Tuesday, April 08, 2014
xsf@muc.xmpp.org
April
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8
9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
             
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings

[00:05:54] *** jonathan has left the room
[00:06:27] *** Lance shows as "online" and his status message is "Working on Otalk"
[00:09:08] *** xnyhps shows as "away" and his status message is "Away"
[00:26:25] *** tato has joined the room
[00:27:56] *** Wojtek has left the room
[00:48:31] *** Lance has left the room
[00:57:15] *** Lance has joined the room
[00:57:15] *** Lance shows as "online" and his status message is "Working on Otalk"
[00:57:55] *** MattJ shows as "away"
[00:59:50] *** MattJ shows as "online"
[01:02:21] *** ralphm shows as "online"
[01:05:33] *** louiz’ has left the room
[01:08:20] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[01:15:11] *** ralphm shows as "online"
[01:20:12] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[01:21:45] *** Lance shows as "away" and his status message is "Working on Otalk"
[01:32:11] *** Lance shows as "online" and his status message is "Working on Otalk"
[01:42:10] *** tato has left the room
[01:45:39] *** intosi shows as "away" and his status message is "Away"
[01:47:28] *** jonathan has joined the room
[02:19:11] *** Lance has left the room
[02:19:28] *** Lance has joined the room
[02:19:29] *** Lance shows as "online" and his status message is "Working on Otalk"
[02:25:19] *** MattJ shows as "away"
[02:49:25] *** Lance has joined the room
[02:49:25] *** Lance shows as "online" and his status message is "Working on Otalk"
[02:56:09] *** xnyhps shows as "away" and his status message is "Away"
[04:11:29] *** Lance shows as "away" and his status message is "Working on Otalk"
[04:19:07] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[04:19:49] *** jonathan shows as "online"
[04:40:39] *** Lance has joined the room
[04:40:39] *** Lance shows as "away" and his status message is "Working on Otalk"
[04:41:42] *** intosi shows as "away" and his status message is "Away"
[05:08:29] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[05:13:05] *** jonathan shows as "online"
[05:25:57] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[05:34:01] *** Neustradamus has left the room
[05:34:02] *** Neustradamus has joined the room
[05:35:15] *** jonathan shows as "online"
[05:41:01] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[05:41:11] *** xnyhps shows as "away" and his status message is "Away"
[05:43:39] *** Santiago26 has joined the room
[05:44:29] *** Santiago26 shows as "online"
[05:48:03] *** Flow has joined the room
[05:51:01] *** jonathan shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[05:58:53] *** jabberjocke has left the room
[06:11:48] *** intosi shows as "online"
[06:19:49] *** Santiago26 has left the room
[06:22:26] *** Santiago26 has joined the room
[06:26:51] *** Tobias has joined the room
[06:26:53] *** Tobias shows as "online"
[06:32:03] *** Flow has left the room
[07:07:11] *** intosi has joined the room
[07:07:29] <intosi> Sorry guys, my bad. Prosody didn't come back up after upgrading to the new openssl.
[07:08:03] <intosi> StartSSL is probably going to make heaps of money from all the revocation requests they will get.
[07:08:10] *** Kev has joined the room
[07:08:27] *** dwd has joined the room
[07:08:44] *** Lance has joined the room
[07:08:46] *** Lance shows as "online" and his status message is "Working on Otalk"
[07:15:35] *** Link Mauve has joined the room
[07:18:43] *** Link Mauve shows as "online" and his status message is "Please upgrade your OpenSSL asap! http://heartbleed.com/"
[07:23:29] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[07:32:38] *** Lloyd has joined the room
[07:33:29] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[07:44:28] <Link Mauve> It seems there is only two XEPs remaining here: http://xmpp.org/xmpp-protocols/xmpp-extensions/
[07:51:05] <intosi> That's not many.
[07:54:08] <intosi> It's only the index that's broken. The actual XEPs seem to work just fine.
[07:54:18] <Link Mauve> Yeah.
[07:56:23] <intosi> That;s a bit of a relief. Still bad, but not as bad as it could be.
[07:56:56] *** Tobias has joined the room
[07:56:59] *** Tobias shows as "online"
[08:00:37] *** xnyhps has joined the room
[08:00:38] *** xnyhps shows as "online"
[08:00:55] *** dwd shows as "online"
[08:09:21] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[08:09:57] *** Zash has joined the room
[08:09:59] *** Zash shows as "online"
[08:10:47] <intosi> Who generates the xeplist?
[08:11:03] <intosi> It was regenerated yesterday evening at 21:19 UTC.
[08:11:29] <Kev> Matt was doing it last night.
[08:11:47] <Kev> He and I spent quite some time trying to work out what the dependencies of Tobias's script was, and getting it to work.
[08:12:37] *** dwd shows as "online"
[08:13:28] <intosi> Ah. There might be a slight issue still then.
[08:13:28] *** martin.hewitt@surevine.com has joined the room
[08:15:19] *** Ge0rG has joined the room
[08:15:19] *** Ge0rG shows as "-"
[08:17:28] *** fippo has joined the room
[08:17:40] <fippo> blerg
[08:18:08] <Kev> I think on international Internet Is Broken day, probably not our biggest concern.
[08:19:23] <dwd> How are we all doing with "free" certificates today?
[08:21:45] <intosi> Very sucky, thank you very much.
[08:22:10] <intosi> Raspbian doesn't have an update for openssl yet.
[08:22:25] <intosi> They must run their buildbots on RPis.
[08:24:27] <intosi> Kev: right.
[08:31:32] *** xnyhps shows as "online"
[08:34:27] <intosi> Rebooting perseus, see you at the other side of the reboot.
[08:35:31] *** Simon has joined the room
[08:35:46] *** Link Mauve has joined the room
[08:35:48] *** intosi has joined the room
[08:35:50] *** xnyhps has joined the room
[08:35:52] *** xnyhps shows as "online"
[08:38:40] *** xnyhps shows as "online"
[08:39:44] <intosi> I guess the installed version of Prosody on xmpp.org doesn't let us know we're kicked out of the MUC after all.
[08:41:36] *** Simon shows as "away" and his status message is "Away"
[08:42:36] *** xnyhps shows as "away" and his status message is "Away"
[08:42:44] *** fippo has joined the room
[08:43:11] *** fippo has left the room
[08:43:21] *** Simon shows as "online"
[08:43:21] *** Simon shows as "away" and his status message is "Away"
[08:43:25] *** Simon shows as "online"
[08:43:30] *** fippo has joined the room
[08:44:24] *** Lance has joined the room
[08:44:41] *** xnyhps shows as "away" and his status message is "Away"
[08:44:44] *** xnyhps shows as "online"
[08:45:22] *** intosi has joined the room
[08:46:01] *** MattJ has joined the room
[08:47:06] *** Lance shows as "online" and his status message is "Working on Otalk"
[08:49:51] *** dwd has joined the room
[08:49:56] <dwd> .
