00:03.56 | *** join/#wowace SunTsu (miyamoto@bnc.suntsu.org) |
00:03.56 | *** join/#wowace SunTsu (miyamoto@unaffiliated/suntsu) |
00:27.46 | *** join/#wowace SunTsu (~miyamoto@bnc.suntsu.org) |
00:28.05 | *** join/#wowace SunTsu (~miyamoto@unaffiliated/suntsu) |
01:19.35 | *** join/#wowace purl (ibot@rikers.org) |
01:19.35 | *** topic/#wowace is https://wowace.com/ | 7.3.x ToC: 70300 | https://wowace.com/paste/ | http://lua.org | This channel is logged, via purl | Vote on Twitch 2FA options: https://goo.gl/CWiHFi https://goo.gl/snFnWY https://goo.gl/SXoS7s https://goo.gl/StjdMd |
01:30.36 | *** join/#wowace SunTsu (miyamoto@bnc.suntsu.org) |
01:31.01 | *** join/#wowace SunTsu (miyamoto@unaffiliated/suntsu) |
02:07.53 | *** join/#wowace SunTsu (~miyamoto@bnc.suntsu.org) |
02:08.11 | *** join/#wowace SunTsu (~miyamoto@unaffiliated/suntsu) |
02:43.08 | *** join/#wowace SunTsu (miyamoto@unaffiliated/suntsu) |
03:43.55 | *** join/#wowace Seerah (~umsin@2601:3c2:80:1380:3d2c:a1de:4e08:3142) |
04:29.02 | *** part/#wowace Seerah (~umsin@2601:3c2:80:1380:3d2c:a1de:4e08:3142) |
05:57.53 | *** join/#wowace ShadniX (dagger@p4FF9F6CB.dip0.t-ipconnect.de) |
06:40.55 | quiescens | moo |
07:17.20 | *** join/#wowace harl (harl@unaffiliated/harl) |
07:39.03 | *** join/#wowace tunekey (~tunekey@unaffiliated/tunekey) |
07:46.14 | *** join/#wowace tunekey (~tunekey@unaffiliated/tunekey) |
07:57.29 | *** join/#wowace tunekey (~tunekey@unaffiliated/tunekey) |
08:17.45 | Gnarfoz | znf: https://www.supermicro.com/newsroom/pressreleases/2017/press171128_Intel_Ruler_NVMe.cfm |
08:17.52 | Gnarfoz | Can has? |
08:18.26 | Fisker | I rather want the nvidia ruler |
08:18.56 | Gnarfoz | Nvidia already rules |
08:19.28 | Gnarfoz | znf: Monokai should be available as long as it's available as an iTerm color file |
08:20.46 | Gnarfoz | znf: I use PM2 for that as well, don't know about alternatives. PM2 can be a bit annoying when combined with nvm, since its config will be stored in the version-dependent path |
08:21.16 | Gnarfoz | Probably best to get used to using the ecosystem.json thing right away |
08:23.21 | Gnarfoz | znf: I've never really used cipherli.st, their recommendations were the typical "oh, you have actual users? Well, tough luck if they can't connect anymore" variety. I built my list from Ivan Ristic's blog posts (engineer at Qualys SSL labs) |
08:45.08 | *** join/#wowace Megalon (~wig0r@193-81-177-88.adsl.highway.telekom.at) |
11:58.26 | Gnarfoz | znf: https://photos.app.goo.gl/7qbcncqqNb4fl3Bw1 |
12:14.58 | quiescens | o.O |
12:35.15 | *** join/#wowace ls- (~ls@223.204.247.52) |
12:42.44 | ls- | Torhal: I have few requests/suggestions regarding curseforge >_> deleting phrases one by one is a PITA, esp if there's hundreds of strings, can something be done about it? and it'd be nice if you used block comments for multiline strings when exporting stuff >_> |
12:43.18 | Megalon | drop * from strings |
12:44.24 | ls- | eh? o_O |
12:50.41 | nevcairiel | just use the import function, you can tell it to drop all phrases not in the current import |
12:50.49 | nevcairiel | so export english,d elete phreases, import again, done |
12:51.37 | ls- | nah, that's not the problem I have :D |
12:52.07 | ls- | as for import trick, ty |
