--- Log opened Wed May 16 00:00:48 2018
01:55 -!- Psilovybin [~psilovybi@unaffiliated/drarkanex] has quit [Quit: Leaving]
06:45 -!- brimstone [~brimstone@unaffiliated/brimstone] has quit [Remote host closed the connection]
06:45 -!- brimstone [~brimstone@unaffiliated/brimstone] has joined #se2600
06:45 -!- mode/#se2600 [+o brimstone] by ChanServ
06:57 <@Dolemite> mr0ning, be0tches and h0ez!
07:04  * aestetix hugs Dolemite 
07:08 < aestetix> You know what PhreakNIC needs
07:08 < aestetix> a ping pong tournament
07:12 <@brimstone> kids will love that
07:13 < aestetix> you could compete against Dolemite
07:13 <@brimstone> does he work at a tech company?
07:13 <@brimstone> we have a ping pong table in our lobby
08:22 <@Corydon76> aestetix: And as a retired board member, I have to say, I think you should show up and run the tournament.
08:23 <@Corydon76> I'll get a ping pong table built as soon as you show me your flight confirmation.
08:24 < aestetix> I just want to play ping pong against Dolemite
08:24 < aestetix> It's true that he will likely win
08:24 < aestetix> but it's the experience that counts
09:14 <@Corydon76> TIL that a DNS wildcard works to match any number of subdomains.
09:17 <@Corydon76> i.e. a wildcard at *.dev.example.com matches not only foo.dev.example.com, but also bar.foo.dev.example.com
09:18 < aestetix> I wish ssl certificates worked liked that too
09:18 <@Corydon76> What, wildcard certificates?
09:18 < aestetix> *.dev.example.com will match foo.dev.example.com, but not bar.foo.dev.example.com
09:18 <@Corydon76> I haven't tested it, but it's possible
09:19 <@Corydon76> Ah.
09:19 < aestetix> for SSL certificates, that is
09:20 <@Corydon76> I have a wildcard certificate in production, but this DNS wildcard is mainly just for dev, so I can create test sites without changing either DNS or Apache configs
09:20 <@Corydon76> Or even restarting Apache
09:20 <@Corydon76> Create a directory, and boom, the site will start serving files
09:20 < aestetix> I can't think of a technical reason SSL certificates don't support that.
09:20 < aestetix> I *can* think of a financial reason though.
09:20 <@Corydon76> Technical, no.  Security, yes.
09:21 <@Corydon76> If a domain name doesn't properly wrap, someone could do www.bankofamerica.com._________._______.badactor.com
09:21 < aestetix> true
09:22 <@Corydon76> And if they had a wildcard at *.badactor.com, the browser would turn green.
09:22 < aestetix> And financial.
09:22 < aestetix> If it were *only* a security thing, they'd let you add multiple wildcard paths to a certificate at no extra charge
09:32 < aestetix> god damnit
09:32 < aestetix> I just spent ten minutes trying to figure out why this new alert wasn't working
09:32 < aestetix> .... I forgot to click the "on" button
09:33 <@Corydon76> So you forgot Windows 101?  "Have you tried turning it off and on again?"
09:37 <@Dagmar> If you think about it, the wildcard of infinite depth makes sense
09:37 <@Dagmar> It's not like you can hang a different subdomain off one that wouldn't actually _still_ match
09:38 <@Dagmar> *.kung.foo and dev.kung.foo both defined?  Failure
09:45 <@shapr> could you use SNI to create TLS certificates when requested?
09:54 <@brimstone> shapr: caddy and traefik do on demand TLS certs with Let's Encrypt
09:54 <@brimstone> technically, it's possible
09:55 <@shapr> brimstone: you ever heard of a MTA that handles SNI?
09:56 <@brimstone> no, most MTAs don't give a shit about TLS
09:56 <@brimstone> also, seems like no one MTA or otherwise validate certs
09:56 <@shapr> :-(
09:56 <@shapr> I have most of a MTA in Haskell, I could fix that.
09:57 <@brimstone> but yeah, an MTA could consider the hostname from SNI before it starts doing anything with the connection
09:58 <@shapr> yeah, that would be neat
09:59 <@brimstone> i've debated writing my own MTA/IMAP server for a while now
09:59 <@shapr> in awk, right?
