<whitequark>
wpwrak: thanks for the article. for my ultrasonic bath, I think that 35W is the input power; the output power will be much lower due to various losses
<whitequark>
and, after all, it will be around 15W/l. talking about the frequency, it emits loud clicks when working. that very well may be the audible side-effects of sweeping
<whitequark>
C-Keen: so I've etched that brass yesterday
<whitequark>
it's just like etching copper
<whitequark>
almost no differences
<qwebirc95244>
(/nick Fusin
<Fusin>
without '(' is better I believe ;)
<Fusin>
Ben Nano is up and running
<Fusin>
now 'testphase' ...
<Fusin>
.
<C-Keen>
whitequark: did it go well?
<whitequark>
C-Keen: yeah
<whitequark>
no problem. I now have a smiley =) of brass
<whitequark>
I wonder if 0.05 mm sheets I have are thick enough for solder paste mask
<whitequark>
is trying to debug I2C communication with Soviet analog 1-channel scope "C1-68"
<whitequark>
68 is the year, I think
<C-Keen>
whitequark: nice :)
<whitequark>
is trying ammonium persulphate now
<whitequark>
the solution slowly becomes light-blue in the process
<whitequark>
and it is relatively non-smelly compared to FeCl3
<whitequark>
it just emits ammonia and sulphur dioxide...
<rjeffries>
wolfgang for some reason my openID credentials are rejected. Is there a way to overcome that so I can do a little editing of the wiki?
<wolfspraul>
openid login is broken
<wolfspraul>
the way to overcome it is to do anonymous edit and pass the math captcha, or to create an account
<wolfspraul>
there was some problem upstream with openid login, so I will just wait and hope one day the problem will go away in an update
<wolfspraul>
most important: thanks for considering to help with the wiki!
<roh>
openid itself is a really fucked up concept.
<roh>
nothing which could fix it.
<wolfspraul>
better than creating accounts everywhere I think
<kristianpaul>
i agree with roh
<kristianpaul>
indeti.ca stop acepting my own openid some weeks ago :(
<roh>
wolfspraul: nope.
<wolfspraul>
what's better?
<roh>
wolfspraul: if you allow openid you can by default allow anonymous edits. same level of trust
<kristianpaul>
Foaf-ssl is nice, but not wider deployed yet i think
<wolfspraul>
roh: of course
<roh>
you 'trust' somebody you dont know to name a 3rd party for you to ask to verify credentials.... ehh.. WTF?
<wolfspraul>
anonymous edits are of course allowed as well (just with math captcha)
<wolfspraul>
yes sure
<wolfspraul>
it's a spam filter
<wolfspraul>
I never thought about it as being more. Also it can reduce the number of accounts people have to have everywhere.
<roh>
so the first thing i would do as spammer would be setting up a openid server allowing me to spam you all. (if it dit not happen it will. i promise)
<roh>
wolfspraul: openid ALLOWS spam. not removes them.
<roh>
it even allows automated bot spamming (contrary to captchas and account creation, which one can tarpit by heuristics (e.g. >10 accounts in $timeframe form same ip.. etc)
<wolfspraul>
roh: ok reading :-) Maybe the way to fix the broken openid login is to remove the broken plugin.
<wolfspraul>
I think in real life, it would still function as a spam filter today, but maybe you are right and that's only because it never caught on.
<roh>
wolfspraul: my guess is that everybody able to fix the plugin doesnt do for the same reasons i would never write one ;)
<wolfspraul>
I just look at it very pragmatically as a way to avoid local account creation everywhere.
<roh>
some technology isnt hard. its just blocked by people sane enough not to do it. (contrary to nuclear power... will take some time to have people get that it was a stupid idea to begin with)
<wolfspraul>
if I would receive openid spam I would disable it, of course
<roh>
maybe i should do a openid wildcard bot and publish that... *veg*
<wolfspraul>
roh: so you say openid is so fundamentally and unfixable broken that we should just remove it?
<kristianpaul>
btw openid is not an opendoor to spam if you consider the _first_ time it is acepted you need to fill some data that tells who are you
<roh>
wolfspraul: as far as i understood the concept, yes.
<wolfspraul>
and it will never catch on either, whether for technical or commercial reasons
<wolfspraul>
it's already clear to me that it is close to anonymous
<roh>
i dont know anybody who seriously uses it.
<wolfspraul>
me neither :-)
<kristianpaul>
yeah :(
<roh>
i have been asked many times, but mostly by people annoyed that 'the internet is not facebook' and doesnt do single sign on.
<wolfspraul>
it may not even have a concept of blacklists/revokations or so, right?
<roh>
if you want a proper solution, use client based certificates.
<kristianpaul>
openid uses a third party for auth also
<roh>
then you could just make the client auth by its cert.
<wolfspraul>
yes but it's trivial to setup all these servers, since it's a distributed system
<wolfspraul>
so like roh said, it may just be a techie way of security by obscurity
<roh>
but x509 sucks even more in reality, so nearly nobody uses that (also browser cert handling sucks)
<kristianpaul>
;-)
<wolfspraul>
looks nice at the surface, but once you attack it programmatically it comes down
<wolfspraul>
maybe a login system that ties back into pgp keys would be better?
