***: ziyourenxiang has quit IRC (Quit: Leaving)
Lucifer333 has quit IRC (Ping timeout: 268 seconds)
RandalSchwartz: cloudflare seems to have had a major outage that started *precisely* at the leap second. I wonder if SSL has "this is from the future" coding checks?
I know it blew up some of the connections to ziprecruiter machines for quite a few hours
***: awyeah has quit IRC (Ping timeout: 265 seconds)
awyeah has joined #arpnetworks
dne: seems likely - https://github.com/golang/go/issues/12914
RandalSchwartz: I know internal to zip, they were seeing the upstream ntp suddenly being one second back
admittedly, many of the internal ntpd could have used an upgrade in the past few years. :)
I can't recall if "one second" is still within the slew range
I know there's some threshold where it will basically give up. I gotta think it's more like a minute
my brother seems to recall when 7 seconds were added "all at once", but I think he's mis-remembering
***: perlgod has quit IRC (Quit: bye)
perlgod has joined #arpnetworks
perlgod has quit IRC (Client Quit)
perlgod has joined #arpnetworks
perlgod has quit IRC (Client Quit)
perlgod has joined #arpnetworks
Lucifer333 has joined #arpnetworks
mhoran: Ugh that fucking golang thread is absurd.
The community is so terrible and why is documented right there.
mercutio: so is that why google was doing smearing?
mhoran: Ha.
nathani: staticsafe: how are you liking the new fibe/fiber
staticsafe: im liking it a lot
nathani: still going through the Mikrotik PPPoE Client
or using the mikrotik strictly for Layer 2 and let the HH3000 do the NAT?
***: Lucifer333 has quit IRC (Quit: Leaving)
up_the_irons: mhoran: you find the golang community terrible? (I know nothing of it, so that's why I'm asking...)
mhoran: yeah. We write/maintain a lot of go at Pivotal/Cloud Foundry. I hate it.
nathani: up_the_irons: Happy Invoice Day / New Year / Congratulations on the new auto provisioning VMs
s/New/Happy New
BryceBot: <nathani> up_the_irons: Happy Invoice Day / Happy New Year / Congratulations on the new auto provisioning VMs
mercutio: nathani: did you see that bbr is in linux 4.9 now?
nathani: nope
you have a link to the release notes?
mercutio: it'll be on kernelnewbies probably
nathani: github or whatever
mercutio: linux doesn't have proper release notes
oh it's not there yet
/lib/modules/4.9.0-1-ARCH/kernel/net/ipv4/tcp_bbr.ko.gz
it's in there heh :)
nathani: https://github.com/torvalds/linux/search?utf8=%E2%9C%93&q=bbr
mercutio: cool
nathani: The PDF if anyone is interested: https://mnathani.com/bbr/BBR-Congestion-Based%20Congestion%20Control.pdf
up_the_irons: nathani: thanks!!
mhoran: ah interesting
mhoran: And I personally disagree with a lot of the core tenets of the language.
up_the_irons: mhoran: is it like OpenBSD bad, hipster bad, or...? ;)
ah
mhoran: Google bad.
up_the_irons: aaah
mhoran: They don't believe in shared libraries, mostly copy and pasting code and sticking to what's in the core lib. It works for Google where they maintain all their code and have subject matter experts on everything they maintain, but doesn't work for smaller organizations that utilize open source and leverage other communities.
Package/code management is terrible, and constantly changing since there's no clear direction (and Google doesn't use it so it's not maintained well.)
Statically linked binaries are huge and pull in the whole world for the sake of portability (which is nice, but see shared libraries above).
mercutio: eww
mhoran: And then there's naming practices. Single letter variables all over the place, and hard to read, spaghetti code.
For highly concurrent systems that are complicated and need high throughput,it's OK. But for everyday programming, I miss Ruby.
mercutio: are you working at google or something?
mhoran: https://medium.com/@octskyward/modern-garbage-collection-911ef4f8bd8e#.lktwkvmat -- here's a great article about some other FUD around GC in Go.
mercutio: GC is what put me off D
mhoran: mercutio: Pivotal, we work on Cloud Foundry which is mainly written in Go.
up_the_irons: mhoran: oh man that sounds terrible; i'm sorry to hear that
mhoran: Go has a lot of promise and then is just so disappointing.
up_the_irons: mhoran: i knew about the shared library thing... i mean, having a single binary that can be copied around systems, dependent-less, is kinda one of their "things"
mhoran: yeah.
