| --- Log opened Mon Apr 22 00:00:40 2024 |
| 00:41 | <@celticminstrel> | I'm not sure why that would be a thing to be happy about. |
| 00:45 | | gnolam_ [lenin@Nightstar-kqana5.cust.bahnhof.se] has joined #code |
| 00:48 | | gnolam [lenin@Nightstar-kqana5.cust.bahnhof.se] has quit [Ping timeout: 121 seconds] |
| 01:04 | | Degi [Degi@Nightstar-fjake2.pool.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 01:05 | < bluefoxx> | Twitter was never great but I did used to enjoy occasionally reading threads from interesting folks like infosec personalities and such - was nice that I didn't need an account or to be signed in at all |
| 01:05 | < bluefoxx> | Those days are over apparently |
| 01:07 | | Degi [Degi@Nightstar-qkv07o.pool.telefonica.de] has joined #code |
| 02:12 | <@celticminstrel> | Yeah, at some point they decided to close it down so you can't read it without an account. |
| 02:13 | <@celticminstrel> | What a ridiculous thing to do, really. |
| 02:13 | <@celticminstrel> | It's not going to draw in the people who were reading without an account. It's just going to drive them off. |
| 04:10 | < bluefoxx> | That's exactly what they've done too - I spend less time on there than ever now; occasionally someone will link something that I'll check, and then being able to view only that exact post I'll move on in life :) |
| 04:11 | < bluefoxx> | I'd say nothing of value was lost but a significant depth of poorly disorganized information is lost beind that garden wall now |
| 04:12 | <@celticminstrel> | Huh, you can actually see the linked post? |
| 04:18 | < bluefoxx> | I probably had to whitelist a subdomain or two in umatrix but yeah, loads fine for me |
| 04:19 | < bluefoxx> | Running on some version of firefox from a couple months ago when I last installed updates |
| 04:43 | < Alek> | I'll sometimes be unable to load any posts at all, on desktop, but if I reboot or clear cache it comes back. |
| 04:44 | < Alek> | Chrome what are you doing |
| 04:44 | <@celticminstrel> | Whenever I end up on Twitter it almost always shows me a black screen with an X. |
| 04:44 | <@celticminstrel> | Then I force-refresh and it works. |
| 04:45 | <@celticminstrel> | ie Shift+Cmd+R |
| 04:47 | < Alek> | ew, Apple :P |
| 04:52 | <@celticminstrel> | I hate Apple too TBH, but despite that I still prefer MacOS over Windows. |
| 04:53 | <@celticminstrel> | And their best computer model may be massively overpriced but it is definitely a very good computer. I bet it'll last me at least 10 years. |
| 04:53 | <@celticminstrel> | Whether it was worth the inflated price is debatable, but I don't really have any complaints about it as a computer. |
| 04:54 | <@celticminstrel> | Could probably get an almost equivalent Windows computer for less than half the price, maybe… but that would be Windows. |
| 04:54 | <@celticminstrel> | Haven't really been able to get into Linux. I tried it a few times. |
| 05:01 | | Degi_ [Degi@Nightstar-5f38oe.pool.telefonica.de] has joined #code |
| 05:03 | | Degi [Degi@Nightstar-qkv07o.pool.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 05:03 | | Degi_ is now known as Degi |
| 05:04 | < bluefoxx> | I tried linux more than a few times before I really 'got' it |
| 05:08 | <@celticminstrel> | Would also probably need a Mac equivalent of WINE to really get me to the point of being able to fully adopt Linux. |
| 05:08 | <@celticminstrel> | Because not having all the apps is a major blocker to switching OS. |
| 05:15 | < bluefoxx> | There's definitely a learning curve of figuring out some new paths to the same end goals but after a couple years of using linux as my daily driver, the only two programs that've carried over from my Windows habits were winrar and sumatrapdf; everything else has a linux native port or I've found a means to accomplish it on the CLI |
| 05:17 | < bluefoxx> | Even managed to get Adobe's CS5 collection to install with a little fuss; it gets grumpy about my tiling WM though but that's on me for not putting effort into my config files |
| 05:17 | < bluefoxx> | Only things I still boot up an old Windows 7 machine for are occasional use of Canon's DPP and the occasional video game that needs more GPU oomph than my laptop offers |
