2023-04-14 00:08:27 +0200 | kaskal | (~kaskal@089144220250.atnat0029.highway.webapn.at) (Ping timeout: 255 seconds) |
2023-04-14 00:20:41 +0200 | malook1 | (~Thunderbi@176.18.63.131) |
2023-04-14 00:22:05 +0200 | malook | (~Thunderbi@176.18.63.131) (Ping timeout: 240 seconds) |
2023-04-14 00:22:06 +0200 | malook1 | malook |
2023-04-14 00:22:58 +0200 | kaskal | (~kaskal@089144220250.atnat0029.highway.webapn.at) |
2023-04-14 00:35:05 +0200 | kaskal | (~kaskal@089144220250.atnat0029.highway.webapn.at) (Ping timeout: 240 seconds) |
2023-04-14 00:40:00 +0200 | ghormoon | (~ghormoon@ghorland.net) (Ping timeout: 252 seconds) |
2023-04-14 00:57:08 +0200 | ghormoon | (~ghormoon@ghorland.net) |
2023-04-14 00:57:42 +0200 | terrorjack | (~terrorjac@2a01:4f8:1c1e:4e8c::) (Quit: The Lounge - https://thelounge.chat) |
2023-04-14 01:00:43 +0200 | kaskal | (~kaskal@213-147-165-218.nat.highway.webapn.at) |
2023-04-14 01:09:31 +0200 | terrorjack | (~terrorjac@2a01:4f8:c17:87f8::) |
2023-04-14 01:24:25 +0200 | kaskal | (~kaskal@213-147-165-218.nat.highway.webapn.at) (Ping timeout: 240 seconds) |
2023-04-14 01:26:18 +0200 | kaskal | (~kaskal@213-147-166-209.nat.highway.webapn.at) |
2023-04-14 02:33:47 +0200 | catman | (~catman@user/catman) |
2023-04-14 02:52:09 +0200 | malook | (~Thunderbi@176.18.63.131) (Ping timeout: 256 seconds) |
2023-04-14 03:07:03 +0200 | catman | (~catman@user/catman) (Quit: WeeChat 3.8) |
2023-04-14 03:19:35 +0200 | catman | (~catman@user/catman) |
2023-04-14 03:53:26 +0200 | werneta | (~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) |
2023-04-14 04:12:25 +0200 | td_ | (~td@i53870908.versanet.de) (Ping timeout: 240 seconds) |
2023-04-14 04:14:34 +0200 | td_ | (~td@i53870905.versanet.de) |
2023-04-14 04:37:05 +0200 | Ou42_away | (~Ou4242a@2600:1700:e930:41b0:7ca:70b7:3912:5ed0) (Quit: Leaving) |
2023-04-14 04:48:43 +0200 | terrorjack | (~terrorjac@2a01:4f8:c17:87f8::) (Quit: The Lounge - https://thelounge.chat) |
2023-04-14 04:51:22 +0200 | terrorjack | (~terrorjac@2a01:4f8:c17:87f8::) |
2023-04-14 04:53:54 +0200 | srk | (~sorki@user/srk) (Remote host closed the connection) |
2023-04-14 04:54:14 +0200 | srk | (~sorki@user/srk) |
2023-04-14 05:39:18 +0200 | catman | (~catman@user/catman) (Ping timeout: 265 seconds) |
2023-04-14 06:02:23 +0200 | thunderrd | (~thunderrd@183.182.115.185) (Ping timeout: 260 seconds) |
2023-04-14 06:15:02 +0200 | thunderrd | (~thunderrd@183.182.110.247) |
2023-04-14 06:25:57 +0200 | catman | (~catman@user/catman) |
2023-04-14 07:17:34 +0200 | catman | (~catman@user/catman) (Ping timeout: 276 seconds) |
2023-04-14 08:00:05 +0200 | m5zs7k | (aquares@web10.mydevil.net) (Ping timeout: 240 seconds) |
2023-04-14 08:00:32 +0200 | m5zs7k | (aquares@web10.mydevil.net) |
2023-04-14 08:08:35 +0200 | catman | (~catman@user/catman) |
2023-04-14 08:23:41 +0200 | <jusa> | geekosaur: btw modified SubLayouts.hs worked, but it required logoff/on to take effect, just calling restart "xmonad" True wasn't enough.. I have xmonad now from stack, I wonder if that is causing that? anyways, thanks again, now I at least have the correct font and I can continue with life :) |
2023-04-14 08:36:08 +0200 | mncheck | (~mncheck@193.224.205.254) |
2023-04-14 08:47:45 +0200 | catman | (~catman@user/catman) (Ping timeout: 240 seconds) |
2023-04-14 09:25:33 +0200 | werneta | (~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) (Ping timeout: 255 seconds) |