And for Google it works great! Or so I hear. But I haven't seen it work well.
up_the_irons: yeah
RandalSchwartz: ... https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/
Google probably has enough disk and bandwidth that they can copy the world bundled with each of their binaries without issue.
I'm surprised they didn't just implement containers that bundle the world for each app... oh wait...
***: perlgod has quit IRC (Quit: bye)
perlgod has joined #arpnetworks
mhoran: Yep
mercutio: ever since amos had huge executables on amiga back in the day i've had pet grudges over executable size..
it doesn't slow things down as much when you have demand paging, but it just seems so wrong
***: chatter has joined #arpnetworks
chatter: hey guys
allah is doing
sun is not doing allah is doing
to accept Islam say that i bear witness that there is no deity worthy of worship except Allah and Muhammad peace be upon him is his slave and messenger
JC_Denton: oh, to have ops...
***: chatter has quit IRC (Quit: http://www.kiwiirc.com/ - A hand crafted IRC client)
chatter has joined #arpnetworks
perlgod has quit IRC (Quit: bye)
perlgod has joined #arpnetworks
chatter has quit IRC (Client Quit)
mhoran has left "WeeChat 1.6"
mhoran has joined #arpnetworks
mhoran has quit IRC (Changing host)
mhoran has joined #arpnetworks
ChanServ sets mode: +o mhoran
mhoran sets mode: +b chatter!*@*
Lucifer333 has joined #arpnetworks
karstensrage has joined #arpnetworks
karstensrage is now known as Guest85439
perlgod has quit IRC (Quit: bye)
perlgod has joined #arpnetworks
nathani: any one else having issues viewing ssl certificate details using chrome?
they seem to have removed the option completely
***: Guest85439 is now known as karstensrage
karstensrage has quit IRC (Changing host)
karstensrage has joined #arpnetworks
mercutio: wow it is confusing
i see what you mean
there's probably a way ,lnot sure how yet though
just press fa12
f12
go to security
and view certificate is under there
nathani: cool
thanks
dont need to use firefox for that task anymore :-)
mercutio: i had to guess my way there
nathani: pretty sure it was an oversight on their part though
mercutio: i dunno
nathani: F1, F2, F3, .. F12 ?
mercutio: finding out site passowrds got harder before
i think sometimes they just don't want to make some of these things too easy
f12 is the normal debugging mode
there's other cool stuff in there too
nathani: right
mike-burns: Oh rad, instant provisioning!
mhoran: Yeah, for some reason Chrome removed the extremely accessible cert information modal and combined it with the confusing for people who aren't web programmers inspector widget...
Which seems ... really bad for security.
mercutio: they also say not secure when you enter a password on non encrypted site now
mike-burns: That's a nice feature.
mercutio: i always consider websites that ask for a password insecure
there's been so many big leaks...
mike-burns: I consider it completely insecure to give my password to another person/company, including a Web site. I think we're in agreement there.
https://twitter.com/mikeburns/status/529369409941680128 - this was my prediction in 2014!
BryceBot: TWITTER: Browsers might as well render password fields like text fields when the form action is non-HTTPS. And even then ... (Mon Nov 03 20:27:57 +0000 2014)
mercutio: i think some kind of generic login that isn't associated with facebook etc would be nice
preferably one that can't link back to you, so much as ensure you are legit
mike-burns: Right, just some simply public/private keypair thing.
mercutio: like if you have two sites, and use some kind of sahred login system the sites shouldn't be able to identify you as the same person
mike-burns: I also question "logging in" to Web sites as a general concept, but that's neither here nor there.
I don't care about SSO so much as public/private keypair. I'm fine with a new keypair for each service.
mercutio: i tend to just hav chrome remember passwords for me
mike-burns: I use a password manager.
mercutio: but as soon as i'm not in front of chrome i don't have any idea what my password is for most of those
mike-burns: Yeah a password manager helps with that.
mercutio: well atm there are so many not very important things that want logins
like logins for online shopping basically
and whenever possible i pay with paypal
mike-burns: And hosted email service, if you use one of those.
mercutio: as bad as it is
at least it means i don't have to worry about sites having my credit card #
mike-burns: Yeah I also don't like entering my CC number into a Web site -- especially a non-CC Web site.
