search of the:   for: 
code logs -> 2013 -> Tue, 20 Aug 2013< code.20130819.log - code.20130821.log >
--- Log opened Tue Aug 20 00:00:15 2013
00:10 You're now known as TheWatcher[zZzZ]
00:24 ktemkin[awol] is now known as ktemkin[pcb]
00:25 VirusJTG_ [VirusJTG@BAD19E.09A45B.582A63.5AE998] has joined #code
00:28 VirusJTG [VirusJTG@Nightstar-09c31e7a.sta.comporium.net] has quit [Ping timeout: 121 seconds]
00:29 VirusJTG_ [VirusJTG@BAD19E.09A45B.582A63.5AE998] has quit [[NS] Quit: Program Shutting down]
00:29 VirusJTG [VirusJTG@Nightstar-09c31e7a.sta.comporium.net] has joined #code
00:32 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has joined #code
00:32 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has quit [Client closed the connection]
00:33 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has joined #code
00:34 Derakon[AFK] is now known as Derakon
00:51 Karono_ [Karono@9C034E.4BE65E.E00AF8.FDA077] has joined #code
00:52 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has quit [NickServ (GHOST command used by Karono_)]
00:52 Karono_ is now known as Karono
00:59 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has quit [Ping timeout: 121 seconds]
01:06 RoboCop2 [RoboCop2@Nightstar-dfc93a04.asm.bellsouth.net] has joined #code
01:08
< RoboCop2>
so there i was surrounded by naked men and penguins...needless to say thats the last time i answered an ad on cragslist for a free couch
01:09
<@Tamber>
o.รด
01:10
< RoboCop2>
so i take it this has never happened to anyone else
01:10
<@Tamber>
Can't say it has, no.
01:10
< RoboCop2>
eh whatta shame
01:11 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has joined #code
01:13 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has quit [Connection reset by peer]
01:13 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has joined #code
01:14 Karono [Karono@9C034E.4BE65E.E00AF8.FDA077] has quit [Connection reset by peer]
01:18 RoboCop2 [RoboCop2@Nightstar-dfc93a04.asm.bellsouth.net] has quit [[NS] Quit: Leaving]
01:32
< Azash>
That sounds like the local FSF chapter
01:39 ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has quit [Operation timed out]
01:47 Turaiel[Offline] is now known as Turaiel
01:49
< Azash>
Mikko Hypponen
01:49
< Azash>
COPY \windows\system32\cmd.exe \windows\system32\sethc.exe
01:49
< Azash>
Reboot, hit Shift key 5 times, SYSTEM shell will pop up.
01:52
<@gnolam>
?
01:53
< Azash>
gnolam: Replacing the sticky keys binary with cmd.exe
01:53
<@gnolam>
And?
01:53
< Azash>
Apparently sticky keys is run as SYSTEM
01:56
<@gnolam>
Users with admin access can change system behavior. Film at 11.
01:57
<&McMartin>
The admin/SYSTEM split on windows is a reliability feature, not a security feature.
01:57
< Azash>
Eh, I just thought it was interesting
01:57
< Azash>
Sorry
01:58
<&McMartin>
It is a cute trick
01:58
<&McMartin>
And a good demo for "why not to trust in this"
02:02 ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has joined #code
02:02 mode/#code [+ao ToxicFrog ToxicFrog] by ChanServ
02:02
<@Reiv>
That is indeed interesting.
02:04 RichyB [RichyB@D553D1.68E9F7.02BB7C.3AF784] has quit [[NS] Quit: Gone.]
02:07 RichyB [RichyB@D553D1.68E9F7.02BB7C.3AF784] has joined #code
02:50 * Derakon sighs at the Angband forums, wherein a player is basically saying "The dev team sucks. They should just not change anything." and everyone else is saying "Feel free to play an older version, or to actually get off your ass and code the changes you want."
02:52 Vorntastic [Vorn@Nightstar-ea446291.sub-70-211-12.myvzw.com] has joined #code
03:12 ktemkin[pcb] is now known as ktemkin[awol]
03:22 VirusJTG [VirusJTG@Nightstar-09c31e7a.sta.comporium.net] has quit [[NS] Quit: Program Shutting down]
04:18 Vornlicious [Vorn@Nightstar-221158c7.sd.cox.net] has joined #code
04:18 Vornlicious [Vorn@Nightstar-221158c7.sd.cox.net] has quit [[NS] Quit: Bye]
04:21 Vorntastic [Vorn@Nightstar-ea446291.sub-70-211-12.myvzw.com] has quit [Ping timeout: 121 seconds]
05:09 Derakon is now known as Derakon[AFK]
05:38 Kindamoody[zZz] is now known as Kindamoody
05:58 Turaiel is now known as Turaiel[Offline]
06:36 Kindamoody is now known as Kindamoody|out
06:48 celticminstrel [celticminst@Nightstar-ae361035.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!]
