brycec: apparently that got fixed (the ipv6 issue) although i dunno what they'redoing now but yeah i don't have a high opinion of it if it's the cp to your email, you're probably screwed they use CloudFlare, so no surprise they got owned That's what she said!! that company has a track hostory of "issues" not sure how you would get pwned "thru" cloudflare, unless you redirected an admin page or something not sure why i put cloudflare.. meant to say godaddy they used to be so easy to social engineer it wasn't even funny the CSRF vuln. earlier this year is also another example smells of an SEA hack brycec: an EU location is much more of a possibility now :) Neat. https://googlechrome.github.io/samples/subresource-integrity/index.html very happy about this oh nice, eu? :) right, I'm running synergy v1.7.4-rc5. lets see if this fixes my crash every time I copy and paste bug mercutio: https://www.youtube.com/watch?v=kJlDY0XvbA4 YouTube video: "BSOD Network Visualisation (2015 edition)" by WAND Network Research gizmoguy: oh new version? :) i can cut and paste in one direction yip that's running live against Waikato unis upstream ~600-700mbit most of it is tunneling? QUIC is being used more and more by google/youtube and that "google" server seems to be much further away than it should be bloody dns oh maybe it's fudging the address apparently that bind dos is starting to be getting triggered yes a third party released a PoC poc? is that like an attack? oh proof of concept What bind DoS is that? the one that can't be blocked by acl and crashes the server with a single packet Guessing https://kb.isc.org/article/AA-01272/0/CVE-2015-5477%3A-An-error-in-handling-TKEY-queries-can-cause-named-to-exit-with-a-REQUIRE-assertion-failure.html this most recent one then yeh at least it's just a crash isc-bind-9.10.2pl2 w00t, OpenBSD's packaged BIND is new enough to not be vulnerable. Versions affected: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 i'm not sure of that brycec is pl2 and p2 the same thing? p-twelve and p-two? That's what she said!! By my math, twelve > two. That's what she said!! it looks like pl2 not p12 looks like there's pl3 for openbsd now http://mirrors.arpnetworks.com/openbsd/snapshots/packages/amd64/isc-bind-9.10.2pl3.tgz although this p vs pl thing is confusing hm guess you're right, elle vs one. haaaate that when that happens. hmm bind hasn't had a code execution vulnerability since 2008 http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 kind of nifty to give all this detail yes, yes it was can a headless virtualbox instance be run on top of ARP KVM VMs? Performance would be terrible - but besides that One way to find out for sure ;) IIRC it requires the virt extensions to be passed through from the host. Of which there's a 50/50 chance i don't think arp has that enabled http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 oops http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64 gah, now my cut and paste is broken https://www.kernel.org/doc/Documentation/virtual/kvm/nested-vmx.txt so it requires the kvm module to be loaded with different option, and the cpu flag to be passed through to the vm but yeah altogether it looks too beta flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up unfair_spinlock pni cx16 x2apic popcnt hypervisor lahf_lm svm abm sse4a no vmx flag In other news: http://www.vancitybuzz.com/2015/08/loonie-canadian-dollar-drops-lowest-11-years/ gizmoguy: did you manage to fix synergy cut+paste? hasn't crashed yet! I usually get a crash per hour want the deb? the canadian $ is called loonie? nah i'm using arch linux i'll try updating synergy though there's a tag on git for it I think i just updated to master make: *** No rule to make target 'install'. Stop. weird that mkae works but make install doesn't it's working sometimes this is weird :) I think they use cmake? yeah they do it's weird it hasn't crashed yet, but linux -> windows seems to cut aobut 1/8 times @wiki Loonie Loonie :: The Canadian one dollar coin, commonly called the loonie, is a gold-coloured one-dollar coin introduced in 1987. It bears images of a common loon, a bird which is common and well known in Canada, on the reverse, and of Queen Elizabeth II on the obverse. It is produced by the Royal Canadian Mint at its facility in Winnipeg. The coin's outline is an 11-sided curve of constant... http://en.wikipedia.org/wiki/Loonie maybe 1/4 but other times it cuts and wipes the cut buffer I want a loonie i don't remember ever seeing one has the US got dollar coins yet? silver dollar The US has had dollar coins for ages Just "nobody" uses them. Silver dollar, Susan B Anthony, Sacajawea, etc i was under the understanding that normal shops didn't accept them mercutio: Under law, they're required to. oh https://en.wikipedia.org/wiki/Dollar_coin_(United_States) throughout the entire history of the US apparently. Error in Wikipedia's response: we have $1 and $2 coins here nobody uses coins here tho cash is for people living in the past well upgrading windows synergy made it worse i use coins gizmo i find 10c pieces rather annoying though i use