IRC Logs for #crux-devel Thursday, 2014-11-13

« Wednesday, 2014-11-12 Index Friday, 2014-11-14 »
*** leo-unglaub has quit IRC00:18
*** Feksclaus has quit IRC00:40
*** tilman has quit IRC01:04
*** tilman has joined #crux-devel01:05
*** mechaniputer has left #crux-devel ()01:10
*** Feksclaus has joined #crux-devel02:37
*** mavrick61 has quit IRC03:25
*** mavrick61 has joined #crux-devel03:26
*** Feksclaus has quit IRC03:45
*** erdic_ has joined #crux-devel04:12
*** erdic has quit IRC04:12
*** jaeger has quit IRC04:12
*** jaeger has joined #crux-devel04:12
*** mechaniputer has joined #crux-devel04:30
*** mechaniputer has quit IRC05:17
*** Workster has quit IRC06:24
jueprologic: have a look at mysql-ruby and sqlite3-ruby; the first works like the "old" way by using extconf.ruby, the second is using a gem package09:22
jueRomster: I've committed a fix for the findredundantdeps problem and added a module to prtverify to find duplicated deps in the '# depends on:' line09:25
Romsterjue, ah that's a nice idea. i didn't think of that for prtverify. thank you for that.09:42
*** erdic has joined #crux-devel10:17
prologicjue, thanks I'll take a look at those11:02
prologicright now I"m just packaging up the rpm version of vagrant11:03
prologicit's not ideal but it seems to work okay11:03
*** xetver has quit IRC11:04
*** xetver has joined #crux-devel11:05
*** Feksclaus has joined #crux-devel15:01
*** diverse has joined #crux-devel16:10
diverseis there SSL certificates provided by default?16:33
diverseRomster: youtube-dl needs to be updated17:37
teK_gtk3 or qt4 as toolkit for wireshark?20:02
teK_it's too stupid to detect one if the other is not present20:02
teK_I tend to say gtk3 as qt4 takes about 3 hours to build20:03
diverseI thought wireshark ditch gtk in favor for qt4 a while ago?20:03
teK_my current build runs with:20:04
teK_              --with-qt4=no \20:04
teK_              --with-gtk3=yes20:04
teK_uninstalling qt4 results in a build failure if I leave out those two lines20:05
diverseteK_: the problem I see with gtk3 is that it's not reliable and controlled by a facist company like redhat, where as qt is hard to deal with when building things.21:01
teK_we will see if complaints will roll in ;)21:02
teK_I'd hope for wireshark to add detection for available kits21:03
teK_yet there has to be a dependecy listed either way21:03
diverseteK_: what would happen if gtk3 requires systemd as a dependency one day?21:05
diverseteK_: actually can you make a port for each?21:10
diversesay wireshark-gtk and wireshark-qt?21:10
diversethe current wireshark port being wireshark-gtk and wireshark-qt with --with-qt4=yes --with-gtk3=no?21:13
teK_we could yeah21:13
teK_but let's wait what will happen to gtk3 :)21:13
diversesigh, I wish gtk2 was still an option21:14
diverseI rather not touch gtk3 if I can help it21:17
diverseteK_: btw, I'm getting an issue with building one of my personal ports because it needs SSL certificates: https://gist.github.com/anonymous/d3f197785957cf974ae121:22
diversedoes crux provide the certificates by default or do I need to generate them?21:22
*** leo-unglaub has joined #crux-devel21:46
leo-unglaubhttp://crux.nu/bugs/index.php?do=details&task_id=108621:52
leo-unglaubany ideas, feedback, ... ?21:53
teK_there is a port for the trusted CAs21:57
diverseteK_: name?21:57
teK_ca-certificates21:58
diversethanks21:58
teK_either the port is outdated or your http-server-provider screwed up (like oracle for jdk ...)21:58
teK_np21:58
teK_leo-unglaub: yes, I considered applying21:58
teK_If I find the time, I can do that some time december21:59
teK_I'm super busy with university and work related things21:59
leo-unglaubteK_: i just have done it for 10 domains ... takes just a few minutes21:59
leo-unglaubhttps://bitbucket.org/foxship/scripts/src/a1b9531e0c9244087dd73996b091fd423efd34a3/generate-ssl.sh?at=master21:59
leo-unglaubi have a script for it21:59
diverseit's not an http server, it's for something else that needs the verification22:00
teK_how do we prove that we're OSS? Provide the URL and wait for confirmation?22:01
leo-unglaubteK_: you don't have to prove anything22:01
leo-unglaubeveryone can get a class 1 cert22:02
leo-unglaubfor anything22:02
leo-unglaubeven for a business22:02
teK_what.22:02
teK_and startssl is in all regular browsers?22:02
leo-unglaubyes :)22:02
leo-unglaubin all browsers, even in those fucked 10 year old MS hand helds things *g*22:03
teK_wtf22:03
leo-unglaubi just pumped our 13 certs for the company and all other sites i manage22:03
leo-unglaubhehe22:03
leo-unglaubhttps://www.leo-unglaub.net/ <- this site uses one of the certs22:04
leo-unglaubvalid in every browser22:04
leo-unglauband 8192 bits long22:04
leo-unglaubhahaha22:04
leo-unglaubdo you want to know the funny part?22:04