12:56.21 | ls- | I usually keep untranslated stuff as commented out English strings, but because curse exporter always uses -- for comments, I have to fix stuff manually later >_> |
13:07.32 | Megalon | https://www.amazon.de/dp/B01E18RLPI for the man who has everything |
13:13.16 | ls- | there's a guy in our office that uses them, they're quite handy o_O |
13:14.21 | ls- | although have no idea why he's wearing fancy stuff, the rest of programmers wears shorts and tees >_> |
14:03.08 | znf | Gnarfoz: no. Cipher also had "still have XP users?" section |
14:04.20 | *** join/#wowace wink_ (fhtagn@porkchop.art-core.org) |
14:15.29 | Gnarfoz | znf: yeah even those were bad :> |
14:15.55 | Gnarfoz | i.e. a manual choice gave a better result for me :-) |
14:16.35 | znf | Never had a user complain |
14:16.42 | znf | I just tell XP users to gtfo |
14:23.40 | *** join/#wowace wink (fhtagn@unaffiliated/winkiller) |
15:01.00 | Gnarfoz | Megalon: totally not machine translated |
15:03.36 | Gnarfoz | ls-: your suggestions are probably better off here https://invite.twitch.tv/C1ya |
16:12.37 | nevcairiel | Gnarfoz: znf: mozilla also maintains a list of cyphers for various compatibility levels (https://wiki.mozilla.org/Security/Server_Side_TLS and config generator https://mozilla.github.io/server-side-tls/ssl-config-generator/) |
16:12.44 | znf | I know |
16:12.48 | znf | I used that |
16:13.00 | znf | because the cipher list repo points to it as an alternative |
16:15.17 | Funkeh` | fuck XP users |
16:16.12 | znf | pretty much |
16:16.19 | znf | soon fuck Windows 7 users, too! |
16:16.23 | znf | when's EOL? 2 years? 2020? |
16:16.33 | Funkeh` | just under 2 years |
16:16.45 | nevcairiel | none of those profiles even fuck windows 7 users |
16:16.52 | nevcairiel | ie11 on 7 supports all relevant things |
16:17.14 | Funkeh` | force tls 1.3 only |
16:17.28 | nevcairiel | nothing supports that anywhere |
16:17.29 | nevcairiel | :p |
16:17.56 | Funkeh` | chrome does |
16:19.26 | Gnarfoz | it's not "XP users" btw, shows how much attention you paid :P |
16:19.45 | nevcairiel | 1.3 is even still a working draft only |
16:20.28 | Funkeh` | i believe so, it's the draft that is supported |
16:21.08 | Gnarfoz | how well supporting drafts instead of finalized versions works can be seen in wifi land |
16:21.09 | Gnarfoz | :D |
16:21.11 | znf | Gnarfoz, it's the same tier :P |
16:21.13 | nevcairiel | its apparently available in a few browsers but not the default choice if the server gives you a choice |
16:21.17 | znf | XP users, no SNI, shit algos |
16:21.26 | nevcairiel | because it still breaks all over |
16:21.36 | Gnarfoz | znf: and yet, Chrome and Firefox work fine there |
16:21.59 | znf | I don't know man, I don't care that much. I copy paste shit to get A on ssl labs |
16:22.07 | znf | unless client has users from the stoneage |
16:22.18 | nevcairiel | getting A is even possible with XP support |
16:22.22 | Gnarfoz | ^ |
16:22.30 | Gnarfoz | I don't get to just exclude people because "fuck them" |
16:22.38 | znf | TLS config is just voodoo to me |
16:22.46 | Gnarfoz | they're customers, terrible customers, but customers nonetheless |
16:23.02 | nevcairiel | we just canned XP support in our latest software release, but thats a different thing then some server tls config |
