| 00:11.15 | *** join/#utah Nemus (~Nemus@unaffiliated/nemus) |
| 01:10.56 | *** join/#utah T4rku5 (~T4rku5@unaffiliated/shunkydave) |
| 01:13.50 | *** join/#utah smcquay (~smcquay@173-164-185-125-SFBA.hfc.comcastbusiness.net) |
| 01:17.12 | *** part/#utah Nemus (~Nemus@unaffiliated/nemus) |
| 01:17.55 | *** join/#utah T4rku5 (~T4rku5@unaffiliated/shunkydave) |
| 01:36.10 | *** join/#utah vibrasian (~vibrasian@c-76-23-60-71.hsd1.ut.comcast.net) |
| 02:37.12 | *** join/#utah fozzmoo (~fozz@server.solitaryworld.net) |
| 03:24.40 | *** join/#utah Enemby (~Enemby@75-162-72-108.slkc.qwest.net) |
| 03:24.40 | *** join/#utah Enemby (~Enemby@unaffiliated/enemby) |
| 04:01.25 | *** join/#utah Sargun (~sargun@atarack/Staff/Sargun) |
| 04:13.43 | *** join/#utah IvAn__ (~StealthTa@104.152.62.14) |
| 05:00.09 | *** join/#utah IvAn__ (~StealthTa@104.152.62.14) |
| 05:06.00 | *** join/#utah siel (~siel@unaffiliated/motley) |
| 05:08.02 | *** join/#utah Enemby (~Enemby@unaffiliated/enemby) |
| 07:12.52 | *** join/#utah IvAn__ (~StealthTa@104.152.62.14) |
| 09:58.24 | *** join/#utah neanderslob_ (~quassel@c-50-168-247-73.hsd1.ut.comcast.net) |
| 10:05.28 | *** join/#utah neanderslob (~quassel@c-50-168-247-73.hsd1.ut.comcast.net) |
| 11:43.28 | *** join/#utah vibrasian (~vibrasian@c-76-23-60-71.hsd1.ut.comcast.net) |
| 12:16.50 | *** join/#utah vibrasian (~vibrasian@c-76-23-60-71.hsd1.ut.comcast.net) |
| 12:33.48 | *** join/#utah RuShan (~RuShan@2600:100e:b13a:8ac9:baef:f292:3d32:2320) |
| 14:00.01 | *** join/#utah pmcnabb (~peter@kaa.mcnabbs.org) |
| 14:12.38 | *** join/#utah emcnabb (emcnabb@nat/redhat/x-wrdnlpyfkphsfust) |
| 14:12.38 | *** mode/#utah [+v emcnabb] by ChanServ |
| 14:28.07 | *** join/#utah vibrasian (~vibrasian@c-76-23-60-71.hsd1.ut.comcast.net) |
| 15:16.34 | *** join/#utah T4rku5 (~T4rku5@unaffiliated/shunkydave) |
| 15:20.56 | *** join/#utah IvAn__ (~StealthTa@104.152.62.14) |
| 15:42.09 | *** join/#utah josephscott (~josephsco@192.0.80.201) |
| 15:44.25 | *** join/#utah kendsnyder (~Adium@68.69.174.66) |
| 16:02.32 | *** join/#utah dfinn (~Adium@c-73-52-164-113.hsd1.ut.comcast.net) |
| 16:13.41 | *** join/#utah RyanE (rberick@166.70.8.4) |
| 16:23.35 | jfindlay | ~nacho |
| 16:23.35 | infobot | The people here think I don't know a buttload of crap about the gospel, but I do! |
| 16:25.43 | *** join/#utah zzzirk (~zzzirk@67.21.63.148) |
| 17:21.01 | pashdown | i'd like to learn more infobot |
| 17:22.03 | *** join/#utah Heartsbane (tsharpe@shell.xmission.com) |
| 17:22.03 | *** join/#utah Heartsbane (tsharpe@unaffiliated/heartsbane) |
| 17:27.52 | asoc | Help! I get calls from people telling me my computer has errors but when I tell them it is a Linux box they just hang up on me! How am I supposed to ever find the errors my PC has! |
| 17:28.00 | asoc | :-P |
| 17:51.44 | *** join/#utah keldwud (ce47473f@gateway/web/freenode/ip.206.71.71.63) |
| 17:53.55 | keldwud | omg. so weird. apparently creating a directory in /var/log causes ubuntu 14.04 to hang on the next reboot during the "starting automatic crash report generation" stage |
| 17:54.22 | jfindlay | nice |
| 17:54.46 | keldwud | I mean, I've done a few other things after a clean install, like install rabbitmq, mongodb, nodejs, nginx and celery and virtualenv |
| 17:55.21 | keldwud | guess I'll have to install each one of those individually and then create a directory in /var/log then see which one is tied to the error |
| 17:55.26 | keldwud | so weird |
| 17:56.14 | keldwud | blew my mind when I first found it but after rebuilding my stack 3 times and using snapshots to revert to the time JUST before I ran mkdir /var/log/mozdef, I had to accept that it was really happening |
| 17:56.37 | keldwud | I'm wondering if it has something to do with virtualenv |
| 17:56.51 | keldwud | which is installed via pip |
| 17:57.49 | keldwud | anybody else ever run into anything weird like this? where creating a directory in /var/log causes system to hang on the next boot? |
