2023/04/14

2023-04-14 00:08:27 +0200kaskal(~kaskal@089144220250.atnat0029.highway.webapn.at) (Ping timeout: 255 seconds)
2023-04-14 00:20:41 +0200malook1(~Thunderbi@176.18.63.131)
2023-04-14 00:22:05 +0200malook(~Thunderbi@176.18.63.131) (Ping timeout: 240 seconds)
2023-04-14 00:22:06 +0200malook1malook
2023-04-14 00:22:58 +0200kaskal(~kaskal@089144220250.atnat0029.highway.webapn.at)
2023-04-14 00:35:05 +0200kaskal(~kaskal@089144220250.atnat0029.highway.webapn.at) (Ping timeout: 240 seconds)
2023-04-14 00:40:00 +0200ghormoon(~ghormoon@ghorland.net) (Ping timeout: 252 seconds)
2023-04-14 00:57:08 +0200ghormoon(~ghormoon@ghorland.net)
2023-04-14 00:57:42 +0200terrorjack(~terrorjac@2a01:4f8:1c1e:4e8c::) (Quit: The Lounge - https://thelounge.chat)
2023-04-14 01:00:43 +0200kaskal(~kaskal@213-147-165-218.nat.highway.webapn.at)
2023-04-14 01:09:31 +0200terrorjack(~terrorjac@2a01:4f8:c17:87f8::)
2023-04-14 01:24:25 +0200kaskal(~kaskal@213-147-165-218.nat.highway.webapn.at) (Ping timeout: 240 seconds)
2023-04-14 01:26:18 +0200kaskal(~kaskal@213-147-166-209.nat.highway.webapn.at)
2023-04-14 02:33:47 +0200catman(~catman@user/catman)
2023-04-14 02:52:09 +0200malook(~Thunderbi@176.18.63.131) (Ping timeout: 256 seconds)
2023-04-14 03:07:03 +0200catman(~catman@user/catman) (Quit: WeeChat 3.8)
2023-04-14 03:19:35 +0200catman(~catman@user/catman)
2023-04-14 03:53:26 +0200werneta(~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net)
2023-04-14 04:12:25 +0200td_(~td@i53870908.versanet.de) (Ping timeout: 240 seconds)
2023-04-14 04:14:34 +0200td_(~td@i53870905.versanet.de)
2023-04-14 04:37:05 +0200Ou42_away(~Ou4242a@2600:1700:e930:41b0:7ca:70b7:3912:5ed0) (Quit: Leaving)
2023-04-14 04:48:43 +0200terrorjack(~terrorjac@2a01:4f8:c17:87f8::) (Quit: The Lounge - https://thelounge.chat)
2023-04-14 04:51:22 +0200terrorjack(~terrorjac@2a01:4f8:c17:87f8::)
2023-04-14 04:53:54 +0200srk(~sorki@user/srk) (Remote host closed the connection)
2023-04-14 04:54:14 +0200srk(~sorki@user/srk)
2023-04-14 05:39:18 +0200catman(~catman@user/catman) (Ping timeout: 265 seconds)
2023-04-14 06:02:23 +0200thunderrd(~thunderrd@183.182.115.185) (Ping timeout: 260 seconds)
2023-04-14 06:15:02 +0200thunderrd(~thunderrd@183.182.110.247)
2023-04-14 06:25:57 +0200catman(~catman@user/catman)
2023-04-14 07:17:34 +0200catman(~catman@user/catman) (Ping timeout: 276 seconds)
2023-04-14 08:00:05 +0200m5zs7k(aquares@web10.mydevil.net) (Ping timeout: 240 seconds)
2023-04-14 08:00:32 +0200m5zs7k(aquares@web10.mydevil.net)
2023-04-14 08:08:35 +0200catman(~catman@user/catman)
2023-04-14 08:23:41 +0200 <jusa> geekosaur: btw modified SubLayouts.hs worked, but it required logoff/on to take effect, just calling restart "xmonad" True wasn't enough.. I have xmonad now from stack, I wonder if that is causing that? anyways, thanks again, now I at least have the correct font and I can continue with life :)
