| Friday, February 7th, 2014, 00:01 UTC | ||
| [00:01:10] | stichnot (stichnot!~stichnot@mythtv/developer/stichnot) has joined #mythtv | |
| [00:11:06] | wagnerrp: | the forum does not seem to be sending out confirmation emails |
| [00:13:37] | stuartm: | wagnerrp: the mail server has problems with @mythtv.org addresses |
| [00:13:50] | stuartm: | should get that fixed tomorrow |
| [00:14:02] | wagnerrp: | can't email itself? :) |
| [00:14:11] | stuartm: | well I mean hopefully stuarta will fix it tomorrow, I wouldn't know where to start |
| [00:15:10] | stuartm: | wagnerrp: some silly anti-spam measure, yes, basically it rejects emails to local accounts because technically they aren't local accounts but aliases |
| [00:15:53] | stuartm: | so it decides that smorgan isn't a valid user on alcor and bounces the email |
| [00:16:42] | stuartm: | same problem prevents use of @mythtv.org email addresses with the mailing lists |
| [00:16:44] | wagnerrp: | so time to go digging through the outbound spooler.... |
| [00:16:58] | stuartm: | wagnerrp: I can manually activate your account for now |
| [00:17:27] | wagnerrp: | or that |
| [00:17:55] | stuartm: | done |
| [00:18:11] | wagnerrp: | thanks |
| [00:20:54] | neufeld (neufeld!~user@69-165-173-139.dsl.teksavvy.com) has joined #mythtv | |
| [00:21:23] | wagnerrp: | digging through postfix's deferred mail was a bust anyway |
| [00:24:39] | TheCras1 (TheCras1!~TheCrashe@p5DCE4DE0.dip0.t-ipconnect.de) has joined #mythtv | |
| [00:28:02] | TheCrasher (TheCrasher!~TheCrashe@p5DCE4DD7.dip0.t-ipconnect.de) has quit (Ping timeout: 252 seconds) | |
| [00:28:15] | jya_ (jya_!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [00:30:41] | stuartm: | "Recipient address rejected: User unknown in local recipient table" |
| [00:31:41] | stuartm: | is the error, and it's smtp not postfix that throws the error |
| [00:32:01] | wagnerrp: | ah |
| [00:33:32] | stuartm: | well postfix/smtpd |
| [00:39:20] | stuartm: | anyhow, if anyone else reading this is tempted to sign up with their mythtv.org address, don't, you can always change it later once we've beaten the smtp/postfix/other process into submission |
| [00:39:32] | stuartm: | and when I say we, again I mean stuarta |
| [00:42:37] | skd5aner: | stuartm: btw, I really like the cleanliness of the the forum theme – good job on throwing that together so quickly |
| [01:22:37] | tstorm (tstorm!~tstorm@50-76-62-217-ip-static.hfc.comcastbusiness.net) has joined #mythtv | |
| [01:27:17] | TheCras1 (TheCras1!~TheCrashe@p5DCE4DE0.dip0.t-ipconnect.de) has quit (Quit: KVIrc 4.3.1 Aria http://www.kvirc.net/) | |
| [01:37:14] | wahrhaft (wahrhaft!~quassel@cpe-24-210-69-143.columbus.res.rr.com) has joined #mythtv | |
| [02:07:12] | tstorm (tstorm!~tstorm@50-76-62-217-ip-static.hfc.comcastbusiness.net) has quit (Ping timeout: 260 seconds) | |
| [02:52:41] | andreaz (andreaz!~andre_000@p5DCA3126.dip0.t-ipconnect.de) has quit (Ping timeout: 252 seconds) | |
| [02:53:29] | andreaz (andreaz!~andre_000@p5DCA3126.dip0.t-ipconnect.de) has joined #mythtv | |
| [03:05:13] | _nyloc_ (_nyloc_!~quassel@p57B4F324.dip0.t-ipconnect.de) has joined #mythtv | |
| [03:09:14] | nyloc (nyloc!~quassel@p3EE2CA2F.dip0.t-ipconnect.de) has quit (Ping timeout: 245 seconds) | |
| [03:52:42] | peper03 (peper03!~peper03@mythtv/developer/peper03) has quit (Read error: Operation timed out) | |
| [03:58:27] | peper03 (peper03!~peper03@mythtv/developer/peper03) has joined #mythtv | |
| [04:26:34] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Ping timeout: 252 seconds) | |
| [04:26:34] | jya_ is now known as jya | |
| [04:34:26] | fetzerch (fetzerch!~quassel@unaffiliated/fetzerch) has quit (Ping timeout: 252 seconds) | |
| [04:35:44] | fetzerch (fetzerch!~quassel@unaffiliated/fetzerch) has joined #mythtv | |
| [05:49:05] | gigem (gigem!~david@mythtv/developer/gigem) has quit (Quit: WeeChat 0.4.2) | |
| [06:01:03] | gigem (gigem!~david@pool-71-170-165-247.dllstx.fios.verizon.net) has joined #mythtv | |
| [06:01:03] | gigem (gigem!~david@pool-71-170-165-247.dllstx.fios.verizon.net) has quit (Changing host) | |
| [06:01:04] | gigem (gigem!~david@mythtv/developer/gigem) has joined #mythtv | |
| [06:13:59] | NightMonkey (NightMonkey!~NightrMon@pdpc/supporter/professional/nightmonkey) has quit (Quit: Body blow! Body blow!) | |
| [06:23:11] | Warped (Warped!~Warped@108-85-161-113.lightspeed.cicril.sbcglobal.net) has quit (Ping timeout: 246 seconds) | |
| [06:52:01] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [06:52:35] | dekarl: | wagnerrp: I'm giving #12050 to you instead of applying to avoid needless merges, happy to apply it for you if you like |
| [06:52:35] | ** MythLogBot http://code.mythtv.org/trac/ticket/12050 ** | |
| [07:05:39] | FabriceMG (FabriceMG!~Thunderbi@LCaen-156-54-30-212.w80-11.abo.wanadoo.fr) has joined #mythtv | |
| [07:05:41] | doev (doev!~doev@p4FD41010.dip0.t-ipconnect.de) has joined #mythtv | |
| [07:11:50] | Warped (Warped!~Warped@108-85-161-113.lightspeed.cicril.sbcglobal.net) has joined #mythtv | |
