--- Log opened Fri Apr 20 00:00:09 2018
05:46 -!- rhia [~rhia@wtcdsl-66-165-15-89.whidbeyteldsl.net] has quit [Ping timeout: 256 seconds]
05:47 -!- rhia [~rhia@wtcdsl-66-165-15-89.whidbeyteldsl.net] has joined #se2600
05:47 -!- mode/#se2600 [+o rhia] by ChanServ
06:37 -!- Dolemite [~scott@24-158-118-59.dhcp.kgpt.tn.charter.com] has quit [Quit: reboot]
06:51 -!- Dolemite [~scott@24-158-118-59.dhcp.kgpt.tn.charter.com] has joined #se2600
06:51 -!- mode/#se2600 [+o Dolemite] by ChanServ
06:51 <@Dolemite> mr0ning, be0tches and h0ez!
06:58  * aestetix hugs Dolemite 
08:08 < K`Tetch_> bleughal
08:24 <@Dolemite> Ok, just submitted project demand request for building out a 25 node Docker EE cluster.
08:25 <@Dolemite> It's nice to actually be doing some technical stuff, again
08:57 < aestetix> I wonder if being passive aggressive is a female trait
08:57 < aestetix> I see it a *lot* more in women than men
08:59 -!- skiboy [skiboy@gateway/vpn/privateinternetaccess/skiboy] has quit [Quit: Leaving]
11:03 <@Dagmar> ffs
11:03 <@Dagmar> "(for example, properly returns DNSSEC validation status"
11:03 <@Dagmar> That from the systemd-resolved manpage.
11:04 <@Dagmar> The problem being that userland apps shouldn't give a fuck about DNSSEC validation status
11:05 <@Corydon76> Dagmar: why not?
11:06 <@Dagmar> Unless their job is to look at them, why shoudl they fuckin' care.
11:06 <@Dagmar> If the domain has a security mechanism and the resolver can validate it, great
11:06 <@Corydon76> Well, if you trust the domain, then it provides an additional assurance.
11:06 <@Dagmar> If the domain has a security mechanism and the resolveri cant validate it, it should be returning an error and getting on with business
11:07 <@Dagmar> Are we going to make apps need to worry about ARP collisions next as well, just to avoid MITM attacks?
11:08 <@Corydon76> If a userland app like Chrome can get that a domain validated with DNSSEC without having to implement its own DNS query, that's a plus.
11:09 <@Corydon76> Apps that don't care can just ignore the validation
11:11 <@Corydon76> How often do we see vulnerabilities from apps that implement some small service improperly?  If they can get that information from the regular system query, that eliminates a possible vector.
11:12 <@Dagmar> You say this while we're talking about systemd
11:13 <@Corydon76> I share your dislike of the idea of this service slowly taking over basic system services, while enjoying the fact that it may actually solve some legitimate problems.
11:13 <@Dagmar> Yes, let's quietly wedge in a new form of DNS and pretend there's something wrong with the glibc gethostbyname() functions while simultaneously including something involving the nightmare of unicode parsing
11:13 <@Dagmar> ...because no one's ever had their exchange wallets stolen because of bad unicode libraries
11:14 <@Dagmar> If there were a way to turn off the other functionality, it wouldn't be so much of a problem
11:18 <@Dagmar> They're making some pretty big assumptions there that 1) everyone needs unicode DNS, 2) everyone is on a multi-homed host so multi-route query rounds need to happen, 3) people need extra DNS records made up for things `ip` will tell you
11:18 <@Dagmar> One or more of these things is going to result in another root-level escalation
11:18 <@Dagmar> ...and there's no way to turn those features off individually.
11:21 <@Corydon76> If DNS is going to hand back Unicode, then yes, everybody needs to handle Unicode in DNS.  If you don't handle it, and it's passed back in an answer, that's a pretty big possibility for a vulnerability right there.
11:48 < TheDukh> random question:  has anyone ever had an interview where the interviewer just made a comment that you had no idea on how to respond to?
11:50 <@Dagmar> Except they hand back xn--boogabooga responses
11:50 <@Dagmar> Conversion to unicode is the evil part, and _that's_ being done in systemd-resolvd
11:50 <@Dagmar> TheDukh: From HR people, all the time
11:51 <@Dagmar> Usually because the question itself is phenomenally stupid
11:51 <@Dagmar> LIke, "how would you deploy clouds in a webserver?"
11:51 < TheDukh> It wasn't from an HR rep, more like the manager of the team I was interviewing for.
11:52 <@Dagmar> Well, if the manager is asking insane questions, it might be a good idea to just state right then and there, "Excuse me, what?"
