Chat logs of #funderscore for Saturday, 2024-09-28

00:54 <[R]/h> f_: IKR

00:55 <[R]/h> Also, the WinAMP source code release isn't FOSS D:

00:55 <[R]/h> You can't release any modifications in any form

00:55 <[R]/h> Also contains Dolby proprietary shit-code

00:56 <[R]/h> And ShoutCAST

05:44 *** Joins: tweezers (~tweezers@103.108.229.68)

08:56 <f_[x]/h> [R]: yeah, aware

08:56 <f_[x]/h> They seriously have zero idea how to work with licences as it also has plenty of gpl violations

09:13 <f_/h> [R]: regarding cups security issues... uh, the guy that posted it doesn't seem very....

09:13 <f_/h> uhh

09:13 <f_/h> This should be self-explanatory https://social.treehouse.systems/@ariadne/113210624345551607

09:19 <f_> hax[xor]: <[R]/h> https://www.engadget.com/big-tech/meta-fined-102-million-for-storing-passwords-in-plain-text-110049679.html

09:20 <f_> Good thing this channel is logged.

09:20 <f_> https://irc.vitali64.duckdns.org/rx/funderscore/2024-09-27.log.html#t20:34:58

09:20 <hax[xor]> meta clearly had a bigger issue then, it leaked its auth db to $government :P

09:21 *** hax[xor] was kicked by f_ (rejoin )

09:21 *** Joins: hax[xor] (~hax[xor]@oper/netadmin)

09:21 *** irc.runxiyu.org sets mode: +ao hax[xor] hax[xor]

09:21 <f_> there

09:21 <f_> SASL support when when when

09:21 <hax[xor]> next millenia.

09:21 <f_> thanks

09:21 <hax[xor]> or maybe sooner.

09:21 <f_> Why did you disconnect and take all services with you?

09:21 <hax[xor]> power said so

09:22 <f_> battery discharge?

09:22 <hax[xor]> wasn't out for long but my laptop doesn't restart itself

09:22 <hax[xor]> what battery :P

09:22 <f_> laptops often have a battery.. yours doesn't have one?

09:22 <hax[xor]> charge controller or whatever in this laptop broke a while ago and started overcharging it, pulled the battery before anything blew up or burned down

09:22 <f_> Ah

09:22 <f_> good laptop

09:23 <f_> One of the few that can change its battery to 101%

09:23 <hax[xor]> it probably got to like 120% before I pulled it :P

09:24 <hax[xor]> and yes, I was present when it started, if I wasn't present, I suspect fires would've been likely

09:25 <f_> So that's an acer laptop...

09:25 <hax[xor]> yep

09:25 <f_> I kinda want to be more careful with the few ones I have now..

09:25 <hax[xor]> > "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts," DPC's Deputy Commissioner, Graham Doyle, said

09:25 <hax[xor]> in a statement.

09:26 <hax[xor]> oh no, people with access to the thing as a whole might be able to get into people's accounts via passwords if they chose to read the db!

09:27 <f_> oh no!

09:28 <hax[xor]> also, "mistakenly stored users' passwords in plain text" is kinda weird to be a "mistake"

09:28 <f_> yeah

09:30 <[R]/h> They were just testing out that encyption that the FBI wants everyone to use instead of the ones NIST says are good

09:30 <hax[xor]> anyways, "GDPR says it's illegal" is still the main reason for me to avoid plaintext :P

09:30 <[R]/h> How were they supposed to know that the FBI's algo was double rot13?

09:30 <hax[xor]> lol

09:30 <f_/h> hax[xor] I remember you wanted to store passwords in plaintext and runxiyu_ wanted argon

09:30 <f_/h> and I too wanted argon

09:31 <hax[xor]> f_/h: that'd be correct, and GDPR is the main reason for me to not listen to my desires :P~

09:31 <f_/h> [R]: haha

09:31 <hax[xor]> s/~//

09:31 <f_/h> hax[xor] I mean, generally people need to trust netadmins to not mess around with their accounts

09:31 <f_/h> it's easy to spoof certfp and abuse that to access someone's account

09:32 <f_/h> *for network opers, I mean

09:32 <hax[xor]> who needs to spoof certfp

09:32 <hax[xor]> just set accountname metadata

09:32 <f_/h> yeah who need to spoof certfp when you can just set accountname metadata

09:33 <hax[xor]> works for future password-based no-cert-attached accs too :P

09:33 <hax[xor]> also broken accs

09:33 <f_/h> provided you have an OperServ/HaxServ of course

09:33 <hax[xor]> or nonexistent ones, for that matter

09:33 <f_/h> But yeah, trust is important

09:33 <hax[xor]> you can spoof certfp otherwise?

