[01:50] hey AlanBell, lderan was wondering if you could join #meetingology or check his MP === ldunn is now known as Idunn === Idunn is now known as ldunn === LjL is now known as Al-Jayal === Al-Jayal is now known as LjL-September === LjL-September is now known as LjL [17:17] Hey can I have a Ubuntu Membr cloak please? [17:20] elacheche, provide a link to your launchpad page [17:22] CarlosNeyPastor, https://launchpad.net/~elacheche :) [17:22] ClumsyFairyQueen: ^ [17:22] elacheche: make sure you highlight the right people ;) [17:22] IdleOne, ^ [17:22] enjoy that [17:22] :) [17:23] might tke a while, its early [17:24] teward, yeah you're right.. my fault.. I'm not concentrating on just one thing x) → have a server crash that make me crazy x) [17:24] I'll wait CarlosNeyPastor IdleOne :) → BTW what time is it x) [17:24] elacheche: i have five failing sbuild chroots that're failing to build a package i need built :P [17:24] so i'm in the same "multitasking" boat [17:24] but still [17:24] staff can we get a @ubuntu/member/elacheche_anis cloak for elacheche please [17:24] * teward returns to nursing his chroots [17:25] i thought _ isn't allowed in cloaks? [17:25] IdleOne: ^ [17:25] hmm, true [17:25] IdleOne: i'm basing that on their current unaffiliated cloak, if _ isn't allowed in cloaks then that's why they have unaffiliated/elacheche-anis/x-random [17:25] afaik, it would be @ubuntu/member/elacheche-anis/x-crashyournumpadandentertheresulthere [17:26] no [17:26] Pici: no? [17:26] We have no requirement to use the x-2394823904823 [17:26] Just replace it with a - [17:26] ok [17:26] IdleOne: also, I usually need to go grab a staffer manually, askin in this channel only works if we know that one of our staffer friends have been recently active here. [17:27] from #freenode usually [17:27] yeah I asked here and was about to go poke someone in #freenode [17:27] i saw mquin around in #freenode you can probably poke him if ou hop in #freenode [17:27] blah now my keyboard's breaking >.> [17:27] lol [17:31] congrats elacheche :) [17:32] thx IdleOne :) [17:32] You are very welcome [17:32] Need to reconnect to use it? [17:32] nope [17:33] your cloak will be applied to your account when you identify to nickserv. if you /whois elacheche you will see your cloak [17:33] You will also see your IP since you are the user logged in, but we won't. [17:33] Yeah I see that in the whois :D Coool :D thx guys :) [17:33] sure thing :) [17:34] woo [17:35] :) [17:39] see? you didn't even feel a thing [17:43] hahaha x) [17:43] elacheche: remember to identify with nickserv every connection though [17:44] So anyone can tell me how to be secure on irc :) the #freenode guys says that a cloak can't really hide the ip.. [17:44] teward, xchat is good configured to do it ;) :D [17:44] set your nickserv pw as the server pw [17:45] ewww [17:45] xchat [17:45] eww [17:45] * teward shuns [17:45] If someone _really_ wants it, no, but it's good enough. [17:45] Better to use SASL or CertFP. [17:45] yes, your IP is hard to safely hide using freenode means, elacheche, if you're very concerned about that, get a VPS or something like that [17:45] elacheche: for regular chat its ok. [17:45] i'd suggest hexchat over xchat (there's a PPA), it has built in SASL auth... [17:46] teward, better then pidgin or empathy :p but I'm thinking to migrate to irssi :p [17:46] you might want to wonder whether it's worth hiding your IP here when ever single website you ever visit gets it, and stores it, though [17:46] teward: sasl is not that stable as freenode wants to tell [17:46] elacheche: Good choice! That's the one I use. ;) [17:47] The only real and 100% effective way of hiding your ip is to unplug your computer [17:47] IdleOne: unless you have another two dozen devices that get an IP [17:47] LjL, if I'll have some $ or € I'll get my DS and create a dedicated vm fo irc :p :D for now am just asking :) [17:47] and don't need cables [17:47] IdleOne, +1 [17:47] k1l_: SASL's only not stable when the network's under DDoS (they still have SASL PLAIN up) [17:48] IdleOne: also, apparently, new Intel chipsets for laptops come with a built-in 3G+GPS module that works when they're off to track their location (for cases of theft!), so, that's not useful either [17:48] CertFP is pretty much the best backup too. [17:48] teward: nope. [17:48] in that case, smash every device in your home that use electricity [17:48] teward: isn't it refreshing to know the way to authenticate in 2014 is still by sending plaintext passwords! [17:48] teward: in theory, yes. but not in the user experience. more failed auths then serverpw method [17:49] k1l_: I think your client is broken. :P [17:49] i've got my theories on that... [17:49] but as this channel is public, i can't state them [17:49] not without (a) breaking guidelines and (b) being a nuisance [17:49] that's a "go ahead" from me [17:49] so long as the CC won't nuke my membership... :P [17:49] (it violates CoC too) [17:50] teward: well, then you can join the club [17:50] heh [17:50] i'm presently drafting the charter! [17:50] or honor your agreement to follow the CoC [17:50] it's mainly misconfiguration issues, i've seen, k1l_ [17:50] IdleOne: which is why i'm not saying anything :) [17:50] k1l_: or, in my case, where I forgot to change my SASL data to account for my changed nickserv account nick, but meh [17:50] teward: i doubt misconfig when it works only 99 out of 100 times [17:51] k1l_: the 1% is so minor it's usually irrelevant and statistically insignificant (and usually easily fixable on those clients) [17:51] i'm not going to argue over 1% though [17:51] because there are clients that just fail to implement sasl right, whether built in or via plugin [17:52] (and of that 1% i've seen a lot of people complaining because they