16:23.14 | Gnarfoz | (don't get me wrong, we don't support IE6/XP :P it's just the mentality that annoys me) |
16:23.48 | Funkeh` | what? lol, it's not because "fuck them". Every single shit cypher you enable increases your attack surface for all your other users, in the form of widening the effectiveness of a potential downgrade attack |
16:23.48 | Gnarfoz | I wonder if nmap has managed to get a new cert, yet |
16:24.09 | Gnarfoz | Funkeh`: <Funkeh`> fuck XP users <znf> I just tell XP users to gtfo |
16:24.19 | znf | There is a certain point when you should really tell them to fuck off. Stop enabling them. |
16:24.19 | Funkeh` | that was just in general |
16:24.24 | Funkeh` | fuck em all |
16:24.34 | Gnarfoz | znf: sure, that point is when we don't want their money anymore :D |
16:24.48 | znf | If they haven't upgraded in 2 decades, do they even have money to spend? :D |
16:24.55 | Gnarfoz | it's b2b, you'd be surprised how much shit you deal with |
16:25.12 | Megalon | compiles fortran |
16:25.32 | nevcairiel | there is a lot of money to be made if you're crazy enough to still know fortran |
16:25.36 | Gnarfoz | I'm not sure we have fortran programs, but quite a lot of RPG |
16:25.44 | znf | I remember some "developer" said that he keeps a machine with Windows 2000 to check if his program works on it |
16:25.48 | znf | that was somewhat recent |
16:25.51 | Megalon | recodes *foz in ALGOL |
16:25.52 | znf | I'm like... for real? |
16:26.17 | nevcairiel | some years ago i tried to install fresh XP in a VM, that was basically impossible because MS shut down all sorts of web services that XP uses |
16:26.19 | znf | Stop enabling those fucks. Let shit die already, stop pumping IV fluids |
16:26.23 | nevcairiel | couldnt update it anymore, or whatever |
16:26.27 | *** join/#wowace Telshin (sid114244@gateway/web/irccloud.com/x-xwervoewtdabubbs) |
16:26.48 | znf | I think I have an XP VM on my laptop |
16:26.52 | znf | but I barely use it |
16:27.07 | znf | didn't even add networking to it |
16:27.22 | nevcairiel | all software i work on stopped supporting XP since then, so shrug |
16:27.25 | znf | that thing would probably blow up from everything |
16:28.11 | Gnarfoz | nope. nmap.org still inaccessible to me :D (Chrome 66 dev/beta already block Symantec-rooted certs) |
16:28.29 | znf | yeah, I noticed that too 2 days ago |
16:28.38 | Gnarfoz | you'd think people like that would be more aware |
16:28.39 | znf | I haven't upgraded my cert either |
16:28.46 | znf | I have a few clients with those old certs |
16:28.53 | Gnarfoz | well, you have like... a couple of days left |
16:28.55 | znf | problem is - I keep asking for the renewal, but no confirmation email |
16:29.05 | Gnarfoz | or, they do, as it were |
16:29.28 | znf | oh, wtf |
16:29.35 | znf | connection refused on the clients webmail |
16:29.38 | znf | the fuck is wrong now |
16:29.48 | nevcairiel | we use a symantec code signing cert, i wonder if those will go invalid as well |
16:29.58 | Gnarfoz | don't think so |
16:30.25 | Gnarfoz | it's a CA/B forum thing, isn't it |
16:30.34 | znf | uhm |
16:30.39 | znf | this is weird |
16:31.02 | znf | the fuck did these guys do https://i.imgur.com/s37IbuJ.png |
16:31.22 | Gnarfoz | reboot, as it appears |
