#archlinux32 | Logs for 2018-03-23
Back
[00:58:02] <buildmaster> crystal is broken (says rechenknecht).
[02:22:35] <buildmaster> ldc is broken (says rechenknecht).
[03:39:39] <buildmaster> stack is broken (says rechenknecht).
[03:53:39] <buildmaster> haskell-wai-extra is broken (says rechenknecht).
[03:57:20] <buildmaster> haskell-wai-logger is broken (says buildknecht).
[07:14:44] -!- oaken-source has joined #archlinux32
[08:10:14] -!- deep42thought has joined #archlinux32
[08:25:21] -!- oaken-source has quit [Ping timeout: 240 seconds]
[09:23:47] <buildmaster> stack is broken (says rechenknecht).
[10:02:00] -!- oaken-source has joined #archlinux32
[10:28:13] -!- belanthor has joined #archlinux32
[11:12:47] <buildmaster> stack is broken (says buildknecht3).
[11:24:07] * buildmaster goes insane.
[11:25:10] * buildmaster resumes sanity.
[12:23:38] -!- abaumann has joined #archlinux32
[12:26:08] <deep42thought> Hi abaumann
[12:26:38] <abaumann> hi :-)
[12:59:25] <deep42thought> btw: I had a look at asp and it looks like making an "asp32" is not that simple
[12:59:48] <abaumann> yeah..
[13:00:05] <deep42thought> because upstream has a separate branch for each package, so "asp" just boils down to some simple git wrapper
[13:00:30] <abaumann> So. Should we drop it for now and use the upstream asp?
[13:00:47] <deep42thought> well, asp32 currently _is_ the upstream one
[13:00:53] <abaumann> ah :-)
[13:00:57] -!- oaken-source has quit [Ping timeout: 264 seconds]
[13:00:57] <abaumann> yeah. right.
[13:01:10] <deep42thought> https://bbs.archlinux32.org
[13:01:12] <deep42thought> :-(
[13:01:52] <abaumann> yes. Doesn't fluxbb has at least a captcha module when new users are registering..
[13:02:15] <deep42thought> tyzoid said, there was a captcha enabled
[13:02:32] <abaumann> so, those are really people going through the register hazzle..
[13:02:35] <abaumann> yeah.. sad..
[13:03:00] <deep42thought> I'd like a list of new posts where I can check all spam and click "delete this user"
[13:03:25] <abaumann> exactly.
[13:04:28] <abaumann> I start wiping while waiting for libtool results.. :-)
[13:04:32] <deep42thought> or at least: let me delete all users belonging to one ip address
[13:04:34] <deep42thought> :-D
[13:09:55] <deep42thought> Maybe, we should delete all users without a post?
[13:12:39] <abaumann> mmh. not a bad idea..
[13:12:52] <deep42thought> I can only delete "one page" at a time :-(
[13:12:59] <abaumann> me too.
[13:13:11] <abaumann> there are of course people registered who are only reading posts.
[13:13:27] <deep42thought> but they're not "unverified", are they?
[13:15:36] <abaumann> * shrug
[13:26:03] <deep42thought> umm tyzoid: I just registered and besides a valid email address there are no obstacles (e.g. NO CAPTCHA!)
[13:32:59] <deep42thought> apparently, I have write access to the php file listing the users
[13:33:00] -!- belanthor has quit [Quit: Leaving]
[13:33:06] <abaumann> mmh. maybe the bb has nothing per default.
[13:33:10] <deep42thought> I just increased the count per page from 50 to 500 :-D
[13:33:11] <abaumann> I saw a mod: https://fluxbb.org
[13:33:30] <abaumann> so maybe we add something like that?
[13:35:30] -!- oaken-source has joined #archlinux32
[13:53:35] <deep42thought> let's try that thing ...
[14:03:51] <deep42thought> looks good :-D
[14:05:58] <abaumann> looks really good. :-)
[14:06:14] <abaumann> I need three trials per default per captcha.
[14:06:15] <deep42thought> but I think, I'll also remove the "members" without posts
[14:06:20] <deep42thought> :-D
[14:06:24] <deep42thought> !grab abaumann
[14:06:29] <deep42thought> ah, phrik isn't here
[14:06:31] <deep42thought> :-(
[14:06:56] <abaumann> yeah. we miss phrik. :-(
[14:07:23] <abaumann> about removing the users, yes, I would also opt for that, so we also get a clearer picture of the number of users in the forum, etc.
[14:09:16] <deep42thought> actually, we should harvest the email addresses of the bots and feed some spammer with them :-D
[14:10:08] <deep42thought> but it would be a pity if some email address of a real user would get into that list accidentally
[14:17:27] <deep42thought> "Total number of registered users: 296"
[14:17:29] <deep42thought> \o/
[14:17:42] <deep42thought> "Newest registered user: gnlpfth"
[14:17:47] <deep42thought> ... this was my test user :-D
[14:19:17] <deep42thought> hmm, there are still a lot users registering ...