Like, I'd rather enter my CC # into visa.com than into, I dunno, gilt.com.
mercutio: yeah
although i still am hesitiant about americanexpress
hah
i had credit card fraud on my credit card and they rung me up from a blocked phone number
mike-burns: If only someone made a public/private keypair for payment that wasn't also criticized as being only used by criminals.
mercutio: and wanted me to say my credit card # etc
mike-burns: That's bold.
mercutio: it was legit
but like there was no other communication method in line with it
i got a reference number from them and went through their avr
but that again seems like one of those areas that needs to be improved
like if a company wants to validate me, how do i validate them first?
mike-burns: We, as a culture of engineers, sure have built a lot of phishing-friendly products, from phones to emails and beyond.
mercutio: well most geeks have known about social engineering for ages.
"what's your password?" :)
mike-burns: We just think we've above it.
Or that it's a problem that can be solved later.
mercutio: but lots of people are trusting
mike-burns: Or busy.
mercutio: true
it was a pita going through the avr
mike-burns: Yeah I bet.
BryceBot: That's what she said!!
mercutio: i wish there was a way to shortcut it
like you should just be able to press 0
then type in a 12 digit number or something
mike-burns: They should have a phone number that you call them on, agreed upon ahead of time.
mercutio: it's on your credit card
mike-burns: Right.
mercutio: but you still have to put in heaps of details etc
mike-burns: Oh I see.
mercutio: and go through annoying avr
and wait in queue
mike-burns: In Sweden I used a public/private keypair to auth with my bank. That was nice.
mercutio: wow
mike-burns: BankID. Unpleasant software, but a great idea.
mercutio: i can download my transactions in csv
going back years
i thought that was normal. but apparently some banks don't make that that easy.
mike-burns: Lots of legacy software and arbitrary restrictions.
mercutio: and some will only go back two years or something
banking just got improved recently here, so that you can normally transfer money between banks within an hour
it used to be overnight. now that was a legacy system...
mike-burns: Yeah, using tapes physically mailed to banks or something.
mercutio: i think they used to use isdn
mike-burns: http://www.npr.org/sections/money/2013/10/04/229224964/episode-489-the-invisible-plumbing-of-our-economy - this MP3 talked about it, IIRC.
mercutio: i wouldn't be suprised if they use the interne tnow..
mike-burns: I would be surprised if a US bank used any recent technology.
mercutio: well i'm not in the US..
mike-burns: Ah, right. Then maybe!
mercutio: ok i'm going to have to watch that
err listen?
mike-burns: http://www.npr.org/templates/transcript/transcript.php?storyId=229224964 - here's some words.
mercutio: on that note, i've been searching for ages, and still have no idea what the best way to listen to music at gym is ..
which could include podcasts
i kind of thought stuff would have improved by now.
mike-burns: That'd be a great subtitle for a documentary about the year 2016.
mercutio: the easiest seems to be bluetooth watch with music playing with bluetooth headphones
which would be fine for podcasts
but not so good for music
RandalSchwartz: I got my friend a Bose QC20 for his gymwork
he's now pretty happy with it
not bluetooth... but the noise cancelling is amazing even in a gym
mercutio: damn they're expensive :)
up_the_irons: mike-burns: yeah, VMs without an OS (blank) are now instant; we're working feverishly to also get the OS part done by Feb.
RandalSchwartz: I think they may even exceed the classic Bose I bought (twice) ear-clamps that I had years ago
mercutio: i found there's this cool alternative firmware for mp3 players.
i have a feeling that wires are going to be annoying
but i probably should experiment with my old phone
xduoo x3 is my current idea
then using big clunky headphones
but where to put it!
BryceBot: That's what she said!!
mercutio: there's this alternative firmware called rockbox, and that's one of the only current mp3 players it works with.. there are some older models that are hard to get now like sandisk clip which would be more convenient..
nathani: I use a classic iPod
they discontinued the product in favour of smaller flash based devices and the iPod touch
mercutio: classic ipod actually works with rockbox too
ipods are stupidly expensive second hadn here
nathani: yea
mercutio: and the batteries are likely to die on old ones bought now
it's cheaper to buy a new xduoo x3
nathani: @google xduoo x3
BryceBot: 15,800 total results returned for 'xduoo x3', here's 3
The xDuoo X3 DAP now has a fully functional Rockbox port. Here ... (https://www.reddit.com/r/headphones/comments/4c2u3a/the_xduoo_x3_dap_now_has_a_fully_functional/) Mar 26, 2016 ... Hello guys. I have been immensely enjoying my xDuoo X3 DAP and thought I would share my experience now that the player has received a ...
