=== scottrigby is now known as scottrigby_away === scottrigby_away is now known as scottrigby === scottrigby is now known as scottrigby_away [09:59] Morning. [10:00] Morning [10:00] Hey rmg51 [10:00] o/ [10:09] morning [11:48] those threads crack me up - pick one - use it - stfumorning [11:48] err, morning [11:53] ChinnoDog: fwiw i don't like the concave pad - prefer old eraser head - better grip/grab [12:32] looks like the latest kernel update broke Teddy's laptop :P [12:35] have to go back two kernels to get it to boot to the login screen [13:53] jedijf: My Thinkpad has a bulb with a rough surface on it. I miss it. [14:01] ChinnoDog: yeah, that sounds like classic eraserhead [14:01] best pointing device evah [14:06] On Sunday I found an international grocery store by accident while I was out shopping and bought a box of chai from the Indian aisle. Idk how it is so different from grocery store knockoff chai but one cup gives me the caffeine buzz. [14:08] I think you should look for some jedijf. You could supplement your coffee intake. [14:09] good chi is worth it just for the taste [14:09] I mean, having a good variety is nice [14:10] what is this chai you speak of? a tea? [14:10] i'm on a green kick - with tumeric - lemon - cinnamon [14:11] Yes. Tea. I'd tell you the brand but I threw out the box so I could put the remaining bags in a ziplock bag. [14:11] This one has cardamom. [14:11] i will give it a try - the green doesn't caffeine me at all (or at least i don't feel it, per se) [14:12] I don't buy the cheap knockoffs in most grocery stores. They aren't strong enough and don't taste much much like chai imho. [14:13] This chai is strong even with heavy cream added. === scottrigby_away is now known as scottrigby [14:14] i'll definitely give it a shot [14:15] Thai tea can be pretty strong too but only if you brew it yourself. The stuff in Thai restaurants is usually very diluted. [14:16] Morning peoples, dogs, turkeys and everything else [14:16] Morning teddy [14:16] o/ === InHisName1 is now known as HowdyDoody [15:15] Anyone know of an open source PCI compliance scanner? [15:15] Not yet but sounds interesting [15:18] Seems like there are a lot of commercial ones but no good free ones. [16:01] ChinnoDog: not free, but iirc nessus scans for pci compliance [16:01] and is good for scanning for other stuff too [16:01] http://www.tenable.com/products/nessus [16:02] * square-r00t remembers back in the day when nessus was F/OSS [16:02] "Nessus compliance checks help to eliminate fines and external audit findings. It covers PCI DSS, HIPAA / HITECH, NIST, DISA STIGs..." [16:27] square-r00t: Thanks. I'm checking that out right now. Looks promising? It /used/ to be OSS? :-( [16:28] yeah :/ that was like, yeaaars ago [16:29] http://en.wikipedia.org/wiki/Nessus_%28software%29#History [16:29] "On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license.[3] The earlier versions appear to have been removed from the official website since then." [16:30] openvas (openvas.org) is a pretty good fork of nessus 2 that's fairly well maintained, but i don't recall if it scans for PCI compliance [16:40] It does not do PCI compliance. However, it does also look like it could be a good tool. [16:54] honestly with a little scripting it could probably do PCI. PCI's more or less just a port scan with versioning info and matching it against PCI requirements. the tricky thing is generating the reports so you can show an auditor [16:54] because you'd still need to be licensed as compliant, and the auditor would want to see them. [16:55] (shrug) or just use nessus, which is an authorized PCI compliance tool. heh [16:56] (and does generate reports) [16:56] what PCI class? [16:56] not sure, ChinnoDog is the one looking for comp [16:57] ChinnoDog: what PCI class? [16:58] the sad thing is compliance is usually easier to meet than documenting it is [16:58] I think you are referring to the compliance level based on transaction volume. We have customers in more than one class. [16:58] lol. too true, though. [16:58] ChinnoDog: yeah, I was, what's the highest class, 4? [16:58] highest class you have [16:59] I don't know. I don't consider myself a PCI expert. For the customers I work with probably not the higher classes. [17:00] ChinnoDog: http://www.pcicomplianceguide.org/pcifaqs.php#5 [17:01] the highest class is actually for the losest transctions if I recall, yeah not one myself, consulting work it may have happened to a coworker twice in my time [17:02] cyberanger: yep, you're right. PCI-4 = < 20k transactions [17:03] PCI-3 = 20k - 1m, PCI-2 = 1m - 6m, PCI-1 = 6M+ === InHisName1 is now known as HowdyDoody === HowdyDoody is now known as Guest9666 [17:09] I was thinking in terms of cost for licensing [17:09] if you went with nesus [17:13] We would probably do all the scanning so one license would be sufficient. [17:15] https://store.tenable.com/?gclid=CN7TlZjsw7kCFRIaOgodfmcADw [17:16] or they're running some sales on their bundles, https://store.tenable.com/index.php?main_page=index&cPath=7 [17:16] but probably not really worth it if you aren't an auditor by trade [17:17] (though, $your_company could then offer pci compliance services to everyone else and charge a nice penny for it as long as you get licensed as an auditor. is good money, so the investment could potentially pay for itself) [17:33] That is what I was thinking. I suggested that after I saw the licensing. [18:20] starving [18:30] samesies [18:39] to the diner! [18:40] i wish [18:40] too busy today [18:40] and THEN [18:40] i need to drop the supernode server off at hive76 [18:41] what time is server drop [18:43] * jedijf may do a parts drop at hive [18:44] mmm 7ish [18:45] server image isn't perfected, but the box VPNs back to NOC so it's not too big a deal [18:46] i need to make a [18:46] err [18:46] late night :/ [18:46] a "supernode" pacman package [18:46] open house doesn't even start till 7 lol [18:46] i don't think i've been to enough to go up for membership approval yet [18:47] dismember; certainly [18:47] and that's the coolest name too [18:48] yeah but i was gonna go for the basic membership [18:48] i was a dis first [18:48] that way i could come in in the middle of the night when i can't sleep [18:58] rmg51: i kind of want to out a rPi or beagleboard inside teddy-dbear with an IRC client, stitch him back up, and have vga and usb hookups coming out of his paws. [18:58] cyborg_teddy++ [18:58] s/out/put/ [18:59] (well, and cat-5 hookup too for times when wi-fi wouldn't work) [18:59] no way!!!!! :-/ [18:59] teddy-dbear: but you could IRC with your body then! [19:00] the surgery would be quick and painless [19:00] forget transhumanism, you could be the first transbearist [19:01] this bear is not going to be cut open [19:02] you could even run a custom ubuntu derivative! ubearntu. [19:05] sq [19:05] oops [19:06] square-r00t: you need to go to build-a-bear [19:06] that's not as fun [19:12] better for me :-D [19:13] :( but teddy-dbear you could let rmg51 ssh or vnc into you then! [19:13] and then down the road we could put in some servos and motors... [19:13] you could be like a real bear! walking around! [19:21] then I might have to do something :'( [19:22] I likes just sitting here looking way cute [19:28] * waltman suddenly has a vision of teddy-dbear catching swedish fish from a chocolate fountain [19:28] I have dreams like that sometimes [19:28] do you now? [19:30] dang silly humans [19:30] silly ol' bear. === scottrigby is now known as scottrigby_away