[14:28:41] -!- oaken-source has quit [Quit: leaving]
[14:28:54] -!- oaken-source has joined #archlinux32
[14:30:00] <deep42thought> are the captchas too hard now?
[14:31:48] <abaumann> mmh. you have to do math now?
[14:31:53] <deep42thought> yes
[14:32:02] <deep42thought> and they're more distorted
[14:32:04] <abaumann> tricked me the first two times.
[14:32:13] <deep42thought> you don't like math?
[14:32:15] <deep42thought> ;-)
[14:32:58] <abaumann> well. in school I always did oral math by writting very fast and doing them in writting..
[14:33:13] <abaumann> I didn't see the sense in being able to do oral fast math..
[14:33:32] <tyzoid> yeah, the new captcha is confusing
[14:33:55] <tyzoid> + No accessability option for those with screen readers
[14:34:48] <deep42thought> better?
[14:35:36] <tyzoid> Easier to read, but still confusing
[14:35:43] <tyzoid> do we need to do the math? or just type the equation
[14:35:47] <tyzoid> plus still not accessable
[14:35:57] <deep42thought> well
[14:36:07] <deep42thought> everyone got multiple trials :-)
[14:36:18] <deep42thought> but the no-screen-reader-thing is annoying
[14:36:21] <tyzoid> The instructions don't specify what to do, is all I'm saying
[14:36:36] <tyzoid> the old one was the same we had for Arch, which was the (add these two numbers) thing
[14:36:37] <tyzoid> in text
[14:36:48] <tyzoid> I'm surprised you said that was not present
[14:36:56] <deep42thought> well, it was not present
[14:38:39] <tyzoid> Yeah, it says it's installed
[14:38:47] <tyzoid> Very Simple AntiBot Registration
[14:39:31] <deep42thought> is the description better now?
[14:41:17] <tyzoid> Sure. Are you editing the forum via sshfs, btw?
[14:41:24] <deep42thought> yes :-/
[14:41:54] <deep42thought> I was surprised that you gave me write access, so I just used it :-D
[14:42:07] <tyzoid> That was part of the point
[14:42:40] <deep42thought> hmm, we're still getting in new users en masse ...
[14:44:11] <abaumann> robots good at calculus?
[14:44:30] <deep42thought> ... and a mysterious "test47" ;-)
[14:44:57] <abaumann> yes. :->
[14:45:11] <deep42thought> ... you have just been erased
[14:45:18] <abaumann> buu..
[14:45:21] <abaumann> :-)
[14:45:37] <abaumann> I didn't receive an email to my Yahoo account..
[14:46:26] <deep42thought> maybe that's the reason, why we had so many "unverified" users?
[14:47:03] <abaumann> let me try again with my mailserver..
[14:47:34] <deep42thought> tyzoid: did you notice, vsabr reports about some problems? "The mod is incorrectly or not installed."
[14:47:42] <deep42thought> maybe that's the reason, why it didn't work?
[14:48:53] <abaumann> mmh.. other addresses work..
[14:49:20] <deep42thought> didn't we have problems with gmail in the past ,too?
[14:51:10] <tyzoid> deep42thought: Could be a result of the upgrade I did a while ago
[14:51:22] <tyzoid> but I think part of that is because of the new mod that's installed on the same files
[14:51:23] <deep42thought> yes
[14:51:38] <deep42thought> I don't think so
[14:51:49] <tyzoid> Modding for fluxbb consists of modifications to the actual core files, it's not a plugin architecture
[14:51:54] <tyzoid> the mods are literal diffs
[14:52:03] <abaumann> I would check the mail log, somehow mails get rejected by Yahoo?
[14:52:04] <deep42thought> yes, I'm currently looking into them
[14:52:12] <deep42thought> but the warnings have been there before
[14:52:19] <tyzoid> could be.
[14:52:46] <tyzoid> I'm going to make that dir world-writable temporarily to see if I can't get the modinstaller to write itself
[14:53:13] <deep42thought> ok
[14:53:35] <deep42thought> btw: maybe you want to have .htaccess files on the subdirectories which do not need to be readable from the internet?
[14:58:08] -!- abaumann has quit [Quit: leaving]
[15:01:30] <tyzoid> deep42thought: Alright, I've re-enabled the old test, so it's now text based
[15:03:02] <deep42thought> ok, thanks
[15:04:55] -!- abaumann has joined #archlinux32
[15:07:48] <tyzoid> deep42thought: I've also added the .htaccess files, anything else you see that's off?
