00:00:01
| * ircretary | quit (Remote host closed the connection) |
00:00:09
| * ircretary | joined |
00:03:05
| * phated | quit (Read error: Connection reset by peer) |
00:03:26
| * phated | joined |
00:18:32
| * thlorenz | quit (Remote host closed the connection) |
00:31:51
| * thlorenz | joined |
00:34:08
| * thlorenz | quit (Remote host closed the connection) |
00:54:09
| * domanic_ | joined |
00:54:34
| * brianloveswords | quit (Quit: Computer has gone to sleep.) |
00:58:05
| * domanic | quit (Ping timeout: 264 seconds) |
01:00:20
| * phated | quit (Remote host closed the connection) |
01:00:58
| * phated | joined |
01:05:33
| * phated | quit (Ping timeout: 258 seconds) |
01:06:17
| * defunctzombie_zz | changed nick to defunctzombie |
01:08:53
| * domanic_ | quit (Ping timeout: 264 seconds) |
01:10:26
| <defunctzombie> | kumavis: this is why iframe signin is insecure and no one does it with iframes |
01:10:35
| <defunctzombie> | you have to use a new window for that sort of thing |
01:11:10
| <kumavis> | Yeah I was suspicious when I realized no one seems to do it : ) |
01:11:39
| <kumavis> | im curious about the double iframe though --- do iframes have an origin of their src ? |
01:12:55
| * contrahax | quit (Quit: Sleeping) |
01:13:04
| * domanic_ | joined |
01:13:41
| <defunctzombie> | there are headers you can set to prevent an page from being inserted as an iframe |
01:16:59
| <kumavis> | right i understand that |
01:17:44
| <kumavis> | so lets say i disallow embedding in my app except for one page example.com/embed |
01:18:28
| <kumavis> | /embed has a sandboxed iframe that points to some entrypoint for my app |
01:19:20
| <kumavis> | so the 3rd party can insecurely include an iframe pointing at my /embed wrapper, which then securely encases my app |
01:20:05
| <defunctzombie> | you cannot securely encase your app |
01:20:18
| <defunctzombie> | the problem is not the iframe, it is clickjacking on top of the iframe |
01:20:42
| <kumavis> | but that requires /embed 's iframe to claim its origin is example.com |
01:21:01
| * contrahax | joined |
01:21:14
| <kumavis> | can clickjacking extract the user's password? |
01:22:40
| <kumavis> | defunctzombie: im not sure what the risks / attack vectors are |
01:23:27
| <defunctzombie> | probably not for passwords, don't remember |
01:24:05
| <defunctzombie> | the danger is always that there is an invisible div on top of your iframe. and whatever someone can do with that |
01:24:42
| <joepie91_> | kumavis: some people *do* actually do iframe sign-in, but typically only with sign-in scenarios where both auth server and end user service are under their own control |
01:25:10
| <kumavis> | in this case it would be with whitelisted 3rd parties |
01:25:41
| <kumavis> | but money is involved, so its a desirable target |
01:26:11
| <joepie91_> | kumavis: "money is involved" in what sense? |
01:26:26
| <kumavis> | its a crypto asset exchange |
01:26:43
| <joepie91_> | kumavis: okay, quick competency test, just to make sure |
01:26:48
| <joepie91_> | if I say floating point, you say...? |
01:27:15
| <joepie91_> | (I'll explain in a moment) |
01:27:34
| <kumavis> | jittery frustum when wandering in 3d worlds far from the origin |
01:27:48
| <kumavis> | er i mean rounding error |
01:28:13
| <defunctzombie> | if money is involved avoid iframe |
01:28:35
| <joepie91_> | kumavis: okay, so you are using integer(-like) types everywhere? :) |
01:29:20
| <kumavis> | im not in charge of the backend, but ill prod them about it |
01:29:34
| <joepie91_> | alright, make sure please, far too many exchanges have failed on this in the past :P |
01:29:35
| <joepie91_> | anyway |