| 17:59.05 | keldwud | I tested by creating other directories in other locations and rebooting but I couldn't recreate the issue like that |
| 17:59.17 | keldwud | just by creating a directory in /var/log using root and sudoers |
| 18:06.03 | keldwud | so now I'm going through my stack to see who the culprit is |
| 18:09.23 | keldwud | it's going to go like this |
| 18:10.20 | keldwud | snapshot <command1> && reboot now; mdkir /var/log/mozdef && reboot now; snapshot <command2> && reboot now; etc etc |
| 18:14.30 | *** join/#utah emcnabb (emcnabb@nat/redhat/x-plgqdntqmzvkqdhl) |
| 18:14.30 | *** mode/#utah [+v emcnabb] by ChanServ |
| 18:29.20 | eightyeight | levi: started the 2nd WoT book. :) |
| 18:30.03 | keldwud | eightyeight: how'd you like eye of the world? I've never met anybody who has *just* started the series. I really liked eye of the world but that's it |
| 18:30.32 | keldwud | in my teen years I stopped reading the 4th book about 3/4ths of the way through even though I tried for a year to finish it |
| 18:30.40 | eightyeight | so, here's something interesting about it |
| 18:30.46 | keldwud | last year I tried again and made it about halfway through the great hunt before giving up again |
| 18:30.48 | eightyeight | i came to jordan from brandon sanderson |
| 18:31.01 | eightyeight | almost immediately, i could see the jordan influence on sanderson in mistborn |
| 18:31.14 | keldwud | I'd recommend either stick to it just for pure commitment or give up when you're no longer enjoying it |
| 18:31.25 | eightyeight | however, after finished EotW, it's clear jordan was inspired by tolkien |
| 18:31.29 | keldwud | yeah, mistborn definitely had the whole "reborn" thing going on |
| 18:31.47 | keldwud | and I agree that eye of the world is very tolkienesque |
| 18:31.58 | eightyeight | almost to the point that it's a rip-off |
| 18:32.00 | eightyeight | almost |
| 18:32.24 | eightyeight | i really enjoyed it though |
| 18:32.52 | eightyeight | i read 'new spring' first, actually |
| 18:33.41 | eightyeight | keldwud: https://www.goodreads.com/review/show/1423373550?book_show_action=false |
| 18:33.43 | levi | It gets less Tolkienesque, I think. |
| 18:33.50 | eightyeight | (my review of the book) |
| 19:40.01 | levi | eightyeight: Have you read anything by Guy Gavriel Kay? |
| 19:41.42 | levi | He helped out Christopher Tolkien with The Silmarillion, and his own books range on a spectrum from high fantasy to historical fiction with light fantasy elements. |
| 19:53.09 | jfindlay | the stupid thing about magnet toys is that they don't tell you the polarity of the fields, so when you try to build something of more than trivial complexity or size it crumbles |
| 19:53.42 | jfindlay | magnetic fields are not unipolar (that we know of) and if they were, it's far more likely that there would still be two flavors |
| 19:58.59 | levi | I'll take a chocolate magnet, please. |
| 19:59.19 | keldwud | is that anything like chocolate rain? |
| 19:59.36 | levi | I have no idea, I just stuck some random words together. |
| 20:00.24 | eightyeight | levi: i haven't read anything of his |
| 20:19.20 | keldwud | ok I found the portion of my stack that was screwing things up |
| 20:19.51 | keldwud | it happens not after I install nginx, but when I copy over an nginx.conf from MozDef's repository |
| 20:20.30 | keldwud | but that still doesn't make sense that after updating my nginx.conf locally that creating /var/log/<newfolder> would cause it to hang on boot |
| 20:20.39 | keldwud | it boots just fine as long as I don't create folders in /var/log |
| 20:20.44 | keldwud | I can create other folders |
| 20:21.09 | keldwud | any ideas? I'm looking through his nginx.conf now to see what in the heck would cause that kind of behavior |
| 20:21.47 | keldwud | ahh, this would be it, wouldn't it |
| 20:22.11 | keldwud | server { #stuff; #morestuff; error_log /var/log/mozdef/loginput_nginx_error.log notice; } |