| [08:02:33] | andreaz (andreaz!~andre_000@p5DCA3126.dip0.t-ipconnect.de) has quit (Read error: Connection reset by peer) | |
| [08:10:11] | dekarl1 (dekarl1!~dekarl@p4FE84731.dip0.t-ipconnect.de) has joined #mythtv | |
| [08:11:02] | dekarl (dekarl!~dekarl@p4FCEFD8B.dip0.t-ipconnect.de) has quit (Ping timeout: 252 seconds) | |
| [08:35:55] | joki (joki!~joki@p5486272C.dip0.t-ipconnect.de) has quit (Ping timeout: 260 seconds) | |
| [08:42:43] | joki (joki!~joki@p54863808.dip0.t-ipconnect.de) has joined #mythtv | |
| [08:45:15] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [08:51:21] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Ping timeout: 272 seconds) | |
| [09:02:50] | Merlin83b (Merlin83b!~Daniel@office.34sp.com) has joined #mythtv | |
| [09:15:52] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has joined #mythtv | |
| [09:24:39] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has quit (Quit: warpme) | |
| [09:27:21] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has joined #mythtv | |
| [09:27:22] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has quit (Client Quit) | |
| [09:57:35] | FabriceMG (FabriceMG!~Thunderbi@LCaen-156-54-30-212.w80-11.abo.wanadoo.fr) has quit (Ping timeout: 260 seconds) | |
| [09:59:34] | FabriceMG (FabriceMG!~Thunderbi@LCaen-156-54-30-212.w80-11.abo.wanadoo.fr) has joined #mythtv | |
| [10:17:51] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [10:18:47] | jya_ (jya_!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [10:20:12] | jya_ (jya_!~jyavenard@mythtv/developer/jya) has quit (Client Quit) | |
| [10:48:31] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [11:01:14] | doev (doev!~doev@p4FD41010.dip0.t-ipconnect.de) has quit (Ping timeout: 260 seconds) | |
| [11:01:49] | doev (doev!~doev@p5482EED5.dip0.t-ipconnect.de) has joined #mythtv | |
| [11:23:53] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [11:56:35] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [12:13:55] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [12:16:33] | knightr (knightr!~Nicolas@mythtv/developer/knightr) has quit (Read error: Connection reset by peer) | |
| [12:19:18] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [12:23:57] | knightr (knightr!~Nicolas@69-165-170-178.dsl.teksavvy.com) has joined #mythtv | |
| [12:23:58] | knightr (knightr!~Nicolas@69-165-170-178.dsl.teksavvy.com) has quit (Changing host) | |
| [12:23:58] | knightr (knightr!~Nicolas@mythtv/developer/knightr) has joined #mythtv | |
| [12:27:57] | wagnerrp: | dekarl1: committed, thanks |
| [12:42:38] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [12:48:09] | stuartm: | ok, that's definitely spooky |
| [12:48:56] | stuartm: | use the search engine startpage.com, but the favicon that appears in my browser has switched from the usual one to that of an eye |
| [12:49:14] | stuartm: | when I check their favicon directly, it's not changed at their end |
| [12:51:10] | stuartm: | any other icon except for an eye and I'd shrug it off, but it's a weird coincidence that the icon appearing for search engine that promises to respect privacy is now the very symbol of surveillance |
| [12:57:29] | stuarta: | ooo |
| [12:57:49] | stuartm: | and their SSL cert is generating errors too |
| [12:59:03] | stuartm: | same cert on another IP works |
| [12:59:49] | stuartm: | guess it's a good job I'm not a terrorist or I'd be rather more paranoid right now :) |
| [13:05:53] | stuartm: | heh, now I know where the eye comes from and that it's just some cache screwup in the browser – https://www.globalsign.com/ |
| [13:32:19] | _nyloc_ (_nyloc_!~quassel@p57B4F324.dip0.t-ipconnect.de) has quit (Remote host closed the connection) | |
| [13:34:38] | nyloc (nyloc!~quassel@p57B4F324.dip0.t-ipconnect.de) has joined #mythtv | |
| [13:41:40] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [13:42:50] | wagnerrp_ (wagnerrp_!4084ae8b@gateway/web/freenode/ip.64.132.174.139) has joined #mythtv | |
| [14:19:18] | Jordack (Jordack!~Jordack@h69-131-44-221.plmomi.dedicated.static.tds.net) has joined #mythtv | |
| [14:35:45] | jya (jya!~jyavenard@mythtv/developer/jya) has joined #mythtv | |
| [14:35:47] | DouglasK is now known as DouglasKAway | |
| [14:43:51] | jya (jya!~jyavenard@mythtv/developer/jya) has quit (Quit: jya) | |
| [15:12:46] | FabriceMG (FabriceMG!~Thunderbi@LCaen-156-54-30-212.w80-11.abo.wanadoo.fr) has quit (Quit: FabriceMG) | |
| [15:22:48] | stuartm: | https://forum.mythtv.org/ |
| [15:24:34] | ** jheizer tried to guess yesterday but never thought to try https ** | |
| [15:24:35] | jheizer: | lol |
| [15:25:03] | stuarta: | it didn't exist until about 16hrs ago |
| [15:25:05] | jheizer: | Even after all your talk about tweaking it |
| [15:25:13] | jheizer: | ah |
| [15:25:37] | stuarta: | and http/https is irrelevant, it'll auto redirect |
| [15:26:04] | jheizer: | Theme looks really nice |
| [15:28:33] | jheizer: | The last phpbb forum I set up got spammed to death. I actually let the domain expire yesterday or the day before. |
| [15:45:33] | DouglasKAway is now known as DouglasK | |
