| IdleOne | so I just read en email sent to the ubuntu-irc mailing list and I am a little concerned. it says that it is linked to freenode. "Currently we linked it to Freenodes authentication so that when you join you automatically have the permissions relevant to your moderation status, and so that we can limit users.." what worries me here is this just a way of harvesting user nicks and passwords? | 04:28 |
|---|---|---|
| IdleOne | http://tap.info/group/ubuntu | 04:29 |
| IdleOne | the site does not have a sign up link. so I assume it is asking for nickname and nickserv password in the login fields | 04:30 |
| * IdleOne might be overly paranoid here | 04:30 | |
| rww | I think freenode might be unhappy about it too :\ | 04:31 |
| rww | (and if you're overly paranoid, then so am I, because I took one look at it and closed the window when I notice dthat) | 04:31 |
| IdleOne | ok so, who do we take this to? | 04:33 |
| rww | I'm waiting for an ircop to speak in #freenode so I can PM them (can't be bothered /whoising until I find one that isn't idle). Replying to the ubuntu-irc email with your concerns would probably also be a good idea. | 04:35 |
| rww | (replying on-list, that is) | 04:35 |
| IdleOne | I just did | 04:36 |
| pleia2 | I think you came off a bit harsh | 04:40 |
| IdleOne | I may have | 04:40 |
| IdleOne | but just seems very fishy to me and I felt that a harsh warning was warranted | 04:41 |
| pleia2 | btw: http://irclogs.ubuntu.com/2010/04/16/%23ubuntu-ops.html | 04:42 |
| rww | Yeah, they were in #ubuntu-ops a few months ago, and I think it's a little bit more effort than the average phisher would put in, but the security implications are very concerning to me. | 04:43 |
| rww | a[C[C[Clthough sites like mibbit are theoretically just as problematic, so... | 04:43 |
| pleia2 | yeah, I was just going to say that | 04:44 |
| pleia2 | I mean, they did go through the trouble of handling it via a bug in launchpad, which is a step in the right direction | 04:44 |
| IdleOne | The idea itself seems interesting. I agree with rww on the security point | 04:44 |
| pleia2 | I don't actually have an opinion on it | 04:44 |
| rww | pleia2: I think they were just referencing that bug. It's a general "#ubuntu is noisy" bug, not something they wrote, iirc. | 04:46 |
| pleia2 | ah | 04:46 |
| pleia2 | fair enough | 04:46 |
| elky | I get the feeling that it's kind of like that ssh key generator website. Likely perfectly genuine in intent, but holy crap absurd in terms of the security POV | 06:05 |
| === radoe_ is now known as radoe | ||
| bazhang | partnering with freenode? does freenode know about this? | 07:23 |
| elky | bazhang, in that they are storing users passwords. I'd imagine not. | 07:38 |
| bazhang | elky, interesting. he says a year or thereabouts, but it seems just a few months or so he was proposing this. | 07:39 |
| elky | bazhang, i get the feeling it was a floundering nothing that discovered a cause a few months ago | 07:40 |
| bazhang | sure seems that way | 07:41 |
| m4v | jrib most likely made the ban during that time when the bantracker was having hiccups last week, so the ban isn't in the bt. There might be more of those unrecorded bans unfortunately. | 11:09 |
| m4v | (saw jrib comment about the ban review in -ops log link) | 11:09 |
| m4v | yeah, looks like two more bans went unrecorded at least in #ubuntu, one from jpds and another from bazhang. | 11:17 |
| m4v | jpds, bazhang: so you're notified :) | 11:17 |
| jpds | Righto. | 11:18 |
| niko | the bot didn't synchro himself at reconnect ? | 11:21 |
| bazhang | m4v, thanks :) | 11:30 |
| m4v | niko: the db isn't, you can force a sync, but isn't useful at all imo (no logs get recovered) | 11:30 |
| === Ddorda1 is now known as Ddorda | ||
| === mkv is now known as m4v | ||
| === dholbach_ is now known as dholbach | ||
| === k1l_ is now known as k1l | ||
| === highvolt1ge is now known as highvoltage | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!