jose | hey AlanBell, lderan was wondering if you could join #meetingology or check his MP | 01:50 |
---|---|---|
=== ldunn is now known as Idunn | ||
=== Idunn is now known as ldunn | ||
=== LjL is now known as Al-Jayal | ||
=== Al-Jayal is now known as LjL-September | ||
=== LjL-September is now known as LjL | ||
elacheche | Hey can I have a Ubuntu Membr cloak please? | 17:17 |
ClumsyFairyQueen | elacheche, provide a link to your launchpad page | 17:20 |
elacheche | CarlosNeyPastor, https://launchpad.net/~elacheche :) | 17:22 |
teward | ClumsyFairyQueen: ^ | 17:22 |
teward | elacheche: make sure you highlight the right people ;) | 17:22 |
ClumsyFairyQueen | IdleOne, ^ | 17:22 |
ClumsyFairyQueen | enjoy that | 17:22 |
ClumsyFairyQueen | :) | 17:22 |
ClumsyFairyQueen | might tke a while, its early | 17:23 |
elacheche | teward, yeah you're right.. my fault.. I'm not concentrating on just one thing x) → have a server crash that make me crazy x) | 17:24 |
elacheche | I'll wait CarlosNeyPastor IdleOne :) → BTW what time is it x) | 17:24 |
teward | elacheche: i have five failing sbuild chroots that're failing to build a package i need built :P | 17:24 |
teward | so i'm in the same "multitasking" boat | 17:24 |
teward | but still | 17:24 |
IdleOne | staff can we get a @ubuntu/member/elacheche_anis cloak for elacheche please | 17:24 |
* teward returns to nursing his chroots | 17:24 | |
teward | i thought _ isn't allowed in cloaks? | 17:25 |
jose | IdleOne: ^ | 17:25 |
IdleOne | hmm, true | 17:25 |
teward | IdleOne: i'm basing that on their current unaffiliated cloak, if _ isn't allowed in cloaks then that's why they have unaffiliated/elacheche-anis/x-random | 17:25 |
jose | afaik, it would be @ubuntu/member/elacheche-anis/x-crashyournumpadandentertheresulthere | 17:25 |
Pici | no | 17:26 |
teward | Pici: no? | 17:26 |
Pici | We have no requirement to use the x-2394823904823 | 17:26 |
Pici | Just replace it with a - | 17:26 |
IdleOne | ok | 17:26 |
Pici | IdleOne: also, I usually need to go grab a staffer manually, askin in this channel only works if we know that one of our staffer friends have been recently active here. | 17:26 |
Pici | from #freenode usually | 17:27 |
IdleOne | yeah I asked here and was about to go poke someone in #freenode | 17:27 |
teward | i saw mquin around in #freenode you can probably poke him if ou hop in #freenode | 17:27 |
teward | blah now my keyboard's breaking >.> | 17:27 |
ClumsyFairyQueen | lol | 17:27 |
IdleOne | congrats elacheche :) | 17:31 |
elacheche | thx IdleOne :) | 17:32 |
IdleOne | You are very welcome | 17:32 |
elacheche | Need to reconnect to use it? | 17:32 |
IdleOne | nope | 17:32 |
IdleOne | your cloak will be applied to your account when you identify to nickserv. if you /whois elacheche you will see your cloak | 17:33 |
Unit193 | You will also see your IP since you are the user logged in, but we won't. | 17:33 |
elacheche | Yeah I see that in the whois :D Coool :D thx guys :) | 17:33 |
IdleOne | sure thing :) | 17:33 |
Pici | woo | 17:34 |
elacheche | :) | 17:35 |
LjL | see? you didn't even feel a thing | 17:39 |
elacheche | hahaha x) | 17:43 |
teward | elacheche: remember to identify with nickserv every connection though | 17:43 |
elacheche | So anyone can tell me how to be secure on irc :) the #freenode guys says that a cloak can't really hide the ip.. | 17:44 |
elacheche | teward, xchat is good configured to do it ;) :D | 17:44 |
k1l_ | set your nickserv pw as the server pw | 17:44 |
teward | ewww | 17:45 |
teward | xchat | 17:45 |
teward | eww | 17:45 |
* teward shuns | 17:45 | |
Unit193 | If someone _really_ wants it, no, but it's good enough. | 17:45 |
Unit193 | Better to use SASL or CertFP. | 17:45 |
LjL | yes, your IP is hard to safely hide using freenode means, elacheche, if you're very concerned about that, get a VPS or something like that | 17:45 |
k1l_ | elacheche: for regular chat its ok. | 17:45 |
teward | i'd suggest hexchat over xchat (there's a PPA), it has built in SASL auth... | 17:45 |
elacheche | teward, better then pidgin or empathy :p but I'm thinking to migrate to irssi :p | 17:46 |
LjL | you might want to wonder whether it's worth hiding your IP here when ever single website you ever visit gets it, and stores it, though | 17:46 |
k1l_ | teward: sasl is not that stable as freenode wants to tell | 17:46 |
Unit193 | elacheche: Good choice! That's the one I use. ;) | 17:46 |
IdleOne | The only real and 100% effective way of hiding your ip is to unplug your computer | 17:47 |