| [15:49:10] | stichnot (stichnot!~stichnot@mythtv/developer/stichnot) has quit (Ping timeout: 260 seconds) | |
| [15:49:48] | dekarl-work (dekarl-work!51c8c614@gateway/web/freenode/ip.81.200.198.20) has joined #mythtv | |
| [15:50:42] | dekarl-work: | stuartm: does the link mean that we are ready and can start to slowly shift traffic there? (like updating http://www.mythtv.org/wiki/Forums ) |
| [16:20:00] | stuartm: | dekarl-work: slowly aye, not had enough testing yet, need to make sure that registration emails are getting sent out to everyone, that forum permissions are all correct (allowing people to post) and that features like PMs are working as they should |
| [16:21:28] | stuartm: | would prefer that it's not leaked out onto the -users list for another day or so, hence my low-key announcement here |
| [16:21:45] | stuartm: | we don't even have all the devs signed up yet |
| [16:25:11] | DevWork_ (DevWork_!~DevWork@38.96.32.242) has joined #mythtv | |
| [16:25:33] | jpabq: | stuartm: Are we doing to try and keep consistency in 'user names'? In other words, should I register under jpoet or johnp or jpabq ? |
| [16:26:37] | stuartm: | jpabq: for devs/translators I'd suggest consistency with the name used in trac etc |
| [16:26:53] | stuartm: | makes it easier for users to know who they are talking to |
| [16:27:22] | stuartm: | but that's a suggestion rather than a rule |
| [16:27:22] | jpabq: | ok |
| [16:28:50] | vslap (vslap!~DevWork@38.96.32.242) has quit (Ping timeout: 260 seconds) | |
| [16:31:14] | caelor: | I've taken the opportunity to register, and am happy to help with testing from the non-privileged role perspective |
| [16:34:53] | jheizer: | Confirmed I have the ability to post new topics in every section and on the existing thread can edit only my own post. |
| [16:39:10] | andreaz (andreaz!~andre_000@p5DCA3126.dip0.t-ipconnect.de) has joined #mythtv | |
| [16:41:59] | gregL (gregL!~greg@cpe-74-76-105-205.nycap.res.rr.com) has quit (Quit: Leaving) | |
| [16:50:36] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has joined #mythtv | |
| [16:51:42] | dekarl-work (dekarl-work!51c8c614@gateway/web/freenode/ip.81.200.198.20) has quit () | |
| [16:54:30] | stuartm: | jams: is the mythtv specific data supposed to be missing from this report? http://smolt.mythtv.org/static/stats/stats.html |
| [16:55:21] | stichnot (stichnot!~stichnot@mythtv/developer/stichnot) has joined #mythtv | |
| [16:59:03] | NightMonkey (NightMonkey!~NightrMon@pdpc/supporter/professional/nightmonkey) has joined #mythtv | |
| [17:00:06] | stichnot (stichnot!~stichnot@mythtv/developer/stichnot) has quit (Ping timeout: 260 seconds) | |
| [17:04:11] | SteveGoodey (SteveGoodey!~steve@host86-152-62-67.range86-152.btcentralplus.com) has joined #mythtv | |
| [17:08:28] | caelor: | stuartm: it looks like irc.mythtv.org is broken, fairly recently (it worked an hour or so ago) |
| [17:10:42] | stuartm: | seems alcor is broken atm, stuarta may be hacking on the config |
| [17:11:35] | stuarta: | nope |
| [17:12:21] | stuarta: | wtf |
| [17:15:50] | SteveGoodey (SteveGoodey!~steve@host86-152-62-67.range86-152.btcentralplus.com) has quit (Quit: Konversation terminated!) | |
| [17:17:29] | stuartm: | apologies folks, we seem to have a gremlin |
| [17:18:33] | ** stuarta calls for ghostbusters ** | |
| [17:19:30] | SteveGoodey (SteveGoodey!~steve@host86-152-62-67.range86-152.btcentralplus.com) has joined #mythtv | |
| [17:23:10] | stuartm: | caelor: try now |
| [17:25:10] | caelor: | still redirects to code.mythtv.org/trac for me, and direct links to ircLoc/channel/4/2014-02–07 redirects to https and then 404s |
| [17:25:36] | peper03: | Works for me. |
| [17:27:20] | caelor: | I think my browser has cached a http -> https redirect... yep, it had |
| [17:27:46] | caelor: | https://irc.mythtv.org/...... doesn't work – is that expected, or are IRC logs staying on http only? |
| [17:30:46] | stuartm: | expected for now, we've not written an ssl config for that subdomain yet |
| [17:31:21] | stuartm: | we're rolling out the changes piece by piece, starting with the places where it's most important |
| [17:32:41] | caelor: | ok |
| [17:33:05] | stuartm: | thanks for the report |
| [17:33:23] | caelor: | no problem – every little thing is helpful |
| [17:37:02] | stichnot (stichnot!~stichnot@216.239.45.80) has joined #mythtv | |
| [17:37:02] | stichnot (stichnot!~stichnot@mythtv/developer/stichnot) has joined #mythtv | |
| [17:37:02] | stichnot (stichnot!~stichnot@216.239.45.80) has quit (Changing host) | |
| [17:41:49] | peper03: | stuartm: *Really* minor thing on the forum – I registered on my phone. The field for entering the email address isn't marked as such (I assume it's an HTML attribute), so the on-screen keyboard wasn't adapted to offer the '@' symbol by default. |
| [17:42:35] | peper03: | Like I said, really minor but if it's easy to change, it makes life just a fraction nicer :) |
| [17:54:13] | clever: | <input type="email"> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/Input |
| [17:54:19] | stuartm: | peper03: 'email' inputs are an HTML5 feature |
