--- Log opened Mon Nov 13 00:00:45 2023
00:43 -!- ware [ware@phneak.net] has quit [Ping timeout: 248 seconds]
00:47 -!- ware [ware@phneak.net] has joined #se2600
01:43 -!- ware [ware@phneak.net] has quit [Ping timeout: 255 seconds]
06:21 -!- Dolemite [~scott@h96-60-254-42.cncrtn.broadband.dynamic.tds.net] has joined #se2600
06:21 -!- Dolemite [~scott@h96-60-254-42.cncrtn.broadband.dynamic.tds.net] has quit [Changing host]
06:21 -!- Dolemite [~scott@user/dolemite] has joined #se2600
06:21 -!- mode/#se2600 [+o Dolemite] by ChanServ
06:21 <@Dolemite> mr0ning, be0tches and h0ez!
06:54 < Evilpig> https://www.themoviedb.org/movie/673593
06:54 < PigBot> Mean Girls (2024) — The Movie Database (TMDB) (at www.themoviedb.org) https://tinyurl.com/ytj6lwqs
06:54 < Evilpig> apparently they've remade mean girls
06:59 <@Dolemite> So on the drive back from Florida yesterday I saw a billboard that I just had to laugh out loud at...   It's for 888 Fake Leg
07:00 <@Dolemite> It listed their url but the domain apparently is no longer valid, as it is held by a domain parking spammer
08:04 -!- lastchild [~lastchild@user/lastchild] has joined #se2600
08:05 -!- lastchild_ [~lastchild@user/lastchild] has quit [Ping timeout: 264 seconds]
11:56 <@Dagmar> Goddamn hipsters and their worthless version numbers
12:00 -!- strages [sid11297@id-11297.helmsley.irccloud.com] has quit [Server closed connection]
12:00 -!- strages [sid11297@id-11297.helmsley.irccloud.com] has joined #se2600
12:00 -!- mode/#se2600 [+o strages] by ChanServ
12:10 <@Mirage> Shocker.. "TV tracker: Renewed and canceled shows
12:10 <@Mirage> It's one (season) and done for "The Rookie" spin-off series centered around Special Agent Simone Clark at ABC."
12:13 -!- brimstone [~brimstone@sprinkle.cloud] has quit [Server closed connection]
12:13 -!- brimstone [~brimstone@sprinkle.cloud] has joined #se2600
12:16 <@opticron> Yes...intense surprise
12:22 <@Dolemite> Oh, good, I don't have to endure that show anymore just to keep track of when they plot jump from one show to another
12:27 <@opticron> I just accepted that I might miss a reference here or there
12:27 <@opticron> and never even started it
14:06 <@Dagmar> Who needs to be stabbed for opendcim to actually do SSL to the mysql server?
14:06 < Evilpig> it should handle it just fine if you put it in the pdo stuff
14:07 < Evilpig> https://callisto.digital/posts/php/enable-mysql-over-ssl-in-php-pdo/
14:07 < PigBot> Enable MySQL Over SSL In PHP (PDO) - Callisto Digital (at callisto.digital) https://tinyurl.com/ynu3wx45
14:08 <@Dolemite> yeah I have been requiring SSL for mysql in my setup for years
14:09 <@Dagmar> I'm gonna have to wedge that into the wiki for sure, but without the bullshit PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
14:10 <@Dolemite> If your cert is from an OS level trusted CA and you set MySQL Server to require ssl, you don't need any additional PDO Options
14:10 <@Dagmar> Demonstratably untrue
14:11 <@Dolemite> If you wish to die on that hill, go right ahead
14:11 <@Dagmar> ...or at least not reliably true
14:11 < Evilpig> https://www.imdb.com/list/ls063853872/mediaviewer/rm3152194305/   warrior nun has been "resurrected" ?
14:11 < PigBot> TV tracker: Renewed and canceled shows (at www.imdb.com) https://tinyurl.com/ytalp3av
14:11 <@Dolemite> Evilpig: Yeah, read about that a couple of months ago
14:11 < Evilpig> oh I see.  three movie specials
14:11 <@Dagmar> Without it requiring verification of the cert, it's less than worthless
14:14 <@Dolemite> Default value of PDO::MYSQL_ATTR_SSL_VERIFY_CERT is true
14:18 <@Dagmar> I have scripts that put our certs into /etc/pki/ca-trust/source/anchors and run update-ca-trust, which results in them appearing in the bundle cert in /etc/pki/tls/certs/ca-bundle.crt (and the other one)
14:19 <@Dagmar> Shit still doesn't work if you're requiring SSL for the connection and you don't _specify_ the existance of that bundle
14:19 < Evilpig> then it should connect up fine just set your user to require ssl
14:19 <@Dagmar> PDO is not to be trusted
14:19 <@Dagmar> I was literally just having it fail, right here on my screen, until I told it about the bundle
14:19 < Evilpig> I do need to finish editing that wiki
14:19 < Evilpig> I started to re-organize it then I got distracted
14:20 <@Dagmar> No worries
14:20 <@Dagmar> I'm going to have a shower, lunch, and a smoke before I deal with this part: "You must have some form of Authentication enabled to use openDCIM."