16:31.28 | znf | question is... WHY |
16:31.57 | znf | you know what the biggest issue with this stupid cert shit? |
16:32.11 | znf | chrome won't auto-complete usernames/passwords if you bypass the security warning |
16:32.26 | Gnarfoz | good |
16:32.27 | Gnarfoz | :D |
16:32.38 | znf | not good |
16:32.53 | znf | I don't know the clients system logins by heart :( |
16:33.28 | nevcairiel | if you solely rely on chrome remembering the shit, you are screwed anyway |
16:34.08 | znf | AUTHENTICATE PLAIN: Authentication failed. |
16:34.10 | znf | BAAAAAAAAAAAAAAAH |
16:36.21 | znf | and before you say anything - the imap server allows PLAIN login only from 127.0.0.1 |
16:36.33 | Gnarfoz | mine only supports plain, as well |
16:36.51 | Gnarfoz | only after you say the magic word, though |
16:36.58 | Gnarfoz | STARTTLS |
16:37.11 | Gnarfoz | without that, it supports not authentication mechanisms at all :p |
16:37.24 | Gnarfoz | -t |
16:37.36 | Megalon | oh i thought the magic word is FORFUCKSSAKEYOUSTUPIDPIECEOFSHITSTARTWORKINGORIWILLANNIHILATEYOU |
16:37.44 | znf | I think I had some issue with the CA not validating for localhosts |
16:37.53 | znf | and I run out of patience and I just allowed plain for 127.0.0.1 |
16:38.02 | znf | something about php not liking the CA |
16:39.46 | znf | Gnarfoz, you know what else is stupid? |
16:39.47 | znf | https://i.imgur.com/8YNr6q9.png |
16:39.55 | znf | I have to log on the certificate website to reissue |
16:40.02 | znf | ...but they haven't reissued their cert |
16:40.32 | Gnarfoz | good job |
16:41.17 | znf | lol, I can't reissue the cert for this client |
16:41.19 | znf | it's not in the list anymore |
16:41.41 | Gnarfoz | does that even fall under "reissue" |
16:41.53 | Gnarfoz | depends on the vendor how they call that |
16:41.58 | znf | Yes: https://i.imgur.com/md2AJjt.png |
16:42.13 | Gnarfoz | rofl what |
16:42.16 | Gnarfoz | "do needful" |
16:42.26 | Gnarfoz | are they /r/sysadmin idiots |
16:43.02 | Gnarfoz | no, they're just bad in general, it seems. :D |
16:43.39 | znf | this fucking sucks dick |
16:43.42 | znf | FUCK IT |
16:43.44 | znf | Certbot. |
16:43.47 | Gnarfoz | https://dev.ssllabs.com/ssltest/analyze.html?d=my.clickssl.com noice |
16:44.50 | znf | yeah, I hit the "reissue certificate" button a few days for this domain |
16:44.55 | znf | few days ago* |
16:45.04 | znf | I never got the verification email to admin@domain |
16:45.46 | znf | I wanted to do it again now |
16:45.50 | znf | the domain is not in the list anymore |
16:46.07 | Gnarfoz | I'm more annoyed that I'll either have to build a custom openssl or replace our load balancers entirely (which I maybe should anyway, considering how old the hardware is and that one of them recently failed), to get http/2 working again |
16:47.40 | znf | http2 is life |
16:47.50 | znf | that reminds me, I wonder how do I get http2 working on Ubuntu 14.04 with Apache |
16:47.55 | Gnarfoz | it might be, but even Firefox dropped NPN support now |
16:48.12 | Gnarfoz | probably the same way I just described :P |
16:48.26 | znf | there should be a PPA for it! |
16:48.37 | Gnarfoz | here, have mine |
16:48.44 | Gnarfoz | it certainly won't mine bitcoins while you're not looking |
16:49.00 | znf | *suspicious* |
