IRCLogs for #armagetron in 2023-11-23 • ArmaNelgTron.tk

Searching from 2023-11-23 00:00:00 to 2023-11-23 23:59:59.999999.
Query completed in 1.06 seconds
[2023-11-23 00:28:24] <Lucifer_arma> man, I used to be much better at laying out a webpage.  :/  I hate being out of practice on crap.
[2023-11-23 00:28:25] <armagetronbridge> 10irc:Lucifer_arma| man, I used to be much better at laying out a webpage.  :/  I hate being out of practice on crap.
[2023-11-23 04:10:43] --> monr0e_ has joined the channel
[2023-11-23 04:21:52] <armagetron-bridge> 08discord:delinquent| I've never been great at design. Meridian has gone through quite a number of design iterations already
[2023-11-23 04:21:52] <armagetronbridge> 08discord:delinquent| I've never been great at design. Meridian has gone through quite a number of design iterations already
[2023-11-23 05:16:28] <-- Armanelgtron has quit (No Ping reply in 180 seconds.)
[2023-11-23 05:17:35] <-- Armanelgtron has quit (No Ping reply in 210 seconds.)
[2023-11-23 05:20:41] --> Armanelgtron has joined the channel
[2023-11-23 05:20:43] -!- silver.libera.chat set mode #armagetron +nt
[2023-11-23 05:20:43] -!- Channel #armagetron created on 2021-05-20 17:23:14 UTC
[2023-11-23 05:21:38] --> Armanelgtron has joined the channel
[2023-11-23 05:21:38] -!- Topic for #armagetron is "Armagetron Advanced | http://www.armagetronad.org/ | Welcome to IRC"
[2023-11-23 05:21:38] -!- Topic set by ChanServ!services@services.oftc.net on 2022-12-21 00:36:08 UTC
[2023-11-23 05:21:39] -!- weber.oftc.net set mode #armagetron +nt
[2023-11-23 05:21:39] -!- Channel #armagetron created on 2021-04-20 19:56:37 UTC
[2023-11-23 05:34:37] <Lucifer_arma> I used to be pretty good, but now my designs look like they're late '00s/10s.  So out of date.
[2023-11-23 05:34:38] <armagetronbridge> 10irc:Lucifer_arma| I used to be pretty good, but now my designs look like they're late '00s/10s.  So out of date.
[2023-11-23 05:35:05] <Lucifer_arma> doesn't help that the standards have moved quite a bit, so my instincts are all off a bit, too.
[2023-11-23 05:35:06] <armagetronbridge> 10irc:Lucifer_arma| doesn't help that the standards have moved quite a bit, so my instincts are all off a bit, too.
[2023-11-23 07:12:37] <armagetron-bridge> 04discord:ZDHades| I just use bootstrap snips for *everything* or just whole ass templates if I'm lazy. I can't do front end design at all 😭
[2023-11-23 07:12:37] <armagetronbridge> 04discord:ZDHades| I just use bootstrap snips for *everything* or just whole ass templates if I'm lazy. I can't do front end design at all 😭
[2023-11-23 07:37:56] <armagetron-bridge> 08discord:delinquent| I hate bootstrap with a passion. In fact, I hate the vast majority of kit-esque platforms like that. They're *so* heavy it's ridiculous. I much prefer to start from scratch, a single placement doesn't need thirty dividers to put it in place
[2023-11-23 07:37:56] <armagetronbridge> 08discord:delinquent| I hate bootstrap with a passion. In fact, I hate the vast majority of kit-esque platforms like that. They're *so* heavy it's ridiculous. I much prefer to start from scratch, a single placement doesn't need thirty dividers to put it in place
[2023-11-23 07:43:58] <-- monr0e_ has quit (Ping timeout: 276 seconds)
[2023-11-23 07:45:27] --> monr0e has joined the channel
[2023-11-23 10:01:07] <-- monr0e has quit (Ping timeout: 276 seconds)
[2023-11-23 16:25:21] <Lucifer_arma> I put in a fair amount of YouMightNeedThis when I lay something out, just so I can focus on the css
[2023-11-23 16:25:21] <armagetronbridge> 10irc:Lucifer_arma| I put in a fair amount of YouMightNeedThis when I lay something out, just so I can focus on the css
[2023-11-23 16:25:34] <Lucifer_arma> of course, that leads to eventual trimming of cruft, which I'm doing right now :/
[2023-11-23 16:25:35] <armagetronbridge> 10irc:Lucifer_arma| of course, that leads to eventual trimming of cruft, which I'm doing right now :/
[2023-11-23 16:29:00] <Lucifer_arma> but there was a time where I could pick out a color code pretty easily and know what color I was getting.  I'm back to asking "How will it look if I add bd blue?"
