*** leo-unglaub has quit IRC | 00:18 | |
*** Feksclaus has quit IRC | 00:40 | |
*** tilman has quit IRC | 01:04 | |
*** tilman has joined #crux-devel | 01:05 | |
*** mechaniputer has left #crux-devel () | 01:10 | |
*** Feksclaus has joined #crux-devel | 02:37 | |
*** mavrick61 has quit IRC | 03:25 | |
*** mavrick61 has joined #crux-devel | 03:26 | |
*** Feksclaus has quit IRC | 03:45 | |
*** erdic_ has joined #crux-devel | 04:12 | |
*** erdic has quit IRC | 04:12 | |
*** jaeger has quit IRC | 04:12 | |
*** jaeger has joined #crux-devel | 04:12 | |
*** mechaniputer has joined #crux-devel | 04:30 | |
*** mechaniputer has quit IRC | 05:17 | |
*** Workster has quit IRC | 06:24 | |
jue | prologic: have a look at mysql-ruby and sqlite3-ruby; the first works like the "old" way by using extconf.ruby, the second is using a gem package | 09:22 |
---|---|---|
jue | Romster: I've committed a fix for the findredundantdeps problem and added a module to prtverify to find duplicated deps in the '# depends on:' line | 09:25 |
Romster | jue, ah that's a nice idea. i didn't think of that for prtverify. thank you for that. | 09:42 |
*** erdic has joined #crux-devel | 10:17 | |
prologic | jue, thanks I'll take a look at those | 11:02 |
prologic | right now I"m just packaging up the rpm version of vagrant | 11:03 |
prologic | it's not ideal but it seems to work okay | 11:03 |
*** xetver has quit IRC | 11:04 | |
*** xetver has joined #crux-devel | 11:05 | |
*** Feksclaus has joined #crux-devel | 15:01 | |
*** diverse has joined #crux-devel | 16:10 | |
diverse | is there SSL certificates provided by default? | 16:33 |
diverse | Romster: youtube-dl needs to be updated | 17:37 |
teK_ | gtk3 or qt4 as toolkit for wireshark? | 20:02 |
teK_ | it's too stupid to detect one if the other is not present | 20:02 |
teK_ | I tend to say gtk3 as qt4 takes about 3 hours to build | 20:03 |
diverse | I thought wireshark ditch gtk in favor for qt4 a while ago? | 20:03 |
teK_ | my current build runs with: | 20:04 |
teK_ | --with-qt4=no \ | 20:04 |
teK_ | --with-gtk3=yes | 20:04 |
teK_ | uninstalling qt4 results in a build failure if I leave out those two lines | 20:05 |
diverse | teK_: the problem I see with gtk3 is that it's not reliable and controlled by a facist company like redhat, where as qt is hard to deal with when building things. | 21:01 |
teK_ | we will see if complaints will roll in ;) | 21:02 |
teK_ | I'd hope for wireshark to add detection for available kits | 21:03 |
teK_ | yet there has to be a dependecy listed either way | 21:03 |
diverse | teK_: what would happen if gtk3 requires systemd as a dependency one day? | 21:05 |
diverse | teK_: actually can you make a port for each? | 21:10 |
diverse | say wireshark-gtk and wireshark-qt? | 21:10 |
diverse | the current wireshark port being wireshark-gtk and wireshark-qt with --with-qt4=yes --with-gtk3=no? | 21:13 |
teK_ | we could yeah | 21:13 |
teK_ | but let's wait what will happen to gtk3 :) | 21:13 |
diverse | sigh, I wish gtk2 was still an option | 21:14 |
diverse | I rather not touch gtk3 if I can help it | 21:17 |
diverse | teK_: btw, I'm getting an issue with building one of my personal ports because it needs SSL certificates: https://gist.github.com/anonymous/d3f197785957cf974ae1 | 21:22 |
diverse | does crux provide the certificates by default or do I need to generate them? | 21:22 |
*** leo-unglaub has joined #crux-devel | 21:46 | |
leo-unglaub | http://crux.nu/bugs/index.php?do=details&task_id=1086 | 21:52 |
leo-unglaub | any ideas, feedback, ... ? | 21:53 |
teK_ | there is a port for the trusted CAs | 21:57 |
diverse | teK_: name? | 21:57 |
teK_ | ca-certificates | 21:58 |
diverse | thanks | 21:58 |
teK_ | either the port is outdated or your http-server-provider screwed up (like oracle for jdk ...) | 21:58 |
teK_ | np | 21:58 |
teK_ | leo-unglaub: yes, I considered applying | 21:58 |
teK_ | If I find the time, I can do that some time december | 21:59 |
teK_ | I'm super busy with university and work related things | 21:59 |
