Back to Home / #linode / 2017 / 12 / Prev Day | Next Day
#linode IRC Logs for 2017-12-31

---Logopened Sun Dec 31 00:00:29 2017
00:03-!-johnnyhero_[m] [~johnnyher@2001:470:1af1:101::11a3] has joined #linode
00:03-!-johnnyhero_[m] is "" on #linode
00:04-!-mode/#linode [+l 346] by ChanServ
00:05-!-johnnyhero_[m] [~johnnyher@2001:470:1af1:101::11a3] has left #linode []
00:06-!-mode/#linode [+l 345] by ChanServ
00:14-!-simon_ [~oftc-webi@] has joined #linode
00:14-!-simon_ is "OFTC WebIRC Client" on #linode
00:14-!-mode/#linode [+l 346] by ChanServ
00:17-!-simon_ [~oftc-webi@] has quit []
00:18-!-mode/#linode [+l 345] by ChanServ
00:19<Woet>simon says bye
01:01-!-qrez1 [] has joined #linode
01:01-!-qrez1 is "realname" on #linode
01:02-!-mode/#linode [+l 346] by ChanServ
01:15-!-moonkyang [~moonkyang@] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
01:16-!-mode/#linode [+l 345] by ChanServ
01:17-!-Tarun [~oftc-webi@] has quit [Quit: Page closed]
01:17-!-mode/#linode [+l 344] by ChanServ
01:43<linbot>New news from forum: General Discussion • Installing SSL Cert on Linode server for subdomain <>
01:48-!-raijin [~raijin@] has quit [Read error: Connection reset by peer]
01:49-!-mode/#linode [+l 343] by ChanServ
02:00-!-mindlesstux [~mindlesst@2001:19f0:5:238:5400:ff:fe30:7f01] has quit [Quit: ZNC -]
02:01-!-mode/#linode [+l 342] by ChanServ
02:01-!-mindlesstux [~mindlesst@2001:19f0:5:238:5400:ff:fe30:7f01] has joined #linode
02:01-!-mindlesstux is "ZNC -" on #virtualization #virt @#tuz-oftc @#tuz #qemu #osm #openttd #openconnect #observium #linode #ipv6 #OpenRailwayMap
02:02-!-mode/#linode [+l 343] by ChanServ
02:14-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has joined #linode
02:14-!-cnf is "Frank Rosquin" on #linode #ceph
02:14-!-mode/#linode [+l 344] by ChanServ
02:16-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has quit []
02:17-!-mode/#linode [+l 343] by ChanServ
02:30<zifnab>today's insanity: microservice implemented as a golang statically linked binary that runs as /init
02:30<zifnab>not really "todays", more "3 months ago and i'm looking at it again"
02:31<Eugene>So, does it vend?
02:37<Woet>does it towel?
02:40-!-TomasCZ [] has quit [Remote host closed the connection]
02:41-!-mode/#linode [+l 342] by ChanServ
02:42-!-BerlinerPlatz [~root@2a01:7e01::f03c:91ff:fe92:a2e6] has joined #linode
02:42-!-BerlinerPlatz is "root" on #linode #Corsair
02:42-!-mode/#linode [+l 343] by ChanServ
02:43<Eugene>You're a towel
02:44-!-Cromulent [] has joined #linode
02:44-!-Cromulent is "Cromulent" on #linode
02:44-!-BerlinerPlatz [~root@2a01:7e01::f03c:91ff:fe92:a2e6] has quit [Quit: WeeChat 1.4]
02:45<Woet>as long as you use me to dry yourself off ;)
02:45<zifnab>it doesn't vend yet
02:45<zifnab>i just got it to do a dhcp lease
02:46<zifnab>and it dies as soon as i try to bind to :80
02:46<zifnab>it'll be next year's insanity
02:46<zifnab> as a statically linked go binary
02:46<zifnab>that also runs as /init
02:56<Zimsky>a towel's job is to get wet
03:23<linbot>New news from forum: Web Servers and Web App Development • How to log site traffic to access.log (Apache)? <>
03:29-!-retro|blah [] has quit [Quit: Leaving]
03:29-!-mode/#linode [+l 342] by ChanServ
03:33-!-pavlushka [] has joined #linode
03:33-!-pavlushka is "pavlushka" on #linode #debian #oftc
03:34-!-mode/#linode [+l 343] by ChanServ
03:42-!-retro|blah [] has joined #linode
03:42-!-retro|blah is "retrograde inversion" on #linode
03:42-!-mode/#linode [+l 344] by ChanServ
03:44-!-PornJavHD [~oftc-webi@] has joined #linode
03:44-!-PornJavHD is "OFTC WebIRC Client" on #linode
03:45<PornJavHD>Active my acc
03:46-!-mode/#linode [+l 345] by ChanServ
03:46-!-PornJavHD [~oftc-webi@] has quit []
03:46<Peng_>They --
03:47-!-mode/#linode [+l 344] by ChanServ
03:50-!-retro|blah [] has quit [Quit: Leaving]
03:51-!-mode/#linode [+l 343] by ChanServ
03:57<Woet>at least it's in HD
03:58<Woet>all the shower footage from Eugene is 240p
03:58<Zimsky>only you would be desperate enough to put up with 240p
04:12-!-moonkyang [~moonkyang@] has joined #linode
04:12-!-moonkyang is "Moonk Yang" on #linode
04:13-!-moonkyan_ [] has joined #linode
04:13-!-moonkyan_ is "Moonk Yang" on #linode
04:14-!-mode/#linode [+l 345] by ChanServ
04:14-!-moonkya__ [] has joined #linode
04:14-!-moonkya__ is "Moonk Yang" on #linode
04:16-!-mode/#linode [+l 346] by ChanServ
04:20-!-retro|blah [~retrograd@2600:3c01::1d:eace] has joined #linode
04:20-!-retro|blah is "retrograde inversion" on #linode
04:20-!-moonkyang [~moonkyang@] has quit [Ping timeout: 480 seconds]
04:21-!-moonkyan_ [] has quit [Ping timeout: 480 seconds]
04:22-!-mode/#linode [+l 345] by ChanServ
04:43-!-qrez1 [] has quit [Ping timeout: 480 seconds]
04:44-!-mode/#linode [+l 344] by ChanServ
05:05-!-marshmn [~matt@] has joined #linode
05:05-!-marshmn is "Matt Marsh" on #linode
05:06-!-mode/#linode [+l 345] by ChanServ
05:31-!-pavlushka [] has quit [Remote host closed the connection]
05:32-!-mode/#linode [+l 344] by ChanServ
06:07-!-V-Pariah_ [~viciouspa@] has joined #linode
06:07-!-V-Pariah_ is "Vicious Pariah" on #linode
06:09-!-mode/#linode [+l 345] by ChanServ
