IRC log for #sourcefu, 2017-11-24

http://sourcefu.com

All times shown according to UTC.

Time	Nick	Message
21:30	bear	eris installed an running \o/
22:22	prologic	oh nice!
22:22	prologic	that issue was from you?
22:22	bear	yes
22:23	prologic	niiice
22:23	prologic	wanna submit a PR to fix that? :)
22:23	bear	going to try - Go is a language I read only so ... it may not be pretty
22:24	prologic	should be straightforward I think
22:24	prologic	the code structure isn't that bad to accomplish that issue
22:25	bear	project has been forked and cloned locally - off to cook some dinner and then i'll start in on it
22:40	prologic	sweet :)
22:40	prologic	A commit from bear !
22:40	prologic	exciting!
22:41	bear	reading thru the command parsing now to find the spot to implement filtering based on user modes
22:42	prologic	I'd probably block it from the replies directly
22:42	prologic	irc/replies.go
22:42	prologic	maybe
22:42	prologic	if !client.flags[Secure]: { return }
22:43	prologic	re listing channels; by definition all channels are public except +p chans
22:43	prologic	but maybe filter out +Z chans too?
22:44	prologic	is this direction basically just discouraging users from connecting in an insecure manner (non-TLS)? :)
22:44	* prologic	likes this
22:46	bear	well, kinda - I would also consider hiding a lot of that information from even secure folks
22:46	bear	IP address should only be shown to the server and netops
22:46	prologic	agreed
22:47	prologic	but for now I haven't implemented cloaking/masks
22:47	prologic	I'm not sure what a good way is yet
22:47	bear	nod
22:47	prologic	ideally something consistent hash
22:47	prologic	so bans still work
22:47	prologic	you just ban their hashed ip
22:48	bear	yea, the server should give the netop a uuid for each connected agent
22:48	bear	so channel mods can also be active without knowing priviledged info
22:48	prologic	yup
22:48	prologic	you get into tricky situations though where you can't ban network blocks easily
22:48	prologic	but you could build that into the hashing/masks
22:49	prologic	e.g: /mode #chna +b !@*.<subset of ip hash>
22:49	prologic	I mean what malicious persons really own a block of CIDR > /29 anyway?
22:49	bear	that is true, but that would be another layer above banning users - an op would register an IP CIDR and then they would be banned before even reaching the user/ip specific check
22:50	bear	state/govt agents
22:50	prologic	ahh yeah sure
22:50	prologic	that works actually
22:50	prologic	let ops see the unmasked users
22:50	prologic	everyone else doens't
22:50	bear	right
22:50	prologic	easy
22:51	bear	that's why some ircd's differentiate ops and netops
22:51	prologic	yeah eris isn't trying to do that here
22:51	prologic	I'm not sure wht the point is really
22:51	prologic	but implementing hashed cloacking should be really easy now
22:51	bear	ops are channel mods basically
22:51	bear	netops are server mods
22:51	prologic	just take a sha256 hash and display that for non-ops
22:52	prologic	oh well if that's your terminology then yeah eris has basicall that
22:52	prologic	chan ops and server/network ops
22:52	bear	my lingo comes very old school ircd work - I need to brush up on ircv3 :)
22:54	* bear	goes to make dinner
22:54	prologic	cya soon
22:54	bear	I found the spot you referenced above, yea - that should be a one or two line fix
22:54	bear	o/
23:00	prologic	yeap :)
23:00	prologic	the channel list will be another few lines
23:00	prologic	but should be pretty easy PR
23:00	prologic	if you're up to it I'd love to knock of the IP hashing/masking we just discussed
23:00	prologic	real easy
23:01	prologic	only ops see the unmasked host of users; everyone else sees a consistent hash
23:01	prologic	now my only question is -- is that enough?
23:01	prologic	could someone write a tool that walks through the entire IPv4 space to reverse the hashes?
23:02	bear	it could be salted for display
23:03	bear	so what a client sees is not rainbow table discoverable
23:03	prologic	that works I guess
23:03	prologic	configuring the salt in the config file
23:03	prologic	?
23:04	bear	but really - only ops would even get the UUID - everyone else would get zero
23:04	bear	and if you can't trust your ops...
23:05	prologic	hmm
23:05	prologic	that doesn't make a lot of sense though to me
23:05	prologic	does a chan op see only members's ip/host
23:05	prologic	or everyone including non-members
23:05	prologic	the salted hash is probably sufficient tbh
23:05	prologic	less special logic to worry about
23:11	bear	yea, was just trying to think of ways to avoid a salted hash
23:11	bear	i.e. only showing the uuid to ops
23:11	bear	ok, really going to dinner now :)
23:13	prologic	:)

http://sourcefu.com