--- Log opened Thu Jun 29 00:00:26 2017
00:50 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has quit [Quit: Leaving.]
00:51 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b4b7:8c95:e994:90de] has joined #se2600
01:27 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b4b7:8c95:e994:90de] has quit []
06:20 -!- Dolemite [~scott@96-38-109-185.dhcp.jcsn.tn.charter.com] has quit [Quit: patch reboot]
06:24 -!- Dolemite [~scott@96-38-109-185.dhcp.jcsn.tn.charter.com] has joined #se2600
06:24 -!- mode/#se2600 [+o Dolemite] by ChanServ
06:25 <@Dolemite> mr0ning, be0tches and h0ez!
06:33 < xray> mornin
06:35 -!- remoford [~remo_lapt@c-68-52-35-32.hsd1.tn.comcast.net] has joined #se2600
06:55  * aestetix hugs Dolemite 
08:34 < aestetix> A sign your company is growing: the slack plan gets upgraded
08:35 <@brimstone> truth
08:37 < aestetix> I'm also amused that LetsEncrypt is bragging that they have issued 100 million certificates
08:38 < aestetix> Given that their certs have a lifespan of only 90 days, it seems like that number can't really be compared to someone like DigiCert
08:49 <@Evilpig> divide it by 4 to get it in line with a more traditional 1 yr term and that's still impressive.  they also aren't saying if that is 100 million is actual certs of if it is names.
08:49 < aestetix> yeah
08:49 < xray> It depends, are they talking about uniq certs or total certs issued which would include renewals
08:50 < aestetix> Well it's sort of impressive.
08:50 <@Evilpig> I have like 6 of them myself so I see that 100 million as very possible
08:50 < xray> I have four as well
08:50 < aestetix> It's impressive because they are small and no big businesses take them seriously, so they are basically used by hobbyists
08:50 < xray> or is that 6. Hmmm. I'll have to check
08:50 < aestetix> And also because you have to be fairly technical to set one up.
08:50 <@Evilpig> but once it is set it up, it just works
08:51 < aestetix> for 90 days
08:51 <@Evilpig> I had to fix a problem with one of mine renewing this morning
08:51 < aestetix> It's not impressive because it's free, and effectively they are throwaway certs for spammers
08:51 < xray> I've had zero problems with them
08:51 < aestetix> so it goes both ways
08:52 < aestetix> Yeah but in order to use them, you have to already know how ssl works
08:52 < xray> not so much. On my servers it was a check box
08:52 <@brimstone> in just testing and screwing around, i've hit their limit a few times, so that's an easy 10 to 20
08:52 < aestetix> xray: what?
08:53 < aestetix> The times I've set up a LE cert, I had to do a bunch of bash level stuff with a website, and then I was able to get the cert as intended
08:53 < xray> To setup my Dreamhost sites with LE certs I just click a check box
08:53 <@brimstone> i've used things like caddy, traefik, and language libraries that make it all automagic
08:53 < aestetix> oh interesting
08:54 < aestetix> I haven't tried it with Dreamhost
08:54 < xray> very easy
08:54 < aestetix> Only on my own systems
08:54 < xray> What I want to figure out it how to get a cert on a machine I host at home via dynamic dns
08:55 < xray> Although now that I have my account configured the way I want at Dreamhost I don't see an advantage of hosting at home
08:55 < aestetix> https://gethttpsforfree.com/
08:55 < PigBot> Title: Get HTTPS for free! (at gethttpsforfree.com) http://tinyurl.com/qgrub47
08:55 < aestetix> that's the page I've used
08:56 < aestetix> until a few minutes ago, I thought the only ways to install it were that craptastic installer package they have that demands sudo, and this website
09:06 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b4b7:8c95:e994:90de] has joined #se2600
09:24 -!- robogoat [~robogoat@163.172.136.88] has quit [Ping timeout: 240 seconds]
09:31 -!- robogoat [~robogoat@163.172.136.88] has joined #se2600
10:24 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has joined #se2600
10:24 < Synx_hm> fucking ATT bastards
10:24 < Synx_hm> they are rolling out IPv6 dual stack, so i do some playing yesterday and was able to get a /60 PD from them YAY
10:24 < Synx_hm> their 6rd prior setup was a fucking turd
10:25 < Synx_hm> 3 hours later of me playing around trying to get a /48 and dualstack is gone
10:26 < Synx_hm> nothing i do gets a response from my solicit to the dhcp6 broadcast addr, and if i plug my att router/gateway back into the ONT it gets back on 6rd :(
10:34 -!- TheDukh_ [~thedukh@2607:fcc8:ac80:d900:d4c6:d64f:f5c7:ad30] has joined #se2600
10:35 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:b4b7:8c95:e994:90de] has quit [Ping timeout: 246 seconds]
10:36 <@Catonic> aestetix: so LetsEncrypt will have the single largest CRL ever?