[15:07:56] <tyzoid> from what I can tell, it looks good to me
[15:08:07] <deep42thought> yeah
[15:09:02] <deep42thought> let me delete the new users and we can recheck in a few minutes, how many bots have registered with the new "captcha"
[15:09:53] <tyzoid> At some point I'm probably going to clear out all the users with 0 posts that are older than 2 weeks
[15:10:04] <deep42thought> I already did that
[15:10:11] <deep42thought> ... well, I deleted all of them
[15:10:12] <tyzoid> oh, nice
[15:10:31] <tyzoid> ran a php script?
[15:10:36] <deep42thought> as you might notice, the users-search site now shows 1000 entries per page, not 50
[15:10:38] <deep42thought> nope
[15:10:52] <deep42thought> I needed some distraction and emptied ~100 pages of 1k users each
[15:11:07] <tyzoid> ah
[15:11:19] <tyzoid> Yeah, I tried to mod it to display everything, but it kept crashing
[15:11:24] <deep42thought> I couldn't get this site running with > 1k lines per page
[15:11:24] <tyzoid> glad you got it working with 1000 entries
[15:11:36] <deep42thought> I bisected :-)
[15:11:47] <tyzoid> Nice.
[15:11:59] <tyzoid> Not sure, but did I leave around commented-out code in that file?
[15:12:07] <deep42thought> dunno
[15:12:09] <tyzoid> or was it clean when you looked at it
[15:12:21] <deep42thought> just ran "sed -i 's/ 50/ 1000/' ..."
[15:12:27] <tyzoid> oh
[15:12:38] <deep42thought> well, I looked first, what matches " 50"
[15:12:45] <deep42thought> and it looked not critical
[15:13:09] <deep42thought> the original is still around as *.backup
[15:13:20] <tyzoid> Well, the original is in a git repo
[15:13:24] <tyzoid> so I can track all the diffs
[15:13:26] <deep42thought> even better
[15:13:29] <deep42thought> :-)
[15:13:41] <tyzoid> I mean, sure it works
[15:13:53] <tyzoid> but just the thought of sed -i on a live site gets the sysadmin in me screaming
[15:14:04] <deep42thought> why?
[15:14:10] <deep42thought> I ran "grep ..." before
[15:14:13] <tyzoid> *live site*
[15:14:28] <deep42thought> and editing in situ is better?
[15:15:44] <tyzoid> https://i.imgur.com
[15:15:54] <tyzoid> Caption: Stay Buggy, My Friends
[15:15:55] <deep42thought> clearly
[15:16:35] <abaumann> lol
[15:17:11] * deep42thought doesn't feel guilty
[15:17:33] <tyzoid> It's not a problem, just concerning and symptomatic of a larger issue
[15:17:40] <deep42thought> I just changed some LIMITs in mysql querys and the multiplier for "at which entry does page $n start"
[15:18:17] <tyzoid> Though I guess development in prod is the Archlinux32 Way™
[15:18:25] <deep42thought> yeah, I think, if it was more important, I wouldn't run some similar automated command on a live site, too
[15:18:57] <deep42thought> btw: we're still getting in bots (5 so far)
[15:19:55] <tyzoid> You sure they're all bots?
[15:20:47] <deep42thought> 1: 100%; 2: 99.8%; 3: 99.8%; 4: 101%; 5: 99.8%
[15:20:57] <deep42thought> -> yes, I'm sure
[15:21:03] <tyzoid> lol this email address
[15:21:08] <deep42thought> exactly
[15:21:12] <tyzoid> 'pornoweprik@megaspam.ru'
[15:21:58] <abaumann> are those legit registrations over the html interface or is there a backdoor in php lurcking (also known as REST api)?
[15:22:12] <deep42thought> good point
[15:22:16] <buildmaster> haskell-yesod-static is broken (says buildknecht3). - I rescheduled: haskell-hjsmin.
[15:22:23] <deep42thought> \o/
[15:22:24] <tyzoid> I don't think there's a rest API, but I can give you a dump of the weblogs from the past 10 mins, if it helps
[15:22:29] <deep42thought> rescheduling works (again)!
[15:23:01] <abaumann> cool.
[15:23:09] <deep42thought> tyzoid: I'd like to have a look at the dump
[15:26:21] <tyzoid> deep42thought: Should be in the root of the sshfs dir
[15:26:30] <tyzoid> permission set to 400 so it's not accessable via http
[15:27:01] <deep42thought> you can move it one up
[15:27:06] <deep42thought> if you want to
[15:27:13] <tyzoid> oh, you can see the parent dir?
[15:27:17] <deep42thought> yes
[15:28:30] <tyzoid> moved
[15:28:38] <tyzoid> Forgot I set it up that way
[15:28:45] <tyzoid> been a while since I've messed with the sshfs interface
[15:29:02] <tyzoid> deep42thought: does abaumann need access/ abaumann: do you want access?
