=kJlDY0XvbA4 | [15:16] |
BryceBot | YouTube video: "BSOD Network Visualisation (2015 edition)" by WAND Network Research | [15:17] |
mercutio | gizmoguy: oh new version? :)
i can cut and paste in one direction | [15:17] |
gizmoguy | yip that's running live against Waikato unis upstream
~600-700mbit | [15:18] |
mercutio | most of it is tunneling?
QUIC is being used more and more by google/youtube and that "google" server seems to be much further away than it should be bloody dns oh maybe it's fudging the address | [15:19] |
...... (idle for 26mn) | ||
apparently that bind dos is starting to be getting triggered | [15:47] | |
staticsafe | yes a third party released a PoC | [15:53] |
mercutio | poc? is that like an attack?
oh proof of concept | [15:55] |
brycec | What bind DoS is that? | [15:58] |
mercutio | the one that can't be blocked by acl
and crashes the server with a single packet | [16:07] |
brycec | Guessing https://kb.isc.org/article/AA-01272/0/CVE-2015-5477%3A-An-error-in-handling-TKEY-queries-can-cause-named-to-exit-with-a-REQUIRE-assertion-failure.html this most recent one then | [16:11] |
mercutio | yeh
at least it's just a crash | [16:19] |
brycec | isc-bind-9.10.2pl2 w00t, OpenBSD's packaged BIND is new enough to not be vulnerable.
Versions affected: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 | [16:23] |
.... (idle for 19mn) | ||
mercutio | i'm not sure of that brycec
is pl2 and p2 the same thing? | [16:42] |
brycec | p-twelve and p-two? | [16:43] |
BryceBot | That's what she said!! | [16:43] |
brycec | By my math, twelve > two. | [16:43] |
BryceBot | That's what she said!! | [16:43] |
mercutio | it looks like pl2 not p12
looks like there's pl3 for openbsd now http://mirrors.arpnetworks.com/openbsd/snapshots/packages/amd64/isc-bind-9.10.2pl3.tgz although this p vs pl thing is confusing | [16:43] |
brycec | hm guess you're right, elle vs one. haaaate that when that happens. | [16:46] |
mercutio | hmm bind hasn't had a code execution vulnerability since 2008
http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 kind of nifty to give all this detail | [16:47] |
.... (idle for 16mn) | ||
mjp_ | yes, yes it was | [17:03] |
.... (idle for 17mn) | ||
mnathani_ | can a headless virtualbox instance be run on top of ARP KVM VMs? Performance would be terrible - but besides that | [17:20] |
brycec | One way to find out for sure ;)
IIRC it requires the virt extensions to be passed through from the host. Of which there's a 50/50 chance | [17:28] |
mercutio | i don't think arp has that enabled
http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 oops http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 gah, now my cut and paste is broken https://www.kernel.org/doc/Documentation/virtual/kvm/nested-vmx.txt so it requires the kvm module to be loaded with different option, and the cpu flag to be passed through to the vm but yeah altogether it looks too beta | [17:36] |
.... (idle for 17mn) | ||
mnathani_ | flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up unfair_spinlock pni cx16 x2apic popcnt hypervisor lahf_lm svm abm sse4a
no vmx flag In other news: http://www.vancitybuzz.com/2015/08/loonie-canadian-dollar-drops-lowest-11-years/ | [17:56] |
............. (idle for 1h0mn) | ||
mercutio | gizmoguy: did you manage to fix synergy cut+paste? | [18:57] |
gizmoguy | hasn't crashed yet!
I usually get a crash per hour want the deb? | [18:57] |
mercutio | the canadian $ is called loonie?