06:10-!-V-Pariah [~viciouspa@] has quit [Ping timeout: 480 seconds]
06:11-!-mode/#linode [+l 344] by ChanServ
06:26-!-sandeep [] has joined #linode
06:26-!-sandeep is "Laptop" on #linode
06:27-!-mode/#linode [+l 345] by ChanServ
06:28-!-V-Pariah_ [~viciouspa@] has quit [Ping timeout: 480 seconds]
06:29-!-mode/#linode [+l 344] by ChanServ
06:32-!-V-Pariah [~viciouspa@] has joined #linode
06:32-!-V-Pariah is "Vicious Pariah" on #linode
06:32-!-mode/#linode [+l 345] by ChanServ
06:33-!-V-Pariah [~viciouspa@] has quit []
06:34-!-mode/#linode [+l 344] by ChanServ
06:40-!-V-Pariah [~viciouspa@] has joined #linode
06:40-!-V-Pariah is "Vicious Pariah" on #linode
06:41-!-mode/#linode [+l 345] by ChanServ
06:52-!-bagira [] has quit [Remote host closed the connection]
06:53-!-bagira [] has joined #linode
06:53-!-bagira is "bagira" on #linux #suckless #tor #linode #debian
07:21-!-V-Pariah [~viciouspa@] has quit [Ping timeout: 480 seconds]
07:21-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has joined #linode
07:21-!-cnf is "Frank Rosquin" on #ceph #linode
07:35-!-V-Pariah [~viciouspa@] has joined #linode
07:35-!-V-Pariah is "Vicious Pariah" on #linode
07:36-!-mode/#linode [+l 346] by ChanServ
07:49-!-pavlushka [] has joined #linode
07:49-!-pavlushka is "pavlushka" on #linode #debian #oftc
07:49-!-mode/#linode [+l 347] by ChanServ
08:03-!-Sajal [~oftc-webi@] has joined #linode
08:03-!-Sajal is "OFTC WebIRC Client" on #linode
08:03-!-Sajal [~oftc-webi@] has quit []
08:04-!-Sajal is "OFTC WebIRC Client" on #linode
08:04-!-Sajal [~oftc-webi@] has joined #linode
08:04-!-mode/#linode [+l 348] by ChanServ
08:10-!-moonkyang [~moonkyang@] has joined #linode
08:10-!-moonkyang is "Moonk Yang" on #linode
08:11-!-mode/#linode [+l 349] by ChanServ
08:17-!-moonkya__ [] has quit [Ping timeout: 480 seconds]
08:19-!-mode/#linode [+l 348] by ChanServ
08:24-!-softinio [] has joined #linode
08:24-!-softinio is "softinio" on #linode
08:24-!-mode/#linode [+l 349] by ChanServ
08:32-!-marshmn [~matt@] has quit [Ping timeout: 480 seconds]
08:32-!-mode/#linode [+l 348] by ChanServ
08:58-!-zivester [~zivester@] has joined #linode
08:58-!-zivester is "zivester" on #linode #osm #osm-nominatim
08:59-!-mode/#linode [+l 349] by ChanServ
09:04-!-Hsjj [~oftc-webi@] has joined #linode
09:04-!-Hsjj is "OFTC WebIRC Client" on #linode
09:04<Hsjj>Hi guys need help regarding VNC setup
09:04-!-mode/#linode [+l 350] by ChanServ
09:05<Hsjj>Anyone who can help ?
09:06-!-Hsjj [~oftc-webi@] has quit []
09:07-!-mode/#linode [+l 349] by ChanServ
09:12-!-Shentino_ [] has joined #linode
09:12-!-Shentino_ is "realname" on #tux3 #linode
09:12-!-Shentino_ [] has quit [Remote host closed the connection]
09:17-!-Shentino [] has quit [Ping timeout: 480 seconds]
09:17-!-mode/#linode [+l 348] by ChanServ
09:23-!-Ravi [~oftc-webi@] has joined #linode
09:23-!-Ravi is "OFTC WebIRC Client" on #linode
09:23-!-NomadJim_ [~Jim@] has quit [Read error: Connection reset by peer]
09:23<Ravi>can any one help me
09:23<Ravi>i got a website
09:23<Ravi> is hosted in Linode
09:24-!-NomadJim [~Jim@] has joined #linode
09:24-!-NomadJim is "Nomad" on #linode #debian
09:24<Ravi>the problem is after login to my website
09:24<Ravi>it is showing following error
09:24<Ravi>Error occurred : Call to a member function fetch_assoc() on boolean on line 75 in /home/parkpays/public_html/plugins/mention/loader.php
09:24-!-mode/#linode [+l 349] by ChanServ
09:24<Ravi>can any one help me to resolve this issue
09:26<Ravi>is any one there
09:26-!-NomadJim [~Jim@] has quit [Read error: Connection reset by peer]
09:27-!-mode/#linode [+l 348] by ChanServ
09:37<Ravi>is any one there
09:45-!-Ravi [~oftc-webi@] has quit [Quit: Page closed]
09:46-!-mode/#linode [+l 347] by ChanServ
09:47-!-raijin [~raijin@] has joined #linode
09:47-!-raijin is "raijin" on #ceph #linux-smokers-club #linux-iio #ck #smxi #linode
09:47-!-mode/#linode [+l 348] by ChanServ
09:48-!-raijin [~raijin@] has quit []
09:49-!-mode/#linode [+l 347] by ChanServ
09:51-!-jas4711 [~smuxi@2001:9b0:104:42::8cb] has quit [Remote host closed the connection]
09:52-!-mode/#linode [+l 346] by ChanServ
09:52-!-mormon420 [] has quit [Quit: Leaving]
09:53-!-mormon420 [] has joined #linode
09:53-!-mormon420 is "mormon420" on #onionbalance #oftc #moocows #linode #debian-next
09:55-!-NomadJim [~Jim@] has joined #linode
09:55-!-NomadJim is "Nomad" on #linode #debian
09:56-!-mode/#linode [+l 347] by ChanServ
10:05<linbot>New news from forum: General Discussion • Login Yahoo Mail <>
10:35-!-Sajal [~oftc-webi@] has quit [Quit: Page closed]
10:36-!-mode/#linode [+l 346] by ChanServ
10:38-!-moonkyang [~moonkyang@] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
10:39-!-mode/#linode [+l 345] by ChanServ
10:48-!-bagira [] has quit [Remote host closed the connection]
10:48-!-bagira [] has joined #linode
10:48-!-bagira is "bagira" on #linux #suckless #tor #linode #debian
10:48-!-bagira [] has quit [Remote host closed the connection]
10:49-!-bagira is "bagira" on #linux #suckless #tor #linode #debian
10:49-!-bagira [] has joined #linode
10:57<dubidub>Woet: why does google authenticator suck?
