2011-04-17 04:30 wpwrak: thanks for the article. for my ultrasonic bath, I think that 35W is the input power; the output power will be much lower due to various losses 2011-04-17 04:32 and, after all, it will be around 15W/l. talking about the frequency, it emits loud clicks when working. that very well may be the audible side-effects of sweeping 2011-04-17 06:13 C-Keen: so I've etched that brass yesterday 2011-04-17 06:13 it's just like etching copper 2011-04-17 06:13 almost no differences 2011-04-17 08:26 (/nick Fusin 2011-04-17 08:26 without '(' is better I believe ;) 2011-04-17 08:27 Ben Nano is up and running 2011-04-17 08:27 now 'testphase' ... 2011-04-17 08:44 . 2011-04-17 08:45 whitequark: did it go well? 2011-04-17 08:50 C-Keen: yeah 2011-04-17 08:50 no problem. I now have a smiley =) of brass 2011-04-17 08:50 I wonder if 0.05 mm sheets I have are thick enough for solder paste mask 2011-04-17 08:53 is trying to debug I2C communication with Soviet analog 1-channel scope "C1-68" 2011-04-17 08:53 68 is the year, I think 2011-04-17 08:53 whitequark: nice :) 2011-04-17 11:12 is trying ammonium persulphate now 2011-04-17 11:12 the solution slowly becomes light-blue in the process 2011-04-17 11:12 and it is relatively non-smelly compared to FeCl3 2011-04-17 11:13 it just emits ammonia and sulphur dioxide... 2011-04-17 14:44 wolfgang for some reason my openID credentials are rejected. Is there a way to overcome that so I can do a little editing of the wiki? 2011-04-17 14:46 openid login is broken 2011-04-17 14:46 the way to overcome it is to do anonymous edit and pass the math captcha, or to create an account 2011-04-17 14:47 there was some problem upstream with openid login, so I will just wait and hope one day the problem will go away in an update 2011-04-17 14:47 most important: thanks for considering to help with the wiki! 2011-04-17 14:53 openid itself is a really fucked up concept. 2011-04-17 14:53 nothing which could fix it. 2011-04-17 14:53 better than creating accounts everywhere I think 2011-04-17 14:53 i agree with roh 2011-04-17 14:54 indeti.ca stop acepting my own openid some weeks ago :( 2011-04-17 14:54 wolfspraul: nope. 2011-04-17 14:54 what's better? 2011-04-17 14:54 wolfspraul: if you allow openid you can by default allow anonymous edits. same level of trust 2011-04-17 14:54 Foaf-ssl is nice, but not wider deployed yet i think 2011-04-17 14:54 roh: of course 2011-04-17 14:54 you 'trust' somebody you dont know to name a 3rd party for you to ask to verify credentials.... ehh.. WTF? 2011-04-17 14:54 anonymous edits are of course allowed as well (just with math captcha) 2011-04-17 14:55 yes sure 2011-04-17 14:55 it's a spam filter 2011-04-17 14:55 I never thought about it as being more. Also it can reduce the number of accounts people have to have everywhere. 2011-04-17 14:55 so the first thing i would do as spammer would be setting up a openid server allowing me to spam you all. (if it dit not happen it will. i promise) 2011-04-17 14:55 wolfspraul: openid ALLOWS spam. not removes them. 2011-04-17 14:56 it even allows automated bot spamming (contrary to captchas and account creation, which one can tarpit by heuristics (e.g. >10 accounts in $timeframe form same ip.. etc) 2011-04-17 14:58 roh: ok reading :-) Maybe the way to fix the broken openid login is to remove the broken plugin. 2011-04-17 14:59 I think in real life, it would still function as a spam filter today, but maybe you are right and that's only because it never caught on. 2011-04-17 14:59 wolfspraul: my guess is that everybody able to fix the plugin doesnt do for the same reasons i would never write one ;) 2011-04-17 15:00 I just look at it very pragmatically as a way to avoid local account creation everywhere. 