00:07:12 04joepie91 made 2 commit(s) to 03pytahoe on branch 10master: '02Proper subclassing', '02Path tracking and node unlinking' (https://github.com/joepie91/pytahoe/compare/2e432dfa61...6a97992294) 00:28:41 *** joepie91 has quit (Ping timeout) 01:00:04 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 01:33:26 *** x has quit (Input/output error) 02:04:26 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 03:38:34 *** x has quit (Input/output error) 03:55:20 *** tintin has quit (Ping timeout) 05:37:01 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 06:46:41 *** GHOSTnew has quit (Ping timeout) 06:48:13 *** GHOSTnew (GHOSTnew@cryto-5DF0BFF3.anthony-simonet.fr) has joined #crytocc 07:35:02 *** GHOSTnew has quit (Ping timeout) 07:38:58 *** GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc 10:40:46 *** x has quit (Input/output error) 11:02:42 *** monod (~pmpf@cryto-F67EACC9.retail.telecomitalia.it) has joined #crytocc 11:02:57 hi :) 11:04:53 "Now, with more dpk!" ? 11:05:41 *** iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc 11:11:17 *** monod has quit (User quit: Quit) 11:25:47 *** iceTwy has quit (Ping timeout) 11:36:50 *** joepie91 (joepie91@E0EF0B4E.8949E6E0.92880880.IP) has joined #crytocc 12:14:19 *** complex (complex@complex.users.cryto) has joined #crytocc 13:05:05 *** Mighty0wl (Mighty0wl@cryto-27F3C3A3.us-west-1.compute.amazonaws.com) has joined #crytocc 13:06:27 *** Mighty0wl has quit (User quit: Connection closed) 13:18:43 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 13:24:50 *** x has quit (Ping timeout) 13:28:01 .title https://www.globalsign.com/ssl/ssl-open-source/ 13:28:02 joepie91: Free Wildcard SSL for Open Source Projects 13:28:11 but requires an OSI-approved license 13:28:11 so fuck that 13:30:23 :o 13:30:35 * joepie91 doesn't like OSI 13:32:40 same 13:33:09 Comments: It's no different from dedication to the public domain. Author has submitted license approval request -- author is free to make public domain dedication. Although he agrees with the recommendation, Mr. Michlmayr notes that public domain doesn't exist in Europe. Recommend: Reject 13:33:11 cc Zoned 13:33:30 "we acknowledge that public domain is not a reasonable alternative in Europe BUT WE WILL STILL REJECT THE WTFPL" 13:33:42 (facepalm) 13:34:24 (also, "it's no different from dedication to the public domain" is complete and utter bullshit legally; the WTFPL doesn't make you give up your copyright) 13:36:24 wow 13:39:20 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 13:53:33 joepie91: OSI approved license??? for an Open Source Project? :) 13:53:49 norbert79: that's what globalsign requires, yes 13:53:52 joepie91: So basically they are asking money from people, who probably don't ask for a huge contribution 13:54:01 norbert79: ? 13:54:08 I'm not sure I follow 13:54:22 joepie91: Let me check the first, maybe I understand something wrong here 13:54:25 isc is on the list, I'm happy 13:54:33 I'm not 13:54:34 fuck OSI 13:54:36 :( 13:54:45 Aside that joepie91 :) 13:54:49 well fuck your shitty not-actually-a-license :P 13:55:00 * cayce pokes the bear 13:55:09 * joepie91 throws the bear at cayce 13:55:17 cayce: Well fuck your nice income from which you can buy a nice wildcard ssl cert for $150 yearly 13:55:24 Because I can't 13:55:50 Wildcard SSL certs start at $120-$200 13:57:07 I guess independant sites with minor content are not offered such 13:58:05 "Not be a site that is also used for commercial purposes" 13:58:20 I wonder if contributions are considered "commercial" 14:00:24 https://www.globalsign.com/repository/globalsign-subscriber-agreement-digital-certificates-and-services.pdf - Seriously I would not eat for a month and buy an own SSL (even if not wildcard), than following all their requirements as written 14:00:31 it's just pain and suffering 14:00:37 * cayce is confused as to how joepie91 can throw himself at me 14:01:00 * cayce dodges 14:02:34 but it doesn't matter, I have hand-ground french-pressed coffee from ethiopia 14:02:55 (not as good as sumatran, but the hands used to collect the coffee are smaller) 14:03:00 damn you cayce 14:03:09 * cayce grins 14:03:13 what I do 14:03:20 having french-pressed coffee 14:03:24 :3 14:03:35 somebody bought me one! You can't just expect me NOT to use it >:D 14:03:44 buy me one! 14:03:44 :P 14:03:50 I did! 14:03:52 * cayce kekeke's 14:03:56 two, by this thing's costs 14:03:57 lol 14:04:13 and maybe yeah 14:04:40 lol 14:05:23 * cayce waits for 4.5lbs of beef to bake 14:05:38 only 13.50$! 