07:00 You're now known as TheWatcher
07:35
< Syka>
heh
07:35
< Syka>
i have so many movies in my backlog that i might have to do a McMartin, but with them instead :p
07:47 ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has quit [Operation timed out]
07:54 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has joined #code
07:58 ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has joined #code
07:58 mode/#code [+ao ToxicFrog ToxicFrog] by ChanServ
08:11
<&McMartin>
Speaking of which, just wrapped up another graphic adventure~
08:11
<&McMartin>
Now I have to speedrun it for the director's commentary tracks~
08:13
< Syka>
ive been playing blood dragon
08:13
< Syka>
fc3: blood dragon, that is
08:14
< Reiver>
you beat games way too fast, McMartin
08:15
< Syka>
also
08:15
< Syka>
i got an intel nuc
08:15
< Syka>
when i open the box, it makes the intel jingle
08:32 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has quit [Operation timed out]
08:34 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has joined #code
08:34 mode/#code [+qo Vornicus Vornicus] by ChanServ
08:56 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has quit [Operation timed out]
08:58 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has joined #code
08:58 mode/#code [+qo Vornicus Vornicus] by ChanServ
09:01 AverageJoe [evil1@Nightstar-4b668a07.ph.cox.net] has joined #code
10:00 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has quit [Connection reset by peer]
10:01 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has joined #code
10:04 You're now known as TheWatcher[d00m]
10:11 himi [fow035@Nightstar-5d05bada.internode.on.net] has quit [Ping timeout: 121 seconds]
10:42 AverageJoe [evil1@Nightstar-4b668a07.ph.cox.net] has quit [[NS] Quit: Leaving]
10:51
< AnnoDomini>
TheWatcher[d00m]: I'm running into a problem on the Deathcookie boards. When I try to post an [img], it complains about not being able to determine the dimensions. This happens for images from three different places, and I don't think all of them disallow external links.
10:54
< AnnoDomini>
Nevermind. I have solved this by removing limits on image sizes.
11:04
<&McMartin>
Reiver: these games are like 2-3 hours each
11:05 VirusJTG [VirusJTG@Nightstar-09c31e7a.sta.comporium.net] has joined #code
11:05
<&McMartin>
... also the developers have a Wizard of Oz Noir game on Steam
11:05
< RichyB>
Derakon[AFK], hehehe, everybody tell that player to "Go fork, yourself."
11:05
<&McMartin>
I'm not sure if Wizard of Oz Noir is the greatest or the most terrible thing ever
11:08
< RichyB>
It can't be the greatest; the greatest is Alice in Wonderland Noir.
11:08
<&McMartin>
Thus, by unassailable logic, it is the most terrible thing ever.
11:09
<&McMartin>
Also, it's the fourth game, and I've finally warmed up to the main character. -_-
11:11
< Syka>
http://www.groklaw.net/article.php?story=20130818120421175
11:11
< Syka>
groklaw is gone for good
11:16 * McMartin mutters a little at this
11:16
<&McMartin>
Not that I'd want to enhance the paranoia
11:16
<&McMartin>
But if you're *in* America, setting up servers outside of the US to conduct your business is setting yourself in the position where US surveilliance has had free reign for seventy years
11:16
<&McMartin>
Like, on purpose
11:16
<&McMartin>
That is *inviting* surveilliance
11:17
< RichyB>
Argh, people, the situation isn't *that* dire.
11:18
< RichyB>
"Secure email service" is indeed factually a thing that is not possible to run in the real world right now.
11:18
<&McMartin>
Also, if you are in the US, doing your email through Switzerland is making your problem worse
11:18
<&McMartin>
Like, that is, if you are an American, less secure than using Gmail
11:18
< RichyB>
"Email whose contents are unreadable by strangers" is not. Seriously, not even a little bit.
11:18
<&McMartin>
(If you are *German*, this is a wildly different story.)
11:19
< RichyB>
Things like lavabit are broken because they try to violate the end-to-end principle in communications, not because all notion of confidentiality is fundamentally impossible forever.
11:19
<&McMartin>
What, exactly, was Lavabit's value proposition?