01:29:43
| <joepie91_> | to continue; avoid using iframes for anything, really |
01:30:21
| <joepie91_> | aside from headers disallowing iframing your pages, you'll likely also want to add some "break-out" JS to deal with older browsers that don't understand the headers |
01:30:34
| <joepie91_> | as for SSO... be very, very careful with it |
01:30:48
| <joepie91_> | it's easy to get wrong, like most security/crypto stuff |
01:30:57
| <joepie91_> | preferably use an existing, well-tested solution, even if it seems clunky |
01:31:18
| <joepie91_> | the ideal option would be to avoid SSO altogether, but I'm not sure exactly what functionality you're trying to build, so that may not be an option |
01:31:59
| <joepie91_> | even if you trust your third parties, you still don't have full access to their systems, so you can't verify that they don't have the appropriate security controls in place to prevent somebody from compromising their systems |
01:32:09
| <joepie91_> | so for all practical purposes, they're to be considered untrusted entities |
01:33:02
| <joepie91_> | I think there was actually an example of clickjacking that used a bank as an example... |
01:33:55
| <kumavis> | so if a 3rd party is breached and someone puts login and password inputs over mine, the user would be breached.. but if we handled sign-on out of band (another window), would it be possible to safely provide some functional widget via double iframes? |
01:34:14
| <kumavis> | i agree about considering the 3rd parties as untrusted |
01:34:28
| <joepie91_> | basically, just don't bother with iframes at all |
01:34:36
| <joepie91_> | they're handled in wildly different manners by different browsers |
01:34:47
| <joepie91_> | there's too much risk that you overlook some kind of edge case and end up being vulnerable |
01:34:53
| <joepie91_> | and as you said, money's involved, it's a desirable target |
01:34:58
| <kumavis> | yeah |
01:35:26
| <joepie91_> | oh, kumavis, related: please make sure that there's CSRF protections in place :) |
01:35:35
| <joepie91_> | commonly forgotten |
01:35:40
| <kumavis> | yep |
01:35:48
| <joepie91_> | also, what language is the backend in? |
01:36:01
| <kumavis> | its a rails project |
01:36:02
| <joepie91_> | (might as well go all the way) |
01:36:09
| <joepie91_> | ah, I'm not familiar with the Ruby ecosystem |
01:36:17
| <joepie91_> | do the DB libraries use parameterized APIs by default? |
01:36:24
| <joepie91_> | or mysql_ like escaping crap? |
01:37:18
| <defunctzombie> | kumavis: still in stealth mode? |
01:37:44
| <kumavis> | nah we're launched, its just small melotic.com |
01:38:03
| * joepie91_ | goes look |
01:38:37
| <kumavis> | joepie91_: good questions, i'm not really familiar with rails or our backend enough to speak to it |
01:38:46
| <kumavis> | im part timing the front end |
01:38:51
| <joepie91_> | hm |
01:38:54
| <joepie91_> | kumavis: a few comments |
01:39:06
| <joepie91_> | 1) the API page refers to "Nonce" on the Chinese wikipedia |
01:39:09
| <kumavis> | and was asked to look into embedding stuff in partners pages |
01:39:12
| <joepie91_> | should probably be the English one, for English docs :) |
01:39:35
| <joepie91_> | 2) it recommends using a timestamp as the nonce... depending on your implementation, that may not be a good idea |
01:40:04
| <joepie91_> | (what happens on multiple requests within the same second, when your platform of choice provides timestamps with a 1-second resolution?) |
01:41:32
| <joepie91_> | hrm. access_key == secret? |
01:41:36
| <joepie91_> | or are those two different things |
01:42:01