mistyped something) [17:52] teward: it is quite stable. but not as the bulletproof stable people talk about it. and when you dont want to show your ip 1% failure is wa too much. hence serverpw method is way better since its at the beginning of the connection process [17:52] ... grrr, stupid sbuild chroots... [17:52] k1l_: ehhh, not really [17:53] and i say that because the only way that is GUARANTEED to work is if: [17:53] teward: i am not talking about 100 users and 1 is unable to config. i am talking about 100 times one user connects [17:53] (1) PASS = NICKSERVACCOUNT:NICKSERVPASS [17:53] or [17:53] with same client, same machine, same server etc. [17:53] (2) services aren't interrupted with ddoses. [17:53] jose: Server password isn't enough then either, netsplits and all, better just use tor. :P [17:53] k1l_: comparatively: at least the tor hidden service is worse xD [17:54] (it's rarely operating as expected) [17:54] However, I think this just goes to show people like different methods for different reasons, and as long as you aren't doing the "fake" join, I don't think it matters and we'll just have to agree to disagree. [17:54] Unit193: wrong highlight, I assume? [17:55] so in daily experience the "go with sasl and it will just work and you are safe" is just not true. [17:55] jose: Geeez, I'm not even hitting the one letter I tabcomplete on right... [17:55] lol [17:55] Unit193: heh [17:55] :P [17:56] I don't think k1l_ is going to agree to disagree. :) [17:56] i agree on there is no bulletproof method :) [17:56] i dont agree on: sasl is the mighty hero [17:56] ;p [20:37] "when you don't want to show your ip 1% failure is wa too much" [20:37] sigh [20:37] freenode's website specifically says that cloaks are not to hide your ip [20:38] if you are using cloaks to hide your ip and expect them to work at that, you are doing it wrong [20:38] even assuming your client is perfect and you don't click on anything or touch anything, there are ways for people to get your ip if you have a cloak [20:38] if you care about this, go use tor-sasl [20:38] Cloaks do hide your IP fairly well about 90% of the time, though. [20:38] "A good majority" at least. [20:39] no, they hide your IP from people not educated in how to bypass them [20:39] which considering the method was discussed in #freenode just the other day is not a particularly great statement [20:41] rww: its a difference to get a blackhat to circumstance that solution or to join every channel in autostart with your ip [20:41] Eh, they generally "hide" my IP well enough, plenty for my taste. I'd agree that if you really want to hide, tor would be better, or maybe even don't use IRC. I just don't want to broadcast it. :P [20:42] "blackhat" != "competent at services" [20:42] rww: again: that is not the focus [20:42] and even setting aside that cloaks don't hide your IP, who the heck cares. you give your IP address out to every website you go to. it's a public identifier. trying to hide it is silly. [20:42] just use a firewall properly and stop bothering [20:43] *sigh* [20:43] Sure, to some extent. [20:43] (It's actually more about not giving 3 lines on join, and being able to join all channels for me.) [20:44] Unit193: yep, that's why I /actually/ care about SASL :) [20:44] My sasl is broken right now because someone stepped on blowfish. [20:44] so use plain? [20:45] Why when I can just wait for them to fix it? :P [20:45] because it'll work fine, and blowfish offers you nothing over plain if you're using SSL (which you are) [20:45] I'm pretty aware I'm using SSL, only way for CertFP to work (and, who wouldn't use ssl? Even my bots do) [20:46] "who wouldn't use ssl" => you overestimate the average freenode user :P [20:46] Nah, I'm sure plenty wouldn't/don't. [20:47] rww: Oh, do you know if the connection from webchat to the server is over ssl or something? [20:47] Unit193: if you use https://webchat.freenode.net/ you're good. if you're using http://, you're not [20:47] https secures browser to webchat.freenode.net. webchat.freenode.net to the IRCd is secured either way. [20:48] and no you don't get +Z or the "secure connection" /whois message on https webchat, and yes this does make the $z channel mode sillier [20:48] Yes, I know about https, was just thinking the rest of the connection. I figured it would be. Pity that users using https://webchat.freenode.net/ don't show up as Z though. I already knew that bit of it. [20:49] now i'm curious about whether kiwiirc etc. use SSL [20:49] I like channel mode +S personally, but meh. :P [20:50] that's the other-network equivalent of $z? [20:50] or rather, +b $~z [20:50] (bans all users that the IRCd doesn't think have SSL) [20:51] No, that's this network. [20:52] oh, they added that and didn't document it on /help. classy. [20:52] I'm not fond of it. Allows in people who have SSL certificate validation turned off (susceptible to MitM), doesn't allow in people using Tor or https webchat. [20:53] so it's basically jumping through hoops for not much benefit [20:53] (this reminds me of something...) [20:53] http://blog.freenode.net/2013/06/new-tlsssl-channel-modes-and-webirc/ [20:53] *nod* I somehow noticed $z and not +S [20:54] About the only real benefit was it blocking the random join bots. :P [20:54] yep, and that's nice assuming all of your users know to use SSL i guess [20:55] and don't use Tor or webchat [20:55] Also, cert validation doesn't work for me on hubbard or another one, but I do have it on. [20:55] 136.157.237.128.in-addr.arpa domain name pointer HUBBARD.CLUB.CC.CMU.EDU. [20:56] certificate validation uses rDNS? [20:56] oh, right. never mind that question. [20:57] I should turn resolve_reverse_lookup as it tends to cause issues, not much of a point to it in my case (got turned on, not sure why.)