--- Log opened Wed Aug 30 00:00:51 2023
06:02 <@Dolemite> mr0ning, be0tches and h0ez!
06:27 < Evilpig> shut your dirty whore mouth
06:28 < Evilpig> bah!  cuda update this morning
06:44  * aestetix hugs Dolemite 
06:44  * aestetix blocks Evilpig from getting to work until he fixes the climate
06:53 < Evilpig> too late, i'm already working.  and get out of my bedroom
08:00 <@Dolemite> https://gizmodo.com/amazon-ceo-tells-workers-to-return-to-office-or-fired-1850783235
08:00 < PigBot> Amazon CEO Tells Workers to Return to Office or Leave (at gizmodo.com) https://tinyurl.com/2beyf6nk
08:00 <@aestetix> sucks to be them
08:01 <@Dolemite> yep, I don't see as many people ready to go work for them as 10 years ago
08:02 <@Dolemite> Other than these very rural communities that don't have local jobs other than working in the warehouse
08:02 <@aestetix> well a warehouse job you can't really do from home
08:02 <@Dolemite> exactly
08:03 <@Dolemite> although you're much less likely to get run over by a robot if you're working from home
08:03 <@Dolemite> Just like a Momazon!
08:43 <@Mirage> I had a *fun* discussion last night about the fact that Improved Hunter's Mark is broken.  I've tested it against the target dummies and there is no DPS difference between normal and improved, even though the +150 Attack Power _should_ make some sort of difference.  In my latest testing there was a 5dps difference between the two tests over the course of 5 minutes (the duration of HM) doing default attack 
08:43 <@Mirage> against the dummy.  5dps is within normal margin of error and could easily be explained by differences in crits.
08:45 <@Mirage> The morons were trying to tell me to "sim it" on a website and that doing so proved that it was working. They took mild exception to me pointing out that testing it in something intended to simulate the way the game is supposed to behave vs in the game itself is not a valid test when what's being tested is suspected to be broken in the game itself.
08:46 <@Mirage> This is the same argument I had with a Puppet dev a few years back when he was trying to tell me that my modules used for patching 25k systems shouldn't even be working because he tested them on his laptop.
08:59 < dasunt> Shouldn't there be a dev environment for testing that is a close replica of prod?
09:09 <@Mirage> dasunt: in the case of puppet, yes..  And actually s far as in WoW, the PTR would be the non-prod test platform
09:35 < dasunt> We have four environments at work atm - and if we're lucky, we even have something to test on!  :(
09:39 <@Mirage> In our team meeting yesterday they were discussing the possibility of having Bank of America coming on as a customer.  One of the guys said he used to support BoA w/ a different company and that one of their hard requirements on any project is that there has to be a lab environment that is exactly the same as prod.
09:42 < dasunt> In theory, we should have that, and we do in some areas (with data scrubbed of PII).  In practice...
09:42 <@Mirage> Dolemite: I was watching something yesterday talking about GW2, so I decided to download it and mess around a bit.  My account was locked, likely due to inactivity, and the pop-up told me I had to email support with a bunch of info to get it unlocked.   Did that as well as noted that I'd lost access to GW ages ago when GW2 came out and that I'd appreciate it if they could link the two while they were at 
09:42 <@Mirage> it.  Got a passwd reset link sent to me today and my ArenaNet account now shows both games.  Haven't tried GW2, but was able to log in to GW for the first time in YEARS
09:43 <@Mirage> dasunt: the intent and reality of lab->prod are normally vastly different
09:44 <@Dolemite> Mirage: Yeah, I never finished GW2, but I have it and GW on my ArenaNet account.   Hit me up if you want to play sometime.
09:49 <@Mirage> Hell, I need to figure out the games again.
09:51 < dasunt> Mirage: Yup.  Ideally, it would be switching a few parameters in your IaC deployment.  In practice, the vast majority of companies aren't there.
10:12 -!- lastchild [~lastchild@170.103.79.144] has joined #se2600
10:28 -!- lastchild [~lastchild@170.103.79.144] has quit [Changing host]
10:28 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
10:28 -!- lastchild [~lastchild@user/lastchild] has quit [Quit: Leaving]
10:29 -!- lastchild [~lastchild@170.103.79.144] has joined #se2600
10:33 -!- lastchild [~lastchild@170.103.79.144] has quit [Changing host]
10:33 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
10:38 -!- lastchild [~lastchild@user/lastchild] has quit [Quit: Leaving]
10:41 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
11:19 <@Dolemite> There has been a major lack of kids being called shit asses on Rez Dogs this season
11:20 -!- lastchild [~lastchild@user/lastchild] has quit [Quit: Leaving]
11:26 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
11:46 <@Dagmar> What in the fuck
11:47 <@Dagmar> I've got a CIFS mount that looks like it's turning around and doing a second mount of the same damn filesystem just so the username:group ownership "looks right"
11:57 <@Dagmar> Sure this shit has not been going on for ages and I've just not noticed it
11:57 <@Dagmar> This has to be some Ben "special sauce" in operation
12:45 < dasunt> LOL.