LjL | IdleOne: unless you have another two dozen devices that get an IP | 17:47 |
elacheche | LjL, if I'll have some $ or € I'll get my DS and create a dedicated vm fo irc :p :D for now am just asking :) | 17:47 |
LjL | and don't need cables | 17:47 |
elacheche | IdleOne, +1 | 17:47 |
teward | k1l_: SASL's only not stable when the network's under DDoS (they still have SASL PLAIN up) | 17:47 |
LjL | IdleOne: also, apparently, new Intel chipsets for laptops come with a built-in 3G+GPS module that works when they're off to track their location (for cases of theft!), so, that's not useful either | 17:48 |
Unit193 | CertFP is pretty much the best backup too. | 17:48 |
k1l_ | teward: nope. | 17:48 |
IdleOne | in that case, smash every device in your home that use electricity | 17:48 |
LjL | teward: isn't it refreshing to know the way to authenticate in 2014 is still by sending plaintext passwords! | 17:48 |
k1l_ | teward: in theory, yes. but not in the user experience. more failed auths then serverpw method | 17:48 |
Unit193 | k1l_: I think your client is broken. :P | 17:49 |
teward | i've got my theories on that... | 17:49 |
teward | but as this channel is public, i can't state them | 17:49 |
teward | not without (a) breaking guidelines and (b) being a nuisance | 17:49 |
LjL | that's a "go ahead" from me | 17:49 |
teward | so long as the CC won't nuke my membership... :P | 17:49 |
teward | (it violates CoC too) | 17:49 |
LjL | teward: well, then you can join the club | 17:50 |
teward | heh | 17:50 |
LjL | i'm presently drafting the charter! | 17:50 |
IdleOne | or honor your agreement to follow the CoC | 17:50 |
teward | it's mainly misconfiguration issues, i've seen, k1l_ | 17:50 |
teward | IdleOne: which is why i'm not saying anything :) | 17:50 |
teward | k1l_: or, in my case, where I forgot to change my SASL data to account for my changed nickserv account nick, but meh | 17:50 |
k1l_ | teward: i doubt misconfig when it works only 99 out of 100 times | 17:50 |
teward | k1l_: the 1% is so minor it's usually irrelevant and statistically insignificant (and usually easily fixable on those clients) | 17:51 |
teward | i'm not going to argue over 1% though | 17:51 |
teward | because there are clients that just fail to implement sasl right, whether built in or via plugin | 17:51 |
teward | (and of that 1% i've seen a lot of people complaining because they mistyped something) | 17:52 |
k1l_ | teward: it is quite stable. but not as the bulletproof stable people talk about it. and when you dont want to show your ip 1% failure is wa too much. hence serverpw method is way better since its at the beginning of the connection process | 17:52 |
teward | ... grrr, stupid sbuild chroots... | 17:52 |
teward | k1l_: ehhh, not really | 17:52 |
teward | and i say that because the only way that is GUARANTEED to work is if: | 17:53 |
k1l_ | teward: i am not talking about 100 users and 1 is unable to config. i am talking about 100 times one user connects | 17:53 |
teward | (1) PASS = NICKSERVACCOUNT:NICKSERVPASS | 17:53 |
teward | or | 17:53 |
k1l_ | with same client, same machine, same server etc. | 17:53 |
teward | (2) services aren't interrupted with ddoses. | 17:53 |
Unit193 | jose: Server password isn't enough then either, netsplits and all, better just use tor. :P | 17:53 |
teward | k1l_: comparatively: at least the tor hidden service is worse xD | 17:53 |
teward | (it's rarely operating as expected) | 17:54 |
Unit193 | However, I think this just goes to show people like different methods for different reasons, and as long as you aren't doing the "fake" join, I don't think it matters and we'll just have to agree to disagree. | 17:54 |
jose | Unit193: wrong highlight, I assume? | 17:54 |
k1l_ | so in daily experience the "go with sasl and it will just work and you are safe" is just not true. | 17:55 |
Unit193 | jose: Geeez, I'm not even hitting the one letter I tabcomplete on right... | 17:55 |
ClumsyFairyQueen | lol | 17:55 |
teward | Unit193: heh | 17:55 |
jose | :P | 17:55 |
Unit193 | I don't think k1l_ is going to agree to disagree. :) | 17:56 |
k1l_ | i agree on there is no bulletproof method :) | 17:56 |
k1l_ | i dont agree on: sasl is the mighty hero | 17:56 |
k1l_ | ;p | 17:56 |
rww | "when you don't want to show your ip 1% failure is wa too much" | 20:37 |
rww | sigh | 20:37 |
rww | freenode's website specifically says that cloaks are not to hide your ip | 20:37 |
