<eyJhb>
Would be a hell of a upgrade from my Peugeot 206 2006...
<jasongrossman>
I'd rather have a Peugeot 206.
MichaelRaskin has joined #nixos-chat
<eyJhb>
jasongrossman why? - We could trade? ;) :p
<eyJhb>
Just had it serviced 2.600,- EUR
<eyJhb>
Or rather, repaired.........
<jasongrossman>
Less leather and less automation. I would trade if I had a Tesla and wasn't allowed to sell it for money.
<jasongrossman>
Also your Peugeot is cute. Although likely to break, I imagine.
<jasongrossman>
I mean, repeatedly.
<eyJhb>
But .. Less electronics to play with... :/ `wasn't allowed to sell it for money` might be keyword!
<jasongrossman>
Sorry to hear about your bill.
<eyJhb>
It is french after all, so yes, it does have a tendency to break
<jasongrossman>
Electronics are better stationary, IMO.
<jasongrossman>
Good to see this channel on-topic for once.
<eyJhb>
But this was actually the first "mayor" bill I had on it. Since they couldn't figure out the problem.. So they changed various parts that made no difference, to end up finally figuring it out... - That really hurts when you are studying at uni, not that much money..
<jasongrossman>
Yes. Sorry.
<eyJhb>
Properly, would still enjoy just to play a little with it :p - But hoping it passes the next inspection here in september
<jasongrossman>
I have a 2003 Mazda and I wouldn't trade it for anything. (I literally wouldn't trade it for anything worth less than US$50,000.)
<eyJhb>
I really don't see how they could fail it
<jasongrossman>
Good luck.
<eyJhb>
*meaning it runs forever and basically never breaks
<eyJhb>
Seems like quite a nice car, a forever-auto-mobile?
<jasongrossman>
Yes!
<eyJhb>
I would enjoy that.. And having five doors.. Having three sucks.
<jasongrossman>
The Peugeot 206 was on my shortlist.
<eyJhb>
But that is what I typically hear about Toyota, e.g. the old Corolla
<eyJhb>
Why the 206?
<jasongrossman>
I like small cars, and also only a small car will fit into my garage space.
<eyJhb>
Ahh, it like that it is mini but not micro. I can basically have everything I want in it :p
<eyJhb>
But isn't the mazda a stationcar?
<jasongrossman>
Mazda makes lots of models.
<jasongrossman>
I have the smallest one.
<jasongrossman>
If I'd got a 206 it would have been a 206CC, which is REALLY cute, right?
<eyJhb>
Makes sense ;) - With the rollback and everything? :p - Have the. Peugeot 206, 1.4 HDi 3d 2006 model
<jasongrossman>
I'm almost jealous. Although my car's really nice too. Anyway, it makes me happy that you've got a car I like.
<eyJhb>
Always good with a car in general ;)
<eyJhb>
Keeping in the topic of off-topic, anyone got a one-line ascii kangaroo, like this is a cat? `=^_^=` ?
<MichaelRaskin>
Maybe λ_ ?
<eyJhb>
That is actually pretty good
<MichaelRaskin>
Not fully ASCII, but at least LGC
<eyJhb>
That would still work well in her program I would think :p Might be easie if it wasn't single line ...
<eyJhb>
Wondering, is there actually anyone working on other schedulers for Linux, than CFS?
<MichaelRaskin>
MuQSS
<MichaelRaskin>
(by Con Kolivas, a kind of a successor to BFS)
<eyJhb>
Is anyone actually running NixOS here and running something else than CFS?
<andi->
Does any of you have experience with `clangd` as LSP server for C & C++. Trying to use it with the nix source.
<eyJhb>
pie_ is your computer owkring again?
<joepie91[m]>
andi-: my experience can be summarized as "I never got the damn thing to actually work" :)
sir_guy_carleton has joined #nixos-chat
<andi->
joepie91[m]: it works-ish for me.. I am just struggling with passing it the build cflags. I fails to find a bunch of headers but other then that it works..