12:58 <@aestetix> https://abcnews.go.com/US/trumps-former-health-adviser-believes-current-covid-response/story?id=102646852
12:58 < PigBot> Trump's former health adviser believes current COVID response is falling behind - ABC News (at abcnews.go.com) https://tinyurl.com/2b69brwq
13:26 <@Mirage> Apparently McConnell needs to retire or be retired.
13:29 < Evilpig> bah!  my tdarr node crashed earlier or something.  for whatever reason it restarted the server node which triggered an update, so I had to update all the clients and the db is still loading 
13:34 <@opticron> the turtle already tried to stroke out on us
13:34 <@opticron> give him a little bit and he'll probably do it again
13:40 <@Dagmar> Looks like he just had another stroke
13:41 <@aestetix> .... another
13:41 <@Dagmar> Yes.
13:41 <@Dagmar> Like, as in, today
13:41 <@aestetix> how many fucking strokes can you have before you keel over and die
13:41 <@Dagmar> A couple weeks ago he inexplicably stopped at the podium in the middle of a speech, claimed he felt "lightheaded"
13:41 <@opticron> if you get the right drugs immediately, probably a lot
13:41 <@Dagmar> Doctors determined later that evening that he'd actually had a stroke
13:41 < Evilpig> aestetix: modern medicine has allowed the weak to continue to spread their faulty genetics 
13:41 <@Dagmar> ...adn he just had the same thing happen today, it's on CNN
13:42 <@Dagmar> It's probably the stress of lying to reporters
13:43 <@aestetix> https://www.youtube.com/watch?v=6R0ybFEZiBk
13:43 <@aestetix> wow
13:43 <@aestetix> this is scary
13:43 < PigBot> Raw Video: Mitch McConnell freezes again during Kentucky press conference - YouTube (at www.youtube.com) https://tinyurl.com/22n3lo2f
13:44 <@Dagmar> He's probably internally freaking out because at some point the people screening the reporters allowed to approach his holy presence will fail, and someone's going to ask a question about the growth and encouragement of fascism and lies under the GOP, and he'll have no way to answer
13:45 <@Dagmar> He *knows* what kind of human debris he's been working for
13:45 <@aestetix> I mean he clearly needs medical attention
13:46 <@Dagmar> He needs a morals and ethics transplant
13:46 <@Dagmar> He hasn't made a decision based on what his constituency needs in a few decades
13:46 <@Dagmar> He is *exclusively* doing the bidding of the GOP.
13:47 <@Dagmar> If the strain causes him to stroke out and die, I have difficulty seeing that as a problem
13:47 <@Dagmar> It's time for him to get out of the gene pool and stop fucking up civilization
13:48 <@Dagmar> Giuliani, on the other hand, is pretty much "done"
13:49 <@Dagmar> With all teh lawsuits and criminal charges, he'll be needing jail to provide a roof over his head soon
13:50 <@Dagmar> Him lying about some poll workers is part of the RICO trial, and they'll be able to take the evidence and outcomes of that into account for deciding how much he owes all the people he trash-talked on Trump's behalf
13:50 <@Dagmar> He is fuuuuuuuuuuucked
13:59 < Evilpig> Dagmar: as a former member of his constituency, yes.  fuck that guy.  his anti-pot stance has cost kentuckians billions at this point
14:00 <@Dagmar> Evilpig: Hey are you using cifs mounts anywhere and can confirm this bizarre shit I'm seeing is normal?
14:00 < Evilpig> I do use one actually.  
14:00 <@Dagmar> It seems to literally turn around and make a second mount with the uid/gid of the user trying to write somewhere when you try
14:01 < Evilpig> i'll look and see in a bit.  do you have that option set in the smb.conf to force that id?  or are you attempting to write as the actual user?