[08:50:00] <dwd> Ah, goodie.
[08:50:20] <dwd> AMusing thing: RapidSSL refuse emails for revocation requests; they have to be faxes for security.
[08:50:31] *** Ge0rG has joined the room
[08:50:32] <dwd> SO you send your fax using a free online service via email.
[08:50:59] <Ge0rG> intosi: MattJ promised to fix it. I suppose it will be on a Monday
[08:51:13] <intosi> Ge0rG: ta
[08:51:30] *** martin.hewitt@surevine.com has joined the room
[08:51:38] <Simon> this whole CA thing is just stupid. So broken. You fix revocations, then break it again by needing to use faxes… Bring on DNSSEC!
[08:52:02] <Simon> sorry - grumpy mood.
[08:52:28] <intosi> Simon: I think we all are a bit grumpy. The people with more than a few StartSSL certs even more so.
[08:52:38] <dwd> I think pretty well any sysadmin or devops is in a shitty mood today.
[08:53:36] <intosi> Well, that was the software side of all ik.nu-related machines.
[08:53:40] <Simon> It's hard to comprehend the scale of the heartbeat issue! Just effing mindblowing!.
[08:56:26] <intosi> Yup. Especially with PHBs who fail to understand the issue, and won't sign off the expenses for key revocations. A friend of mine happens to have this issue.
[08:56:51] <MattJ> Ge0rG, intosi: What did I promise to fix?
[08:56:53] <dwd> It's so nasty. Not as if you can even switch CA to avoid the bait-and-switch.
[08:56:58] <dwd> MattJ, Everything.
[08:57:06] <MattJ> Was afraid of that
[08:57:25] <intosi> dwd: indeed.
[08:57:35] <intosi> MattJ: xeplist only has two items.
[08:57:43] <Simon> anyone done a startssl revocation dance yet?
[08:58:16] <Ge0rG> MattJ: you wanted to fix heartbeat.
[08:58:57] <MattJ> My comment last night was about MUC/s2s on server reboots :)
[08:59:14] <Ge0rG> MattJ: it was worth a try ;)
[08:59:18] <fippo> mattj: it seems you're leaking all your precious server code in hearbeat!
[08:59:48] <fippo> err... bleed
[09:01:31] <intosi> Simon, I haven't yet. But they will be rising fast on the list of vendors to be dropped in a heartbeat if it turns out that they will insist on me paying for revocation of all my certs… That's a lot of money that would've bought me certs with vendors that do have a sane revocation policy. It's not like you usually revoke them because you thought it would be the fun thing to do today.
[09:03:21] <dwd> Heart Bleed
Why do you miss, when my baby kisses me?
[09:03:52] <dwd> Turns out there's loads of songs I never knew about called "Heartbeat". You could build a whole playlist.
[09:04:38] <Simon> intosi: It's easy to bitch about StartSSL. They have also done more than any other CA to get people to start using certs by making the basic certs free.
[09:09:04] <dwd> Oh, this fills me with confidence in StartSSL's knowledge and understanding of security:

72.) I made a mistake, can I get my certificate revoked?

Revocations carry a handling fee of currently US$ 24.90. Class 1 subscribers may use a different sub domain in order to create additional certificates without the need to revoke a previously created certificate. Alternatively it's possible to upgrade to Class 2 level which allows to create the same set of certificates once again (besides all the other benefits), because different levels are issued by different issuers, making revocation unnecessary.
[09:09:31] <dwd> Private key compromised? Oh, just get a new certificate, then it's all OK.
[09:09:53] <intosi> yeah, it sucks.
[09:10:08] <intosi> I just mailed them (on a personal title) asking them how they would envision handling this.
[09:10:14] *** xnyhps shows as "online"
[09:10:19] <dwd> Also note that, to my amazement, it's not just free certs they charge for - it's anything below EV.
[09:10:22] *** xnyhps shows as "online"
[09:10:27] <intosi> Yeah.
[09:11:06] <intosi> If someone has been gathering private keys using this exploit, StartSSL customers are a nice target for identity spoofing.
[09:11:24] <dwd> If you claim it was spoofed, they'll revoke it for free, and ban you for life.
[09:11:29] <dwd> So a double win.
[09:11:32] <intosi> Yup.
[09:11:43] *** Tobias has joined the room
[09:12:03] *** martin.hewitt@surevine.com shows as "online"
[09:12:05] <Simon> xnyphs: do you plan on adding any checks for old certs / compromised certs to xmpp.net?
[09:12:25] <xnyhps> Simon: Define "compromised"?
[09:12:46] <dwd> Simon, You mean running status checks on them?
[09:12:50] <xnyhps> Certs past their notAfter date (on the moment of testing) are given an F.
[09:13:01] <Simon> anything older than the heartbeat announcement?
[09:13:03] <xnyhps> It doesn't check CRL/OCSP yet.
[09:13:38] <dwd> I noticed a libnss update whizz past on my workstation - am I just being behind, or was that affected?
[09:13:44] <intosi> Strongest would be 'potentially compromised'
[09:14:03] *** xnyhps shows as "online"
[09:14:06] <intosi> You cannot claim the certs are compromised at all.
[09:14:55] <Simon> intosi: you have a point
[09:14:59] *** xnyhps shows as "online"
[09:15:31] *Simon imagines TLA employee running ./cert-vacuum.sh 0.0.0.0/0
[09:16:26] <MattJ> dwd, http://changelogs.ubuntu.com/changelogs/pool/main/n/nss/nss_3.15.4-1ubuntu7/changelog
[09:17:08] <MattJ> http://matthewwild.co.uk/uploads/dsas.png :'(
[09:17:35] <dwd> Oh, different problem.
[09:18:08] <MattJ> intosi, seems someone in prosody@ got an, erm, negative reply from StartSSL
[09:19:27] <intosi> Negative in what sense?
[09:19:45] <intosi> "We will kill your account", or "pay us, we will revoke"?
[09:20:28] <dwd> intosi, The quote was "fuck you stupid", but I'm hoping that's paraphrasing.
[09:20:44] <intosi> Ehm, ouch.
[09:21:26] <intosi> Would be quite unprofessional if it wasn't.
[09:21:32] <Simon> are cert revocations still handled as a massive file that clients download? or is there some kind of querying standard?
