[01:50] <jose> hey AlanBell, lderan was wondering if you could join #meetingology or check his MP
[17:17] <elacheche> Hey can I have a Ubuntu Membr cloak please?
[17:20] <ClumsyFairyQueen> elacheche, provide a link to your launchpad page
[17:22] <elacheche> CarlosNeyPastor, https://launchpad.net/~elacheche :)
[17:22] <teward> ClumsyFairyQueen: ^
[17:22] <teward> elacheche: make sure you highlight the right people ;)
[17:22] <ClumsyFairyQueen> IdleOne, ^
[17:22] <ClumsyFairyQueen> enjoy that
[17:22] <ClumsyFairyQueen> :)
[17:23] <ClumsyFairyQueen> might tke a while, its early
[17:24] <elacheche> teward, yeah you're right.. my fault.. I'm not concentrating on just one thing x) → have a server crash that make me crazy x)
[17:24] <elacheche> I'll wait CarlosNeyPastor IdleOne :) → BTW what time is it x)
[17:24] <teward> elacheche: i have five failing sbuild chroots that're failing to build a package i need built :P
[17:24] <teward> so i'm in the same "multitasking" boat
[17:24] <teward> but still
[17:24] <IdleOne> staff can we get a @ubuntu/member/elacheche_anis cloak for elacheche please
[17:24]  * teward returns to nursing his chroots
[17:25] <teward> i thought _ isn't allowed in cloaks?
[17:25] <jose> IdleOne: ^
[17:25] <IdleOne> hmm, true
[17:25] <teward> IdleOne: i'm basing that on their current unaffiliated cloak, if _ isn't allowed in cloaks then that's why they have unaffiliated/elacheche-anis/x-random
[17:25] <jose> afaik, it would be @ubuntu/member/elacheche-anis/x-crashyournumpadandentertheresulthere
[17:26] <Pici> no
[17:26] <teward> Pici: no?
[17:26] <Pici> We have no requirement to use the x-2394823904823
[17:26] <Pici> Just replace it with a -
[17:26] <IdleOne> ok
[17:26] <Pici> IdleOne: also, I usually need to go grab a staffer manually, askin in this channel only works if we know that one of our staffer friends have been recently active here.
[17:27] <Pici> from #freenode usually
[17:27] <IdleOne> yeah I asked here and was about to go poke someone in #freenode
[17:27] <teward> i saw mquin around in #freenode you can probably poke him if ou hop in #freenode
[17:27] <teward> blah now my keyboard's breaking >.>
[17:27] <ClumsyFairyQueen> lol
[17:31] <IdleOne> congrats elacheche :)
[17:32] <elacheche> thx IdleOne :)
[17:32] <IdleOne> You are very welcome
[17:32] <elacheche> Need to reconnect to use it?
[17:32] <IdleOne> nope
[17:33] <IdleOne> your cloak will be applied to your account when you identify to nickserv. if you /whois elacheche you will see your cloak
[17:33] <Unit193> You will also see your IP since you are the user logged in, but we won't.
[17:33] <elacheche> Yeah I see that in the whois :D Coool :D thx guys :)
[17:33] <IdleOne> sure thing :)
[17:34] <Pici> woo
[17:35] <elacheche> :)
[17:39] <LjL> see? you didn't even feel a thing
[17:43] <elacheche> hahaha x)
[17:43] <teward> elacheche: remember to identify with nickserv every connection though
[17:44] <elacheche> So anyone can tell me how to be secure on irc :) the #freenode guys says that a cloak can't really hide the ip..
[17:44] <elacheche> teward, xchat is good configured to do it ;) :D
[17:44] <k1l_> set your nickserv pw as the server pw
[17:45] <teward> ewww
[17:45] <teward> xchat
[17:45] <teward> eww
[17:45]  * teward shuns
[17:45] <Unit193> If someone _really_ wants it, no, but it's good enough.
[17:45] <Unit193> Better to use SASL or CertFP.
[17:45] <LjL> yes, your IP is hard to safely hide using freenode means, elacheche, if you're very concerned about that, get a VPS or something like that
[17:45] <k1l_> elacheche: for regular chat its ok.
[17:45] <teward> i'd suggest hexchat over xchat (there's a PPA), it has built in SASL auth...
