●● IRC: #boycottnovell @ Techrights IRC Network: Sunday, September 12, 2021 ●● ● Sep 12 [00:33] *rianne_ has quit (Ping timeout: 2m30s) [00:33] *liberty_box has quit (Ping timeout: 2m30s) [00:34] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [00:34] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell ● Sep 12 [02:14] *wallacer has quit (Ping timeout: 2m30s) ● Sep 12 [03:45] *wallacer (~quassel@6bsu33ajs4zs4.irc) has joined #boycottnovell ● Sep 12 [04:27] schestowitz xrevan has a bridge for ssh-chat and IRC; would it be worth using https://github.com/shazow/ssh-chat to allow people to access (read and write) to our irc channel/s over ssh? [04:27] -TechrightsBN/#boycottnovell-github.com | GitHub - shazow/ssh-chat: Chat over SSH. [04:38] *techrights_guest|89 (~519aac55@54n9xgft8g6u2.irc) has joined #boycottnovell [04:53] *techrights_guest|76 (~519aac55@54n9xgft8g6u2.irc) has joined #boycottnovell ● Sep 12 [05:09] Techrights-sec Where would the SSH login occur for the SSH-IRC bridge? [05:10] schestowitz-TR case/scenario: go is already on ergo/ircd container, can add ssh-chat to that, then open up openssh on localhost for access over irc.techrights.org:22 (or other) [05:12] Techrights-sec Ack. How sound is the Go code for the bridge? If we were running FreeBSD [05:12] Techrights-sec it would be easy to fire up a jail within that container. But we aren't so [05:12] Techrights-sec it'd be rattling around loose within that container so to speak. [05:12] schestowitz-TR the bridge supports ssh-chat [05:13] schestowitz-TR another think it supports is mumble [05:13] schestowitz-TR so in theory could do conferencing with text chats bridged over irc [05:15] Techrights-sec It looks like ssh-chat would run in place of the normal SSH server, or [05:15] Techrights-sec parallel to it on another port. [05:16] schestowitz-TR yes, at the moment ssh works outwards over port 22, iirc. for backups [05:18] schestowitz-TR side question (you can see more in tomorrow's irc logs), I did tons of research into git/gemini projects. A black hole or void there; would it be worth running a cron job with git on the pi, then write out the latest version for each file to a file served over gemini? we might be first capsule to do so... [05:20] Techrights-sec I'm not sure what it adds technically over the ForceCommand directive. [05:20] Techrights-sec It'd be easy enough to have the current SSH daemon listen on a second [05:20] Techrights-sec port in addition tothe normal one and have those alternate port connections [05:20] Techrights-sec shunted to an IRC client. The big worry in both is about shell escapes. [05:21] schestowitz-TR re ssh-chat, yes, security worries me a lot, as it reminds me of bbs over telnet and you give people much access without anything but a username (also irc flooding opportunity) [05:22] Techrights-sec Mirror our Git repository via Gemini? [05:22] *DaemonFC has quit (connection closed) [05:23] schestowitz-TR re gemini, mirroring is an overstatement because with gemini you cannot properly query for rich interaction, so as a compromise you can have a page or set of static pages for each file. for index, bash scripting can help [05:26] Techrights-sec re gemini - I would think that one index per directory would be fine, ith [05:26] Techrights-sec links to the individual files and subdirectories from there. That would be easy [05:26] Techrights-sec enough to do [05:26] schestowitz-TR with latest version? if we write some code for it, we can make it a code that hosts itself :-) [05:28] Techrights-sec basically [05:28] Techrights-sec However, the Git repository is still in the learning phase [05:28] schestowitz-TR iirc, all the latest versions of files there do not contain sensitive things like names and initials/usernames can be dropped at the gemini side [05:32] Techrights-sec I'll have to look into how to ensure read-only access via SSH for that [05:32] Techrights-sec Or do we have the capabilities to make the HTTP server provide access? [05:32] Techrights-sec I'm reluctant to experiment on the production side. [05:32] schestowitz-TR assuming we still speak about gemini? and now ssh-chat? [05:35] Techrights-sec Git / Gemini [05:35] Techrights-sec Howqever regarding the ssh-chat, there might be fewer moving parts to worry [05:35] Techrights-sec about using ForceCommand and a client within rbash. [05:37] schestowitz-TR the ipfs account already has git installed; it can run a bunch of commands each night to fetch latest versions of pages, if gemini user has access to these, then it can mirror them somewhere under /home/gemini/gemini [05:38] schestowitz-TR ipfs is not good for files that keep changing [05:38] Techrights-sec I don't