[09:22:46] <MattJ> Best answer: both
[09:25:53] *** Simon shows as "away" and his status message is "Away"
[09:25:57] *** Simon shows as "online"
[09:27:54] <dwd> Simon, CRLs - signed lists - can be downloaded, and there's also OCSP for querying. In addition, servers can provide a recent OCSP response themselves, via OCSP Stapling, a TLS extension.
[09:28:02] <intosi> I shouldn't have had that last cup of coffee.
[09:28:25] *Simon is informed.
[09:29:10] <Ge0rG> is anybody (read: a client implementation) actually using CRLs or OCSP?
[09:31:12] <dwd> Ge0rG, Swift may well be. But the TLS implementations don't tend to do this for you - NSS might do, but OpenSSL certainly won;t.
[09:31:38] <xnyhps> Ge0rG: If you enable it system-wide on OSX, then Adium does.
[09:32:03] <Simon> xnyhps - how does one enable it system wide on OSX?
[09:33:10] <xnyhps> Simon: Open "Keychain Access" -> Preferences -> tab "Certificates"
[09:33:51] <dwd> xnyhps, This isn't on by default?
[09:34:11] <intosi> It's "Best effort"
[09:34:16] <xnyhps> I don't remember what the defaults are, but I'm guessing no.
[09:34:20] <Simon> thanks.
[09:34:29] <intosi> Err, best attempt.
[09:34:31] <Simon> defaults to "best effort"
[09:34:59] <xnyhps> Ah, so it works, except when you need it to work. ;)
[09:35:30] <intosi> Yes, because strict checking would lead to a lessened end-user experience, probably ;)
[09:37:11] *** martin.hewitt@surevine.com has left the room
[09:38:24] *** martin.hewitt@surevine.com has joined the room
[09:40:27] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[09:41:11] *** dwd shows as "online"
[09:44:04] *** Alex has joined the room
[09:46:47] *** xnyhps shows as "online"
[09:50:47] *** xnyhps shows as "away" and his status message is "Away"
[09:58:12] *** Zash has joined the room
[09:58:15] *** Zash shows as "online"
[10:06:06] *** xnyhps shows as "away" and his status message is "Away"
[10:06:08] *** xnyhps shows as "online"
[10:06:39] *** MattJ shows as "away"
[10:07:07] *** Tobias shows as "online"
[10:08:26] <Ge0rG> intosi: isn't that true of all security measures?
[10:09:55] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:10:45] <intosi> Usually.
[10:10:57] *** dwd shows as "online"
[10:11:36] <dwd> Ge0rG, Failing to do security right does also have a detrimental effect on the user experience, too. :-)
[10:12:43] *** Zash has left the room
[10:12:46] *** Zash has joined the room
[10:12:47] *** Zash shows as "online"
[10:13:23] *** xnyhps shows as "online"
[10:13:52] *** xnyhps shows as "online"
[10:14:16] <Ge0rG> dwd: counter-example: cryptocat
[10:17:20] *** Tobias shows as "away"
[10:19:31] <intosi> dwd: like leaving your door unlocked. In normal use it's more convenient, until someone empties your home :)
[10:22:54] <dwd> Right, leaving your home unlocked means you can get in and out quickly and easily, but may hamper later attempts to watch the telly you no longer have.
[10:23:56] *** Alex has joined the room
[10:24:09] *** Alex shows as "online"
[10:31:21] *** xnyhps shows as "online"
[10:31:42] *** xnyhps shows as "online"
[10:33:27] *** Simon shows as "away" and his status message is "Away"
[10:38:24] *** Santiago26 has joined the room
[10:42:49] *** Tobias shows as "online"
[10:45:40] <Ge0rG> http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4817504d069b4c5082161b02a22116ad75f822b1 - Robin Seggelmann broke the Internet. And he also coauthored SCTP-DTLS
[10:46:01] *** Simon shows as "online"
[10:50:50] <Simon> anyone know of a hosted XMPP service that lets you upload your cert+key?
[10:52:37] *** Lance has joined the room
[10:52:38] *** Lance shows as "online" and his status message is "Working on Otalk"
[10:55:37] <fippo> ge0rg: ah, it's not ekr who is accused this time?
[10:56:03] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[10:56:13] *** dwd shows as "online"
[10:56:49] *** Lloyd has joined the room
[10:58:25] *** Lloyd shows as "away" and his status message is "Away"
[11:02:39] *** Lloyd shows as "online"
[11:02:47] *** Lloyd has left the room
[11:06:53] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[11:10:41] *** Simon shows as "away" and his status message is "Away"
[11:19:15] *** Simon shows as "online"
[11:29:05] *** Simon shows as "away" and his status message is "Away"
[11:29:08] *** Simon shows as "online"
[11:29:25] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:29:57] *** Zash has left the room
[11:38:42] *** dwd shows as "online"
[11:41:27] *** MattJ shows as "online"
[11:45:48] *** Santiago26 shows as "xa" and his status message is "Автостатус (неактивен)"
[11:48:24] <dwd> Friend of mine just pointed out it's not just private keys that could be leaked.
[11:50:38] <MattJ> Of course
[11:52:49] *** Zash has joined the room
[11:52:50] *** Zash shows as "online"
[11:54:30] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[11:55:53] *** dwd shows as "online"
[11:56:04] *** martin.hewitt@surevine.com shows as "online"
[11:57:34] *** Simon shows as "away" and his status message is "Away"
[11:57:39] <fippo> dwd: user data as well
[11:57:49] <dwd> Right, passwords etc.
[11:57:50] *** Simon shows as "online"
[11:58:04] <intosi> dwd: pretty much anything in memory of the process, right?
[11:58:09] <fippo> for https also cookies, csrf token etc
[11:58:50] *** Simon shows as "away" and his status message is "Away"
[11:59:40] <MattJ> This is what I posted to the Prosody list last night: https://groups.google.com/d/topic/prosody-users/LvbwWkUOGGU/discussion
[11:59:45] *** Simon shows as "online"
[12:04:05] *** Kev has joined the room
[12:04:45] *** Kev shows as "online"
[12:05:40] <Kev> intosi: And either process.
[12:07:25] *** Simon shows as "away"
[12:11:52] *** Zash shows as "online"
[12:19:22] <dwd> Kev, Oh, if a server requests heartbeats of a client?
[12:19:42] <MattJ> Yes, it's possible
[12:20:27] <MattJ> I was going to say in XMPP that's not too exciting, because the server generally knows everything the client knows
[12:20:33] <MattJ> But not in the case of OTR...
