mercutio: although i dunno what they'redoing now
but yeah i don't have a high opinion of it ***: dwarren has quit IRC (*.net *.split)
Seji has quit IRC (*.net *.split)
dwarren has joined #arpnetworks
Seji has joined #arpnetworks JC_Denton: if it's the cp to your email, you're probably screwed grody: they use CloudFlare, so no surprise they got owned BryceBot: That's what she said!! grody: that company has a track hostory of "issues" JC_Denton: not sure how you would get pwned "thru" cloudflare, unless you redirected an admin page or something grody: not sure why i put cloudflare.. meant to say godaddy
they used to be so easy to social engineer it wasn't even funny
the CSRF vuln. earlier this year is also another example
smells of an SEA hack up_the_irons: brycec: an EU location is much more of a possibility now :) brycec: Neat. hazardous: https://googlechrome.github.io/samples/subresource-integrity/index.html
very happy about this mercutio: oh nice, eu? :) gizmoguy: right, I'm running synergy v1.7.4-rc5. lets see if this fixes my crash every time I copy and paste bug
mercutio: https://www.youtube.com/watch?v=kJlDY0XvbA4 BryceBot: YouTube video: "BSOD Network Visualisation (2015 edition)" by WAND Network Research mercutio: gizmoguy: oh new version? :)
i can cut and paste in one direction gizmoguy: yip that's running live against Waikato unis upstream
~600-700mbit mercutio: most of it is tunneling?
QUIC is being used more and more by google/youtube
and that "google" server seems to be much further away than it should be
bloody dns
oh maybe it's fudging the address
apparently that bind dos is starting to be getting triggered staticsafe: yes a third party released a PoC mercutio: poc? is that like an attack?
oh proof of concept brycec: What bind DoS is that? mercutio: the one that can't be blocked by acl
and crashes the server
with a single packet brycec: Guessing https://kb.isc.org/article/AA-01272/0/CVE-2015-5477%3A-An-error-in-handling-TKEY-queries-can-cause-named-to-exit-with-a-REQUIRE-assertion-failure.html this most recent one then mercutio: yeh
at least it's just a crash brycec: isc-bind-9.10.2pl2 w00t, OpenBSD's packaged BIND is new enough to not be vulnerable.
Versions affected: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 mercutio: i'm not sure of that brycec
is pl2 and p2 the same thing? brycec: p-twelve and p-two? BryceBot: That's what she said!! brycec: By my math, twelve > two. BryceBot: That's what she said!! mercutio: it looks like pl2 not p12
looks like there's pl3 for openbsd now
http://mirrors.arpnetworks.com/openbsd/snapshots/packages/amd64/isc-bind-9.10.2pl3.tgz
although this p vs pl thing is confusing brycec: hm guess you're right, elle vs one. haaaate that when that happens. mercutio: hmm bind hasn't had a code execution vulnerability since 2008
http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64
kind of nifty to give all this detail mjp_: yes, yes it was mnathani_: can a headless virtualbox instance be run on top of ARP KVM VMs? Performance would be terrible - but besides that brycec: One way to find out for sure ;)
IIRC it requires the virt extensions to be passed through from the host.
Of which there's a 50/50 chance mercutio: i don't think arp has that enabled
http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64
oops
http://www.cvedetails.com/product/144/ISC-Bind.html?vendor_id=64
gah, now my cut and paste is broken
https://www.kernel.org/doc/Documentation/virtual/kvm/nested-vmx.txt
so it requires the kvm module to be loaded with different option, and the cpu flag to be passed through to the vm
but yeah altogether it looks too beta mnathani_: flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up unfair_spinlock pni cx16 x2apic popcnt hypervisor lahf_lm svm abm sse4a
no vmx flag
In other news: http://www.vancitybuzz.com/2015/08/loonie-canadian-dollar-drops-lowest-11-years/ mercutio: gizmoguy: did you manage to fix synergy cut+paste? gizmoguy: hasn't crashed yet!
