--- Log opened Fri May 07 00:00:51 2021
01:28 -!- rpifan [~rpifan@p200300d2672b5d0051323715c0e79267.dip0.t-ipconnect.de] has joined #se2600
02:23 -!- rpifan [~rpifan@p200300d2672b5d0051323715c0e79267.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
06:08 -!- rpifan [~rpifan@p200300d2672b5d006a07605606e11900.dip0.t-ipconnect.de] has joined #se2600
06:15 <@Dolemite> mr0ning, be0tches and h0ez!
07:02 -!- rpifan [~rpifan@p200300d2672b5d006a07605606e11900.dip0.t-ipconnect.de] has quit [Ping timeout: 245 seconds]
07:11  * aestetix hugs Dolemite 
07:17 <@Dolemite> Just dropped off my van for an oil change...   first time in about 18 months
07:18 <@Dolemite> So since it has been so long, told them to give it a good check up
07:24 <@Evilpig> the mustang is going on a year for an oil change and still haven't hit 3k
07:24 <@Dolemite> If I hadn't driven us down to my Mother-in-Law's near Chattanooga a few times, I'd still be under 3K, and normally I go 5K, but since it has been so long, I took it in.
07:25 <@Dolemite> Pamela is taking her mother and Ms. Diva down to Sanibel for 2 weeks when school lets out, so I wanted make sure my transportation was in fine working order
07:25 <@Evilpig> I've been having that same thought train lately that when I hit the year mark I should go get it changed
07:27 <@Dolemite> So I've gotten our InCommon stuff working successfully not only with certbot, but Kubernetes cert-manager...   and since we're Org Validated, we don't have to limit ourselves to publicly facing sites.   It's quite nice.
07:27 <@Dolemite> Now we can automate real certs for all of the internal sites instead of doing that horrible manual Microsoft CA tied in to AD.
07:30 <@Dolemite> VU is a member of InCommon.   They should really look into getting the cert subscription.
07:30 <@Dolemite> VUMC is listed on the participant page, but not for any specific thing.  Must have been a prior relationship.
07:30 <@Dolemite> https://www.incommon.org/community-organizations/
07:31 < PigBot> Community Organizations - InCommon (at www.incommon.org)
08:01 <@eryc> Dolemite: that's pretty cool
08:43 <@Mirage> https://www.youtube.com/watch?v=M9D9LRJGjBI
08:44 < PigBot> This unfolds into an absolute masterpiece of a crap show - YouTube (at www.youtube.com) https://tinyurl.com/yfe6tmvn
08:52 <@Evilpig> Dolemite: can you make any domain or did you have to get those pre-authorized?
08:53 <@Evilpig> like, what does your cert path look like?  are you the ca, or just an intermediary?
08:57 <@Dolemite> Evilpig: Your organization gets validated, then any domain you have control of can be added.   You put in a CNAME that they send you a hash for and it validates on an annual basis.
08:57 <@Dolemite> So I've already got about 8 of our domains in there
08:57 <@Dolemite> If you want to see what a cert looks like, go to https://fmp.ornl.gov
08:57 < PigBot> No Title (at fmp.ornl.gov)
08:58 <@Dolemite> For 20K/year, we can issue unlimited SSL and code signing certs.   I can also submit validation to do client certificates, but we don't need those.
08:59 <@Dolemite> We can do single domain, multi-domain (up to 100 SANs), or wildcard certs
09:00 <@Dolemite> Sectigo (used to be Comodo) is the issuing CA.   We simply have automation available to DevOps the shit out of it.
09:01 <@Dolemite> I can also restrict which domains/subdomains a client is allowed to issue against.   ie - I could delegate *.accre.vanderbilt.edu to NotLarry if I were the RAO of Vanderbilt
09:02 <@Dolemite> So if he then tried to certbot notlarry.vanderbilt.edu then it would reject his request, but if he tried notlarry.accre.vanderbilt.edu it would issue
09:03 <@Dolemite> NCCS is chomping at the bit to get started on issuing these for their Globus File Transfer - because while the nodes are public, they don't run HTTP, so we've had to implement a hack to make them work with Let's Encrypt
09:05 <@Dolemite> Given the size of VU and VUMC, I'll bet it would be a cost savings to use.   Even if you don't count all of the internal sites that would have previously used an internal CA or just used self-signed certs.
09:44 <@Evilpig> almost all of our internal stuff uses self-signed and then we use the load balancers to apply a single wildcard
10:02 <@Dolemite> We had our purchasing department give us data on how much we'd sent DigiCert over the past 3 years.   It was in the neighborhood of 100K/year.
10:11 -!- rpifan [~rpifan@p200300d2672b5d0033ede86ee31ced06.dip0.t-ipconnect.de] has joined #se2600
10:42 < aestetix> Dolemite: any reason to do that over LetsEncrypt?
10:44 <@Dolemite> 1 year term instead of 90 days; OV is considered a higher level of trust than DV
10:45 <@Dolemite> You can't use DV for anything that's classified
10:45 < aestetix> The 90 day limit is one of my biggest complaints about LE
10:45 <@Dolemite> Well, I don't know if that's a hard and fast rule, but our Cyber group has told us Let's Encrypt can only be used for low/low data
10:45 < aestetix> What does "considered a higher level of trust" mean?