| 05:18 | < bluefoxx> | Maybe the toolchain for some FPGA tinkering if I can't get the linux versions to play nice on a modern distro |
| 05:19 | < bluefoxx> | WINE certainly makes the jump easier for a Windows user than a Mac user though |
| 05:19 | <@celticminstrel> | Exactly. |
| 05:20 | <@celticminstrel> | WINE is there to ease migration from Windows. I don't know of any equally-mature equivalent for Mac. |
| 06:52 | | gnolam_ is now known as gnolam |
| 06:52 | | mode/#code [+o gnolam] by ChanServ |
| 09:02 | < NSGuest22977> | Isn't there side-by-side Windows on Mac? |
| 09:02 | < NSGuest22977> | I saw some of my coworkers use that sort of thing. |
| 09:15 | | Pinkhair [Pink@Nightstar-esla1a.sub-97-181-237.myvzw.com] has joined #code |
| 09:17 | | PinkAFK [Pink@Nightstar-esla1a.sub-97-181-237.myvzw.com] has quit [Ping timeout: 121 seconds] |
| 10:52 | <@TheWatcher> | celticminstrel: there's... wine? They have a binary for macOS 10.8 through 10.14. |
| 10:54 | <@TheWatcher> | Oh, wait, that's old... apparently wineskin replaced it |
| 10:56 | <@TheWatcher> | https://github.com/Gcenx/WineskinServer |
| 12:10 | < synapse> | does anyone here have experience with git worktrees on a bare git repository as the base? |
| 12:11 | < synapse> | I'd like to switch to use worktrees, and I had originally thought I'd just keep my worktrees in sibling folders to the original 'git clone'. but then a colleague suggested that you could 'git clone --bare' and keep your worktrees in subdirectories... any thoughts? https://stackoverflow.com/questions/54367011/git-bare-repositories-worktrees-and-tracking-branches suggests against it, but does not argue |
| 12:11 | < synapse> | anything. |
| 13:44 | <@celticminstrel> | WINE doesn't work on MacOS anymore. |
| 13:44 | <@celticminstrel> | That's also not what we were talking about tho. |
| 13:44 | <@celticminstrel> | Technically, WINE itself works, but almost none of the actual Windows apps work on WINE on Mac, because the Mac won't allow running 32-bit code. |
| 13:45 | <@celticminstrel> | I'm pretty sure that should be solvable (Windows itself even ships with a 32-on-64 emulator?) but they have not done so. |
| 14:33 | <&ToxicFrog> | bluefoxx: apropos winrar, most linux archive managers will handle rar files just fine if you have the command-line rar tools installed; I know Ark and DTRX will, at least. |
| 14:42 | | Vornicus [Vorn@Nightstar-tai.093.243.23.IP] has joined #code |
| 14:42 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 16:04 | <&[R]> | bluefoxx, celticminstrel: did either of you use DOS heavily? |
| 16:04 | <&[R]> | I found my transition into Linux to be rather painless |
| 16:05 | <&[R]> | (Started using DOS when I was 3, we got Win 3.1 when I was ~7, got Windows 98 when I was ~11. Started using Linux around 15) |
| 16:08 | <&[R]> | synpase: the one person I know who use that is moving countries again. I can ask him when he pops up again |
| 16:08 | <&[R]> | Are you having a specific problem though |
| 16:08 | <&[R]> | Also, AIUI, don't you need one repo per work-tree? |
| 16:10 | <&[R]> | RE: rar on Linux, anything using libarchive will work. bsdtar is what I use primarily (despite the name, it can /extract/ anything supported by libarchive). |
| 16:12 | <&ToxicFrog> | [R]: nope, worktrees-to-repo is many-to-one |
| 16:12 | <&[R]> | Ah, nice |
| 16:13 | <&[R]> | That's where you have to have an env-var set, right |
| 16:13 | <&[R]> | ? |
| 16:13 | <&ToxicFrog> | synapse: I have used worktrees on a bare base and it works fine. I've never used them in child directories of the bare repo, and doing that would make me nervous in case the name of a worktree collides with the name of one of git's internal thingies, now or in the future, but assuming you avoid that it should work. |
| 16:14 | <&ToxicFrog> | [R]: you can do it in a kind of ugly ad-hoc manner using envars, but you should do it using the `git worktree` command |
| 16:14 | <&[R]> | Ah, is that new? |
| 16:15 | < synapse> | ToxicFrog, I couldn't get around whatever the problem was. I might try it without the worktree being in a subdirectory of the actual git repo. this time, I just cloned a non-bare repo and called it 'main' and had the worktrees as siblings to that, i.e. 'git worktree add ../my-worktree blah-blah-branch-name' |