11:20
<&McMartin>
I was honestly unclear on what they claimed to be doing that was an improvement over, or that did not require, encrypting the email before it ever touched their servers
11:20
< RichyB>
I haven't got a clue.
11:20
<&McMartin>
I have a theory over what they were ordered to do, as it happens,
11:20
<&McMartin>
but it's about 90% speculation
11:20
< RichyB>
There's all this hand-wringing over the idea that "secure email services are impossible because of spying" but for the love of Pete, "secure email service" is impossible because it's a broken idea.
11:21
<&McMartin>
We're past that, incidentally
11:21
<&McMartin>
We aren't at "secure email services are impossible because of spying."
11:21
<&McMartin>
The freakout is at "secure email services are impossible because of subpoenas."
11:21
< RichyB>
Hmmm.
11:21
< RichyB>
Meh.
11:22
<&McMartin>
I have nothing remotely polite to say about that
11:22
<&McMartin>
It takes incredible effort to not use the word "lolbertarian" while so doing
11:22
< RichyB>
They're vulnerable to subpoenas because and only because they try to violate the end-to-end principle.
11:22
<&McMartin>
Yeah
11:22
<&McMartin>
This is where my theory comes in
11:23
<&McMartin>
I think companies that store encrypted data that they don't have the keys to are getting very unfriendly visits from men in suits, unless they are also generic file storage places
11:23
< RichyB>
The extreme point here is that even end-to-end won't help when there's a law (in the UK there is right now) that says that a court may compel you to hand over encryption keys.
11:23
<&McMartin>
And maybe even then. Storing encrypted files in Dropbox is a violation of the TOS
11:23
<&McMartin>
Yep
11:24
<&McMartin>
And if that's because it's material that a court can compel you to turn over by the normal rules for that, that "shouldn't" be an issue
11:24
<&McMartin>
Try to use technology to do an endrun about what the law says is "discoverable" and lo and behold they suddenly remember they have the monopoly on the legitimate first use of physical force, funny that
11:24
<&McMartin>
Therefore, all Western democracies are fascism
11:24
< Syka>
yaaay
11:25
<&McMartin>
So, yeah
11:25
<&McMartin>
lolbertarians
11:25
<&McMartin>
I still want Lavabit's gag order rescinded, because I want to know what they were asked to do.
11:25
< Syka>
well, it's fairly obvious what they were asked to do
11:26
<&McMartin>
Well, no, not really; I can come up with various versions
11:26
< Syka>
there's not much else that lavabit could do other than "spy for us"
11:26
<&McMartin>
What does that mean in this context?
11:26
< Syka>
it doesn't matter; it's all fucking horrible
11:26
< Syka>
he said he's delivered on subpoenas before, and that's fine
11:27
< Syka>
but this wasn't a subpoena
11:27
< Syka>
it was a NSL
11:27
<&McMartin>
Yeah
11:27
< Syka>
which is basically "you are now an instrument of the NSA"
11:27
<&McMartin>
Right, so
11:27
<&McMartin>
I'm in the Valley
11:27
<&McMartin>
Some of the stuff alleged you couldn't keep quiet with death squads
11:28
< Syka>
but you probably could, with enough money :p
11:28
< Syka>
(plus death squads, naturally)
11:28
<&McMartin>
I honestly don't think you could. The "negative space" would be too damn big.
11:28
<&McMartin>
Tap the backbones? Sure, easy
11:28
<&McMartin>
But that doesn't help you with lavabit, presumably
11:28
< Syka>
McMartin: the general public doesn't know what the next /iphone/ will look like until a month beforehand
11:29
<&McMartin>
Yes.
11:29
<&McMartin>
That is a small secret
11:29
<&McMartin>
This is a conspiracy of every IT tech in Silicon Valley
11:29
<&McMartin>
They just aren't that organized ;-)
11:30
<&McMartin>
My guess is that the NSL was to reorganize their internals so that they could be subject to automated requests.
11:30
<&McMartin>
Because if the issue were subpoenas they wouldn't bother with NSLs, they'd just hold them openly in contempt of court
11:30
< Syka>
well
11:30
< Syka>
considering that encryption == foreign to the NSA
11:30
< Syka>
I think it's more wholesale "give us everything"
11:31
< Syka>
since theyre apparently holding encrypted emails for 5 years
11:31
<&McMartin>
If we believe the rest of the reports, they don't need Lavabit's cooperation for that
11:31
<&McMartin>
They can simply tap the ISPs leading in.