2023-04-14 08:36:08 +0200mncheck(~mncheck@193.224.205.254)
2023-04-14 08:47:45 +0200catman(~catman@user/catman) (Ping timeout: 240 seconds)
2023-04-14 09:25:33 +0200werneta(~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) (Ping timeout: 255 seconds)
2023-04-14 09:27:09 +0200werneta(~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net)
2023-04-14 09:36:57 +0200cfricke(~cfricke@user/cfricke)
2023-04-14 09:48:05 +0200cfricke(~cfricke@user/cfricke) (Ping timeout: 240 seconds)
2023-04-14 09:49:42 +0200cfricke(~cfricke@user/cfricke)
2023-04-14 10:07:25 +0200 <geekosaur> did you try mod-shift-space? the type won't have changed
2023-04-14 11:00:09 +0200liskin[m](~liskinmat@2001:470:69fc:105::768) (Quit: You have been kicked for being idle)
2023-04-14 11:00:09 +0200unclechu(~unclechu@2001:470:69fc:105::354) (Quit: You have been kicked for being idle)
2023-04-14 11:10:23 +0200ft(~ft@p4fc2a88b.dip0.t-ipconnect.de) (Quit: leaving)
2023-04-14 13:39:11 +0200malook(~Thunderbi@46.52.55.36)
2023-04-14 15:19:29 +0200mncheck(~mncheck@193.224.205.254) (Remote host closed the connection)
2023-04-14 15:32:00 +0200mc47(~mc47@xmonad/TheMC47)
2023-04-14 17:02:19 +0200thunderrd(~thunderrd@183.182.110.247) (Ping timeout: 250 seconds)
2023-04-14 17:17:20 +0200malook(~Thunderbi@46.52.55.36) (Ping timeout: 248 seconds)
2023-04-14 17:58:38 +0200 <geekosaur> @ask Ou42 Is there a reason for you to not use an ssh key? From what I see about Personal Access Tokens, they're an alternative to passwords, not really to ssh keys
2023-04-14 17:58:38 +0200 <lambdabot> Consider it noted.
2023-04-14 17:58:51 +0200liskin[m](~liskinmat@2001:470:69fc:105::768)
2023-04-14 17:59:05 +0200unclechu(~unclechu@2001:470:69fc:105::354)
2023-04-14 17:59:09 +0200 <geekosaur> @ask Ou42 Also I note they seem to be betwixt and between about classic vs. fine grained tokens
2023-04-14 17:59:09 +0200 <lambdabot> Consider it noted.
2023-04-14 18:00:13 +0200liskin[m](~liskinmat@2001:470:69fc:105::768) (Client Quit)
2023-04-14 18:00:13 +0200unclechu(~unclechu@2001:470:69fc:105::354) (Client Quit)
2023-04-14 18:03:37 +0200mncheck(~mncheck@193.224.205.254)
2023-04-14 18:06:39 +0200mc47(~mc47@xmonad/TheMC47) (Remote host closed the connection)
2023-04-14 18:12:24 +0200werneta(~werneta@70-142-214-115.lightspeed.irvnca.sbcglobal.net) (Remote host closed the connection)
2023-04-14 18:26:49 +0200 <geekosaur> …afaict we have to opt the organization into personal access tokens
2023-04-14 18:27:03 +0200liskin[m](~liskinmat@2001:470:69fc:105::768)
2023-04-14 18:27:18 +0200unclechu(~unclechu@2001:470:69fc:105::354)
2023-04-14 18:27:37 +0200 <geekosaur> …are you two married at the hip or something?
2023-04-14 18:28:28 +0200ft(~ft@p4fc2a88b.dip0.t-ipconnect.de)
2023-04-14 18:29:59 +0200catman(~catman@user/catman)
2023-04-14 18:30:16 +0200catman(~catman@user/catman) (Client Quit)
2023-04-14 18:31:42 +0200catman(~catman@user/catman)
2023-04-14 18:42:45 +0200catman(~catman@user/catman) (Ping timeout: 240 seconds)
2023-04-14 19:26:51 +0200 <liskin> geekosaur: I think after the recent leaked ssh host keys incident some people/orgs might be switching to tokens
2023-04-14 19:27:19 +0200 <liskin> (because https has certificate authorities whereas ssh is mostly trust on first use)
2023-04-14 19:35:15 +0200scardinal(~supreme@customer-212-237-101-39.ip4.gigabit.dk) (Quit: leaving)
2023-04-14 19:47:01 +0200scardinal(~supreme@customer-212-237-101-39.ip4.gigabit.dk)
2023-04-14 19:48:39 +0200terrorjack(~terrorjac@2a01:4f8:c17:87f8::) (Quit: The Lounge - https://thelounge.chat)
2023-04-14 19:51:16 +0200terrorjack(~terrorjac@2a01:4f8:c17:87f8::)
2023-04-14 19:56:38 +0200catman(~catman@user/catman)
2023-04-14 20:07:45 +0200catman(~catman@user/catman) (Ping timeout: 240 seconds)
2023-04-14 20:09:13 +0200Guest51(~Guest51@106.51.64.60)
2023-04-14 20:35:10 +0200 <geekosaur> seems odd, they can't leak secret keys
2023-04-14 20:36:02 +0200 <geekosaur> can't even MITM with it
2023-04-14 20:37:01 +0200 <geekosaur> anyway does that mean I should go turn on tokens for the xmonad org? right now as I understand it token access will be rejected until I enable it
2023-04-14 20:38:20 +0200 <geekosaur> (if you go to the config it shows a panel which defaults to them enabled -but- it's the first of a series of questions in configuring token access and the default without completing that configuration is reject, if I understand the docs right)
2023-04-14 20:44:20 +0200Guest51(~Guest51@106.51.64.60) (Quit: Client closed)
2023-04-14 20:56:07 +0200malook(~Thunderbi@46.52.55.36)
2023-04-14 21:13:55 +0200 <geekosaur> okay, did the token dance
2023-04-14 21:14:16 +0200 <geekosaur> also I am amused that a MS product recommends 1password
2023-04-14 21:15:55 +0200 <geekosaur> oh, far as I can see they leaked their own key, not users' keys. don't think PATs would help there
2023-04-14 21:15:56 +0200 <liskin> Dunno, why would we want to enable tokens?
2023-04-14 21:16:08 +0200 <geekosaur> we've already had someone try to use one
2023-04-14 21:16:20 +0200 <geekosaur> (Ou42)
2023-04-14 21:16:24 +0200 <geekosaur> and get access denied
2023-04-14 21:16:32 +0200 <liskin> To use with xmonad?
2023-04-14 21:16:38 +0200 <liskin> That seems really weird
2023-04-14 21:16:53 +0200 <geekosaur> why? it's just a way to auth to github
2023-04-14 21:16:59 +0200 <liskin> Anyway, can't go deeper, getting off a plane
2023-04-14 21:17:07 +0200 <geekosaur> but they're not an org member so they don't get any perms from it
2023-04-14 21:17:38 +0200 <geekosaur> (well, R/O perms)
2023-04-14 21:31:24 +0200gdd(~gdd@129.199.146.230) (Ping timeout: 255 seconds)
2023-04-14 21:44:07 +0200 <liskin> I'll take a look later.
2023-04-14 21:45:38 +0200 <geekosaur> actually I'm a bit confused now, I did the token setup and then it took me back to step one after telling me we were "enrolled"
2023-04-14 21:45:45 +0200 <geekosaur> there's no evidence of it??
2023-04-14 21:47:02 +0200 <geekosaur> okay, now the PAT sidebar is a dropdown menu and the settings are hidden in there
2023-04-14 21:47:11 +0200 <liskin> Anyway, re tokens and leaks: the equivalent of a host key in that scenario is the server TLS cert. If leaked, its revocation would be published using OCSP and a new one would be signed by the CA.