| 16:15 | <&ToxicFrog> | [R]: new-ish? It's been around for a few years, IIRC, but is still marked as experimental. |
| 16:15 | < synapse> | it doesn't make a big difference if the main repo that I'm basing my worktrees off of is bare or not. I just thought it'd be cool if it was bare, because I would be wasting a bit less space. |
| 16:16 | <&ToxicFrog> | synapse: if the worktree is in the subdir of a non-bare repo I expect you would have a very bad time |
| 16:16 | <&ToxicFrog> | If the repo isn't bare they definitely need to be siblings and not children |
| 16:17 | < synapse> | I've only started using them today. the idea is pretty great. I mean, I *daily* switch between branches, and I am too scatter-brained to use 'git stash', so I git commit -m WIP (which the stash is supposed to help me not use, but it doesn't work for me), switchy-switchy, invalidate the build cache, switchy-switchy-back. I'm just wasting a bit of time for not having multiple copies open with each their build |
| 16:17 | < synapse> | cache. |
| 16:17 | < synapse> | ToxicFrog, haha yeah, it was just in the bare repo in a subdir. but now it's in a sibling dir of a non-bare repo. and tomorrow I might test with a sibling dir of a bare repo. |
| 16:18 | <&ToxicFrog> | AIUI sibling dir of bare repo should work fine but I don't recall if I ever actually tried that. |
| 16:19 | < synapse> | [R], it is basically reinventing "copy-paste your work directory and open the editor in each" :-D very sophisticated. the only difference is that worktrees refer back to the same .git/ so syncing those copies is a little easier. |
| 16:19 | < synapse> | [R], the worktrees don't have a .git directory, it has a .git file which has some kind of git-ish symlink to the original .git/ |
| 16:19 | <&[R]> | Ah neato |
| 16:20 | <&[R]> | Will have to try it so I can get into branches |
| 16:20 | < synapse> | so when you do 'git fetch' in one worktree, you've done that in all of them. |
| 16:21 | <&ToxicFrog> | Yeah, it lets you decouple repo activities (fetch, commit, push, log...) from working-copy activities (checkout...) |
| 16:21 | <&ToxicFrog> | Last time I used it I was doing...something, I forget what...that required me to have a bunch of files from two different branches open at once |
| 16:43 | < synapse> | this is gonna be my new workflow hack. |
| 16:43 | < synapse> | it's gonna save *minutes* *daily*! |
| 16:46 | <&[R]> | MINUTES! |
| 16:47 | <&[R]> | To be fair, those who bemoan the minimal amount of time somethings saves a person forget there are other aspects the systems saves. |
| 16:47 | <&[R]> | 1) Mental context switching, which for some people can be a massive cost |
| 16:48 | <&[R]> | 2) Joy. The act of writing it could be a pleasant thing. The joy could be what prevents burn-out. |
| 16:48 | <&[R]> | 3) Composing. This might be a small part of what will be a larger system. |
| 16:56 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| 18:22 | <@celticminstrel> | [R]: I probably used DOS a bit, but I got a Mac very early on, so mostly I used that. I think even while Win3.1 was the latest. |
| 18:46 | <&[R]> | Ah, I kind of have the theory that people who got used to DOS transition pretty well |
| 19:31 | | Vornicus [Vorn@Nightstar-tai.093.243.23.IP] has quit [Connection closed] |
| 19:55 | <&ToxicFrog> | I can testify (N=4) that people who got used to UNIX transitioned to linux pretty well, not sure about DOS though :P |
| 21:11 | <&[R]> | I mean, if they didn't, I'd have concerns |
| 22:04 | <&[R]> | <tech_exorcist> forwarding here from #compsci, some useful tools for working with json https://github.com/tomnomnom/gron https://github.com/kellyjonbrazil/jc https://github.com/jpmens/jo |
| 22:05 | <&[R]> | (From elsenet) |
| 22:35 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds] |
| 23:16 | <@macdjord> | Anybody know a good resource which lists the security of the various crypto options supported by OpenSSH? |
| 23:16 | <@macdjord> | For context: I'm setting up systems which will need to talk to each other using SSH connections. One end will be using OpenSSH 8.4; the other OpenSSH 8.7. The SSH connections may be started by either end. |
