| Thursday, March 9th, 2017, 00:01 UTC | ||
| [00:01:21] | gigem (gigem!~david@mythtv/developer/gigem) has joined #mythtv | |
| [00:02:27] | gregl (gregl!~greg@cpe-66-67-122-101.nycap.res.rr.com) has joined #mythtv | |
| [00:26:38] | Roklobster (Roklobster!~Dirkka@119-18-8-177.cust.aussiebb.net) has quit (Remote host closed the connection) | |
| [00:39:04] | amessina (amessina!~amessina@unaffiliated/amessina) has quit (Quit: Konversation terminated!) | |
| [00:55:38] | arescorpio (arescorpio!~arescorpi@168-47-16-190.fibertel.com.ar) has joined #mythtv | |
| [01:08:00] | gregl_ (gregl_!~greg@cpe-66-67-122-101.nycap.res.rr.com) has joined #mythtv | |
| [01:08:02] | gregl (gregl!~greg@cpe-66-67-122-101.nycap.res.rr.com) has quit (Read error: Connection reset by peer) | |
| [02:02:40] | ShapeShifter499 (ShapeShifter499!~ShapeShif@unaffiliated/shapeshifter499) has joined #mythtv | |
| [02:51:09] | pvr4me (pvr4me!~craigtrel@d24-150-154-94.home.cgocable.net) has quit (Quit: pvr4me) | |
| [04:01:28] | peper03 (peper03!~peper03@mythtv/developer/peper03) has quit (Ping timeout: 260 seconds) | |
| [04:07:08] | peper03 (peper03!~peper03@mythtv/developer/peper03) has joined #mythtv | |
| [04:10:57] | arescorpio (arescorpio!~arescorpi@168-47-16-190.fibertel.com.ar) has quit (Quit: Leaving.) | |
| [06:26:58] | ghoti (ghoti!~paul@hq.experiencepoint.com) has quit (Ping timeout: 268 seconds) | |
| [06:27:11] | ghoti (ghoti!~paul@hq.experiencepoint.com) has joined #mythtv | |
| [06:59:54] | jst_ (jst_!~quassel@email.jstenback.com) has quit (Quit: No Ping reply in 180 seconds.) | |
| [07:01:13] | jst (jst!~quassel@email.jstenback.com) has joined #mythtv | |
| [07:14:58] | jpharvey (jpharvey!~jpharvey@95.149.163.79) has joined #mythtv | |
| [08:04:45] | SteveGoodey (SteveGoodey!~steve@host86-131-70-165.range86-131.btcentralplus.com) has joined #mythtv | |
| [08:22:31] | dekarl1 (dekarl1!~dekarl@mythtv/developer/dekarl) has joined #mythtv | |
| [08:23:26] | dekarl (dekarl!~dekarl@mythtv/developer/dekarl) has quit (Ping timeout: 258 seconds) | |
| [08:31:12] | dekarl1 is now known as dekarl | |
| [08:55:37] | stuarta: | morning all |
| [08:58:12] | willcooke (willcooke!~willcooke@host-80-47-107-240.as13285.net) has joined #mythtv | |
| [08:58:13] | willcooke (willcooke!~willcooke@host-80-47-107-240.as13285.net) has quit (Changing host) | |
| [08:58:13] | willcooke (willcooke!~willcooke@ubuntu/member/willcooke) has joined #mythtv | |
| [11:40:56] | SteveGoodey (SteveGoodey!~steve@host86-131-70-165.range86-131.btcentralplus.com) has quit (Quit: Konversation terminated!) | |
| [13:49:56] | ghoti (ghoti!~paul@hq.experiencepoint.com) has quit (Ping timeout: 260 seconds) | |
| [13:50:19] | ghoti (ghoti!~paul@hq.experiencepoint.com) has joined #mythtv | |
| [15:51:42] | SteveGoodey (SteveGoodey!~steve@host86-131-70-165.range86-131.btcentralplus.com) has joined #mythtv | |
| [17:12:35] | Warped (Warped!~Warped@unaffiliated/warped) has joined #mythtv | |
| [17:33:18] | dhampton: | Does myth still support xml grabbers? When I run mythtv-setup it only offers SD, EIT, or none. I want to test my changes to add sort fields to the db with the various possible sources. |
| [18:56:07] | willcooke (willcooke!~willcooke@ubuntu/member/willcooke) has quit (Quit: Do your hobbies) | |
| [19:00:20] | gary_buhrmaster: | dhampton: mythtv certainly supports xmltv grabbers, but (and this is possibly a dead neuron) that it calls tv_find_grabbers to get the list of available xmltv grabbers, and if none are found, likely does not offer any. |
| [19:11:21] | peterbennett (peterbennett!~Peter@mythtv/developer/peterbennett) has joined #mythtv | |
| [19:15:34] | dhampton: | Aah, thank you. That was it. I didn't have xmltv installed on my development machine. |
| [19:15:44] | ** dhampton has more testing to do tonight ** | |
| [19:19:28] | peterbennett: | gary_buhrmaster: Regarding security, I am thinking maybe the backend should ignore connections that come from public ip addresses, i.e. anything other than the 192... , 10..., fe00::, fd00: or loopback ip addresses |
| [19:20:01] | peterbennett: | gary_buhrmaster: then we can safely listen on wildcard address |
| [19:34:49] | gary_buhrmaster: | peterbennett: There are people who want to run MythTV on public IPs (and there are even some (rational) reasons to do so). As long as people have that ability, ignoring non-link local (both IPv4 (169.254.x.x) and IPv6 (fe80::/10)), and RFC1918 (ipv4 (10/8, 172.16/12, 192.168/16)) & ULA (fc00:/7) addresses could be a reasonable out of the box config for TCP connections. The UDP message port (because sources can be spoofed) |
| [19:37:55] | peterbennett: | gary_buhrmaster: Yes – I was thinking provide a check box labeled UNSAFE.. ALLOW PUBLIC IP ADDRESS CONNECTIONS. As long as that is unchecked only allow the private addresses (ones you listed) |
| [19:38:08] | peterbennett: | gary_buhrmaster: That would default to unchecked |
| [19:41:23] | peterbennett: | gary_buhrmaster: what should be done about UDP? |