[15:30:05] <tyzoid> deep42thought: Also, let me know if you want more of the log, I've got a whole 2GB of the access log, and that's just the last ~10min of it
[15:30:22] <abaumann> hi.
[15:30:31] <abaumann> no. sorry. I'm on my last battery time..
[15:30:43] <tyzoid> ?
[15:31:08] <abaumann> .. I have to finish something important very fast because I have no power and no battery left ..
[15:31:14] <abaumann> .. I'm on the road..
[15:31:19] <tyzoid> oh, go ahead then
[15:32:09] <deep42thought> tyzoid: can you give me a recent log of the las 5 minutes?
[15:33:43] <tyzoid> deep42thought: log.2.txt
[15:34:13] <deep42thought> thx
[15:36:13] <deep42thought> ok, it's totally possible that the new users are regularly registering via register.php
[15:36:58] <deep42thought> :-(
[15:38:12] <buildmaster> haskell-yesod-auth is broken (says rechenknecht). - I rescheduled: haskell-mime-mail.
[15:38:19] <tyzoid> deep42thought: Btw, log.follow.txt is a live tracking log, if you wanted to do additional testing
[15:38:39] <deep42thought> ok, thx, but I think, I'm done
[15:38:49] <deep42thought> I just believe, our captcha is too weak :-)
[15:38:56] <tyzoid> Very possible
[15:39:29] <tyzoid> I know we've discussed possibly jumping the fluxbb ship here at some point
[15:39:40] <tyzoid> but if we want to consider this more seriously
[15:39:53] <tyzoid> what are the important aspects of the current forum that we want to keep?
[15:39:57] <tyzoid> What things would we change?
[15:40:16] <deep42thought> well, I think simply "a forum" is just good enough
[15:40:25] <deep42thought> we want to get rid of the spam
[15:40:59] <deep42thought> possibly blacklist some things inside the forum, too (links to images on dubious hosting sites, ...) - but that's optional
[15:41:29] <deep42thought> but besides that, any forum should serve well
[15:41:46] <deep42thought> ... or at least, I've never really used any fancy features :-)
[15:42:03] <tyzoid> Ok. Well as non-negotiables, I'd say: (1) Must be able to import all existing posts, (2) Must have better moderation tools
[15:42:18] <tyzoid> Do we have a high priority on trying to keep the same theme?
[15:42:28] <tyzoid> I know the titlebar/header should stay the same, if possible
[15:42:32] <tyzoid> but apart from that?
[15:42:33] -!- abaumann has quit [Remote host closed the connection]
[15:42:56] <deep42thought> I do not
[15:43:07] <deep42thought> but I don't speak for everyone, either ;-)
[15:43:21] <tyzoid> True
[15:45:12] <tyzoid> Looks like my old forum is down
[15:45:14] <tyzoid> unsurprising
[15:45:21] <tyzoid> since it hasn't been used in years
[15:47:06] <deep42thought> this captcha can be circumvented quite easily
[15:47:14] <buildmaster> tamarin-prover is broken (says rechenknecht). - I rescheduled: haskell-tamarin-prover-theory.
[15:47:33] <deep42thought> the answer _and_ question are transmitted via $_POST ... so you can easily replay
[15:47:45] <tyzoid> ORLY
[15:48:19] <tyzoid> That's disappoitning
[16:01:40] -!- prurigro has joined #archlinux32
[16:03:56] <tyzoid> deep42thought: Also, given that archstrike is dropping i686 support, do you think there's any benefit of importing any of their pkgbuilds to our build system?
[16:04:12] <deep42thought> I have thought of that two, but:
[16:04:20] <deep42thought> a) I don't really know what they do/did
[16:04:27] <tyzoid> I don't think all of them would be good fits, but I think a number of them might be nice, esp. if we have a separate repo
[16:04:33] <deep42thought> b) I don't really have the resources to do much more work :-D
[16:04:50] <tyzoid> Yeah (b) was my hesitation regarding bringing it up
[16:05:18] <deep42thought> well, I'm happy to set up a separate repo and everything
[16:05:28] <deep42thought> but maintaining any more packages is out of my reach, I think
[16:05:41] <tyzoid> Yeah, maintaining them would be the biggest challenge
[16:05:54] <tyzoid> IIRC they're going to continue to maintain the pkgbuilds, since it's the same ones as x86_64
[16:06:18] <tyzoid> but we'll need their users to move over and test with our builds
[16:06:21] <tyzoid> and if things break...
[16:06:34] <tyzoid> Anyway, I'll see if anyone over there is interested in helping out over here if we're able to do that
[16:08:50] <tyzoid> prurigro: ^ Any thoughts?
[16:09:18] <deep42thought> what exactly _is_ archstrike?