2023-04-14 09:27:09 +0200 | werneta | (~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) |
2023-04-14 09:36:57 +0200 | cfricke | (~cfricke@user/cfricke) |
2023-04-14 09:48:05 +0200 | cfricke | (~cfricke@user/cfricke) (Ping timeout: 240 seconds) |
2023-04-14 09:49:42 +0200 | cfricke | (~cfricke@user/cfricke) |
2023-04-14 10:07:25 +0200 | <geekosaur> | did you try mod-shift-space? the type won't have changed |
2023-04-14 11:00:09 +0200 | liskin[m] | (~liskinmat@2001:470:69fc:105::768) (Quit: You have been kicked for being idle) |
2023-04-14 11:00:09 +0200 | unclechu | (~unclechu@2001:470:69fc:105::354) (Quit: You have been kicked for being idle) |
2023-04-14 11:10:23 +0200 | ft | (~ft@p4fc2a88b.dip0.t-ipconnect.de) (Quit: leaving) |
2023-04-14 13:39:11 +0200 | malook | (~Thunderbi@46.52.55.36) |
2023-04-14 15:19:29 +0200 | mncheck | (~mncheck@193.224.205.254) (Remote host closed the connection) |
2023-04-14 15:32:00 +0200 | mc47 | (~mc47@xmonad/TheMC47) |
2023-04-14 17:02:19 +0200 | thunderrd | (~thunderrd@183.182.110.247) (Ping timeout: 250 seconds) |
2023-04-14 17:17:20 +0200 | malook | (~Thunderbi@46.52.55.36) (Ping timeout: 248 seconds) |
2023-04-14 17:58:38 +0200 | <geekosaur> | @ask Ou42 Is there a reason for you to not use an ssh key? From what I see about Personal Access Tokens, they're an alternative to passwords, not really to ssh keys |
2023-04-14 17:58:38 +0200 | <lambdabot> | Consider it noted. |
2023-04-14 17:58:51 +0200 | liskin[m] | (~liskinmat@2001:470:69fc:105::768) |
2023-04-14 17:59:05 +0200 | unclechu | (~unclechu@2001:470:69fc:105::354) |
2023-04-14 17:59:09 +0200 | <geekosaur> | @ask Ou42 Also I note they seem to be betwixt and between about classic vs. fine grained tokens |
2023-04-14 17:59:09 +0200 | <lambdabot> | Consider it noted. |
2023-04-14 18:00:13 +0200 | liskin[m] | (~liskinmat@2001:470:69fc:105::768) (Client Quit) |
2023-04-14 18:00:13 +0200 | unclechu | (~unclechu@2001:470:69fc:105::354) (Client Quit) |
2023-04-14 18:03:37 +0200 | mncheck | (~mncheck@193.224.205.254) |
2023-04-14 18:06:39 +0200 | mc47 | (~mc47@xmonad/TheMC47) (Remote host closed the connection) |
2023-04-14 18:12:24 +0200 | werneta | (~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) (Remote host closed the connection) |
2023-04-14 18:26:49 +0200 | <geekosaur> | …afaict we have to opt the organization into personal access tokens |
2023-04-14 18:27:03 +0200 | liskin[m] | (~liskinmat@2001:470:69fc:105::768) |
2023-04-14 18:27:18 +0200 | unclechu | (~unclechu@2001:470:69fc:105::354) |
2023-04-14 18:27:37 +0200 | <geekosaur> | …are you two married at the hip or something? |
2023-04-14 18:28:28 +0200 | ft | (~ft@p4fc2a88b.dip0.t-ipconnect.de) |
2023-04-14 18:29:59 +0200 | catman | (~catman@user/catman) |
2023-04-14 18:30:16 +0200 | catman | (~catman@user/catman) (Client Quit) |
2023-04-14 18:31:42 +0200 | catman | (~catman@user/catman) |
2023-04-14 18:42:45 +0200 | catman | (~catman@user/catman) (Ping timeout: 240 seconds) |
2023-04-14 19:26:51 +0200 | <liskin> | geekosaur: I think after the recent leaked ssh host keys incident some people/orgs might be switching to tokens |
2023-04-14 19:27:19 +0200 | <liskin> | (because https has certificate authorities whereas ssh is mostly trust on first use) |
2023-04-14 19:35:15 +0200 | scardinal | (~supreme@customer-212-237-101-39.ip4.gigabit.dk) (Quit: leaving) |