[2023-11-23 16:29:00] <armagetronbridge> 10irc:Lucifer_arma| but there was a time where I could pick out a color code pretty easily and know what color I was getting.  I'm back to asking "How will it look if I add bd blue?"
[2023-11-23 16:32:09] <Lucifer_arma> also, at some point the industry did two things that I wasn't ready for this time.  It moved to salting and hashing passwords (previously we just hashed them), and the whole web has gone https.
[2023-11-23 16:32:09] <armagetronbridge> 10irc:Lucifer_arma| also, at some point the industry did two things that I wasn't ready for this time.  It moved to salting and hashing passwords (previously we just hashed them), and the whole web has gone https.
[2023-11-23 16:32:25] <Lucifer_arma> I have a cert, but I've never successfully configured apache to use one.
[2023-11-23 16:32:25] <armagetronbridge> 10irc:Lucifer_arma| I have a cert, but I've never successfully configured apache to use one.
[2023-11-23 16:42:39] --> monr0e has joined the channel
[2023-11-23 16:54:20] <armagetronbridge> 08discord:delinquent| Ah, there's a quick and easy solution for that, and it doesn't involve buying certs. It's called "LetsEncrypt", and it comes with a little bot that will both configure a certificate for you, and set up a cron job to automatically renew it. 
[2023-11-23 16:54:20] <armagetron-bridge> 08discord:delinquent| Ah, there's a quick and easy solution for that, and it doesn't involve buying certs. It's called "LetsEncrypt", and it comes with a little bot that will both configure a certificate for you, and set up a cron job to automatically renew it. 
[2023-11-23 16:54:20] <armagetron-bridge> 08discord:delinquent| `sudo apt install certbot`
[2023-11-23 16:54:21] <armagetronbridge> 08discord:delinquent| `sudo apt install certbot`
[2023-11-23 16:54:37] <armagetronbridge> 08discord:delinquent| https://letsencrypt.org/
[2023-11-23 16:54:37] <armagetron-bridge> 08discord:delinquent| https://letsencrypt.org/
[2023-11-23 16:54:43] <armagetron-bridge> 08discord:delinquent| https://certbot.eff.org/
[2023-11-23 16:54:43] <armagetronbridge> 08discord:delinquent| https://certbot.eff.org/
[2023-11-23 16:55:36] <armagetronbridge> 08discord:delinquent| As for salting and hashing, you're almost off the docks with that one too - a lot of platfomrs are moving to 2fa form factors, although many are implementing it incorrectly by using SMS, which is *not* secure
[2023-11-23 16:55:36] <armagetron-bridge> 08discord:delinquent| As for salting and hashing, you're almost off the docks with that one too - a lot of platfomrs are moving to 2fa form factors, although many are implementing it incorrectly by using SMS, which is *not* secure
[2023-11-23 16:56:03] <armagetron-bridge> 08discord:delinquent| it'll be fine for a while yet, though. I don't see the web going completely passwordless for at least a decade
[2023-11-23 16:56:03] <armagetronbridge> 08discord:delinquent| it'll be fine for a while yet, though. I don't see the web going completely passwordless for at least a decade
[2023-11-23 17:00:32] <armagetron-bridge> 08discord:delinquent| As for salting specifically, I use a method I devised myself. I generate a dictionary for each project that randomises character associations, a-zA-Z0-9. I then use that dictionary to randomly place my salt, which ensures that even if there *is* a breach, most of the platform users will have a little extra time to get their ducks in a row and change passwords, because even if the <clipped message>
[2023-11-23 17:00:32] <armagetronbridge> 08discord:delinquent| As for salting specifically, I use a method I devised myself. I generate a dictionary for each project that randomises character associations, a-zA-Z0-9. I then use that dictionary to randomly place my salt, which ensures that even if there *is* a breach, most of the platform users will have a little extra time to get their ducks in a row and change passwords, because even if the <clipped message>
[2023-11-23 17:00:32] <armagetronbridge> 08discord:delinquent|  attacker figures out where the salt is (and how long it is), they've only unencrypted one in approximately sixty-two passwords. It doesn't guarantee anything, really, just makes life harder for any malicious actor.