14:06:19 I don't ask what's in my meat, cannot afford to yet e.e 14:08:01 NP: [Uffie - Hot Chick (Produced By Mr. Oizo)] [Hot Chick / In Charge] [904kbps] DeaDBeeF 0.5.6-3jane 14:08:56 ooof 14:09:02 yahoo is churning publicly again 14:11:28 NP: [alabama 3 - ain't goin' to goa] [exile on coldharbour lane] [906kbps] DeaDBeeF 0.5.6-3jane 14:16:01 *** anon (anon@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc 14:19:28 *** anon has quit (User quit: Mango IRC for iOS and OS X, http://mediaware.sk/mango) 14:43:35 *** x has quit (Input/output error) 14:44:58 *** iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc 14:47:01 *** Topiary (Topiary@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc 14:47:10 * joepie91 blinks 14:48:06 * Zoned would like to speak with iceTwy on xmpp 14:48:14 ohai iceTwy 14:48:19 and ohai... Topiary? 14:49:32 joepie91, thoughts on typescript? 14:49:52 Fuck https://sslcheck.globalsign.com/ ... Whatever I do, despite proper configuring the site says, that my site uses weak ciphers, where I don't... 14:50:08 topiary always reminded me of zephyr 14:50:10 hello 14:50:10 oh sorry wasnt checking 14:50:10 so wait why am i here? 14:50:24 lol 14:50:33 Zoned: I'm not familiar with typescript 14:50:48 joepie91: Got some page for testing? I mean I am not sure I lack the right knowledge or the globalsign page is lying to me... 14:50:54 joepie91, I am not also, I haven't really seen much of it. 14:51:19 Topiary: I... don't know? you're the one that joined here :P 14:51:30 I'm also assuming you're not Jake Davis Topiary? 14:52:02 nah 14:52:12 right, I was a little confused there for a moment :p 14:52:18 i like the name :P 14:53:23 fair enough 14:53:29 joepie91: Got some page for testing? I mean I am not sure I lack the right knowledge or the globalsign page is lying to me... 14:53:34 I don't, cayce probably does 14:53:39 sup 14:53:40 joepie91: Cheers 14:53:42 sorry hi hello 14:53:47 :P 14:54:09 are you allowing rc4? it's weak 14:54:25 cayce: previously u mentioned zephyr whats that lol 14:54:26 (cayce: you are now our resident SSL/TLS expert :) ) 14:54:38 also, I am considering offering free Tahoe-LAFS nodes\ 14:54:39 and if they're retarded they might say cbc ciphers are weak (due to it being a client side mitigation, but that mitigation is done in all but desktop safari) 14:54:48 joepie91:) I know, it's fucking annoying lol 14:54:51 Topiary:) another cool word 14:55:02 ... 14:55:22 Ok, globalsign SSL checker can suck my... thumb... they report the lack AND the presence of SSL v3.0 for my device within the same report... 14:55:34 wtf are you trying to do 14:55:41 Checking if my SSL is configured well 14:55:49 use this https://www.ssllabs.com/ssltest/index.html 14:55:56 ook 14:55:59 let's see 14:56:02 it's somewhat finicky, but very decent 14:56:14 Thank you, checking 14:56:45 If you linkme (in pm if that's more appropriate) I can give recs on what to do 14:56:47 otherwise, cheers 14:56:48 :) 14:57:13 and would someone tell me how I managed to be 1 hour ahead of schedule today 14:57:14 wtf 14:57:20 It gives me F because of the self-certificate, but aside that an A 14:57:23 :) 14:57:24 I HAVE AN ENTIRE UNSCHEDULED HOUR 14:57:24 Good 14:57:28 AGH 14:57:32 * cayce BACKFLIPS 14:57:43 yeah just look for red 14:57:56 self signed is fine if you don't care about idiots 14:58:01 Aside from the cer it shows yellow and green 14:58:08 nice, what's yella? 14:58:13 Meh, I need a proper one, but have no money yet 14:58:18 Forward Secrecy With some browsers (more info) 14:58:23 ahh 14:58:24 BEAST attack Not mitigated server-side (more info) 14:58:35 probably because I didabled SSLv2 14:58:39 disabled 14:58:44 pfs is more important 14:58:49 beast isn't mitigated on mine either 14:59:00 if you mitigate all attacks serverside you end up with tls1.2 only cipher list 14:59:10 and that's not much of the market 14:59:17 (a few %) 14:59:23 I wish for security 14:59:31 not much of a user base I have 14:59:51 I recommend against rc4 usage, but if you want IE to access you'll want it 15:00:05 well, older IE 15:00:08 meh, I would need a proper cipher list 15:00:09 I've had less issues with new ones 15:00:10 hey joepie91 r u the guy who needs fininacial assistance? 15:00:30 coz i saw ur name somewhere on the website 15:00:35 I forget, I'm on ie10 I think (random pc) and it connects using my stupid cipher list 15:00:48 cayce: If you got a good config exceprt for a regulary acceptable config but not vulnerable to attacks that much I wouléd be happy to see... :) 15:00:50 but 8 most certainly doesn't 15:01:04 Topiary: yes (and you probably saw that on AnonNews) 15:01:07 so much grammar 15:01:07 cayce: Mine is pretty strict right now 15:01:24 i see.. 15:01:35 mine is 15:01:36 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA; 15:01:49 no ! ? 