paywave when i can, but most small shops don't even take credit card so i pay in cash it seems silly to pay $4 or something with eftpos Don't take CC? Crazy to hear as an american. brycec: like bakeries etc? Right. bakery, sushi shop etc. I can't remember the last time I went somewhere that didn't take CC well there are credit card surchages here Of course, I often choose to spend cash at small shops for that reason. the sushi place is annoying, as they have amounts like $5.40 y'know, maybe they do take credit card there, i'm not sure now ow nsuswinpluc nisnu nri gtnusnow rnwuv nusnu osnlim n$5.40 heh, y'know catches me out way too often. lmao Merchants like Paypal and Square here have made it very easy to accept CC's. you can use paypal in shops? mercutio: https://www.paypal.com/webapps/mpp/credit-card-reader here lots of small shops use dialup for eftpos and it's really slow and with credit cards, when chips came into play lots of credit card stuff was slow until they upgraded their machines. Though there's a big hardware store chain I can actually pay with my Paypal account at. (Home Depot) bryce: you don't really do eftpos there do you? (From a Home Depot terminal https://www.javelinstrategy.com/uploads/2012/02/PayPal-31-297x300.jpg) it says that page doesn't exist fwiw probably geo stuf lol geo stuff that's pretty cool mercutio: and no, EFTPOS is essentially non-existent in the US i like paypal i know some people really hate it though In fact,according to Wikipedia it says it's basically .au and .nz only oh, interesting it's kind of big here (or that's how I'm skimming the wiki page) https://en.wikipedia.org/wiki/EFTPOS EFTPOS :: EFTPOS (pronounced /ˈɛftpɒs/) — electronic funds transfer at point of sale — is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. In Australia and New Zealand it is also the brand name of a specific system used for such payments. The Australian and New Zealand systems are country specific and... it's like a debit card which costs 35c per transaction except if you use atm then it's like $1 Debit transactions are almost always 0. (though ATMs are a different story) well actually atm can be cheaper if you have an atm machine of the rigth bank around you (which i don't) i'm with the biggest bank in the country, and there's no atm's nearby :/ there used to be lots of banks around here, but they all shut down, some left atm machines behind some just closed up completely i don't even know where my "home branch" is now but the banking market has all got more expensive, and less convenient apparently eftpos started in the US Yeah I did see that. square is cool i kind of like how easy pay wave is i suppose it's insecure, but it's just cool being able to pay for things quickly. it kind of sucks when you have to stand around waiting for some machine to be ready to take your pin etc. If it's the "Paywave" I'm thinking of, it's about as secure as "chip" payments minus the PIN. Which in the US, is most chip payments anyhow... probably the same dff (Yes, in the few US places that have adopted chip so far, it's chip or chip+sig, but never chip+pin :'( err www.visa.co.nz is trying to download a virus it's a .swf file No virus from visa.co.nz for me (yeh i know that's just flash, but argh) Or maybe your AV just thinks all flash is viral chrome said it could harm my computer and was downloading it rather than showing a window saying to install flash player My chrome was happy enough. But I also don't load any plugin content. yeah i disabled flash it means i can't view videos on some news sites but that's about the only drawbakc. i found most CC transactions in the states were magstripe and not chip? gizmoguy: didn't nz only move recently to chip? all my cards are chip'd and they expire at the end of this year ithink i went chip like two years ago and CC cards take 3 years to expire really? i thought they lasted longer thanthat maybe it's 4 years anyway, it means we've had chip for the past 4 or so years gizmoguy: indeed they are :( time flies i suppose i just remember being annoyed when i first had chip because it was really slow But the deadline is this October as I recall. At that time, the burden shifts from the issuer to the merchant for swipe transactions. but then i could have swiped it? maybe something changed with chip that made it slower http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php Chip is slow because there's a handshake. brycec: new machines are like 8 times quicker than old machines though for the handshake part Swipe is just reading a stripe of data off the card and phoning home. mercutio: I'm not surprised. o v supermarkets and petrol stations tend to be fast here but some smaller places that take credit card are still slow i suppose priorities and all that merchants should stop charging so much for readers gizmoguy: there's a duopoly I was looking into those cellphone paywave readers $400 for the reader +2% transact fee or whatever surely the transact fee is enough to make money off yeah the transaction fees are insane i'm still annoyed that it costs 2.5% for bank to convert currency on credit card