<joepie91[m]>
andi-: documentation on how to get it to work would be most welcome :P
<joepie91[m]>
you seem to have gotten further than nI did
<joepie91[m]>
I *
<andi->
joepie91[m]: well I basically just added LanguageClient-neovim to the plugins and told it to start `clangd` for all CPP files.. not much further :D
<andi->
my files basically show up in all red because nothing can be found :/
<eyJhb>
If anyone feels bored - nc 142.93.169.190 5000 - get the flag
<tilpner>
eyJhb: It's dead
<__monty__>
I asked so nicely and it didn't give me what I wanted : /
<eyJhb>
tilpner did you do that! :p
<eyJhb>
Added restart policy to it now
<tilpner>
Yeah. Don't assume every program terminates :)
<__monty__>
Well, I'm stuck. Any way to get hints?
<eyJhb>
tilpner normally wouldn't run in that env it is running in anyways :p
<andi->
write a program that dumps the entire memroy?
<eyJhb>
andi- mem is 30000x0x00
<eyJhb>
__monty__ if you can figure out the welcome message, you should be good to go
<andi->
eyJhb: I am not investing anymore time in CTFs... Feels like not rewarding anymore :/
<__monty__>
eyJhb: I have, and I've asked *nicely*.
<tilpner>
Try different phrasing
<__monty__>
Yeah, found it but that's just stabbing in the dark.
<eyJhb>
__monty__ pm what you are sending it :p
<__monty__>
I found it.
<eyJhb>
andi- kinda feel your pain :)
<eyJhb>
tilpner guessing you have it too?
<tilpner>
Yes
endformationage has joined #nixos-chat
Jackneill has quit [Remote host closed the connection]
aszlig has quit [Quit: Kerneling down for reboot NOW.]
aszlig has joined #nixos-chat
drakonis has joined #nixos-chat
drakonis has quit [Client Quit]
drakonis has joined #nixos-chat
ekleog_ is now known as ekleog
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-chat
lopsided98 has quit [Ping timeout: 248 seconds]
lopsided98 has joined #nixos-chat
<jD91mZM2>
joepie91[m]: Yeah I agree VPNs usually use wayy to many buzzwords for their advertising. I mainly like sharing IP with a bunch of other randos so one can't identify me other than by my port which I think changes every once in a while
<joepie91[m]>
jD91mZM2: IP is nearly irrelevant where tracking systems are concerned
<joepie91[m]>
precisely because it is so unreliable
<joepie91[m]>
(even without VPN services; typically many people share an IP)
<jD91mZM2>
Yes, right, but in my case it's actually spot on where in Sweden I live, and I don't like that
<joepie91[m]>
geo-IP data is also super unreliable, so nobody relies on it for anything that matters
<joepie91[m]>
like, you may know that it is accurate for you, but ~nobody else does
<joepie91[m]>
beyond country identification, geo-IP data is basically best-effort
<jD91mZM2>
I don't really worry about tracking on individual sites like twitter, that still can't hopefully connect my real life identity and online one. I also block most of that with browser extensions like Privacy Badger
<jD91mZM2>
Another thing is logging. Accessing any non-encrypted site by default can be logged anywhere during the process
<joepie91[m]>
right, my point here is that a VPN service isn't doing anywhere near as much against tracking as you think it does -- and especially considering that it involves tunneling all your traffic through a party that's usually less trusted than your ISP, it's a bad bet
<__monty__>
jD91mZM2: Your location is probably just as easily deduced from when you are active on freenode. And things like the idioms you use, typos you make.
<joepie91[m]>
jD91mZM2: this remains true with a VPN service.
<joepie91[m]>
it just moves the point where the traffic exits as cleartext.
<joepie91[m]>
but it doesn't fundamentally change anything about whether your traffic is encrypted or not
<sphalerite>
__monty__: jD91mZM2 isn't secretive about their location in terms of country anyway
<joepie91[m]>
(this is one of the common lies of VPN services, that your traffic somehow magically becomes 'encrypted')
<__monty__>
sphalerite: But they specifically say they use a VPN because geo-ip's too accurate.