10:59-!-bagira [] has quit [Remote host closed the connection]
10:59-!-mode/#linode [+l 344] by ChanServ
11:24<dwfreed>Google Authenticator has no backup option
11:28-!-mormon420 [] has quit [Quit: Leaving]
11:29-!-mode/#linode [+l 343] by ChanServ
11:31-!-mormon420 is "mormon420" on #redditprivacy #privacytech #otr #onionbalance #oftc
11:31-!-mormon420 [] has joined #linode
11:32-!-mode/#linode [+l 344] by ChanServ
11:39-!-Netsplit <-> quits: weezy[blinkenshell], jback, tanja84dk, Turl, Attoy, tomchen[m], el, zibri, bliblok_, _404`d, (+91 more, use /NETSPLIT to show all of them)
11:40-!-kronos003 [] has joined #linode
11:40-!-kronos003 is "Kronos" on #linode
11:45<kronos003>if I were to make a new linode(centos7) and encrypt the disk, what is the likelyhood someone could get inside of it by breaching linode? ( like in this article :
11:46-!-FloodServ is "FloodServ" on (unknown)
11:46-!-Netsplit over, joins: FloodServ
11:46-!-FloodServ [] has left #linode []
11:46-!-rnowak is "Robert A. Nowak" on #linode #oftc-status
11:46-!-Netsplit over, joins: rnowak, sandeep, azarus, dubidub, eagle, tmberg, kaare_, nix-7, Steve^
11:47-!-tomaw is "Tom Wesley <>" on #linode #oftc-status #supybot #irssi #freenode
11:47-!-Netsplit over, joins: tomaw, Hazelesque, Nightmeare, el, mteufel, tanja84dk, trippeh, spiki, kwmonroe, RyanKnack (+17 more)
11:48-!-Cromulent [] has joined #linode
11:48-!-fstd [] has joined #linode
11:48-!-NiTeMaRe [~nitemare@2a01:4f8:211:18d:aa::] has joined #linode
11:48-!-ruza [] has joined #linode
11:48-!-kcaj [] has joined #linode
11:48-!-nrh1703 [~noshir@2a01:7e00::f03c:91ff:fefb:505f] has joined #linode
11:48-!-MaZ- [] has joined #linode
11:48-!-beuker [] has joined #linode
11:48-!-theblackbox [] has joined #linode
11:48-!-flugsio [] has joined #linode
11:48-!-Dataforce [] has joined #linode
11:48-!-MrGeneral [] has joined #linode
11:48-!-nyuszika7h [] has joined #linode
11:48-!-Tol1 [] has joined #linode
11:48-!-MeGa [~meg@2a00:d880:6:5f2::1a81:259a] has joined #linode
11:48-!-TonyL [] has joined #linode
11:48-!-meth [] has joined #linode
11:48-!-jback [] has joined #linode
11:48-!-Timbo [] has joined #linode
11:48-!-Turl [] has joined #linode
11:48-!-GlennS [~quassel@] has joined #linode
11:48-!-Vlad [] has joined #linode
11:48-!-weezy[blinkenshell] [] has joined #linode
11:48-!-Tulah [] has joined #linode
11:48-!-micro [] has joined #linode
11:48-!-Nebraskka [~Nebraskka@] has joined #linode
11:48-!-leochill [] has joined #linode
11:48-!-uther [] has joined #linode
11:48-!-csnxs [sean@2a01:7e00:e000:187:666:666:666:666] has joined #linode
11:48-!-grawity [grawity@2a01:7e00:e000:1d6::1] has joined #linode
11:48-!-hawk [] has joined #linode
11:48-!-bliblok_ [~bliblok@] has joined #linode
11:48-!-phyber [] has joined #linode
11:48-!-ponas [ponas@2a01:7e00::20:c0de] has joined #linode
11:48-!-Cromulent is "Cromulent" on #linode
11:48-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has joined #linode
11:48-!-Li[m] [~limatrixo@2001:470:1af1:101::1164] has joined #linode
11:48-!-robertf [] has joined #linode
11:48-!-dexterfoo [~dexterfoo@2a01:7e00::f03c:91ff:fe86:59ec] has joined #linode
11:48-!-mpr [] has joined #linode
11:48-!-mr-spoon [~mr-spoon@] has joined #linode
11:48-!-brians_ [~brian@] has joined #linode
11:48-!-voker57 [] has joined #linode
11:48-!-milk [] has joined #linode
11:48-!-JStoker [] has joined #linode
11:48-!-Hobbyboy [] has joined #linode
11:48-!-unlmtd[m] [~unlmtdmat@2001:470:1af1:101::2eb] has joined #linode
11:48-!-intheclouddan[m] [~intheclou@2001:470:1af1:101::5ce] has joined #linode
11:48-!-jfred[m] [~jonterrac@2001:470:1af1:101::c] has joined #linode
11:48-!-tomchen[m] [~tomchenma@2001:470:1af1:101::528] has joined #linode
11:48-!-Cajs [] has joined #linode
11:48-!-Frools [] has joined #linode
11:48-!-Iguil [] has joined #linode
11:48-!-Jonis [] has joined #linode
11:48-!-Kniaz [] has joined #linode
11:48-!-branko [] has joined #linode
11:48-!-Attoy [] has joined #linode
11:48-!-jimb0 [] has joined #linode
11:48-!-Zimsky [] has joined #linode
11:48-!-Spydar007 [] has joined #linode
11:48-!-pharaun [] has joined #linode
11:48-!-fifr [] has joined #linode
11:48-!-ericnoan [] has joined #linode
11:48-!-Guest656 [] has joined #linode
11:48-!-therock247uk [] has joined #linode
11:49-!-ChanServ changed the topic of #linode to: Linode Community Discussion | | Linode Block Storage - Early Access: | Linode REST API - Early Access:
11:49-!-FloodServ [] has joined #linode
11:49-!-FloodServ is "FloodServ" on (unknown)
11:49-!-mode/#linode [+v mtjones] by ChanServ
11:49-!-mode/#linode [+o bhanks] by ChanServ
11:49-!-mode/#linode [+v avelardi] by ChanServ
11:49-!-mode/#linode [+v mcintosh] by ChanServ
11:49-!-mode/#linode [+o scrane] by ChanServ
11:49-!-mode/#linode [+o jkorang] by ChanServ
11:49-!-mode/#linode [+v gjjansen] by ChanServ
11:49-!-mode/#linode [+v sjacobs] by ChanServ
11:49-!-mode/#linode [+v jleal] by ChanServ
11:50<dzho>kronos003: what is the liklihood of any online service having vulnerabilities? That's really a million bitcoin question.
