greptilian logo

IRC log for #sourcefu, 2017-11-16

http://sourcefu.com

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
01:28 aditsu joined #sourcefu
02:38 prologic Who wants to discuss security? Specifically security/privacy around hosting an instance of https://transfer.sh/
02:38 prologic My main concerns (I run such an instance myself and use with Palver's mobile IRC client to share photos between my wife and I over our private IRC network/channel) are: the short URIs are probably a) easy to guess and b) easy to brute force
14:38 dotplus prologic: what "security" are you trying to achieve? that the hoster should not be able to see content? that other users should not be able to happen on content that was not shared with them? (aka various categories of secrevy) or integrity? non-repudiation? other?
16:07 pdurbin prologic: nobody but your wife wants to see those pictures anyway :)
16:18 dotplus oh dear, way to gutterify
16:42 pdurbin oh, I thought it was pictures of their kids
16:43 pdurbin I was thinking of boring family photos.
17:19 prologic haha
17:19 prologic dotplus yeah some level of security to block "happen to come across" or the worst "let's crawl every possible URL till we find something"
17:26 dotplus I think the basic secrecy aspect cannot be dealt even in a weak manner with unless you're going to accept that you need some kind of auth/auth OR long URIs. Probably the best compromise of easy/effective (for me) for dealing with bruteforcing would be iptables based connection limits.
17:36 prologic I’d make reasonable IRLa
17:36 prologic But make beige doexinif incisively expensive
17:37 prologic Brute forcing

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

http://sourcefu.com