<joepie91[m]>
(which is a technical impossibility)
<jD91mZM2>
A VPN reduces this logging to 2 places: My computer and their endpoints. I only use ones which promise they don't keep logs (and the one I just switched from had been tested twice in court)
<jD91mZM2>
__monty__: If I talk English, I think one would have to be Sherlock Holmes to recognize where from Sweden I come from, especially since I learned more english online than I ever did in school
<joepie91[m]>
jD91mZM2: no, it doesn't. that VPN service still has to exit to the public internet, on its way to your connection's destination -- this is absolutely no different from how it would route from your home connection to the destination, except it starts at a different point. you still have the exact same problem - any of the intermediate hops can log traffic as they wish.
<__monty__>
jD91mZM2: Yeah but the little mistakes you make can give things away.
<joepie91[m]>
it does not reduce logging at all, whatsoever.
<joepie91[m]>
it merely changes who can log.
<joepie91[m]>
and promises of not keeping logs are sketchy to say the least; "proven in court" is not a good argument either, because those are individual snapshots, individual cases... they cannot prove the absence of a practice altogether.
<joepie91[m]>
they may be a basis for you to trust a provider more (although I'd have my doubts there as well, but that's a fuzzier discussion), but it's certainly not 'proof' of anything
<jD91mZM2>
Certainly not proof
<jD91mZM2>
joepie91[m]: Yes but the data that leaves the VPN can not be traced back to me unlike data that leaves an ISP that keeps logs. Assuming I don't slip up, that is.
<jD91mZM2>
While I'm logged in, definitely it can
<joepie91[m]>
conceptually speaking, what you're doing when you're using a VPN service, is to change who your ISP is for the purpose of data privacy.
<joepie91[m]>
that is all it does.
<Ralith>
you should certainly have much more confidence in a company that is demonstrably unable to compy with a court order to produce data than one that is not
<eyJhb>
Isn't the "best" to chain a F load of proxies together, that are just scatered all over the web, and use them. Route through as many countries as possible, and switch country for each jump?
<Ralith>
most consumer ISPs are of the "gleefully hand over data en masse" variety
<jD91mZM2>
I am well aware it only does that. But I do believe a company that has a large reputation of not keeping logs is safer than using some ISP
<joepie91[m]>
jD91mZM2: that is a gross oversimplication that's missing a lot of factors; for example, merely connecting traffic to an IP is not useful as the IP is not clearly tied to a person... far more useful is *correlation* of traffic, which you can still do fine even if it goes through a VPN service.
<joepie91[m]>
then you might find some bits of traffic that include someone's actual identity
<joepie91[m]>
there are plenty of tricks for this that can survive various kinds of proxies (including VPN services), from access patterns analysis to looking at TCP-level oddities
<joepie91[m]>
there's a reason that Tor puts so much work into preventing these sort of things
<joepie91[m]>
(which VPN providers don't, because their goal isn't to provide privacy)
<joepie91[m]>
(nor anonymity)
<joepie91[m]>
Ralith: that's really heavily based on where you are.
<joepie91[m]>
to my knowledge, Sweden is one of the countries where most ISPs are rather hesitant about handing over data
<Ralith>
most consumer ISPs are not in sweden :P
<joepie91[m]>
great, but jD91mZM2 is, so..
<Ralith>
oh, that helps
<joepie91[m]>
this is the point I was trying to make earlier wrt "you're just changing your ISP"
<jD91mZM2>
Indeed Tor is amazing, but since people are kind enough to host endpoints I think one would be rude to use all traffic over them, especially large data like videos
<Ralith>
I'd still feel better about working with a provider (of whatever sort) that had specifically been unable to comply with a court order in the past though
<joepie91[m]>
it can be a valid choice to do so, but you need to realize that that is what you're doing, and that you're not magically adding privacy or security or encryption or whatever
<joepie91[m]>
and VPN services *usually* suddenly look a lot less good of an option, once you look at it from the "changing your ISP" perspective
<joepie91[m]>
jD91mZM2: right, I'm not suggesting that, rather just trying to illustrate that there's far more to proper anonymization than tunneling stuff through a different IP
<etu>
joepie91[m]: That's more a dream nowadays. Most ISP's (in Sweden) seem to have started to loose up about giving out data :/
<joepie91[m]>
(that having been said, it's encouraged to send low-volume normal-person traffic through Tor, as it allows at-risk users to hide in the noise better)
<jD91mZM2>
I know I'm changing my ISP, and that's all it does. I'm aware that as long as I am logged in or otherwise slip up my identity, it can still very much be linked to me. But I still want to use a VPN because of a lot of different factors, including being able to access geo-blocked content.