leo-unglaub | teK_: i just have done it for 10 domains ... takes just a few minutes | 21:59 |
leo-unglaub | https://bitbucket.org/foxship/scripts/src/a1b9531e0c9244087dd73996b091fd423efd34a3/generate-ssl.sh?at=master | 21:59 |
leo-unglaub | i have a script for it | 21:59 |
diverse | it's not an http server, it's for something else that needs the verification | 22:00 |
teK_ | how do we prove that we're OSS? Provide the URL and wait for confirmation? | 22:01 |
leo-unglaub | teK_: you don't have to prove anything | 22:01 |
leo-unglaub | everyone can get a class 1 cert | 22:02 |
leo-unglaub | for anything | 22:02 |
leo-unglaub | even for a business | 22:02 |
teK_ | what. | 22:02 |
teK_ | and startssl is in all regular browsers? | 22:02 |
leo-unglaub | yes :) | 22:02 |
leo-unglaub | in all browsers, even in those fucked 10 year old MS hand helds things *g* | 22:03 |
teK_ | wtf | 22:03 |
leo-unglaub | i just pumped our 13 certs for the company and all other sites i manage | 22:03 |
leo-unglaub | hehe | 22:03 |
leo-unglaub | https://www.leo-unglaub.net/ <- this site uses one of the certs | 22:04 |
leo-unglaub | valid in every browser | 22:04 |
leo-unglaub | and 8192 bits long | 22:04 |
leo-unglaub | hahaha | 22:04 |
leo-unglaub | do you want to know the funny part? | 22:04 |
teK_ | sure | 22:04 |
leo-unglaub | the default MAC SSL library cannot handle 8192 bits certs *g* the max length supportes if 4k *g* | 22:05 |
leo-unglaub | thats how bad apple is ... | 22:05 |
diverse | by apple you mean safari? | 22:05 |
leo-unglaub | no, the apple ssl toolkit | 22:05 |
teK_ | thanks for the hint. | 22:05 |
diverse | ah | 22:05 |
leo-unglaub | chrome uses the apple ssl toolkit, so even chrome on MAC fails | 22:05 |
leo-unglaub | chrome on windows works fine *g* | 22:06 |
leo-unglaub | it took me 2 days to figure it out why it was not working on a mac of my boss *g* | 22:07 |
leo-unglaub | fucking apple | 22:07 |
diverse | heh | 22:07 |
leo-unglaub | diverse: i would understand it if they would throw a real eror message | 22:07 |
diverse | so essentially openssl kicked the ass out of apple ssl? Even though openssl is terribly written | 22:07 |
leo-unglaub | but they just say "unable to read cert" | 22:07 |
leo-unglaub | diverse: openssl is a bad as it gets ... gnutls is also very bad ... | 22:08 |
leo-unglaub | there is only one very good ssl/tls library out there | 22:08 |
diverse | gnutls > openssl | 22:08 |
leo-unglaub | and thats polarssl | 22:08 |
leo-unglaub | polarssl > NSS > gnutls > openssl | 22:08 |
diverse | well I'm hoping libressl once it's matured will kick the ass out of all implementations | 22:09 |
leo-unglaub | i really doubt it ... | 22:09 |
leo-unglaub | because those idiots want to keep api compatibility | 22:09 |
leo-unglaub | and keeping openssl api compat is the worst thing you can do | 22:09 |
diverse | how so? | 22:09 |
leo-unglaub | the openssl api is horrible | 22:10 |
leo-unglaub | it practicly forces you to write bad code .. | 22:10 |
leo-unglaub | evne if they clean up all the mess inside | 22:10 |
leo-unglaub | you still have a horribly API that makes it so hard for developers to use it properly | 22:11 |
teK_ | but they introduce a prallel, improved API, too? | 22:11 |
leo-unglaub | not that i know of, no | 22:11 |
diverse | well unfortunately 2/3 of the internet already use this horrible api, so if a better one exists that uses a compatible api, people will shift to it | 22:12 |
diverse | people aren't going to rewrite their apps from scratch | 22:12 |
leo-unglaub | i am a paranoid crypto nut ... *g* i spend weeks to just get the handshake right ... | 22:12 |
leo-unglaub | and i have come to the comclusion ... openssl sucks *g* | 22:12 |
leo-unglaub | thats why i am only using polarssl | 22:13 |
leo-unglaub | thats clean and good written c code | 22:13 |
diverse | nothing wrong with security, people could pay for you for your knowledge | 22:13 |