[2023-11-23 17:00:33] <armagetron-bridge> 08discord:delinquent|  attacker figures out where the salt is (and how long it is), they've only unencrypted one in approximately sixty-two passwords. It doesn't guarantee anything, really, just makes life harder for any malicious actor.
[2023-11-23 17:24:28] <Lucifer_arma> I tried to use letsencrypt awhile back, but failed.  I don't remember why.  But it doesn't matter.  I get a cert with my domain registration, so I'm going to use that.
[2023-11-23 17:24:29] <armagetronbridge> 10irc:Lucifer_arma| I tried to use letsencrypt awhile back, but failed.  I don't remember why.  But it doesn't matter.  I get a cert with my domain registration, so I'm going to use that.
[2023-11-23 17:25:12] <armagetron-bridge> 08discord:delinquent| It's worth figuring certbot out, once its done you never have to touch it again
[2023-11-23 17:25:12] <armagetronbridge> 08discord:delinquent| It's worth figuring certbot out, once its done you never have to touch it again
[2023-11-23 17:25:48] <Lucifer_arma> I'm not doing two form authentication yet
[2023-11-23 17:25:48] <armagetronbridge> 10irc:Lucifer_arma| I'm not doing two form authentication yet
[2023-11-23 17:26:29] <Lucifer_arma> that requires some infrastructure I don't have ;)
[2023-11-23 17:26:30] <armagetronbridge> 10irc:Lucifer_arma| that requires some infrastructure I don't have ;)
[2023-11-23 17:27:20] <Lucifer_arma> I don't need a lot of security quite yet.  Landru doesn't have access to much information, and while you could hurt someone with what it does have access to, even that pain is limited.
[2023-11-23 17:27:21] <armagetronbridge> 10irc:Lucifer_arma| I don't need a lot of security quite yet.  Landru doesn't have access to much information, and while you could hurt someone with what it does have access to, even that pain is limited.
[2023-11-23 17:27:47] <armagetron-bridge> 08discord:delinquent| What are you writing all this in?
[2023-11-23 17:27:48] <armagetronbridge> 08discord:delinquent| What are you writing all this in?
[2023-11-23 17:27:54] <Lucifer_arma> https + salted passwords should be sufficient for the foreseeable future
[2023-11-23 17:27:54] <armagetronbridge> 10irc:Lucifer_arma| https + salted passwords should be sufficient for the foreseeable future
[2023-11-23 17:28:00] <Lucifer_arma> python
[2023-11-23 17:28:00] <armagetronbridge> 10irc:Lucifer_arma| python
[2023-11-23 17:28:08] <Lucifer_arma> I'm using flask for the web app framework
[2023-11-23 17:28:09] <armagetronbridge> 10irc:Lucifer_arma| I'm using flask for the web app framework
[2023-11-23 17:28:44] <Lucifer_arma> following guides around the internet, I put the salt in the database right next to the password.  :)  I'm using the python secrets module to generate the salt
[2023-11-23 17:28:45] <armagetronbridge> 10irc:Lucifer_arma| following guides around the internet, I put the salt in the database right next to the password.  :)  I'm using the python secrets module to generate the salt
[2023-11-23 17:29:07] <armagetron-bridge> 08discord:delinquent| Ya, usually salt goes at the start, and you can also add pepper at the end
[2023-11-23 17:29:07] <armagetronbridge> 08discord:delinquent| Ya, usually salt goes at the start, and you can also add pepper at the end
[2023-11-23 17:29:20] <armagetron-bridge> 08discord:delinquent| that's not me being facetious, its actually called pepper
[2023-11-23 17:29:20] <armagetronbridge> 08discord:delinquent| that's not me being facetious, its actually called pepper
[2023-11-23 17:29:49] <Lucifer_arma> I don't remember which order I did it in, I'm just saying that the salt is in the table right next to username and password and email address (you can use your email address as a username, too)
[2023-11-23 17:29:50] <armagetronbridge> 10irc:Lucifer_arma| I don't remember which order I did it in, I'm just saying that the salt is in the table right next to username and password and email address (you can use your email address as a username, too)
[2023-11-23 17:30:21] <armagetron-bridge> 08discord:delinquent| As for 2fa, once you get around to it, it's a couple plugins to build compatibility with a HTOTP authenticator, and there is a nice FOSS autheticator app called Aegis