| [17:54:25] | clever: | but then older browsers may not know its a text field |
| [17:54:27] | stuartm: | clever: already made the changes |
| [17:54:31] | clever: | ah |
| [17:55:12] | clever: | inputmode="email" looks better, since its a hint, rather then a whole new type that breaks older browsers |
| [17:57:32] | stuartm: | hmm, seems safari is still in the dark ages |
| [17:59:09] | Jordack (Jordack!~Jordack@h69-131-44-221.plmomi.dedicated.static.tds.net) has quit (Quit: meetings suck. meeting where your not needed suck more) | |
| [17:59:39] | peper03: | stuartm: It's still showing up as <input type="text"> here. |
| [18:00:43] | stuartm: | peper03: need to purge the forum template cache first, although I've reverted the changes for now since it appears Apple decided not to implement html 5 support in Safari |
| [18:01:28] | peper03: | Just having done a quick search on it, old browsers should fall back to "text" if they don't recognise the type given, shouldn't they? |
| [18:02:42] | stuartm: | maybe, will double check in a little while, going to get some food first |
| [18:06:42] | wagnerrp_: | well this is annoying... i just discovered when you clone a ZFS partition, it does not duplicate its properties |
| [18:18:45] | TheCrasher (TheCrasher!~TheCrashe@p5DCE4DE0.dip0.t-ipconnect.de) has joined #mythtv | |
| [18:24:59] | unforgiven512 (unforgiven512!~unforgive@cpe-24-93-204-130.neo.res.rr.com) has quit (Ping timeout: 240 seconds) | |
| [18:27:38] | paul-h (paul-h!~Paul@90.216.190.16) has joined #mythtv | |
| [18:27:46] | unforgiven512 (unforgiven512!~unforgive@cpe-24-93-204-130.neo.res.rr.com) has joined #mythtv | |
| [18:32:21] | unforgiven512 (unforgiven512!~unforgive@cpe-24-93-204-130.neo.res.rr.com) has quit (Ping timeout: 245 seconds) | |
| [18:34:04] | clever: | peper03: thats why i was thinking that inputmode="email" would be better |
| [18:34:12] | clever: | its an entirely new attribute, so it will be ignored by old crap |
| [18:34:17] | unforgiven512 (unforgiven512!~unforgive@2605:a000:1212:4052::1457:123d) has joined #mythtv | |
| [18:37:11] | paul-h: | Have the irc logs gone AWOL? |
| [18:37:23] | stuartm: | peper03: I've used inputmode, if that doesn't work for with your phone, we'll think about type="email", will just get one of the OSX users to try it first |
| [18:37:53] | stuartm: | paul-h: briefly earlier tonight due to a config mistake, should be ok now? |
| [18:38:24] | stuartm: | http://irc.mythtv.org/ircLog/channel/4/history |
| [18:38:24] | paul-h: | I'm just getting 404 Not Found |
| [18:38:40] | stuartm: | paul-h: does it say https:// ? |
| [18:39:04] | paul-h: | yes |
| [18:39:30] | stuartm: | seems that for a while it was redirecting irc.mythtv.org to https:// which it shouldn't have, some browsers may have cached that redirect |
| [18:44:44] | stuartm: | paul-h: clearing the browser cache may work, failing that you should be able to use another browser as a temporary workaround |
| [18:45:57] | paul-h: | Yeah I'm just trying to find out how you do that in Firefox |
| [18:47:35] | stuartm: | we will be enabling https across everything ultimately, but it means a config reorg |
| [18:50:35] | stuartm: | knightr, dekarl1: we need these strings translating for the forum, I've done Portuguese already and will do the Spanish and possibly the Italian too, but most other languages are up for grabs – http://pastebin.com/AMkUYc5v |
| [18:54:26] | stuartm: | warpme: ^^ Could you do the Polski? |
| [19:00:38] | dekarl1 is now known as dekarl | |
| [19:05:00] | warpme: | stuartm: sure! |
| [19:06:08] | warpme: | I'm little out of loop: should Iook on http://pastebin.com/AMkUYc5v / |
| [19:06:08] | stuartm: | great, thanks! |
| [19:06:40] | stuartm: | yes please, the english strings on the right – "National Flag" etc |
| [19:06:52] | dekarl: | http://pastebin.com/NMmJvKkt and 'DEVELOPERS' => 'Entwickler', |
| [19:08:16] | peper03: | stuartm: Seems to work ok on Firefox. Don't think I'll be using the phone too much for the forum as it's not quite a mobile friendly as email but maybe it's better on a tablet. |
| [19:10:01] | stuartm: | dekarl: thanks |
| [19:10:19] | stuartm: | not sure the group names are translatable unfortunately, but I'll check on that |
| [19:12:17] | warpme: | stuartm: http://pastebin.com/UNmiGiBT |
| [19:12:54] | stuartm: | warpme: thanks |
| [19:13:14] | Merlin83b (Merlin83b!~Daniel@office.34sp.com) has quit (Quit: Leaving) | |
| [19:14:09] | stuartm: | warpme: interested in being a moderator for the Polish forum? |
| [19:16:12] | warpme: | paul-h: I have q to You. I have 2 groups of minimyth2 users: first strongly needs button_quick_scroll.patch from http://www.gossamer-threads.com/lists/mythtv/users/515541#515541 ;second group complains about broken parental control by this patch. Is it possible to modify this nice enhancement in a way that it is not breaks parental control? |
| [19:16:47] | warpme: | stuartm: sure! |
| [19:16:48] | dekarl (dekarl!~dekarl@p4FE84731.dip0.t-ipconnect.de) has quit (Read error: Operation timed out) | |