| 23:16 | <@macdjord> | The primary use-case is these two systems talking to each other. Since I control both ends of the connection, I don't need to support any 3rd party SSH clients. Thus I want to pick the absolute best options for each category (KEX, MAC, host key, etc.), and use that exclusively. |
| 23:16 | <@macdjord> | However, one end - specifically the 8.7 one - may in the future need to support other SSH traffic to other systems. Thus I need to also note which options are secure /enough/ that it's safe to allow them in case we need to talk to a client that doesn't support our preferred primary choice, vs. which options are only there for legacy support and aren't really secure enough for the modern day. |
| 23:16 | <@macdjord> | Ideally I'd like a simple list for each category (KEX, MAC, host key, etc.), which lists all the options supported by OpenSSH and separates them into 'best available; use if possible', 'secure enough; okay to support in case the other end doesn't have anything better', and 'not secure enough for modern usage; disable unless you specifically need it'. |
| 23:27 | <&[R]> | I think I mgiht |
| 23:27 | <&[R]> | Give me a bit |
| 23:30 | <&[R]> | https://maciejczyzewski.github.io/retter/ <-- this is what I was thinking of |
| 23:31 | <&[R]> | Otherwise, look for "hardening sshd" it'll give you some configuration options which limit the algos |
| 23:33 | <&[R]> | Scrolling down it lists as many crypto algos as it can and highlights the ones that have attack vectors |
| 23:41 | <@macdjord> | [R]: That link looks very interesting, and seems like the sort of site that might have (or link to) what I need, but it doesn't tell me what I need to know. E.g. OpenSSH supports AES in 128, 192, and 256 bits, with -cbc, -ctr, and -gcm@openssh.com variants, plus 'chacha20-poly1305@openssh.com'. Which of these is The Best, and which are Good Enough? (It also supports 3DES-cbc, but I already know that's in the 'not good enough for modern |
| 23:41 | <@macdjord> | useage' category.) |
| 23:42 | <&[R]> | Ah |
| 23:45 | <@macdjord> | It also lists known attacks for each cypher, but doesn't clearly distinguish between 'this encryption is considered Broken and nobody should use it anymore' vs. 'the NSA might be able to break it in a year if they target you specifically but its probably still safe enough' |
| 23:46 | <&[R]> | "The security of MD4 has been severely compromised. " |
| 23:46 | <&[R]> | IMO that's pretty clear |
| 23:46 | <&[R]> | IMO it should have a red background, not a yellow one |
| 23:47 | <&[R]> | Also there's enough there that if there's a theoretical attack, just avoid it |
| 23:48 | <@macdjord> | Right, but, for example, SHA-1 says 'you can break a single hash for $2.7M', which sounds to me like 'not the best option these days' but other things I've been reading recently all put it in the 'completely broken never use' category. |
| 23:49 | <@macdjord> | Suggesting that warning is either outdated or more serious than it sounds. |
| 23:49 | <&[R]> | Right, because 1) you can use something else and 2) someone CAN break it |
| 23:49 | <&[R]> | 3) it's going to keep getting cheaper to attack it |
| 23:52 | <@macdjord> | Also, that list covers cyphers and hashes, but not (AFAICT) KEX or key formats. |
| 23:53 | <&[R]> | Eh? Key formats are mungable between each other |
| 23:53 | <&[R]> | Unless I'm misunderstanding you, just use the way ssh writes them by default, use SSH-CA if you want as well |
| 23:56 | <&[R]> | Actually, some of that information is really confusing |
| 23:56 | <&[R]> | The SHA-2 attack described is against SHA-2 if you abort the algorythm part of the way though. |
| 23:58 | <@macdjord> | [R]: I mean ed25519 vs. ecdsa-sha2-nistp2 vs. RSA vs. DSA. I have a Stack Overflow answer which claims ed25519 is best, which nistp is good, as is RSA if you mandate a large enough modulus and disable the variant using SHA-1, while DSA is obsolete. |
| 23:59 | <&[R]> | AH, you meant cyphers |
| 23:59 | <&[R]> | Yeah, DSA is being removed (finally) |
| --- Log closed Tue Apr 23 00:00:32 2024 |