[17:46] <elacheche> teward, better then pidgin or empathy :p but I'm thinking to migrate to irssi :p
[17:46] <LjL> you might want to wonder whether it's worth hiding your IP here when ever single website you ever visit gets it, and stores it, though
[17:46] <k1l_> teward: sasl is not that stable as freenode wants to tell
[17:46] <Unit193> elacheche: Good choice!  That's the one I use. ;)
[17:47] <IdleOne> The only real and 100% effective way of hiding your ip is to unplug your computer
[17:47] <LjL> IdleOne: unless you have another two dozen devices that get an IP
[17:47] <elacheche> LjL, if I'll have some $ or € I'll get my DS and create a dedicated vm fo irc :p :D for now am just asking :)
[17:47] <LjL> and don't need cables
[17:47] <elacheche> IdleOne, +1
[17:47] <teward> k1l_: SASL's only not stable when the network's under DDoS (they still have SASL PLAIN up)
[17:48] <LjL> IdleOne: also, apparently, new Intel chipsets for laptops come with a built-in 3G+GPS module that works when they're off to track their location (for cases of theft!), so, that's not useful either
[17:48] <Unit193> CertFP is pretty much the best backup too.
[17:48] <k1l_> teward: nope.
[17:48] <IdleOne> in that case, smash every device in your home that use electricity
[17:48] <LjL> teward: isn't it refreshing to know the way to authenticate in 2014 is still by sending plaintext passwords!
[17:48] <k1l_> teward: in theory, yes. but not in the user experience. more failed auths then serverpw method
[17:49] <Unit193> k1l_: I think your client is broken. :P
[17:49] <teward> i've got my theories on that...
[17:49] <teward> but as this channel is public, i can't state them
[17:49] <teward> not without (a) breaking guidelines and (b) being a nuisance
[17:49] <LjL> that's a "go ahead" from me
[17:49] <teward> so long as the CC won't nuke my membership... :P
[17:49] <teward> (it violates CoC too)
[17:50] <LjL> teward: well, then you can join the club
[17:50] <teward> heh
[17:50] <LjL> i'm presently drafting the charter!
[17:50] <IdleOne> or honor your agreement to follow the CoC
[17:50] <teward> it's mainly misconfiguration issues, i've seen, k1l_
[17:50] <teward> IdleOne: which is why i'm not saying anything :)
[17:50] <teward> k1l_: or, in my case, where I forgot to change my SASL data to account for my changed nickserv account nick, but meh
[17:50] <k1l_> teward: i doubt misconfig when it works only 99 out of 100 times
[17:51] <teward> k1l_: the 1% is so minor it's usually irrelevant and statistically insignificant (and usually easily fixable on those clients)
[17:51] <teward> i'm not going to argue over 1% though
[17:51] <teward> because there are clients that just fail to implement sasl right, whether built in or via plugin
[17:52] <teward> (and of that 1% i've seen a lot of people complaining because they mistyped something)
[17:52] <k1l_> teward: it is quite stable. but not as the bulletproof stable people talk about it. and when you dont want to show your ip 1% failure is wa too much. hence serverpw method is way better since its at the beginning of the connection process
[17:52] <teward> ... grrr, stupid sbuild chroots...
[17:52] <teward> k1l_: ehhh, not really
[17:53] <teward> and i say that because the only way that is GUARANTEED to work is if:
[17:53] <k1l_> teward: i am not talking about 100 users and 1 is unable to config. i am talking about 100 times one user connects
[17:53] <teward> (1) PASS = NICKSERVACCOUNT:NICKSERVPASS
[17:53] <teward> or
[17:53] <k1l_> with same client, same machine, same server etc.
[17:53] <teward> (2) services aren't interrupted with ddoses.
[17:53] <Unit193> jose: Server password isn't enough then either, netsplits and all, better just use tor. :P
[17:53] <teward> k1l_: comparatively: at least the tor hidden service is worse xD
[17:54] <teward> (it's rarely operating as expected)
[17:54] <Unit193> However, I think this just goes to show people like different methods for different reasons, and as long as you aren't doing the "fake" join, I don't think it matters and we'll just have to agree to disagree.
[17:54] <jose> Unit193: wrong highlight, I assume?
[17:55] <k1l_> so in daily experience the "go with sasl and it will just work and you are safe" is just not true.
[17:55] <Unit193> jose: Geeez, I'm not even hitting the one letter I tabcomplete on right...
[17:55] <ClumsyFairyQueen> lol
[17:55] <teward> Unit193: heh
[17:55] <jose> :P
[17:56] <Unit193> I don't think k1l_ is going to agree to disagree. :)
[17:56] <k1l_> i agree on there is no bulletproof method :)
[17:56] <k1l_> i dont agree on: sasl is the mighty hero
[17:56] <k1l_> ;p
[20:37] <rww> "when you don't want to show your ip 1% failure is wa too much"
[20:37] <rww> sigh
[20:37] <rww> freenode's website specifically says that cloaks are not to hide your ip
[20:38] <rww> if you are using cloaks to hide your ip and expect them to work at that, you are doing it wrong
[20:38] <rww> even assuming your client is perfect and you don't click on anything or touch anything, there are ways for people to get your ip if you have a cloak
[20:38] <rww> if you care about this, go use tor-sasl
[20:38] <Unit193> Cloaks do hide your IP fairly well about 90% of the time, though.
