IRC log for #sourcefu, 2017-11-16

http://sourcefu.com

← Previous day | Channels | #sourcefu index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time	S	Nick	Message
01:28			aditsu joined #sourcefu
02:38		prologic	Who wants to discuss security? Specifically security/privacy around hosting an instance of https://transfer.sh/
02:38		prologic	My main concerns (I run such an instance myself and use with Palver's mobile IRC client to share photos between my wife and I over our private IRC network/channel) are: the short URIs are probably a) easy to guess and b) easy to brute force
14:38		dotplus	prologic: what "security" are you trying to achieve? that the hoster should not be able to see content? that other users should not be able to happen on content that was not shared with them? (aka various categories of secrevy) or integrity? non-repudiation? other?
16:07		pdurbin	prologic: nobody but your wife wants to see those pictures anyway :)
16:18		dotplus	oh dear, way to gutterify
16:42		pdurbin	oh, I thought it was pictures of their kids
16:43		pdurbin	I was thinking of boring family photos.
17:19		prologic	haha
17:19		prologic	dotplus yeah some level of security to block "happen to come across" or the worst "let's crawl every possible URL till we find something"
17:26		dotplus	I think the basic secrecy aspect cannot be dealt even in a weak manner with unless you're going to accept that you need some kind of auth/auth OR long URIs. Probably the best compromise of easy/effective (for me) for dealing with bruteforcing would be iptables based connection limits.
17:36		prologic	I’d make reasonable IRLa
17:36		prologic	But make beige doexinif incisively expensive
17:37		prologic	Brute forcing

← Previous day | Channels | #sourcefu index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

http://sourcefu.com