[2023-11-23 17:30:21] <armagetronbridge> 08discord:delinquent| As for 2fa, once you get around to it, it's a couple plugins to build compatibility with a HTOTP authenticator, and there is a nice FOSS autheticator app called Aegis
[2023-11-23 17:30:41] <armagetronbridge> 08discord:delinquent| https://www.section.io/engineering-education/implementing-totp-2fa-using-flask/
[2023-11-23 17:30:41] <armagetron-bridge> 08discord:delinquent| https://www.section.io/engineering-education/implementing-totp-2fa-using-flask/
[2023-11-23 17:31:11] <Lucifer_arma> I'm not convinced it's that much better, mostly because of how it's used.  If an attacker has my phone, they're in already
[2023-11-23 17:31:11] <armagetronbridge> 10irc:Lucifer_arma| I'm not convinced it's that much better, mostly because of how it's used.  If an attacker has my phone, they're in already
[2023-11-23 17:31:26] <Lucifer_arma> I'm still the weakest point in this system, after all
[2023-11-23 17:31:26] <armagetronbridge> 10irc:Lucifer_arma| I'm still the weakest point in this system, after all
[2023-11-23 17:32:03] <Lucifer_arma> my phone is configured to use fingerprints for the password manager, so there's that, at least
[2023-11-23 17:32:04] <armagetronbridge> 10irc:Lucifer_arma| my phone is configured to use fingerprints for the password manager, so there's that, at least
[2023-11-23 17:33:04] <armagetron-bridge> 08discord:delinquent| I'm inclined to agree with you, in all honesty. Unfortunately, I lack the necessary funds to purchase whatever the modern equivalent of an RSA key is for every service on which I'm forced to use 2fa, and I flatly refuse to use biometrics.
[2023-11-23 17:33:04] <armagetronbridge> 08discord:delinquent| I'm inclined to agree with you, in all honesty. Unfortunately, I lack the necessary funds to purchase whatever the modern equivalent of an RSA key is for every service on which I'm forced to use 2fa, and I flatly refuse to use biometrics.
[2023-11-23 17:34:25] <Lucifer_arma> well, the main advantage with 2fa authentication is that an attacker has to have access to another service that I use.  But if they've already got my password, and if I were one of those people who uses the same password for everything, then they've got access to another service I use already
[2023-11-23 17:34:26] <armagetronbridge> 10irc:Lucifer_arma| well, the main advantage with 2fa authentication is that an attacker has to have access to another service that I use.  But if they've already got my password, and if I were one of those people who uses the same password for everything, then they've got access to another service I use already
[2023-11-23 17:35:07] <Lucifer_arma> SMS may not be secure by itself, but if I'm using SMS for the second factor, then an attacker would need physical access to my phone or to have also hacked the SMS service somewhere along the lines
[2023-11-23 17:35:08] <armagetronbridge> 10irc:Lucifer_arma| SMS may not be secure by itself, but if I'm using SMS for the second factor, then an attacker would need physical access to my phone or to have also hacked the SMS service somewhere along the lines
[2023-11-23 17:35:47] <Lucifer_arma> but if I send that second factor to email, and they've already got my email address and password, then it's no better than old fashioned password authentication
[2023-11-23 17:35:48] <armagetronbridge> 10irc:Lucifer_arma| but if I send that second factor to email, and they've already got my email address and password, then it's no better than old fashioned password authentication
[2023-11-23 17:36:27] <armagetron-bridge> 08discord:delinquent| That's where keepass comes in handy. I used to use a mathematical formulae to do a password in my head, but nowadays I don't have the brain capacity to work it out every time. Keepass generates a highly complex twentysomething-char password that is at least somewhat difficult to decrypt
[2023-11-23 17:36:27] <armagetronbridge> 08discord:delinquent| That's where keepass comes in handy. I used to use a mathematical formulae to do a password in my head, but nowadays I don't have the brain capacity to work it out every time. Keepass generates a highly complex twentysomething-char password that is at least somewhat difficult to decrypt