rww | if you are using cloaks to hide your ip and expect them to work at that, you are doing it wrong | 20:38 |
rww | even assuming your client is perfect and you don't click on anything or touch anything, there are ways for people to get your ip if you have a cloak | 20:38 |
rww | if you care about this, go use tor-sasl | 20:38 |
Unit193 | Cloaks do hide your IP fairly well about 90% of the time, though. | 20:38 |
Unit193 | "A good majority" at least. | 20:38 |
rww | no, they hide your IP from people not educated in how to bypass them | 20:39 |
rww | which considering the method was discussed in #freenode just the other day is not a particularly great statement | 20:39 |
k1l_ | rww: its a difference to get a blackhat to circumstance that solution or to join every channel in autostart with your ip | 20:41 |
Unit193 | Eh, they generally "hide" my IP well enough, plenty for my taste. I'd agree that if you really want to hide, tor would be better, or maybe even don't use IRC. I just don't want to broadcast it. :P | 20:41 |
rww | "blackhat" != "competent at services" | 20:42 |
k1l_ | rww: again: that is not the focus | 20:42 |
rww | and even setting aside that cloaks don't hide your IP, who the heck cares. you give your IP address out to every website you go to. it's a public identifier. trying to hide it is silly. | 20:42 |
rww | just use a firewall properly and stop bothering | 20:42 |
k1l_ | *sigh* | 20:43 |
Unit193 | Sure, to some extent. | 20:43 |
Unit193 | (It's actually more about not giving 3 lines on join, and being able to join all channels for me.) | 20:43 |
rww | Unit193: yep, that's why I /actually/ care about SASL :) | 20:44 |
Unit193 | My sasl is broken right now because someone stepped on blowfish. | 20:44 |
rww | so use plain? | 20:44 |
Unit193 | Why when I can just wait for them to fix it? :P | 20:45 |
rww | because it'll work fine, and blowfish offers you nothing over plain if you're using SSL (which you are) | 20:45 |
Unit193 | I'm pretty aware I'm using SSL, only way for CertFP to work (and, who wouldn't use ssl? Even my bots do) | 20:45 |
rww | "who wouldn't use ssl" => you overestimate the average freenode user :P | 20:46 |
Unit193 | Nah, I'm sure plenty wouldn't/don't. | 20:46 |
Unit193 | rww: Oh, do you know if the connection from webchat to the server is over ssl or something? | 20:47 |
rww | Unit193: if you use https://webchat.freenode.net/ you're good. if you're using http://, you're not | 20:47 |
rww | https secures browser to webchat.freenode.net. webchat.freenode.net to the IRCd is secured either way. | 20:47 |
rww | and no you don't get +Z or the "secure connection" /whois message on https webchat, and yes this does make the $z channel mode sillier | 20:48 |
Unit193 | Yes, I know about https, was just thinking the rest of the connection. I figured it would be. Pity that users using https://webchat.freenode.net/ don't show up as Z though. I already knew that bit of it. | 20:48 |
rww | now i'm curious about whether kiwiirc etc. use SSL | 20:49 |
Unit193 | I like channel mode +S personally, but meh. :P | 20:49 |
rww | that's the other-network equivalent of $z? | 20:50 |
rww | or rather, +b $~z | 20:50 |
rww | (bans all users that the IRCd doesn't think have SSL) | 20:50 |
Unit193 | No, that's this network. | 20:51 |
rww | oh, they added that and didn't document it on /help. classy. | 20:52 |
rww | I'm not fond of it. Allows in people who have SSL certificate validation turned off (susceptible to MitM), doesn't allow in people using Tor or https webchat. | 20:52 |
rww | so it's basically jumping through hoops for not much benefit | 20:53 |
rww | (this reminds me of something...) | 20:53 |
Unit193 | http://blog.freenode.net/2013/06/new-tlsssl-channel-modes-and-webirc/ | 20:53 |
rww | *nod* I somehow noticed $z and not +S | 20:53 |
Unit193 | About the only real benefit was it blocking the random join bots. :P | 20:54 |
rww | yep, and that's nice assuming all of your users know to use SSL i guess | 20:54 |
rww | and don't use Tor or webchat | 20:55 |
Unit193 | Also, cert validation doesn't work for me on hubbard or another one, but I do have it on. | 20:55 |
Unit193 | 136.157.237.128.in-addr.arpa domain name pointer HUBBARD.CLUB.CC.CMU.EDU. | 20:55 |
rww | certificate validation uses rDNS? | 20:56 |
rww | oh, right. never mind that question. | 20:56 |
Unit193 | I should turn resolve_reverse_lookup as it tends to cause issues, not much of a point to it in my case (got turned on, not sure why.) | 20:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!