I usually get a crash per hour
want the deb? mercutio: the canadian $ is called loonie?
nah i'm using arch linux
i'll try updating synergy though gizmoguy: there's a tag on git for it I think mercutio: i just updated to master
make: *** No rule to make target 'install'. Stop.
weird that mkae works but make install doesn't
it's working sometimes
this is weird :) gizmoguy: I think they use cmake? mercutio: yeah they do
it's weird it hasn't crashed yet, but linux -> windows seems to cut aobut 1/8 times brycec: @wiki Loonie BryceBot: Loonie :: The Canadian one dollar coin, commonly called the loonie, is a gold-coloured one-dollar coin introduced in 1987. It bears images of a common loon, a bird which is common and well known in Canada, on the reverse, and of Queen Elizabeth II on the obverse. It is produced by the Royal Canadian Mint at its facility in Winnipeg. The coin's outline is an 11-sided curve of constant... http://en.wikipedia.org/wiki/Loonie mercutio: maybe 1/4
but other times it cuts and wipes the cut buffer gizmoguy: I want a loonie mercutio: i don't remember ever seeing one -: brycec holds one up to the screen
jpalmer is a loonie. mercutio: has the US got dollar coins yet? jpalmer: silver dollar brycec: The US has had dollar coins for ages
Just "nobody" uses them.
Silver dollar, Susan B Anthony, Sacajawea, etc mercutio: i was under the understanding that normal shops didn't accept them brycec: mercutio: Under law, they're required to. mercutio: oh brycec: https://en.wikipedia.org/wiki/Dollar_coin_(United_States) throughout the entire history of the US apparently. BryceBot: Error in Wikipedia's response: gizmoguy: we have $1 and $2 coins here
nobody uses coins here tho
cash is for people living in the past mercutio: well upgrading windows synergy made it worse
i use coins gizmo
i find 10c pieces rather annoying though
i use paywave when i can, but most small shops don't even take credit card so i pay in cash
it seems silly to pay $4 or something with eftpos brycec: Don't take CC? Crazy to hear as an american. mercutio: brycec: like bakeries etc? brycec: Right. mercutio: bakery, sushi shop etc. brycec: I can't remember the last time I went somewhere that didn't take CC mercutio: well there are credit card surchages here brycec: Of course, I often choose to spend cash at small shops for that reason. mercutio: the sushi place is annoying, as they have amounts like $5.40
y'know, maybe they do take credit card there, i'm not sure now BryceBot: <mercutio> ow nsuswinpluc nisnu nri gtnusnow rnwuv nusnu osnlim n$5.40 mercutio: heh, y'know catches me out way too often. brycec: lmao
Merchants like Paypal and Square here have made it very easy to accept CC's. mercutio: you can use paypal in shops? brycec: mercutio: https://www.paypal.com/webapps/mpp/credit-card-reader mercutio: here lots of small shops use dialup for eftpos and it's really slow
and with credit cards, when chips came into play lots of credit card stuff was slow until they upgraded their machines. brycec: Though there's a big hardware store chain I can actually pay with my Paypal account at. (Home Depot) mercutio: bryce: you don't really do eftpos there do you? brycec: (From a Home Depot terminal https://www.javelinstrategy.com/uploads/2012/02/PayPal-31-297x300.jpg) mercutio: it says that page doesn't exist fwiw
probably geo stuf brycec: lol geo stuff mercutio: that's pretty cool brycec: mercutio: and no, EFTPOS is essentially non-existent in the US mercutio: i like paypal
i know some people really hate it though brycec: In fact,according to Wikipedia it says it's basically .au and .nz only mercutio: oh, interesting
it's kind of big here brycec: (or that's how I'm skimming the wiki page)
https://en.wikipedia.org/wiki/EFTPOS BryceBot: EFTPOS :: EFTPOS (pronounced /ˈɛftpɒs/) — electronic funds transfer at point of sale — is an electronic payment system involving electronic funds transfers based on the use of payment cards, such as debit or credit cards, at payment terminals located at points of sale. In Australia and New Zealand it is also the brand name of a specific system used for such payments. The Australian and New Zealand systems are country specific and... mercutio: it's like a debit card which costs 35c per transaction
except if you use atm then it's like $1 brycec: Debit transactions are almost always 0. (though ATMs are a different story) mercutio: well actually atm can be cheaper if you have an atm machine of the rigth bank around you (which i don't)
i'm with the biggest bank in the country, and there's no atm's nearby :/
there used to be lots of banks around here, but they all shut down, some left atm machines behind some just closed up completely
i don't even know where my "home branch" is now
but the banking market has all got more expensive, and less convenient
apparently eftpos started in the US brycec: Yeah I did see that. gizmoguy: square is cool mercutio: i kind of like how easy pay wave is
i suppose it's insecure, but it's just cool being able to pay for things quickly. it kind of sucks when you have to stand around waiting for some machine to be ready to take your pin etc. brycec: If it's the "Paywave" I'm thinking of, it's about as secure as "chip" payments minus the PIN.