| [19:17:20] | dekarl (dekarl!~dekarl@p4FE84254.dip0.t-ipconnect.de) has joined #mythtv | |
| [19:17:54] | stuartm: | https://forum.mythtv.org/ |
| [19:18:21] | stuartm: | skd5aner: stuarta installed zb block for the forum |
| [19:18:49] | dekarl: | stuartm: when I logged in from work it translated "Administratos" and "Global Moderators" to german (in Chrome) |
| [19:19:02] | warpme: | stuartm: I'm getting "Problematic ISP/Host, constant source of attacks (HN-0054)." |
| [19:19:50] | stuartm: | dekarl: those are built-in groups, 'developers' is one that we added, but I will try to find out if we can translate the forum and group names |
| [19:20:28] | stuartm: | warpme: darn, that's zb block I'll bet, well try to fix that |
| [19:20:32] | stuartm: | we'll |
| [19:21:03] | warpme: | stuartm: my host is "Host: 89-79-250–31.dynamic.chello.pl" |
| [19:21:13] | stuartm: | warpme: thanks |
| [19:22:13] | dekarl: | Ohh, http://www.spambotsecurity.com/forum/viewtopi . . . 9&t=1980 :) |
| [19:26:44] | warpme: | dekarl: I think my host is recorded as it belongs to dynamic.chello.pl domain. I can't believe my particular host is spam bot,,,, |
| [19:28:51] | stuartm: | no good if our anti-spam plugin blocks users when we're trying to encourage the international community to come together in one place |
| [19:28:54] | warpme: | from time to time I do: https://www.grc.com/x/ne.dll?bh0bkyd2 |
| [19:29:36] | warpme: | all stealth except ssh/http/shttp/ipsec |
| [19:32:01] | dekarl: | warpme: I thought it is nice that one tool for spam blocking can be used for forum and wiki => only one set of false positives to deal with. |
| [19:32:17] | dekarl: | but of course its not nice that we get false positives so quickly |
| [19:32:40] | warpme: | dekarl: yes. agree. |
| [19:50:41] | warpme: | interesting: I have iptables configured to stealth for all incoming connections (excel ssh/http).... and discover ports 135/136/137 (samba) are not stealth. :-(. I have samba configured to listen only on lo,lan0,ppp0. wan0 (internet is excluded). It looks like defining ppp0 as intfs in samba turns-off stealth on 135/136/137. I'm sure it was ok on pre 3.13 kernels. heh – it looks like I'm kicked by new things in kernel 3.13 (they moving iptabl |
| [19:50:42] | warpme: | to nftables). If You are using kernel 3.13 – check this...I really surprised! |
| [20:13:59] | wagnerrp_: | warpme: stealth? |
| [20:19:09] | stuartm: | wagnerrp_: port closed and dropping all incoming packets, as opposed to a port closed but responding that it's closed |
| [20:19:11] | warpme: | wagnerrp_: IIRC stealth mode blocks outgoing ICMP unreachable and TCP reset messages for a port when no application is listening on that port. Practically it causes that sniff/scanning software is not able to distinguish is host alive at all or not when scanning on stealthed port... |
| [20:19:29] | stuartm: | or there's warpme's more technical explanation :) |
| [20:20:00] | wagnerrp_: | so "blackhole". security through obscurity |
| [20:21:05] | ** wagnerrp_ hates blackhole routing ** | |
| [20:23:07] | warpme: | Oh – no. iptables can be statefull. I can ask for setup where all incoming conns. are stealthed (TCP state machine is not changing it's state at all) – but outgoing conns. will have fully working TCP state machine. iptables can enable TCP state machine per peers quadruple (IIRC) |
| [20:25:02] | warpme: | wagnerrp: there is no any routing. it is only for TCP state machine. Are You refferng to dead-peer detection? |
| [20:25:32] | wagnerrp_: | well it's called blackhole routing when performed on a network gateway, as opposed to a local firewall |
| [20:25:47] | warpme: | right. |
| [20:26:06] | wagnerrp_: | either way, the issue is the same. you're violating proper expected behavior |
| [20:26:29] | wagnerrp_: | and all you're really going to do is disrupt properly functing applications on the opposite side of the connection |
| [20:26:46] | wagnerrp_: | it's not going to make any meaningful difference to someone probing you for an attack |
| [20:27:19] | wagnerrp_: | there's no value to it |
| [20:27:43] | dekarl: | uhh blackhole routing is a bug! We manually fiddle out the profile paths from our windows domain accounts for admins that have servers in "secured" areas... Need to teach them that "icmp-go-away" packets are not breaking their security but make logins faster then 30 minutes :) |
| [20:27:45] | warpme: | sure. In fact this is my intention. All scanners & script kiddies in this context are applications/users I want to cheat as much as possible :-) |
| [20:28:49] | wagnerrp_: | if you want to get rid of scanners and "script kiddies", use IDS which will detect such behavior and _then_ block it |
| [20:29:16] | wagnerrp_: | don't block everything from everyone |
| [20:29:28] | wagnerrp_: | because that only harms those following proper network behavior |
| [20:29:35] | wagnerrp_: | scanners don't follow proper network behavior |
| [20:29:46] | dekarl: | makes for funny on-call-duty "dude I can't get onto the server"... "Hey, just wait 30 minutes" :D |