10:40 < aestetix> lolol
10:40 < aestetix> yes
12:55 <@Corydon76> Why would they have a CRL?
12:56 <@Dolemite> That's kind of why they only last for 90 days at a time...   so the CRL becomes mostly unnecessary
12:57 <@Corydon76> They've even said that they're not going to police the issued certificates, so there's absolutely no reason within their policy to have a CRL
12:58 <@Corydon76> Certificates on spammer domains?  No problem, according to their policy.
12:58 <@Corydon76> Stolen private keys?  Not their fault, so they won't do anything about it.
13:04 <@Evilpig> Dolemite: my bears vs babies just arrived
13:05 <@Dolemite> I'm assuming you simply got a tracking notice and it's not sitting in front of you?
13:23 <@Evilpig> I got a notice from my apartment office that I have a package
13:23 <@Evilpig> the tracking info said it would be delivered today, I assume if i check it again now it will say delivered
13:24 <@Dolemite> I'm curious if your packing list will be identical or different from mine (other than the name/address)
13:24 <@Evilpig> i'll let you know when I get home
13:24 <@Evilpig> ~3hours
13:24 <@Evilpig> unless ash somehow decides to go and check the mail sooner
15:24 < aestetix> Dolemite: that makes sense, I hadn't considered that.
15:25 < aestetix> A short certificate lifetime as a security measure against spammers
15:39 <@Corydon76> aestetix: it's not a security measure at all.
15:40 <@Corydon76> Spammers and scammers are amongst the most prevalent users of the service
15:41 <@Corydon76> Rather, it's to reflect that, since the infrastructure is meant to ensure that certificates can be issued with no effort or human interference, certificates only last for as long as they're needed.
15:42 <@Corydon76> The only reason the time is 90 days and not 30 days, is that it's quite common for monitoring software to consider certificates with under 30 days of lifetime to be a warning condition and immediately flag it as something that needs attention
16:48 <@Catonic> Huh. That works as well.
16:51 < aestetix> Corydon76: probably my biggest complaint about LE is the inability to issue cerrts for longer than 90 days
16:51 < aestetix> If we could get certs for 2 years, I would use LE everywhere
16:51 <@Corydon76> aestetix: Why?  You can automate the renewal with LE.
16:52 <@Corydon76> So every 89 days, you just run the process that requests another certificate, installs it, and restarts the server
16:53 <@Corydon76> You can do it every 60 days, if you want.  LE doesn't care.
16:53 <@Corydon76> What are you trying to do, get a ridiculously high httpd process uptime?
16:53 < aestetix> If I could choose betwen that and a 1 year or 2 year certificate, I'd be with you
16:53 < aestetix> but LE made the choice for me.
16:54 <@Corydon76> I don't understand why it matters to you, when renewal takes literally no effort on your part.
16:54 < aestetix> Assuming the renewal process doesn't break etc
16:55 <@Corydon76> Well, the other side of that is that you assume with your 2 year certificate that the CA is not compromised
16:55 < aestetix> Also true
16:55 <@Corydon76> If it is, and the cert is removed from browsers, you're going to be renewing anyway
16:55 <@Corydon76> So why not go with an automated process that takes care of it for you?
