XSF Discussion - 2017-02-23

  1. efrit has left

  2. efrit has joined

  3. efrit has joined

  4. efrit has joined

  5. efrit has joined

  6. efrit has joined

  7. Guus has left

  8. Mancho has left

  9. Kev has left

  10. Steve Kille has left

  11. Steve Kille has joined

  12. daniel has left

  13. efrit has left

  14. efrit has joined

  15. daniel has left

  16. Piotr Nosek has left

  17. xnyhps has left

  18. Tobias has joined

  19. bjc has left

  20. efrit has joined

  21. bjc has joined

  22. xnyhps has left

  23. vurpo has left

  24. vurpo has joined

  25. jere has joined

  26. jere has joined

  27. Mancho has left

  28. winfried has left

  29. Kev has joined

  30. Mancho has joined

  31. Mancho has left

  32. Alex has joined

  33. nicolas.verite has left

  34. vurpo has left

  35. SamWhited has left

  36. xnyhps has left

  37. Alex has left

  38. Kev has left

  39. Kev has joined

  40. moparisthebest has left

  41. moparisthebest has joined

  42. kaboom has left

  43. Tobias has left

  44. Tobias has left

  45. nicolas.verite has joined

  46. Kev has left

  47. Kev has joined

  48. jere has left

  49. jere has joined

  50. peter has joined

  51. Kev has left

  52. kalkin has left

  53. kalkin has joined

  54. Zash has left

  55. SamWhited has joined

  56. SamWhited has joined

  57. SamWhited has left

  58. Zash has joined

  59. vurpo has left

  60. nicolas.verite has left

  61. Kev has joined

  62. Yagiza has joined

  63. Kev has left

  64. vurpo has left

  65. vurpo has joined

  66. nicolas.verite has joined

  67. waqas has left

  68. waqas has joined

  69. waqas has left

  70. jere has left

  71. jere has joined

  72. jere has left

  73. Yagiza has left

  74. Yagiza has joined

  75. Mancho has joined

  76. Steve Kille has left

  77. Kev has joined

  78. nicolas.verite has left

  79. Yagiza has left

  80. Yagiza has joined

  81. vurpo has left

  82. vurpo has joined

  83. peter has left

  84. SamWhited has joined

  85. vurpo has left

  86. Kev has left

  87. SamWhited has left

  88. Steve Kille has left

  89. Valerian has joined

  90. daniel has left

  91. Steve Kille has left

  92. goffi has joined

  93. Kev has joined

  94. goffi has left

  95. goffi has joined

  96. Steve Kille has left

  97. Steve Kille has left

  98. Zash has joined

  99. xnyhps has left

  100. nicolas.verite has joined

  101. Guus has left

  102. Guus has left

  103. Yagiza has left

  104. Kev has left

  105. Yagiza has joined

  106. ThurahT has left

  107. vurpo has left

  108. Mancho has left

  109. uc has left

  110. uc has joined

  111. nicolas.verite has joined

  112. daniel has joined

  113. daniel has joined

  114. kalkin has joined

  115. bjc has joined

  116. bra has joined

  117. SamWhited

    I think the website is down; I don't appear to be able to ssh in either and downforeveryoneorjustme.com agrees.

  118. SamWhited

    huh, and there it goes responding well… short outage.

  119. Valerian has left

  120. Ge0rG has left

  121. dwd has left

  122. dwd has left

  123. Guus has left

  124. uc has left

  125. uc has joined

  126. dwd has left

  127. dwd has left

  128. bra has joined

  129. Zash

    Dey took ur nines

  130. xyz has joined

  131. xnyhps has left

  132. ThurahT has joined

  133. uc has left

  134. uc has joined

  135. suzyo has joined

  136. Kev has left

  137. xyz has left

  138. bra has left

  139. bra has joined

  140. dwd has left

  141. jcbrand has joined

  142. dwd has left

  143. nyco has left

  144. Piotr Nosek has joined

  145. jcbrand has left

  146. jonasw

    Tobias: http://docs.getpelican.com/en/stable/faq.html#how-do-i-assign-custom-templates-on-a-per-page-basis A custom template for the XEP / client page is probably sane. Load the data in the pelican config and access it from within the template. Jinja templates should offer enough computatational capability for that.