11:52 <@Dagmar> They *might* be using it as a bellweather
11:52 <@Dagmar> Like, if this guy tries to bullshit his way through it, I know he's making up most of his resume
11:52 < TheDukh> It was more along the lines of "ya'know, it goes without saying, but I fucking hate Slack, but at least it isn't Skype"
11:53 <@Dagmar> Reasonable answer: "Teleconferencing is hard.  It's why people have put up with IRC being primitive for so long."
11:54 < TheDukh> I actually made mention I had a limechat client setup on on my desktop during the video conference, and he laughed and said good.
11:56 < TheDukh> kinda odd though, he said that I was the only security engineer with a background in Risk Management and compliance // audit that he had seen since he started interviewing for his team. seems like everyone is just a break stuff mentality anymore.
12:01 <@Dagmar> Yeah I had an interview with a company so granular they have a security patching team, and a breakfix team
12:01 <@Dagmar> The guy seemed like he was questioning how I avoid instability for security patches
12:02 <@_NSAKEY> Dagmar: I think he meant "break stuff" as in red teamers
12:02 <@Dagmar> I'm like, I am generally _deeply_ familiar with the product, have read the acutal code patch to be sure it doesn't do anything I don't agree with, have a meticulously maintained build environment, and a test harness in the build environment
12:03 <@Dagmar> I get the feeling he's used to dealing with people who only view software as a black box
12:28 < TheDukh> the red teamers are who he was referencing, not really used to "blue teamers" or I suppose even a "purple teamer"
13:11 <@Evilpig> who dislikes slack?  it just kinda works
13:14 <@opticron> I'm kind of ehh on it
13:14 <@opticron> it's definitely a better interface that works pretty smoothly
13:15 <@opticron> it's also new and different and I'm a grumpy old man
13:15 <@Evilpig> it's not that different from irc.  it has picture support.
13:16 <@Evilpig> it's hella better than skype or teams
13:16 <@opticron> I'd like it better if I could run my own server
13:16 <@Evilpig> that would be a nice option but then the mobile client wouldn't be as seamless
13:16 <@opticron> it could still be pretty seamless
13:17 <@opticron> way more seamless than IRC
13:17 <@opticron> I also prefer to stick with the CLI, so I'm still using the slack IRC gateway even though it's about to get shut off
13:18 <@opticron> I just need to migrate to a different access method
13:31 <@_NSAKEY> slack gets a downvote from me for the fact that they're disabling their irc and xmpp gateways next month.
13:32 <@_NSAKEY> I actually had a fun e-mail exchange with one of their support people about it.
13:33 <@opticron> how did that go?
13:35 <@Evilpig> One of my tickets to their support resulted in them rolling back a change to their UI
14:11 <@_NSAKEY> It didn't change much. The support person suggested weechat with a module, or libpurple, and I just laughed.
14:12 <@_NSAKEY> I pointed out the weechat bug from last fall, and how I sit on an IRC network (OFTC) where the PoC for that bug was used to mass-crash every weechat user as soon as it dropped.
14:12 <@_NSAKEY> And, how libpurple is just a pile of wet garbage.
14:34 < ^020d> opticron: Thoughts on mattermost?   https://about.mattermost.com
14:34 < PigBot> Mattermost Private Cloud Messaging (at about.mattermost.com) http://tinyurl.com/yd3nsa7f
14:34 < ^020d> Never used it, supposed to be slack equivalent.
14:38 < aestetix> _NSAKEY: slack-term is decent
14:39 < aestetix> I just started using it the other day
14:41 <@opticron> ^020d, we've looked at it, but the mobile experience is bad since every org/server needs its own client on whatever app store
14:42 <@opticron> (currently)
14:42 <@opticron> I'm sure with some modification a single client could be used for any of them
14:42 <@opticron> it just doesn't exist right now
15:18 <@_NSAKEY> aestetix: I'm hardwired for using irssi with slack. I pretty much won't use it unless I'm being paid to, with the current situation.
15:20 < aestetix> yep
15:20 < aestetix> I was too
15:20 < aestetix> that's why I wanted to try slack-term
15:20 < aestetix> since they are being fascist about their irc support
15:21 <@shapr> wee-slack?
15:25 <@_NSAKEY> shapr: See what I said above about weechat.
15:26 <@_NSAKEY> Also, I'm not going to enable them by using their platform if they're going to kill off the IRC gateway, unless some company is paying me and they use slack.
15:31 <@shapr> which is my use case
15:32 < aestetix> in that case use mattermost if you have to use a gui system
15:54 < dasunt> 103 new emails today.
16:21 <@Mirage> ligt day?
--- Log closed Sat Apr 21 00:00:11 2018