nah i'm using arch linux i'll try updating synergy though | [18:58] |
gizmoguy | there's a tag on git for it I think | [18:58] |
mercutio | i just updated to master
make: *** No rule to make target 'install'. Stop. weird that mkae works but make install doesn't it's working sometimes this is weird :) | [18:58] |
gizmoguy | I think they use cmake? | [19:01] |
mercutio | yeah they do
it's weird it hasn't crashed yet, but linux -> windows seems to cut aobut 1/8 times | [19:01] |
brycec | @wiki Loonie | [19:02] |
BryceBot | Loonie :: The Canadian one dollar coin, commonly called the loonie, is a gold-coloured one-dollar coin introduced in 1987. It bears images of a common loon, a bird which is common and well known in Canada, on the reverse, and of Queen Elizabeth II on the obverse. It is produced by the Royal Canadian Mint at its facility in Winnipeg. The coin's outline is an 11-sided curve of constant... http://en.wikipedia.org/wiki/Loonie | [19:02] |
mercutio | maybe 1/4
but other times it cuts and wipes the cut buffer | [19:02] |
gizmoguy | I want a loonie | [19:02] |
mercutio | i don't remember ever seeing one | [19:03] |
brycec | brycec holds one up to the screen | [19:03] |
jpalmer | jpalmer is a loonie. | [19:03] |
mercutio | has the US got dollar coins yet? | [19:04] |
jpalmer | silver dollar | [19:04] |
brycec | The US has had dollar coins for ages
Just "nobody" uses them. Silver dollar, Susan B Anthony, Sacajawea, etc | [19:04] |
mercutio | i was under the understanding that normal shops didn't accept them | [19:05] |
brycec | mercutio: Under law, they're required to. | [19:05] |
mercutio | oh | [19:05] |
brycec | https://en.wikipedia.org/wiki/Dollar_coin_(United_States) throughout the entire history of the US apparently. | [19:05] |
BryceBot | Error in Wikipedia's response: | [19:05] |
gizmoguy | we have $1 and $2 coins here
nobody uses coins here tho cash is for people living in the past | [19:06] |
mercutio | well upgrading windows synergy made it worse
i use coins gizmo i find 10c pieces rather annoying though i use paywave when i can, but most small shops don't even take credit card so i pay in cash it seems silly to pay $4 or something with eftpos | [19:07] |
brycec | Don't take CC? Crazy to hear as an american. | [19:08] |
mercutio | brycec: like bakeries etc? | [19:08] |
brycec | Right. | [19:08] |
mercutio | bakery, sushi shop etc. | [19:08] |
brycec | I can't remember the last time I went somewhere that didn't take CC | [19:09] |
mercutio | well there are credit card surchages here | [19:09] |
brycec | Of course, I often choose to spend cash at small shops for that reason. | [19:09] |
mercutio | the sushi place is annoying, as they have amounts like $5.40
y'know, maybe they do take credit card there, i'm not sure now | [19:09] |
BryceBot | <mercutio> ow nsuswinpluc nisnu nri gtnusnow rnwuv nusnu osnlim n$5.40 | [19:10] |
mercutio | heh, y'know catches me out way too often. | [19:10] |
brycec | lmao
Merchants like Paypal and Square here have made it very easy to accept CC's. | [19:10] |
mercutio | you can use paypal in shops? | [19:11] |
brycec | mercutio: https://www.paypal.com/webapps/mpp/credit-card-reader | [19:12] |
mercutio | here lots of small shops use dialup for eftpos and it's really slow
and with credit cards, when chips came into play lots of credit card stuff was slow until they upgraded their machines. | [19:12] |
brycec | Though there's a big hardware store chain I can actually pay with my Paypal account at. (Home Depot) | [19:12] |
mercutio | bryce: you don't really do eftpos there do you? | [19:13] |
brycec | (From a Home Depot terminal https://www.javelinstrategy.com/uploads/2012/02/PayPal-31-297x300.jpg) | [19:13] |
mercutio | it says that page doesn't exist fwiw
probably geo stuf | [19:13] |
brycec | lol geo stuff | [19:13] |
mercutio | that's pretty cool | [19:13] |
brycec | mercutio: and no, EFTPOS is essentially non-existent in the US | [19:13] |
mercutio | i like paypal
i know some people really hate it though | [19:14] |
brycec | In fact,according to Wikipedia it says it's basically .au and .nz only | [19:14] |
mercutio | oh, interesting
it's kind of big here | [19:14] |
brycec | (or that's how I'm skimming the wiki page)
https://en.wikipedia.org/wiki/EFTPOS | [19:14] |
BryceBot | EFTPOS :: EFTPOS (pronounced /ˈɛftpɒs/) — electronic funds transfer at point of sale — is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. In Australia and New Zealand it is also the brand name of a specific system used for such payments. The Australian and New Zealand systems are country specific and... | [19:14] |
mercutio | it's like a debit card which costs 35c per transaction
except if you use atm then it's like $1 | [19:14] |
brycec | Debit transactions are almost always 0. (though ATMs are a different story) | [19:15] |
mercutio | well actually atm can be cheaper if you have an atm machine of the rigth bank around you (which i don't)
i'm with the biggest bank in the country, and there's no atm's nearby :/ there used to be lots of banks around here, but they all shut down, some left atm machines behind some just closed up completely i don't even know where my "home branch" is now but the banking market has all got more expensive, and less convenient apparently eftpos started in the US | [19:15] |
brycec | Yeah I did see that. | [19:19] |
gizmoguy | square is cool | [19:19] |
mercutio | i kind of like how easy pay wave is
i suppose it's insecure, but it's just cool being able to pay for things quickly. it kind of sucks when you have to stand around waiting for some machine to be ready to take your pin etc. | [19:20] |
brycec | If it's the "Paywave" I'm thinking of, it's about as secure as "chip" payments minus the PIN.