15:01:49 but again, lack of explicit IE support there 15:01:51 *** Topiary has quit (Client exited) 15:01:54 I see 15:01:57 no ! 15:02:04 I've individually specified every cipher 15:02:05 no need 15:02:06 lol 15:02:07 So no exceptions 15:02:12 makes sense 15:02:18 some of them are "classes" 15:02:21 hmm, might going to try that 15:02:26 like putting -sha will give you *any* sha combo 15:02:31 right 15:02:49 and you could go one farther and take all AES128 to AES which covers more shit 15:02:53 but I was optimizing for speed a bit 15:03:28 the big fancy one chrome runs is ECDHE-ECDSA-AES128-GCM-SHA256 which is why it's first 15:03:45 (assuming system-level openssl being new enough to support it) 15:03:59 they aren't implementing aes256-gcm though 15:04:15 which is fine, gcm ciphers are plenty fast 15:04:23 (and secure :D ) 15:04:38 anyway, though, that's a purely tls1.2 cipher 15:04:41 Ciphers are still a bit of grey area to me, I lack the info on them knowing the differences in every detail 15:04:56 so I only have an average knowledge about them 15:05:05 it's fine, I don't understand the math very well but I've got all of the vulns and support grids down pat 15:05:13 :P 15:05:28 *** Topiary (Topiary@CD13BC6A.C62D67A7.404FEFB4.IP) has joined #crytocc 15:05:36 oh and the reason I put camellia in there is actually for firefox 15:05:46 because it doesn't support anything newer than tls1.0 15:05:48 I would be interested, but I am more trying to get things fixed during last vulnerability scan :) 15:05:48 because they're fags 15:06:37 just remember, IE doesn't support any ephemeral key exchange (dhe ecdhe) 15:06:51 10 or 11 might but old does NOT 15:06:55 what a lovely brwoser, isn't it? :) 15:07:09 well it's dumb because the OS does as of vista 15:07:16 SChannel has full tls1.2 support 15:07:22 but of course, they ship with it turned off 15:07:43 (they didn't want to break fragile enterprise bullshit) 15:07:48 * cayce shakes fist 15:08:09 Fragile Enterprise... It means a bunch of idiots using old techniques and tools and they need to get supported too 15:08:28 unfortunately yes 15:08:44 I don't care for them to be supported if they won't write their shit in a reasonably future-thinking way 15:09:08 I am working for a such company, not easy staying actual all the time 15:09:20 yeah 15:09:22 but aside that luckily the current at least supports users with latest browsers 15:09:31 so at least that's covered 15:09:37 that's awesome :P 15:09:48 you would wonder how paranoid some companies are 15:09:56 or how close-minded 15:10:07 Bear with IE8, and nothing else 15:10:11 Chrome is baaaad 15:10:13 FF is baaad 15:10:16 mmmkay? 15:10:22 seen that 15:10:37 lol it's so dumb though, because the new autoupdating browsers keep you safe from driveby data extraction 15:10:44 Still :) 15:10:47 or at least much much safer than ie fucking 8 15:10:48 lol 15:11:14 I forget, gotta see how the tls1.2 rollback went in chrome 15:11:34 they were gonna turn it off for a release or two because all of estonia uses ID tokens to access govt sites and chrome's tls1.2 broke their shit 15:11:35 Well, I started using Seamonkey again 15:11:36 made me lol 15:11:47 but there's 500k chrome users there that want their govt sites 15:11:48 luckily Mozilla keeps the engine relatively recent 15:12:47 yeah I'm generally unhappy with mozilla until they figure out how to parse real js (not asm.js) faster and support tls>1.0 15:14:01 Well, meh... Call me an idiot, but Seamonkey is more satisfying for me as having all in one and looks at least old-school with all the recent changes 15:14:02 agh man twitter I wish they'd make their buttons smaller 15:14:09 so much detritus in their fallback code 15:14:23 Topiary: Why so curious btw? 15:14:23 aye, I don't like that 15:14:31 :) 15:14:52 Topiary: You could have just asked me about my time and version :) 15:15:00 people nowadays... 15:15:01 There's a ton of people that still complain about the "lack of control" that the magic autoupdating does, but I actively hate things that don't keep themselves up to date 15:15:01 :) 15:15:14 well, that's why I prefer Linux 15:15:21 there are a few apps that doesn't need to be up to date 15:15:27 nothing beats package management... well, sort of :) 15:15:31 but things that are as big an attack surface as a browser? better fucking do it 15:15:43 norbert79: absolutely 15:15:48 what 15:15:51 nowadays when I touch a Windows PC 15:16:01 I just go "wait what, why is this software outdated? oh, right..." 