2023-04-14 19:47:01 +0200 | scardinal | (~supreme@customer-212-237-101-39.ip4.gigabit.dk) |
2023-04-14 19:48:39 +0200 | terrorjack | (~terrorjac@2a01:4f8:c17:87f8::) (Quit: The Lounge - https://thelounge.chat) |
2023-04-14 19:51:16 +0200 | terrorjack | (~terrorjac@2a01:4f8:c17:87f8::) |
2023-04-14 19:56:38 +0200 | catman | (~catman@user/catman) |
2023-04-14 20:07:45 +0200 | catman | (~catman@user/catman) (Ping timeout: 240 seconds) |
2023-04-14 20:09:13 +0200 | Guest51 | (~Guest51@106.51.64.60) |
2023-04-14 20:35:10 +0200 | <geekosaur> | seems odd, they can't leak secret keys |
2023-04-14 20:36:02 +0200 | <geekosaur> | can't even MITM with it |
2023-04-14 20:37:01 +0200 | <geekosaur> | anyway does that mean I should go turn on tokens for the xmonad org? right now as I understand it token access will be rejected until I enable it |
2023-04-14 20:38:20 +0200 | <geekosaur> | (if you go to the config it shows a panel which defaults to them enabled -but- it's the first of a series of questions in configuring token access and the default without completing that configuration is reject, if I understand the docs right) |
2023-04-14 20:44:20 +0200 | Guest51 | (~Guest51@106.51.64.60) (Quit: Client closed) |
2023-04-14 20:56:07 +0200 | malook | (~Thunderbi@46.52.55.36) |
2023-04-14 21:13:55 +0200 | <geekosaur> | okay, did the token dance |
2023-04-14 21:14:16 +0200 | <geekosaur> | also I am amused that a MS product recommends 1password |
2023-04-14 21:15:55 +0200 | <geekosaur> | oh, far as I can see they leaked their own key, not users' keys. don't think PATs would help there |
2023-04-14 21:15:56 +0200 | <liskin> | Dunno, why would we want to enable tokens? |
2023-04-14 21:16:08 +0200 | <geekosaur> | we've already had someone try to use one |
2023-04-14 21:16:20 +0200 | <geekosaur> | (Ou42) |
2023-04-14 21:16:24 +0200 | <geekosaur> | and get access denied |
2023-04-14 21:16:32 +0200 | <liskin> | To use with xmonad? |
2023-04-14 21:16:38 +0200 | <liskin> | That seems really weird |
2023-04-14 21:16:53 +0200 | <geekosaur> | why? it's just a way to auth to github |
2023-04-14 21:16:59 +0200 | <liskin> | Anyway, can't go deeper, getting off a plane |
2023-04-14 21:17:07 +0200 | <geekosaur> | but they're not an org member so they don't get any perms from it |
2023-04-14 21:17:38 +0200 | <geekosaur> | (well, R/O perms) |
2023-04-14 21:31:24 +0200 | gdd | (~gdd@129.199.146.230) (Ping timeout: 255 seconds) |
2023-04-14 21:44:07 +0200 | <liskin> | I'll take a look later. |
2023-04-14 21:45:38 +0200 | <geekosaur> | actually I'm a bit confused now, I did the token setup and then it took me back to step one after telling me we were "enrolled" |
2023-04-14 21:45:45 +0200 | <geekosaur> | there's no evidence of it?? |
2023-04-14 21:47:02 +0200 | <geekosaur> | okay, now the PAT sidebar is a dropdown menu and the settings are hidden in there |
2023-04-14 21:47:11 +0200 | <liskin> | Anyway, re tokens and leaks: the equivalent of a host key in that scenario is the server TLS cert. If leaked, its revocation would be published using OCSP and a new one would be signed by the CA. |
2023-04-14 21:47:12 +0200 | <geekosaur> | this is not my idea of good UI design |
2023-04-14 21:47:32 +0200 | <liskin> | I really don't think we need to enable that |
2023-04-14 21:47:39 +0200 | cfricke | (~cfricke@user/cfricke) (Quit: WeeChat 3.8) |