11:31
<&McMartin>
The one thing you can never hide is routing information
11:31
< Syka>
not if it's lavabit -> lavabit
11:32 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has quit [Operation timed out]
11:32
< Xon>
McMartin, due to how the encrypted emails work lavabit needed to basicly compromise thier end-users with social attacks
11:33
<&McMartin>
Yes, this is where my "what exactly are they doing that is not just encryption on the endpoint"
11:33
<&McMartin>
question comes in
11:33
<&McMartin>
Because ultimately, the message has to go in, and it has to be read
11:33
<&McMartin>
Those involve data going to or from the LB servers
11:33
<&McMartin>
That is where SIGINT gets to dance to play
11:33
<&McMartin>
*dance and play
11:33 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has joined #code
11:33 mode/#code [+qo Vornicus Vornicus] by ChanServ
11:34
< Xon>
the contents can still be encrypted even if the header information isn't
11:34
<&McMartin>
Sure
11:34
<&McMartin>
But lavabit *should not have those keys*
11:34
< Xon>
exactly
11:34
< Xon>
they didn't
11:34
<&McMartin>
I do not believe it is yet officially illegal in the US to set up a server in that way
11:34
< Xon>
at least as far as the service description used to before they closed shop
11:35
< Xon>
McMartin, changing an IP address to evad an ipban is now illegal accouring to US courts
11:35
<&McMartin>
(Though I strongly suspect that, like the UK, a court can compel the recipient to give up the keys if the court believes it has a right to the document)
11:36
<&McMartin>
Right, but if lavabit doesn't have the keys
11:36
<&McMartin>
The question of "what, exactly, is being asked for that would take an NSL to get" remains unanswered
11:36
< Syka>
okay so
11:36
<&McMartin>
Because the "obvious" answers are either things Lavabit is known to not have, or things that you can get with nonsecret means
11:36
< Syka>
what if lavabit compromised themselves
11:36
< Syka>
surely there are ways they can make it easier
11:37
<&McMartin>
I don't know enough about them to say =/
11:37
< Xon>
also, holy fuck am I going to have to get a new job. someone @ work is seriously arguing for a completely new set of public rest endpoint APIs so they can continue to throw away authentication tokens on the api's marked anoymous despite both sets /needing/ to return exactly the same set of data
11:37
< Syka>
the emails have to be unencrypted coming in and out
11:37
< Syka>
so unless theyre GPGing them, there you go
11:37
<&McMartin>
ACK
11:37
<&McMartin>
If they're unencrypted in/out, they're providing nothing >_<
11:38
< Syka>
...you know that literally nobody except for gmail has encrypted transport, right?
11:38
<&McMartin>
If they're just automating the GPG stuff on the client side, then you ought to be able to upload the entire server contents to dropbox without a problem
11:38
< Syka>
AOL, Microsoft and Yahoo ONLY ACCEPT unencrypted emails
11:38
< Reiver>
Why on earth would you leave it unenrypted in/out?
11:38
<&McMartin>
Right, so
11:38
<&McMartin>
If Lavabit is unencrypted in/out
11:38
< Syka>
they DO NOT have TLS entry points
11:39
<&McMartin>
Then their "secure" email service is a laughable nullity
11:39
< Syka>
mcmartin: but between lavabit IS
11:39 * AnnoDomini tries tuning outside. Same result.
11:39
< Syka>
which is the point
11:39
<&McMartin>
Er, right
11:39
<&McMartin>
We're assuming that Lavabit is a single server
11:39
< Syka>
and if anyone has TLS, lavabit would use it
11:40
< Syka>
eg. sending to gmail
11:40
<&McMartin>
And that all messages are stored in a form that is encrypted by keys lavabit does not know
11:40
< Reiver>
That's not unencrypted in/out quite as McM is envisioning methinks.
11:40
< Syka>
or servers set up by competent people
11:40
<&McMartin>
The thing is
11:40
<&McMartin>
In that case
11:40
< Syka>
which will have TLS transport
11:40
<&McMartin>
How can Lavabit "compromise itself"?
11:40
<&McMartin>
It could upload every bit of its servers to dropbox and nobody would get an email from it for a thousand years
11:41
< Syka>
mcmartin: well, they have to handle an unencrypted email to deliver it to someone else
11:41
< Syka>
unless the email itself is GPG encrtpted, in which case they handle an unencrypted email with GPG payload
11:41
<&McMartin>
That's true; but then, getting those emails shouldn't require NSLing Lavabit.
11:41
<&McMartin>
You've already intrinsically compromised the other endpoint in that case.