16:49.12 | znf | removed âjdk-8u151-linux-x64.tar.gzâ |
16:49.12 | znf | removed âjdk-8u144-linux-x64.tar.gzâ |
16:49.12 | znf | Oracle JDK 8 installed |
16:49.14 | znf | Not even on Linux. |
16:49.19 | znf | This is like plague. |
16:49.27 | Gnarfoz | ??? |
16:49.31 | znf | java updates! |
16:49.32 | Gnarfoz | what are you saying :p |
16:49.39 | Gnarfoz | why do you have the jdk |
16:49.44 | Gnarfoz | don't you just want the jre :P |
16:49.52 | Gnarfoz | and what's bad about having the latest version? :D |
16:49.59 | znf | didn't work properly with Solr for some reasons |
16:50.11 | Gnarfoz | the same reason "php didn't like the CA"? |
16:50.12 | znf | or was it with Tika? |
16:50.25 | znf | I think it was Tika being all bitchy |
16:50.45 | znf | Probably. |
16:50.53 | Gnarfoz | hmm sneaky pete s2 |
16:51.01 | Gnarfoz | thanks prime video app |
16:51.17 | Gnarfoz | even though I'm not sure I ever told you to annoy me with stuff like this :D |
16:51.17 | znf | client asked me if they should buy a new server |
16:51.25 | znf | Intel(R) Xeon(R) CPU E5506 @ 2.13GHz |
16:51.29 | Gnarfoz | fucking opt-out notifications |
16:51.50 | Gnarfoz | well, there's spectre microcode updates even for those ones now, so, tell him he can keep using it :D |
16:52.01 | znf | it's got 4GB ram :( |
16:52.14 | znf | imagine how fun is that with Solr + Tika |
16:52.26 | Gnarfoz | super fun |
16:52.30 | Gnarfoz | as long as the dataset is small. |
16:52.32 | Gnarfoz | :D |
16:52.45 | znf | 450GB of emails |
16:52.45 | Catal1na | It is full of stuff like this anyway |
16:52.48 | znf | what do you think? |
16:52.55 | znf | *looks at the bot* |
16:53.03 | znf | didn't I tell this thing to shut the fuck up here |
16:53.07 | Gnarfoz | you did |
16:53.19 | znf | >search cobe |
16:53.21 | Catal1na | supybot.plugins.Cobe, supybot.plugins.Cobe.ignoreRegex, supybot.plugins.Cobe.ignoreWaitTimeIfAddressed, supybot.plugins.Cobe.probability, supybot.plugins.Cobe.probabilityWhenAddressed, supybot.plugins.Cobe.public, supybot.plugins.Cobe.responseDelay, supybot.plugins.Cobe.stripNicks, supybot.plugins.Cobe.stripUrls, and supybot.plugins.Cobe.waitTimeBetweenSpeaking |
16:53.38 | Gnarfoz | also who has 450 GB of emails, are they running a public webmail service |
16:54.00 | znf | >config --channel supybot.plugins.Cobe.probability 0 |
16:54.00 | Catal1na | Worked, bitch. |
16:54.06 | znf | Gnarfoz, KissFM |
16:54.10 | znf | radio station |
16:54.48 | Gnarfoz | we have one of those https://en.wikipedia.org/wiki/98.8_KISS_FM_Berlin |
16:55.51 | znf | one of the biggest radio stations around, so yeah |
16:56.32 | Gnarfoz | I'm not motivated to finish my phpbb upgrade |
16:56.47 | Gnarfoz | (well the upgrade is done, I guess, but needs theme + extensions etc) |
16:57.29 | *** join/#wowace stolenlegacy (~stolenleg@unaffiliated/stolenlegacy) |
17:00.37 | znf | Gnarfoz, is there a ssl checker that supports pop3/imaps? |
17:01.26 | znf | can't tell if the chain is deployed properly |
17:06.03 | znf | seems to be working *shrug* |
17:11.34 | Gnarfoz | openssl s_client -connect mail.example.com:25 -starttls smtp |
17:11.47 | Gnarfoz | (well + -CApath maybe) |
17:12.20 | Gnarfoz | there's also https://www.checktls.com/ https://ssl-tools.net/mailservers etc |