2023-04-14 21:48:38 +0200 | <liskin> | I mean, it could be useful for some of my sponsors scripts, but I really don't think it should affect any users |
2023-04-14 21:53:49 +0200 | <[Leary]> | If I'm not mistaken, I'd already been using a token to auth to github and push to contrib, so I'm not sure what the issue is supposed to be. Doesn't the guy just need to configure his local git to use it? |
2023-04-14 21:54:14 +0200 | <geekosaur> | maybe |
2023-04-14 21:54:43 +0200 | <liskin> | Yeah that's a good point. I've generated a bunch of tokens and used them for all sorts of things |
2023-04-14 21:54:51 +0200 | <geekosaur> | they were going on about needing to run a local key manager but afaict that's not necessary, it behaves like a password by default |
2023-04-14 21:55:17 +0200 | <liskin> | The problem with my tokens is that I can't really make them limited to xmonad |
2023-04-14 21:55:37 +0200 | <liskin> | So they can either access everything I can (which is... a lot), or nothing |
2023-04-14 21:55:52 +0200 | <liskin> | Having an org-scoped token would be useful |
2023-04-14 21:55:57 +0200 | <geekosaur> | that sounds like a classic token |
2023-04-14 21:56:05 +0200 | <geekosaur> | they have fine-grained access tokens in beta |
2023-04-14 21:57:20 +0200 | <geekosaur> | the stupid part is they still have services and endpoints which don't support them, so you still have to use a classic token |
2023-04-14 21:57:54 +0200 | <geekosaur> | (which has been around for a long time, I got one to try (and fail) to migrate issues from code.google.com) |
2023-04-14 22:01:17 +0200 | <liskin> | Well I don't have that one any more |
2023-04-14 22:02:12 +0200 | <liskin> | The ones I have are limited in scope somewhat, but those are just the repo:read and org:whatever scopes |
2023-04-14 22:02:28 +0200 | <liskin> | But they can still read everything I can, all orgs |
2023-04-14 22:03:16 +0200 | <geekosaur> | yeh, read access control seems to be somewhat lacking |
2023-04-14 22:03:27 +0200 | <geekosaur> | apparently they think write/admin is all that matters |
2023-04-14 22:04:17 +0200 | <geekosaur> | we can in fact block tokens from the org end, but there's no way for a user to request a r/o token specific to an org |
2023-04-14 22:04:21 +0200 | <geekosaur> | afaict |
2023-04-14 22:05:09 +0200 | <geekosaur> | well, not entirely true aiui, but any public repo has r/o access via token |
2023-04-14 22:05:33 +0200 | <geekosaur> | private repos have more control but those aren't free… |
2023-04-14 22:06:48 +0200 | <geekosaur> | flip side, that's essentially the same access you get with no access control at all |
2023-04-14 22:07:11 +0200 | <geekosaur> | a restricted token would seem to be somewhat useless if you could evade it just by not using it |
2023-04-14 22:15:36 +0200 | <geekosaur> | huh, I stand corrected. "Each token can only access resources owned by a single user or organization." |
2023-04-14 22:15:41 +0200 | <geekosaur> | (the new style ones) |
2023-04-14 22:15:52 +0200 | malook | (~Thunderbi@46.52.55.36) (Remote host closed the connection) |
2023-04-14 22:43:45 +0200 | mesaoptimizer | (apotheosis@user/PapuaHardyNet) |
2023-04-14 22:52:01 +0200 | mesaoptimizer | (apotheosis@user/PapuaHardyNet) () |
2023-04-14 22:55:42 +0200 | malook | (~Thunderbi@2a02:9b0:4029:5ee:f4d2:55d9:9a06:14dd) |
2023-04-14 23:36:44 +0200 | malook | (~Thunderbi@2a02:9b0:4029:5ee:f4d2:55d9:9a06:14dd) (Remote host closed the connection) |