| [20:25:33] | gary_buhrmaster: | re: UDP. Change the message protocol to TCP? Or change the message handler default to not listen at all? I have never used it, so I have no idea what is best for others. Need to widen the question to others, I suspect. |
| [20:28:07] | peterbennett: | gary_buhrmaster: Sorry I thought you had a suggestion. In my opinion just ignore messages from the ips you don't want. |
| [20:28:47] | gary_buhrmaster: | But the point is that I can spoof the source of the message.... There is ZERO validation of source with UDP. |
| [20:33:11] | gary_buhrmaster: | I would eliminate UDP messaging entirely (if one wants messaging, upgrade to TCP), but others may have strong opinions. |
| [20:34:02] | gary_buhrmaster: | Or even only listen for UDP messaging on localhost. Many people run combined FE/BE systems. |
| [20:35:02] | gary_buhrmaster: | Again, if one *wants* to accept from ANY, one should have that ability, it is the out-of-the-box defaults that I think we are discussing. |
| [20:35:53] | gary_buhrmaster: | (going to be AFK for a few hours (at least)) |
| [20:40:33] | peterbennett: | gary_buhrmaster: I have to look into it but I would hope that UDP is mainly used for streaming content and the like, not for control messages or requests to update or delete. |
| [20:42:04] | gary_buhrmaster: | what I was talking about is mythmessage (messages that pop up on your screen) "POP", "POP", "POP" from across the planet? [sorry, really gone now] |
| [21:00:19] | dekarl: | what's wrong with just listening to any ip of the network stack that the backend runs on? |
| [21:00:36] | dekarl: | if someone wants to do funky stuff just put the backend into a jail/container/vm |
| [21:00:58] | dekarl: | but the out of the box experience should be such that it works in more cases, not less :) |
| [21:04:51] | dekarl: | peterbennett: is that a provider supplied router that exposes your whole home network to the world unprotected? |
| [21:06:07] | dekarl: | or keep this big security hole open for plausible deniability in case someone sues against your public ip |
| [21:23:17] | stuarta: | my opinion is that anyone who has an unusual setup is quite capable of running their own firewall |
| [21:30:45] | peterbennett: | dekarl: That is my own router and my own cable modem |
| [21:31:08] | stuarta: | peterbennett: iirc your cable modem is pretty bad with it's ipv6 firewall? |
| [21:31:17] | stuarta: | like, it doesn't block anything? |
| [21:31:48] | peterbennett: | stuarta: As far as I can see it blocks nothing of IPV6 |
| [21:31:58] | stuarta: | crappy :( |
| [21:32:25] | stuarta: | btw. i agree with the work you are doing, i've long thought it would be a good idea to do, to make new users lives easier |
| [21:32:39] | stuarta: | it's time we aimed at the 99% of users who have a "simple" setup |
| [21:33:16] | peterbennett: | stuarta: I am sending out another email to hopefully address the security. |
| [21:33:17] | stuarta: | your idea of only accepting connections from "local" addresses has some merit, would have to be defined as local="on my subnet" |
| [21:33:52] | stuarta: | there are of course the 0.1% of users who route traffic between subnets on their local networks |
| [21:33:55] | peterbennett: | stuarta: I am thinking eventually do away with the ip address prompts altogether. |
| [21:34:24] | stuarta: | for me the ideal case starts with a wildcard bind, so it works for the new user |
| [21:34:42] | stuarta: | add your idea of accepting only from "local" networks |
| [21:35:01] | peterbennett: | stuarta: I propose accepting all local subnets in the private / unique local / link local ranges |
| [21:35:17] | peterbennett: | stuarta: That would allow people with mutiple subnets |
| [21:35:18] | stuarta: | (although we need to consider the webfrontend here, since it's replacing mythweb, and therefore would have "remote" connections) |
| [21:35:48] | stuarta: | ah, i see. i would include "all subnet's the backend has ip's in" |
| [21:36:27] | stuarta: | which would include those who have global ipv6 addresses (and by extension, a subnet with global ipv6's) |
| [21:36:44] | peterbennett: | stuarta: Even more – all subnets in the private ranges. See my email I just sent. |
| [21:37:52] | ** peterbennett Stepping away for a while ** | |
| [21:38:00] | stuarta: | yep, that's cool for all the ipv4 locals |
| [21:38:11] | stuarta: | and ipv6 LL's |
| [21:38:53] | stuarta: | i'll reply to your email |
| [21:59:20] | peterbennett (peterbennett!~Peter@mythtv/developer/peterbennett) has quit (Quit: Leaving.) | |
| [22:18:14] | SteveGoodey (SteveGoodey!~steve@host86-131-70-165.range86-131.btcentralplus.com) has quit (Quit: Konversation terminated!) | |
| [22:29:36] | Warped (Warped!~Warped@unaffiliated/warped) has quit (Quit: ChatZilla 0.9.93 [Firefox 52.0/20170302120751]) | |
| [23:33:58] | sraue (sraue!~stephan@kodi/staff/sraue) has quit (Ping timeout: 264 seconds) | |
| [23:34:37] | sraue (sraue!~stephan@kodi/staff/sraue) has joined #mythtv | |
IRC Logs collected by
BeirdoBot.
Please use the above link to report any bugs.