09:34 <f_/h> no

09:34 <hax[xor]> ah

09:34 <hax[xor]> was reading your meaning differently then

09:34 <f_/h> I mean

09:34 <f_/h> you'd need to trust netadmins to not spoof certfp or try accessing your account or such

09:35 <hax[xor]> anyways, in the case of attackers: if they've got the db, chances are they've got the program as well and can just modify it to backdoor a way in to accounts, spit passwords out as people use them, or anything else like that

09:35 <f_/h> Hashing is important mainly so that you can't read passwords (which may be used elsewhere as well...) and so that you can safely™ leak™ them™.

09:35 <hax[xor]> reused passwords is an issue regarldess of how you leak them

09:35 <hax[xor]> *regardless

09:36 <hax[xor]> and I still way the only solution is to not leak it in the first place

09:37 <f_/h> Of course

09:37 <f_/h> but you know, some people still do it regardless

09:37 <f_/h> yes, the proper solution is to not leak them at all

09:37 <f_/h> But then I have to trust you with my password :P

09:37 <hax[xor]> and you don't have to if I hashed it?

09:38 <hax[xor]> I'd just read it before hashing or such

09:38 <f_/h> Kinda.

09:38 <f_/h> Well, assuming you don't have some sort of debug enabled.

09:38 <hax[xor]> when in doubt, mitm yourself ot make use of /dev/mem

09:38 <hax[xor]> *or make use

09:55 <runxiyu> "chances are"

09:56 <runxiyu> but yeah

10:37 *** Quits: tweezers (~tweezers@103.108.229.68) (Ping timeout: 240 seconds)

13:25 <JAA/h> I used to have an Acer laptop. It started smoking one day.

13:29 *** Quits: hax[xor] (~hax[xor]@oper/netadmin) (Client exited)

13:30 *** Quits: DuckServ (\_o<@services.irc.vitali64.duckdns.org) (*.net *.split)

13:30 *** Joins: DuckServ (\_o<@services.irc.vitali64.duckdns.org)

13:30 *** fun.irc.runxiyu.org sets mode: +o DuckServ

13:30 *** Joins: hax[xor] (~hax[xor]@oper/netadmin)

13:30 *** irc.runxiyu.org sets mode: +ao hax[xor] hax[xor]

14:31 *** Joins: tweezers (~tweezers@103.108.229.68)

15:13 <katia/h> :O smoking is bad for you

15:17 <JAA/h> Eh, it was an Acer. It already had cancer from the start.

15:20 <hax[xor]> smoking is bad for the lungs. computers without lungs should thereby be perfectly fine to do it.

15:29 <katia/h> are you implying JAA has no lungs?

16:00 <f_/h> JAA: ugh...

16:00 <f_/h> Good thing my main laptop is no longer an acer

16:01 <f_/h> I know one of my acer laptops started smelling like blown up electronics.. but the thing itself was fine

16:01 <f_/h> in fact it still works to this day

16:43 <hax[xor]> if JAA is a computer, then yes, I am implying JAA likely has no lungs :P

16:44 <JAA/h> beep boop

16:44 <hax[xor]> and technically I only said "computers without lungs [...]", not "computers, which don't have lungs, [...]"

16:52 *** Joins: tester4 (~tester@tor/onion)

16:54 *** Quits: tester3 (~tester@tor/onion) (Ping timeout: 240 seconds)

18:50 *** Joins: Juesto/ef (~Juest@rev190-105-167-002.pccp.net.ar)

18:50 *** f_|aop/ef sets mode: +o Juesto/ef

18:54 *** Quits: Juest/ef (~Juest@rev190-105-167-002.pccp.net.ar) (Read error: Operation timed out)

19:04 <f_/h> !flags

19:15 *** Joins: Juest/ef (~Juest@rev190-105-167-002.pccp.net.ar)

19:15 *** f_|aop/ef sets mode: +o Juest/ef

19:21 *** Quits: Juesto/ef (~Juest@rev190-105-167-002.pccp.net.ar) (Ping timeout: 630 seconds)

20:23 *** Quits: tweezers (~tweezers@103.108.229.68) (Ping timeout: 240 seconds)

20:57 *** Joins: Juesto/ef (~Juest@rev190-105-167-002.pccp.net.ar)

20:57 *** f_|aop/ef sets mode: +o Juesto/ef

21:00 *** Quits: Juest/ef (~Juest@rev190-105-167-002.pccp.net.ar) (Read error: Operation timed out)

21:47 *** Joins: Juest/ef (~Juest@rev190-105-167-002.pccp.net.ar)

21:47 *** f_|aop/ef sets mode: +o Juest/ef

21:53 *** Quits: Juest__ (~HxChat@rev190-105-167-002.pccp.net.ar) (Ping timeout: 240 seconds)

21:54 *** Quits: Juesto/ef (~Juest@rev190-105-167-002.pccp.net.ar) (Ping timeout: 630 seconds)