11:42
< Syka>
except NSLing lavabit can compel them to store those emails in unencrypted form
11:42
< Syka>
so that the service works as it does, but everything in and out is captured in the transport phase
11:42
<&McMartin>
How can they do that, when they don't have the GPG keys?
11:42
< Syka>
thats not the point
11:42
< Syka>
thats a mitigation
11:42
<&McMartin>
Hrm
11:42
< Syka>
and the email is still unencrypted
11:43
< Syka>
it just happens to contain a GPG payload
11:43
<&McMartin>
Oh, I get it
11:43
<&McMartin>
You're saying that Lavabit<->Gmail can't even have metadata captured without compromising a key along the way
11:43
<&McMartin>
Is that it?
11:43
< Syka>
well, to deliver an email to gmail
11:44
< Syka>
they need to have an unencrypted email
11:44
< Syka>
and then send it over a TLS transport, encrypting it to everyone elsw
11:44
<&McMartin>
Right
11:44
<&McMartin>
We assume that the NSA can't crack TLS in realtime, but that's OK, let's do that
11:44
< Syka>
BUT nothing is stopping lavabit simply making a copy at that point
11:44
< Syka>
no
11:44
< Syka>
nothing to do with the NSA
11:45
< Syka>
Lavabit THEMSELVES have the unencrypted copy
11:45
<&McMartin>
Oh, right
11:45
< Syka>
the NSL could compel them to store it
11:45
<&McMartin>
Because they need to tell gmail "hey, send this email to this person"
11:45
< Syka>
yep
11:45
<&McMartin>
Meanwhile, lava<->lava doesn't need that because they could treat it as a big dropbox
11:45
< Syka>
so there is your unencrypted email
11:46
<&McMartin>
Your inbox is "every blob in this store that your private key decrypts"
11:46
< Syka>
well, i'm assuming lavabit would have multiple servers using smtp
11:46
< Syka>
so theoretically they could make that vulnerable too
11:46
<&McMartin>
Yeah, I'm trying to build the hardest-to-crack case, which is laughably nonscalable but also never hits the wire except when a client is sending or receiving
11:46
< Syka>
since it needs to be unencrypted for lavabit to send it to itself
11:46
< RichyB>
I thought one of the points of lavabit was that they shipped an applet at your browser to run encryption code in and it was demanded that they trojan-horse that.
11:46
<&McMartin>
I'm not 100% sure that's true, but it probably is
11:47
<&McMartin>
RichyB: Nobody knows what was demanded
11:47
<&McMartin>
That would be a workable guess, though
11:47
<&McMartin>
Along with "you have to start storing information you currently do not"
11:47
<&McMartin>
However, the latter seems less NSLy
11:47
< Syka>
that could work too
11:47
< Syka>
i dont know how lavabit works
11:47
< Syka>
but i know how email works :p
11:48
< Syka>
but yes
11:48
< Syka>
it is certainly possible for lavabit to MITM everything external
11:48
< Xon>
Syka, tbh it sounds like lavabit needed to completely rebuild thier internal systems to allow MITM attacks
11:48
< Syka>
and theoreticallt possible for them to MITM internal
11:48
< Syka>
but it depends how it was built
11:48
<&McMartin>
Part of my skepticism here is also "this is America; we are really fucking open about demanding every scrap of everything fun from everyone, and ordinary Article III judges will sign right the fuck off on that stuff all the time"
11:49
<&McMartin>
The trojan horse theory is good because it seems like all these other things the USG had the option of saying "you cannot prove that you are keeping records that as an email provider you are legally required to keep; shape up or shut down"
11:50
<&McMartin>
And if they're trying to force in malware, that needs to come out and they need to knock that shit off
11:50
< Syka>
um
11:50
< Syka>
usg already makes malware
11:50
<&McMartin>
Well, of course~
11:50
<&McMartin>
But it's supposed to use it a targeted weapon~
11:50
<@froztbyte>
lol
11:50
< Syka>
youre using lavabit
11:50
<&McMartin>
(See: TOR, probably Stuxnet)
11:51
<@froztbyte>
McMartin: I was about to say stuxnet
11:51
< Syka>
encryption == you're foreign, according to the NSA
11:51
<@froztbyte>
anyway
11:51
< Syka>
you are already a target
11:51
< Syka>
:p
11:51
<@froztbyte>
fuck these people
11:51
<&McMartin>
TOR is an interesting case, actually
11:51
<@froztbyte>
they should choke on their own vomit
11:51
<&McMartin>
Becuase that was a malware attack that just 0-dayed the target machines instead of trying to suborn stuff
11:51
<&McMartin>
We have a *mechanism* for suborning stuff, they're supposed to use *that*
11:52
< Syka>
but that requires court time
11:52
< Syka>
which is why the secret courts stamp off on it
11:52
<&McMartin>
Yeah, uh
11:52
<&McMartin>
Our non-secret courts are not exactly stingy about that stuff
11:52
< Syka>
'we want everything because we want it' 'ok then'
11:53
< Syka>
yes, but your non secret courts sometimes deny requests
11:53
< Syka>
the FISA court doesn't
11:53
< Syka>
:p
11:53
<&McMartin>
Well, it's pretty easy to adjudicate law that says "it's OK if one participant might be foreign"
11:53
<&McMartin>
Also, when you let them amend the request in-place
11:55
<&McMartin>
But yes
11:55
<&McMartin>
Part of the problem with secrecy is that you can't see what's going on =P
11:55
<&McMartin>
However, people whose reaction is to assume the worst will fall into the Infinite Paranoia trap instantly, because, well, USG
11:56
<&McMartin>
FBI agents could kick your door down and shoot you in the face for no reason at any moment
11:56
<&McMartin>
The only thing stopping them from doing this is a piece of paper saying they're not allowed to
11:57
<&McMartin>
But that does kind of go back to the Groklaw article.