  147. jonasw

    (they’re probably turing complete via recursion)

  148. xyz has joined

  149. dwd has left

  150. Kev has joined

  151. Valerian has joined

  152. dwd has left

  153. sezuan has left

  154. jonasw has left

  155. uc has left

  156. uc has joined

  157. SamWhited has left

  158. jonasw


  159. jonasw

    that throws a 500

  160. Zash

    Not the most reliable differ unfortunately

  161. Zash

    WFM now, but it was real slow

  162. Kev has left

  163. Kev has joined

  164. Ge0rG

    jonasw: yeah, it's rendered on first access. you need to call it, wait some minutes and refreshe then

  165. Ge0rG

    I'm sure Zash could provide his awesome retro fixed-font markdiff version.

  166. Martin has joined

  167. Mancho has left

  168. Zash

    Ge0rG: The thing where I don't get along with git so well makes that a pain

  169. Zash

    but here's the latest 313 version: https://www.zash.se/xep-0313-0.6-vs-0.6.1.html

  170. Zash has joined

  171. Ge0rG

    Zash: I can provide you with the required shell magic

  172. jcbrand has joined

  173. dwd has left

  174. intosi

    Our differ fails on the first load of a diff, but succeeds the second load. I think it's a timing issue.

  175. intosi

    Ge0rG: a few minutes is excessive. The next reload always succeeds for me.

  176. dwd has left

  177. Mancho has left

  178. Ge0rG

    intosi: maybe my internets is just slow :)

  179. vurpo has left

  180. nicolas.verite has joined

  181. Kev has left

  182. Valerian has left

  183. Valerian has joined

  184. dwd has left

  185. efrit has joined

  186. Zash

    Ge0rG: Random SO answers point to horrible things that no longer exist, and things that apparently require tons of extra configuration.

  187. xyz has left

  188. Ge0rG

    Zash: what exact input do you wish to get?

  189. dwd has left

  190. Zash

    Ge0rG: Two filenames.

  191. Zash

    One being the old version, one being the new version

  192. Ge0rG

    Zash: easy. "echo filename1 filename2"

  193. xyz has joined

  194. Zash

    `hg extdiff -p echo`

  195. Zash


  196. Guus has left

  197. Guus has left

  198. Mancho has joined

  199. xyz has left

  200. efrit has joined

  201. jonasw has left

  202. jubalh has joined

  203. jonasw

    intosi, I reloaded one or two times, but what Ge0rG says makes sense ...

  204. jonasw

    Zash: what’s wrong with git checkout identifier_of_version1:path/to/file > file.version1 git checkout identifier_of_version2:path/to/file > file.version2 ? identifier_of_versionX can be a commit id, a tag, a branch or whatever

  205. Zash

    That's pretty much what I've been doing

  206. Guus has left

  207. sezuan has left

  208. Kev has joined

  209. Sonny has joined

  210. jubalh has left

  211. Sonny has left

  212. Sonny has joined

  213. jonasw has left

  214. Sonny has left

  215. Sonny has joined

  216. Sonny has left

  217. sonny has joined

  218. suzyo has left

  219. daniel has joined

  220. Valerian has left

  221. Valerian has joined

  222. daniel has left

  223. daniel has joined

  224. suzyo has joined

  225. nyco has left

  226. jere has joined

  227. nicolas.verite has left

  228. jubalh has joined

  229. jubalh has left

  230. kaboom has joined

  231. Zash has joined

  232. Tobias

    jonasw, yeah..using a custom template for client/library/server pages could work, although it feels a bit ugly :)

  233. jonasw

    it’s less ugly than sed.

  234. jonasw

    by orders of magnitude ;-)

  235. Tobias


  236. Tobias

    jonasw, happen to know with what format pelican/jinja2 can read and turn into tables most easily?

