ChanServ changed the topic of #picolisp to: PicoLisp language | Channel Log: https://irclog.whitequark.org/picolisp/ | Check also http://www.picolisp.com for more information
xkapastel has quit [Quit: Connection closed for inactivity]
ubLIX has quit [Quit: ubLIX]
orivej_ has quit [Ping timeout: 246 seconds]
_whitelogger has joined #picolisp
<tankf33der> morning
<tankf33der> i did math “silly” tests against python3, all passed
<tankf33der> + - * / ** >> <<
<tankf33der> hugemath touched too.
<Regenaxer> Great to hear that tankf33der!
rob_w has joined #picolisp
orivej has joined #picolisp
<tankf33der> ^^^ and ersatz too
<Regenaxer> Good
<Regenaxer> All are very different implementations
<tankf33der> passed.
<tankf33der> the same Regenaxer's experience in root.
<beneroth> yeah a great idea for a test
<Regenaxer> Well, in ersatz it just uses Java Bignums
<Regenaxer> But pil32 and pil64 are different, as in C there is no carry flag, so it is emulated with comparisons
<Regenaxer> Python probably is in C too, so it will do some thing similar
<Regenaxer> something similar, not "some thing" ;)
aw- has joined #picolisp
<Regenaxer> beneroth, I now did a "certbot renew --standalone --dry-run" on all three machines, and it always said "http-01 challenge for <domain>". As I understand, it is all right then (?)
<Regenaxer> Why the mail then?
<Regenaxer> All very confusing
<beneroth> Regenaxer, yeah, http-01 is alright
<Nistur> mornin'
<Regenaxer> I wonder how to find out whether it uses "TLS-SNI-01 validation"
<Regenaxer> Hi Nistur
<Nistur> o7
<beneroth> yeah well I would expect them to only email when TLS-SNI-01 was used to do a validation - therefore I didn't get an email... but maybe they just mixed stuff up
<Regenaxer> The stuff on https://community.letsencrypt.org/c/help is also not helpful
<Regenaxer> They messed up a lot
<beneroth> I would expect TLS-SNI-01 to be involved whenever you do the validation via HTTPS
<Regenaxer> hmm
<beneroth> well good that they're only securing all our communications, eh? :D
<Regenaxer> "secure" in the sense of "obscure"? ;)
<Regenaxer> The first thing was that they did not tell the domain in the mail, as many complain at the help page
<beneroth> obscure is not considered secure.. argh. people never know it! (yeah you do)
<beneroth> so you're not the only one? good
<Regenaxer> There they promise to send a new one, but nothing happened yet
<Regenaxer> And on that help page I find only questions but no answers it seems
<beneroth> btw... morning Nistur ! :)
<Nistur> :)
<Nistur> Anyone want to give me a job? :P
<beneroth> are you not in the mailing list?
<beneroth> aw- has some picolisp work to do :)
<Nistur> I am, and I was mostly joking :P
<beneroth> Nistur, you're just frustrated about your current job, or something happened?
<Nistur> as of Friday, I have no current job :P
<beneroth> according to your plans? or something screwed up?
<Nistur> project got cancelled
<beneroth> btw. work never ends. there is always enough work. payment is the fcking problem.
<beneroth> oha
<beneroth> and your project? funding?
<Nistur> the issue was that the game I was working on had already been in development for ~2 years (albeit most of that time with another team) and it was going to cost too much to finish (because the previous team made a BIG mess)... on top of that it was a tie in with the MGM TV show Vikings, which MGM cancelled a week ago
<beneroth> I see
<beneroth> project death march
<beneroth> my condolences
<Nistur> ah it's ok. It's a shame that the project is dead, it was actually getting somewhere and looking pretty good but these things happen
<Nistur> and I have a months notice, or rather, a month pay in lieu of notice
<Nistur> I also actually have contacts in almost every game studio in the area, it seems :P
<beneroth> honestly I don't think you manage to be jobless for a longer while :P
<beneroth> question is maybe if you like to continue in the same industry, with the same chances and risks in the new job. is this a question for you?