14:21 <@Dagmar> I like the way mod_auth_form and mod_session_crypto work together, but it's still painful bit of stuff to assemble 
14:21 <@Dagmar> I am still chasing down one-offs here from when I still wasn't quite 100% about how the fuck it worked
14:22 <@Dagmar> ...and I'm going to keep doing it by hand each time until I finally have it all fuckin' memorized
14:22 < Evilpig> if you just follow the install instructions in the wiki it works fine
14:22 < Evilpig> then you can do whatever with your auth
14:22 <@Dagmar> I'm just _not_ using Basic Auth here for anything
14:22 <@Dagmar> I'm surprised Chrome hasn't already dropped it
14:23 <@Dagmar> At some point some of this shit's getting converted to require TOTP codes and that definitely won't work with Basic Auth
14:24 <@Dolemite> Personally I'd drop it to only work with SAML/OIDC but there are lots of folks still living in the 20th century
14:24 <@Dagmar> I gotta worry about maybe 20 people, tops
14:25 <@Dagmar> I'll personally handle whatever kind of password changes are needed for that, or I'll do like I've already done 2-3 times here... Write a user management web interface and delegate that problem to someone else
14:25 <@Dagmar> ...but some of the stuff I'm messing with should really have TOTP or some kind of 2FA
14:25 <@Dolemite> Does NHC not have an IdP?
14:25 <@Dagmar> ...and TOTP is basically within my reach
14:26 <@Dagmar> Dolemite: Dude, I have been talking up the idea of an identity management group since day one here
14:26 <@Dolemite> my condolences
14:26 <@Dagmar> As it stands we have an outside payroll processing company dictating fuckin' usernames to us
14:26 <@Dagmar> ...and their data entry people are complete morons
14:26 <@Dolemite> I figured you were all up in AzureAD or similar
14:26 <@Dagmar> First and middle names in the first name field, unicode here and there... sheesh
14:27 <@Dagmar> Ummm... No.  I don't particularly trust AD on a good day
14:27 < Evilpig> meh.  ad is just ldap mostly
14:27 <@Dagmar> I'm keeping an assemblage of notes that I come back to now and again with an eye towards being able to potentially drain the ciphertexts from AD and set that shit up under LDAP and Samba if something ransomware-like goes wrong
14:28 <@Dagmar> Evilpig: LDAP I'm fine with.  AD being the "mostly" parts is the problem
14:28 <@Dolemite> AD, yes.  AzureAD is a whole different animal.
14:29 <@Dagmar> They're still an animal that came from Microsoft's breach
14:29 <@Dagmar> I will not trust those fucks
14:29 <@Dolemite> The point being, I would have expected NHC to have a centralized user store with an IdP to support modern authentication
14:30 <@Dolemite> No matter what brand you slap on it
14:30 <@Dagmar> ...and I will especially not trust AzureAD with it being 1) the new hotness that everyone wants to attack and 2) the untested hotness so new pedobear still likes it
14:31 <@Dagmar> ...and somehow places with modern IdP still get hit with ransomware, usually because AD is such a mess they were able to leverage a printer account into global admin 
14:33 <@Dagmar> My _guess_ is that different versions/builds of PDO probably may or may not include the system's SSL store
14:33 <@Dagmar> s/SSL/PKI/
14:34 <@Dagmar> Like, this isn't the first time I've heard someone saying "Oh PDO does it automatically" and then I would go and look and find out that it _wasn't_
14:34 <@Dagmar> Seeing that Callisto page with verify false on it makes my blood boil tho
14:35 <@Dagmar> I can think of exactly zero reasons (otehr than incredible incompetence) that it would make sense to both supply a copy of your own CA cert to the fucking thing, and then tell it to NOT verify that cert
14:35 <@Dagmar> That's being stupid with extra typing
16:23 <@Mirage> Evilpig: yeah, I saw that about "Warrior Nun" and was excited because I enjoyed that show.
17:10 <@Dagmar> If ya'll act up again I'm showing my wife the openDCIM logo art
17:43 <@Dagmar> Okay.  I see the rest is that no one ever even tried to theme this
17:46 <@Dagmar> Oh no...
17:51  * Dagmar shudders
17:53 < Evilpig> Dagmar: clearly you haven't seen the better art on https://dev.opendcim.org
17:53 < PigBot> openDCIM Data Center Inventory (at dev.opendcim.org login/password dcim/dcim) https://tinyurl.com/yawtumyb
18:37 <@Dagmar> Everything about the appearance is yech
20:07 -!- aestetix [~aestetix@phalse.2600.com] has quit [Server closed connection]
20:08 -!- aestetix [~aestetix@phalse.2600.com] has joined #se2600
20:59 -!- npcomp [~user@user/npcomp] has quit [Server closed connection]
20:59 -!- npcomp [~user@user/npcomp] has joined #se2600
20:59 -!- mode/#se2600 [+o npcomp] by ChanServ
22:22 -!- Shadow404 [~shadowirc@user/shadow404] has quit [Server closed connection]
22:22 -!- Shadow404 [~shadowirc@user/shadow404] has joined #se2600
22:22 -!- mode/#se2600 [+o Shadow404] by ChanServ
22:32 -!- ZachGibbens [sid527778@user/zachgibbens] has quit [Server closed connection]
22:32 -!- ZachGibbens [sid527778@user/zachgibbens] has joined #se2600
--- Log closed Tue Nov 14 00:00:46 2023