  237. jonasw

    you can use anything python can read

  238. jonasw

    but JSON is probably the most easiest

  239. jonasw

    load it in the pelican config, you should be able to access it as a global in the template then

  240. Tobias

    k..will give that a shot sometime the next days

  241. mhterres has joined

  242. kaboom has left

  243. jonasw

    in pelicanconf.py you could for example do: import json with open("clientdb.json", "r") as f: CLIENT_DB = json.load(f) and in the template you could: {% for client in CLIENT_DB %} {% if client.show_on_page %} … some table row markup … {% endif %} {% endfor %} with clientdb.json: [{"name": "fancy client", "show_on_page": true}, {"name": "legacy client", "show_on_page": false}] or anything like that :)

  244. kaboom has joined

  245. mimi89999 has joined

  246. Tobias

    great...then we could simply add a property in the json for each item for "last_updated" to have a date and on rendering just omit the ones that are older than a year or so

  247. vurpo has left

  248. Valerian has left

  249. jonasw

    yes :)

  250. jonasw

    (of course, you could also abuse the blog feature and create articles for each client and use the metadata and so on, but that’s probably worse.)

  251. uc has left

  252. uc has joined

  253. Valerian has joined

  254. kaboom has left

  255. kaboom has joined

  256. uc has left

  257. kaboom has left

  258. kaboom has joined

  259. Yagiza has left

  260. uc has joined

  261. Flow has joined

  262. uc has left

  263. uc has joined

  264. uc has left

  265. uc has joined

  266. kaboom has left

  267. kaboom has joined

  268. jere has left

  269. jere has joined

  270. kaboom has left

  271. kaboom has joined

  272. uc has left

  273. suzyo has left

  274. uc has joined

  275. Flow has left

  276. uc has left

  277. uc has joined

  278. goffi has left

  279. mimi89999 has left

  280. goffi has joined

  281. winfried has left

  282. winfried has joined

  283. Flow has joined

  284. Kev has left

  285. nicolas.verite has joined

  286. sonny has joined

  287. kaboom has left

  288. bjc has joined

  289. dwd has left

  290. dwd has left

  291. Yagiza has joined

  292. tim@boese-ban.de has joined

  293. Valerian has left

  294. Valerian has joined

  295. dwd has left

  296. vurpo has left

  297. vurpo has joined

  298. dwd has left

  299. vurpo has left

  300. vurpo has joined

  301. winfried has left

  302. nicolas.verite has left

  303. jere has left

  304. Zash has joined

  305. dwd has left

  306. dwd has left

  307. Valerian has left

  308. Valerian has joined

  309. Valerian has left

  310. Valerian has joined

  311. jere has joined

  312. nicolas.verite has joined

  313. winfried has left

  314. Tobias

    https://shattered.io/ :)

  315. nicolas.verite has left

  316. jonasw

    oh dear

  317. MattJ

    How widespread is this? As far as we know our example collision is the first ever created.

  318. MattJ

    That must have been a great feeling

  319. jonasw

    > This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.

  320. kaboom has joined

  321. vurpo has left

  322. vurpo has joined

  323. xyz has joined

  324. vurpo has left

  325. waqas has joined

  326. vurpo has joined

  327. xnyhps has left

  328. suzyo has joined

  329. bjc has left

  330. Zash has joined

  331. Kev has joined

  332. vurpo has left

  333. vurpo has joined

  334. vurpo has left

  335. vurpo has joined

  336. jere has left

  337. xyz has left

  338. vurpo has left

  339. vurpo has joined

  340. vurpo has left

  341. vurpo has joined

  342. Piotr Nosek has left

  343. Piotr Nosek has joined

  344. Piotr Nosek has left

  345. xnyhps has left

  346. Yagiza has joined

  347. Yagiza has joined

  348. Valerian has left

  349. winfried has left

  350. jere has joined

  351. jonasw has left

  352. jonasw has left

  353. waqas has left

  354. Steve Kille has left

  355. Valerian has joined

  356. Kev has left

  357. vurpo has left

  358. nyco has joined

  359. Steve Kille has left

  360. jonasw has joined

  361. Alex has joined

  362. Mancho has left

  363. daniel has left

  364. daniel has joined

  365. Yagiza has left

  366. waqas has joined

  367. bjc has joined

  368. Yagiza has joined

  369. bjc has left

  370. bjc has joined

  371. Guus has left

  372. tim@boese-ban.de has joined

  373. Kev has joined

  374. vurpo has left

  375. vurpo has joined

  376. Alex has left

  377. mimi89999

    It's good that SHA1 got depreciated for certificates and TLS.