Which in the US, is most chip payments anyhow... | [19:21] |
mercutio | probably the same dff | [19:21] |
brycec | (Yes, in the few US places that have adopted chip so far, it's chip or chip+sig, but never chip+pin :'( | [19:21] |
mercutio | err www.visa.co.nz is trying to download a virus
it's a .swf file | [19:21] |
brycec | No virus from visa.co.nz for me | [19:22] |
mercutio | (yeh i know that's just flash, but argh) | [19:22] |
brycec | Or maybe your AV just thinks all flash is viral | [19:22] |
mercutio | chrome said it could harm my computer
and was downloading it rather than showing a window saying to install flash player | [19:22] |
brycec | My chrome was happy enough. But I also don't load any plugin content. | [19:23] |
mercutio | yeah i disabled flash
it means i can't view videos on some news sites but that's about the only drawbakc. | [19:23] |
gizmoguy | i found most CC transactions in the states were magstripe and not chip? | [19:25] |
mercutio | gizmoguy: didn't nz only move recently to chip? | [19:27] |
gizmoguy | all my cards are chip'd
and they expire at the end of this year | [19:27] |
mercutio | ithink i went chip like two years ago | [19:27] |
gizmoguy | and CC cards take 3 years to expire | [19:27] |
mercutio | really?
i thought they lasted longer thanthat | [19:28] |
gizmoguy | maybe it's 4 years
anyway, it means we've had chip for the past 4 or so years | [19:28] |
brycec | gizmoguy: indeed they are :( | [19:29] |
mercutio | time flies i suppose
i just remember being annoyed when i first had chip because it was really slow | [19:30] |
brycec | But the deadline is this October as I recall. At that time, the burden shifts from the issuer to the merchant for swipe transactions. | [19:30] |
mercutio | but then i could have swiped it?
maybe something changed with chip that made it slower | [19:30] |
brycec | http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php
Chip is slow because there's a handshake. | [19:30] |
mercutio | brycec: new machines are like 8 times quicker than old machines though
for the handshake part | [19:31] |
brycec | Swipe is just reading a stripe of data off the card and phoning home.
mercutio: I'm not surprised. | [19:31] |
mercutio | o | [19:31] |
brycec | v | [19:31] |
mercutio | supermarkets and petrol stations tend to be fast here
but some smaller places that take credit card are still slow i suppose priorities and all that | [19:32] |
gizmoguy | merchants should stop charging so much for readers | [19:32] |
mercutio | gizmoguy: there's a duopoly | [19:32] |
gizmoguy | I was looking into those cellphone paywave readers
$400 for the reader +2% transact fee or whatever surely the transact fee is enough to make money off | [19:33] |
mercutio | yeah
the transaction fees are insane i'm still annoyed that it costs 2.5% for bank to convert currency on credit card there must be a better way :) | [19:33] |
brycec | "Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So it is not likely you will have to memorize new PINs anytime soon, according to Conroy."
*sigh* | [19:35] |
BryceBot | *sigh* | [19:35] |
mercutio | oh you don't have pins there even? | [19:37] |
brycec | Most people don't. One of my cards does though :D
"After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction." | [19:38] |
mercutio | pins have been common here for ages
i never used to use pin though | [19:38] |
brycec | Our debit cards have PINs... I don't see why people can't handle CC's with PINs | [19:39] |
mercutio | as when i got my credit card issued they sent it in the mail i think? anyway, it didn't have a pin at first.
and i had to go in to get a pin put on it when it asks for pin here you can just press ok so pin is convenient rather than necessary. | [19:39] |
brycec | Interesting. | [19:40] |
mercutio | yeah, although seeing people try to match signature is funny | [19:40] |
gizmoguy | in US everyone would ask for photoid when I tried to pay with a CC :( | [19:40] |
brycec | Wait, do people actually do that there, mercutio ? | [19:40] |
gizmoguy | and nobody knew what a NZ drivers license was | [19:40] |
mercutio | gizmo: oh wow.