16:55 < aestetix> I've gotten into a number of these arguments with people, and it seems to boil down to that we have different philosophies on how systems should be set up.
16:55 < aestetix> Which iok.
16:55 < aestetix> Which is ok*
16:56 < aestetix> Because I don't trust automation. I work with automation too much to not know how easily it can break :)
16:56 < aestetix> Even so, just having the option to have a 2 year cert would make me happy
16:57 <@Corydon76> If you don't trust automation, you probably shouldn't be running a computer in the first place.
16:57 <@Corydon76> Because that's what a computer is.
16:57 < aestetix> Ok now we're in the weeds.
16:58 < aestetix> I view this as similar to the systemd debate
16:58 <@Corydon76> Yes, it can break.
16:58 < aestetix> I'm totally cool with others choosing this. But I want to be able to chose other things.
16:58 <@Corydon76> You can, though
16:58 < aestetix> Yes, I can choose not to use LE for anything I care about.
16:59 <@Corydon76> But please understand that the choice is also in the hands of various distributions, who may want to choose a more efficient system that they market to their users
17:00 < aestetix> You mean that distros have made that choice for me.
17:00 <@Corydon76> No, they've made A choice.  You are welcome not to use them.
17:01 < aestetix> That's not really a choice.
17:01 <@Corydon76> You've confused "I like Debian" with "Debian cannot do anything that I don't like"
17:01 < aestetix> A choice would be "we install systemd by default, click here to install init instead"
17:02 < aestetix> But they have made the choice for me.
17:02 <@Corydon76> If you want to maintain an alternative set of packages that do that, you are FREE to do so
17:02 <@Corydon76> The packagers have simply made the choice that they're not going to maintain such a set of packages
17:03 < aestetix> aka they made the choice on my behalf
17:03 <@Corydon76> No, they made their own choice, while not denying you the freedom to maintain your own set of packages
17:03 < aestetix> Corydon76: have you ever tried uninstalling systemd from ubuntu 16.04?
17:04 <@Corydon76> I have not, nor am I likely to.  My dog is not in this fight.
17:04 < aestetix> Let's just say it's not as simple as "a set of packages"
17:05 <@Corydon76> But you could easily make an alternative distribution... Let's say vubuntu, for system V init system
17:05 < aestetix> Or devuan
17:05 < aestetix> But that's similar to the argument that if you're unhappy that the cost of living has skyrocketed in the place you grew up, you should just move out
17:05 <@Corydon76> Import all the packages which are agnostic and build your own packages which need to be independent
17:06 <@Corydon76> aestetix: and I agree with that.  Adapt or shift.
17:07 < aestetix> Ok, I disagree with it. But that's why I encourage so many people to get involved in local civics
17:07 < aestetix> Since it's a very defeatist and reactionary attitude, imho
17:08 <@Corydon76> Defeatist, perhaps.  Reactionary, no.  Trying to stop economic pressure with ordinances is very reactionary
17:09 < aestetix> It's reactionary in that things happen and you are forced to react to them
17:09 <@Corydon76> But I don't advocate necessarily moving out.  If cost of living rises, then you must adapt and get a better paying job to remain there.
17:09 <@Corydon76> Or move to a place that better matches with your economic comfort level
17:09 <@Corydon76> aestetix: that's redefining words
17:10 <@Corydon76> Reacting to changing circumstances is basic human adaptability.
17:10 < aestetix> I strongly disagree, but I respect tradition :)
17:10 <@Corydon76> The only humans that don't react are dead.
17:10 < aestetix> Corydon76: yes, but a civil society has safeguards in place so they don't have to react all the time.
17:11 < aestetix> Otherwise everyone would scramble for cover every time it rained.
17:11 <@Corydon76> Yes, they adapt to changes in weather
17:12 < aestetix> And the point of adapting is that you don't have to face those issues anymore, right?