| [20:29:50] | warpme: | wagnerrp: I'm not sure. I believe it is better when my gw is not interacting at all with hosts which are undesirable/malitious for me... |
| [20:30:09] | wagnerrp_: | but you don't know they're undesirable/malicious |
| [20:30:12] | wagnerrp_: | that's the point |
| [20:30:56] | caelor: | I've had good experiences with ossec for that – active response dynamically adding & removing "drop all" iptables rules for misbehaving hosts (as identified by logfile monitoring) |
| [20:31:18] | wagnerrp_: | ^^^ proper IDS for dealing with such things |
| [20:31:21] | warpme: | oh – if depends. If I have well defined usage scenarios (and I and my gw have this) – then all other scenarios whoud be refused and I want they will use gw resources in minimal possible way. |
| [20:31:46] | wagnerrp_: | it's not going to take much to respond that a port is closed |
| [20:32:04] | caelor: | I think wagnerrp_'s point is that ICMP responses are a fundamental IP usage scenarios, as defined by the RFCs |
| [20:32:08] | wagnerrp_: | and if they're sending you so much traffic that it's going to overload the CPU on your gateway trying to respond to them all, your internet connection has already long since been saturated |
| [20:32:37] | caelor: | although in practise IP still works with ICMP filtered out, that's more by nature of it being a very solid & well designed suite of protocols |
| [20:33:28] | wagnerrp_: | but pings and port probes are standard behavior of well meaning applications |
| [20:33:38] | caelor: | there's an argument to be made that an affirmative response that a port is closed uses less network resources in aggregate, that leaving a connection hanging (depending on the behaviour of intermediate networking gear) |
| [20:33:38] | wagnerrp_: | it should not be blocked, until proven that they are not well meaning |
| [20:35:34] | wagnerrp_: | blackholing everything is the typical gradeschool teacher mentality that since one child eats the glue, no one else is allowed to have it |
| [20:37:30] | caelor: | professionally, I have to support systems that connect over ICMP disallowed networks – it makes connectivity diagnostics very difficult, although I understand the reasons why it's the policy (even if I don't agree with the underlying rationale) |
| [20:37:54] | dekarl: | http://www.znep.com/~marcs/mtu/ hints that Path MTU might break when you filter ICMP to much |
| [20:38:31] | wagnerrp_: | the reasons are an unenlightened attempt at network security |
| [20:38:39] | warpme: | caelor, wagnerrp: I thing we are debating about what fw approach is better: dany-by-default or allow+filter all. Assuning they there is non-zero probability of bugs in TCP stack – lower TCP interactions with unneeded host means lower probability of bug exploit. Price of this strategy is non-conformance with RFC's. I think this price is worth to pay – especially when my GW isn't pubic one... |
| [20:39:05] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has quit (Read error: Connection reset by peer) | |
| [20:39:20] | wagnerrp_: | sweet irony? |
| [20:39:24] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has joined #mythtv | |
| [20:39:31] | stuartm: | one touted benefit of stealthing/blackholing is that it seriously slows down scanners, so causing significant inconvenience for would be attackers |
| [20:39:52] | warpme: | stuartm: good point |
| [20:40:27] | wagnerrp_: | stuartm: it slows down properly behaving software that tries not to overload a host |
| [20:41:01] | caelor: | And in the absence of "proper" IDS systems, it's a poor-man's defense. It comes down to what level of resources you are willing to devote to defeating potential attackers |
| [20:41:20] | stuartm: | wagnerrp_: we're talking about blackholing already closed ports, there's not properly behaving software that should be attempting to connect to a server on an unused port |
| [20:41:27] | stuartm: | misconfigured software maybe |
| [20:41:43] | warpme: | wagnerrp: I think this is too wide statement. If I'll be attacker I'll do everything non-conformant or malicious to break Your fw. |
| [20:41:46] | wagnerrp_: | or, software trying to connect to a server not currently running |
| [20:42:30] | caelor: | Certainly, for the majority of IPs on the Internet, there's an arguable benefit, given only a minority of routable IPs are likely to be running legitimately/intentionally reachable servers. |
| [20:43:02] | caelor: | but that's a reflection that the majority of devices on the Internet need to be configured to defeat 99% of attackers, with 0% administrator oversight |
| [20:44:38] | caelor: | and for an IP that is intentionally providing services, extra care should be taken about blackholing. But that host should be under the oversight of an administrator who is designing an appropriate security profile |
| [20:44:52] | stuartm: | wagnerrp_: I wouldn't advocate it for those ports which are at times in use, but ports which are never used, which would be permanently firewalled anyway |