* etu
only use VPN's for work really
<joepie91[m]>
for geoblocking situations, I'd rather recommend something more granular than "send literally all of your traffic through this other provider"
<joepie91[m]>
there are specific tools for that even, that only proxy specific services
<joepie91[m]>
though I don't recall the names off the top of my head
<joepie91[m]>
jD91mZM2: also, to re-emphasize: exposing your identity over a VPN service does *not* require a slip-up on your end
<joepie91[m]>
it can be done through technical means, if somebody cares enough
<joepie91[m]>
(and adtech companies in particular, usually care enough)
<joepie91[m]>
anyway, it is time for a break
<jD91mZM2>
I get what you're coming with your whole "send all your data to one provider"... But then again, you just said it's safe to keep using your ISP, which is the same thing. Both a VPN and an ISP are big companies that have a reputation to uphold
<joepie91[m]>
I said no such thing
<jD91mZM2>
Ok, that's news to me I would very much want to read more about. I agree. I'll finish reading your article
<joepie91[m]>
I said that since using a VPN service involves changing your ISP, the question comes down to which company you have reason to trust more
<jD91mZM2>
Right, yes, sorry
<joepie91[m]>
and that is often not the VPN service, after thorough analysis
<joepie91[m]>
(especially taking into account that whereas ISPs usually have a lot of physical infrastructure on the line, the same is not true for VPN services - running a VPN service basically involves renting a few servers and reselling bandwidth)
<joepie91[m]>
(which is why so many people do it, it's easy money if you don't care about ethical marketing :P)
<joepie91[m]>
anyway, really break time now
<jD91mZM2>
joepie91[m]: Okay. Thanks though, I'll try to second-guess my decision to use a VPN.
<jD91mZM2>
Might save me some money :)
<Ralith>
a private, personal VPN is nice for when you need to connect a device to a presumed-hostile network like public wifi
<jD91mZM2>
(or the school network where pretty much every other site is blocked)
<Ralith>
very slowly becoming less necessary as people get their shit together with webauthn and TLS and so forth but it'll be decades before everyone gets on board with that, if ever
<Ralith>
institutional networks are certainly presumed-hostile
<Ralith>
by far the most likely place to find invasive middleboxes and such
<__monty__>
Clever's toxvpn is working great for me btw. And sshuttle's nice for some light network traffic proxying.
<joepie91[m]>
I use sshuttle to tunnel all my on-the-go laptop traffic over my home connection
<joepie91[m]>
was a bit annoying to set up with IPv6 support, but it works now
<joepie91[m]>
I'll eventually probably use tinc or wireguard or w/e once I get around to it
<gchristensen>
wg is surprisingly easy to use
<gchristensen>
unless you are point-to-pointing machines with dynamic IPs
<__monty__>
Only really valid use cases of these commercial VPN services are browsing on insecure networks like public wifi and circumventing geoblocks.
<Ralith>
the former is probably better solved by setting up your own, if you're capable
<__monty__>
Yes, and you might be able to do both yourself if you get a VPS.
<joepie91[m]>
jD91mZM2: that guy seems to be a little too extreme in the other direction :)
<joepie91[m]>
bonus questionability for the Tor comment below it
<joepie91[m]>
unfortunately not many in that SE thread seem to have much of a clue, on either side of the issue... from a glance anyway
<eyJhb>
I basically just run a OpenVPN server and forward all home traffic to it using my pfSense router, works great
<joepie91[m]>
oh, it's the security SE, that explains it
<joepie91[m]>
jD91mZM2: so general note, take anything on the security SE with a bucket of salt... like ##security and 'security and pentesting forums', it tends to attract the sort of person who wants to show off and brag about their supposed knowledge while actually understanding very little... and so it ends up mostly as a shouting match of equally-wrong claims
<joepie91[m]>
there's a few good folks on there, but not as many as there should be, ratio-wise
<joepie91[m]>
and a loooot of the arguments you see people making in those kind of venues are well-phrased enough that they seem plausible, but they rarely hold up to scrutiny
<__monty__>
Only ever ask questions only experts dare answer : )
<Ralith>
stack* are always a huge gamble
<joepie91[m]>
oh yeah, but the security SE is extra bad
<joepie91[m]>
mostly because of the sort of folk that 'security' in general attracts
<joepie91[m]>
it doesn't mesh very well with SE's culture
<__monty__>
Mitnick was on the local news here recently, what an arrogant individual.