see the IRCd container in my notes. I'll rummage a little. [05:39] schestowitz sudo lxc-attach -n ircd [05:41] *techrights_guest|76 has quit (Quit: Connection closed) [05:43] Techrights-sec thanks [05:43] Techrights-sec $ stat -c '%a %n' /home/ircd/ [05:43] Techrights-sec 2755 /home/ircd/ [05:43] Techrights-sec 2750 or 2700 might be better if the container were to share access with an [05:43] Techrights-sec extra account for ssh-chat, whether via Go or via ForceCommand [05:44] schestowitz-TR I think we first need to decide if (at all) we even want or need ssh-chat, as mumble and xmmp are also options. We've ruled out matrix as worth it... [05:45] Techrights-sec Is Irssi ok / safe? [05:45] Techrights-sec Ok. [05:45] schestowitz-TR I am using ssh-chat at the moment, it is vastly inferior to proper irc clients for the cli [05:54] schestowitz-TR we can worry less about user access levels, branching etc. if we just mirror latest version in gemini:// and cron to update ● Sep 12 [08:10] Techrights-sec I can I will just precede the code with branch number? [08:16] Techrights-sec Example? [08:21] schestowitz-TR working on it...... [08:26] *rianne_ has quit (Ping timeout: 2m30s) [08:27] *liberty_box has quit (Ping timeout: 2m30s) [08:29] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [08:30] schestowitz git ls-tree --full-tree -r --name-only HEAD [08:30] schestowitz git show --format=$'%H\n%aD\n' * > temp && head temp [08:30] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [08:32] schestowitz git ls-files . | sed s,/.*,/, | uniq [08:42] Techrights-sec by the way, I think I have read-only access set up for the gemini account. try: [08:42] Techrights-sec git clone ssh:/ssssss/home/git/tr-git/ [08:42] Techrights-sec The forced command should allow only cloning / pulling. [08:43] schestowitz-TR do you already have it cloned somewhere on the pi? I checked numerous accounts and found nothing.Also, is this address/host/alias already configured? [08:46] Techrights-sec /tmp/ [08:46] Techrights-sec it's in the ~gemini account [08:46] Techrights-sec ^the configuration [08:46] Techrights-sec $ whoami [08:46] Techrights-sec gemini [08:46] Techrights-sec See ~gemini/.ssh/config for the shortcut [08:47] schestowitz-TR fantastic! [08:52] schestowitz gemini://gemini.techrights.org/git/ [08:52] Techrights-sec I figure it can run in a cron job once a day and then a script can index [08:52] Techrights-sec the files for Gemini ● Sep 12 [09:15] schestowitz-TR every beginning is very rudimentary. Are you OK with me putting one file for each directory in git, listing the files in turn? Only latest version as metadata can be a privacy issue [09:20] schestowitz-TR I guess so. Perhaps this script is too much: [09:20] schestowitz-TR ~gemini/bin/git-update.sh [09:20] schestowitz-TR If autoindex were turned on for those directories then no additional [09:20] schestowitz-TR scripting would be needed. [09:20] schestowitz-TR loooooking ...... [09:23] schestowitz-TR I see 10:12am updates in cron [09:33] *rianne_ has quit (Ping timeout: 2m30s) [09:33] *liberty_box has quit (Ping timeout: 2m30s) [09:34] Techrights-sec yes [09:34] Techrights-sec 12:10 utc [09:34] schestowitz-TR yes, my bad :D [09:35] schestowitz-TR by keeping it gemini-only (or web proxy) we might be first to have a go at these sorts of things and also we can attract more people to gemini. The video intros I made last night give the gemini address. later we can publish a video about this, add to front pages/menus.. [09:36] Techrights-sec Should the .git directory remain in the clone? I presume there is no [09:36] Techrights-sec sensitive metadata there but that is just a presumption based on ignorance. [09:37] schestowitz-TR only index/gmi files will be accessible anyway. are you still making further changes to git-update.sh or can I add lined to it? [09:39] schestowitz-TR I see it is not in git yet, I might make my own file (bash), later hook it (external system/bash call) off from yours [09:40] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [09:40] Techrights-sec You can add to it. [09:41] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [09:42] Techrights-sec I don't think it will be in Git because it references SSH keys. [09:59] schestowitz-TR just remember it's a crude first iteration, we can do lots of things once the basics are in place. am testing it with lagrange, telescope and amfora now ● Sep 12 [10:45] *liberty_box has quit (Ping timeout: 2m30s) [10:46] *rianne_ has quit (Ping timeout: 2m30s) ● Sep 12 [11:01] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [11:01] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [11:37] schestowitz gemini://gemini.techrights.org/git/tr-git/ [11:38] schestowitz does this look remotely OK? All generated by cron job, except the index of categories [11:45] schestowitz-TR in lagrange the bookmark splits and lets them be navigated [11:45] Techrights-sec all the files are concatenated into one per category. [11:45] Techrights-sec I'll have to think. [11:49] *techrights_guest|89 has quit (Quit: Connection closed) ● Sep 12 [12:06] schestowitz-TR https://nitter.actionsack.com/RubyRLee/status/1436965792738906114#m [12:06] -TechrightsBN/#boycottnovell-nitter.actionsack.com | Ruby R Lee (@RubyRLee): "techrights.org/2013/01/24/bi" | nitter [12:08] schestowitz maybe jumping the gun a little, knowing that commit history isn't visible, only the latest versions. Added http://techrights.org/git/ (also in top of page menu), will show up shortly in gemini capsule also. I've not caught any faux pas yet. [12:08] -TechrightsBN/#boycottnovell-techrights.org | Techrights Git (Self-Hosted) | Techrights [12:29] *liberty_box has quit (Ping timeout: 2m30s) [12:29] *rianne_ has quit (Ping timeout: 2m30s) [12:31] schestowitz I've only just realised two things; I wanted to check 3/+ update of the front page, seeing it did not update after midday, so I checked syslog. No clue in there, I will check after 3pm again. But in the process I found that gate logs to it and also includes full URL included, which means we can get stats by URL. [12:47] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [12:48] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [12:56] *activelow has quit (Ping timeout: 2m30s) ● Sep 12 [13:04] *activelow (~activelow@kw4qm9cynvx82.irc) has joined #boycottnovell ● Sep 12 [14:19] *MinceR has quit (connection closed) [14:26] *MinceR (~mincer@bringer.of.light) has joined #boycottnovell [14:26] *irc.techrights.org sets mode +a #boycottnovell MinceR [14:40] schestowitz-TR is it OK to do a blog post about this or not yet? [14:48] Techrights-sec I guess, but I haven't had a proper look at the current results yet. [14:48] Techrights-sec I'm also still wondering about all th efiles, but I guess if we plan [14:48] Techrights-sec to allow read-only access to Git eventually might as well start now via [14:48] Techrights-sec Gemini. The code is primitive though. [14:50] schestowitz-TR based on my research, we're first in the world to do this, so it's partly proof of concept-y and I will clarify upfront, we'll make improvements. leah seems very interested in gemini and also does some coding for technical docs, I'm told, so I think 'git over gemini' (at any form/capacity) would be attractive to geeks. [14:50] schestowitz-TR I will choose my language carefully and choose an intro video with the gemini url [14:59] *rianne_ has quit (Ping timeout: 2m30s) ● Sep 12 [15:00] *liberty_box has quit (Ping timeout: 2m30s) [15:15] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [15:15] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell ● Sep 12 [17:14] *liberty_box has quit (Ping timeout: 2m30s) [17:14] *rianne_ has quit (Ping timeout: 2m30s) [17:16] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [17:18] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [17:23] *DaemonFC (~DaemonFC@x6x2gkvqza8kk.irc) has joined #boycottnovell [17:25] *psydroid2 (~psydroid@cqggrmwgu7gji.irc) has joined #boycottnovell ● Sep 12 [18:32] *liberty_box has quit (Ping timeout: 2m30s) [18:32] *rianne_ has quit (Ping timeout: 2m30s) [18:40] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [18:41] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell ● Sep 12 [19:18] *DaemonFC has quit (Ping timeout: 2m30s) [19:39] *bridge has quit (connection closed) ● Sep 12 [20:34] *rianne_ has quit (Ping timeout: 2m30s) [20:34] *liberty_box has quit (Ping timeout: 2m30s) [20:36] *rianne_ (~rianne@qhduu73fcjmdn.irc) has joined #boycottnovell [20:38] *liberty_box (~liberty@qhduu73fcjmdn.irc) has joined #boycottnovell [20:38] *DaemonFC (~DaemonFC@c53pwstuh4ibn.irc) has joined #boycottnovell ● Sep 12 [21:37] *rianne_ has quit (Quit: Konversation terminated!) [21:37] *liberty_box has quit (connection closed) [21:42] schestowitz https://twitter.com/fawnsfeign/status/1437029676589797381 [21:42] -TechrightsBN/#boycottnovell-@fawnsfeign: What a nice way to put it! It simply means Greed is at the core of politics. https://t.co/YokoV4qv9R [21:42] -TechrightsBN/#boycottnovell-@schestowitz: Common misconception: large corporations try to cancel right-leaning developers. Reality: large corporations love t https://t.co/M1WDkU5jF3 ● Sep 12 [22:29] *activelow has quit (Quit: leaving) [22:45] *activelow (~activelow@fpp9gt5hhpz2q.irc) has joined #boycottnovell ● Sep 12 [23:22] *psydroid2 has quit (connection closed)