[16:09:25] <deep42thought> I seem unable to find some agenda
[16:10:14] <tyzoid> archstrike is a pentesting overlay for arch
[16:10:18] <prurigro> ^^
[16:10:33] <tyzoid> so they use pretty much verbatim our packages, but they have a separate repo of pentesting-specific packages
[16:10:45] <deep42thought> so, basically: additional packages for pentesting
[16:10:47] <tyzoid> yeah
[16:10:53] <prurigro> yeah, we're literally overlaying your repo currently (we haven't actually dropped i686 yet)
[16:11:25] <deep42thought> is there a web frontend package database?
[16:11:27] <tyzoid> prurigro: We started making release isos about 5 months before arch dropped support officially - we like to plan ahead :)
[16:11:34] <prurigro> https://archstrike.org
[16:11:39] <deep42thought> thx
[16:11:40] <tyzoid> https://archstrike.org
[16:11:43] <tyzoid> lol, ninjad
[16:12:12] <deep42thought> :-( this comes w/o a json interface
[16:12:14] <prurigro> ahh no joke-- I heard about you guys maybe a month before things got dropped and flipped my i686's server's repos over to you
[16:12:52] <prurigro> hmm, how would the json interface be used?
[16:12:59] <tyzoid> Yeah, we've got two other downstream projects (that I know of), parabola and manjaro32
[16:13:32] <deep42thought> prurigro: dunno, I was just trying to get an idea how many packages are unique and how many are replaced - with a little automation
[16:14:52] <prurigro> the way our builder is setup, it starts to choke when there's a package in our repo that's also in the upstream so we should be somewhat unique in respect to you
[16:15:05] <prurigro> parabola would be you minus a few packages, at least last I checked
[16:15:20] <prurigro> and I've never given a huge look at what (if any) additional packages manjaro has
[16:15:26] <tyzoid> Yeah, and they rebuild a lot of our stuff, but they use our pkgbuilds
[16:15:33] <tyzoid> parabola, that is
[16:16:34] <tyzoid> deep42thought: might make more sense to look at their pkgbuild repo: https://github.com
[16:16:45] <tyzoid> that should be all the ones unique to archstrike
[16:17:06] <prurigro> good call
[16:18:03] <tyzoid> prurigro: Do you have any stats on the most popular packages?
[16:18:19] <tyzoid> In the past I've gleaned that info by unique mirror downloads
[16:18:50] <prurigro> and yeah, that would make sense re: parabola-- I spent some time working with their system a while back when I was considering using it. they basically cloned upstream and then had a blacklist that prevented certain packages and their deps from getting built
[16:19:11] <prurigro> I could take a look
[16:19:44] <deep42thought> ok, looks like you have 12 duplicate packages
[16:19:55] <prurigro> oh yeah?
[16:19:56] <deep42thought> (available from community)
[16:20:16] <prurigro> curious-- I would have figured our builder would have choked
[16:20:17] <deep42thought> https://ptpb.pw
[16:20:50] <prurigro> huh, what do you know-- good catch
[16:21:24] <deep42thought> having duplicate sources would be a big problem (with the current setup)
[16:21:59] <deep42thought> besides that: if continuing archstrike on i686 is as simple as applying our builder to your pkgbuilds, then we could set it up
[16:22:27] <deep42thought> but I guess it would require some additional maintenance ...
[16:22:40] <prurigro> I'll be removing those later today after making sure there's nothing important about ours that aren't in the upstream
[16:25:01] <prurigro> I'm actually talking in our dev channel right now-- we hadn't realized people were actually interested in our i686 packages to the extent people seem to be
[16:25:42] <prurigro> (we might retract our announcement and keep i686 going)
[16:25:48] <tyzoid> prurigro: Can you send me an invite to your dev channel?
[16:26:27] <prurigro> it's just the dev team in there right now-- I'd have to get everyone's OK
[16:26:40] <prurigro> let me see what they think
[16:27:29] <tyzoid> Fair enough, I think it'd be useful to have a bit better communication/collaboration between our two projects.
[16:28:39] <prurigro> that seems reasonable- esp if we're keeping 32bit on
[16:29:05] <prurigro> we're essentially piggybacking off you guys
[16:29:11] <prurigro> (and gals?)
[16:29:53] <tyzoid> core team is 3 guys, for now. Not sure about gender of other contributors/users/testers.
[16:30:11] <prurigro> and I realized I lied-- we have alarm devs in our dev channel too (in addition to the dev team)
[16:30:34] <prurigro> so bringing you in would make sense-- I just gotta get everyone's OK
[16:30:52] <tyzoid> Sounds good.
[16:31:40] <deep42thought> I gotta go - cu later
[16:31:48] -!- deep42thought has quit [Quit: Leaving.]
[16:34:53] -!- comrumino has joined #archlinux32
[16:35:19] <comrumino> Why do you guys still use 32-bit if you don't mind me asking?