[12:20:47] <intosi> Nor in the case of certificate authentication.
[12:20:49] <dwd> Or SRP, or SCRAM.
[12:21:08] <MattJ> True
[12:22:09] <intosi> It appears that once you think you know the magnitude of the impact of this issue, you're not thinking big enough.
[12:23:57] <Ge0rG> basically all data stored in the client or server process is screwed.
[12:24:18] *** Kev shows as "away"
[12:25:44] *** Tobias has left the room
[12:25:52] *** Tobias has joined the room
[12:25:54] *** Tobias shows as "online"
[12:26:22] <MattJ> Also on the topic of security issues: http://thread.gmane.org/gmane.comp.security.oss.general/12514/focus=12523
[12:27:39] <dwd> Ah, CVE politics.
[12:28:53] <Ge0rG> the bitcoin client is also linked against libssl. sounds like major emoney movement
[12:30:45] *** Kev shows as "online"
[12:30:47] *** jonathan has joined the room
[12:31:11] <MattJ> No TLS there though, surely?
[12:31:25] <Zash> DTLS perhaps
[12:31:31] <Zash> or hashes and stuff
[12:35:42] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[12:38:33] *** Tobias shows as "away"
[12:45:06] *** Lloyd has joined the room
[12:45:42] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[12:49:28] <Kev> https://twitter.com/warrenguy/status/453510021930680320 It gets better.
[12:51:11] <Ge0rG> at least one less of the horrible things: https://twitter.com/agl__/status/453472368589942785
[12:52:58] *** Tobias shows as "online"
[12:58:54] <intosi> Paraphrasing StartCom: "fuck you"
[12:59:08] <intosi> More detailed:
[12:59:10] <intosi> It's upon the subscriber to take appropriate action since the certificate authority can't enforce which software to use. The terms of service and related fees will not change due to that.

See also the Subscriber Obligations at https://www.startssl.com/policy.pdf in particular:

   • Never share private keys with any third party and use
   adequate protection and best security practices to secure
   private keys in order prevent losses and compromises thereof.
   • Notify StartCom immediately in case of a private key
   compromise and request revocation of the affected
   certificate(s).

Regards
 
Signer:
Nikolay Duhman, CVO

StartCom Ltd. <http://www.startcom.org/>;
E-Mail:
nikolayd@startcom.org
Phone:
+972-57-631-56-27

[12:59:42] <intosi> I believe StartCom fails to see the scale of this issue.
[13:00:17] <Ge0rG> intosi: yeah, they fail to see it for the many dollar signs in their eyes
[13:00:38] <Ge0rG> intosi: is there a source on that paste?
[13:00:40] <Kev> Well, StartCom's model is free certs and paid for revokations if something goes wrong.
[13:01:04] <Ge0rG> Kev: sensible if something goes wrong due to admin fail.
[13:01:20] <Ge0rG> I wish I could make dumb people pay more for my time.
[13:01:29] <intosi> Ge0rG: what do you mean? This is the answer I got from StartCom when I asked about this issue.
[13:02:04] <Ge0rG> intosi: I mean something like a pastebin URL I could submit to HN for some easy karma points :P
[13:02:14] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[13:04:18] *** martin.hewitt@surevine.com shows as "online"
[13:05:10] <intosi> Ah. http://pastebin.com/B0UnY00p
[13:06:05] <Ge0rG> thanks very much :)
[13:06:34] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:06:57] <Kev> FWIW, I don't see that this is worth anger at StartCom. The model was clear up front.
[13:08:05] <Kev> And the openssl vulnerability was hardly their fault.
[13:08:40] <intosi> While true, this might hurt the trust in StartCom. This is not an admin-error either.
[13:09:07] <intosi> In fact, the desire to have better security is one of the reasons many sites upgraded to openssl 1.0.1 in the first place.
[13:09:58] <Ge0rG> it might be good publicity for startcom to open a window of maybe 1 month for free revocations
[13:11:00] <intosi> I will most certainly reconsider my plans to get a Class 2 certification with them. I was about to do that.
[13:11:37] <Simon> Kev: totally agree. Startcom is very clear that their basic certs are free and that additional services are payed for.
[13:11:59] <Ge0rG> StartCom is adding a free angle to the whole CA extortion business.
[13:12:23] <Ge0rG> I also like it how they provide an easy way to generate the private keys on their servers.
[13:12:41] <Simon> yes - that took me by surprise too.
[13:13:48] <Ge0rG> On my paranoid IT-companies-run-by-Mossad list they range right before ICQ
[13:14:16] <Tobias> usability WTF
[13:14:36] *Simon is happy with the free-for-opensource-certs from globalsign. (but wouldn't touch them if I had to pay)
[13:15:11] <Tobias> Simon, why not?
[13:16:34] *** jonathan shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[13:16:55] <Simon> expensive.
[13:17:10] <Tobias> ah..k
[13:17:32] <Simon> Can't believe we're still putzing around with CAs.
[13:17:45] <Ge0rG> or with TLS
[13:17:46] <Simon> (when IPSEC could solve a lot of this for us)
[13:17:57] <Simon> Bring back double-rot-13
[13:18:49] <Ge0rG> there is even a dedicated opcode on most CPU archs for double-rot13... on x86 it is 0x90
[13:19:18] <Simon> one opcode up from the /dev/null acceleration unit?
[13:20:20] *** xnyhps shows as "online"
[13:20:44] *** dwd shows as "online"
[13:24:04] *** xnyhps shows as "online"
[13:26:18] *** Kev shows as "online"
[13:27:12] *** xnyhps shows as "online"
[13:28:06] *** xnyhps shows as "online"
[13:37:01] <dwd> intosi, What amazes me is that StartCom charge for revocation on Class 2. I'd not realised that before.
[13:37:40] <intosi> Neither did I until now.
[13:37:46] *** jonathan shows as "online"
[13:37:46] *** Kev shows as "online"
[13:38:39] <intosi> Assumptions, and mothers of something I guess.
[13:38:40] <dwd> In fairness, I only knew about the revocation charges because I'd stumbled on it before. I disagree that it was "clear up front", I don't think you're warned when you're getting the thing.
[13:38:49] <intosi> You're not.
[13:38:54] <Kev> OK. I assumed it was clear, because you'd warned me.
[13:39:15] <intosi> You only find out about it if you read the FAQ, which is usually when you want to revoke.
[13:39:22] <Kev> (Which is why I didn't use them in the end)
[13:39:31] <Kev> (That and I felt more trust towards other CAs)
[13:39:38] <intosi> It's probably buried in the small print somewhere.