11:50-!-Netsplit <-> quits: weezy[blinkenshell], jback, tanja84dk, Turl, Attoy, tomchen[m], el, zibri, bliblok_, _404`d, (+91 more, use /NETSPLIT to show all of them)
11:51-!-FloodServ is "FloodServ" on (unknown)
11:51-!-Netsplit over, joins: FloodServ
11:51-!-rnowak is "Robert A. Nowak" on @#oftc #moocows #linode #oftc-status
11:51-!-Netsplit over, joins: rnowak, sandeep, azarus, dubidub, eagle, tmberg, kaare_, nix-7, Steve^
11:51-!-sandeep [] has quit [Quit: sandeep]
11:51-!-Netsplit over, joins: tomaw, Hazelesque, Nightmeare, el, mteufel, tanja84dk, trippeh, spiki, kwmonroe, RyanKnack (+17 more)
11:51-!-tomaw is "Tom Wesley <>" on #sd #linux #help #tor-project #osm #gcc #virt #ceph #debian-offtopic #suckless #ovirt #oftc-staff #perl #slackware #debian #debian-es #gentoo #bitlbee #tor #awesome @#oftc #moocows #linode #oftc-status #supybot #irssi #freenode
11:52-!-Netsplit over, joins: cnf, Li[m], robertf, dexterfoo, mpr, mr-spoon, brians_, voker57, milk, JStoker (+20 more)
11:52-!-mormon420 [] has quit [Max SendQ exceeded]
11:52-!-Netsplit over, joins: Cromulent, fstd, NiTeMaRe, ruza, kcaj, nrh1703, MaZ-, beuker, theblackbox, flugsio (+24 more)
11:53-!-mode/#linode [+v bhanks] by ChanServ
11:53-!-mode/#linode [+v scrane] by ChanServ
11:53<kronos003>the question is whether or not encryption would be enough to prevent a problem like the bitcoin heist, or if this is a case where I simply have to keep my customers' data on my own metal. it boils down to "Can I make a linode safe enough to house my accounting server? If so, what do I need to do to keep myself from getting breached?"
11:53-!-mode/#linode [+v jkorang] by ChanServ
11:55<dzho>kronos003: "the weakest link" is a basic security concept. See also: or consider how widespread a thing phishing is, in which people willingly and voluntarily enter their credentials, but directed to a wrong site.
11:55-!-mormon420 is "mormon420" on #tor #redditprivacy #bitlbee #EliteBNC
11:55-!-mormon420 [] has joined #linode
11:56<dzho>you have to keep it somewhere. the layers of attack surface any hosting provider presents substitute for layers that one would have in hosting it in different ways. depends on your threat model.
11:57<dzho>two-factor authentication was not nearly so frequently used when the events described there happened.
11:58-!-Himangshu [~oftc-webi@] has joined #linode
11:58-!-Himangshu is "OFTC WebIRC Client" on #linode
11:58<dzho>that's one big thing that has changed a lot that I can think of off the top of my head.
11:58<@bmartin>Kronos003 full disk encryption will make your disks unreadable by anyone except whoever holds the encryption keys. Ultimately you will need to assess whether that sufficiently mitigates the risk.
11:58<kronos003>dzho: that attack was predicated on breaching a linode employee's system
11:59<dwfreed>note that there can exist vulnerabilities that would sidestep FDE
11:59-!-mode/#linode [+l 345] by ChanServ
11:59<kronos003>bmartin: yeah... I kinda know the answer to my own question
12:00<dzho>kronos003: ok, and ... ?
12:00<kronos003>disk encryption doesnt protect against a modified kernel and force reboot scenario, and/or watching the ram from the hosting side
12:00<dzho>oh, so you're just trolling?
12:00<dzho>nm then
12:01<kronos003>I'm sure theres probably a bunch of other ways an attacker could get access absent any opneings in my own security model
12:02<kronos003>dzho: not trolling - just not sure if I feel safe about putting my customers' data in the cloud and trying to figure out how safe I feel about it
12:02<kronos003>and hoping for some input from the linode staff to put me more at ease
12:03<@jackley>kronos003: when you say "modified kernel", what do you mean?
12:03-!-Himangshu [~oftc-webi@] has quit [Remote host closed the connection]
12:03<@jackley>kronos003: rebooting your Linode into a modified kernel?
12:03<dzho>given that so much depends on how you configure the linode there's going to be a pretty hard limit to anything reassuring any linode employee could say.
12:04<dzho>even if somehow had an impossible level of ironclad security on all that they did, you still have myriad ways to screw it up on your own.
12:04-!-mode/#linode [+l 344] by ChanServ
12:04<dzho>s/if somehow/if they somehow/
12:04<kronos003>kernel controls the OS. I would imagine that a particularly skilled attacker could make a malicious kernel and then having breached the linode system, force a given linode to boot the malicious kernel and then do whatever they want
12:05<dwfreed>that's way beyond what your threat model should be
12:05<kronos003>I already dont leave any ports open I dont need. I doent needlesly run scripts on my webhost, and when I do I make sure everything is upto date
12:06<dwfreed>If somebody has breached Linode sufficiently to change the kernel you boot, they could just boot into rescue mode and backdoor you that way
12:06<kronos003>dzho: so very true, I try to learn something new everyday and work to improve my practices
12:06<@jackley>kronos003: ty for clarifying. the way we recommend you set up full disk encryption involves circumventing our kernel entirely – everything is loaded from your encrypted disk.
12:07<dwfreed>10,000 times easier, because then they don't need to know kernel programming
12:07<kronos003>dwfreed: if the disk encryption is air tight, they would still need my disk password or successfully bruteforce it
12:07<@jackley>kronos003: so I'm not sure about that specific attack vector. an attacker would need to have access to your decrypted disk to make changes to your kernel.
12:08<kronos003>jackley: I thought that linode used it's own kernel independent of whats on the image
12:08<dwfreed>you can boot your own kernel
12:08<dzho>or select from a wide range of already supplied ones
12:08<@jackley>kronos003: Linode provides our own kernel, but we offer a couple methods by which you can load your own.
12:09<kronos003>jackley: also the kernel in an encrypted system is unencrypted( though once the system is up I suppose you could set a tripwire to notice if whats running is different from what is suppossed to be running
12:09<@jackley>kronos003: Grub legacy/grub 2 and direct disk -- the latter is what you'd use to boot to an encrypted disk.
12:10<dwfreed>jackley: the kernel is not part of the encrypted disk; it resides on a separate, unencrypted boot partition (because GRUB doesn't speak LUKS)
12:11<kronos003>jackley: I'm still learning about all of that - there seem to be a couple of different ways to do it, and redhat now has a officially recommended way with EL7
12:11<dwfreed>jackley: (Note the partition layout pictured at step 14 of "install the OS" at )
12:12<@jackley>dwfreed: yup, looking at that now.