[2023-11-23 17:36:41] <Lucifer_arma> the main reason I don't like biometrics is because there's no backup plan.  If I get into a wreck, assuming I can still text and stuff, I can text someone usernames and passwords so they can keep my services runnign while I'm incapacitated
[2023-11-23 17:36:42] <armagetronbridge> 10irc:Lucifer_arma| the main reason I don't like biometrics is because there's no backup plan.  If I get into a wreck, assuming I can still text and stuff, I can text someone usernames and passwords so they can keep my services runnign while I'm incapacitated
[2023-11-23 17:36:47] <Lucifer_arma> biometrics makes that impossible
[2023-11-23 17:36:48] <armagetronbridge> 10irc:Lucifer_arma| biometrics makes that impossible
[2023-11-23 17:37:31] <Lucifer_arma> I can make good passwords, I just can't remember them.  We need services to stop arbitrarily requiring so-called strong passwords and let us use passwords of any length.
[2023-11-23 17:37:32] <armagetronbridge> 10irc:Lucifer_arma| I can make good passwords, I just can't remember them.  We need services to stop arbitrarily requiring so-called strong passwords and let us use passwords of any length.
[2023-11-23 17:38:02] <Lucifer_arma> Instead of making a dumbass policy of having one special character, two uppercase letters, three numbers, etc, they should just test the password on the server side and see how easy it is to crack
[2023-11-23 17:38:02] <armagetronbridge> 10irc:Lucifer_arma| Instead of making a dumbass policy of having one special character, two uppercase letters, three numbers, etc, they should just test the password on the server side and see how easy it is to crack
[2023-11-23 17:38:41] <Lucifer_arma> and then let us figure out what kind of passwords we want.  Then I could use the Four Random Words password plan that creates a nearly uncrackable password that I can remember
[2023-11-23 17:38:41] <armagetronbridge> 10irc:Lucifer_arma| and then let us figure out what kind of passwords we want.  Then I could use the Four Random Words password plan that creates a nearly uncrackable password that I can remember
[2023-11-23 17:39:04] <Lucifer_arma> add a fifth word to those four random words that includes the service name, and then I can also use different passwords for every service
[2023-11-23 17:39:05] <armagetronbridge> 10irc:Lucifer_arma| add a fifth word to those four random words that includes the service name, and then I can also use different passwords for every service
[2023-11-23 17:39:32] <Lucifer_arma> but NOOOOOOOOO.  I have to write stupid shit like P4s$w@rd, which a bot can fucking figure out
[2023-11-23 17:39:34] <armagetronbridge> 10irc:Lucifer_arma| but NOOOOOOOOO.  I have to write stupid shit like P4s$w@rd, which a bot can fucking figure out
[2023-11-23 17:39:48] <armagetron-bridge> 08discord:delinquent| That's also why I use keepass - its a password manager, but one that is compeltely offline
[2023-11-23 17:39:49] <armagetronbridge> 08discord:delinquent| That's also why I use keepass - its a password manager, but one that is compeltely offline
[2023-11-23 17:40:07] <armagetronbridge> 08discord:delinquent| so I don't have to remember anything, except the password that I use for the application
[2023-11-23 17:40:07] <armagetron-bridge> 08discord:delinquent| so I don't have to remember anything, except the password that I use for the application
[2023-11-23 17:40:15] <Lucifer_arma> oh yeah, and then there's the password for the password manager
[2023-11-23 17:40:15] <armagetronbridge> 10irc:Lucifer_arma| oh yeah, and then there's the password for the password manager
[2023-11-23 17:40:22] <Lucifer_arma> seriously, this is getting ridiculous
[2023-11-23 17:40:23] <armagetronbridge> 10irc:Lucifer_arma| seriously, this is getting ridiculous
[2023-11-23 17:40:33] <armagetron-bridge> 08discord:delinquent| well, there's more than just a password, at least in my case
[2023-11-23 17:40:33] <armagetronbridge> 08discord:delinquent| well, there's more than just a password, at least in my case
[2023-11-23 17:40:40] <armagetron-bridge> 08discord:delinquent| but I shan't reveal that :D
[2023-11-23 17:40:41] <armagetronbridge> 08discord:delinquent| but I shan't reveal that :D
[2023-11-23 17:40:54] <Lucifer_arma> but what if you have to use a particular service from a machine that doesn't have your password manager?