brycec: check signatures, yes. | [19:40] |
brycec | lol gizmoguy | [19:41] |
mercutio | they ask for id when buying alcohol often here too
ever since the age went up to 21 from 18 err down from 21 to 18 | [19:41] |
brycec | *nobody* checks signatures here. I end up drawing lewd things. | [19:41] |
mercutio | i used to just walk out of liquor shops if i got asked for id | [19:41] |
gizmoguy | nobody makes you sign anything here | [19:41] |
mercutio | gizmo: what about if you get cash out with eftpos? | [19:42] |
gizmoguy | as I said before, I don't use cash | [19:42] |
mercutio | gizmo: never ever? | [19:42] |
gizmoguy | maybe 1-2 times a year I'll get some out of an ATM | [19:43] |
mercutio | yeah i get cash out way more than that
probably over 10 times a year cash makes it easier to know much you're spending especially for small transactions, like coffee, food etc. | [19:44] |
mnathani_ | @exchange 1 usd to cad | [19:53] |
BryceBot | 1 USD -> 1.319006 CAD (as of Tue, 04 Aug 2015 19:01:02 -0700) | [19:53] |
mnathani_ | Someone needs to make a summary of facebook that is not time sensitive - ie: can be visited at a later date and only contains items that are most relevant to users. None of this firehose of posts that are missed if not viewed regularly | [19:58] |
.... (idle for 17mn) | ||
mercutio | mnathani_: the relevancy of facebook is questionable in general | [20:15] |
jpalmer | questionable? I'd go so far as to say, facebook needs to go the way of myspace. | [20:26] |
*** | mercutio has quit IRC (Ping timeout: 246 seconds)
mercutio has joined #arpnetworks mercutio is now known as Guest31825 | [20:26] |
brycec | Cater towards musicians? | [20:29] |
*** | Guest31825 is now known as mercutio | [20:29] |
mercutio | bloody freenode | [20:30] |
mnathani | become irrelevant is what I think he meant | [20:30] |
mercutio | seems i missed some stuff :)
jpalmer: myspace at least lets users customise pages. | [20:30] |
................. (idle for 1h20mn) | ||
kellytk | Didn't myspace change user profiles to being Flash-powered? | [21:51] |
mercutio | no idea, i havent' used it in years | [21:52] |
kellytk | I tried to retrieve old photos from it a year or two ago and it had been converted to a blackbox Flash file unfortunately | [21:54] |
mnathani_ | I never really used myspace | [22:00] |
*** | mnathani_ has quit IRC () | [22:13] |
mercutio | there's some other big one i think it was in south america
and i think there's a big china one too i had an idea like facebook before facebook exists, but i think many others did too :) i've actually still got a slightly different idea. but i can't really devote the time to make such things work. | [22:15] |
.... (idle for 19mn) | ||
kellytk | Yes many did, Facebook was relatively late to the social game | [22:35] |
mercutio | well the internet was late to the social game in general :)
there's no reason such things couldn't have been around in the 90s although it would have probably been more elite back then | [22:49] |
kellytk | I think they did, but in a different form. (BBS/online service)
What I meant about Facebook was that there were multiple successful social websites for multiple years before Facebook even started, let alone hit critical mass | [22:50] |
Basically I was affirming what you said in "but i think many others did too" | [22:56] | |
..... (idle for 21mn) | ||
mercutio | ahh i see
yeah my idea was more to integrate messaging etc too it's curious that facebook e-mail never went anywher i ran a bbs btw, so yeh some of my influence came from there. there was a lot more community feel back then. what actually bugs me personally the most atm is secure phone calls / messaging. i don't even have a high need for security. but it's important that people with nothing to hide also do secure, so that you're not guilty for securing communications. you can do things ok with jabber+otr but hardly anyone i know uses jabber. atm there's kind of vendor lock in with things like skype, and they're not secure. but yeah, no money, and somehow have to get users. | [23:17] |
kellytk | I would be shocked if Skype were actually secure or respectful of privacy in any way | [23:20] |
mercutio | you wouldn't want such a service to be closed source or charge for it really
which also means you kind of want it to be decentralised. | [23:20] |
kellytk | I agree about community feel, although I've been feeling that way progressively moreso since the eternal September | [23:21] |
mercutio | jabber you just use your own domain name.. and have special records
haha when i first heard about that i had no context. i had no idea what it was about wow, when that happened i actually listened to the radio but yeah jabber is the best that's around atm, but there's no one jabber client, one jabber domain you can easily point people to, and get them to use it and otr is a plugin/extension and i don't think jabber does well with video/voice skype is actually pretty great for voip it's video is a bit lacking but it has great echo cancelation that works well, low bandwidth requirements, good audio quality but there are some annoying things about it still, like you can't do group calls on android/iphone/mac well you can participate audio only but not clal | [23:21] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |