●● IRC: #techbytes @ FreeNode: Tuesday, June 08, 2021 ●●
● Jun 08
[00:31] *asusbox has quit (Quit: Konversation terminated!)
[00:31] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:d028:95cf:52ab:42c2) has joined #techbytes
[00:37] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[00:40] *asusbox has quit (Read error: No route to host)
[00:40] *asusbox2 has quit (Ping timeout: 260 seconds)
[00:40] *asusbox (~rianne@2a00:23c4:c3aa:7d01:d028:95cf:52ab:42c2) has joined #techbytes
[00:48] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[00:48] *asusbox has quit (Read error: No route to host)
● Jun 08
[01:57] *asusbox2 has quit (Quit: Konversation terminated!)
[01:57] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[02:02] *rianne has quit (Ping timeout: 245 seconds)
[02:15] *rianne (~rianne@2a00:23c4:c3aa:7d01:596b:f330:270d:3f28) has joined #techbytes
[02:24] *asusbox has quit (Quit: Konversation terminated!)
[02:24] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[02:40] *asusbox has quit (Quit: Konversation terminated!)
[02:40] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[03:31] *phanes (~bagira@freenode/staff/phanes) has joined #techbytes
● Jun 08
[04:40] *rianne has quit (Ping timeout: 260 seconds)
[04:40] *asusbox has quit (Ping timeout: 245 seconds)
● Jun 08
[05:15] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[05:15] *asusbox (~rianne@2a00:23c4:c3aa:7d01:596b:f330:270d:3f28) has joined #techbytes
[05:53] *rianne has quit (Ping timeout: 245 seconds)
[05:54] *asusbox has quit (Ping timeout: 260 seconds)
[05:57] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[05:58] *rianne (~rianne@2a00:23c4:c3aa:7d01:596b:f330:270d:3f28) has joined #techbytes
● Jun 08
[06:29] *asusbox has quit (Ping timeout: 240 seconds)
[06:29] *rianne has quit (Ping timeout: 245 seconds)
[06:35] *rianne (~rianne@2a00:23c4:c3aa:7d01:596b:f330:270d:3f28) has joined #techbytes
[06:35] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[08:15] *tr-bridge has quit (Remote host closed the connection)
[08:36] *rianne has quit (Ping timeout: 245 seconds)
[08:36] *asusbox has quit (Ping timeout: 272 seconds)
[08:55] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[08:55] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[09:01] schestowitz >>> Is it Schuman the first images?
[09:01] schestowitz >>>
[09:01] schestowitz >>> http://techrights.org/2021/06/07/censorship-of-epo-stakeholders/
[09:01] schestowitz >> Where? The background image?
[09:01] -TechBytesBot/#techbytes-techrights.org | The EPOs Censorship of Stakeholders is a Misguided Case of Digging Ones Own Grave | Techrights
[09:01] schestowitz > The one attached.
[09:01] schestowitz Ah, I do not know that place by name.
[09:09] *asusbox has quit (Ping timeout: 240 seconds)
[09:09] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[09:17] *asusbox has quit (Ping timeout: 258 seconds)
[09:17] *rianne has quit (Ping timeout: 255 seconds)
[09:32] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[09:33] *rianne (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[09:55] *GNUmoon2 has quit (Ping timeout: 240 seconds)
● Jun 08
[10:30] *rianne has quit (Ping timeout: 245 seconds)
[10:31] *asusbox has quit (Ping timeout: 245 seconds)
[10:36] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[10:37] *rianne (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[10:43] *asusbox has quit (Ping timeout: 258 seconds)
[10:44] *rianne has quit (Ping timeout: 260 seconds)
[10:49] *GNUmoon2 (~GNUmoon@gateway/tor-sasl/gnumoon) has joined #techbytes
● Jun 08
[11:59] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[11:59] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[12:17] schestowitz https://lists.orbitalfox.eu/archives/gemini/2021/006648.html
[12:17] -TechBytesBot/#techbytes-lists.orbitalfox.eu | [tech] Agate server: path traversal error security advisory
[12:17] schestowitz Hi everyone,
[12:17] schestowitz there is a security vulnerability in all Agate versions prior to 3.1.0, which has been discovered by Matthew Ingwersen.
[12:17] schestowitz It has been fixed in the new version which is available on crates.io, prebuilt binaries are also available: or
[12:17] -TechBytesBot/#techbytes-qwertqwefsday.eu | Index of /agate/v3.1.0/
[12:17] schestowitz Percent-encoded slashes were misunderstood, possibly allowing arbitrary files to be accessed. This can be an issue depending on with which permissions and/or user you are running the server. Therefore an update is highly recommended.
[12:17] -TechBytesBot/#techbytes-github.com | Release v3.1.0 mbrubeck/agate GitHub
[12:17] schestowitz Regards,
[12:17] schestowitz I am not to all this, have just caught up
[12:17] schestowitz can we not just swap the binary in place? It's in ~/bin
[12:22] Techrights-sec yes, the binary can be swapped but then the key and certificate
[12:22] Techrights-sec must first be converted to der format or else replaced with new ones
[12:23] schestowitz is there a Web page that explains why?
[12:26] *asusbox has quit (Ping timeout: 240 seconds)
[12:26] *rianne has quit (Ping timeout: 255 seconds)
[12:28] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[12:28] *rianne (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[12:34] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[12:35] *asusbox has quit (Ping timeout: 258 seconds)
[12:37] *asusbox2 has quit (Read error: No route to host)
[12:37] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[12:38] Techrights-sec yes, the binary can be swapped but then the key and certificate
[12:38] Techrights-sec must first be converted to der format or else replaced with new ones
[12:38] Techrights-sec not that I know of. Sometime between now and the last (overdue) update
[12:38] Techrights-sec Agate has changed the expected format of the private key and the certificate
[12:38] Techrights-sec I'm sure it's an easy conversion for someone that knows how
[12:50] *asusbox2 has quit (Ping timeout: 260 seconds)
[12:50] Techrights-sec Aside from the matter of the cert and key, the following works:
[12:50] Techrights-sec gemini@raspberrypi:~/certs $ ./agate.armv7-unknown-linux-gnueabihf.new --content /home/gemini/gemini/ --certs /home/gemini/certs
[12:50] Techrights-sec (copy-paste error with the path above)
[12:50] Techrights-sec (it's in ~/bin/ really)
[12:50] *rianne has quit (Ping timeout: 245 seconds)
[12:51] schestowitz I welcome you having a poke and breaking some things in the process. Totally understandable. Just let's ensure we keep copies of any changed config files and older binaries that can be reverted back to.
[12:53] Techrights-sec I hope I have not changed anything, there would just be the addition of the new binary and the new directory holding the certs.
[12:53] Techrights-sec So things are hopefully not broken and the old Agate is still running.
[12:53] schestowitz I can access everything OK at the moment and have it monitored for any errors
[12:54] Techrights-sec Yes, that would be the old Agate. The new one will compain about
[12:54] Techrights-sec new, untrusted certs until I can learn the trivial task of converting
[12:54] Techrights-sec to der from pem.
[12:54] schestowitz Oh, I see...
● Jun 08
[13:03] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[13:03] *rianne (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[13:24] *asusbox2 has quit (Ping timeout: 258 seconds)
[13:25] *rianne has quit (Ping timeout: 260 seconds)
[13:36] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[13:37] *rianne (~rianne@2a00:23c4:c3aa:7d01:3424:c2fa:ee24:c4e0) has joined #techbytes
[13:44] *asusbox2 has quit (Quit: Konversation terminated!)
[13:44] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[13:48] *rianne has quit (Ping timeout: 245 seconds)
● Jun 08
[14:01] *rianne (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[14:09] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[14:12] *asusbox2 has quit (Ping timeout: 260 seconds)
[14:36] *rianne has quit (Ping timeout: 260 seconds)
[14:36] *asusbox has quit (Ping timeout: 245 seconds)
[14:45] *tr-bridge (~tr-bridge@meowr.ru) has joined #techbytes
● Jun 08
[15:45] Techrights-sec This is supposed to work, but does not:
[15:45] Techrights-sec openssl pkey -outform der -in key.pem -out key.der
[15:45] Techrights-sec Agate then reports that the resulting der file is malformed.
[15:45] Techrights-sec back in a bit
[15:45] Techrights-sec back
[15:45] Techrights-sec should we just go with a new key+cert combination?
[15:46] Techrights-sec sudo systemctl stop agate.service ;
[15:46] Techrights-sec ~/bin/agate.armv7-unknown-linux-gnueabihf.new \
[15:46] Techrights-sec --content /home/gemini/gemini/ \
[15:46] Techrights-sec --certs /home/gemini/certs/ \
[15:46] Techrights-sec --hostname gemini.techrights.org \
[15:46] Techrights-sec --lang en-GB \
[15:46] Techrights-sec || sudo systemctl start agate.service
[15:46] schestowitz yes, no harm changing certs/keys if needed
[15:47] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[15:51] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
● Jun 08
[16:10] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[16:11] *asusbox has quit (Ping timeout: 260 seconds)
[16:14] Techrights-sec ok, then I'll just let the new version make a new key + certificate
[16:14] schestowitz seems reasonable if agate as a whole moved away to a different kind of pair standard
[16:19] *rianne has quit (Ping timeout: 240 seconds)
[16:19] *asusbox2 has quit (Ping timeout: 258 seconds)
[16:20] Techrights-sec the new version is in place, along with the new key and certificate
[16:20] Techrights-sec the unit file is also updated
[16:20] Techrights-sec /etc/systemd/system/agate.service
[16:23] schestowitz fantastic, I will mention that the key+cert pair had changed, not that I can see any of 4 gemini clients blocking the capsule, just moaning about it. Only moonlander is completely freaking out about this and not letting me through
[16:29] schestowitz LOL, moonlander does not even have the option of bypassing this, not even application restart. But it's an alpha version. Upside it, we might have a better agate version now, wonder if new features are available. Sooner or later we'd have had to deal with the standard conversions I suppose...
[16:31] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[16:32] *rianne (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[16:37] *asusbox2 has quit (Quit: Konversation terminated!)
[16:37] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[16:40] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[16:42] *asusbox has quit (Ping timeout: 245 seconds)
[16:52] Techrights-sec I'm not sure any of the clients have a provision for verifying new certs
[16:52] Techrights-sec It would have been best to just convert the old cert + key but there
[16:52] Techrights-sec is no accurate information about how to do that anywhere I could find
[16:52] Techrights-sec in a few hours wasted checking mailing list archives and whatnot
[16:52] Techrights-sec also OpenSSL is a little complex to put it mildly
● Jun 08
[17:07] schestowitz sounds like a conversion or migration was inevitable though if agate made a change in direction, so it's good to leave that behind sooner rather than later
[17:11] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[17:14] *asusbox2 has quit (Ping timeout: 260 seconds)
[17:22] schestowitz I've just announced the change, let's hope it's the last before the pi dies http://techrights.org/2021/06/08/updating-our-keys/
[17:22] -TechBytesBot/#techbytes-techrights.org | Announcement: Updating Our Keys (Dont Be Alarmed by Warnings) | Techrights
[17:32] *asusbox has quit (Ping timeout: 260 seconds)
[17:32] *rianne has quit (Ping timeout: 245 seconds)
[17:51] schestowitz 64924 gemini reqs so far this month, mostly spiders, I just hope the warnings won't deter too many people. in moonlander only it's not possible to bypass. as i noted before, morever, seems liek sooner or later, we'd have had to make the change, so better do that asap to limit the technical debt so to speak
[17:55] Techrights-sec better sooner than later, it is done now. I would hope that the
[17:55] Techrights-sec documentation catches up
[17:56] schestowitz if you have some notes/cheat cheets, then we can publish these to help others, we already how manuals for setting up agate
[17:56] schestowitz *sheets
[17:56] Techrights-sec nothing useful, there were some things which looked promising but
[17:56] Techrights-sec did not actually work
● Jun 08
[18:04] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:04] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:16] *liberty_box has quit (Ping timeout: 245 seconds)
[18:16] *rianne__ has quit (Ping timeout: 272 seconds)
[18:17] *asusbox has quit (Quit: Konversation terminated!)
[18:18] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:24] *rianne__ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:26] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:28] *liberty_box (~liberty@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[18:30] *asusbox has quit (Ping timeout: 258 seconds)
● Jun 08
[19:15] *rianne__ has quit (Remote host closed the connection)
[19:16] *rianne__ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[19:42] *asusbox2 has quit (Quit: Konversation terminated!)
[19:42] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[19:48] *asusbox2 has quit (Quit: Konversation terminated!)
[19:48] *asusbox2 (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
● Jun 08
[20:25] Techrights-sec The issues we encountered were Agate-specific:
[20:25] Techrights-sec https://gemini.circumlunar.space/docs/tls-tutorial.gmi
[20:25] Techrights-sec so the tls-tutorial won't address it. Though key and certificate formats
[20:25] Techrights-sec are of general importance.
[20:25] Techrights-sec the output of the following ought to be included in the most recent post
[20:25] Techrights-sec about Gemini:
[20:25] -TechBytesBot/#techbytes-gemini.circumlunar.space | TLS, client certificates, TOFU, and all that jazz
[20:25] Techrights-sec $ openssl x509 -inform der -in cert.der -text -noout
[20:26] Techrights-sec That way people can verify manually.
[20:26] Techrights-sec kind of
[20:26] Techrights-sec afk
● Jun 08
[21:12] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[21:14] *asusbox2 has quit (Ping timeout: 240 seconds)
[21:31] *asusbox has quit (Quit: Konversation terminated!)
[21:33] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[21:55] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
[21:58] *asusbox has quit (Ping timeout: 258 seconds)
● Jun 08
[22:01] *asusbox2 has quit (Quit: Konversation terminated!)
[22:01] *asusbox (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[22:12] *rianne has quit (Ping timeout: 245 seconds)
[22:13] *asusbox has quit (Ping timeout: 272 seconds)
[22:15] schestowitz https://twitter.com/benbfranklin/status/1402239324071108608
[22:15] -TechBytesBot/#techbytes-@benbfranklin: @schestowitz AFAIK IBM didn't try to point the redhat Crew in IBM blue, but that information is a bit old.
[22:15] schestowitz https://twitter.com/JenniferNOTL/status/1402232809905852419
[22:15] -TechBytesBot/#techbytes-@JenniferNOTL: Tons of lies here https://t.co/4RvejqtYqr
[22:15] -TechBytesBot/#techbytes-@schestowitz: There is no solution to the GOP's #vaccine refusal https://t.co/nYKyBHJcH2
[22:15] schestowitz https://twitter.com/pceebee23/status/1402230793628393476
[22:15] -TechBytesBot/#techbytes-@pceebee23: @schestowitz as do computer/phone users need the right to repair their equipment #RightToRepair is going to be a big fight nasty long fight
[22:16] schestowitz https://twitter.com/glynmoody/status/1402172963907063810
[22:16] -TechBytesBot/#techbytes-@glynmoody: .@WordPress Economy Drives More Than Half a Trillion in Revenue, New Global Study Shows - https://t.co/SWa587x4xo https://t.co/r7sxTf1UvN
[22:16] schestowitz "
[22:16] schestowitz Economy Drives More Than Half a Trillion in Revenue, New Global Study Shows - https://businesswire.com/news/home/20210607005793/en/ another incredible result for #opensource software: half trillion dollars based on a free program (v @schestowitz
[22:16] -TechBytesBot/#techbytes-www.businesswire.com | WordPress Economy Drives More Than Half a Trillion in Revenue, New Global Study Shows | Business Wire
[22:16] schestowitz )
[22:16] schestowitz "
[22:16] schestowitz https://twitter.com/iridesce57/status/1402067505573736454
[22:16] -TechBytesBot/#techbytes-@iridesce57: @schestowitz :smile: underscores are my friends
[22:16] schestowitz https://twitter.com/ArthurDungasCuz/status/1402059131809239055
[22:16] -TechBytesBot/#techbytes-@ArthurDungasCuz: will stick with @debian https://t.co/1votSxIAre
[22:16] -TechBytesBot/#techbytes-@schestowitz: #IBM is Doing to #RedHat What #Novell Did to #SUSE (and People Are Leaving) https://t.co/EzgbqnlxnD https://t.co/EZsbvcvQPx
[22:16] schestowitz https://twitter.com/ArtBrowski/status/1401992685695782918
[22:16] -TechBytesBot/#techbytes-@ArtBrowski: @schestowitz If you get down on the floor and play with a toddler they dont care if you own 10 cars and 20 boats https://t.co/88vfQne0la
[22:16] -TechBytesBot/#techbytes-@ArtBrowski: @schestowitz If you get down on the floor and play with a toddler they dont care if you own 10 cars and 20 boats https://t.co/88vfQne0la
[22:16] schestowitz "
[22:16] schestowitz If you get down on the floor and play with a toddler they dont care if you own 10 cars and 20 boats
[22:16] schestowitz For 100,000 years problem has been jealousy
[22:16] schestowitz "
[22:34] *liberty_box has quit (Ping timeout: 240 seconds)
[22:34] *rianne__ has quit (Ping timeout: 272 seconds)
[22:46] *rianne__ (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[22:47] *liberty_box (~liberty@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[22:54] *rianne (~rianne@host81-154-169-167.range81-154.btcentralplus.com) has joined #techbytes
[22:54] *asusbox (~rianne@2a00:23c4:c3aa:7d01:a5d6:c2f1:c89e:ea6e) has joined #techbytes
● Jun 08
[23:24] *asusbox has quit (Ping timeout: 260 seconds)
[23:25] *GNUmoon2 has quit (Ping timeout: 240 seconds)
[23:25] *rianne has quit (Ping timeout: 258 seconds)
[23:27] *TechBytesBot has quit (*.net *.split)
[23:27] *libertybox has quit (*.net *.split)
[23:27] *schestowitz has quit (*.net *.split)
[23:27] *MinceR has quit (*.net *.split)
[23:27] *hook54321 has quit (*.net *.split)
[23:27] *acer-box__ has quit (*.net *.split)
[23:27] *Techrights-sec has quit (*.net *.split)
[23:27] *kermit has quit (*.net *.split)
[23:27] *XFaCE has quit (*.net *.split)
[23:34] *libertybox (~schestowi@2a00:23c4:c3aa:7d01:9ed2:1eff:feb6:a8e1) has joined #techbytes
[23:34] *acer-box__ (~acer-box@unaffiliated/schestowitz) has joined #techbytes
[23:34] *schestowitz (~schestowi@unaffiliated/schestowitz) has joined #techbytes
[23:34] *MinceR (mincer@unaffiliated/mincer) has joined #techbytes
[23:34] *Techrights-sec (~quassel@2a00:23c4:c3aa:7d01:9ed2:1eff:feb6:a8e1) has joined #techbytes
[23:34] *kermit (sid393220@pdpc/supporter/bronze/kermit) has joined #techbytes
[23:34] *TechBytesBot (~b0t@techrights.org) has joined #techbytes
[23:34] *hook54321 (sid149355@gateway/web/irccloud.com/x-fxiqoajqmgtmgpcp) has joined #techbytes
[23:34] *XFaCE (XFaCE@unaffiliated/xface) has joined #techbytes
[23:34] *tr-bridge has quit (Excess Flood)
[23:41] *tr-bridge (~tr-bridge@meowr.ru) has joined #techbytes