10:46 < aestetix> Is it referring to algorithms or key size?
10:46 <@Dolemite> So in the realm of ID Management, you have Level of Assurance (LOA).
10:46 <@Dolemite> It's the confidence level that the entity is who they claim to be
10:46 <@Dolemite> So Level 1 LOA is username/password
10:46 < aestetix> Oh is this the bullshit where you have to send them government issued ID?
10:47 < aestetix> Or was that EV? I can't remember
10:47 <@Dolemite> It's not bullshit when you're truly want to know that someone is who they claim to be
10:47 < aestetix> I strongly disagree.
10:47 <@Dolemite> Various protection zones require different LOA for logins.   Certificates are no exception.
10:47 <@Dolemite> aestetix: Then I'm glad for our national security purposes your opinion doesn't matter.
10:48 < aestetix> Another important question: does it cost more? Because the last I looked, these "higher" levels of "trust" were more expensive.
10:48 <@Dolemite> Your own organization can manage the whole LOA.   It's just a set of rules surrounding the chain of trust.
10:49 < aestetix> But yeah, I strongly disagree with the idea that government is somehow a root of trust.
10:49 < aestetix> It could be *one* form of trust. Although I personally do not trust the US government very much ;)
10:49 <@Dolemite> But in terms of certificates, typically an Org pays a one time cost for OV and then delegates from that Org inherit the trust, as long as the rules are followed.
10:50 <@Dolemite> EV (Extended Verification) is just another bit of research completed.   It's really not much different than doing Title Research when buying a house.
10:50 < aestetix> Of course, if you're doing government related work, then having government validated stuff makes sense.
10:50 < aestetix> But it doesn't make sense for anything else.
10:51 < aestetix> Sorry if I'm coming off as snarky. I just got through a very bad experience with ICANN which has left me figuring out a way to cause them lots of misery :p
10:52 <@Dolemite> Well you're kind of mixing and matching terms and trusts here
10:52 < aestetix> I'm referring to trusts as in trust levels.
10:53 <@Dolemite> In terms of LOA, again, that has nothing to do with the government.  It's a set of rules for GOVERNING your own identity management as an organization.
10:53 < aestetix> Oh, then I again strongly disagree that government ID has anything to do with your identity, unless it's in a context which relates to government.
10:54 <@Dolemite> LOA Level 3 would be user + password + MFA that has been established
11:03 <@Dagmar> Jeez it feels like someone _just_ kicked me in the shoulder
11:04 < aestetix> Dagmar: get a shot?
11:04 <@Dagmar> Yeah, second Pfizer
11:04 < aestetix> nice
11:04 < aestetix> I get that in a few weeks
11:04 < aestetix> how bad is it so far
11:04 <@Dagmar> I plannned on taking the day off because the first shot made me feel rough and the second is apparently generally worse
11:05 <@Dagmar> The first one my shoulder just felt like I'd been "frogged" like what kids do to each oterh
11:05 <@Dagmar> I have a tender knot and it freakin hurts this time
11:05 <@Dagmar> I got up at my normal time, felt like trash, said "WEll, I planned for this" and got back in bed
11:13 <@Evilpig> aestetix: I didn't  have any real reaction to the second shot other than a sore arm, headache, and dehydration
11:13 <@Evilpig> I attributed the headache to the dehydration
11:14 < aestetix> I'm just looking forward to two weeks after the second shot
11:14 < aestetix> When I can finally go out again (high risk0
11:15 <@Evilpig> you can go out now
11:15 < aestetix> like I said, I am high risk
11:15 <@Evilpig> lack of vaccination hasn't stopped the bulk of the population here
11:15 < aestetix> so I don't want to chance it
11:15 <@Evilpig> don't be a pussy, it's just a bad flu.  *eyeroll*
11:16 < aestetix> well I don't want a bad flu either
11:16 <@Evilpig> I don't want this damn cold I have but they made the kids goto the school to take a standardized test that they aren't going to count this year
11:17 <@Evilpig> took her one damn day.  one fucking day to bring home the only cold i've gotten in the last year
11:20 <@Dagmar> But kids don't need to be vaccinated
11:21 <@Dagmar> Our republican electees have said they're just immune
11:23 <@Dolemite> Evilpig: We simply kept our kids home instead of sending them in for TCAP testing.
11:23 <@Dolemite> And, of course, on every day of TCAP at Ms Diva's Middle School, principal has to send out an email of a confirmed cased of COVID.
11:23 <@Dolemite> So you know that some plague rats sent their kid in for testing
11:24 < aestetix> I assume that does not stand for To Catch a Predator
11:24 <@Dolemite> To Catch A Plauge
11:25 <@Dolemite> Plague
11:30 <@Evilpig> they sent out notices saying it was not optional for them to skip the testing
11:31 <@Dolemite> Yeah, well.  There's nothing they can do other than mark you absent.
11:31 <@Evilpig> and we also got the notice right after that of 2 cases at the middle school
11:31 <@Evilpig> we're averaging at least one a week at this point
11:32 <@Evilpig> they also want her to come back for an hour for some advanced placement testing but that's done by appointment and she won't go in the main part of the school.  just waiting for this cold to finish its course before I set that up
11:46 <@Evilpig> Dolemite: did they do all of y'alls testing in a day or two?  it took them a week here.  we could have kept her home but that would have been 5 days which is the trigger for a call from the truancy officer
11:46 <@Dolemite> Patrick's was all in a single week, but I think Diva's was over 7 school days.
11:46 <@Dolemite> And our stance was - fuck the truancy office
11:46 <@Evilpig> fair enough
11:47 <@Dolemite> She attended her online classes and turned in all of her work.
11:47 <@Dolemite> Yet they still marked her absent
11:47 <@Dolemite> so 100% fuck them
11:47 <@Dolemite> and the plague rat they rode in on
11:47 <@Mirage> Dolemite: OMG, you said a kid's name in channel!!!!!
11:47 <@Dolemite> Mirage: he's old enough to decide that he doesn't care
11:48 <@Evilpig> all of sabrina's teachers were back in the classroom that week too.  they weren't pleased either
11:48 <@Dolemite> Mirage: I take him to Driver's Ed classes next month.  Talk about really making you feel old.
11:48 <@eryc> aestetix: arm pain mostly depends on the injection site
12:29 <@Dagmar> eryc: Having been the lucky recipient of close to 1,000 intramuscular allergy injections, that's true, but...
12:29 <@Dagmar> ...this is a step above that.
12:29 <@Dagmar> The shots I got were expertly applied
12:30 <@Dagmar> I have a big ol' knot on my arm today
12:30 <@Dagmar> It's fuckin' sort.
12:30 <@Dagmar> er sore
12:30 <@eryc> hm i see
12:30 <@Dagmar> It's what was in the injection, and not the injection itself
12:30 <@Dagmar> Feeling short stacked and feeling like my skin isn't quite on right today... those bug the shit out of me
12:32 <@Dagmar> It kinda sucks
12:33 <@Dagmar> ...but it beats the fuck out of slowly drowning in a hospital bed, and I'd be lying if I haven't done things in the past that left me mildly retarded for a day or so for recreational purposes
12:33 <@Dagmar> So, it also beats permanent brain damage
12:33 <@Dagmar> I am somewhat impressed that I managed to construct that long and coherent sentence.
12:33 <@Dagmar> If it's not that coherent, just keep your fucking mouth shut and let me have my wins
13:10 -!- rpifan [~rpifan@p200300d2672b5d0033ede86ee31ced06.dip0.t-ipconnect.de] has quit [Ping timeout: 276 seconds]
14:28 < xtort-[df-org]> i got my 2nd fauci ouchi today
14:28 < xtort-[df-org]> not dead yet
14:40 -!- rpifan [~rpifan@p200300d2672b5d00cdff18476c00394f.dip0.t-ipconnect.de] has joined #se2600
15:00 <@brimstone> xtort-[df-org]: your sequel injection?
15:01 < xtort-[df-org]> Microchip insertion
15:01 <@brimstone> complete 5G deployment
15:24 -!- xray1 [~xray@c-71-236-3-132.hsd1.ga.comcast.net] has joined #se2600
15:25 -!- xray [~xray@c-71-236-3-132.hsd1.ga.comcast.net] has quit [Ping timeout: 240 seconds]
15:25 -!- xray1 is now known as xray
16:01 -!- oddball [~oddball@h134-215-29-183.mtjltn.broadband.dynamic.tds.net] has quit [Ping timeout: 260 seconds]
16:13 -!- oddball [~oddball@h134-215-29-183.mtjltn.broadband.dynamic.tds.net] has joined #se2600
16:36 -!- oddball [~oddball@h134-215-29-183.mtjltn.broadband.dynamic.tds.net] has quit [Ping timeout: 252 seconds]
16:53 <@eryc> https://hackaday.io/project/164544-cyborg-eyeball-project
16:53 < PigBot> Cyborg Eyeball Project | Hackaday.io (at hackaday.io)
16:54 -!- oddball [~oddball@h134-215-29-183.mtjltn.broadband.dynamic.tds.net] has joined #se2600
17:49 -!- PigBot [~PigBot@wilpig.org] has quit [Remote host closed the connection]
17:54 -!- PigBot [~PigBot@wilpig.org] has joined #se2600
18:05 <@Evilpig> something is different between el7 and el8 for nfs.  copying some large files to my nas and it's causing ls to that same path to hang. :-/
19:23 -!- rpifan [~rpifan@p200300d2672b5d00cdff18476c00394f.dip0.t-ipconnect.de] has quit [Ping timeout: 250 seconds]
23:39 -!- mode/#se2600 [+o Catonic] by ChanServ
23:40 <@Catonic> what a long, strange time it has been.
23:41 <@opticron> what an understatement
--- Log closed Sat May 08 00:00:53 2021