11:57
<&McMartin>
PJ is, IIRC, based somewhere in New England
11:57
<&McMartin>
If she has her email server in Switzerland
11:57
<&McMartin>
And FISA is presented with a request to tap that email line
11:57
<&McMartin>
The answer is 100% guaranteed to be "yes, go ahead; that's a communication with the Swiss. Switzerland is in Foreignlandia, that's explicitly authorized"
11:58
<&McMartin>
So, if one starts out in America, this seems like a counterproductive thing to do
12:06
< Reiver>
Wait, Tor is malware?
12:29 You're now known as TheWatcher
12:41 ktemkin[awol] is now known as ktemkin
13:01
<&McMartin>
Tor was compromised by hitting both endpoints with malware and correlating
13:02
<&McMartin>
Tor is also apparently a US Navy project, so using it to hide from the US is kind of a bad move~
13:03
<&McMartin>
(That said, Tor is not solving that problem; I'm not super clear on the exact details of how that worked vs what Tor is trying to provide)
13:04
< RichyB>
McMartin, if you're talking about the Firefox exploit that was distributed when the big anonymous TOR hosting service was hit, that wasn't actually an 0-day AIUI.
13:04
< RichyB>
s/you're/you were/
13:05
< RichyB>
I seem to remember hearing that the exploit that they used was already known and patched and only affected the fairly-large proportion of people who were using the Tor browser bundle, didn't update Firefox and did turn off NoScript.
13:07
<&McMartin>
I thought they also had to compromise some of the darknet servers to make it work, and I thought that was done with 0-days against the OS.
13:07
<&McMartin>
You're right about the client stuff, and yeah, that's the hack I mean
13:07
< Syka>
um
13:07
< Syka>
i think it was a known ff vuln
13:07
< Syka>
they didnt need anything else
13:07
< Syka>
iirc
13:07
< Syka>
it was a 'true IP' disclosure attack
13:41
<&ToxicFrog>
McMartin: re communication with Swiss mail servers: the thing is, if you assume the NSA is already tapping all ISP traffic, that is not actually any worse.
13:42
<&ToxicFrog>
And if you have transport encryption to the server, they can't even get metadata apart from "interacted with the mail server at this time"
13:43
<&ToxicFrog>
The perceived benefit to having the actual server outside the US, AIUI, is that they are not then vulnerable to the USG rolling over with a FISA warrant and saying "give us everything and don't tell anyone you have done so ever"
13:44
<&ToxicFrog>
So now you just need to worry about data-in-motion interception and not also about your mail server being silently replaced with an NSA listening post (or, at least, if it is, they will have to work for it)
14:07 Karono_ [Karono@Nightstar-13c26ed9.optusnet.com.au] has joined #code
14:07 Karono_ [Karono@Nightstar-13c26ed9.optusnet.com.au] has quit [Client closed the connection]
14:09 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has quit [Ping timeout: 121 seconds]
14:23 You're now known as TheWatcher[afk]
15:07 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has quit [[NS] Quit: Leaving]
15:20 ktemkin is now known as ktemkin[awol]
15:21 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has joined #code
15:41
< RichyB>
Mad idea: if you're doing the "Swiss mail servers for privacy" thing, make sure that you're signed up for a bunch of porn spam and you do all your spam-filtering client-side.