[20:38] <Unit193> "A good majority" at least.
[20:39] <rww> no, they hide your IP from people not educated in how to bypass them
[20:39] <rww> which considering the method was discussed in #freenode just the other day is not a particularly great statement
[20:41] <k1l_> rww: its a difference to get a blackhat to circumstance that solution or to join every channel in autostart with your ip
[20:41] <Unit193> Eh, they generally "hide" my IP well enough, plenty for my taste.  I'd agree that if you really want to hide, tor would be better, or maybe even don't use IRC.  I just don't want to broadcast it. :P
[20:42] <rww> "blackhat" != "competent at services"
[20:42] <k1l_> rww: again: that is not the focus
[20:42] <rww> and even setting aside that cloaks don't hide your IP, who the heck cares. you give your IP address out to every website you go to. it's a public identifier. trying to hide it is silly.
[20:42] <rww> just use a firewall properly and stop bothering
[20:43] <k1l_> *sigh*
[20:43] <Unit193> Sure, to some extent.
[20:43] <Unit193> (It's actually more about not giving 3 lines on join, and being able to join all channels for me.)
[20:44] <rww> Unit193: yep, that's why I /actually/ care about SASL :)
[20:44] <Unit193> My sasl is broken right now because someone stepped on blowfish.
[20:44] <rww> so use plain?
[20:45] <Unit193> Why when I can just wait for them to fix it? :P
[20:45] <rww> because it'll work fine, and blowfish offers you nothing over plain if you're using SSL (which you are)
[20:45] <Unit193> I'm pretty aware I'm using SSL, only way for CertFP to work (and, who wouldn't use ssl?  Even my bots do)
[20:46] <rww> "who wouldn't use ssl" => you overestimate the average freenode user :P
[20:46] <Unit193> Nah, I'm sure plenty wouldn't/don't.
[20:47] <Unit193> rww: Oh, do you know if the connection from webchat to the server is over ssl or something?
[20:47] <rww> Unit193: if you use https://webchat.freenode.net/ you're good. if you're using http://, you're not
[20:47] <rww> https secures browser to webchat.freenode.net. webchat.freenode.net to the IRCd is secured either way.
[20:48] <rww> and no you don't get +Z or the "secure connection" /whois message on https webchat, and yes this does make the $z channel mode sillier
[20:48] <Unit193> Yes, I know about https, was just thinking the rest of the connection.  I figured it would be.  Pity that users using https://webchat.freenode.net/ don't show up as Z though.  I already knew that bit of it.
[20:49] <rww> now i'm curious about whether kiwiirc etc. use SSL
[20:49] <Unit193> I like channel mode +S personally, but meh. :P
[20:50] <rww> that's the other-network equivalent of $z?
[20:50] <rww> or rather, +b $~z
[20:50] <rww> (bans all users that the IRCd doesn't think have SSL)
[20:51] <Unit193> No, that's this network.
[20:52] <rww> oh, they added that and didn't document it on /help. classy.
[20:52] <rww> I'm not fond of it. Allows in people who have SSL certificate validation turned off (susceptible to MitM), doesn't allow in people using Tor or https webchat.
[20:53] <rww> so it's basically jumping through hoops for not much benefit
[20:53] <rww> (this reminds me of something...)
[20:53] <Unit193> http://blog.freenode.net/2013/06/new-tlsssl-channel-modes-and-webirc/
[20:53] <rww> *nod* I somehow noticed $z and not +S
[20:54] <Unit193> About the only real benefit was it blocking the random join bots. :P
[20:54] <rww> yep, and that's nice assuming all of your users know to use SSL i guess
[20:55] <rww> and don't use Tor or webchat
[20:55] <Unit193> Also, cert validation doesn't work for me on hubbard or another one, but I do have it on.
[20:55] <Unit193> 136.157.237.128.in-addr.arpa domain name pointer HUBBARD.CLUB.CC.CMU.EDU.
[20:56] <rww> certificate validation uses rDNS?
[20:56] <rww> oh, right. never mind that question.
[20:57] <Unit193> I should turn resolve_reverse_lookup as it tends to cause issues, not much of a point to it in my case (got turned on, not sure why.)