Which in the US, is most chip payments anyhow... mercutio: probably the same dff brycec: (Yes, in the few US places that have adopted chip so far, it's chip or chip+sig, but never chip+pin :'( mercutio: err www.visa.co.nz is trying to download a virus
it's a .swf file brycec: No virus from visa.co.nz for me mercutio: (yeh i know that's just flash, but argh) brycec: Or maybe your AV just thinks all flash is viral mercutio: chrome said it could harm my computer
and was downloading it rather than showing a window saying to install flash player brycec: My chrome was happy enough. But I also don't load any plugin content. mercutio: yeah i disabled flash
it means i can't view videos on some news sites
but that's about the only drawbakc. gizmoguy: i found most CC transactions in the states were magstripe and not chip? mercutio: gizmoguy: didn't nz only move recently to chip? gizmoguy: all my cards are chip'd
and they expire at the end of this year mercutio: ithink i went chip like two years ago gizmoguy: and CC cards take 3 years to expire mercutio: really?
i thought they lasted longer thanthat gizmoguy: maybe it's 4 years
anyway, it means we've had chip for the past 4 or so years brycec: gizmoguy: indeed they are :( mercutio: time flies i suppose
i just remember being annoyed when i first had chip because it was really slow brycec: But the deadline is this October as I recall. At that time, the burden shifts from the issuer to the merchant for swipe transactions. mercutio: but then i could have swiped it?
maybe something changed with chip that made it slower brycec: http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php
Chip is slow because there's a handshake. mercutio: brycec: new machines are like 8 times quicker than old machines though
for the handshake part brycec: Swipe is just reading a stripe of data off the card and phoning home.
mercutio: I'm not surprised. mercutio: o brycec: v mercutio: supermarkets and petrol stations tend to be fast here
but some smaller places that take credit card are still slow
i suppose priorities and all that gizmoguy: merchants should stop charging so much for readers mercutio: gizmoguy: there's a duopoly gizmoguy: I was looking into those cellphone paywave readers
$400 for the reader
+2% transact fee or whatever
surely the transact fee is enough to make money off mercutio: yeah
the transaction fees are insane
i'm still annoyed that it costs 2.5% for bank to convert currency on credit card
there must be a better way :) brycec: "Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So it is not likely you will have to memorize new PINs anytime soon, according to Conroy."
*sigh* BryceBot: *sigh* mercutio: oh you don't have pins there even? brycec: Most people don't. One of my cards does though :D
"After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction." mercutio: pins have been common here for ages
i never used to use pin though brycec: Our debit cards have PINs... I don't see why people can't handle CC's with PINs mercutio: as when i got my credit card issued they sent it in the mail i think? anyway, it didn't have a pin at first.
and i had to go in to get a pin put on it
when it asks for pin here you can just press ok
so pin is convenient rather than necessary. brycec: Interesting. mercutio: yeah, although seeing people try to match signature is funny gizmoguy: in US everyone would ask for photoid when I tried to pay with a CC :( brycec: Wait, do people actually do that there, mercutio ? gizmoguy: and nobody knew what a NZ drivers license was mercutio: gizmo: oh wow.