2011-04-17 15:00 some technology isnt hard. its just blocked by people sane enough not to do it. (contrary to nuclear power... will take some time to have people get that it was a stupid idea to begin with) 2011-04-17 15:00 if I would receive openid spam I would disable it, of course 2011-04-17 15:00 maybe i should do a openid wildcard bot and publish that... *veg* 2011-04-17 15:01 roh: so you say openid is so fundamentally and unfixable broken that we should just remove it? 2011-04-17 15:01 btw openid is not an opendoor to spam if you consider the _first_ time it is acepted you need to fill some data that tells who are you 2011-04-17 15:01 wolfspraul: as far as i understood the concept, yes. 2011-04-17 15:01 and it will never catch on either, whether for technical or commercial reasons 2011-04-17 15:02 it's already clear to me that it is close to anonymous 2011-04-17 15:02 i dont know anybody who seriously uses it. 2011-04-17 15:02 me neither :-) 2011-04-17 15:02 yeah :( 2011-04-17 15:02 i have been asked many times, but mostly by people annoyed that 'the internet is not facebook' and doesnt do single sign on. 2011-04-17 15:02 it may not even have a concept of blacklists/revokations or so, right? 2011-04-17 15:03 if you want a proper solution, use client based certificates. 2011-04-17 15:03 openid uses a third party for auth also 2011-04-17 15:03 then you could just make the client auth by its cert. 2011-04-17 15:03 yes but it's trivial to setup all these servers, since it's a distributed system 2011-04-17 15:03 so like roh said, it may just be a techie way of security by obscurity 2011-04-17 15:03 but x509 sucks even more in reality, so nearly nobody uses that (also browser cert handling sucks) 2011-04-17 15:03 ;-) 2011-04-17 15:04 looks nice at the surface, but once you attack it programmatically it comes down 2011-04-17 15:04 maybe a login system that ties back into pgp keys would be better? 2011-04-17 15:04 roh: no more logins then? ;-) 2011-04-17 15:04 kristianpaul: well.. 'show your cert' 2011-04-17 15:05 but that wouldnt fix anything. then people wouldnt forget passwords, but loose certificates or fitting keys or passphrases 2011-04-17 15:05 thus i stay with username/password and extra accounts for all. the browser remembers them anyhow 2011-04-17 15:05 wel, we are humans afetr all :-) 2011-04-17 15:06 roh: do you suggest removing openid login support on the qi wiki? 2011-04-17 15:06 also easier to re-roll if there was an issue. and its explainable to non-tech-humans 2011-04-17 15:06 wolfspraul: i dont see a reason to use it. (has anybody ever used it?) 2011-04-17 15:06 need to run.. bbl 2011-04-17 15:07 try to use openid but i got rejected most of the time... 2011-04-17 15:07 i guess my server is not part of a ring of trust, and i dunno what to do to achieve that 2011-04-17 15:07 roh: no it is and always was broken 2011-04-17 15:08 to control stop spam by openid, is acepatable to do a first time account creation, so you ensure that the accound is owned by a human.. 2011-04-17 15:08 so well openid, not so open.. you need  a trust-ring after all.. 2011-04-17 15:09 roh: I just removed it. problem solved :-) 2011-04-17 15:09 :D 2011-04-17 15:10 a non-working feature is worse than not having it at all 2011-04-17 15:10 thanks for your feedback! 2011-04-17 15:53 roh: afaik openid only says "this is the same person as before", it doesn't say anything about the trustworthyness of that person 2011-04-17 15:55 mth: still the 'server' is not under the controll of the service you access. so it doesnt say anything about trust 2011-04-17 15:56 means: it doesnt matter what the server says. why should one trust it in the first place? 2011-04-17 16:05 the service doesn't have to trust the auth server, as long as the user does 2011-04-17 16:06 with a username/password scheme, on account creation the service has no reason to trust the user either 2011-04-17 16:08 from that point on, it's up to the user to only share his password with people he trusts 2011-04-17 16:08 ideally, that is only himself 2011-04-17 16:10 but knowing the password does not mean the service can trust the user, only that the person doing the login is trusted by the person who created the account 2011-04-17 16:11 for example, on projects.qi-hardware.com, the point at which a user is trusted by the service is when that user is added as a member of a project by an admin, not the moment of account creation 2011-04-17 16:13 doesnt change the default assumption. that the auth server doesnt lie 2011-04-17 16:13 lie about what? 2011-04-17 16:14 that the user is indeed the user. 2011-04-17 16:14 but "the user" is just a URL on the auth server, isn't it? 2011-04-17 16:14 since its usually not in the users control (see blogs, masshosters...) 