12:12<kronos003>dwfreed: I think I saw that writeup first when I was doing the initial research
12:15-!-mormon420 [] has quit [Ping timeout: 480 seconds]
12:15*dzho now imagines the unencrypted kernel doing a kexec to a kernel on the encrypted partition and then [waves hands vaguely]
12:15<dwfreed>dzho: the unencrypted kernel is still the weakest link
12:15-!-mode/#linode [+l 343] by ChanServ
12:16<kronos003>in that scenario, the attacker would "only" need to make a keylogger kernel to phone home with all the passwords to take control of the linode. - 2 thinks make this vector less plausible for me 1) I'm a nobody and not likely anyone would single me out for something like that. 2) if something like that was used against the entire linode userbase, hopefully someone else would notice and fix things before
12:16<kronos003>I had a chance to spill my guts to the evil kernel
12:17<kronos003>so a question that comes up, is how fast would linode notice if someone did that on a mass scale
12:18<dwfreed>depends on a lot of factors, several of which are outside of Linode's control
12:18-!-VladGh [] has quit [Remote host closed the connection]
12:18<kronos003>assuming they were smart enough to not change the name or do anything that made it obvious they did so
12:19-!-mode/#linode [+l 342] by ChanServ
12:19-!-VladGh [] has joined #linode
12:19-!-VladGh is "Vlad" on #linode
12:20-!-mode/#linode [+l 343] by ChanServ
12:21<kronos003>my accounting server is going to be based on postgres and it isnt terribly mainstream, so hopefully thats also a layer of protection
12:21-!-cmullen [] has joined #linode
12:21-!-cmullen is "cmullen" on #linode
12:21-!-mode/#linode [+o cmullen] by ChanServ
12:21<Zimsky>merry new day
12:22<Zimsky>to everyone except woet
12:22<dzho>oh, come on
12:22<Zimsky>and dzho
12:22<dzho>woet clearly needs the most love of all of us
12:22-!-mode/#linode [+l 344] by ChanServ
12:22<Zimsky>yes, it is true woet is unhealthily desperate
12:22<Zimsky>but that does not mean this desperation should be attended to
12:23<dzho>pro-active, not reactive, see
12:23<kronos003>jackley: does linode have any kind of warning for systemwide kernel updates?
12:23<Zimsky>kernel sanders
12:23*dzho tries to imagine how that would work, given that people can and do use different kernels
12:24<dwfreed>there's an rss feed
12:24<dwfreed>also linbot announces it
12:24<dwfreed>linbot: help kernels
12:24<linbot>dwfreed: (kernels [<number of headlines>]) -- Reports the titles for kernels at the RSS feed <>. If <number of headlines> is given, returns only that many headlines. RSS feeds are only looked up every supybot.plugins.RSS.waitPeriod seconds, which defaults to 1800 (30 minutes) since that's what most websites prefer.
12:25<dwfreed>linbot: kernels 1
12:25<linbot>dwfreed: Latest 64 bit (4.9.68-x86_64-linode89) <>
12:25<dzho>oh, sweet
12:25<dwfreed>dzho: !point dwfreed
12:25<Zimsky>!towel dwfreed
12:25<linbot>Zimsky: Point taken from dwfreed! (34)
12:26<dwfreed>!towel Zimsky
12:26<linbot>dwfreed: Point taken from zimsky! (8)
12:26<Zimsky>oh that takes away points
12:26<Zimsky>I thought it gave them
12:26<dwfreed>that's lick
12:26<dwfreed>!lick Zimsky
12:26<linbot>dwfreed: Point given to zimsky. (9)
12:26<Zimsky>!untowel dwfreed
12:26<dwfreed>at least take me to dinner first
12:26<dzho>postfix increment is the standard to which I hew, regardless of the degree to which it is supported by any given bot in any given channel in any given time.
12:26<Zimsky>that's why I employ woet
12:27<dwfreed>dzho: yeah; I don't think linbot has MessageParser, or I'd add a rule for that
12:28<dwfreed>linbot: list
12:28<linbot>dwfreed: Admin, Alias, Anonymous, BadWords, Channel, ChannelStats, Config, Dunno, Filter, Format, Games, Google, Herald, Internet, Lart, Later, Limiter, Misc, News, Note, Owner, Plugin, Praise, Quote, RSS, Scheduler, Services, ShrinkUrl, Status, String, Success, URL, Unix, User, Utilities, and Web
12:28<dwfreed>nope, no MessageParser
12:29<Zimsky>no weeb command
12:34<@jackley>kronos003: sorry, was away from my keyboard for a minute. no, we don't – we provide notices when new Linode kernels go out, as dwfreed said, but I don't know if that's what you're looking for.
12:35-!-Netsplit <->,, quits: Cromulent, therock247uk, fstd, medicalwei, lpalgarvio[m], mteufel, weezy[blinkenshell], MeGa, spiki, Vlad, (+81 more, use /NETSPLIT to show all of them)
12:35-!-mormon420 is "mormon420" on #debian-next #debian #bitlbee #EliteBNC
12:35-!-mormon420 [] has joined #linode
12:35-!-mode/#linode [+l 254] by ChanServ
12:36-!-ServerMode/#linode [+l 344] by
12:36-!-Netsplit over, joins: Cromulent, fstd, NiTeMaRe, ruza, kcaj, nrh1703, MaZ-, beuker, theblackbox, flugsio (+81 more)
12:36<Zimsky>oh that sucks
12:36-!-tomaw is "Tom Wesley <>" on #sd #linux #help #tor-project #osm #gcc #virt #ceph #debian-offtopic #suckless #ovirt #oftc-staff #perl #slackware #debian #debian-es #gentoo #bitlbee #tor #awesome @#oftc #moocows #linode #oftc-status #supybot #irssi #freenode
12:37<kronos003>jackley: I'm talkng about an internal notification, so YOU get to see it. ( so if something gets pushed out that shouldn't you'll know)
12:37-!-mode/#linode [+l 345] by ChanServ
12:50-!-mormon420 [] has quit [Ping timeout: 480 seconds]
12:50-!-kaare__ [] has joined #linode
12:50-!-kaare__ is "Kaare Rasmussen" on #linode
12:51-!-acald3ron [] has joined #linode
12:51-!-acald3ron is "realname" on #debian-mx #debian-es #debian-next #debian #linode
12:52-!-mode/#linode [+l 346] by ChanServ
12:53-!-Alex [~oftc-webi@] has joined #linode
12:53-!-Alex is "OFTC WebIRC Client" on #linode
12:54-!-kaare_ [] has quit [Ping timeout: 480 seconds]
12:54<@bmartin>Hello Alex
12:54<Alex>does lindone cloud support plesk ?
12:55-!-marshmn [~matt@] has joined #linode
12:55-!-marshmn is "Matt Marsh" on #linode
12:56-!-mode/#linode [+l 347] by ChanServ
12:57<@bmartin>Alex you are welcome to install any control panel you like on Linode. You will need to get the license yourself though
12:57<Alex>ok , I will do, thanks for your help
12:58-!-Alex [~oftc-webi@] has quit []
12:58<kronos003>Alex: linode basically provides you a virtual machine instance on one of their super powerful machines. you install whatever OS you want and then install whatever management software on top of that. linobasically provides a machine and you install what you want.