[16:35:36] * comrumino is being such a millennial
[16:35:40] <tyzoid> Legacy hardware, in some cases
[16:36:29] <tyzoid> I'm a volunteer IT administrator for a nonprofit, and when we upgrade computers, we like to re-use them for other stuff
[16:36:51] -!- Cthulu201 has joined #archlinux32
[16:36:52] <tyzoid> so often that means stripping the old OS, and installing arch32 on it, and running it as a kiosk or something
[16:37:13] <prurigro> there was a time when it made sense to install i686 on x86_64-compatible boxes too, and AL being rolling means the same install could still be running today and re-installing and setting things back up just to have the same system in x86_64 is too much of a headache (this is my excuse for my one i686 box)
[16:37:36] <prurigro> that's really cool tyzoid
[16:38:31] <tyzoid> Yeah, allows us to stretch our budget in ways that would be otherwise impossible
[16:42:08] <prurigro> what sort of tasks do you load up on the i686? I'd imagine they're not the speediest machines
[16:42:40] <tyzoid> Mostly just a fullscreen web browser on a sign-up form
[16:42:53] <tyzoid> Volunteer information, rotating displays, that sort of thing
[16:43:06] <tyzoid> Sometimes donation portal
[16:43:49] <tyzoid> nodm with an .xinitrc that exec's chromium in fullscreen is about as minimal as you can get
[16:44:22] <prurigro> ahh, that seems like a good use-- hey, random question, but while firefox runs better on older boxes, my only actual i686 box can't even run a single tab of that, yet I can get a single tab out of chromium without too many issues
[16:44:42] <prurigro> oh hey, you answered my question :) was gonna ask which browser you had better luck with
[16:44:49] <comrumino> chromium --app is useful too if you don't want the search bar to ever show :)
[16:45:43] <tyzoid> I think that's what I used
[16:45:58] <tyzoid> Though I still need to figure out how to disable ctrl+t and ctrl+n
[16:46:49] <Cthulu201> In what?
[16:47:19] <prurigro> chromium
[16:47:38] <prurigro> you'd think there'd be a kiosk mode in the settings somewhere
[16:48:08] <tyzoid> There is on a chromebook
[16:48:23] <tyzoid> but not on desktop chromium, from what I've been able to find
[16:48:35] <Cthulu201> Shortkeys extension doesn't work?
[16:49:43] <tyzoid> interesting
[16:49:47] <tyzoid> will take a look at it
[16:50:17] <prurigro> apparently there's a --kiosk flag
[16:50:19] <prurigro> trying it now
[16:50:35] <prurigro> oh hey, I think this is what you want!
[16:50:37] <prurigro> no tabs
[16:50:47] <prurigro> no menu
[16:51:32] <tyzoid> Yeah, I've got no tabs/menu, but check if ctrl+n / ctrl + t work
[16:51:38] <prurigro> they don't
[16:51:43] <prurigro> or rather
[16:51:51] <prurigro> ctrl+t doesn't, let me boot it back up and try ctl+n
[16:52:07] <prurigro> boo- ctrl+n does
[16:52:17] <tyzoid> and you can ctrl+t on the ctrl+n'd window
[16:52:32] <tyzoid> yeah, that's the difficulty I'm running into
[16:52:45] <tyzoid> but I'll take a look at the extension Cthulu201 recommended.
[17:15:38] -!- oaken-source has quit [Ping timeout: 276 seconds]
[17:26:52] -!- belanthor has joined #archlinux32
[18:05:52] -!- abaumann has joined #archlinux32
[18:48:18] -!- deep42thought has joined #archlinux32
[18:49:17] <deep42thought> tyzoid: regarding the simple captcha: What do you think of the idea to put some time stamp + expiration on the captcha?
[18:50:13] <tyzoid> My plan is to force a POW solution
[18:50:19] <tyzoid> no need to stamp + expiration
[18:50:31] <deep42thought> pow?
[18:50:35] <tyzoid> Proof Of Work
[18:50:45] <tyzoid> Instead of sending down the problem, send down the hash of the answer
[18:50:47] <deep42thought> that requires java script
[18:50:54] <tyzoid> then validate the result on post
[18:51:00] <tyzoid> no javascript needed
[18:51:06] <tyzoid> user does the work
[18:51:29] <tyzoid> bots would need to reverse sha1 to break, or actually properly solve the riddle
[18:51:59] <tyzoid> salt could be stored in a session token
[18:51:59] <deep42thought> ah, you mean you send the sha1 of the answer?