17:12 <@Corydon76> If we lived in places that regularly had earthquakes, we'd start building homes that didn't collapse at the slightest tremor
17:12 < aestetix> Like in the bay area
17:12 <@Corydon76> Precisely
17:12 <@Corydon76> But we don't build such houses in middle Tennessee, because there's no need
17:13 < aestetix> So for example, if you have an issue with illegal immigrants bringing drugs into your country, maybe you'll build a wall over the border to keep them out ;)
17:13 <@Corydon76> But fighting against an economic reality simply distorts the playing field
17:14 <@Corydon76> Illegal immigrants aren't largely the ones bringing drugs
17:14 <@Corydon76> Those are capitalists, and the way to defeat them is to legalize those drugs
17:14 < aestetix> I see no reason why well thought out laws can't help mitigate economic "surprises" without hurting economic health
17:14 <@Corydon76> Give me a better example of that
17:15 < aestetix> I'll give an example. In Berlin, some neighborhoods were having an issue with rents skyrocketing
17:15 < aestetix> So they put in a law that you cannot raise the rent of a place by more than 10% of the average rent of the district
17:15 <@Corydon76> Here's one:  employers pay into a pool for unemployment insurance, so when somebody is laid off, they can draw from that pool and supplement their income
17:15 < aestetix> (or something to that effect)
17:15 <@Corydon76> Perfectly valid
17:15 < aestetix> And the crisis has basically stopped.
17:16 < aestetix> They also banned airbnb hotels, which helped
17:16 <@Corydon76> Rent control isn't a good idea, because you create perverse incentives to kick people out for ridiculous reasons, all so you can "renovate" and raise the rent sky-high
17:17 <@Corydon76> If you can't raise the rent on existing tenants, you can temporarily get out of the housing business and kick your tenants to the curb
17:17 < aestetix> Provided that profit is your primary motivator.
17:17 < aestetix> I never said you can't raise the rent. I said you can't raise it an unreasonable amount.
17:17 <@Corydon76> The whole purpose of rent control is precisely because they realize that profit is the big motivator
17:18 <@Corydon76> Who determines what is unreasonable?
17:18 <@Corydon76> In an economic system, it's controlled by a set of formulas
17:18 < aestetix> Clearly the legislators who created that law
17:18 < aestetix> ok now you're getting Monetaristic on me
17:18 <@Corydon76> So you have legislators who are attempting to override economic reality
17:18 < aestetix> You sound calvinist
17:19 <@Corydon76> You sound like you're trying to insult me without success.
17:19 < aestetix> You're basically suggesting that there is an invisible hand that guides everything, and trying to interfere with it is pointless.
17:19 < aestetix> That sounds a bit like predestination to me.
17:19 <@Corydon76> I'm saying that interference can create perverse incentives
17:20 < aestetix> Do you believe there is such a thing as a rational marketplace?
17:20 <@Corydon76> Any policy needs to be mindful of that
17:20 < aestetix> oh I would agree
17:20 <@Corydon76> In the aggregate, yes
17:20 < aestetix> example please?
17:21 < aestetix> I mean communism is also an interesting idea but it doesn't work in practice
17:21 <@Corydon76> Sorry, I have to go
17:21 < aestetix> awww
17:21  * aestetix waves byebye
17:21 <@Corydon76> The husband wants dinner
17:29 -!- TheDukh_ [~thedukh@2607:fcc8:ac80:d900:d4c6:d64f:f5c7:ad30] has quit [Read error: No route to host]
17:31 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d4c6:d64f:f5c7:ad30] has joined #se2600
17:57 -!- am1n0 [~devnull@unaffiliated/am1n0] has quit [Ping timeout: 258 seconds]
17:57 -!- am1n0 [~devnull@unaffiliated/am1n0] has joined #se2600
17:57 -!- mode/#se2600 [+o am1n0] by ChanServ
18:00 < dc0de[m]> Look Sam Kinnison said it best, "move to where the food is!"
18:34 < K`Tetch_> no, Kimball Kinneson said it better "you'd better have enough jets to swing that!"
20:09 -!- TheDukh [~thedukh@2607:fcc8:ac80:d900:d4c6:d64f:f5c7:ad30] has quit []
--- Log closed Fri Jun 30 00:00:28 2017