[2023-11-23 17:40:54] <armagetronbridge> 10irc:Lucifer_arma| but what if you have to use a particular service from a machine that doesn't have your password manager?
[2023-11-23 17:41:22] <Lucifer_arma> I need my email accessible from public computers so if I lose my phone, I can still reach all the other services because I can reset passwords through email
[2023-11-23 17:41:22] <armagetronbridge> 10irc:Lucifer_arma| I need my email accessible from public computers so if I lose my phone, I can still reach all the other services because I can reset passwords through email
[2023-11-23 17:41:35] <armagetronbridge> 08discord:delinquent| I get on my vpn into my home network, and retrieve the manager DB from my nas
[2023-11-23 17:41:35] <armagetron-bridge> 08discord:delinquent| I get on my vpn into my home network, and retrieve the manager DB from my nas
[2023-11-23 17:42:01] <armagetronbridge> 08discord:delinquent| but tbf I don't really do anything complicated away from home so
[2023-11-23 17:42:02] <armagetron-bridge> 08discord:delinquent| but tbf I don't really do anything complicated away from home so
[2023-11-23 17:42:25] <Lucifer_arma> well, I live in an area that's pretty much guaranteed to get hit by a hurricane at some point, or some other disaster, so I can't rely on my home network being available
[2023-11-23 17:42:25] <armagetronbridge> 10irc:Lucifer_arma| well, I live in an area that's pretty much guaranteed to get hit by a hurricane at some point, or some other disaster, so I can't rely on my home network being available
[2023-11-23 17:42:48] <Lucifer_arma> true, it's been several decades since we last had a hurricane, although Harvey came pretty damn close
[2023-11-23 17:42:49] <armagetronbridge> 10irc:Lucifer_arma| true, it's been several decades since we last had a hurricane, although Harvey came pretty damn close
[2023-11-23 17:42:52] <armagetron-bridge> 08discord:delinquent| Encrypted cloud storage perhaps?
[2023-11-23 17:42:53] <armagetronbridge> 08discord:delinquent| Encrypted cloud storage perhaps?
[2023-11-23 17:43:10] <armagetron-bridge> 08discord:delinquent| Or a spare consumer nas at your parents house?
[2023-11-23 17:43:11] <armagetronbridge> 08discord:delinquent| Or a spare consumer nas at your parents house?
[2023-11-23 17:43:18] <Lucifer_arma> and whose cloud storage am I going to use?  The same nitwits that gave me 2fa in the first place?
[2023-11-23 17:43:19] <armagetronbridge> 10irc:Lucifer_arma| and whose cloud storage am I going to use?  The same nitwits that gave me 2fa in the first place?