[18:52:02] <tyzoid> yeah
[18:52:04] <tyzoid> with a salt
[18:52:14] <tyzoid> otherwise you're just taking a sha1() of a single character
[18:52:17] <tyzoid> which is pretty weak
[18:52:39] <deep42thought> make the session cookie stateless and I'm in
[18:52:48] <deep42thought> e.g. use ip address to salt
[18:53:06] <tyzoid> problem with this salt is it needs to be unknown to the user to work
[18:53:15] <tyzoid> otherwise the bot could just grab the known salt
[18:53:25] <tyzoid> though I'm probably overthinking this
[18:53:38] <deep42thought> what good is the salt to the bot?
[18:53:49] <tyzoid> Prevents rainbow table attacks on the solution sha1
[18:53:58] <tyzoid> otherwise they can just google the sha1 and get the answer
[18:54:02] <deep42thought> this part I understand
[18:54:16] <deep42thought> but what advantage does the bot have if it knows the salt?
[18:54:29] <tyzoid> brute force
[18:54:34] <tyzoid> the solution is only one or two characters
[18:54:43] <tyzoid> so the solution space is what, like 26?
[18:54:44] <deep42thought> on the other hand, you can just add some secret part to the salt (e.g. the server pid, ip address, ...)
[18:54:49] <deep42thought> ah, ok
[18:54:52] <deep42thought> right
[18:55:13] <tyzoid> server pid wouldn't work, since it's not stateless
[18:55:24] <tyzoid> server ip address is known
[18:55:47] <tyzoid> but again, I don't think anyone is going to script a solution to our custom captcha system
[18:55:53] <deep42thought> :-D
[18:55:59] <tyzoid> so the risk is quite low
[18:56:11] <deep42thought> and when they do, we just insert an additional secret password
[18:56:17] <tyzoid> lol
[18:56:30] <tyzoid> randomizing the salt would be the biggest thing, since that'd prevent replay attacks
[18:56:31] <deep42thought> but more importantly, we should increase the set of possible riddles
[18:56:42] <tyzoid> well the riddles are just in a text file, iirc
[18:56:50] <deep42thought> yes
[18:56:56] <deep42thought> they're like 8 riddles or so
[18:57:09] <deep42thought> I would create them from a pool dynamically
[18:57:20] <tyzoid> What's d/dy(16x^3+8x^2+4x+2)?
[18:57:24] <deep42thought> "What is $number1 $operator $number2?"
[18:57:33] <deep42thought> that's easy: 0
[18:57:41] <tyzoid> Yup
[18:58:50] <deep42thought> I'd more go for "What's \sum_{i=1}^\infty 1/i^2?"
[19:00:29] <deep42thought> I wonder when people will start using wolfram alpha to solve captchas :-)
[19:01:23] <tyzoid> I had to look that one up, though
[19:01:30] <tyzoid> been a while since I did calc
[19:01:33] <deep42thought> :-D
[19:01:51] <tyzoid> that I have a math minor doesn't mean I can actually do math
[19:02:19] <tyzoid> Just means that I know what to query W|A for when I'm stuck
[19:02:45] <deep42thought> it just means, you can read the term I wrote and understand the different parts of it?
[19:04:35] <tyzoid> yup
[19:09:32] girls is now known as gals
[19:13:55] gals is now known as girls
[19:30:59] <deep42thought> abaumann: how do I actually use your opcode sniffer?
[19:32:38] <abaumann> aeh: ./check-opcodes -v -a i686 /data/arch32/mirror/i686/core/bison-3.0.4-3-i686.pkg.tar.xz
[19:32:44] <abaumann> or something like that.
[19:33:04] <abaumann> but I think the opcode script itself is a little bit too slow.
[19:34:27] <girls> "readelf: Error: Not an ELF file - it has the wrong magic bytes at the start"
[19:34:28] <girls> O.o
[19:34:36] <girls> when run on linux-4.15.6-1.0-i686.pkg.tar.xz
[19:36:51] <deep42thought> similar error on systemd
[19:36:59] <abaumann> + readelf -a /data/arch32/builder/bin/../work/tmp.check-opcodes.XqnmyO/usr/lib/modules/4.15.6-1.0-ARCH/modules.softdep
[19:37:04] <abaumann> readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
[19:37:19] <abaumann> oh. does .so match to .softdep :-)
[19:37:35] <abaumann> line 104: find $tmp_dir -name '*.so*'
[19:37:58] <tyzoid> that trailing star'll do ya
[19:38:02] <abaumann> maye '*.so.*.*'
[19:38:07] <abaumann> may be better :-)
[19:38:16] <abaumann> or -type f to avoid the symlinks too.
[19:38:38] <abaumann> rather: and
[19:48:00] -!- belanthor has quit [Quit: Leaving]
[20:06:11] <deep42thought> abaumann: what's actually the reason to only check libraries and no executables?
[20:15:28] <abaumann> aeh: none. the problem is, that if you want to check for binaries you cannot go by name, so you have to do a 'file' before. That script becomes WAY slower..
[20:15:59] <deep42thought> ok
[20:16:03] <abaumann> I have one version locally (not checked in), which works this way..