12:58<kronos003>oops too late
12:59-!-mode/#linode [+l 346] by ChanServ
13:00-!-mormon420 [] has joined #linode
13:00-!-mormon420 is "mormon420" on #moocows #linode #debian-next #tor #debian #bitlbee #EliteBNC #redditprivacy #privacytech #otr #onionbalance #oftc
13:01-!-mode/#linode [+l 347] by ChanServ
13:08-!-mormon420 [] has quit [Ping timeout: 480 seconds]
13:09-!-mode/#linode [+l 346] by ChanServ
13:15-!-mormon420 is "mormon420" on #privacytech #otr #onionbalance #oftc #moocows
13:15-!-mormon420 [] has joined #linode
13:16-!-mode/#linode [+l 347] by ChanServ
13:30-!-bagira [] has joined #linode
13:30-!-bagira is "bagira" on #linux #suckless #tor #linode #debian
13:31-!-mode/#linode [+l 348] by ChanServ
13:35-!-mormon420 [] has quit [Quit: Leaving]
13:36-!-mode/#linode [+l 347] by ChanServ
13:37-!-mormon420 [] has joined #linode
13:37-!-mormon420 is "mormon420" on #onionbalance #oftc #moocows #linode #debian-next
13:39-!-mode/#linode [+l 348] by ChanServ
13:44-!-NomadJim [~Jim@] has quit [Read error: Connection reset by peer]
13:44-!-NomadJim [~Jim@] has joined #linode
13:44-!-NomadJim is "Nomad" on #debian #linode
13:45<schwa>from the arstechnica article "The intruder proceeded to compromise those Linode Manager accounts" seems like the attacker had very limited access from the Linode end, and probably just did Rescue > Reset Root Password from the Manager?
13:45<schwa>Could be wrong, but if that's the case disk encryption would certainly block that
13:46<schwa>(Along with a strong root password to protect Lish)
13:56<linbot>New news from forum: Web Servers and Web App Development • Data Location advice <>
13:56-!-Cromulent [] has quit [Ping timeout: 480 seconds]
13:57-!-mode/#linode [+l 347] by ChanServ
14:16<linbot>New news from forum: General Discussion • Is there a way to move Linode Backups between datacenters <>
14:20-!-mormon420 [] has quit [Ping timeout: 480 seconds]
14:21-!-mode/#linode [+l 346] by ChanServ
14:26<Peng_>!mtr-atlanta -bzc 8
14:26<linbot>Peng_: [mtr-atlanta] 6. AS??? 2001:504:40:108::1:83 0.0% 8 14.8 20.2 14.6 58.1 15.3 -- 7. AS2013032a04:2b00:13ff::42 0.0% 8 16.8 282.6 15.3 1075. 429.0 -- see for full mtr
14:26<Peng_>What is with that nameserver
14:27-!-mormon420 [] has joined #linode
14:27-!-mormon420 is "mormon420" on #moocows #linode #debian-next #onionbalance #oftc #debian #bitlbee #EliteBNC #tor #redditprivacy #privacytech #otr
14:27-!-mode/#linode [+l 347] by ChanServ
14:35-!-mormon420 [] has quit [Ping timeout: 480 seconds]
14:36-!-mode/#linode [+l 346] by ChanServ
14:46-!-zivester [~zivester@] has quit [Read error: Connection reset by peer]
14:47-!-mode/#linode [+l 345] by ChanServ
15:00-!-pavlushka [] has quit [Quit: See you on the other side]
15:01-!-mode/#linode [+l 344] by ChanServ
15:02-!-zivester [~zivester@2600:1017:b009:56e5:31fb:b827:4d67:74e3] has joined #linode
15:02-!-zivester is "zivester" on #linode #osm #osm-nominatim
15:02-!-mode/#linode [+l 345] by ChanServ
15:39-!-kaare__ is now known as kaare_
15:46-!-acald3ron [] has quit [Remote host closed the connection]
15:47-!-mode/#linode [+l 344] by ChanServ
16:02-!-marshmn [~matt@] has quit [Ping timeout: 480 seconds]
16:04-!-mode/#linode [+l 343] by ChanServ
16:12<zifnab>question: linode kernels, anyone know if htey have devtmpfs support?
16:13-!-kronos003 [] has quit [Ping timeout: 480 seconds]
16:14-!-mode/#linode [+l 342] by ChanServ
16:22<zifnab>they do.
16:26-!-bagira [] has quit [autokilled: Please do not spam on IRC. Email with questions. (2017-12-31 21:26:55)]
16:27-!-mode/#linode [+l 341] by ChanServ
16:40-!-qrez1 [] has joined #linode
16:40-!-qrez1 is "realname" on #linode
16:41-!-mode/#linode [+l 342] by ChanServ
16:57-!-slave [] has joined #linode
16:57-!-slave is "jvmfcdeh" on #linode
16:57<slave>qrez1 zivester NomadJim kaare_ eNbass tomaw lpalgarvio[m] aaronraimist medicalwei sjk Guest21 funnel espen brian rootbeer Riviera kbtr teemu _404`d Kuukunen zibri jarryd RyanKnack kwmonroe spiki trippeh tanja84dk mteufel el Nightmeare Hazelesque therock247uk Guest656 ericnoan fifr pharaun S
16:57<slave>pydar007 Zimsky jimb0 Attoy branko Kniaz Jonis Iguil Frools Cajs tomchen[m] jfred[m] intheclouddan[m] unlmtd[m] Hobbyboy JStoker milk voker57 brians_ mr-spoon mpr dexterfoo robertf Li[m] cnf ponas phyber bliblok_ hawk tnewman_ Hotpot33_ Circlefusion kenyon DrJ schblis purrdeta mjevans deathspawn
16:57-!-mode/#linode [+l 343] by ChanServ
16:57<slave>azwieg103 mtjones ahoneybun niemeyer bd_ zifnab thorrr akerl neersighted saintdev_ dmcc__ reillyeon_ homagetohomer_ CornishPasty petris MrRobot7 atian mpontillo jhill glamb jhitesma Alan_ ericoc microvb igufi mariogrip_ nyancat relidy Guest570 gparent SleePy mikegrb juice Bryanstein Edgeman
16:57<slave>devilspgd yuicat Woet SirCmpwn dwfreed frail_ ckuehl blindsight` jkorang_ krayon Dianoga deetwelve atrus JoshuaACasey bhanks webvictim avelardi mmustac thegodlikehobo jr_net WorryAboutStuff rainbow Guest453 mcintosh Guest449 smallclone f8 moonk CompWizrd scrane dcraig DanielNM djweezy FluffyFoxeh
16:57-!-mode/#linode [+b *!] by bhanks
16:57-!-slave was kicked from #linode by bhanks [Your behavior is not conducive to the desired environment.]
16:59-!-mode/#linode [+l 342] by ChanServ
16:59-!-fstd_ [] has joined #linode
16:59-!-fstd_ is "fstd" on #gentoo #linuxfs #gcc #awesome #oftc #vserver #suckless #osm #linode #debian #kernelnewbies
17:01-!-mode/#linode [+l 343] by ChanServ
17:02-!-qrez1 [] has quit [Quit: Leaving]
17:02-!-mode/#linode [+l 342] by ChanServ
17:06-!-fstd [] has quit [Ping timeout: 480 seconds]
17:06-!-fstd_ is now known as fstd
17:07-!-mode/#linode [+l 341] by ChanServ
17:15-!-Cromulent [] has joined #linode
17:15-!-Cromulent is "Cromulent" on #linode
17:15-!-voker57 [] has quit [Remote host closed the connection]
17:16-!-voker57 [] has joined #linode
17:16-!-voker57 is "Voker57" on #linode @#kernel-newbies #zcash #kernelnewbies
17:17-!-mode/#linode [+l 342] by ChanServ
17:17-!-cone [~c@] has joined #linode
17:17-!-cone is "too lame to read" on #linode
17:19-!-mode/#linode [+l 343] by ChanServ
17:33-!-Shentino [] has joined #linode
17:33-!-Shentino is "realname" on #linode #tux3
17:33-!-cone [~c@] has left #linode []
18:21-!-kronos003 [] has joined #linode
18:21-!-kronos003 is "Kronos" on #linode
18:22-!-mode/#linode [+l 344] by ChanServ
18:38<zifnab>i have a linode booting a statically linked golang executable, bringing up eth0 & setting a route.