| <kumavis> | well it would fail if you're not providing a "A constantly increasing number," as is stated as required. We could add a note I suppose. |
01:42:20
| <joepie91_> | API docs indicate that it's to be kept private, but doesn't indicate whether the access_key is the account identifier or the signing key |
01:42:35
| <joepie91_> | if it's the latter, then you definitely shouldn't be encoding it into the request :P |
01:42:52
| <joepie91_> | right, yeah - these kind of edgecases are not what an average dev is going to think about |
01:43:08
| <joepie91_> | they'll just go 'well, they recommended using a timestamp', use the first timestamp they can find, and then wonder after a week why they're getting API errors |
01:43:28
| * phated | joined |
01:43:36
| <kumavis> | im curious what the error message looks like |
01:44:23
| * joepie91_ | continues trying to poke holes |
01:44:31
| * thlorenz | joined |
01:44:40
| <kumavis> | yeah plz |
01:45:52
| * mmalecki | quit (Ping timeout: 255 seconds) |
01:46:02
| <joepie91_> | kumavis: hrm. I reloaded the login form twice, and both instances have the same authenticity_token (which I presume is the CSRF token) |
01:46:35
| <joepie91_> | the token also does not change after a form submission |
01:46:44
| <joepie91_> | that's probably not good :P |
01:47:16
| <joepie91_> | yeah, and the token is identical across forms |
01:47:21
| <joepie91_> | sign up and login have the same token |
01:47:46
| <joepie91_> | (I'm also wondering why it's in base64?) |
01:48:10
| <joepie91_> | (leads me to believe that the token may be generated from predictable source data, rather than being truly random... and it really should be random) |
01:48:37
| <joepie91_> | also, your captcha is very weak, you may want to consider replacing it with a reverse captcha instead |
01:49:40
| <joepie91_> | hrm. most API calls are correctly returning numeric values as strongs, but "Obtain Market Depth" does not appear to do so |
01:50:12
| <joepie91_> | "Get Deposit History" returns "confirms" as a number, while "Get My Withdrawal History" returns it as a string |
01:51:47
| <joepie91_> | mm, Incapsula... |
01:52:28
| <joepie91_> | kumavis: be aware that you are sending all your traffic through Incapsula in such a way that they can see its contents - if Incapsula were to be compromised, an attacker could theoretically intercept all your traffic as well |
01:52:34
| <joepie91_> | the same problem as with exchanges behind Cloudflare, really |
01:52:59
| <defunctzombie> | cloudflare has some new option where they don't store your cert |
01:53:07
| <defunctzombie> | I haven't looked into it but it seemed interesting |
01:54:33
| <joepie91_> | defunctzombie: SNI cert passthrough? |
01:54:42
| <joepie91_> | because I've been waiting for that for a while :) |
01:54:47
| <defunctzombie> | dunno what it is called, let me see |
01:55:09
| <joepie91_> | anyway, bit annoying, incapsula is keeping me from putting apostrophes in random places to see whether it uses parameterized queries :P |
01:55:42
| <joepie91_> | that's interesting... if you give a negative number to buy_depth, it will cut off the last X items |
01:55:50
| <joepie91_> | wonder if that's intended functionality.. :) |
01:56:04
| <defunctzombie> | http://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/ |
01:57:17
| * joepie91_ | dicks with parameters |
01:58:59
| <joepie91_> | kumavis: found you a problem: https://www.melotic.com/api/markets/ltc-btc/buy_depth?count=1e25 |
01:59:06
| <joepie91_> | it's 500ing :) |
01:59:15
| <joepie91_> | rather than returning a JSON error |
01:59:27
| <joepie91_> | probably just a "number too big" or whatever, but hey |
01:59:57
| * pelletier | joined |
02:02:28