14:01 <@Dagmar> Like a directory will look root:root, and I'll touch a file in there, and bam now it's owned by the user account I was using because there's anotehr mount showing in /proc/mounts which uses uid/gid params for that directory
14:01 <@Dagmar> There's no smb.conf because there's no Samba on this thing.  It's literally the cifs kernel module doing a CIFS mount on a Windows server
14:02 <@Dagmar> I figured this woudl work like it does with NFS, that you would actually see different users owning stuff
14:02 <@Dagmar> ...but it seems like it just tries to write and then if it can it turns back around and does a second mount so an ls will show hte directory as being owned to that users uid and gid
14:03 <@Dagmar> The problem with this being, it doesn't have any way to do this for _subsequent_ accesses from different users
14:03 <@Dagmar> That seems to be a pretty glaring gap in functionality over NFS
14:07 < Evilpig> okay I got you now.  linux client -> windows via cifs.  I use that for offloading my weekly backups to another host.  let me fire up the mount and see what it does
14:08 < Evilpig> and you
14:08 < Evilpig> re sure windows isn't just changing the ownership and you're seeing the cache delay or something?
14:08 <@Dagmar> No I'm literally seeing new entries appear in /proc/mounts for each new mount it makes of a subdir
14:09 <@Dagmar> Like, do your mount, then change to another uid that _should_ have write access on the filesystem for the other side
14:09 <@Dagmar> ...and just ignore what ls shows as the owner and group and just touch a fil
14:09 < Evilpig> I don't have any id's setup for that
14:10 < Evilpig> cause my cifs mount connects as userx.  so everything is written as userx
14:10 <@Dagmar> Ah...
14:10 <@Dagmar> Well, I'm seeing this on two different CentOS 7 machines, and one is my dev box so I know no one's been doing anything magical there
14:11 < Evilpig> trying to keep any kind of linux user ownership across a cifs connection sounds like a bad day
14:11 <@Dagmar> Technically it _should_ work because CIFS/SMB knows uid/gid and they *do* map when you're using sssd/winbind
14:11 <@Dagmar> ...but this is the most jacked up thing I've ever seen
14:12 <@Dagmar> Holy hell I have no idea why it doesn't just represent hte actual ACLs
14:13 < Evilpig> they should map.  but ... I need to see if any of these files on my windows box are owned by anything.  they all show as root 
14:14 <@Dagmar> Yep
14:14 <@Dagmar> THey'll show as that until you try writing with some other account
14:14 <@Dagmar> If it has the rights to do so, bam you get a new mount
14:14 <@Dagmar> ...and it does NOT appear to work if you try to do this in teh same place with a third uid
14:14 < Evilpig> even as root trying to change ownership on something it isnt' changing
14:15 <@Dagmar> ANy writes don't check the ACLs.  That's the job of the filesystem layer
14:15 <@Dagmar> Those return with enoperm errors or whatever based on what the filesystem layer says
14:17 < Evilpig> one of these days I might get around to messing with kerb and try to get an automatic connection over there for smb or something but i'm just not set for that.  sorry
14:18 <@Dagmar> Well, all this shit is making me want to dig into how to use Samba to run an AD domain
14:18 <@Dagmar> ...jsut so I can wrap my head around some of this wacky windows shit
14:19 <@Dagmar> Just on the basis of "Windows is eight times larger" I'm going to consider it having at least seven times as many bugs as anything I could do with Samba
14:19 < Evilpig> my task for today is re-evaluating all our policies against https://www.cisecurity.org/cis-benchmarks
14:19 < PigBot> CIS Benchmarks (at www.cisecurity.org) https://tinyurl.com/2k7hnwfg
14:20 <@Dagmar> Fuck that site
14:21 <@Dagmar> I'm not giving them even a fake email address to download a "free" document
14:21 <@Dagmar> They're just going to spam, so fuck them in the ass
14:22 < Evilpig> lol  I have all the stuff from them.  the other link I had is behind their login 
14:23 <@Dagmar> Are they basing their analysis on just vulns and patching alacrity, or are they genuinely taking into account "The developers of this project do not break your shit, mid-release"?