15:16:05 :| 15:16:08 foobar2000 doesn't need to be updated, for instance, but chrome or firefox or IE? ugh 15:16:41 cayce: Well, I don't know, sometimes updates are nice... ProcessExplorer has been kept up-to-date, just realized, when I added it to a Windows XP VM. 15:16:42 curious abt the money stuff? 15:16:52 -lost- 15:16:57 Topiary: No, I am curious about your curiosity about my client :) 15:17:05 ^ 15:17:11 I feel like there may be a case of a client auto-doing CTCPs here? 15:17:14 cayce: then I realized, oh, wait, I installed it once, forgat to update it :) 15:17:16 norbert79:) yeah, I love processxp. great shit. 15:17:26 joepie91: I dislike such 15:17:35 joepie91: auto CTCP my ... thumb 15:17:38 ohhh. okay telk u what, im a n00b here so yeah. until now i still dk what im doing here 15:17:42 xD 15:17:49 well I haven't gotten one, so it's not auto (assuming it'd hit everyone) 15:17:50 norbert79: so do I, but a few clients do it 15:17:57 Topiary: Well, CTCP-ing is like peeking into my screen 15:18:02 especially OSX clients have a habit of doing this 15:18:02 and iOS 15:18:07 huh 15:18:09 without auto correct my typing goes haywire 15:18:28 Topiary: Old-School IRC users don't like being CTCP-d unless approved :) 15:19:00 :P 15:19:00 Topiary: Also don't trust the results of CTCP neither all the time as it can be faked too 15:19:14 (easily) 15:19:24 exactly, but sssh :) 15:19:25 I think there's a menu to edit my responses here somewhere 15:19:26 lol 15:19:34 * cayce pees on parade 15:19:43 I used to use mIRC as reply 15:19:49 wherever I was 15:20:01 I mean whereever as in whatever OS 15:20:13 hmm I should find a twitter email and start accosting their webdev guys about their tweet button code 15:20:18 that sounds like a good way to get a job 15:20:39 cayce: heh 15:20:56 i see so many unknown terms 15:20:59 last time I picked it apart I found like half a kb of code that literally wasn't supported by any browser 15:21:01 damn... 15:21:16 old standards that were thrown out and all major browsers went "WILL NOT IMPLEMENT" 15:21:18 made me lol 15:21:42 I yelled at them on twitter but of course they probably don't check that ;) 15:21:43 Topiary: Takes some time, but I would suggest checking the following terms like: channel, IRC networks, CTCP, DCC 15:22:13 oh fuck I've committed a mortal sin 15:22:23 joepie91: Don't love me this much :) 15:22:30 heh 15:22:32 returning an HSTS header on http connection 15:22:44 (it's expressely forbidden by the spec) 15:22:55 ok got some work to do which is left, need to finish off... 15:23:39 Ryan Gubele, 27, is employed as a reliability engineer for the Twitter website [...] 15:23:43 http://www.scmagazine.com/alleged-anonymous-members-indicted-last-thursday-led-unassuming-lives/article/315630/ 15:24:25 so what discussions do u guys have? 15:24:55 code 15:24:57 and derp 15:25:03 and the relatively small size of my penis 15:25:50 oh idk anything bout code..is it like programming and stuff coz once i tried learning python and i gave up 15:26:04 08:25:24 up 14 days, 16:55, 4 users, load average: 32.24, 11.18, 4.20 15:26:09 Y U SO LOAD 15:26:16 I'm so sorry 15:26:22 it seemed like gibberish 15:26:24 yes programming stuff 15:26:33 basic logic, mostly 15:26:41 eventually it becomes nontrivial logic, but meh 15:27:04 do try it again, I highly recommend learning a language 15:27:14 even just enough to script tiny shits here and there 15:27:22 it seems fun but so confusing 15:27:45 but i hace questioned the use of learning programming 15:27:50 *have 15:28:00 probably u cld enlighten me 15:28:58 no, I can't 15:29:18 It teaches you too much for me to waste my time explaining why it's a good thing 15:29:20 mk 15:29:34 Have you taken math? 15:30:14 if you complete trigonometry, you're able to describe most things in the universe in an in-exact way. I highly recommend that too. (calculus if you want exact answers) 15:30:34 *** complex_ (complex@1FB20456.69AC617A.F6E1C77B.IP) has joined #crytocc 15:31:37 cayce: Errr, Neil deGrasse Tyson might disagree with you there, and many others too :) 15:31:49 and so do u guys render ur skills to anonymous (being an anon) 15:32:39 this is not an "Anonymous" channel, Topiary 15:32:56 see topic etc. 15:32:58 i was just asking... 