17:16.43 | Gnarfoz | and of course: https://testssl.sh/ |
17:16.52 | Gnarfoz | which you can run yourself |
17:30.21 | Gnarfoz | although... checktls somehow managed to think my server still uses a startssl certificate |
17:30.50 | Gnarfoz | err, no, the other one, ssl-tools.net |
17:31.39 | Gnarfoz | Report created Sun, 04 Oct 2015 15:00:32 +0000 |
17:32.12 | Gnarfoz | how about you shitters invalidate reports older than... well, certainly over 2 years is too much :P |
17:46.12 | znf | https://ssl-tools.net/mailservers/mail.kissfm.ro |
17:46.13 | znf | >_< |
17:46.25 | znf | checked in 2016 lol |
17:46.26 | znf | jesus man |
17:46.37 | znf | ah, there's a refresh button |
17:51.38 | znf | I'm still wondering why that guy killed cipherli.st :-/ |
17:53.42 | znf | https://github.com/RaymiiOrg/cipherli.st/pull/94#issuecomment-355014823 |
17:53.42 | znf | meh |
17:54.52 | *** join/#wowace Seerah (~umsin@2601:3c2:80:1380:3d2c:a1de:4e08:3142) |
18:37.49 | *** join/#wowace Funkeh` (~Funkeh`@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh) |
18:37.49 | *** mode/#wowace [+o Funkeh`] by ChanServ |
18:39.57 | znf | Anyone wants a cheap ThinkPad T470s? :D |
18:42.00 | znf | 20GB, 1080p, 256GB NVMe, I think |
19:28.25 | Gnarfoz | heh, that raymii comment is exactly what I meant |
19:28.49 | Gnarfoz | good that at least they themselves came to that realization |
19:29.09 | nevcairiel | yeah that page didnt explain shit |
19:42.21 | znf | Gnarfoz, you know what annoys me? |
19:42.30 | znf | There's no simple way to generate certs for internal hosts :( |
19:42.49 | znf | with LE |
19:42.56 | Gnarfoz | generate them? sure, but that's probably not what you meant |
19:43.02 | znf | You know what I mean. |
19:43.02 | nevcairiel | well duh, they cant validate |
19:43.18 | nevcairiel | wait for wildcard and copy it all over |
19:43.26 | znf | that's also going to be a bitch |
19:43.28 | Gnarfoz | two options: your own CA; or: don't make "internal hosts" |
19:44.04 | znf | mostly because some devices don't have a decent way of automating certificate updates |
19:44.15 | znf | wonder if I can use some sort of hook |
19:44.17 | znf | into bind |
19:44.19 | znf | *ponders* |
19:45.12 | znf | I know bind has some way of updating records via ddns or something like that |
20:15.19 | znf | ...I've been testing for 30 minutes |
20:15.40 | znf | only to realize this doofus made the nameserver inaccesible |
20:15.41 | znf | :-| |
20:18.47 | znf | jesus christ, he likes pressing buttons like an idiot hoping he can "secure" his network |
20:19.01 | znf | good job, dumb fuck, you crippled your domain by having your 1st nameserver inaccesible |
20:50.47 | quiescens | go to sleep |
20:51.55 | pompy1 | ^ |
21:38.22 | quiescens | gives pompy1 a cookie |
22:39.07 | *** join/#wowace vince` (~vschiu@50.35.70.27) |
22:39.24 | *** join/#wowace Brybry (~Brybry@unaffiliated/brybry) |
22:43.34 | *** join/#wowace Lejving__ (~Lejving@81-233-148-192-no524.tbcn.telia.com) |
23:27.51 | *** join/#wowace vince` (vschiu@50.35.70.27) |
23:37.36 | *** join/#wowace pompy (~Mike@c-73-194-183-217.hsd1.nj.comcast.net) |
23:48.18 | *** join/#wowace Funkeh` (~Funkeh`@WoWUIDev/WoWAce/Ace3/BigWigs/funkeh) |
23:48.18 | *** mode/#wowace [+o Funkeh`] by ChanServ |