09:59 <@shapr> IMAP is a real pain
09:59 <@brimstone> sure!
09:59 <@brimstone> no, awk's TLS bits don't expose SNI
10:00 <@brimstone> make, however, supports shared object loading, so maybe make with a SO written in Go
10:31 -!- strages [uid11297@gateway/web/irccloud.com/x-xckejebqxmuxysrp] has joined #se2600
11:04 < xray> The Red Hat DHCP client root exploit gets a logo and song https://dynoroot.ninja/
11:05 < PigBot> [🦖#️⃣] DynoRoot!!!1111 (CVE-2018-1111) (at dynoroot.ninja) http://tinyurl.com/ycw9tddn
11:33 <@Dolemite> It has a beat, but I can't dance to it.
11:33 < Evilpig_> what can you dance to?
11:34 <@Dolemite> Endless Love.   Just like you and I did at prom.
12:17 < xray> I don't dance so not an issue for me.
12:23 -!- K`Tetch [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has joined #se2600
12:23 -!- K`Tetch [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has quit [Changing host]
12:23 -!- K`Tetch [~no@unaffiliated/ktetch] has joined #se2600
12:24 -!- K`Tetch_ [~no@24-178-141-147.dhcp.thtn.ga.charter.com] has quit [Ping timeout: 268 seconds]
12:26 <@Dagmar> xray: Personally, I'm pissed that systemd's new dhcp client wasn't the source of the vuln
12:27 < xray> LoL
12:27 <@Dagmar> I suppose there's still time for that to happen as well
12:27 < xray> We missed a perfectly good chance to bash systemd :(
12:28 <@Dagmar> I am not joking
12:28 <@Dagmar> THey added a dhcp client to systemd
12:28 < xray> And your surprised?
12:28 < xray> isn't it the black hole of system processes.
12:28 <@Dagmar> I was pretty clear in #Linux that not only is that another example of uncontrolled scope creep, that it absolutely should *not* be the case that the init manager talk to the fuckin' network
12:29 <@Dagmar> ...and that it *would* result in another root priv escalation and this time it would be network-based.
12:30 <@Dagmar> There's still time for things to end in tears I suppose
12:31 <@Dagmar> _When_ it happens I may just add an on timer hook to my client to say "I F**KIN TOLD YA'LL THIS WOULD HAPPEN." once an hour for 48 hours
13:03 <@eryc> i can't say the mess of shell scripts that init runs to bring up the network are any better
13:04 <@eryc> unless you're saying NetworkManager is anything but terrible
13:05 <@eryc> or we could discuss the merits of FirewallD
13:34 <@Dagmar> At least self-contained dhcp clients have a focused scope
13:34 <@Dagmar> Frankly I think NM should still be invoking dhclient
13:45 <@eryc> dhclient always seemed fine to me
13:48 <@Dagmar> It is
13:48 <@Dagmar> It's also been _tested_ for years and years
13:49 <@Dagmar> I think mainly they moved away from it because they wanted to view all the code needed for other platforms (like talking over an uninitialized NIC on Solaris is insanely complex)
13:49 <@Dagmar> ...as "bloat"
13:52 <@Dagmar> THey could have been doing everything they needed to with dhclient and a feature-replete dhclient-exit-hooks script
14:31 <@ezelkow1> huzzah we passed the apache board vote, now an official top level apache project
14:32 <@brimstone> who's we?
14:32 <@ezelkow1> https://trafficcontrol.apache.org/
14:32 < PigBot> Traffic Control (at trafficcontrol.apache.org) http://tinyurl.com/y79bewm4
14:33 <@ezelkow1> so for now the page still shows incubating and what not, but no longer incubating, so we have to change the site, move the github, etc
14:35 <@brimstone> congrats!1
14:35 <@eryc> ezelkow1: https://dev.to/commonshost/dawn-of-the-hybrid-cdn-2172
14:35 < PigBot> Dawn of the Hybrid CDN (at dev.to) http://tinyurl.com/y7jx6nqz
14:36 < xray> congratulations
14:38 <@ezelkow1> interesting, just skipped through it, so its like a community focused cdn thats cheap so people can just add pops as needed wherever
14:38 <@ezelkow1> might not be high performance but good enough
14:39 <@eryc> yep. seems like a good project but needs more help.