[20:16:07] <deep42thought> you could filter by -exectuable first
[20:16:07] <abaumann> in case you are interested.
[20:16:18] <abaumann> oh.. good point.
[20:16:37] <abaumann> but shared libraries if laoaded by dlopen don't have an executable flag set.
[20:16:47] <deep42thought> yes
[20:16:53] <deep42thought> you need -or, then
[20:16:55] <abaumann> this gives some cases, but not a problem.
[20:17:10] <deep42thought> \( \( ... matches libraries \) -o -executable \) ...
[20:17:24] <abaumann> still with a 'file' after the 'find'?
[20:17:54] <deep42thought> either that
[20:18:01] <deep42thought> or be non-fatal on objdump errors
[20:18:10] <abaumann> ah. yes.
[20:18:43] <deep42thought> that's how the search-for-linked-libraries in build-packages works
[20:19:19] <deep42thought> https://github.com
[20:41:53] <eschwartz> archstrike is a pentesting overlay for Arch? Hmm, so basically blackarch except it works?
[20:42:49] <eschwartz> (I hope it works, but I've seen how blackarch e.g doesn't check that their packages try to install the same ruby deps within other packages, then get file conflicts.)
[20:43:02] <eschwartz> (And then suggests people install the whole repo which is bork)
[20:45:17] <tyzoid> eschwartz: from what I can tell, it works fine.
[20:48:09] <eschwartz> Well, I wonder why blackarch exists then o_O
[20:50:31] <tyzoid> Not sure. They only support x86_64, so I don't really deal with them much
[20:51:38] <tyzoid> whereas archstrike aims to be cross-platform
[20:51:43] <tyzoid> they've got arm support too
[21:16:44] -!- abaumann has quit [Quit: leaving]
[21:32:50] <tyzoid> deep42thought: I'm thinking of migrating my primary backup infrastructure over to https://virmach.com
[21:33:24] <tyzoid> I've never heard of 'em before, but they are somehow beating out rsync.net and amazon for storage pricing
[21:34:02] <deep42thought> um, I'm no expert on that terrain, either
[21:34:06] <deep42thought> your decision :-D
[21:35:50] <tyzoid> deep42thought: Did we ever investigate the possibility of setting up an account either with SPI or somewhere else?
[21:36:01] <tyzoid> IIRC there was that one guy a while ago that wanted to donate
[21:36:13] <deep42thought> um, I didn't
[21:36:23] <deep42thought> and I believe noone else dit either
[21:38:23] <tyzoid> Alright, well I'll place an order with 'em, they're pretty inexpensive, so I don't think it's too much of a risk. Plus I've still got the secondary backup
[22:18:03] <deep42thought> How does one get in contact with spi?
[22:18:26] <deep42thought> their irc channel is pretty silent :-/
[22:36:16] <deep42thought> hey tyzoid, can you have a brief look at what I produced with register.php - there's a register_new.php which has the timestamping in there - against replay attacks.
[22:43:47] <tyzoid> deep42thought: will do. Btw, saw why their prices were so inexpensive.
[22:44:01] <deep42thought> hmm?
[22:44:05] <tyzoid> They nickel and dime you for every little thing
[22:44:12] <deep42thought> ah :-)
[22:44:20] <deep42thought> it's the ryan air method
[22:44:23] <tyzoid> their TOS is littered in traps
[22:44:33] <tyzoid> some of the language is downright dangerous
[22:45:03] <tyzoid> like if you sue them, or through your own fault they come to be sued, you agree to pay for a defence council of their choosing
[22:45:06] <tyzoid> I'm like WTF
[22:45:24] <deep42thought> lol
[22:45:35] <tyzoid> That's why you read the fine print
[22:45:37] * tyzoid taps forhead
[22:46:10] <tyzoid> anyway, I'm probably just going to go with rsync.net in that case
[22:46:25] <tyzoid> pay-as-you-go-for-what-you-use service
[22:46:41] <tyzoid> and they have 50% off for borg backups
[22:50:11] <eschwartz> lol, that's pretty bad of them
[22:57:21] <tyzoid> anyway deep42thought: You might want to talk to some of the arch guys to see about SPI stuff
[22:57:35] <tyzoid> they may have some suggestions/points of contact with them
[23:19:37] <buildmaster> imagemagick is broken (says buildknecht3).
[23:29:13] <deep42thought> !
[23:29:20] <deep42thought> gnaaa
[23:29:25] <deep42thought> "(23:24:41) tbm: deep42thought: can you send an email to board@spi-inc.org with some info+background+what you need"
[23:29:36] <deep42thought> ^ that's what I wanted to send in the first place
[23:30:01] <deep42thought> I'll leave now
[23:30:05] -!- deep42thought has quit [Quit: Leaving.]