[2023-11-23 17:43:30] <Lucifer_arma> My dad's dead, my mom's a cunt, so that's not an option
[2023-11-23 17:43:30] <armagetronbridge> 10irc:Lucifer_arma| My dad's dead, my mom's a cunt, so that's not an option
[2023-11-23 17:44:06] <armagetron-bridge> 08discord:delinquent| heh, you're not wrong. I'm lucky enough to have access to a small DC, so if the worst comes to the worst, I hop on a train and grab all my shit from a crash cart
[2023-11-23 17:44:06] <armagetronbridge> 08discord:delinquent| heh, you're not wrong. I'm lucky enough to have access to a small DC, so if the worst comes to the worst, I hop on a train and grab all my shit from a crash cart
[2023-11-23 17:44:45] <armagetron-bridge> 08discord:delinquent| and then there's the cold storage that gets a dailky feed-in
[2023-11-23 17:44:45] <armagetronbridge> 08discord:delinquent| and then there's the cold storage that gets a dailky feed-in
[2023-11-23 17:45:21] <Lucifer_arma> it also isn't a personal problem.  You have to multiply this issue by the population of the planet, because everyone has this need to some extent
[2023-11-23 17:45:21] <armagetronbridge> 10irc:Lucifer_arma| it also isn't a personal problem.  You have to multiply this issue by the population of the planet, because everyone has this need to some extent
[2023-11-23 17:45:30] <armagetron-bridge> 08discord:delinquent| although I really need to fix the way that works, I have a stock that I made when I got the service, and everything else is diffs. I should really be doing a stock every week and then diffs every day
[2023-11-23 17:45:30] <armagetronbridge> 08discord:delinquent| although I really need to fix the way that works, I have a stock that I made when I got the service, and everything else is diffs. I should really be doing a stock every week and then diffs every day
[2023-11-23 17:45:55] <Lucifer_arma> and the solution is to change how we handle password policy in the first place.  We need to switch from a policy that dictates what your password can be to a policy that tests what password you have, instead.
[2023-11-23 17:45:55] <armagetronbridge> 10irc:Lucifer_arma| and the solution is to change how we handle password policy in the first place.  We need to switch from a policy that dictates what your password can be to a policy that tests what password you have, instead.
[2023-11-23 17:46:54] <Lucifer_arma> or maybe we can scale armathentication up a bit to a general authentication service, but that would just add another authentication service onto the pile of poorly used services that already exists
[2023-11-23 17:46:54] <armagetronbridge> 10irc:Lucifer_arma| or maybe we can scale armathentication up a bit to a general authentication service, but that would just add another authentication service onto the pile of poorly used services that already exists
[2023-11-23 17:47:18] <armagetron-bridge> 08discord:delinquent| The internet in general is a tower of incomplete patches
[2023-11-23 17:47:19] <armagetronbridge> 08discord:delinquent| The internet in general is a tower of incomplete patches
[2023-11-23 17:47:43] <Lucifer_arma> yes, and in a lot of areas, that's a strength
[2023-11-23 17:47:44] <armagetronbridge> 10irc:Lucifer_arma| yes, and in a lot of areas, that's a strength
[2023-11-23 17:48:41] <Lucifer_arma> so you figured out how to crack <this game>'s ingame store, or <this online store>'s credit card database
[2023-11-23 17:48:41] <armagetronbridge> 10irc:Lucifer_arma| so you figured out how to crack <this game>'s ingame store, or <this online store>'s credit card database
[2023-11-23 17:49:01] <Lucifer_arma> but it's just the one, and since everybody does things differently enough, you might compromise an additional service or two, but that's it
[2023-11-23 17:49:01] <armagetronbridge> 10irc:Lucifer_arma| but it's just the one, and since everybody does things differently enough, you might compromise an additional service or two, but that's it
[2023-11-23 17:49:36] <Lucifer_arma> last big T-Mobile hack, I didn't have to do anything, because I was using what was an outdated password for me on T-Mobile.  None of my other accounts could get touched.  :)
[2023-11-23 17:49:37] <armagetronbridge> 10irc:Lucifer_arma| last big T-Mobile hack, I didn't have to do anything, because I was using what was an outdated password for me on T-Mobile.  None of my other accounts could get touched.  :)
[2023-11-23 17:51:12] <Lucifer_arma> I should build up Landru and add the ability to crack passwords, and then sell time on it to organizations that just want to test password strength :)
[2023-11-23 17:51:13] <armagetronbridge> 10irc:Lucifer_arma| I should build up Landru and add the ability to crack passwords, and then sell time on it to organizations that just want to test password strength :)
[2023-11-23 17:52:01] <Lucifer_arma> anyway, I need to go download my cert and get https working.  I'm tired of my web browser warning me about how insecure my stock market trading app is ;)
[2023-11-23 17:52:02] <armagetronbridge> 10irc:Lucifer_arma| anyway, I need to go download my cert and get https working.  I'm tired of my web browser warning me about how insecure my stock market trading app is ;)
[2023-11-23 18:21:07] <Lucifer_arma> ok, I may have to go with letsencrypt
[2023-11-23 18:21:07] <armagetronbridge> 10irc:Lucifer_arma| ok, I may have to go with letsencrypt
[2023-11-23 18:21:35] <Lucifer_arma> so, here's the problem.  To use the no-ip cert, I have to use only my domain, no wildcards, no cname records.  So it's "davefancella.com".