| <joepie91_> | kumavis: also, may I suggest having the API return a 503 for "server too busy" rather than 500? 500 is only meant as generic server error fallback |
02:02:48
| <joepie91_> | and in this particular case, it makes it hard to distinguish between "server is too busy" and "you triggered an edgecase that is currently broken but shouldn't be" |
02:03:43
| <kumavis> | yeah thats legit |
02:03:53
| <joepie91_> | kumavis: okay, that's all issues I've run across without registering an account, I think |
02:04:02
| <joepie91_> | footnote: I'm not a professional (security) auditor :P |
02:04:35
| <kumavis> | i claim imposter syndrome |
02:07:23
| <kumavis> | I'll pass this on, do you want to share some contact info in case peeps are a fan of your auditing |
02:07:44
| <joepie91_> | so, tl;dr: 1) Nonce link on English version of site should reference English Wikipedia, 2) It shouldn't advise timestamp or only do so with caveats clearly mentioned, 3) captcha needs to be improved, possibly including a reverse captcha, 4) API key needs to be clarified - is an "access_key" the user ID or the signing key? 5) there should be unique CSRF auth keys for each form/pageload, and they DEFINITELY shouldn't be reused, 6) should |
02:07:46
| <joepie91_> | verify that the token is indeed really random and not derived from (guessable) data, 7) string/number return inconsistencies in API - should be "string everywhere", 8) Incapsula is a potential security issue as they can intercept all traffic, 9) double check whether negative 'count' params are a feature rather than a bug, because edgecases, 10) it does not handle large numbers correctly, 11) "too busy" should be 503, not 500 |
02:07:52
| <joepie91_> | consider that a free amateur audit report :D |
02:08:04
| <joepie91_> | kumavis: sure, [email protected] for email or [email protected] for XMPP |
02:08:43
| <joepie91_> | and nah, I'm really not a professional auditor, just a dev with a slight obsession for security :P |
02:09:43
| <kumavis> | as soon as someone pays you to do it you're professional |
02:09:46
| <joepie91_> | also, kumavis, for context; overall, it seems pretty solid |
02:09:51
| <kumavis> | yeey |
02:09:52
| <joepie91_> | definitely better than most stuff I run across |
02:10:01
| <joepie91_> | and well, I don't think I've ever done paid auditing :P |
02:10:07
| <joepie91_> | not money-paid, anyway |
02:10:12
| <joepie91_> | reputation-paid, perhaps... |
02:10:21
| <kumavis> | "will audit for food" |
02:12:12
| <joepie91_> | haha |
02:20:51
| * thealphanerd | joined |
02:25:40
| * domanic_ | quit (Ping timeout: 258 seconds) |
02:34:16
| <joepie91_> | kumavis: something I just remembered; do you have two-factor auth? |
02:34:26
| <joepie91_> | on melotic |
02:44:08
| * defunctzombie | changed nick to defunctzombie_zz |
02:53:33
| * dguttman | joined |
02:55:20
| <kumavis> | joepie91_: yes but i think its optional |
02:56:26
| <joepie91_> | kumavis: should probably make it very heavily encouraged :) assuming it's a somewhat platform-neutral method like SMS (so, not Google Authenticator or somesuch) |
03:05:58
| * thlorenz | quit (Remote host closed the connection) |
03:10:32
| * dguttman | quit (Quit: dguttman) |
03:17:07
| * dguttman | joined |
03:27:00
| * kid_icarus | joined |
04:11:08
| * michaelrhodes | joined |
04:11:25
| * contrahax | changed nick to _contrahax |
04:17:46
| * dguttman | quit (Quit: dguttman) |
04:31:52
| * fotoverite | quit (Quit: fotoverite) |
04:36:26
| * pfraze | quit (Quit: Leaving) |
04:54:29
| * thlorenz | joined |
04:59:17
| * thlorenz | quit (Ping timeout: 264 seconds) |
05:05:18
| * shama | quit (Remote host closed the connection) |