[13:40:15] *** Kev has left the room
[13:40:20] *** Kev has joined the room
[13:40:21] *** Kev shows as "online"
[13:42:06] *** edhelas has joined the room
[13:42:11] <edhelas> hi
[13:42:21] <dwd> I've only seen it in the FAQ, under "I made a mistake, can I get my certificate revoked?"
[13:42:48] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:42:51] <intosi> There is something in 4.9.1 of the policy.
[13:42:54] <intosi> "Revocations of certificates may carry a handling fee"
[13:46:16] <Kev> OK. That's considerably less obvious than I'd assumed.
[13:48:50] <intosi> Quite.
[13:49:39] <intosi> That footnote only applies to "The subscriber makes a request for revocation".
[13:50:03] <intosi> "The subscriber’s key is suspected to be compromised;" doesn't have a (*)
[13:50:11] *** ralphm has joined the room
[13:50:35] *** Simon has left the room
[13:52:40] *** Lance has joined the room
[13:52:41] *** Lance shows as "online" and his status message is "Working on Otalk"
[13:52:48] *** jonathan shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[13:53:33] <ralphm> intosi: I did know about this. They have to make money somehow, I suppose.
[13:54:09] <ralphm> intosi: I wonder if they make an exception this time around, though
[13:54:16] <intosi> Sure. And for admin-fuckups, I agree.
[13:54:33] <intosi> ralphm: I contacted them, and they said no.
[13:57:18] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[13:57:24] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[13:58:05] *** Santiago26 shows as "online"
[13:58:51] *** martin.hewitt@surevine.com shows as "online"
[13:59:02] *** dwd shows as "online"
[13:59:05] <ralphm> intosi: I am guessing they will back down on this later today
[13:59:41] <dwd> ralphm, Why? They'll make more money today than they'll have made the rest of the year.
[13:59:55] <intosi> What dwd said.
[14:00:34] <intosi> It might lose them a few customers, but those will be mostly just the free-loaders.
[14:01:12] <ralphm> dwd: depends. it might result in a PR disaster
[14:01:16] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[14:01:16] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[14:01:17] <intosi> And perhaps some Class 2 customers who only just found out they are charged for revocation as well.
[14:02:05] <dwd> intosi, Except you can't just walk away if you understand and care about security, so they'll pay the fee anyway.
[14:02:12] <intosi> Yup.
[14:02:13] <ralphm> someone suggested their CA cert should be revoked instead :-)
[14:02:16] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[14:02:16] *** edhelas shows as "online" and his status message is "lol"
[14:02:33] *** Santiago26 has left the room
[14:02:34] <dwd> I'd love to see the handling fee on that.
[14:03:43] <ralphm> 7am. I suppose I should get tonwork early today
[14:03:56] <ralphm> -n
[14:04:33] <intosi> Have some bacon first.
[14:06:12] <dwd> Last hotel I stayed at had unlimited free bacon thanks to my status.
[14:06:24] *** jonathan shows as "online"
[14:06:36] <dwd> As far as I could tell, despite some efforts on my behalf to find one, there was no AUP either.
[14:08:48] <ralphm> This hotel is pretty good *except* for breakfast. I never seen things so minimal.
[14:09:07] <dwd> ralphm, US business hotel?
[14:09:12] <intosi> They might charge you a revocation fee should you decide not to eat all your bacon.
[14:09:42] <ralphm> dwd: no. I assume no chef and no dishwasher.
[14:09:43] <intosi> (or if the vendor of your utensils found out it compromised the bacon)
[14:11:00] <ralphm> dwd: the breakfast at Aloft is Royal, in comparision
[14:12:01] <Kev> Golly.
[14:12:24] <ralphm> intosi: the more retweets, the better, maybe
[14:12:33] <dwd> ralphm, What, really? That's really almost travelodgian.
[14:14:35] <ralphm> dwd: plastic ware and no cheese or meats, no eggs, no whole fruits, dry croissants
[14:15:20] <ralphm> They do have a waffel maker, oddly enough
[14:15:41] <Tobias> intosi, any news on wiki.xmpp.org?
[14:16:00] <intosi> Tobias: nothing apart from "works if you allow your browser to remember the cookie for 180 days"
[14:17:20] <Tobias> how do i tell chrome to allow that :)
[14:17:50] <intosi> Well, see the nifty checkbox on the login page?
[14:17:57] <intosi> Check that when logging in.
[14:18:03] <Tobias> ahh :)
[14:18:20] <Tobias> yup..that works...thanks :)
[14:19:18] <intosi> Still need to fix the issue though.
[14:19:23] <intosi> But having a workaround is good.
[14:21:37] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[14:22:13] <dwd> BTW, Yahoo is apparently leaking passwords via Heartbleed on login.
[14:22:18] <Kev> Yep.
[14:22:26] <Kev> I thought I pasted that in here a while back.
[14:22:36] <dwd> Oh, quite possibly.
[14:24:35] <MattJ> dwd, my favourite is the comments on the Ars Technica article... they posted it while their site was still vulnerable, and now users are posting comments on the article as each other using dumped session cookies
[14:29:22] <edhelas> we need to regenerate our XMPP certificates ? https://xmpp.net/ the certificates are still valid for my server
[14:31:09] <MattJ> edhelas, they may have been compromised though
[14:31:36] <MattJ> i.e. it may have been possible that someone downloaded your key file
[14:32:04] <edhelas> yup
[14:47:25] *** Simon has joined the room
[14:47:25] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[14:47:52] <Simon> does anyone know if gtalk.com can pass IQ messages?
[14:48:26] <Simon> or am I being hit by some kind of rate limiting?
[14:48:44] <Simon> seems possible: https://developers.google.com/cloud-print/docs/rawxmpp
[14:49:11] *** jonathan shows as "online"
[14:49:19] *** ralphm shows as "online"
[14:49:54] <ralphm> Simon: depends. Since May, many things are broken in this respect
[14:50:46] <Simon> thanks ralphm.
[14:50:50] <ralphm> Like that if the recipient has enabled hangouts, you might not even get iq responses
[14:53:34] <dwd> On reddit, somebody claims that OpenSSL.org was vulnerable two hours ago.
[14:54:16] <intosi> That's… odd. It's mostly down for me.
[14:54:31] <intosi> Ah, no, it's back again.
[14:55:45] <intosi> And filippo.io agrees.