teK_sure22:04
leo-unglaubthe default MAC SSL library cannot handle 8192 bits certs *g* the max length supportes if 4k *g*22:05
leo-unglaubthats how bad apple is ...22:05
diverseby apple you mean safari?22:05
leo-unglaubno, the apple ssl toolkit22:05
teK_thanks for the hint.22:05
diverseah22:05
leo-unglaubchrome uses the apple ssl toolkit, so even chrome on MAC fails22:05
leo-unglaubchrome on windows works fine *g*22:06
leo-unglaubit took me 2 days to figure it out why it was not working on a mac of my boss *g*22:07
leo-unglaubfucking apple22:07
diverseheh22:07
leo-unglaubdiverse: i would understand it if they would throw a real eror message22:07
diverseso essentially openssl kicked the ass out of apple ssl? Even though openssl is terribly written22:07
leo-unglaubbut they just say "unable to read cert"22:07
leo-unglaubdiverse: openssl is a bad as it gets ... gnutls is also very bad ...22:08
leo-unglaubthere is only one very good ssl/tls library out there22:08
diversegnutls > openssl22:08
leo-unglauband thats polarssl22:08
leo-unglaubpolarssl > NSS > gnutls > openssl22:08
diversewell I'm hoping libressl once it's matured will kick the ass out of all implementations22:09
leo-unglaubi really doubt it ...22:09
leo-unglaubbecause those idiots want to keep api compatibility22:09
leo-unglauband keeping openssl api compat is the worst thing you can do22:09
diversehow so?22:09
leo-unglaubthe openssl api is horrible22:10
leo-unglaubit practicly forces you to write bad code ..22:10
leo-unglaubevne if they clean up all the mess inside22:10
leo-unglaubyou still have a horribly API that makes it so hard for developers to use it properly22:11
teK_but they introduce a prallel, improved API, too?22:11
leo-unglaubnot that i know of, no22:11
diversewell unfortunately 2/3 of the internet already use this horrible api, so if a better one exists that uses a compatible api, people will shift to it22:12
diversepeople aren't going to rewrite their apps from scratch22:12
leo-unglaubi am a paranoid crypto nut ... *g* i spend weeks to just get the handshake right ...22:12
leo-unglauband i have come to the comclusion ... openssl sucks *g*22:12
leo-unglaubthats why i am only using polarssl22:13
leo-unglaubthats clean and good written c code22:13
diversenothing wrong with security, people could pay for you for your knowledge22:13
leo-unglaubin our company we have a framework called "firemoon" and in there we use now polarssl for the handshake22:14
diversecool22:14
leo-unglauband then we put on that TLS stream either an OTR container or a secound TLS stream made by NSS22:14
leo-unglaubthat way, even if one crypto is broken thru a bug, the secoud one is holding up22:14
leo-unglaubi made this mandatory for all software we procude in the company22:15
diverseawesome22:15
diverseor should I say, "fantastisch"22:16
leo-unglaubi am fighting to get my boss to release it under the GPL22:17
leo-unglaubbut thats currently a hard fight ..22:17
diversehmm, maybe persuade him with a BSD or MIT license?22:17
leo-unglaubhehe, but i am confident i will win this fight ... because all files already have the GPL header *g*22:17
diverseah22:17
leo-unglaubso i must release them or i can get into trouble *g*22:17
diverseor keep it hush-hush22:18
leo-unglauboh, damn ... you are right .. according to the file header i am the author of it *g*22:18
leo-unglaubdamn default file template *g*22:18
diverseright about what?22:18
diverseoh I see22:19
diversewell you could use BSD or MIT and say it's a more "business-friendly" license to persuade your boss22:20
leo-unglaubi am a huge fan of RMS ... and i don't care about licences at all al long as the source code is free ... so in this case i just trust RMS and stick with the GPL22:22
leo-unglaubmy boss doesn't know the difference between BSD and GPL, he doesn't want me to release it at all22:22
leo-unglaubbecause there is actually a lot of company time in it22:23
leo-unglauband he makes money with that software22:23
leo-unglaub... :(22:23
*** Workster has joined #crux-devel22:24
diversewell that make senses from a business point of view. In order to be competitive you wouldn't want to share your work in order to not be out competed22:24
teK_it does not necessarily22:25
teK_often the effort to package and integrate things outweighs the danger to destroy your business model by releasing the source22:25
teK_after all, you have the chance of a community contributing back new ideas and code into your _company_22:26
diversewell, I guess using GPL will force changes upstream if some other company decided to use it and make changes.22:26
teK_but who am I to argue on that topic :)22:26
diversebut that's if they make changes22:26
leo-unglaubi also see the benefit from having a comminuty looking over the source code22:27