2023-04-14 21:47:12 +0200 <geekosaur> this is not my idea of good UI design
2023-04-14 21:47:32 +0200 <liskin> I really don't think we need to enable that
2023-04-14 21:47:39 +0200cfricke(~cfricke@user/cfricke) (Quit: WeeChat 3.8)
2023-04-14 21:48:38 +0200 <liskin> I mean, it could be useful for some of my sponsors scripts, but I really don't think it should affect any users
2023-04-14 21:53:49 +0200 <[Leary]> If I'm not mistaken, I'd already been using a token to auth to github and push to contrib, so I'm not sure what the issue is supposed to be. Doesn't the guy just need to configure his local git to use it?
2023-04-14 21:54:14 +0200 <geekosaur> maybe
2023-04-14 21:54:43 +0200 <liskin> Yeah that's a good point. I've generated a bunch of tokens and used them for all sorts of things
2023-04-14 21:54:51 +0200 <geekosaur> they were going on about needing to run a local key manager but afaict that's not necessary, it behaves like a password by default
2023-04-14 21:55:17 +0200 <liskin> The problem with my tokens is that I can't really make them limited to xmonad
2023-04-14 21:55:37 +0200 <liskin> So they can either access everything I can (which is... a lot), or nothing
2023-04-14 21:55:52 +0200 <liskin> Having an org-scoped token would be useful
2023-04-14 21:55:57 +0200 <geekosaur> that sounds like a classic token
2023-04-14 21:56:05 +0200 <geekosaur> they have fine-grained access tokens in beta
2023-04-14 21:57:20 +0200 <geekosaur> the stupid part is they still have services and endpoints which don't support them, so you still have to use a classic token
2023-04-14 21:57:54 +0200 <geekosaur> (which has been around for a long time, I got one to try (and fail) to migrate issues from code.google.com)
2023-04-14 22:01:17 +0200 <liskin> Well I don't have that one any more
2023-04-14 22:02:12 +0200 <liskin> The ones I have are limited in scope somewhat, but those are just the repo:read and org:whatever scopes
2023-04-14 22:02:28 +0200 <liskin> But they can still read everything I can, all orgs
2023-04-14 22:03:16 +0200 <geekosaur> yeh, read access control seems to be somewhat lacking
2023-04-14 22:03:27 +0200 <geekosaur> apparently they think write/admin is all that matters
2023-04-14 22:04:17 +0200 <geekosaur> we can in fact block tokens from the org end, but there's no way for a user to request a r/o token specific to an org
2023-04-14 22:04:21 +0200 <geekosaur> afaict
2023-04-14 22:05:09 +0200 <geekosaur> well, not entirely true aiui, but any public repo has r/o access via token
2023-04-14 22:05:33 +0200 <geekosaur> private repos have more control but those aren't free…
2023-04-14 22:06:48 +0200 <geekosaur> flip side, that's essentially the same access you get with no access control at all
2023-04-14 22:07:11 +0200 <geekosaur> a restricted token would seem to be somewhat useless if you could evade it just by not using it
2023-04-14 22:15:36 +0200 <geekosaur> huh, I stand corrected. "Each token can only access resources owned by a single user or organization."
2023-04-14 22:15:41 +0200 <geekosaur> (the new style ones)
2023-04-14 22:15:52 +0200malook(~Thunderbi@46.52.55.36) (Remote host closed the connection)
2023-04-14 22:43:45 +0200mesaoptimizer(apotheosis@user/PapuaHardyNet)
2023-04-14 22:52:01 +0200mesaoptimizer(apotheosis@user/PapuaHardyNet) ()
2023-04-14 22:55:42 +0200malook(~Thunderbi@2a02:9b0:4029:5ee:f4d2:55d9:9a06:14dd)
2023-04-14 23:36:44 +0200malook(~Thunderbi@2a02:9b0:4029:5ee:f4d2:55d9:9a06:14dd) (Remote host closed the connection)