14:23 < Evilpig> none of that.  let me get a screenshot of some of the results
14:23 <@Dagmar> ...because stuff like this recent bullshit with perl-DBD-mysql/mariadb and SSL is a great example
14:24 < Evilpig> this is more best practice type crap
14:24 <@Dagmar> Okay then really fuck what they think
14:24 <@Dagmar> A stable platform doesn't break you LOB processes.  Availability fuckin' matters for security
14:25 < Evilpig> this is baseline stuff.  like do you have a password policy, do you have ntp configured, etc
14:25 < Evilpig> audit checkbox kinda stuff
14:25 <@Dagmar> I consider "basic competency in system configuration" to be a "DO IT OR GTFO" thing
14:26 <@Dagmar> That doesn't require someoen to analyse specific Linux distributions unless they're just trying to name drop for street cred
14:27 <@Dagmar> I may name-drop their org on Shitter later as a site for people to check that their fucking speed is okay
14:31 < Evilpig> https://www.wilpig.org/rocky9.html
14:31 < PigBot> Benchmark Result xccdf_org.cisecurity.benchmarks_testresult_1.0.0_CIS_Rocky_Linux_9_Benchmark (at www.wilpig.org) https://tinyurl.com/254yfb4z
14:32 <@Dagmar> Umm.. Some of this is slightly daft
14:33 < Evilpig> yes
14:33 <@Dagmar> Some of it's definitely belt and suspenders
14:34 <@Dagmar> Woryring about both the rp_filter and packets coming to loopback from other interfaces is silly
14:34 <@Dagmar> rp_filter will snuff that shit with a quickness
14:34 < Evilpig> stuff like making sure there is a local firewall enabled, good.  the filters, whatever
14:35 < Evilpig> my task was to get all our crap scanned and we're going to go over these and decide which we're going to enforce and update documentation aroudn them for audits
14:35 <@Dagmar> I would ignore the shit out of 5.2.7
14:35 < Evilpig> not a big task.  mostly paperwork and a little scriping to automate the whole thing because the previous person did this all by hand like some kind of lunatic
14:36 <@Dagmar> There's some things (like backups) that are just going to be simpler with key-only access to specific things being granted to root
14:36 < Evilpig> oh yeah.  we have our root policy
14:36 < Evilpig> and host matching rules too
14:36 <@Dagmar> Password access to root is of course insane anywhere but the local console, but I don't really like the lack of explanations about perfectly reasonable alternatives to what they're laying out here
14:37 < Evilpig> this isn't a source of truth but a rough outline of best practices
14:37 <@Dagmar> Put that way I can tolerate what I'm seeing
14:38 <@Dagmar> It's
14:38 <@Dagmar> It's certainly a very detailed list
14:38 <@Dagmar> There's some stuff they have left out, like, if they're going to worry about mount options on /var/log/audit, they need a bulletpoint for /var/log/audit being a separate filesystem
14:39 < Evilpig> the permissions and ownership in /var/log
14:39 < Evilpig> it's bitching about some files that are 644
14:39 < Evilpig> /var/log/dnf.log being one of them
14:39 <@Dagmar> 1.1.8.1 "Ensure /dev/shm is a separate partition"  *eyeroll*
14:39 <@Dagmar> It's pretty much tmpfs on everywhere and everything
14:39 < Evilpig> that's a straight up who gives a fuck.  we aren't going to change perms in that directory because there's no telling what will break
14:40 < Evilpig> I saw that one too and laughed
14:40 <@Dagmar> Might as well say "Ensure /dev is in a separate filesystem"
14:40 < Evilpig> I guess if you're checking things to make sure someone didnt' set up a real mount to /dev/shm to try and capture something that's a good thing to check
14:40 < Evilpig> but that's the only reason I can think of to list something like that
14:41 < Evilpig> I've gotta get some pants on and run bus duty here in a few
14:41 <@Dagmar> We could probably just nudge the kernel developers and get them to add something so that /dev/shm just becomes it's own filesystem type so it can be a fake filesystem like devfs and sysfs
14:41 <@Dagmar> I can't think of anyone who might be using /dev/shm as some form of IPC between freakin' users
14:43 < Evilpig> we used to store nagios perfdata there.  I can see someone shoving something sensative in there knowing that it's going to destruct on any kind of shutdown
14:43 < Evilpig> the perms would be dumb to do that with, but whatever
14:43 <@Dagmar> I could have sworn it used to be a device and not just an excuse to allocate a ram disk
14:44 <@Dagmar> I guess they decided this was easier.  
14:44 <@Dagmar> Thinking about it, a filesystem abstraction gives you all the stuff you'd need to handle access control for someone's derpy ideas of IPC, and it's a ramdisk already...
15:30 <@Dagmar> Bah once again mariadb is being shirty about ssl
15:37 <@Dagmar> bah cnf not conf
16:12 <@Dagmar> okay.  Fuck it.  MariaDB can bite my ass
16:16 <@Dagmar> Their libraries present on the amchine cause perl to cough up a hairball because it can't enforce requiring SSL
21:46 <@Mirage> My brain almost melted in guild discord this eve when someone was mixing lyrics between House of Pain 'Jump Around' w/ Kris Kross 'Jump'
22:15 -!- lastchild [~lastchild@user/lastchild] has quit [Remote host closed the connection]
22:16 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
--- Log closed Thu Aug 31 00:00:53 2023