there must be a better way :) "Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So it is not likely you will have to memorize new PINs anytime soon, according to Conroy." *sigh* *sigh* oh you don't have pins there even? Most people don't. One of my cards does though :D "After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction." pins have been common here for ages i never used to use pin though Our debit cards have PINs... I don't see why people can't handle CC's with PINs as when i got my credit card issued they sent it in the mail i think? anyway, it didn't have a pin at first. and i had to go in to get a pin put on it when it asks for pin here you can just press ok so pin is convenient rather than necessary. Interesting. yeah, although seeing people try to match signature is funny in US everyone would ask for photoid when I tried to pay with a CC :( Wait, do people actually do that there, mercutio ? and nobody knew what a NZ drivers license was gizmo: oh wow. brycec: check signatures, yes. lol gizmoguy they ask for id when buying alcohol often here too ever since the age went up to 21 from 18 err down from 21 to 18 *nobody* checks signatures here. I end up drawing lewd things. i used to just walk out of liquor shops if i got asked for id nobody makes you sign anything here gizmo: what about if you get cash out with eftpos? as I said before, I don't use cash gizmo: never ever? maybe 1-2 times a year I'll get some out of an ATM yeah i get cash out way more than that probably over 10 times a year cash makes it easier to know much you're spending especially for small transactions, like coffee, food etc. @exchange 1 usd to cad 1 USD -> 1.319006 CAD (as of Tue, 04 Aug 2015 19:01:02 -0700) Someone needs to make a summary of facebook that is not time sensitive - ie: can be visited at a later date and only contains items that are most relevant to users. None of this firehose of posts that are missed if not viewed regularly mnathani_: the relevancy of facebook is questionable in general questionable? I'd go so far as to say, facebook needs to go the way of myspace. Cater towards musicians? bloody freenode become irrelevant is what I think he meant seems i missed some stuff :) jpalmer: myspace at least lets users customise pages. Didn't myspace change user profiles to being Flash-powered? no idea, i havent' used it in years I tried to retrieve old photos from it a year or two ago and it had been converted to a blackbox Flash file unfortunately I never really used myspace there's some other big one i think it was in south america and i think there's a big china one too i had an idea like facebook before facebook exists, but i think many others did too :) i've actually still got a slightly different idea. but i can't really devote the time to make such things work. Yes many did, Facebook was relatively late to the social game well the internet was late to the social game in general :) there's no reason such things couldn't have been around in the 90s although it would have probably been more elite back then I think they did, but in a different form. (BBS/online service) What I meant about Facebook was that there were multiple successful social websites for multiple years before Facebook even started, let alone hit critical mass Basically I was affirming what you said in "but i think many others did too" ahh i see yeah my idea was more to integrate messaging etc too it's curious that facebook e-mail never went anywher i ran a bbs btw, so yeh some of my influence came from there. there was a lot more community feel back then. what actually bugs me personally the most atm is secure phone calls / messaging. i don't even have a high need for security. but it's important that people with nothing to hide also do secure, so that you're not guilty for securing communications. you can do things ok with jabber+otr but hardly anyone i know uses jabber. atm there's kind of vendor lock in with things like skype, and they're not secure. but yeah, no money, and somehow have to get users. I would be shocked if Skype were actually secure or respectful of privacy in any way you wouldn't want such a service to be closed source or charge for it really which also means you kind of want it to be decentralised. I agree about community feel, although I've been feeling that way progressively moreso since the eternal September jabber you just use your own domain name.. and have special records haha when i first heard about that i had no context. i had no idea what it was about wow, when that happened i actually listened to the radio but yeah jabber is the best that's around atm, but there's no one jabber client, one jabber domain you can easily point people to, and get them to use it and otr is a plugin/extension and i don't think jabber does well with video/voice skype is actually pretty great for voip it's video is a bit lacking but it has great echo cancelation that works well, low bandwidth requirements, good audio quality but there are some annoying things about it still, like you can't do group calls on android/iphone/mac well you can participate audio only but not clal