15:32:59 ^ 15:33:10 i know that lol 15:33:13 No, it's not just asking, the topic is specifically forbidden 15:33:22 *** complex has quit (Ping timeout) 15:33:32 *** complex_ is now known as complex 15:33:39 :P 15:33:45 soz man. why is it forbidden?0_o 15:33:51 thats just 15:34:00 removing the whole purpose 15:34:02 it's not up for discussion 15:34:29 there are many other channels on this server where it is plainly acceptable, this is not one of them 15:34:30 but why??? :0 15:35:04 norbert79:) why would they disagree? Do they not understand math? 15:35:23 cayce: Well, let's not get into this topic, I wish to flee my workplace soon :) 15:35:31 norbert79:) perhaps like many others they are too far into their specific study to see the broader picture 15:35:36 hehe alright 15:36:05 I doubt my statement for degrasse tyson, but not others. I think he would agree that everyone should learn at least trig 15:37:19 what are you guys getting trolled ? 15:37:20 anyway,sayonara folks! See yall another time. and if u know JD tell him hes awesome. 15:37:30 *** Topiary has parted #crytocc (None) 15:37:41 * zxcvbnm is boggled w/ confusion 15:38:19 sup? 15:39:00 * zxcvbnm just boggling. don't mind me 15:39:16 * cayce hits zxcvbnm on the head and watches the dice bounce 15:39:20 7! 15:39:29 :D 15:39:36 hehe 15:40:10 * cayce goes to prepare lunch 15:54:48 *** GHOSTnew has quit (Ping timeout) 15:57:46 *** GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc 16:11:16 yay, people are noticing my dig at thenextweb 16:15:05 .tw https://twitter.com/Aranjedeath/status/389774410837946368 16:15:06 http://b.explodie.org/1ehwCeQ > This is my dig at @TheNextWeb for their site. It's a good example of what not to do. 365 resources. 6.1mb of code. (@Aranjedeath) 16:18:29 wow 16:18:33 erm 16:18:48 Zoned: can't atm, too much homework 16:18:51 assignments, etc. 16:18:56 grr 16:19:00 heh man 16:19:04 physics + maths + bio for tomorrow 16:19:20 so yeah 16:20:08 usuck 16:20:09 lol 16:23:25 so again 16:23:30 I am considering free tahoe-lafs node hosting 16:23:32 thoughts? 16:26:51 why 16:32:36 *** fr0z3n (fr0z3n@60F0BC49.9144D476.78C94033.IP) has joined #crytocc 16:46:20 I'd think if you have N spare vps'es, then you can just start nodes there and instead of "node hosting" allow "grid access" 16:49:29 cayce, norbert79, You probably heard, but wrt tls ciphers, there's interesting https://www.imperialviolet.org/2013/10/07/chacha20.html and https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-02 16:50:34 MK_FG: grid access is a disaster access-control-wise 16:50:40 for automated stuff 16:50:47 *** complex has quit (User quit: Going offline, see ya! (www.adiirc.com)) 16:50:49 joepie91, read that quickly lol 16:51:04 cayce: no XMPP? 16:51:10 Hmm, so by hosting node you want to look at the content people upload? 16:51:21 And see if it's ok and do access control? 16:51:22 MK_FG: no, I want to separate access to space 16:51:36 giving someone grid access == allowing them to use whatever they want in terms of space 16:51:54 giving someone a node === ability to restrict node storage space without breaking tahoe-lafs security model 16:52:00 Ah, yes, that leasedb accounting stuff probably it's quite there yet 16:52:03 nop 16:52:21 MK_FG: and I've seen a "soon" milestone appear on the tahoe bugtracker 16:52:30 which doesn't give me much confidence as to it being implemented in the very near future 16:52:33 thus, this idea :) 16:53:34 Yeah, easy way to make different "users" now is to run each on in it's own "grid", it seems 16:54:18 But I think it should be much easier to do ad-hoc accounting still 16:55:14 Like, just allow N keys in foolscap tubs (I think that's already implemented) and on each share upload, store share-id:key in some db 16:55:29 Accounting in tahoe probably will do something similar... 16:55:45 ...but proper implementation requires clean code, tests for everything, etc 16:55:47 MK_FG: I don't know much about tahoe internals but what you describe sounds like it breaks the confidentiality model? 16:55:53 ad-hoc one doesn't need any of that! ;) 16:55:57 unless I'm missing something? 16:56:33 No, why? You're running the storage node, of course you'll be able to see if/when someone uploads a share 16:56:42 You don't know what's in it though 16:56:51 Or what it represents at all... 16:56:54 right, I thought with 'key' you meant the access key 16:56:54 :P 16:56:58 like, readcap 16:57:07 No no, foolscap key, from furl 16:57:21 anyway, MK_FG, the idea I had was using a combination of Xen (for memory deduplication) and OpenVZ (for container isolation and disk space restrictions as well as easy migration) 16:57:22 Like pb://asdfg@/object 16:57:30 ("asdfg" being teh key) 16:57:30 to set up an efficient dedicated tahoe-lafs hosting environment 16:57:31 and, right 16:58:27 Seem like a lot of waste running one grid per user, with any kind of dedup 16:58:42 But I wonder how much it'll help for N tahoe