05:08:51
| * _contrahax | changed nick to contrahax |
05:22:15
| * contrahax | changed nick to _contrahax |
05:29:53
| * DamonOehlman | quit (Ping timeout: 264 seconds) |
05:37:59
| * kessler | quit (Remote host closed the connection) |
06:00:50
| * thealphanerd | quit (Quit: thealphanerd) |
06:01:18
| * thealphanerd | joined |
06:06:21
| * shama | joined |
06:10:09
| * stagas | joined |
06:10:42
| * shama | quit (Ping timeout: 245 seconds) |
06:19:20
| * knownasilya | quit (Quit: Connection closed for inactivity) |
06:28:26
| * feross_ | joined |
06:30:56
| * jjjohnny_ | joined |
06:30:57
| * ahdinosa1r | joined |
06:34:45
| * rwaldron_ | joined |
06:37:14
| * ircretary | quit (*.net *.split) |
06:37:15
| * rwaldron | quit (*.net *.split) |
06:37:15
| * feross | quit (*.net *.split) |
06:37:15
| * sh4l | quit (*.net *.split) |
06:37:15
| * ahdinosaur | quit (*.net *.split) |
06:37:15
| * jjjohnny | quit (*.net *.split) |
06:37:54
| * feross_ | changed nick to feross |
06:38:50
| * kessler | joined |
06:39:00
| * sh4l | joined |
06:43:16
| * kessler | quit (Ping timeout: 256 seconds) |
06:43:36
| * thlorenz | joined |
06:48:22
| * thlorenz | quit (Ping timeout: 256 seconds) |
07:06:55
| * shama | joined |
07:11:38
| * shama | quit (Ping timeout: 258 seconds) |
07:15:24
| * fotoverite | joined |
07:17:59
| * brianloveswords | joined |
07:28:34
| * brianloveswords | quit (Quit: Computer has gone to sleep.) |
07:29:37
| * Mso150_p | quit (Ping timeout: 240 seconds) |
07:32:17
| * peutetre | joined |
07:42:07
| * Mso150_p | joined |
07:42:51
| * peutetre | quit (Quit: peutetre) |
07:42:58
| * shama | joined |
07:48:16
| * shama | quit (Quit: (╯°□°)╯︵ɐɯɐɥs) |
07:53:02
| * thealphanerd | quit (Quit: thealphanerd) |
07:54:36
| * kessler | joined |
07:55:29
| * fotoverite | quit (Quit: fotoverite) |
07:59:10
| * kessler | quit (Ping timeout: 258 seconds) |
08:32:25
| * thlorenz | joined |
08:36:52
| * thlorenz | quit (Ping timeout: 244 seconds) |
08:56:30
| * thealphanerd | joined |
09:22:01
| * gorhgorh | joined |
09:28:06
| * gorhgorh | quit (Quit: gorhgorh) |
09:33:13
| * aulait | quit (Remote host closed the connection) |
09:36:33
| * kid_icarus | quit (Ping timeout: 272 seconds) |
09:40:34
| * aulait | joined |
09:43:23
| * kessler | joined |
09:47:47
| * kessler | quit (Ping timeout: 245 seconds) |
10:02:55
| * phated | quit (Remote host closed the connection) |
10:03:41
| * phated | joined |
10:21:19
| * thlorenz | joined |
10:26:02
| * thlorenz | quit (Ping timeout: 265 seconds) |
10:28:41
| * stagas | quit (Ping timeout: 264 seconds) |
10:48:37
| * Mso150_p | quit (Ping timeout: 240 seconds) |
10:59:07
| * kessler | joined |
11:01:31
| * oldskirt | joined |
11:03:56
| * kessler | quit (Ping timeout: 256 seconds) |
11:05:04
| * oldskirt_ | quit (Ping timeout: 256 seconds) |
11:41:17
| * domanic_ | joined |
11:42:04
| * peutetre | joined |
11:49:18
| * DamonOehlman | joined |
11:49:30
| * oldskirt_ | joined |
11:53:11
| * oldskirt | quit (Ping timeout: 252 seconds) |
11:53:49
| * DamonOehlman | quit (Ping timeout: 255 seconds) |
12:10:01
| * thlorenz | joined |
12:12:06
| * brianloveswords | joined |
12:14:17
| * thlorenz | quit (Ping timeout: 240 seconds) |
12:14:24
| * DamonOehlman | joined |
12:14:51
| * kessler | joined |
12:17:13
| * domanic_ | quit (Ping timeout: 255 seconds) |
12:19:27
| * kessler | quit (Ping timeout: 258 seconds) |
12:21:03
| * peutetre | quit (Ping timeout: 252 seconds) |
12:22:09
| * brianloveswords | quit (Quit: Computer has gone to sleep.) |
12:22:12
| * peutetre | joined |
12:22:27
| * mmalecki | joined |
12:24:49
| * DamonOehlman | quit (Ping timeout: 258 seconds) |