leo-unglaub | in our company we have a framework called "firemoon" and in there we use now polarssl for the handshake | 22:14 |
diverse | cool | 22:14 |
leo-unglaub | and then we put on that TLS stream either an OTR container or a secound TLS stream made by NSS | 22:14 |
leo-unglaub | that way, even if one crypto is broken thru a bug, the secoud one is holding up | 22:14 |
leo-unglaub | i made this mandatory for all software we procude in the company | 22:15 |
diverse | awesome | 22:15 |
diverse | or should I say, "fantastisch" | 22:16 |
leo-unglaub | i am fighting to get my boss to release it under the GPL | 22:17 |
leo-unglaub | but thats currently a hard fight .. | 22:17 |
diverse | hmm, maybe persuade him with a BSD or MIT license? | 22:17 |
leo-unglaub | hehe, but i am confident i will win this fight ... because all files already have the GPL header *g* | 22:17 |
diverse | ah | 22:17 |
leo-unglaub | so i must release them or i can get into trouble *g* | 22:17 |
diverse | or keep it hush-hush | 22:18 |
leo-unglaub | oh, damn ... you are right .. according to the file header i am the author of it *g* | 22:18 |
leo-unglaub | damn default file template *g* | 22:18 |
diverse | right about what? | 22:18 |
diverse | oh I see | 22:19 |
diverse | well you could use BSD or MIT and say it's a more "business-friendly" license to persuade your boss | 22:20 |
leo-unglaub | i am a huge fan of RMS ... and i don't care about licences at all al long as the source code is free ... so in this case i just trust RMS and stick with the GPL | 22:22 |
leo-unglaub | my boss doesn't know the difference between BSD and GPL, he doesn't want me to release it at all | 22:22 |
leo-unglaub | because there is actually a lot of company time in it | 22:23 |
leo-unglaub | and he makes money with that software | 22:23 |
leo-unglaub | ... :( | 22:23 |
*** Workster has joined #crux-devel | 22:24 | |
diverse | well that make senses from a business point of view. In order to be competitive you wouldn't want to share your work in order to not be out competed | 22:24 |
teK_ | it does not necessarily | 22:25 |
teK_ | often the effort to package and integrate things outweighs the danger to destroy your business model by releasing the source | 22:25 |
teK_ | after all, you have the chance of a community contributing back new ideas and code into your _company_ | 22:26 |
diverse | well, I guess using GPL will force changes upstream if some other company decided to use it and make changes. | 22:26 |
teK_ | but who am I to argue on that topic :) | 22:26 |
diverse | but that's if they make changes | 22:26 |
leo-unglaub | i also see the benefit from having a comminuty looking over the source code | 22:27 |
leo-unglaub | but i also understand my boss | 22:27 |
leo-unglaub | he has to make money so he can pay me | 22:27 |
leo-unglaub | but still, i prefer open source !! | 22:27 |
leo-unglaub | ah, btw, ... crux has a polarssl package ;) | 22:28 |
leo-unglaub | i made one ;) | 22:28 |
diverse | heh | 22:28 |
leo-unglaub | and you can for example link curl against polarssl | 22:28 |
teK_ | and fefes gatling :p | 22:28 |
leo-unglaub | hahaha, yes ... | 22:28 |
teK_ | was the first time I encountered that package name | 22:29 |
leo-unglaub | that thing must be a hell of a beast *g* | 22:29 |
teK_ | ach Felix :> | 22:29 |
diverse | ah so that's why you used "fefe" | 22:29 |
teK_ | it's his nickname | 22:30 |
diverse | oh | 22:30 |
teK_ | visit www.fefe.de for the (gory) details | 22:31 |
teK_ | off to bed | 22:31 |
leo-unglaub | ;) | 22:31 |
teK_ | hard day ahead of me | 22:31 |
teK_ | :-) | 22:31 |
diverse | teK_: have a good one | 22:31 |
teK_ | thanks, you too | 22:31 |
leo-unglaub | sleep tight | 22:31 |
teK_ | wll do :> | 22:31 |
diverse | I guess too bad not much software use better ssl libraries | 22:33 |
diverse | or have build options for them | 22:33 |
diverse | leo-unglaub: for example I had Romster build aria2 with gnutls instead of openssl | 22:34 |
leo-unglaub | gnutls just had last this week a huge heap bug | 22:35 |