| 20:22.59 | keldwud | it's trying to put a log in a folder that doesn't exist. would that cause a hang at boot? |
| 20:23.12 | keldwud | .ping infobot |
| 20:23.23 | keldwud | @help |
| 20:23.28 | keldwud | !help |
| 20:23.30 | keldwud | .help |
| 20:23.38 | keldwud | did I diededed? |
| 20:24.41 | eightyeight | ~help |
| 20:24.56 | eightyeight | ^ pms you |
| 20:26.38 | jfindlay | so if you know the polarity of the magnets, you can create structures that will actually stay assembled |
| 20:27.26 | jfindlay | the problem is that we've failed to educate the public properly about how magnetic fields really work, so people don't want to know that the fields are polar |
| 20:27.52 | jfindlay | and expect their magnet toys to magically connect regardless of orientation |
| 20:31.43 | eightyeight | jfindlay: what are you trying to do? |
| 20:32.01 | eightyeight | can't you figure out the polarity with an existing magnet whose polarity you do know? |
| 20:32.44 | jfindlay | eightyeight: yes, of course, but I'll have to manually do that with each magnetic component |
| 20:33.11 | jfindlay | but they should be manufactured with a polarity indicator on them so I don't have to reverse engineer it |
| 20:33.52 | eightyeight | what are you working on? |
| 20:36.19 | RyanE | jfindlay: you have quite the business opportunity there: Professional magnet toy polarization marker. |
| 20:36.22 | jfindlay | ferromagnetic materials confusing people on the nature of magnetic fields is similar to the dominance of the incorrect Aristotelian mechanics for millenia by elevating frictive forces to fundamental status, inseparable from any and all phenomena |
| 20:36.32 | RyanE | for a nominal fee, you'll mark the 'N' on all magnet toys. |
| 20:37.05 | jfindlay | ferromagnetic materials align their domains to the ambient magnetic field by definition |
| 20:37.44 | jfindlay | eightyeight: I've decided to complain about this particular topic now so I can move on with my life |
| 20:37.51 | jfindlay | find something else and complain about that |
| 20:41.24 | eightyeight | https://pbs.twimg.com/media/Cb_SJnaWIAACTQR.jpg:large |
| 21:46.38 | TodPunk | keldwud: if it's a boot process trying to do that, then it would hang at boot, yes |
| 21:46.43 | TodPunk | *could |
| 21:51.55 | keldwud | hey if I wanted to SRC => SSL => BLACKBOX => TLS => DEST, stunnel would be my guy, right? |
| 21:55.22 | TodPunk | SSL to TLS? |
| 21:56.14 | eightyeight | SSL shouldn't be in production anymore |
| 21:56.21 | eightyeight | yes, i'm going to be pedantic |
| 21:56.47 | eightyeight | also, assuming SRC/DEST = client, and TLS = service |
| 21:56.54 | eightyeight | BLACKBOX = NSA? |
| 21:57.46 | levi | I assumed it was the box running some tunnel-creating software. |
| 21:58.03 | TodPunk | thought this is what OpenVPN was made for |
| 21:58.28 | TodPunk | stunnel could be some overlap though |
| 21:58.59 | eightyeight | keldwud: what are you trying to do? |
| 22:15.04 | *** join/#utah TimRiker (~TimRiker@bzflag/projectlead/TimRiker) |
| 22:15.04 | *** mode/#utah [+o TimRiker] by ChanServ |
| 23:01.25 | keldwud | eightyeight: I'm trying to take old as shit java app output that outputs SSL to an external site that only accepts TLS because security |
| 23:01.48 | keldwud | sorry, blackbox was the box that I am creating |
| 23:02.05 | keldwud | not sure what's going in it yet, but I want it to take SSL as input and output TLS |
| 23:02.21 | keldwud | but yeah, SSL shouldn't be in production |
| 23:02.37 | keldwud | but devs don't like to upgrade to newer versions of java |
| 23:03.37 | keldwud | so I think a few options I have are stunnel, openvpn(?), squid |
| 23:04.28 | keldwud | squid is a full proxy, though, I don't really need proxy, just need to change the SSL to TLS and I can't do it at the layer that is outputting the SSL, have to transform it at a new layer, hence the 'blackbox' |
| 23:17.22 | TodPunk | keldwud: you need a man-in-the-middle |
| 23:17.25 | TodPunk | which is problematic |
