greptilian logo

IRC log for #sourcefu, 2017-11-24

http://sourcefu.com

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
21:30 bear eris installed an running \o/
22:22 prologic oh nice!
22:22 prologic that issue was from you?
22:22 bear yes
22:23 prologic niiice
22:23 prologic wanna submit a PR to fix that? :)
22:23 bear going to try - Go is a language I read only so ... it may not be pretty
22:24 prologic should be straightforward I think
22:24 prologic the code structure isn't that bad to accomplish that issue
22:25 bear project has been forked and cloned locally - off to cook some dinner and then i'll start in on it
22:40 prologic sweet :)
22:40 prologic A commit from bear !
22:40 prologic exciting!
22:41 bear reading thru the command parsing now to find the spot to implement filtering based on user modes
22:42 prologic I'd probably block it from the replies directly
22:42 prologic irc/replies.go
22:42 prologic maybe
22:42 prologic if !client.flags[Secure]: { return }
22:43 prologic re listing channels; by definition all channels are public except +p chans
22:43 prologic but maybe filter out +Z chans too?
22:44 prologic is this direction basically just discouraging users from connecting in an insecure manner (non-TLS)? :)
22:44 * prologic likes this
22:46 bear well, kinda - I would also consider hiding a lot of that information from even secure folks
22:46 bear IP address should only be shown to the server and netops
22:46 prologic agreed
22:47 prologic but for now I haven't implemented cloaking/masks
22:47 prologic I'm not sure what a good way is yet
22:47 bear *nod*
22:47 prologic ideally something consistent hash
22:47 prologic so bans still work
22:47 prologic you just ban their hashed ip
22:48 bear yea, the server should give the netop a uuid for each connected agent
22:48 bear so channel mods can also be active without knowing priviledged info
22:48 prologic yup
22:48 prologic you get into tricky situations though where you can't ban network blocks easily
22:48 prologic but you could build that into the hashing/masks
22:49 prologic e.g: /mode #chna +b *!*@*.<subset of ip hash>
22:49 prologic I mean what malicious persons really own a block of CIDR > /29 anyway?
22:49 bear that is true, but that would be another layer above banning users - an op would register an IP CIDR and then they would be banned before even reaching the user/ip specific check
22:50 bear state/govt agents
22:50 prologic ahh yeah sure
22:50 prologic that works actually
22:50 prologic let ops see the unmasked users
22:50 prologic everyone else doens't
22:50 bear right
22:50 prologic easy
22:51 bear that's why some ircd's differentiate ops and netops
22:51 prologic yeah eris isn't trying to do that here
22:51 prologic I'm not sure wht the point is really
22:51 prologic but implementing hashed cloacking should be really easy now
22:51 bear ops are channel mods basically
22:51 bear netops are server mods
22:51 prologic just take a sha256 hash and display that for non-ops
22:52 prologic oh well if that's your terminology then yeah eris has basicall that
22:52 prologic chan ops and server/network ops
22:52 bear my lingo comes very old school ircd work - I need to brush up on ircv3 :)
22:54 * bear goes to make dinner
22:54 prologic cya soon
22:54 bear I found the spot you referenced above, yea - that should be a one or two line fix
22:54 bear o/
23:00 prologic yeap :)
23:00 prologic the channel list will be another few lines
23:00 prologic but should be pretty easy PR
23:00 prologic if you're up to it I'd love to knock of the IP hashing/masking we just discussed
23:00 prologic real easy
23:01 prologic only ops see the unmasked host of users; everyone else sees a consistent hash
23:01 prologic now my only question is -- is that enough?
23:01 prologic could someone write a tool that walks through the entire IPv4 space to reverse the hashes?
23:02 bear it could be salted for display
23:03 bear so what a client sees is not rainbow table discoverable
23:03 prologic that works I guess
23:03 prologic configuring the salt in the config file
23:03 prologic ?
23:04 bear but really - only ops would even get the UUID - everyone else would get zero
23:04 bear and if you can't trust your ops...
23:05 prologic hmm
23:05 prologic that doesn't make a lot of sense though to me
23:05 prologic does a chan op see only members's ip/host
23:05 prologic or everyone including non-members
23:05 prologic the salted hash is probably sufficient tbh
23:05 prologic less special logic to worry about
23:11 bear yea, was just trying to think of ways to avoid a salted hash
23:11 bear i.e. only showing the uuid to ops
23:11 bear ok, really going to dinner now :)
23:13 prologic :)

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

http://sourcefu.com