<Nistur> I think the only thing that can tempt me away from games is VR right now :P
<beneroth> ok, stay with games. VR will be vaporware for another 10 years or so, I believe
<Nistur> difficult to make money in it right now, but not vapourware.
<beneroth> well is there anything beside some hipster hype mini-products which vanish quickly again, very niche game community (I believe?), and military test/training applications (which would probably be unethical to help with) ?
<beneroth> I'm not following the scene closely, so correct my views :)
<Nistur> Jaguar Land Rover (very local to me) are apparently using it to design their cars, supplementing the traditional clay models, and also setting up showroom demos of the cars
<beneroth> is it real practical stuff or just marketing gag which I would put into the "hispter hype mini-products which vanish quickly again" ? I mean like they do blockchain etc....
<Nistur> I applied for a job with them last year, but their recruitment process took toooooooo long, I'd already been looking for a job by then for 3 months
<beneroth> sure there might be good money to be made from this, while it lasts
<Nistur> I had turned a bunch down :P Nothing really suited
<Nistur> Hmmm, the design and testing side of things I think is practical
<Nistur> the showroom demos, I think the headsets may still be a little too bulky... mobile VR might be the solution, but they don't have positional tracking, at least not particularly well done, so is not really usable either
<Nistur> you really want something with the fidelity of the HTC Vive, but that is NOT really mass market friendly, it's heavy, it's big, and the cable is awkward
<beneroth> yeah that is my understanding of VR: 1) bulky technology. needs to be smaller and more powerful 2) motion sickness problems, kinda blocking mass market gaming adoption
<Nistur> the motion sickness stuff is definitely not a solved problem at this point, but it IS greatly improved now. People know what can be done, what cannot, and what smoke and mirrors work best
<Nistur> it is at a point where most people can get comfortable with it, if the software is done sensibly, pretty quickly
orivej has quit [Ping timeout: 244 seconds]
<beneroth> your last sentence sounds like "we can make websites secure, if the software is done sensibly" :P
<Nistur> well, yeah. It is dependant on the software developers, and not a hardware limitation
<Nistur> some devs are good at it, some are bad
<beneroth> so I keep my believe that VR is still in R&D stage without being really ready for market. Thanks for the updates!
<beneroth> Nistur, I wish you the best of success with finding a new job. I'm sure you find something awesome!
<Nistur> yeah, I have a bunch of leads. It should be ok
<Regenaxer> I'm still totally confused: (1) I got the mail telling me that I'm using TLS-SNI-01 validation (though the logs say I use http-01 challenge),
<Regenaxer> and (2) the help pages say I *need* at least 0.28.0 (which I have only on one machine, despite it works on all)
<Regenaxer> I have Debian stable and cerbot 0.10.2 on the other machines
<beneroth> yeah I agree the email and the heise article sounded like certbot below 0.28.0 would not work anymore after the deadline in february
<Regenaxer> right
<Regenaxer> I don't want to risk that they stop working then
<Regenaxer> Has it to do with me using --standalone perhaps?
<Regenaxer> beneroth, which version of certbot do you have?
<Regenaxer> t
<beneroth> none. I don't have any server with certbot on it, I use getssl everyhwere. I thought I installed certbot somewhere, but I cannot find it. I suspect it was a (already defunct) client server I installed it on.
<Regenaxer> I see
<beneroth> Regenaxer, probably, yeah. standalone = not multiple vhosts on a single machine = no use for SNI.
<Regenaxer> So that mail was stupid
<Regenaxer> They perhaps just checked the certbot version
<Regenaxer> What exactly is SNI?
<tankf33der> maybe this help ?
<Regenaxer> Thanks!
<Regenaxer> So the mail from Let's Encrypt saying "Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days" was totally wrong?
<tankf33der> i never use lets encrypt, all this unknown to me.
<Regenaxer> :)
orivej has joined #picolisp
<beneroth> Regenaxer, SNI is protocol for client when interacting with an HTTPS server with multiple hosts on it (host header in http) to tell the server which host the client wants to speak with, to then get the related cert from the server, as the host header within http is coming later when the TLS connection is already established
<beneroth> before SNI, you were required to have a single IP for the HTTPS website
<Regenaxer> OK, thanks
<tankf33der> T
<Regenaxer> Still that mail worries me. Makes Let's Encrypt look very untrustable
<beneroth> enables a nice trick, most servers used to not check if the client names the same host in SNI and HTTP, Signal messenger (which uses google infrastructure) used that to make in SNI connection with google.com, and then within TLS it switched to its real host (which was also server by the same IP/server)
<beneroth> that way the traffic looked to surveillance/censor like going to google.com, while it indeed was signal chat messenger traffic.