leo-unglaub | the problem is, the gnutls code is a little bit better, but it has less than 10% of the openssl auditing | 22:36 |
leo-unglaub | because openssl is used by google and they actually look over it a little bit more | 22:36 |
diverse | pft, that auditing is nothing then | 22:36 |
leo-unglaub | but yes, it makes me as a security nut very sad that crypto support is sooo bad in sooo much tools | 22:36 |
leo-unglaub | well, the little auditing it gets is better than nothing, but still sad | 22:37 |
leo-unglaub | specially google is a bad example from my part | 22:37 |
leo-unglaub | because the security holes they found where not that special at all | 22:37 |
leo-unglaub | that poodle attack that they put huge into the media? | 22:37 |
leo-unglaub | that was litterally the same as the beasty attack years ago ... just a little bit modified ... | 22:38 |
diverse | all this security stuff makes me glad I'm learning Rust. | 22:38 |
leo-unglaub | this affects rust as well | 22:39 |
leo-unglaub | because if you need an ssl stream in rust .. you propobly also call openssl underneath | 22:39 |
diverse | well because of the C libraries | 22:39 |
diverse | if someone implements an SSL in pure Rust, it's 99% percent guarenteed safe | 22:40 |
diverse | once it compiles | 22:40 |
leo-unglaub | hehe, i have a different opinion on that *g* | 22:41 |
diverse | well it's because Rust has to expose the "unsafe" layer in order to bind to C libraries, so yeah there would be problems because of the C code | 22:42 |
diverse | and because there is some many C libs out there | 22:42 |
diverse | s/some/so/ | 22:42 |
leo-unglaub | c is definitifly not the problem ... | 22:43 |
leo-unglaub | people just use it wrong ... | 22:43 |
leo-unglaub | you cannot write C code like you write PHP code ... | 22:43 |
leo-unglaub | with C you have to put in much more time | 22:43 |
leo-unglaub | but you get some awesome results | 22:43 |
diverse | well nothing stops people from creating logic bugs, but when it comes to memory and type safety, Rust will have your back. | 22:44 |
diverse | but some people just can't stand to deal with a bitchy compiler telling them their code sucks ;) | 22:45 |
diverse | leo-unglaub: so stuff like that heap bug won't happen, because allocated objects in Rust has this new concept called "ownership" and when it reaches out of scope it's automatically freed. It takes all the hardwork out of having to bookkeep memory. | 22:52 |
leo-unglaub | hehe | 22:52 |
leo-unglaub | i still dont like rust *g* | 22:52 |
diverse | that's fine | 22:52 |
diverse | leo-unglaub: let me guess, is it the syntax? | 22:53 |
leo-unglaub | yes *g* | 22:53 |
leo-unglaub | but i am an old dog ... thats just to fancy for me *g* | 22:54 |
diverse | I gotcha, because it does borrow a lot of syntax and ideas from FP languages like Ocaml, Haskell, and Scheme, so it will not be familiar to you. But from what I heard, people who didn't like it at first eventually got used to it and liked it. So it's a matter of getting used to it, if you can help it. | 22:55 |
leo-unglaub | thats true, but i come from a completely different language family | 22:56 |
leo-unglaub | i am used to C, Vala or PHP | 22:56 |
leo-unglaub | the FP languages are indeed different | 22:56 |
diverse | man, you are missing out on all the cool (if you can say new, because these ideas have existed since the 50-60s) features. | 22:57 |
leo-unglaub | haha, what i am really missing out is a good dinner, a clean appartment and a girlfriend *g* | 22:58 |
leo-unglaub | not some language features *g* | 22:58 |
leo-unglaub | hahaha | 22:58 |
diverse | well if your job eventually requires you to use Scala because of business programming trends, don't blame me for being FP ignorant ;) | 23:01 |
leo-unglaub | haha | 23:01 |
leo-unglaub | done deal *g* | 23:01 |
*** heroux has quit IRC | 23:13 | |
*** heroux has joined #crux-devel | 23:13 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!