18:38<zifnab>the only binary on the system is /bin/bash, which isn't actually bash (it's the only way i can override init...)
19:37<zifnab>it was a stupid exercise, i have no idea why you'd ever want to actually do this
20:01-!-softinio [] has quit [Quit: Connection closed for inactivity]
20:02-!-CryptoX [~oftc-webi@] has joined #linode
20:02-!-CryptoX is "OFTC WebIRC Client" on #linode
20:09-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
20:09-!-mode/#linode [+l 343] by ChanServ
20:11<CryptoX>Hello, I lost 2 step verification device. Please tell me how to login.
20:12<retro|blah>Do you have a one-time scratch code?
20:12<millisa>Use your scratch code you made:
20:13<CryptoX>I fotgot it.
20:13<millisa>then you'll have to contact support.
20:14<CryptoX>Ok, Thank @Millisa
20:14-!-CryptoX [~oftc-webi@] has quit [Quit: Page closed]
20:16-!-mode/#linode [+l 342] by ChanServ
20:28-!-nacht [] has joined #linode
20:28-!-nacht is "George Schwab" on #linode
20:29-!-mode/#linode [+l 343] by ChanServ
20:29-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has joined #linode
20:29-!-cnf is "Frank Rosquin" on #linode #openconnect #ceph
20:31-!-mode/#linode [+l 344] by ChanServ
20:32-!-CodeMouse92__ [] has joined #linode
20:32-!-CodeMouse92__ is "Jason C. McDonald" on #debian-mentors #packaging #linode #c++
20:34-!-mode/#linode [+l 345] by ChanServ
20:37-!-cnf [~cnf@2a02:1807:3920:400:6509:f286:4c26:f377] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
20:39-!-mode/#linode [+l 344] by ChanServ
20:49-!-nacht [] has quit [Quit: leaving]
20:49-!-mode/#linode [+l 343] by ChanServ
21:32-!-Guest850 [] has joined #linode
21:32-!-Guest850 is "james" on #linode
21:32-!-mode/#linode [+l 344] by ChanServ
21:32-!-Guest850 [] has quit []
21:34-!-mode/#linode [+l 343] by ChanServ
21:38<@mcintosh>!point mcintosh
21:38<linbot>mcintosh: 1,000,000 points for mcintosh!!!
21:44<dwfreed>zifnab: just make it /sbin/init ?
21:44<zifnab>dwfreed: so, erm, i found that *after* i was already making it /bin/bash
21:44<zifnab>i was testing locally, the kernel i was using from phenom supported /init
21:45<zifnab>whatever, i'm going ot keep working on it later
21:45<zifnab>not sure what i want to do with it, it's a fun toy project
21:45<zifnab>pain in the ass to deploy, i've yet to figure out how to restart init without a reboot.
21:45<dwfreed>how did you think /sbin/init got started ?
21:45<dwfreed>zifnab: exec itself
21:46<zifnab>well, wouldn't that need me to have something running as `init`, then do all the logic in pid2?
21:46<zifnab>or is there some magic way to replace pid1
21:46<dwfreed>exec is how you replace a pid
21:46<zifnab>i still have the problem of "how to get a new copy on that box"
21:46<zifnab>right now it involves booting into finnix and curl'ing it
21:47<zifnab>also! finnix is fucking ancient
21:47<zifnab>someone should really update it
21:47<zifnab>ca-certificates is from 2014 and lacking letsencrypt
21:47<dwfreed>golang has an ssh server library
21:47<zifnab>correct, but
21:47<zifnab>normally that forks a bash
21:47<zifnab>i don't have bash
21:47<zifnab>the disk literally has init
21:47<zifnab>so i'd have to write a rudimentary shell
21:47<dwfreed>make it be its own sftp daemon
21:48<zifnab>and now this gets hard, i'm unsure of how the event loop deal swith shit in golang
21:48<nate>zifnab: That seems weird, they don't have the root that LE cross-signed from?
21:48<zifnab>nate: they do from digicert i think? but digicert wasn't around in 2014
21:48<zifnab>sure, that
21:49<nate>pretty sure identrust has been around quite a long while, it's a major reason they used them no?
21:49<Peng_>DigiCert and IdenTrust have both been around a long time.
21:49<zifnab>no idea then
21:49<zifnab>boot into finnix, it's years old
21:49<nate>Because IE on XP even supports LE
21:49<zifnab>one sec, i can probably pull a date from a file on the iso
21:50<nate>and the crypto libs on IE were last updated probably mid-2000's
21:50<Peng_>Though IdenTrust acquired that root via an acquisition.
21:50<nate>Okay correction late 2000's, crypto libs last got updated with SP3 which was 2008
21:51<Peng_>Oddly enough that root wasn't in Java until like 2016
21:51<zifnab>finnix was last updated june 1st 2015
21:51<zifnab>it's finnix 111
21:51<dwfreed>Peng_: yeah, java 8
21:51<dwfreed>some specific update
21:51<Peng_>It's been in Debian for years. Not sure how many, but many. :P
21:52<zifnab>which, erm, is finnix dead?
21:52<Peng_>Maybe around 2008?
21:52<dwfreed>zifnab: fo0bar has not had time for it
21:53<Peng_>ca-certificates (20080411) unstable; urgency=low
21:53<Peng_> + DST Root CA X3
21:53<zifnab>anyways ca-certificates is 20141019
21:53<Peng_>Of course it missed Ubuntu 8.04. :P
21:53<zifnab>curl -L fails with an ssl cert
21:54<dwfreed>do you provide the cross-signed root?
21:54<zifnab>that's a fair question. i provide, erm, whatever letsencrypt gives me
21:54*Peng_ clicks
21:54<Peng_>Yes, it's the cross-signed root.
21:55-!-NomadJim_ [~Jim@] has joined #linode
21:55-!-NomadJim_ is "Nomad" on #linode
21:55-!-NomadJim [~Jim@] has quit [Read error: Connection reset by peer]
21:55<zifnab>ugh i should figure out how to load a config file from github
21:55<zifnab>which means i need to build a dns resolver
21:55<dwfreed>use the stub resolver in stdlib
21:56<Peng_>Six weeks from now: [Haggard zifnab is reading DNS mailing list messages and RFCs from the 1990s.]