<beneroth> I think TOR had a similar trick.
<beneroth> but apparently amazon and google adapted their server to check for this, because they didn't like it.
<beneroth> Regenaxer, "Renewals will continue to work with TLS-SNI" (according to the link from tankf33der).. so WTF why the panic
<Regenaxer> yes, this is confusing too
<beneroth> they should reserve sending panic emails for real issues. this way nobody will react when they have a real issue which requires immediate action.
<beneroth> btw I still haven't got a single email for that topic :) despite having multiple domains registered myself and many client domains which are registered on an email address of mine.
<Regenaxer> hmm
<beneroth> Regenaxer, maybe you once registered a cert using SNI, and thats why you ended in the email list?
<beneroth> or they're really sloppy.
<Regenaxer> I don't think so, always used the same procedure iirc
<Regenaxer> Always a single call "certbot certonly --standalone -d <domain>"
<beneroth> stop worrying
<Regenaxer> ok :)
<beneroth> you moved away from domain factory yet? :P
<Regenaxer> Not yet
<Regenaxer> In 2017 I moved once to Server4you for a few months, and then back to DomainFactory ;)
<Regenaxer> Server4you belongs to Host Europe G
<Regenaxer> GmbH
<beneroth> DF now too, afaik
<Regenaxer> Not sure
<tankf33der> i've found cheap vps last week
<tankf33der> afk.
<Regenaxer> ok
<beneroth> DF belongs Host Europe, and Host Europe belongs GoDaddy (USA) since April 2017
<beneroth> tankf33der, thats really cheap
<beneroth> even ARM hosting, wohooo!
<tankf33der> baremetal server cheapest ever.
<beneroth> based in France, hm, thats even somewhat acceptable from a privacy law viewpoint.
<Regenaxer> T
<tankf33der> i would like sysop some server to hosting friends but all this expensive for me as toy.
<Regenaxer> Server4you was also pretty cheap, but unreliable
aw- has quit [Quit: Leaving.]
<beneroth> tankf33der, thanks for the pointer to scaleway! I'll probably use them in the near future. maybe not for core hosting but email infrastructure and DNS and similar things which it is good to have distributed a bit
<beneroth> tankf33der, OpenSSL 1.1.1 was audited, no major issue found: https://ostif.org/the-ostif-and-quarkslab-audit-of-openssl-is-complete/
<tankf33der> beneroth: sounds good
<beneroth> but 7zp encryption appears to be catastrophic, they use AES256 but apparently with horrible implementation mistakes: https://twitter.com/3lbios/status/1087848040583626753
<Regenaxer> uh
<beneroth> yep I recommended 7zip encryption in the past. :(
<tankf33der> if i want encryption i would implement it myself with monocypher (argon2+lockbox and so on).
<tankf33der> like here
<tankf33der> where private key protected by password.
<Regenaxer> +1
<beneroth> +1
xkapastel has joined #picolisp
<rick42> tankf33der: very nice! is this a pil implementation of openbsd's signify? (sorry, not an expert in this field, so I couldn't tell.)
<rick42> oh i forgot: hi tankf33der, beneroth, Regenaxer! :)
<Regenaxer> He rick42! :)
<tankf33der> rick42: yes, the same thing, not compatible
<tankf33der> there are a lot of impelemntation around ed25519 core functions.
<rick42> sweet!
rob_w has quit [Quit: Leaving]
_whitelogger has joined #picolisp
orivej has quit [Ping timeout: 268 seconds]
orivej has joined #picolisp
ubLIX has joined #picolisp
alexshendi has joined #picolisp
alexshendi has quit [Read error: Connection reset by peer]
alexshendi has joined #picolisp
<tankf33der> simple patch for test/src/sym.l
razzy has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #picolisp