  378. intosi

    Indeed. Because what you really can do is spend a few weeks brute-forcing the hash for a single bit of data, with the same prefix :)

  379. intosi

    It means SHA-1 should go, sure, but it doesn't mean SHA-1 is now suddenly worthless ;)

  380. Zash

    Website too shiny, what have they actually done?

  381. intosi

    Created a PDF that has the same SHA-1 checksum as another PDF.

  382. intosi

    And yes, that site is too shiny.

  383. xnyhps has left

  384. Zash

    And that's what, marginally harder than finding two random blobs of data with the same sha1, if they have to be valid PDF files too?

  385. SamWhited

    that's not the important part; that's just a demo. The important part is that they can generate two blobs of data that have the same sha1 with much greater efficiency than brute force.

  386. SamWhited

    just a demo of an actual bad thing you could do with it, I mean.

  387. jere has joined

  388. intosi

    ^ what SamWhited said.

  389. intosi

    The fact that they created another perfectly fine PDF with altered content is the gravy.

  390. Zash

    I've gotten the impression that it's much harder if the data needs to fit some strict format, like say signed blob of ASN.1 DER

  391. SamWhited

    Indeed; makes it practical and not just some abstract thing that everyone using SHA-1 can just ignore.

  392. SamWhited

    Yah, it's probably harder, which is why the announcement is even more impactful.

  393. Valerian has left

  394. Zash

    What dwd wrote to the list.

  395. SamWhited

    Yah, probably doesn't matter for us immediately (eg. in the case of SCRAM-SHA-1 where it's just used as the hash for the HMAC, so we probably don't care), but it's still a pretty big deal.

  396. SamWhited

    Actually, that's the only place where we use SHA-1 that I can think of… there are probably more.

  397. Zash

    SCRAM-MD5 would probably be just as safe

  398. jonasw

    SamWhited: entity caps?

  399. jonasw

    but that’s broken anyways iirc

  400. SamWhited

    ah yah, forgot about that. It's broken?

  401. Zash

    It's unclear about the escaping of special XML characters.

  402. SamWhited

    oh fun

  403. Zash

    So it is possible to produce a collision based on moving the attributes around.