XDUOO X3 HiFi Lossless Music Player MP3-92.81 Online Shopping ... (http://www.gearbest.com/mp3-mp4-players/pp_440370.html) Just US$92.81 + free shipping, buy XDUOO X3 HiFi Lossless Music Player MP3 online shopping at GearBest.com.
XDUOO® X3 Mini HI-FI Music Player JZ4760B Chip 24bit: Amazon ... (https://www.amazon.co.uk/XDUOO%C2%AE-JZ4760B-Lossless-Supports-Formats/dp/B017K9XVX6) XDUOO® X3 Mini HI-FI Music Player JZ4760B Chip 24bit/192khz HD format Audio Player Lossless Music Player Silver Supports MP3 WMA APE FLAC WAV ...
nathani: @google Rockbox
BryceBot: 162,000 total results returned for 'Rockbox', here's 3
Rockbox - Wikipedia (https://en.wikipedia.org/wiki/Rockbox) Rockbox is a free and open-source software replacement for the OEM firmware in various forms of digital audio players (DAPs) with an original kernel. It offers ...
Rockbox Technical Forums - Index (http://forums.rockbox.org/) Welcome to the Rockbox Technical Forums! Thank You for your continued support and contributions! Rockbox Ports are now being developed for various digital ...
Rock Box | Japanese style karaoke | Capitol Hill, Seattle (http://www.rockboxseattle.com/) Rock Box is a Japanese style karaoke lounge in Capitol Hill, Seattle with full bar. Sing and drink with your friends in a private room or karaoke box!
mercutio: xduoo has annoying firmware
nathani: hmm, so I can convert my iPod to a Rockbox?
mercutio: yes
like there's a second gap between songs
rather than seemless playing from track to track
nathani: whats the advantage over the iPod firmware
mercutio: i haven't seen the ipod firmware
but it has quick previous/next etc
eq
nathani: is it stable?
mercutio: i'm not an expert on it though
some devices can dual boot
it's really old so should be
nathani: I have had to use iTunes with the iPod
which is a huge resource hog
mercutio: oh
yeah that problem should go away :)
you should be able to play flac etc too
you can drag and drop songs to it
it acts like a drive
people keep talking about flac support when googling hah
nathani: how does it deal with creating / modifying playlists
mercutio: long press
that's as much as i know
i haven't tried it yet
i don't have a mp3 player :)
nathani: https://support.apple.com/content/dam/edam/applecare/images/en_US/ipod/ipodclassic/psp-hero-ipodclassic.png
ahh
thats the iPod classic I have
is Spotify available in NZ ?
you could use your Samsung if it is
mercutio: i don't want to use my normal phone in gym
sounds way too dangerous
well i was initially
but now i don't :)
i have a moto g too though
i'd rather use proper headphones though
i hate those in ear things
nathani: whats the danger? drops and such?
mercutio: yeah
nathani: get a rugged case :-)
mercutio: well there's still the issue of it being bulky and not fitting in pockets of gym clothes that easily
i was considering getting a gear fit 2
nathani: iPod touch sells arm bands
mercutio: which has music playing
using bluetooth to bluetooth headphones
nathani: my brother just bought a fitbit charge
mercutio: fitbit charge doesn't have music
my brother has a fitbit charge
all of the herat rate things seem non ideal
none of them are responsive enough to work well with HIIT
nathani: I used to have a watch that measured heart rate
mercutio: which is where heart rate is most important
yeah i think it'd be fun to see what my heart rate over the day is
and it'd be nice if i could get notifications from my phone
not sure what range is like though
***: Lucifer333 has quit IRC (Quit: Leaving)
nathani: I got an A on my new Wildcard SSL Install: https://www.ssllabs.com/ssltest/analyze.html?d=graphs.winvive.com&s=67.227.192.97&latest
mercutio: you may want to enable HSTS
are you going to try and get A+?
nathani: mercutio: do you know if it can be set globally in Apache?
mercutio: i've never enabled it in apache
so i have no idea
nathani: does the test give suggestions on how to improve
mercutio: i'd do it per site generally though
nathani: so I can try to get A+
mercutio: i'm not sure, i didn't see it..
somewhere should say how to improve it
so you do want to try for the A+? :)
nathani: probably get the folks at liquidweb to do it
its a managed box
mercutio: managed hah
nathani: they need to be told what to do and then they do it
so semi-managed I guess
no proactive stuff
mercutio: ahh
https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html#HTTP_Strict_Transport_Security
maybe this would help you
nathani: thanks