| 23:18.52 | TodPunk | Ultimately the java app with a man-in-the-middle is meaningless as it won't improve security to have the blackbox you're speaking of anywhere but in the java app itself |
| 23:19.36 | TodPunk | if the java app is the server in this cast, you have your SSL/TLS backwards in your diagram |
| 23:19.41 | TodPunk | *case |
| 23:26.07 | levi | I don't think improved security is the goal here, or the devs would be upgrading their Java instead of keldwud trying to figure out some crappy way around the incompatibility. |
| 23:26.42 | TodPunk | that's fair, I did mean meaningless to security, not like "you're wasting you time" |
| 23:27.44 | TodPunk | although again, if it's a java app on the client, having SSL on the server isn't a problem |
| 23:31.37 | levi | There seem to be conflicting needs at the endpoints that can't be directly changed by keldwud. The Java endpoint refuses TLS, the other party refuses anything *but* TLS. He is left trying to satisfy both parties with some widget in-between. |
| 23:31.40 | programmerq | keldwud: to be honest, nginx would be perfect for this. |
| 23:31.52 | programmerq | it too would be running in reverse proxy mode, but that sounds like it is kind of what you need. |
| 23:33.25 | levi | A proxy / reverse-proxy does sound like the right shape to for this particular widget. |
| 23:33.33 | keldwud | programmerq for real? interesting |
| 23:33.35 | levi | Er, "right shape for" |
| 23:34.04 | keldwud | TodPunk: yeah, we're not actually trying to improve the security, just make the round peg a square peg |
| 23:34.33 | TodPunk | keldwud: java client or server? These are the answers I crave! |
| 23:34.42 | keldwud | the starting point is java |
| 23:34.50 | keldwud | the end point is who knows |
| 23:34.56 | keldwud | I just know that I need to give it TLS |
| 23:35.33 | keldwud | and all I have to give it is SSL and I don't have the authority to force the source or dest to change |
| 23:35.45 | keldwud | it's a java app |
| 23:35.58 | levi | It doesn't need to be a caching-proxy like squid, but it does need to understand enough about what's going on at a protocol level to successfully pretend it's initiating queries itself to the TLS endpoint. |
| 23:36.05 | keldwud | exactly |
| 23:36.26 | keldwud | I wasn't aware of this feature of nginx, I'll look into it |
| 23:36.44 | TodPunk | keldwud: does the java run on my comp and I connect to your SSL, or does the java serve SSL and my browser contacts IT? |
| 23:36.46 | keldwud | is that the general consensus? nginix might be better to look into than stunnel? |
| 23:37.07 | TodPunk | yes, nginx |
| 23:37.18 | keldwud | TodPunk: oh the java app runs on a server and generates a payload encrypted with SSL |
| 23:37.35 | TodPunk | ok, so it's a server |
| 23:37.35 | keldwud | and it sends the payload to a 3rd party API |
| 23:37.44 | TodPunk | ok, so it's not a server |
| 23:37.52 | keldwud | really just generates a request |
| 23:38.38 | keldwud | which will initiate a payload on the 3rd party side sent to me inside TLS which I will then also need to get back to the java app |
| 23:38.47 | keldwud | this is a non-trivial thing, isn't it |
| 23:39.16 | keldwud | for some reason I just thought I could point traffic to a port on my "stunnel middle man" and that would forward it to the proper place |
| 23:39.58 | keldwud | it's a server |
| 23:40.25 | keldwud | gtg, bbl |
| 23:40.27 | keldwud | <3 |
| 23:40.35 | keldwud | thanks for the discussion and the recommendation for nginx |
| 23:40.44 | keldwud | I'll research it and come back with more questions :) |
| 23:45.56 | levi | Does stunnel speak SSL and TLS on both its incoming link and its outgoing link? I mostly see it used as providing a secure public port that tunnels to an insecure stdio interface to a child process or an insecure local port. |
| 23:47.24 | programmerq | keldwud: reverse proxy is one of the primary usecases of nginx in my experience. |