<jD91mZM2>
joepie91[m]: Yeah, the TOR comment is just stupid. But the original comment at least tells you to that a VPN won't save you
<joepie91[m]>
jD91mZM2: right, but it doesn't do so in a very rational way
<joepie91[m]>
(I might - mostly - agree with a conclusion and still disagree with the way somebody got to it :P as is the case here, I suspect that their advice is not actually based on rational analysis, but just on tribalism)
<jD91mZM2>
So... I just sent an email to NordVPN asking to get my money back on my 3-year bind since it's been way less than 30 days since I switched to it from another provider. If this means I'll fully stop using a VPN for myself, I don't know
<MichaelRaskin>
__monty__: Mitnick confiidenced-tricked his way into access to supposedly-secure networks, what would you expect?
<__monty__>
MichaelRaskin: Well he did some actually phreaking and cracking too iirc? It's just that computer security was practically unheard of back then.
<__monty__>
I know it was mostly social engineering.
<__monty__>
Still is afaik?
<eyJhb>
Wish I was older.. Sounds like a good time
<pie__>
eyJhb, less resources though
<pie__>
:<
<MichaelRaskin>
Well, there is large-deployment security (which is still often about mitigating social attacks) but then nowadays we have this horrible state-ODM-ISV-user standoff where everyone tries to get some ttechnical security against the others
<eyJhb>
pie__ yeah... But feels like there weren't many rules in-place, which, would be nice
<pie__>
ODM ISV?
<pie__>
eyJhb, sure
<eyJhb>
Now I just as much as look at a website param, and I get reported
<MichaelRaskin>
I do not qualify, I have stateful passwd (despite read-only /etc/ which required some amount of work)
<eyJhb>
I am really struggling with how to distribute docker containers, for a CTF, without uploading to hub.docker.io, setting up a registry with its own _valid_ cert, or giving a .tar, which defeats the purpose of some of the chals..
<eyJhb>
ANy ideas?
<Ralith>
eyJhb: why is a valid cert a barrier? let's encrypt exists
<eyJhb>
Ralith because it is a tmp setup for around 24 hours, which doesn't have a domain
<eyJhb>
Increases the complexity too much compared to the `win`
<Ralith>
can't just cram it onto a domain you have lying around?
<eyJhb>
Only other thing I can do, is make a self-signed cert, and force contestants to add it to /etc/docker/certs.d/
<eyJhb>
Well, I should be able to give it to e.g. you, and you wouldn't need to do anything except `start`, pretty much
<eyJhb>
Annoying that they have completely disabled the option of using plain HTTP
<jD91mZM2>
joepie[m] What about using a different DNS than the ISP wants, such as 1.1.1.1?
<eyJhb>
I should have said, docker images, instead actually. Big difference
<eyJhb>
There is the `save` and `load`, which is prop the closest I will get
<gchristensen>
oh that is what I meant
<eyJhb>
And that is prop good enough, I just hate that I have to throw away the feeling of "when you pull a container from anywhere, the layers are still there and someone might be hiding secret stuff there", but it is pretty much the same
<__monty__>
jD91mZM2: Afaik that doesn't prevent your ISP from logging your DNS traffic, as that's not encrypted.
<gchristensen>
(you can also not use 1.1.1.1 or any public resolver, and use a local resolver)
<__monty__>
Doesn't that only really work if you run your own root DNS server? : >
<__monty__>
Or can you have a local resolver connect to root servers or other with an encrypted connection?
<gchristensen>
you still have the same problem of interceptable DNS traffic
<joepie91[m]>
wtf? so my code is magically hanging, and it hangs for a while, and then suddenly the debugger pauses on the internal linked list implementation for no apparent reason and the UI of my editor stops responding
<joepie91[m]>
this is a particularly bizarre set of events
<__monty__>
gchristensen: Then what was your suggestion a solution for?