  404. Zash

    Pretty sure waqas has talked about this loooooooooooooong ago

  405. Zash

    Might even be what that link on the list was, since I didn't follow it

  406. Guus has left

  407. Alex has joined

  408. sezuan has left

  409. vurpo has left

  410. vurpo has joined

  411. suzyo has left

  412. kaboom has left

  413. kaboom has joined

  414. kaboom has left

  415. kaboom has joined

  416. Flow

    Zash: It was that link

  417. peter has joined

  418. Mancho has left

  419. SouL has left

  420. Valerian has joined

  421. Alex has left

  422. vurpo has left

  423. moparisthebest has left

  424. Kev has left

  425. Kev has joined

  426. Flow has joined

  427. Flow has joined

  428. Tobias has joined

  429. xnyhps has left

  430. kalkin has joined

  431. Mancho has left

  432. Flow has joined

  433. vurpo has left

  434. vurpo has joined

  435. waqas has left

  436. Guus has left

  437. Flow has joined

  438. Mancho has joined

  439. Flow has left

  440. mhterres has left

  441. Flow has joined

  442. Tobias has joined

  443. mimi89999 has left

  444. suzyo has joined

  445. bjc has left

  446. bjc has joined

  447. jubalh has joined

  448. nicolas.verite has joined

  449. suzyo has joined

  450. Martin has left

  451. Martin has joined

  452. Flow has left

  453. Martin has left

  454. Lance has joined

  455. peter has left

  456. Kev has left

  457. Kev has joined

  458. kaboom has left

  459. kaboom has joined

  460. jcbrand has left

  461. tim@boese-ban.de has joined

  462. peter has joined

  463. Kev has left

  464. nicolas.verite has left

  465. intosi has left

  466. intosi has joined

  467. intosi has left

  468. intosi has joined

  469. moparisthebest has joined

  470. jere has left

  471. jere has joined

  472. Valerian has left

  473. Guus has left

  474. Yagiza has left

  475. Valerian has joined

  476. waqas has joined

  477. Valerian has left

  478. Tobias has joined

  479. Kev has joined

  480. devnull has left

  481. waqas has left

  482. waqas has joined

  483. nicolas.verite has joined

  484. waqas has left

  485. kalkin has left

  486. kalkin has joined

  487. Valerian has joined

  488. Lance has left

  489. Valerian has left

  490. Valerian has joined

  491. peter has left

  492. sonny has joined

  493. nicolas.verite has left

  494. Valerian has left

  495. Vinilox has left

  496. bjc has left

  497. mimi89999 has left

  498. vurpo has left

  499. vurpo has joined

  500. Zash has left

  501. waqas has joined

  502. winfried has left

  503. winfried has joined

  504. Zash has joined

  505. Guus has left

  506. jere has joined

  507. peter has joined

  508. sezuan has left

  509. Kev has left

  510. Kev has joined

  511. Tobias has joined

  512. suzyo has left

  513. Alex has joined

  514. suzyo has joined

  515. kalkin has left

  516. moparisthebest has joined

  517. Valerian has joined

  518. Alex has left

  519. peter has left

  520. devnull has joined

  521. Flow has joined

  522. Kev has left

  523. kalkin has joined

  524. Kev has left

  525. kalkin has left

  526. moparisthebest has left

  527. moparisthebest has joined

  528. Flow has left

  529. Alex has joined

  530. suzyo has left

  531. Kev has joined

  532. Alex has left

  533. kalkin has joined

  534. Guus has left

  535. Zash has left

  536. moparisthebest has left

  537. moparisthebest has joined

  538. Mancho has left

  539. Mancho has left

  540. sezuan has left

  541. jonasw has left

  542. Kev has left

  543. goffi has left

  544. Tobias has left

  545. Valerian has left

  546. Tobias has joined

  547. boothj5 has joined

  548. Zash has joined

  549. Valerian has joined

  550. jere has joined

  551. Valerian has left

  552. moparisthebest has joined

  553. bjc has joined

  554. moparisthebest has joined

  555. intosi has left

  556. narcode has left

  557. Kev has joined

  558. kaboom has left

  559. Tobias has joined

  560. mimi89999 has joined

  561. kaboom has joined

  562. kaboom has left

  563. Kev has left

  564. Kev has joined

  565. kaboom has joined

  566. kaboom has left

  567. kaboom has joined

  568. kaboom has left

  569. moparisthebest has joined

  570. kaboom has joined

  571. kaboom has left

  572. daniel has left

  573. daniel has joined

  574. intosi has joined

  575. kaboom has joined

  576. kaboom has left

  577. kaboom has joined

  578. kaboom has left

  579. kaboom has joined

  580. kaboom has left

  581. kaboom has joined

  582. xnyhps has left

  583. kaboom has left

  584. kaboom has joined

  585. kaboom has left

  586. kaboom has joined

  587. kaboom has left

  588. kaboom has joined

  589. kaboom has left

  590. kaboom has joined

  591. kaboom has left

  592. kaboom has joined

  593. kaboom has left

  594. kaboom has joined

  595. blipp has left

  596. blipp has joined

  597. Kev has left

  598. kaboom has left

  599. kaboom has joined

  600. Steve Kille has joined

  601. intosi has left

  602. kaboom has left

  603. kaboom has joined

  604. dwd has left

  605. dwd has left

  606. kaboom has left