IRC Logs for #crux-devel Tuesday, 2015-01-06

prologicDo we have an influx of new CRUX users again? :)02:42
prologicSeems we need to fix our XFCE4 ports02:42
diverseprologic: we've been having new users for quite a while now, although it looks like the average user count in #crux has dropped a little compared to a month ago02:44
prologicyeah that doesn't worry me nor surprises me02:45
prologicwho uses IRC anyway :)02:45
prologicbut few new folk hitting the mailing list02:45
diversewell there are some users that drop by when the have a problem and leave when they are done02:46
diverseas well02:46
prologictrue02:47
*** mavrick61 has quit IRC03:33
*** mavrick61 has joined #crux-devel03:34
*** Feksclaus has quit IRC04:16
*** c0x has quit IRC08:46
*** leo-unglaub has joined #crux-devel08:57
*** leo-unglaub has quit IRC09:22
*** c0x has joined #crux-devel09:47
*** crash_ has joined #crux-devel10:27
*** c0x has quit IRC10:46
*** c0x has joined #crux-devel10:57
*** crash_ has quit IRC11:18
*** c0x has quit IRC11:40
*** c0x has joined #crux-devel12:53
*** Lukc has quit IRC13:31
*** leo-unglaub has joined #crux-devel15:22
teK_I asked sepen to appear in #crux-devel so we can talk things (his presence in general, leo's and Romster's xfce improvements in special)17:24
teK_no response17:24
teK_he did update ports though17:24
leo-unglaub1 port in xfce17:27
teK_and some in opt17:28
leo-unglaubwell, i forked some xfce ports into my repository17:35
leo-unglaubmaybe sometimes in the future we can port them back17:35
leo-unglaubi personally dont care if the fix is in the official repositorys or in another one17:35
jaegerIt seemed like sepen was willing to accept some help, if I read the thread correctly17:36
leo-unglaubi am not sure, he used a word that i dont understood *g*17:38
leo-unglaubbut currently i am updating the openssl package, because according to the last snowden docs we have some patching to do there17:39
teK_<root@crux.nu> (expanded from <hostmaster@crux.nu>): cannot update mailbox /var/mail/root for user root. error writing message: File too large17:42
teK_oops17:42
teK_cleaning up..17:43
jaegerroot have a ton of notification emails sitting around?17:44
teK_yeah17:44
teK_cronjobs etc17:44
teK_and spam from frinnst :P17:44
leo-unglaubhas anyone of you a problem with raising the openssh keylength to 4096 instead of 1024?17:52
frinnst!"#�18:18
frinnstnot at all leo. Im surprised we still use 102418:18
frinnsti guess its one of those things thats easily overlooked18:18
diversethank goodness for our security expert18:19
leo-unglaubfrinnst: indeed, it's easy to miss because no one expects those crappy default values18:19
leo-unglaubi just noticed it because it's my job to make applications more secure :)18:19
frinnst"Generally,  2048 bits is considered sufficient."18:21
frinnstnot anymore, its not18:21
leo-unglaub*g*18:21
leo-unglaubwe have two options18:21
diverseit's 2015, of course it's not18:21
leo-unglaubA: we add -b 4096 to the generate commands in the rc file18:22
leo-unglaubB: we patch the sshd_config file during installation and add ServerKeyBits 409618:22
leo-unglaubi personally would do woth :)18:22
leo-unglaubboth18:22
leo-unglaubalso, i would remove DSA18:23
leo-unglaubbecause thats fucking dangerous18:23
diversewhat's the better alternative?18:23
diverseI'm not familiar with all the *SAs18:24
leo-unglaubas far as i know the sshd_config would not be updated by default18:24
leo-unglaubso all existing installations would still use the old config18:24
leo-unglaubdiverse: well, DSA has a huge problem18:26
leo-unglaubit works fine if you have a good random number generator18:26
leo-unglaubbut if your random numbers get just a little bit weak, you are fucked18:26
frinnstyeah dsa is fucked, but old crap might still depend on it18:27
diverse(again being crippled by the old crap)18:27
leo-unglaubfrinnst: old crap? even OTR is still using DSA ..18:27
leo-unglauband those guys are "security experts"18:27
diversewhat the?18:28
leo-unglaubrunning around at 31c3 and telling everyone that the NSA cannot crack OTR according to snowden ...18:28
leo-unglaubbut internally they use DSA ...18:28
diverseleo-unglaub: so what do you recommend I would use for good practice?18:29
leo-unglaubit completely depends on the usesace18:29
leo-unglaubusecase18:29
leo-unglaubrsa maybe ... but if you can ec18:30
diversereally it needs error correction?18:30
leo-unglaubthey all have problems18:31
diversewell not "problems" just disadvantages18:31
leo-unglaubbut the DSA problem is sooo huge that a lot of people expect the bug to be "by design"18:31
diverseheh18:31
diverseleo-unglaub: are you using ecc on your crux systems? ;)18:32
leo-unglaubdiverse: yep :)18:32
diverseoh actually lets continue this discussion back at #crux18:32
leo-unglaubfrinnst: are you going to patch openssl up?18:33
leo-unglaubor should i do it? i would do it if you give me git access ;)18:33
diverse(or replace it with libressl?)18:33
leo-unglaubdiverse: i have to test that for a little bit more before i make that suggestion18:33
leo-unglaubhowever, i like the idea :)18:34
leo-unglaubdiverse: if you are interrested in DSA, https://en.wikipedia.org/wiki/Digital_Signature_Algorithm <- read the part "Sensitivity"18:36
leo-unglaubalso, it was designed by some former NSA guys ;) so do you own conclusion *g*18:36
diverseheh18:37
frinnstIf anybody would like to open a bugreport for openssh that would be most welcome18:39
frinnstafk18:39
teK_yeah and the someone doing that please adds disabling ssh-1 in general18:59
leo-unglaubi can send you my sshd_conf tomorrow if you want19:00
leo-unglaubthat one should take care of all those things19:00
teK_there's some github site floating around the interwebs on best practises19:00
teK_might be worth a look, too19:00
teK_https://stribika.github.io/2015/01/04/secure-secure-shell.html19:00
diversethis looks pretty recent :)19:00
leo-unglaubyeah, the document is nice, however the part with the hidden service is ... well ... have you ever tryed to work on a terminal with 800ms delay??19:07
leo-unglaubpretty anoying *g*19:08
teK_I  have, it sucks19:08
leo-unglaubwell, in a few years when Tor has 1 billion relays ... then it will be a posibillity19:09
leo-unglaubbut until then ..19:09
*** leo-unglaub has quit IRC19:18
*** leo-unglaub has joined #crux-devel19:20
*** leo-unglaub has quit IRC20:12
*** leo-unglaub has joined #crux-devel22:08
*** irclogger______ has joined #crux-devel23:21
*** nrxtx has joined #crux-devel23:21
*** novak has joined #crux-devel23:21
*** jaeger has joined #crux-devel23:21
*** mavrick61 has joined #crux-devel23:22
*** jue has joined #crux-devel23:22
*** leo-unglaub has quit IRC23:26
*** Feksclaus has joined #crux-devel23:49

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!