pids 16:59:25 Also, maybe something lighter than xen would be ok, you won't need dedup for anything like kernel or userspace with containers like docker 16:59:37 (or openvz, yeah) 17:00:12 And hmmm... 17:00:49 Given that I already run a few tahoe nodes for diff grids on same machine with new kernel and mem pages dedup enabled, I should probably check how well it works 17:01:04 MK_FG: any stats on that would be very welcome 17:01:32 also, afaik Xen can only dedup within a VM 17:01:35 not across VMs 17:01:40 from what I've heard so far 17:01:46 I don't know much about Xen so it warrants some more research 17:01:53 but that was my reasoning for using OpenVZ inside Xen 17:02:01 Maybe xen, kvm would be a better solution of the same kind then 17:02:01 which should, afaik, theoretically be possible 17:02:09 kvm allocates all ram for pid 17:02:17 And os deduplicates pages b/w these pids 17:02:51 MK_FG: according to someone else, openvz could run inside xen pv 17:02:56 xen hvm or kvm is not a possibility 17:02:59 But for tahoe, you can just run every node in the same os 17:03:02 because hardware VT is not always available 17:03:35 I mean "same os" without containers, or maybe with just security containment like e.g. apparmor 17:04:08 Surely there's no need to give each user a shell if all they have is a node? 17:04:27 MK_FG: the shell is for disk space restriction purposes 17:04:31 openvz/docker/lxc should run just fine within hvm 17:04:34 and ease of migration 17:04:42 tahoe doesn't have disk space restriction 17:04:45 only reserved space 17:04:45 afaik 17:05:04 Hmmh? If you run each node from it's uid you have fs quotas 17:05:18 I.e. uid=1001 has N GiB, period 17:05:26 MK_FG: does that work reliably inside Xen PV? 17:05:31 That's what openvz and co probably use 17:05:39 Quotas? Sure 17:05:50 They work with any kernel, it's just fs code 17:06:04 No ties to on which hw (or vm type) it runs 17:07:18 openvz/lxc/docker use uid namespace, so each container's "root" (uid=0) is mapped to some distinct uid in top-level namespace... 17:07:33 ...so even if containers share filesystem, they still have distinct uid's 17:08:01 And I bet they didn't invent new quota-by-uid mechanism, which'd be kinda redundant here 17:08:09 I see 17:08:11 (and I never heard of it) 17:09:02 (and parallels folks of openvz merge it all to linux anyways, so it would've been there) 17:10:34 okay so then theoretically 17:10:38 it should be possible to do Xen PV 17:10:43 with uid fs limits 17:10:49 any caveats you can think of? 17:12:08 I'd further use (and I DO use it) something like apparmor to limit each tahoe node pid access to its own storage path and only system code/subset it needs 17:12:29 security reasons or...? 17:12:46 E.g. https://github.com/mk-fg/apparmor-profiles/blob/master/profiles/opt.bin.tahoe 17:12:47 Yeah 17:13:07 So that if someone compromises their own node, they won't be able to mess up with the system 17:13:14 And other nodes in particular 17:14:07 I realize that tahoe nodes are kinda-designed to be untrusted... 17:14:17 ...but grids are formed among trusted peers 17:14:48 So I don't think there's that much testing on e.g. whether foolscap deserializer might have any remote execution vulns 17:14:57 I see 17:15:06 (after all, it's secure rpc mechanism with auth) 17:15:25 (so no vulns w/o auth, and with auth, who knows...) 17:15:26 quite a lot of useful info, thanks :) 17:15:31 I do have another question 17:15:33 unrelated to this 17:15:36 but about tahoe 17:15:41 what's the current state of MDMF? 17:15:47 on a scale of 1 to 10 17:15:56 1 being "completely unusable/reliable" and 10 being "awesome" 17:16:44 Hm, I don't think I've used mutables there much, except for top-level dirs with list of all backups, so didn't look into these closely and don't have much xp working with them 17:17:19 Immutables are perfect for backups (and dedup there)... so can't comment ;) 17:17:37 Didn't see any issues with these from limited exposure though 17:18:31 Iirc they're just split into larger-ish blocks, as with e.g. regular zfs/ssd and these are kinda-mutable 17:18:40 Having their own caps/keys 17:18:57 I see 17:19:05 sounds reliable enough for file sync 17:19:08 But dunno, don't recall even reading full docs on these ;) 17:19:18 also, MK_FG, what are your stats on RAM usage with dedup? 