15:41
< RichyB>
That will help you defeat traffic analysis. :)
15:41
<@Tamber>
"make sure"? Just use your email address in one place online, and it'll get set up for you!
15:41
<@Alek>
pfffffffffft
15:42
< RichyB>
Without spam: "suspect A sends ~400kB via SSL SMTP at 18:31h, suspect B recieves ~450kB via SSL SMTP at 18:33h. They're probably talking to each other."
15:43
<@Alek>
heh
15:43
< RichyB>
With spam: "suspect A sends ~400kB via SSL SMTP at 18:31h, suspect B receives ~450kB/s of crap email via SSL SMTP day in, day out so who knows what the fuck B did or didn't get a copy of."
15:51 celticminstrel [celticminst@Nightstar-ae361035.dsl.bell.ca] has joined #code
15:51 mode/#code [+o celticminstrel] by ChanServ
16:05 ErikMesoy [Erik@Nightstar-0fb48670.80-203-17.nextgentel.com] has joined #code
16:06
< ErikMesoy>
Why am I having a terrible experience with tortoisesvn?
16:06
< ErikMesoy>
Am I unique in this?
16:08
< AnnoDomini>
No.
16:11
<@gnolam>
What are the terrible experiences you are having?
16:14 Karono [Karono@Nightstar-13c26ed9.optusnet.com.au] has quit [Client closed the connection]
16:15
< ErikMesoy>
Being slow to checkout from internet (halfway through I went to download the files I wanted manually, this was faster enough to finish first), canceling badly (Cancel: TortoiseSVN has stopped working),
16:15
< ErikMesoy>
dying badly (I killed it with Task Manager at that point; it respawned to report an error) and badly inserting itself into context menus (right-clicking a folder now had a multi-second delay before the menu with the new SVN options appeared).
16:34
<&ToxicFrog>
SVN is bad. Tortoise is awful.
16:34
<&ToxicFrog>
Use git-svn if you can.
16:35
< Syka>
svn is overall pain
16:57 ErikMesoy is now known as Harrower
17:24
< Xon>
<ToxicFrog> SVN is bad. Tortoise is awful.
17:24
< Xon>
this, so much this
17:37 You're now known as TheWatcher
17:37
< RichyB>
SVN is only bad in the same sense that amputating wounded limbs is bad.
17:38
<@TheWatcher>
Amuptating wounded limbs in a field hospital with a rusty sawblade.
17:38
< RichyB>
We have Git/antibiotics now, which solve the same problems more effectively, but it's still better than no-source-control/dying-of-gangrene.
17:39
< Syka>
then there is snapshot-tarballs/having a clone
17:39
< RichyB>
No really, SVN isn't *that* bad. I wish I could force you to use CVS for a week so that you'd stop making overly negative statements about SVN. :P
17:40
<&ToxicFrog>
RichyB: I've used CVS. I freely admit that SVN is better than CVS.
17:41
<&ToxicFrog>
That does not actually make it good, especially today.
17:41
< Syka>
you can't say that "svn isn't /that/ bad"
17:42
< Syka>
just because worse things exist does not mean we cannot hold our tools to a higher standard
17:42
< Syka>
it's like saying "Tornado isn't that bad, it's better than sockets!"
17:42
< Syka>
doesn't change Tornado being lols
17:46
<@TheWatcher>
RichyB: I cut my teeth on rcs, before it even became cvs. I used CVS for a nearly a decade.
17:46
<@TheWatcher>
And yeah, like TF said
17:46
< RichyB>
I still think you're all whinging over one tiny little murder here and there
17:46
< RichyB>
we used to have accidental genocides all over the place
17:46
<@TheWatcher>
Pft
17:47
<@TheWatcher>
I must admit, that's probably the first time a discussion of version control systems has actually made me laugh.
17:48
<@iospace>
i use SVN at work, generally don't have that many issues with it
17:52
<@iospace>
fucking tcl
17:52
<@iospace>
fucking expect
17:53 * Tamber hands iospace the applicator of the fire of cleansing.
17:53
<@iospace>
Tamber: i wish
18:00
<&ToxicFrog>
RichyB: more generally, I have no patience for "you can't call X bad because Y is worse"
19:04 Kindamoody|out is now known as Kindamoody
19:37 Kindamoody is now known as Kindamoody[zZz]
20:34 Derakon [chriswei@Nightstar-a3b183ae.ca.comcast.net] has joined #code
20:34 mode/#code [+ao Derakon Derakon] by ChanServ
20:35
<&Derakon>
Whelp, figured out what my "network throttling" issue was, kind of.