[14:56:02] <intosi> http://filippo.io/Heartbleed/#openssl.org
[14:57:10] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[14:57:17] *** Tobias has left the room
[14:57:26] *** Tobias has joined the room
[14:57:28] *** Tobias shows as "online"
[14:59:08] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[15:00:48] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[15:00:54] *** dwd shows as "online"
[15:02:20] *** Simon shows as "away" and his status message is "Away"
[15:02:38] *** Alex has joined the room
[15:02:45] *** Simon shows as "online"
[15:06:23] *** ralphm shows as "online"
[15:06:25] *** martin.hewitt@surevine.com shows as "online"
[15:11:24] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[15:17:12] *** xnyhps shows as "online"
[15:18:49] *** ralphm shows as "online"
[15:19:36] *** Simon shows as "away" and his status message is "Away"
[15:20:14] *** edhelas has left the room
[15:20:21] *** Simon shows as "online"
[15:21:13] *** xnyhps shows as "away" and his status message is "Away"
[15:22:16] <dwd> intosi, I'm hearing that test is not reliable - it can give false positives.
[15:22:47] <Simon> I recommend using http://possible.lv/tools/hb/
[15:22:50] <Ge0rG> that test does not retest already tetsted domains
[15:23:08] <dwd> Ge0rG, Ah, gotcha.
[15:23:12] <Ge0rG> not sure if the caching is browser- or server-side
[15:23:49] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[15:24:49] <Tobias> i wonder how fast banks are with their patching
[15:25:03] <dwd> I've seen suggestions that some banks have been caught out.
[15:25:15] <Simon> I'm avoiding logging into anything crucial today
[15:25:39] <Ge0rG> looks like my bank is safe.
[15:25:41] <Tobias> dwd, indeed
[15:25:53] <dwd> intosi, Lloyd: Ta for the re-tweet. Bit cheeky. I wonder if they'll reply.
[15:26:35] *** Ash has joined the room
[15:27:01] *** Simon shows as "away" and his status message is "Away"
[15:27:05] *** Simon shows as "online"
[15:30:41] *** edhelas has joined the room
[15:34:03] *** ralphm shows as "online"
[15:34:56] <ralphm> dwd: given that they are based in Israel, probably not soon
[15:35:17] <dwd> True, they're probably into their evening now.
[15:38:02] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[15:38:02] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[15:39:57] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[15:40:35] *** ralphm shows as "online"
[15:41:28] *** Simon shows as "away" and his status message is "Away"
[15:41:40] *** Simon shows as "online"
[15:41:59] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[15:41:59] *** edhelas shows as "online" and his status message is "lol"
[15:42:19] *** Lloyd shows as "online"
[15:42:53] *** martin.hewitt@surevine.com has joined the room
[15:42:54] <dwd> The Ars Technica article's comments have a severe misunderstanding of PFS. Sadly, I think you could get at the DH parameters on the server, and that'd make EDH protected sessions pretty weak, wouldn't it?
[15:49:50] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[15:52:31] *** xnyhps shows as "away" and his status message is "Away"
[15:53:26] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[15:54:07] *** stpeter has joined the room
[15:57:37] *** martin.hewitt@surevine.com shows as "online"
[16:01:19] *** xnyhps shows as "away" and his status message is "Away"
[16:01:22] *** xnyhps shows as "online"
[16:05:23] <xnyhps> dwd: I'd hope the server securely erases the EDH private key as soon as the handshake is done.
[16:08:09] *** m&m has joined the room
[16:08:51] <m&m> xnyhps: you presume much
[16:09:56] *** Santiago26 has joined the room
[16:11:13] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[16:11:22] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:17:37] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[16:19:18] *** Santiago26 has left the room
[16:21:22] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[16:22:43] <intosi> Securely erasing things costs cycles, while a simple free() is much cheaper.
[16:23:16] <intosi> Guess which of the two many developers will choose?
[16:24:20] *** Simon has left the room
[16:24:24] <xnyhps> I got far enough into the OpenSSL code to see that DH_free is doing something called "cleanse". But then I gave up.
[16:24:30] <Kev> It doesn't just cost cycles, it's hard bordering on impossible, depending on platform.
[16:25:52] *** Flow has joined the room
[16:26:37] *** martin.hewitt@surevine.com shows as "away" and his status message is "Away"
[16:26:40] *** martin.hewitt@surevine.com shows as "online"
[16:28:11] *** stpeter shows as "away" and his status message is "Auto Status (idle)"
[16:30:04] *** stpeter shows as "online"
[16:30:10] <Ge0rG> the other problem with securely erasing memory is: compilers. optimizing compilers. compilers optimizing away your write-before-free!
[16:32:38] <Kev> That's what I alluded to with 'hard'.
[16:33:34] *** ralphm shows as "online"
[16:34:31] <Ge0rG> oh, you might as well have referenced managed languages with immutable data types, which are impossible to clean up.
[16:34:59] <Kev> That was the 'impossible' bit :)
[16:35:20] *** ralphm shows as "online"
[16:35:21] <m&m> nevermind virtualized services
[16:36:49] *** Tobias has left the room
[16:40:18] *** ralphm shows as "away" and his status message is "Auto-away (idle)"
[16:41:05] *** Ash shows as "away" and his status message is "Away"
[16:41:14] <Ge0rG> And what about storage on SSD?
[16:42:03] <intosi> Well, any virtual memory.
[16:42:20] <Ge0rG> intosi: any memory in a modern computer is virtual.