14:39 <@eryc> i'm looking forward to a community FaaS platform built on the same nodes
14:40 <@eryc> at least, that's the idea i had
14:40 <@ezelkow1> its funny how many people use TC though and we dont even hear about it until its out there, like its mostly us (comcast), cisco, cox, shaw, rogers. Though cisco reskins the UI and resells it as a product but we found out during our conference a few weeks ago that some other big video company was using it and never even bothered to commit anything or say anything
14:40 <@eryc> using this as a container https://github.com/google/asylo
14:40 < PigBot> GitHub - google/asylo: Asylo Framework (at github.com) http://tinyurl.com/ych2x7hc
14:41 <@brimstone> FaaS?
14:41 <@eryc> ezelkow1: all those use it for video? or..?
14:42 <@eryc> brimstone: Amazon Lambda basically
14:42 <@brimstone> ah, that FaaS
14:42 <@ezelkow1> well i think they are mostly video, we actually have out cdn split in half for legal reasons
14:43 <@ezelkow1> one half is comcast specific and only comcast video for internal use, the other is all space we resell as over the top, like we steam, vudu, mlb, roku, ton of others
14:43 <@eryc> ah
14:43 <@eryc> that's neat. congrats on the apache vote!
15:52 <@Mirage> it's amazing how much code you have to write to idiot proof a task that can be done via a couple commands by anyone with half a brain
16:05 <@ezelkow1> even then it usually doesnt idiot proof it, there will always be that one guy
16:07 <@ezelkow1> i was in charge of software to update set tops for devs, and I put in warnings and prompts all over the place for anything that would be damaging, doesnt matter, this one dude would still blow up his box once a week, there were 3-4 engineers that consistently destroyed boxes, always the same ones, doing the same stupid things, no matter how many warnings I threw at them
16:11 < dasunt> How do people not become socialist when dealing with healthcare?
16:12 <@eryc> they setup a gofundme and pray
16:13 <@Mirage> w
16:13 <@eryc> ezelkow1: this one app i made a few years ago rather than make the delete button red with a flame icon, i just made it a rest url so effectively there was no delete button unless you added /delete/blah to the url
16:14 <@eryc> otherwise yea, idiot-proofing sucks
16:14 <@eryc> i was like, i can make a red button and a stupid confirm dialog, or just not and wait for someone to ask how to delete
16:31 <@NotLarry> aestetix: That is exactly what Corydon76 told me...
17:54 <@Mirage> From general chat: "Are prot warriors even worth playing now?  How does ignore pain feel?"
17:54 <@Mirage> "Dunno can't feel it"
18:22 < aestetix> fuck me
18:22 < aestetix> who the hell sets DNS TTL as 24 hours
19:05 <@_NSAKEY> aestetix: Old people
19:07 < aestetix> I'm trying to move a website to a new host
19:07 < aestetix> and the old DNS ttl was set to 24 hours
19:07 < aestetix> which means everything is delayed
19:13 -!- strages [uid11297@gateway/web/irccloud.com/x-xckejebqxmuxysrp] has quit [Quit: Connection closed for inactivity]
19:36 -!- ezelkow2 [~sasquatch@2601:282:702:1eb8:a4db:e742:f5b:24ec] has joined #se2600
19:38 -!- ezelkow1 [~sasquatch@2601:282:702:1eb8:2830:a81f:c80d:15f6] has quit [Ping timeout: 240 seconds]
19:47 -!- ezelkow2 is now known as ezelkow1
19:47 -!- mode/#se2600 [+o ezelkow1] by ChanServ
23:11 -!- ezelkow1 [~sasquatch@2601:282:702:1eb8:a4db:e742:f5b:24ec] has quit [Ping timeout: 276 seconds]
23:19 -!- ezelkow1 [~sasquatch@2601:282:702:1eb8:59ad:4e69:707a:ab01] has joined #se2600
23:19 -!- mode/#se2600 [+o ezelkow1] by ChanServ
--- Log closed Thu May 17 00:00:50 2018