20:35
<&Derakon>
The PCI card that the camera uses to send images to my control software is having Issues.
21:19 PinkFreud [WhyNot@NetworkAdministrator.Nightstar.Net] has joined #code
21:19 mode/#code [+o PinkFreud] by ChanServ
21:23
< Azash>
Derakon: Not sure if relieved
21:43 celticminstrel [celticminst@Nightstar-ae361035.dsl.bell.ca] has quit [[NS] Quit: KABOOM! It seems that I have exploded. Please wait while I reinstall the universe.]
21:43 celticminstrel [celticminst@Nightstar-ae361035.dsl.bell.ca] has joined #code
21:43 mode/#code [+o celticminstrel] by ChanServ
21:46
<&McMartin>
Of Erik's list, only the first thing is expected behavior. SVN doesn't do acceptable delta compression and doesn't maintain a secure connection very well, so downloading a tarball will always beat it
21:46
<&McMartin>
The other stuff should not happen
21:53 Harrower is now known as ErikMesoy
22:22 ErikMesoy is now known as ErikMesoy|sleep
22:27
<&McMartin>
Aha, there it is
22:27
<&McMartin>
The thing I was remembering about compromising the servers in the Tor case was how they got the malware distributed in the first place
22:30
<@Tamber>
Wasn't that less "hacking" compromise, more "Turn up on the doorstep with a warrant and an 'or else'"?
23:00
<&McMartin>
For the Tor case? I was not under that impression.
23:01
<&McMartin>
However, I'm also now not clear as to whether they hacked Freedom Hosting or spoofed it to "under maintenance" pages that delivered the payload.
23:06
<@Tamber>
Apparently, the JS crap turned up *after* the feds arrested the owner, and 'apparently' it's a pretty common pattern for FBI sting operations for something like that to get added to the (primarily, child porn) sites they take out the owners of, so they can catch the users too.
23:07
<@Tamber>
Take that with a heavy pinch of salt, though.
23:07
<&McMartin>
Yeah, I am, in part because I thought they hadn't made an arrest for this case yet >_.
23:07
<&McMartin>
(Because he was in Ireland or something, and the FBI tends to lose bureaucratic turf wars~)
23:07
<@Tamber>
"Eric Eoin Marques, a 28-year-old Irish citizen, is being held without bail in Ireland after a preliminary extradition hearing on Saturday aimed at sending him to the US, where he would face charges of distributing child pornography online."
23:07
<&McMartin>
Oh hey, how about that
23:08
<&McMartin>
OK then
23:08
<&McMartin>
Which news feeds are you using here?
23:08
<@Tamber>
http://nakedsecurity.sophos.com/2013/08/05/freedom-hosting-arrest-and-takedown-l inked-to-tor-privacy-compromise/
23:08
<@Tamber>
also https://openwatch.net/i/200/
23:09
<&McMartin>
Cool, thanks
23:37
<@froztbyte>
McMartin: fwiw, if you want a couple of good feeds to tag, @thegrugq, @abad1dea, @dakami
23:37
<@froztbyte>
mostly not full of shit
23:37
<&McMartin>
Are those Twitter?
23:37
<@froztbyte>
yes
23:37
<&McMartin>
Cool
23:37 * McMartin has not been using The Twitters much of late.
23:38
<&McMartin>
Actually, I kind of retired from the non-IRC Internet three years ago >_>
23:38
<@froztbyte>
there's perhaps a couple of crypto people you can add there too
23:38
<@froztbyte>
@zooko and the like
23:38
<@froztbyte>
McMartin: yeah I'm sorta a tourist to most of the non-IRC internet
23:38
<@froztbyte>
utilitarian.
23:39
<@froztbyte>
also I swear I misspelled that, but too tired
23:39
<&McMartin>
Nope, that's right
23:40
<@froztbyte>
teh tireds, it haz us
23:41
<@TheWatcher>
Ditto
23:41 You're now known as TheWatcher[T-2]
23:49 Derakon [chriswei@Nightstar-a3b183ae.ca.comcast.net] has quit [[NS] Quit: leaving]
23:54 You're now known as TheWatcher[zZzZ]
--- Log closed Wed Aug 21 00:00:31 2013
code logs -> 2013 -> Tue, 20 Aug 2013< code.20130819.log - code.20130821.log >
 search of the:   for: 

[ Latest log file ]