brycec: check signatures, yes. brycec: lol gizmoguy mercutio: they ask for id when buying alcohol often here too
ever since the age went up to 21 from 18
err down from 21 to 18 brycec: *nobody* checks signatures here. I end up drawing lewd things. mercutio: i used to just walk out of liquor shops if i got asked for id gizmoguy: nobody makes you sign anything here mercutio: gizmo: what about if you get cash out with eftpos? gizmoguy: as I said before, I don't use cash mercutio: gizmo: never ever? gizmoguy: maybe 1-2 times a year I'll get some out of an ATM mercutio: yeah i get cash out way more than that
probably over 10 times a year
cash makes it easier to know much you're spending
especially for small transactions, like coffee, food etc. mnathani_: @exchange 1 usd to cad BryceBot: 1 USD -> 1.319006 CAD (as of Tue, 04 Aug 2015 19:01:02 -0700) mnathani_: Someone needs to make a summary of facebook that is not time sensitive - ie: can be visited at a later date and only contains items that are most relevant to users. None of this firehose of posts that are missed if not viewed regularly mercutio: mnathani_: the relevancy of facebook is questionable in general jpalmer: questionable? I'd go so far as to say, facebook needs to go the way of myspace. ***: mercutio has quit IRC (Ping timeout: 246 seconds)
mercutio has joined #arpnetworks
mercutio is now known as Guest31825 brycec: Cater towards musicians? ***: Guest31825 is now known as mercutio mercutio: bloody freenode mnathani: become irrelevant is what I think he meant mercutio: seems i missed some stuff :)
jpalmer: myspace at least lets users customise pages. kellytk: Didn't myspace change user profiles to being Flash-powered? mercutio: no idea, i havent' used it in years kellytk: I tried to retrieve old photos from it a year or two ago and it had been converted to a blackbox Flash file unfortunately mnathani_: I never really used myspace ***: mnathani_ has quit IRC () mercutio: there's some other big one i think it was in south america
and i think there's a big china one too
i had an idea like facebook before facebook exists, but i think many others did too :)
i've actually still got a slightly different idea. but i can't really devote the time to make such things work. kellytk: Yes many did, Facebook was relatively late to the social game mercutio: well the internet was late to the social game in general :)
there's no reason such things couldn't have been around in the 90s
although it would have probably been more elite back then kellytk: I think they did, but in a different form. (BBS/online service)
What I meant about Facebook was that there were multiple successful social websites for multiple years before Facebook even started, let alone hit critical mass
Basically I was affirming what you said in "but i think many others did too" mercutio: ahh i see
yeah my idea was more to integrate messaging etc too
it's curious that facebook e-mail never went anywher
i ran a bbs btw, so yeh some of my influence came from there.
there was a lot more community feel back then.
what actually bugs me personally the most atm is secure phone calls / messaging.
i don't even have a high need for security. but it's important that people with nothing to hide also do secure, so that you're not guilty for securing communications.
you can do things ok with jabber+otr but hardly anyone i know uses jabber.
atm there's kind of vendor lock in with things like skype, and they're not secure.
but yeah, no money, and somehow have to get users. kellytk: I would be shocked if Skype were actually secure or respectful of privacy in any way mercutio: you wouldn't want such a service to be closed source or charge for it really
which also means you kind of want it to be decentralised. kellytk: I agree about community feel, although I've been feeling that way progressively moreso since the eternal September mercutio: jabber you just use your own domain name.. and have special records
haha
when i first heard about that i had no context.
i had no idea what it was about
wow, when that happened i actually listened to the radio
but yeah jabber is the best that's around atm, but there's no one jabber client, one jabber domain you can easily point people to, and get them to use it
and otr is a plugin/extension
and i don't think jabber does well with video/voice
skype is actually pretty great for voip
it's video is a bit lacking
but it has great echo cancelation that works well, low bandwidth requirements, good audio quality
but there are some annoying things about it still, like you can't do group calls on android/iphone/mac
well you can participate audio only but not clal