[16:44:40] *** dwd shows as "online"
[16:44:42] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:46:17] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[16:46:17] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[16:46:18] *** Zash has joined the room
[16:46:19] *** Zash shows as "online"
[16:50:38] *** martin.hewitt@surevine.com has left the room
[16:51:02] *** jonathan shows as "online"
[16:55:47] *** stpeter shows as "away" and his status message is "Auto Status (idle)"
[16:57:20] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[16:57:37] *** stpeter shows as "online"
[17:00:08] *** jonathan shows as "online"
[17:00:40] *** Neustradamus has joined the room
[17:03:15] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[17:06:21] *** jonathan has left the room
[17:06:48] *** Kev shows as "away"
[17:06:49] *** Kev shows as "online"
[17:07:51] *** ralphm shows as "online"
[17:11:47] *** Lance has joined the room
[17:11:47] *** Lance shows as "online" and his status message is "Working on Otalk"
[17:15:07] *** Tobias has joined the room
[17:15:10] *** Tobias shows as "online"
[17:16:39] *** intosi shows as "away" and his status message is "Away"
[17:16:48] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 5 min)"
[17:19:44] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[17:19:44] *** edhelas shows as "online" and his status message is "lol"
[17:20:59] *** martin.hewitt@surevine.com has joined the room
[17:22:21] *** xnyhps shows as "online"
[17:24:20] *** m&m shows as "online"
[17:24:55] *** ralphm has left the room
[17:25:00] *** ralphm shows as "online"
[17:26:16] *** xnyhps shows as "away" and his status message is "Away"
[17:26:26] *** ralphm has left the room
[17:26:30] *** ralphm shows as "online"
[17:26:48] *** Flow shows as "xa" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Not available as a result of being idle more than 15 min)"
[17:27:24] *** Flow shows as "online" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min)"
[17:30:04] *** Kev shows as "online"
[17:30:08] *** Kev has left the room
[17:30:14] *** Kev has joined the room
[17:30:15] *** Kev shows as "online"
[17:31:49] *** xnyhps shows as "away" and his status message is "Away"
[17:31:51] *** xnyhps shows as "online"
[17:31:53] *** jonathan has joined the room
[17:33:46] *** jonathan has left the room
[17:35:04] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[17:38:25] *** martin.hewitt@surevine.com has left the room
[17:39:46] *** m&m has left the room
[17:39:48] *** m&m has joined the room
[17:40:14] *** jonathan has joined the room
[17:41:12] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[17:41:26] *** ralphm shows as "online"
[17:43:21] *** intosi shows as "online"
[17:45:20] *** Lance shows as "away" and his status message is "Working on Otalk"
[17:49:22] *** dwd shows as "online"
[17:50:34] *** martin.hewitt@surevine.com has joined the room
[17:51:48] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 5 min)"
[17:53:50] *** Zash has joined the room
[17:53:52] *** Flow shows as "online" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min)"
[17:53:54] *** Zash shows as "online"
[17:54:04] *** Ash shows as "online"
[17:59:57] *** Ash shows as "away" and his status message is "Away"
[18:00:53] *** rbarnes has joined the room
[18:00:53] *** rbarnes shows as "online"
[18:02:41] *** rbarnes shows as "online"
[18:04:58] *** Lance has joined the room
[18:04:58] *** Lance shows as "online" and his status message is "Working on Otalk"
[18:05:07] *** xnyhps shows as "online"
[18:05:10] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 5 min)"
[18:05:44] *** jabberjocke has joined the room
[18:05:44] *** jabberjocke shows as "online"
[18:07:40] *** martin.hewitt@surevine.com has left the room
[18:07:42] *** xnyhps shows as "online"
[18:07:44] *** rbarnes shows as "online"
[18:12:46] *** rbarnes shows as "online"
[18:14:30] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[18:14:30] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[18:15:06] *** martin.hewitt@surevine.com has joined the room
[18:15:10] *** Flow shows as "xa" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Not available as a result of being idle more than 15 min)"
[18:17:49] *** rbarnes shows as "online"
[18:22:51] *** rbarnes shows as "online"
[18:26:02] *** Flow shows as "online" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min)"
[18:27:53] *** rbarnes shows as "online"
[18:28:15] *** Tobias shows as "away"
[18:29:37] *** intosi shows as "away" and his status message is "Away"
[18:32:12] *** Ash shows as "online"
[18:32:56] *** rbarnes shows as "online"
[18:33:49] *** martin.hewitt@surevine.com has left the room
[18:34:11] *** Tobias shows as "online"
[18:34:36] <MattJ> I've seen a couple of people saying that StartSSL have waived revocation fees now
[18:34:51] <MattJ> Maybe they're seeing the light
[18:34:53] <stpeter> MattJ: wow
[18:34:55] <stpeter> yeah
[18:34:57] <m&m> really?
[18:35:08] <m&m> probably for today only, *IF* it's true
[18:35:20] <stpeter> their servers are probably overloaded
[18:36:55] <Kev> intosi might appreciate a highlight, then.
[18:37:59] *** rbarnes shows as "online"
[18:39:20] *** rbarnes has left the room
[18:39:22] *** Kev has left the room
[18:42:13] *** Kev has joined the room
[18:42:14] *** Kev shows as "online"
[18:43:10] *** rbarnes has joined the room
[18:43:10] *** rbarnes shows as "online"
[18:46:01] *** intosi shows as "away" and his status message is "Away"
[18:46:17] *** rbarnes has left the room
[18:46:45] *** rbarnes has joined the room
[18:46:45] *** rbarnes shows as "online"
[18:48:48] *** rbarnes shows as "online"
[18:49:08] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[18:49:20] *** m&m shows as "away" and his status message is "stuffage"
[18:50:53] *** rbarnes has left the room
[18:50:56] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[18:51:17] *** intosi shows as "away" and his status message is "Away"
[18:51:20] *** jonathan has left the room
[18:52:57] *** Flow shows as "away" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min)"
[18:59:09] *** ralphm shows as "xa" and his status message is "Not available as a result of being idle"
[19:00:56] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[19:01:17] *** intosi shows as "away" and his status message is "Away"
[19:07:56] *** Flow shows as "xa" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min) (Not available as a result of being idle more than 15 min)"
[19:10:38] *** intosi shows as "away" and his status message is "Away"
[19:10:58] *** ralphm shows as "online"
[19:15:05] *** martin.hewitt@surevine.com has joined the room
[19:20:39] *** intosi shows as "away" and his status message is "Away"
[19:20:56] *** Alex shows as "away" and his status message is "Auto-Status (untätig)"
[19:21:20] *** xnyhps shows as "online"
[19:21:51] *** xnyhps shows as "online"
[19:23:58] *** intosi shows as "away" and his status message is "Away"
[19:33:04] *** martin.hewitt@surevine.com has left the room
[19:33:34] *** Tobias shows as "away"
[19:34:02] *** intosi shows as "away" and his status message is "Away"
[19:36:57] *** xnyhps shows as "online"
[19:37:20] *** xnyhps shows as "online"
[19:38:16] *** m&m shows as "online"
[19:39:56] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[19:40:41] *** intosi shows as "away" and his status message is "Away"
[19:40:56] *** Alex shows as "xa" and his status message is "Auto-Status (untätig)"
[19:41:10] *** dwd shows as "online"
[19:45:39] *** Tobias shows as "online"
[19:47:50] *** ralphm shows as "online"
[19:50:00] *** stpeter shows as "away" and his status message is "Auto Status (idle)"
[19:50:44] <dwd> Just seen someone over in prosody@ say they've had an "Exceptionally revoked without fee" from them.
[19:50:56] *** xnyhps shows as "online"
[19:51:02] *** xnyhps shows as "online"
[19:53:50] <ralphm> dwd: maybe someone just screwed up
[19:55:30] *** stpeter shows as "online"
[19:55:34] <ralphm> that said, how well do browsers even check revocation?