21:56<zifnab>well, i was going to do dhcp
21:56<zifnab>then i found out that....well, dhcp sucks
21:56<dwfreed>yes it does
21:56<zifnab>also, i'm curious what the legality of this is, since it's a statically linked ibnary
21:56<zifnab>glibc gets included in the release
21:57<zifnab>meaning, well, it's gplv3 if i release binaries?
21:57<dwfreed>glibc is lgpl
21:57<dwfreed>it'd have to be
21:58<zifnab>i should probably build it in a musl/alpine docke rimage
21:59<dwfreed>zifnab: for lgpl, linking is not creating a combined work
21:59<dwfreed>even statically
21:59<zifnab>good to know
21:59<zifnab>i'm sure there's some "please include a license file" bit still
21:59<zifnab>"This is where you get sources"
21:59<zifnab>idgaf, it's a fun project
21:59<dwfreed>you have no legal obligations
22:00<nate>LE site says 7u111 should have the LE cert
22:00<zifnab>also looks like i can do services in goroutines
22:00<dwfreed>also, your site uses weak dh params
22:00<zifnab>i know it does
22:00<zifnab>i don't know if i care
22:00<zifnab>why should i care?
22:01<nate>cause it's bad? Why bother having https:// at all if you don't care about how strong it is lol
22:01<dwfreed>your PFS is not P
22:01<nate>Also pretty sure don't current chrome versions block sites with dh strengths of <= 1024 bit?
22:01<zifnab>well, it's whatever nginx generated orignally for dhparams
22:01<nate>or did they not go that route?
22:02<dwfreed>zifnab: it didn't generate them, that's the problem
22:02<dwfreed>you're using openssl's built-in defaults
22:02<zifnab>openssl should update then.
22:03<dwfreed>no, you should gen params for nginx
22:03<Peng_>nate: I don't think it's practical for a client to out and block 1024-bit DH. < 1024, yes. 1024, no.
22:03<Peng_>nate: I think Chrome disabled FF DH entirely?
22:04<nate>Peng: well 1024-bit dh strength has been getting warned about for years now so
22:04<zifnab>and really, there's nothing on this site
22:04<Peng_>I'm not saying it's secure, I'm saying it's widely used. :P
22:04<zifnab>the only reason there's even ssl is because otherwise work blocks guacamole
22:05<nate>Peng_: Even at the time logjam was announced, I think < 20% of the web actualy used <= 1024-bit dh strength
22:06<nate> the "Who is affected" section
22:06<nate>The main issue at the time were that tons of sites/services were using duplicate pre-generated dhparam files
22:07<Peng_>A low percentage of sites rely on DH much, but a high percentage of those sites use 1024-bit DH.
22:08<Peng_>And Chrome wouldn't break 20% of websites. Or even 2% lightly. :P
22:08<Peng_>(You could fall back to a non-DH handshake, though.)
22:08<Peng_>Anyway, I think Chrome disabled DH entirely.
22:13<tanja84dk>:( unfortunally now is my openvpn server start failing again with the error "OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol" and it have been running for almost a month
22:20<tanja84dk>guess its time to find the lish connection and recounfigure every server again
22:21-!-moonkyang [] has joined #linode
22:21-!-moonkyang is "Moonk Yang" on #linode
22:22-!-mode/#linode [+l 344] by ChanServ
22:28-!-Cromulent [] has quit [Quit: KVIrc 4.2.0 Equilibrium]
22:28<nate>Peng: That 20% (which wasn't actually even 20%) was from a 2015 study
22:28<nate>So I imagine it's vastly less than that now
22:29-!-mode/#linode [+l 343] by ChanServ
22:30<tanja84dk>does anyone else know a great company to buy a openvpn server from because tbh I'm starting to get tired of working on it all time when I'm off work
22:30<nate>I know a lot of sites (mine included) have moved to purely ECDHE setup's now
22:30<dwfreed>use openvpn access server; it's free for 2 connections
22:30<dwfreed>tanja84dk: ^
22:32<tanja84dk>dwfreed, well we need 10 connections so unfortunally that is to expencive each year
22:32<dwfreed>i've never actually looked at pricing for it
22:33<tanja84dk>15$ per client and minimum 10 licens
22:33<tanja84dk>each year
22:33<dwfreed>$150/yr isn't much
22:34<tanja84dk>It is for us because then we are way over our budget
22:35<dwfreed>i think PIA supports openvpn
22:35<tanja84dk>its not something we make money on
22:35<tanja84dk>unfortunally they are not able to work
22:37<tanja84dk>because we dont need routing its pure so we are able to connect to the servers secure to maintaine them and manage then, and also so they are able to talk to each other, backup etc securely
22:37<Peng_>Are you spending $150 a year in time working on this
22:38<tanja84dk>actually the servers in it self cost 55$ each month at linode and I'm working on it where I dont get payed
22:47-!-Cromulent [] has joined #linode
22:47-!-Cromulent is "Cromulent" on #linode
22:47-!-mode/#linode [+l 344] by ChanServ
23:04<tanja84dk>Peng_, are we able to transfer files over lish?
23:05<tanja84dk>or is it a pure kvm
23:05<dwfreed>it is just a kvm
23:08<tanja84dk>guess then its time to just take the servers offline for the next couple of days
23:08<Peng_>You could base64 encode a file and copy and paste it...
23:09<dwfreed>the hack of hacks
23:09<Peng_>Make an ASCII QR code, take a photo of your monitor...
23:09<dwfreed>that is actually how iterm2 implements imgcat, though
23:10<tanja84dk>well so vulnerable openvpn are then I would never try that Peng_ because that is going to fail
23:11<dwfreed>Peng_: it's a special CSI sequence iterm2 alone understands, followed by a base64 encode of the file
23:12*Peng_ closes eyes and puts fingers in ears
23:13<Peng_>Does it actually work reliably?
23:14<Peng_>That's really cool. :O
23:23-!-pavlushka [] has joined #linode
23:23-!-pavlushka is "pavlushka" on #linode #debian #oftc
23:24-!-mode/#linode [+l 345] by ChanServ
23:28<Zimsky>does peng work
23:28<Peng_>Is your Peng running
23:28<Zimsky>sometimes when peng says something silly, I imagine peng is a really stoned long haired lanky dude with a funny hat who attends parties just for the chips
23:29<dwfreed>wait, he isn't?
23:29<Zimsky>well we don't know now, do we
23:30<Peng_>Well. These days I cut my hair.
23:30<Zimsky>which hair?
23:30<Zimsky>cutting is so 2017
23:30<Zimsky>we rip it out by the roots in 2018
23:32<Zimsky>a doctor away keeps an Apple™ a day
23:34<Peng_>In 2019 hair will be all
23:34<dwfreed>just the hair?
23:35<dwfreed>I thought that was predicting life in 2019
23:52-!-zivester [~zivester@2600:1017:b009:56e5:31fb:b827:4d67:74e3] has quit [Ping timeout: 480 seconds]
23:52-!-mode/#linode [+l 344] by ChanServ
---Logclosed Mon Jan 01 00:00:30 2018