<kristianpaul>
roh: no more logins then? ;-)
<roh>
kristianpaul: well.. 'show your cert'
<roh>
but that wouldnt fix anything. then people wouldnt forget passwords, but loose certificates or fitting keys or passphrases
<roh>
thus i stay with username/password and extra accounts for all. the browser remembers them anyhow
<kristianpaul>
wel, we are humans afetr all :-)
<wolfspraul>
roh: do you suggest removing openid login support on the qi wiki?
<roh>
also easier to re-roll if there was an issue. and its explainable to non-tech-humans
<roh>
wolfspraul: i dont see a reason to use it. (has anybody ever used it?)
<roh>
need to run.. bbl
<kristianpaul>
try to use openid but i got rejected most of the time...
<kristianpaul>
i guess my server is not part of a ring of trust, and i dunno what to do to achieve that
<wolfspraul>
roh: no it is and always was broken
<kristianpaul>
to control stop spam by openid, is acepatable to do a first time account creation, so you ensure that the accound is owned by a human..
<kristianpaul>
so well openid, not so open.. you need  a trust-ring after all..
<wolfspraul>
roh: I just removed it. problem solved :-)
<kristianpaul>
:D
<wolfspraul>
a non-working feature is worse than not having it at all
<wolfspraul>
thanks for your feedback!
<mth>
roh: afaik openid only says "this is the same person as before", it doesn't say anything about the trustworthyness of that person
<roh>
mth: still the 'server' is not under the controll of the service you access. so it doesnt say anything about trust
<roh>
means: it doesnt matter what the server says. why should one trust it in the first place?
<mth>
the service doesn't have to trust the auth server, as long as the user does
<mth>
with a username/password scheme, on account creation the service has no reason to trust the user either
<mth>
from that point on, it's up to the user to only share his password with people he trusts
<mth>
ideally, that is only himself
<mth>
but knowing the password does not mean the service can trust the user, only that the person doing the login is trusted by the person who created the account
<mth>
for example, on projects.qi-hardware.com, the point at which a user is trusted by the service is when that user is added as a member of a project by an admin, not the moment of account creation
<roh>
doesnt change the default assumption. that the auth server doesnt lie
<mth>
lie about what?
<roh>
that the user is indeed the user.
<mth>
but "the user" is just a URL on the auth server, isn't it?
<roh>
since its usually not in the users control (see blogs, masshosters...)
<mth>
so it's only a matter of the auth server being consistent in its responses
<roh>
mth: and the user needs to trust it not to leak informations as well as to work.
<roh>
its only adding 'another point of fail'
<roh>
it tries to solve a problem by adding another. thats plain and simple bad design.
<roh>
well.. its only one of the hypes which will die out again.
<mth>
implementation defects in the auth server are indeed a risk
<mth>
I think it's a scheme that works in theory but may or may not work in practice
<roh>
mth: and the issue that its 'yet another server to keep safe'
<roh>
simple math says that issues in security as well as reliability will be atleast statistically twice as much
<wpwrak>
roh: at most ! ;-) if reliability is down to hell, you'll never make it even to the security holes :)
<roh>
enforcing ssl and a somehow sane pw should avoid most user handling as well as conveniece problems. in the end it doesnt matter where you log in by pressing ok on a form your browser prefilled.
<mth>
imo browsers should have a "generate password" option
<roh>
wpwrak: in real world reliability doesnt scale linear with the number of involved machines but inverse exponential ;)
<roh>
since more routers, etc are involved
<roh>
mth: yes.
<roh>
and no certificates installed by default. emtpy trust chain.
<roh>
then add something like certificate patrol by default.
<roh>
means you would have to add every site once and then never again. and gain higher security.
<roh>
of course that would completely bust the air-selling-business of verisign ;)
<roh>
ah.. and for even higher security you need some 3rd party validation anyhow.. means you bank will (and some even do already) print their certificate fingerprint on the paperwork
<roh>
the dialogs how to compare them etc would need to be improved also of course... current x509 userinterfaces suck big time
<roh>
bbl
<mth>
recent openssh has a nice ASCII art visualizing the server key fingerprint
<rjeffries>
wolfgang i was able to edit Wiki by using regular account. thanks.
<kristianpaul>
wpwrak: your log analizer, sample in real time?
<kristianpaul>
i mean you dont have to sample n milli seconds then stop and analize..
<kristianpaul>
well, is logic, so we need analize it later.. i see then reason for triggering here
<wpwrak>
kristianpaul: err, you mean my USB decoder ? or the rigol scope ? or ... ?
<kristianpaul>
ah
<kristianpaul>
wpwrak: rigol (sorry if i wasnt clear)
<wpwrak>
kristianpaul: in the rigol, it's like the analog system - you need some trigger (can be auto-trigger, of course)
<wpwrak>
kristianpaul: it can also trigger on patterns, etc. what it can't do is trigger on decoded protocols (well, unless that would be equivalent to pattern). that would be yet another thing one could do with an fpga :)
<wpwrak>
kristianpaul: (for expensive scopes, you can buy extensions that give you SPI/I2C/CAN/etc. triggers. it's funny to consider that, if you had access to the susyems)
<wpwrak>
brr ... system's sources, you could implement all this in roughly the same time that the cost of one license would pay for in terms of work hours :)
<kristianpaul>
;-)
<kristianpaul>
of course, not that i'm going to buy one, just survering from you the expensive/fancy features :-)