| [20:45:37] | wagnerrp_: | if they're never used, then there's no harm is just letting the stack respond closed |
| [20:45:59] | stuartm: | no harm no, but then there's no harm in them not responding either |
| [20:46:02] | wagnerrp_: | if there is a flaw in the stack that could be compromised, it could be compromised on any port |
| [20:46:22] | wagnerrp_: | there's no harm to the server itself, there could be harm to the client |
| [20:46:44] | warpme: | caelor: exactly. I'm using stealth only because I'm protecting against malicious users and my GW isn't in group You mention. You mage v.good point :-) |
| [20:46:47] | wagnerrp_: | it's being a "bad neighbor" to the internet at large |
| [20:47:46] | stuartm: | it's not about there being any added security in blackholing, merely that it's a pain for automated scanners – takes them several times longer to scan a single host which multiplied by all the IPs they hit ... call it the internet equivalent of speed bumps |
| [20:48:26] | stuartm: | most consumer grade routers will blackhole all NAT'd ports |
| [20:48:26] | wagnerrp_: | it's only a pain for well behaved scanners, which are going to slow themselves down because they think the network is saturating |
| [20:49:03] | wagnerrp_: | a malicious scanner isn't going to care, unless it's trying to avoid detection by scanning slowly, in which case it's going to scan ports in a randomized slow pattern anyway, independent of prior responses |
| [20:49:41] | stuartm: | not sure how you figure that – any scanner is going to have to wait a certain amount of time for a reply which is always going to be longer than it would take to get a reply from a closed port |
| [20:50:03] | wagnerrp_: | who is to say it has to operate serially? |
| [20:50:15] | wagnerrp_: | the only reason to run serially is to limit the load on the server |
| [20:50:27] | wagnerrp_: | and the only reason to try to limit load on the server is because you're well behaved |
| [20:51:03] | wagnerrp_: | if you're malicious, and we'll assume you are since there's no reason to protect otherwise, then you won't be well behaved |
| [20:51:38] | stuartm: | wagnerrp_: it will still only have a finite number of connections it can make concurrently, and any delay prevents it moving on to the next range of ports or IPs |
| [20:52:16] | wagnerrp_: | that finite number is very large |
| [20:52:37] | stuartm: | anyway, not interested in the argument enough to fight all night :) Whether or not it serves any purpose, it is a standard practice |
| [21:01:05] | warpme: | For me it is mather of taste. Me as administrator defining all incoming connections in 2 pools: expected+trusted and not trusted at all. As second group has zero trust – I'll do everything to minimise my resources allocation because of zero trust. |
| [21:04:29] | stuartm: | warpme: try the forum now, we've disabled the anti-spam 'plugin' |
| [21:05:07] | doev (doev!~doev@p5482EED5.dip0.t-ipconnect.de) has quit (Quit: Verlassend) | |
| [21:06:22] | warpme: | stuartm: nice! |
| [21:16:07] | skd5aner: | stuartm, stuarta: cool (re: zb block)! Thanks guys, let me know if you have any qusitons about it, but it's pretty dead simple... install and (mostly) forget... Although it can be fun to read through the log, somewhat was adicted to that when I first used it |
| [21:16:16] | skd5aner: | amazing how many bad thigns hit a web server |
| [21:17:13] | stuarta: | skd5aner: i did, and warpme couldn't log on. |
| [21:17:43] | skd5aner: | stuarta: might take some tuning initially, particularly with a global audience |
| [21:18:02] | skd5aner: | I believe you can set up the error pages for people to send emails if they believe they've been improperly blocked |
| [21:18:14] | stuarta: | yeah you can |
| [21:18:15] | skd5aner: | it's particularly stingy about certain IP blocks and countries |
| [21:18:55] | skd5aner: | still reading backlog, hehe |
| [21:20:31] | stuartm: | had to disable it for now |
| [21:24:11] | skd5aner: | yea, fair enough – if you have the ability to set up a test forum site, might be easier to test optimizing the config there – especially since warpme is a known trigger |
| [21:25:43] | skd5aner: | there's always going to be some level of false positives with an untuned automated spammer/hacker blocker |
| [21:26:19] | DouglasK is now known as DouglasKAway | |
| [21:27:25] | stuartm: | in this case it was blocking a major European ISP |
| [21:27:39] | stuartm: | which is a big Oops |
| [21:29:08] | skd5aner: | stuartm, stuarta: you might want to try their "unblocked_signatures" which doesn't block IP blocks, only known hosts and known bad behavior – http://www.spambotsecurity.com/zbblock_download.php |
| [21:31:27] | stuartm: | sounds good |
| [21:32:01] | skd5aner: | http://www.spambotsecurity.com/forum/viewtopic.php?p=2395#p2395 |
| [21:35:31] | stuarta: | ah yes, i did see mention of those |
| [21:50:53] | amessina (amessina!~amessina@2001:470:c1dc:7779:d6be:d9ff:fe8d:7c1e) has quit (Remote host closed the connection) | |
| [21:51:20] | stuarta: | warpme: can you try the forum again, we've changed the block lists, so it shouldn't trigger on you |