leo-unglaubbut i also understand my boss22:27
leo-unglaubhe has to make money so he can pay me22:27
leo-unglaubbut still, i prefer open source !!22:27
leo-unglaubah, btw, ... crux has a polarssl package ;)22:28
leo-unglaubi made one ;)22:28
diverseheh22:28
leo-unglauband you can for example link curl against polarssl22:28
teK_and fefes gatling :p22:28
leo-unglaubhahaha, yes ...22:28
teK_was the first time I encountered that package name22:29
leo-unglaubthat thing must be a hell of a beast *g*22:29
teK_ach Felix :>22:29
diverseah so that's why you used "fefe"22:29
teK_it's his nickname22:30
diverseoh22:30
teK_visit www.fefe.de for the (gory) details22:31
teK_off to bed22:31
leo-unglaub;)22:31
teK_hard day ahead of me22:31
teK_:-)22:31
diverseteK_: have a good one22:31
teK_thanks, you too22:31
leo-unglaubsleep tight22:31
teK_wll do :>22:31
diverseI guess too bad not much software use better ssl libraries22:33
diverseor have build options for them22:33
diverseleo-unglaub: for example I had Romster build aria2 with gnutls instead of openssl22:34
leo-unglaubgnutls just had last this week a huge heap bug22:35
leo-unglaubthe problem is, the gnutls code is a little bit better, but it has less than 10% of the openssl auditing22:36
leo-unglaubbecause openssl is used by google and they actually look over it a little bit more22:36
diversepft, that auditing is nothing then22:36
leo-unglaubbut yes, it makes me as a security nut very sad that crypto support is sooo bad in sooo much tools22:36
leo-unglaubwell, the little auditing it gets is better than nothing, but still sad22:37
leo-unglaubspecially google is a bad example from my part22:37
leo-unglaubbecause the security holes they found where not that special at all22:37
leo-unglaubthat poodle attack that they put huge into the media?22:37
leo-unglaubthat was litterally the same as the beasty attack years ago ... just a little bit modified ...22:38
diverseall this security stuff makes me glad I'm learning Rust.22:38
leo-unglaubthis affects rust as well22:39
leo-unglaubbecause if you need an ssl stream in rust .. you propobly also call openssl underneath22:39
diversewell because of the C libraries22:39
diverseif someone implements an SSL in pure Rust, it's 99% percent guarenteed safe22:40
diverseonce it compiles22:40
leo-unglaubhehe, i have a different opinion on that *g*22:41
diversewell it's because Rust has to expose the "unsafe" layer in order to bind to C libraries, so yeah there would be problems because of the C code22:42
diverseand because there is some many C libs out there22:42
diverses/some/so/22:42
leo-unglaubc is definitifly not the problem ...22:43
leo-unglaubpeople just use it wrong ...22:43
leo-unglaubyou cannot write C code like you write PHP code ...22:43
leo-unglaubwith C you have to put in much more time22:43
leo-unglaubbut you get some awesome results22:43
diversewell nothing stops people from creating logic bugs, but when it comes to memory and type safety, Rust will have your back.22:44
diversebut some people just can't stand to deal with a bitchy compiler telling them their code sucks ;)22:45
diverseleo-unglaub: so stuff like that heap bug won't happen, because allocated objects in Rust has this new concept called "ownership" and when it reaches out of scope it's automatically freed. It takes all the hardwork out of having to bookkeep memory.22:52
leo-unglaubhehe22:52
leo-unglaubi still dont like rust *g*22:52
diversethat's fine22:52
diverseleo-unglaub: let me guess, is it the syntax?22:53
leo-unglaubyes *g*22:53
leo-unglaubbut i am an old dog ... thats just to fancy for me *g*22:54
diverseI gotcha, because it does borrow a lot of syntax and ideas from FP languages like Ocaml, Haskell, and Scheme, so it will not be familiar to you. But from what I heard, people who didn't like it at first eventually got used to it and liked it. So it's a matter of getting used to it, if you can help it.22:55
leo-unglaubthats true, but i come from a completely different language family22:56
leo-unglaubi am used to C, Vala or PHP22:56
leo-unglaubthe FP languages are indeed different22:56
diverseman, you are missing out on all the cool (if you can say new, because these ideas have existed since the 50-60s) features.22:57
leo-unglaubhaha, what i am really missing out is a good dinner, a clean appartment and a girlfriend *g*22:58
leo-unglaubnot some language features *g*22:58
leo-unglaubhahaha22:58
diversewell if your job eventually requires you to use Scala because of business programming trends, don't blame me for being FP ignorant ;)23:01
leo-unglaubhaha23:01
leo-unglaubdone deal *g*23:01
*** heroux has quit IRC23:13
*** heroux has joined #crux-devel23:13
« Wednesday, 2014-11-12 Index Friday, 2014-11-14 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!