2011-04-17 16:15 so it's only a matter of the auth server being consistent in its responses 2011-04-17 16:15 mth: and the user needs to trust it not to leak informations as well as to work. 2011-04-17 16:15 its only adding 'another point of fail' 2011-04-17 16:15 it tries to solve a problem by adding another. thats plain and simple bad design. 2011-04-17 16:16 well.. its only one of the hypes which will die out again. 2011-04-17 16:16 implementation defects in the auth server are indeed a risk 2011-04-17 16:16 I think it's a scheme that works in theory but may or may not work in practice 2011-04-17 16:16 mth: and the issue that its 'yet another server to keep safe' 2011-04-17 16:17 simple math says that issues in security as well as reliability will be atleast statistically twice as much 2011-04-17 16:18 roh: at most ! ;-) if reliability is down to hell, you'll never make it even to the security holes :) 2011-04-17 16:18 enforcing ssl and a somehow sane pw should avoid most user handling as well as conveniece problems. in the end it doesnt matter where you log in by pressing ok on a form your browser prefilled. 2011-04-17 16:19 imo browsers should have a "generate password" option 2011-04-17 16:19 wpwrak: in real world reliability doesnt scale linear with the number of involved machines but inverse exponential ;) 2011-04-17 16:19 since more routers, etc are involved 2011-04-17 16:19 mth: yes. 2011-04-17 16:20 and no certificates installed by default. emtpy trust chain. 2011-04-17 16:20 then add something like certificate patrol by default. 2011-04-17 16:21 means you would have to add every site once and then never again. and gain higher security. 2011-04-17 16:22 of course that would completely bust the air-selling-business of verisign ;) 2011-04-17 16:23 ah.. and for even higher security you need some 3rd party validation anyhow.. means you bank will (and some even do already) print their certificate fingerprint on the paperwork 2011-04-17 16:23 the dialogs how to compare them etc would need to be improved also of course... current x509 userinterfaces suck big time 2011-04-17 16:26 bbl 2011-04-17 16:28 recent openssh has a nice ASCII art visualizing the server key fingerprint 2011-04-17 21:32 wolfgang i was able to edit Wiki by using regular account. thanks. 2011-04-17 22:21 wpwrak: your log analizer, sample in real time? 2011-04-17 22:21 i mean you dont have to sample n milli seconds then stop and analize.. 2011-04-17 22:24 well, is logic, so we need analize it later.. i see then reason for triggering here 2011-04-17 23:08 kristianpaul: err, you mean my USB decoder ? or the rigol scope ? or ... ? 2011-04-17 23:09 ah 2011-04-17 23:09 wpwrak: rigol (sorry if i wasnt clear) 2011-04-17 23:10 kristianpaul: in the rigol, it's like the analog system - you need some trigger (can be auto-trigger, of course) 2011-04-17 23:11 kristianpaul: it can also trigger on patterns, etc. what it can't do is trigger on decoded protocols (well, unless that would be equivalent to pattern). that would be yet another thing one could do with an fpga :) 2011-04-17 23:22 kristianpaul: (for expensive scopes, you can buy extensions that give you SPI/I2C/CAN/etc. triggers. it's funny to consider that, if you had access to the susyems) 2011-04-17 23:24 brr ... system's sources, you could implement all this in roughly the same time that the cost of one license would pay for in terms of work hours :) 2011-04-17 23:27 ;-) 2011-04-17 23:28 of course, not that i'm going to buy one, just survering from you the expensive/fancy features :-)