[2023-11-23 18:21:35] <armagetronbridge> 10irc:Lucifer_arma| so, here's the problem.  To use the no-ip cert, I have to use only my domain, no wildcards, no cname records.  So it's "davefancella.com".
[2023-11-23 18:21:54] <Lucifer_arma> davefancella.com resolves to my webserver out in the cloud, the one you get with www.davefancella.com
[2023-11-23 18:21:54] <armagetronbridge> 10irc:Lucifer_arma| davefancella.com resolves to my webserver out in the cloud, the one you get with www.davefancella.com
[2023-11-23 18:22:14] <Lucifer_arma> but I need landru.davefancella.com to use the cert, and when I do that, I get a warning in my browser about how the cert doesn't match the host
[2023-11-23 18:22:14] <armagetronbridge> 10irc:Lucifer_arma| but I need landru.davefancella.com to use the cert, and when I do that, I get a warning in my browser about how the cert doesn't match the host
[2023-11-23 18:22:40] <Lucifer_arma> so, does that mean I can't use the no-ip-provided cert on landru?  Or did I miss something in configuring apache?
[2023-11-23 18:22:41] <armagetronbridge> 10irc:Lucifer_arma| so, does that mean I can't use the no-ip-provided cert on landru?  Or did I miss something in configuring apache?
[2023-11-23 18:23:32] <Lucifer_arma> I can proceed like this for now, because I put an exception in firefox, since I own the server and I know it's fine.  But long-term, that's not ok
[2023-11-23 18:23:32] <armagetronbridge> 10irc:Lucifer_arma| I can proceed like this for now, because I put an exception in firefox, since I own the server and I know it's fine.  But long-term, that's not ok
[2023-11-23 19:16:36] <armagetronbridge> 08discord:delinquent| Are you using apache virtualhosts? Because that's how certbot likes it. You can add multiple certificates at once
[2023-11-23 19:16:36] <armagetron-bridge> 08discord:delinquent| Are you using apache virtualhosts? Because that's how certbot likes it. You can add multiple certificates at once
[2023-11-23 19:16:52] <armagetronbridge> 08discord:delinquent| It used to support wildcards, I'm sure, but no longer
[2023-11-23 19:16:52] <armagetron-bridge> 08discord:delinquent| It used to support wildcards, I'm sure, but no longer
[2023-11-23 19:19:08] <armagetronbridge> 08discord:delinquent| oh and sudo certbot --apache iirc
[2023-11-23 19:19:08] <armagetron-bridge> 08discord:delinquent| oh and sudo certbot --apache iirc
[2023-11-23 20:11:28] <-- monr0e has quit (Ping timeout: 255 seconds)
[2023-11-23 20:30:23] <-- Juest has quit (Ping timeout: 252 seconds)
[2023-11-23 20:33:26] <-- Juest has quit (Ping timeout: 480 seconds)
[2023-11-23 21:33:13] <Lucifer_arma> yeah, vhost
[2023-11-23 21:33:13] <armagetronbridge> 10irc:Lucifer_arma| yeah, vhost
[2023-11-23 21:33:58] <Lucifer_arma> honestly, this is probably the only thing left that I *must* do before I deploy landru's website to a real installation.  Right now it's running from the development directory
[2023-11-23 21:33:59] <armagetronbridge> 10irc:Lucifer_arma| honestly, this is probably the only thing left that I *must* do before I deploy landru's website to a real installation.  Right now it's running from the development directory
[2023-11-23 22:01:55] <Lucifer_arma> this is useful: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
[2023-11-23 22:01:55] <armagetronbridge> 10irc:Lucifer_arma| this is useful: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
View entire month
DISCLAIMER: These logs of public chat may contain some content which may not be appropriate for all audiences. Use at your own risk.
Logs from 2006-2009 pulled from wrtlprnft
Format changes at: 2015-08-25, 2017-02-20, and 2020-03-23. Times (2015 and later) should be Eastern.
. [About this site] [Credits]