<joepie91[m]>
jD91mZM2: 1.1.1.1 is cloudflare, which is especially untrustworthy; other than that, it's not an issue so long as you realize that you're trusting whoever you're sending your DNS requests :P
<gchristensen>
__monty__: an alternative to using 1.1.1.1.
<andi->
Run your own recursor some network that you trust and access it via DoH (it supports authentication IIRC)
<__monty__>
I don't see a reason not to use your ISP's unless they pull shenanigans like returning false records or blocking.
<eyJhb>
ISPs that start to block sites that aren't court ordered.. That really sucks
<__monty__>
Has that been rolled out sufficiently though, andi-?
<eyJhb>
Especially when they put false claims on the site
<gchristensen>
DNS traffic sniffing is a different ballgame compared to adding data collection to their DNS server
* joepie91[m]
mumbles something about the UK
<__monty__>
Is it, gchristensen? Doesn't seem much more complicated to me.
<andi->
__monty__: I would only do DoH to MY server from there it is the same old issue
<andi->
Depends on your requirements
<__monty__>
Then that doesn't help much though?
<__monty__>
In all of these situations the ISP still has access to the data.
* gchristensen
shrugs
<andi->
Well another ISP :) but there isn't much you can do if you do not want to tell anyone about what you are requesting
<eyJhb>
Might just be a danish law, but they have to keep 10 years of records ...
<eyJhb>
(the ISPs)
<eyJhb>
So I would guess, that includes.. Everything
<andi->
There is also DNS over Tor.. Judge for yourself
<eyJhb>
DNS over ICMP :D :D
<aleph->
pie__: Finally have my nix laptop at apt
<aleph->
Will ping you when I get kali tools up on my git repo
<eyJhb>
We need aszlig with his brainfuck DNS server
<aleph->
lol wat
<eyJhb>
aleph- what is the next tool you will work on?
<aleph->
Dunno, not anything for a while. Super busy at work
<__monty__>
andi-: Aren't DoH and DoT supposed to solve the problem? *Someone* still needs to know what you're asking for but not *everyone* does.
<jD91mZM2>
Better idea: No DNS server, one just memorizes all IPs. No data sent means no data can be intercepted!!!!
<aszlig>
eyJhb: no time at the moment ;-P
<pie__>
aleph-, coolio
<eyJhb>
aszlig aww... Would be awesome thou..Especially if you can keep it to 30.000 bytes :p
<andi->
__monty__: exactly my point. I just wouldn't feed a google/cf/.. With my queries
<aszlig>
eyJhb: i'd probably do it in brainfuck 2d
<aszlig>
so 30k bytes is no option :-D
<__monty__>
andi-: I agree, rather keep it to mostly just my isp, rather than my isp *and* someone worse.
<__monty__>
Do run a local dns cache though, guess that reduces the amount of data that leaks.
<eyJhb>
aszlig Ohh, do I know how I will torture people now
<aszlig>
so the first one was the one i was referring to
<eyJhb>
iAhh, makes more sense now!
<aszlig>
the generic 2d brainfuck is more like a 2d array instead of a single-dimensional array
<__monty__>
Aww, those parallel branches looked like a really cool idea, too bad those don't work.
<pie__>
cue esolangs wiki
<pie__>
hexagony :D
* pie__
starts wondering about parallelism on these
<pie__>
no pie__ stop
<eyJhb>
pie__ did you look at the simple chal I put up earlier?
<pie__>
eyJhb, no i didnt see anythin
<pie__>
eyJhb,kink me maybe?
<eyJhb>
pie__ if you are up for it, nc 142.93.169.190 5000
<pie__>
ehhhhhhh *link
<pie__>
i really shouldnt right now but i cant help it :D
<eyJhb>
*kink* ;)
<pie__>
oh god brainfuck
<pie__>
why
<eyJhb>
because aszlig !
<pie__>
ive never actually learned how it works
<eyJhb>
The basics are .. Simple. But haven't done much myself, except basic "print statements"
<aszlig>
pie__: it's actually quite simple, you're basically operating on a byte array and use commands to either increase/decrease bytes, have loops and input/output (byte-wise)