12:35:19
| * peutetre | quit (Quit: peutetre) |
12:39:16
| * gorhgorh | joined |
13:00:53
| * phated_ | joined |
13:03:55
| * phated | quit (Ping timeout: 258 seconds) |
13:15:37
| * kessler | joined |
13:19:56
| * kessler | quit (Ping timeout: 256 seconds) |
13:58:48
| * thlorenz | joined |
14:00:16
| * kessler | joined |
14:03:21
| * thlorenz | quit (Ping timeout: 252 seconds) |
14:08:37
| * kessler_ | joined |
14:09:07
| * kessler | quit (Read error: Connection reset by peer) |
14:20:57
| * kessler_ | quit (Read error: Connection reset by peer) |
14:20:59
| * kessler | joined |
14:21:05
| * stagas | joined |
14:34:31
| * kessler | quit (Ping timeout: 252 seconds) |
14:49:45
| * kessler | joined |
14:56:56
| * kessler | quit (Read error: Connection reset by peer) |
14:56:57
| * kessler_ | joined |
15:02:24
| * oldskirt | joined |
15:05:17
| * oldskirt_ | quit (Ping timeout: 240 seconds) |
15:07:51
| * kessler_ | quit (Read error: Connection reset by peer) |
15:08:11
| * kessler | joined |
15:09:12
| * kessler | quit (Read error: Connection reset by peer) |
15:09:46
| * kessler | joined |
15:14:00
| * pfraze | joined |
15:15:13
| * kessler | quit (Ping timeout: 244 seconds) |
15:15:20
| * kessler | joined |
15:27:00
| * kessler_ | joined |
15:29:48
| * brianloveswords | joined |
15:29:52
| * kessler | quit (Ping timeout: 245 seconds) |
15:30:18
| * domanic_ | joined |
15:30:21
| * fotoverite | joined |
15:38:49
| * _contrahax | quit (Ping timeout: 255 seconds) |
15:40:03
| * contrahax | joined |
15:42:01
| * peutetre | joined |
15:47:33
| * thlorenz | joined |
15:52:07
| * thlorenz | quit (Ping timeout: 272 seconds) |
15:56:46
| * kessler | joined |
15:58:57
| * kessler_ | quit (Ping timeout: 240 seconds) |
16:05:24
| <ogd> | "Unlike other package management systems such as NPM, NuGet and RubyGems, Go does not provide a centralized repository for Go packages. The Go package management system is designed to work with modern scenarios where developers share source through repositories hosted on Github." lolwut |
16:05:24
| <ogd> | http://thenewstack.io/a-closer-look-at-golang-from-an-architects-perspective/ |
16:12:06
| <domanic_> | ogd, github is a force of nature! |
16:12:53
| <domanic_> | data scientists first predicted the possibility of github back in the 50's |
16:13:09
| <domanic_> | but only recently was it's existance proven |
16:19:44
| * pfallenop | quit (Ping timeout: 250 seconds) |
16:20:47
| * pfallenop | joined |
16:32:43
| * thlorenz | joined |
16:34:57
| * thlorenz | quit (Remote host closed the connection) |
16:35:31
| * thlorenz | joined |
16:35:48
| * thlorenz | quit (Read error: Connection reset by peer) |
16:35:56
| * thlorenz | joined |
16:37:09
| * thlorenz | quit (Remote host closed the connection) |
16:37:56
| * kid_icarus | joined |
16:38:51
| * thlorenz | joined |
16:39:28
| * pili | joined |
16:41:07
| * thlorenz | quit (Remote host closed the connection) |
16:41:48
| * thlorenz | joined |
16:42:19
| * peutetre | quit (Quit: peutetre) |
16:46:12
| * thlorenz | quit (Remote host closed the connection) |
17:05:53
| * domanic_ | quit (Ping timeout: 240 seconds) |
17:13:50
| <jjjohnny_> | feross: u back in the big BA? |
17:38:28
| * thlorenz | joined |
17:42:04
| * kid_icarus | quit (Ping timeout: 250 seconds) |
17:43:28
| * stagas | quit (Read error: Connection reset by peer) |
17:45:23
| * stagas | joined |
18:05:42
| * kid_icarus | joined |
18:05:45
| * pili | quit (Ping timeout: 272 seconds) |
18:08:50
| <mikolalysenko_> | versions without immutable names don't work |
18:15:56
| * Mso150_p | joined |
18:24:29
| <jjjohnny_> | thats what hashes are for |
18:32:23