[19:56:19] <dwd> ralphm, Looked into this. Most pass-on-fail. Chromium and Chrome both seemed to be set to not check by default.
[19:57:38] <ralphm> splendid
[19:57:55] <m&m> not checking is FAST
[19:58:37] *** m&m shows as "away" and his status message is "stuffage"
[19:58:47] <dwd> By "pass-on-fail", I mean if the OCSP server is down they'll just silently pass.
[19:59:00] *** Flow shows as "online" and his status message is " (Away as a result of being idle more than 15 min) (Away as a result of being idle more than 15 min)"
[20:00:18] <ralphm> right
[20:02:04] *** jabberjocke has left the room
[20:03:42] *** edhelas shows as "away" and his status message is "Je ne suis pas là pour l'instant."
[20:03:42] *** edhelas shows as "online" and his status message is "lol"
[20:06:04] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[20:07:05] *** Lance has joined the room
[20:07:06] *** Lance shows as "online" and his status message is "Working on Otalk"
[20:07:33] *** MattJ shows as "away"
[20:08:42] *** Alex shows as "online"
[20:15:05] *** martin.hewitt@surevine.com has joined the room
[20:15:19] *** stpeter shows as "away" and his status message is "Auto Status (idle)"
[20:16:06] *** ralphm shows as "xa" and his status message is "Not available as a result of being idle"
[20:16:38] *** xnyhps shows as "online"
[20:16:41] *** stpeter shows as "online"
[20:16:56] <dwd> [21:16:17] tribut: hah. for a second cert i just recieved a request for a paypal transfer. so not always free it seems. @ dwd, ben
[20:16:58] *** xnyhps shows as "online"
[20:29:41] *** intosi shows as "away" and his status message is "Away"
[20:31:41] *** MattJ shows as "online"
[20:32:10] *** martin.hewitt@surevine.com has left the room
[20:38:53] *** Ash has left the room
[20:39:46] *** intosi shows as "away" and his status message is "Away"
[20:40:00] *** Flow has left the room
[20:45:17] *** Lance has joined the room
[20:45:18] *** Lance shows as "online" and his status message is "Working on Otalk"
[20:45:21] *** m&m shows as "online"
[20:51:13] *** MattJ shows as "away"
[20:55:54] *** Tobias has left the room
[20:56:05] *** ralphm shows as "online"
[20:58:51] *** MattJ shows as "online"
[20:59:01] <MattJ> Meanwhile: https://twitter.com/startssl/status/453631038883758080
[20:59:39] <ralphm> woah
[20:59:50] <ralphm> That's not even trying to be nice
[21:00:43] <Lance> i really dont understand the mixed messages from startssl. they keep saying 'no' to waiving fees, and yet people say they did get waived fees
[21:01:21] *** Tobias has joined the room
[21:01:23] *** Tobias shows as "online"
[21:02:17] *** intosi shows as "away" and his status message is "Away"
[21:06:06] *** m&m shows as "away" and his status message is "stuffage"
[21:07:38] <ralphm> Lance: right. I am thinking that some of their support people have been slightly more friendly than others
[21:12:17] *** intosi shows as "away" and his status message is "Away"
[21:15:04] *** martin.hewitt@surevine.com has joined the room
[21:15:35] *** Neustradamus shows as "away"
[21:16:52] *** martin.hewitt@surevine.com has left the room
[21:16:52] *** martin.hewitt@surevine.com has joined the room
[21:17:52] *** m&m shows as "online"
[21:21:04] *** edhelas has left the room
[21:23:36] *** Link Mauve shows as "xa" and his status message is "Upgrade your OpenSSL if it isn’t done already! http://heartbleed.com/"
[21:28:51] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[21:32:15] *** stpeter shows as "away" and his status message is "Auto Status (idle)"
[21:33:52] *** martin.hewitt@surevine.com has left the room
[21:36:43] *** ralphm shows as "online"
[21:38:03] *** jonathan has joined the room
[21:42:02] *** intosi shows as "away" and his status message is "Away"
[21:42:57] *** Kev shows as "away"
[21:43:57] *** Kev shows as "online"
[21:52:02] *** intosi shows as "away" and his status message is "Away"
[21:52:12] *** stpeter shows as "xa" and his status message is "Auto Status (idle)"
[21:54:34] *** Kev shows as "away"
[21:58:17] *** dwd shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[22:00:49] *** xnyhps shows as "online"
[22:01:25] *** xnyhps shows as "online"
[22:02:18] *** intosi shows as "away" and his status message is "Away"
[22:03:17] *** Tobias has left the room
[22:08:00] *** intosi shows as "away" and his status message is "Away"
[22:08:17] *** dwd shows as "xa" and his status message is " (Not available as a result of being idle more than 15 min)"
[22:11:55] *** m&m shows as "away" and his status message is "stuffage"
[22:15:05] *** martin.hewitt@surevine.com has joined the room
[22:17:28] *** MattJ shows as "away"
[22:17:29] *** MattJ shows as "online"
[22:22:06] *** stpeter shows as "online"
[22:30:59] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[22:33:15] *** ralphm shows as "online"
[22:33:31] *** martin.hewitt@surevine.com has left the room
[22:40:10] *** Lance has joined the room
[22:40:10] *** Lance shows as "online" and his status message is "Working on Otalk"
[22:43:07] *** m&m shows as "online"
[22:48:51] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[22:49:23] *** ralphm shows as "online"
[22:58:01] *** intosi shows as "away" and his status message is "Away"
[23:00:17] *** Alex has left the room
[23:02:54] *** m&m shows as "away" and his status message is "stuffage"
[23:03:48] *** Lance shows as "away" and his status message is "Working on Otalk"
[23:04:14] *** Lance shows as "online" and his status message is "Working on Otalk"
[23:08:17] *** m&m shows as "online"
[23:08:53] *** m&m has left the room
[23:15:05] *** martin.hewitt@surevine.com has joined the room
[23:16:09] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[23:17:09] *** intosi has left the room
[23:17:51] *** intosi has joined the room
[23:23:11] *** intosi shows as "away" and his status message is "Away"
[23:25:49] *** ralphm shows as "online"
[23:32:09] *** martin.hewitt@surevine.com has left the room
[23:45:32] *** jonathan shows as "away" and his status message is " (Away as a result of being idle more than 5 min)"
[23:46:17] *** xnyhps shows as "online"
[23:47:33] *** xnyhps shows as "online"
[23:48:47] *** jonathan shows as "online"
[23:53:07] *** xnyhps shows as "online"
[23:53:17] *** xnyhps shows as "online"
[23:57:12] *** xnyhps shows as "online"