| [21:51:38] | amessina (amessina!~amessina@2001:470:c1dc:7779:d6be:d9ff:fe8d:7c1e) has joined #mythtv | |
| [21:52:09] | warpme: | stuarta: already done & register :-) |
| [21:52:36] | stuarta: | no no, i mean try to navigate around it a bit. i just changed some stuff |
| [21:54:46] | warpme: | stuarta: oops... now :Problematic ISP/Host, constant source of attacks (HN-0054).: |
| [21:55:13] | tstorm (tstorm!~tstorm@50-76-62-217-ip-static.hfc.comcastbusiness.net) has joined #mythtv | |
| [21:55:35] | stuarta: | lemme fiddle |
| [21:58:07] | tstorm (tstorm!~tstorm@50-76-62-217-ip-static.hfc.comcastbusiness.net) has quit (Client Quit) | |
| [21:58:22] | amessina (amessina!~amessina@2001:470:c1dc:7779:d6be:d9ff:fe8d:7c1e) has quit (Read error: Connection reset by peer) | |
| [22:02:18] | stuarta: | warpme: can you try again |
| [22:04:04] | warpme: | stuarta: good good. works. and now me as moderator for pl. just opened champaign! |
| [22:04:09] | stuarta: | :) |
| [22:05:57] | skd5aner: | stuarta: you have to delete the block list, he would have been blocked before even though you switched the signatures (which I'm guessing you probably igured out) :) |
| [22:06:07] | skd5aner: | *figured |
| [22:07:33] | wagnerrp_ (wagnerrp_!4084ae8b@gateway/web/freenode/ip.64.132.174.139) has quit (Quit: Page closed) | |
| [22:07:40] | stuarta: | skd5aner: i did |
| [22:07:58] | stuarta: | i missed 1 place the signatures were dumped |
| [22:08:23] | skd5aner: | cool, let me know if you have any more false positives – I can try and help if you'd like, of course I don't have access to Alcor, so I can't do any actual admin stuff :) |
| [22:08:44] | stuarta: | skd5aner: it's not on alcor ;-) |
| [22:08:54] | skd5aner: | oh, yea... I knew that – heh :) |
| [22:09:02] | skd5aner: | well, don't have access there either (obviously) :) |
| [22:09:16] | skd5aner: | thanks for volunteering that btw |
| [22:11:32] | warpme (warpme!~piotro@89-79-250-31.dynamic.chello.pl) has quit (Quit: warpme) | |
| [22:21:16] | SteveGoodey (SteveGoodey!~steve@host86-152-62-67.range86-152.btcentralplus.com) has quit (Quit: Konversation terminated!) | |
| [22:22:22] | natanojl (natanojl!~jonatan@mythtv/developer/natanojl) has quit (Ping timeout: 245 seconds) | |
| [22:44:08] | clahey (clahey!~clahey@208.91.2.1) has joined #mythtv | |
| [23:00:13] | paul-h: | warpme: Hope you read the logs :) – In what way does that patch break the parental control do you mean you can't enter the pin/password? |
| [23:01:14] | paul-h: | it must be something to do with it intercepting the number keys but that should only be when a buttonlist has focus and I assume you enter the pin in an edit |
| [23:03:57] | paul-h: | I use that patch in my fork and while it can be useful it does sometimes get in the way so it would be nice to come up with a better way to scroll |
| [23:06:39] | skd5aner: | stuartm: mind closing #11929 and #11927 for now, I think things appear stable. There may be some underlying inefficiencies in mythfilldatabase and/or the scheduler that are exacerbated by IO constraints, but right now – I'm not getting the segfaults or the lockups |
| [23:06:39] | ** MythLogBot http://code.mythtv.org/trac/ticket/11929 ** | |
| [23:06:39] | ** MythLogBot http://code.mythtv.org/trac/ticket/11927 ** | |
| [23:07:00] | stuartm: | skd5aner: will do |
| [23:07:07] | skd5aner: | stuartm: wanted to give you the honors of closing those suckers :) |
| [23:07:23] | stuartm: | tomorrow though, caught me just as I was reaching to turn off the monitor and go to bed |
| [23:07:30] | skd5aner: | heh – no problem, good night |
| [23:12:21] | dekarl: | wagnerrp: do you think this is good enough to push it to fixes/0.27? https://code.mythtv.org/cgit/mythtv/commit/?i . . . 8dca18899aed https://code.mythtv.org/cgit/mythtv/commit/?i . . . 584c9ed86a93 |
| [23:12:33] | dekarl: | should allow new installs of 0.27 to report to Smolt again |
| [23:14:25] | wagnerrp: | we switched to a global country definition? |
| [23:14:34] | wagnerrp: | looks fine if that's the case |
| [23:16:41] | paul-h (paul-h!~Paul@90.216.190.16) has quit (Quit: Konversation terminated!) | |
| [23:23:47] | wagnerrp: | dekarl: you should just be able to use the _SETTINGS object. it should just be a duplicate of _DB.settings |
| [23:25:04] | dekarl: | meh, just pushed it :/ |
| [23:25:38] | dekarl: | wasn't _SETTINGS *only* the local host but not global settings? |
| [23:25:58] | wagnerrp: | oh, yeah. you're probably right |
| [23:26:20] | dekarl: | IIRC (its been two weeks) that was the whole reason for the fiddling about with NULL checks :) |
| [23:56:32] | TheCrasher (TheCrasher!~TheCrashe@p5DCE4DE0.dip0.t-ipconnect.de) has quit (Quit: KVIrc 4.3.1 Aria http://www.kvirc.net/) | |
| [23:58:15] | rsiebert_ (rsiebert_!~quassel@f052174249.adsl.alicedsl.de) has quit (Read error: Operation timed out) | |
| [23:58:54] | rsiebert (rsiebert!~quassel@f052130063.adsl.alicedsl.de) has joined #mythtv | |
IRC Logs collected by
BeirdoBot.
Please use the above link to report any bugs.