| * fotoverite | quit (Quit: fotoverite) |
18:34:34
| * reqshark | quit (Quit: Be back later ...) |
18:35:00
| * reqshark | joined |
18:35:12
| * thlorenz | quit |
18:36:32
| * thlorenz | joined |
18:42:09
| * mikolalysenko_ | quit (Ping timeout: 264 seconds) |
18:43:46
| * mikolalysenko_ | joined |
18:45:44
| * aulait | quit (Ping timeout: 264 seconds) |
18:45:44
| * jden_ | quit (Ping timeout: 264 seconds) |
18:45:58
| * jden_ | joined |
18:47:42
| * thlorenz_ | joined |
18:52:17
| * thlorenz_ | quit (Ping timeout: 240 seconds) |
18:53:48
| * gorhgorh_ | joined |
18:54:47
| * dguttman | joined |
18:56:35
| * gorhgorh | quit (Ping timeout: 256 seconds) |
18:56:35
| * gorhgorh_ | changed nick to gorhgorh |
18:57:09
| * stagas_ | joined |
19:00:16
| * dguttman | quit (Quit: dguttman) |
19:00:47
| * stagas | quit (Ping timeout: 265 seconds) |
19:00:57
| * stagas_ | changed nick to stagas |
19:12:29
| * kid_icarus | quit (Ping timeout: 264 seconds) |
19:22:14
| * fotoverite | joined |
19:30:25
| * aulait | joined |
19:59:26
| <jjjohnny_> | you guys could at least spam yr twitter feeds RTing me, so i dont do this in vain |
20:04:32
| * thealphanerd | quit (Quit: thealphanerd) |
20:12:34
| <jjjohnny_> | i mean if yr not gonna pipe out yr damn selfie |
20:12:46
| * jjjohnny_ | silencio |
20:19:51
| * yoshuawuyts | joined |
20:20:03
| * yoshuawuyts | quit (Client Quit) |
20:34:09
| * pfraze | quit (Quit: Leaving) |
20:39:25
| * Mso150_p_l | joined |
20:40:19
| * Mso150_p | quit (Ping timeout: 255 seconds) |
20:40:24
| * thlorenz | quit (Remote host closed the connection) |
20:41:47
| * anvaka_ | quit (Remote host closed the connection) |
20:43:27
| * anvaka | joined |
20:47:25
| * pfraze | joined |
21:02:21
| * ednapiranha | joined |
21:03:08
| * Mso150_p_l | quit (Ping timeout: 264 seconds) |
21:03:44
| * Mso150_p_l | joined |
21:13:34
| * ednapiranha | quit |
21:23:50
| * anvaka_ | joined |
21:23:53
| * anvaka | quit (Read error: Connection reset by peer) |
21:25:31
| <mikolalysenko_> | jjjohnny_: you can't upgrade a hash |
21:25:44
| <mikolalysenko_> | you can pin to a specific name with a hash, but you can't have versions with hashes |
21:26:02
| <mikolalysenko_> | basically you need a naming service if you want to have upgradeable versions for libraries |
21:27:09
| <mikolalysenko_> | on the other hand, if you reject the whole concept of versions/upgrades anyway, then maybe hashes will appeal to you |
21:41:30
| <feross> | jjjohnny_: what is BA? |
21:50:46
| <jjjohnny_> | Bay Area |
21:52:18
| * AvianPhone | joined |
22:00:28
| <ogd> | oh i thought it was buenos aires (where jsconfar is happening) |
22:01:03
| <jjjohnny_> | thats lil BA |
22:01:17
| <jjjohnny_> | this the big BA |
22:01:42
| <jjjohnny_> | ogd: you might appreciate this release right here |
22:01:45
| <jjjohnny_> | https://folkstack.bandcamp.com/album/intoreducing |
22:02:35
| <jjjohnny_> | two bass drums, mine and yours, make some awesome dual booting |
22:03:57
| <jjjohnny_> | also, your sessions will be released by "folk stack", as well as recordings by substack and others |
22:05:25
| <jjjohnny_> | thats me btw obv |
22:28:54
| * thlorenz | joined |
22:33:17
| * thlorenz | quit (Ping timeout: 240 seconds) |
22:54:59
| * contrahax | quit (Quit: Sleeping) |
22:58:00
| * anvaka_ | quit (Remote host closed the connection) |
23:04:25
| * anvaka | joined |
23:14:29
| * devhoag | joined |
23:28:45
| * contrahax | joined |
23:30:50
| * kid_icarus | joined |
23:32:47
| * domanic_ | joined |
23:33:07
| * pfraze | quit (Quit: Leaving) |
23:36:44
| * thlorenz | joined |
23:49:43
| * contrahax | quit (Quit: Sleeping) |
23:52:11
| * contrahax | joined |