17:19:39 just got some stats on average disk usage for storage VPSes, so now I just need to consider the RAM usage 17:19:50 to get an idea of how many 'slots' I can have on one server 17:21:39 http://bpaste.net/raw/140419/ 17:21:47 Output from smem 17:22:06 http://dpaste.com/1416669/plain/ 17:22:20 (check out what columns mean in description there) 17:22:40 PSS vs RSS I think is the measure of dedup 17:25:06 Which seem to be pretty much not-a-thing ;) 17:26:25 Oh, "[ ] Enable KSM for page merging" 17:26:37 So forget these results ;) 17:26:46 haha 17:26:58 Weird, fairly sure I had that enabled at some point 17:26:59 "it doesn't dedup anything... oh wait, maybe I should plug it in first..." 17:27:16 Probably disabled again when had some issues with kswapd eating cpu 17:27:34 Actually, good thing 17:27:45 Will enable and reboot soonishly 17:27:52 Should give some baseline 17:28:18 Currently, I'd say it's just python binary and .so libs that get dedup 17:28:32 (given the size) 17:29:54 Hmm, though I see that KSM requires pid to do madvise() with MADV_MERGEABLE 17:30:19 .title http://istruecryptauditedyet.com/ 17:30:20 joepie91: Is TrueCrypt Audited Yet? 17:30:22 Can bet twisted doesn't do that, python maybe can 17:30:37 Easy to check.. 17:31:32 g -r MADV_MERGEABLE Python-2.7.5: 0 hits 17:31:48 So I'd be skeptical for dedup within same vm 17:31:57 hmm. 17:32:03 But if you run each python in its own vm, kvm does that 17:32:24 So might - paradoxically - be more memory-efficient for large python pids ;) 17:33:07 Or maybe there are more to KSM than that in ksm.txt in kernel Documentation dir 17:33:26 MK_FG: I need to assume that I can't use KVM 17:33:31 because likely no VT 17:34:28 I wonder if hack with LDPRELOAD=libKSM.so that does madvise() after each malloc() will break stuff ;) 17:34:47 I mean, what's the worst that can happen? ;) 17:35:48 lol 17:36:23 If kernel does the right thing and cow's pages, should be fine to madvise() all the things 17:36:52 (although maybe a lot of load for like 95% of stuff that really can't be merged) 17:38:17 joepie91, Wrt istruecryptauditedyet.com - did you notice that zooko went for cryptocat at the same time 17:38:35 It's like cyber-9/11 happened, and crypto folks went to audit all the things :P 17:39:46 Also, why inotify? fanotify! 17:39:53 Check out fatrace tool 17:40:07 cyber-9/11 DID happen, finally 17:40:20 inotify is terrible with large dirs and very-very racy with something like rsync running around creating dirs 17:40:26 and intofiy because wide support, existing libs, documented well enough 17:40:33 will consider fanotify implementation later 17:40:38 As it has to get fd before rsync creates files there, which is pretty much impossible 17:40:40 just trying to get a first working implementation done 17:41:01 Makes sense too, I guess ;) 17:42:52 *** GHOSTnew has quit (Ping timeout) 17:49:11 *** GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc 18:15:46 *** GHOSTnew has quit (Ping timeout) 18:15:46 *** puhrps has quit (User quit: Konversation terminated!) 18:17:10 *** mama (me@cryto-35BD8DF.csail.mit.edu) has joined #crytocc 18:17:49 *** GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc 18:18:34 joepie91, " Please re-send anything you wanted me to see since the last message I sent to this channel." (was wondering why there was no ack/nak on that last wtfpl statement) ;) 18:21:22 *** lathe (lathe@lathe.users.cryto) has joined #crytocc 18:26:57 *** mama has quit (User quit: ciao ciao) 18:30:40 *** tintin (tintin@BC528341.BC88B0C2.A27E456C.IP) has joined #crytocc 18:34:32 *** foolex has quit (Ping timeout) 18:34:33 *** mama (me@cryto-54326F0E.ipredator.se) has joined #crytocc 18:38:25 *** mama has quit (Ping timeout) 18:39:52 *** GHOSTnew has quit (Ping timeout) 18:40:59 *** GHOSTnew (GHOSTnew@GHOSTnew.users.cryto) has joined #crytocc 18:53:06 *** foolex (foolex@5D6B0912.EC145393.9A74EEF1.IP) has joined #crytocc 19:01:38 *** lblissett has quit (Ping timeout) 19:07:00 *** lblissett (lblissett@E8B0C89.47606522.4B0B4D05.IP) has joined #crytocc 19:11:53 *** mama (me@cryto-105D9F5B.torservers.net) has joined #crytocc 19:13:34 *** Zoned has quit (User quit: Leaving) 19:28:07 *** complex (complex@complex.users.cryto) has joined #crytocc 19:28:23 anyone here know any hackers from china? 19:29:03 one of the most serious newspapers in my country reports that i should be the most aware of chinese hacktivists, even though i have never heard about one of them :P 19:29:45 zxcvbnm might know more? 19:30:06 or maybe norbert79 19:41:45 MK_FG: there still? 19:42:02 Should be 19:42:07 :p 19:42:13 that KSM hack you were talking about 19:42:17 LDPRELOAD=libKSM.so 19:42:21 how would that work in practice? 19:42:22 as in 19:42:27 1. is this a good idea? 19:42:34 2. okay, how bad of an idea is it then? 19:42:39 3. how do I enable it anyway? 19:42:40 :P 19:43:05 As you probably know, LDPRELOAD is a thing that allows to override things like C functions 19:43:34 So that you can have some libKSM intercepting malloc() (libc call to allocate more memory) and do random stuff there instead 19:43:49 ....like calling libc's mallic and then doing madvise() 19:43:53 *malloc 19:44:16 Enabling would require writing some really simple 3-liner C lib 19:44:38 Which would do that, and if madvise() fails - whatevers, no big deal 19:45:04 Whether it's good idea I think depends entirely on how ksm actually works ;) 19:45:43 I didn't read ksm.txt and probably only know about it from lwn and menuconfig/nconfig description 19:46:04 But I think it hashes all "allowed for merge" pages in ram 19:46:14 So it should a) waste a lot of ram to keep hash table 19:46:25 b) take a lot of cpu to do the scans and hashing like that 19:46:36 the idea is that it dedups all advised pages and does a copy on write 19:46:37 c) take even more cpu for copy-on-write when these desync 19:46:43 yeah 19:46:50 hm. 19:46:53 It has to merge pages though 19:47:01 As tahoe pids aren't forked from each other 19:47:17 So it needs to actively scan ram and hash/detect same stuff 19:47:40 (and forking has cow for free anyway, without ksm) 19:48:12 So I think it might be generally a bad idea to make everything do ksm, but I'm a big believer in metrics ;) 19:48:20 heh 19:48:23 So who the fuck knows, let's test the shit! 19:48:26 well, I just asked zooko 19:48:33 about running multiple nodes 19:48:35 in one process 19:48:44 joepie91: it requires hacking, but shouldn't be too hard. 19:48:44 The internals are pretty modular and O-O. 19:48:54 so that's the alternative 19:48:57 :) 19:49:20 It'd save amount of ram required for py bytecode and dedup some immutable py objects like small integers, I think... 19:49:47 ...but also no telling how efficient it might be w/o testing ;) 19:49:53 you'd be running one interpreter with one copy of each module 19:49:56 one event loop 19:49:59 (probably) 19:50:00 and so on 19:50:06 Yeah 19:50:14 should dedup a lot 19:50:18 Python is pretty efficient 19:50:22 in theory 19:50:38 you'd basically be left with just the actual RAM usage for processing whatever data comes in and goes out 19:50:44 again, in theory 19:50:44 :p 19:50:54 Weell... 19:51:11 If all types are static - that's good 19:51:25 Like, no shit creating ad-hoc classes 19:51:34 ...and their instances 19:51:59 And not that many objects 19:52:17 If there are like 9000+ instances and 100 types, nothing's gained 19:53:00 But that said, twisted has a lot of static types and generally conservative with extra instances, so sounds promising 19:55:23 I'd look at tahoe binary - it should create application (twisted Service) instance 19:55:40 And you can start however many of these with different parameters within one pid 19:56:05 Unless there are some globals tahoe uses, which is kinda unlikely and probably a bug 20:26:37 *** LS17 (LS17@cryto-2496909C.hsd1.il.comcast.net) has joined #crytocc 20:47:10 *** iceTwy has quit (User quit: Disconnecting from server) 20:47:15 *** iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc 20:50:22 *** Zoned (sexybitch@Zoned.users.cryto) has joined #crytocc 21:15:42 *** complex has quit (User quit: Going offline, see ya! (www.adiirc.com)) 21:18:17 *** norbert79_xchat (Norbi@cryto-FD58F5CC.pool.digikabel.hu) has joined #crytocc 21:43:42 04FichteFoll made 2 commit(s) to 03package_control_channel on branch 10master: '02Fix sublime text version to allow v3', '02Merge pull request #2151 from rwoody/masterFix sublime text version to allow v3' (https://github.com/wbond/package_control_channel/compare/0ebe829f45...fad887484d) 21:45:44 04FichteFoll made 2 commit(s) to 03package_control_channel on branch 10master: '02Add Date Formatter', '02Merge pull request #2123 from pjdietz/masterAdd Date Formatter' (https://github.com/wbond/package_control_channel/compare/080a965d47...9017774fc7) 22:05:01 *** LS17 has quit (Ping timeout) 22:05:04 *** THX1337b (THX1337b@cryto-582BCD72.us-west-1.compute.amazonaws.com) has joined #crytocc 22:06:26 *** THX1337b has quit (User quit: Connection closed) 22:32:19 *** iceTwy has quit (Ping timeout) 22:40:39 *** norbert79_xchat has quit (User quit: Leaving for now. Bye everyone!) 23:26:09 *** HiveResearch has quit (Ping timeout) 23:36:29 *** x (foobar@91513BE6.1FF3EB83.C789C8B2.IP) has joined #crytocc 23:36:54 x 23:39:30 Zoned 23:39:36 hai 23:47:26 04joepie91 made 1 commit(s) to 03Envoy on branch 10feature/client-tide: '02I have no idea why I didn't track these files' (https://github.com/KnightSwarm/Envoy/compare/d56327df41...46479d5ab3)