00:02:33 -!- aaaaaa has joined.
00:04:29 <HackEso> The password of the month is Algol Waterloo Athens aftermath quadrant hydraulic tissue exodus stormy decadence egghead resistor flatfoot escapade newborn recipe
00:04:52 <int-e> . o O ( Somebody overcompensated for lost opportunities. )
00:16:01 -!- deltaepsilon23 has left ("Leaving").
00:39:49 <int-e> WTF... https://www.lifewire.com/strong-password-examples-2483118 lists "BankLogin!3" as an excellent password...
00:42:36 <shachaf> I think maybe I should ban digits and "special characters" in passwords.
00:42:57 <shachaf> They make passwords harder to remember and probably don't meaningfully increase entropy?
00:43:10 <int-e> They make them quicker to type though
00:43:49 <zzo38> I think you should not ban anything except perhaps null characters and some control characters (depending on the application). However, you should not require digits and "special characters" either. And, please do not set the maximum length too small!
00:43:56 <int-e> And they add some bits of entropy if they're not l33t-derived.
00:44:38 <shachaf> Maybe it should just be a-z
00:44:46 <zzo38> Arbitrary octets should otherwise be allowed in the password.
00:44:47 <shachaf> I guess allowing capital letters is one bit per character.
00:45:16 <shachaf> I guess I could've guessed that one.
00:45:37 <int-e> capital letters... I'd imagine for most people they add one bit per word.
00:45:58 <shachaf> Presumably this is a pretty good password.
00:46:20 <int-e> (and yes, people will use words if you let them)
00:46:43 <int-e> I wonder what word list b_jonas used.
00:46:51 <shachaf> Maybe you shouldn't let people choose passwords.
00:46:55 <zzo38> Well, some people will. Some people use numbers instead.
00:47:08 <shachaf> Just generate a 70-bit 15-character password and let them regenerate on demand.
00:47:08 <int-e> (I suspect this is one of his serious entries... so it's bound to be 16 actually random words.)
00:47:49 <zzo38> I think that you should let people choose passwords, but ensure the maximum length is sufficiently long (I suggest at least sixty bytes, probably more). A random password option might be good too, though, maybe.
00:48:03 <int-e> It's not diceware.
00:48:35 <int-e> Good one, good one.
00:49:00 <Arcorann> 60 bytes would be overkill for random passwords though
00:49:07 <int-e> password123xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
00:49:19 <esowiki> [[Special:Log/newusers]] create * Kosayoda * New user account
00:49:22 <int-e> it's also a pretty useless metric
00:49:24 <zzo38> Arcorann: Yes, but I only specified that as a maximum length, not the minimum or default length.
00:49:35 <int-e> my bad, I misread.
00:50:10 <int-e> or rather, made an assumption because hardly anybody speaks of maximum password lengths... minimum lengths are all the rage
00:50:13 <zzo38> (If you can, increase the maximum length to more than that.)
00:50:47 <Arcorann> Maximum length restrictions beyond those required to avoid extreme processing times shouldn't be necessary in any sensible password scheme
00:51:09 <shachaf> int-e: That page also says that "BankLogin" is an OK password.
00:51:39 <int-e> shachaf: Yeah, it's wholly embarrassing.
00:51:50 <int-e> Designed to make people feel good about their passwords, I'm sure.
00:52:09 <shachaf> It also says that "kitty" is an OK password.
00:52:24 <shachaf> Despite saying a bit above that such a password is incredibly insecure.
00:52:29 <zzo38> Arcorann: Yes, that is true. (Well, not only time but also memory. And depending on the program, it may display asterisks as it is being typed and there may be limited space on the display, but you can also conceal the password entirely (like traditionally in UNIX-based systems), display on multiple lines, use smaller fonts, etc.)
00:52:30 <shachaf> I guess "OK" is a euphemism?
00:52:34 <int-e> I didn't read it all.
00:52:52 <esowiki> [[Esolang:Introduce yourself]] https://esolangs.org/w/index.php?diff=77793&oldid=77791 * Kosayoda * (+186) Add introduction
00:53:03 <oren> I have begun using relatively long sentences in conlangs as passwords
00:53:45 <esowiki> [[Chicken]] M https://esolangs.org/w/index.php?diff=77794&oldid=71117 * Kosayoda * (+63) Add a Python implementation of the language.
00:53:46 <Arcorann> Probably shouldn't have called it "OK", but yeah the mechanism of "take a dictionary word and add special characters or numbers" is not great
00:53:55 <shachaf> I think a random word in /[a-z]{15}/ is pretty good.
00:54:08 <shachaf> Do I want more than 70 bits?
00:54:11 <zzo38> oren: Yes, that can work.
00:55:57 <int-e> There's always the battery horse staple thing.
00:56:11 <esowiki> [[Chicken]] M https://esolangs.org/w/index.php?diff=77795&oldid=77794 * Kosayoda * (+19) Add name to linked implementation.
00:56:49 <shachaf> How many bits do you get from that?
00:57:03 <shachaf> If it's a password you type regularly, saving on characters is probably good.
00:57:14 <shachaf> Shift is an extra keystroke.
00:57:23 <int-e> https://xkcd.com/936/ said 44 bits
00:59:11 <shachaf> `` egrep --text -o '[a-z]' /dev/urandom | tr -d '\n' | head -c10
00:59:15 <Arcorann> Nowadays I get KeePass to generate my passwords except for a few that I've memorised
01:01:06 <shachaf> 44 bits is presumably OK if you know the password is being stored securely with a fancy KDF.
01:01:17 <shachaf> But if you don't then you probably want more.
01:05:19 <int-e> I usually look at this... Bitcoin is at 2^47 hashes per second.
01:06:25 <shachaf> Isn't it way more than that?
01:06:52 <shachaf> https://www.blockchain.com/charts/hash-rate says 140M TH/s
01:07:41 <int-e> I can't do ISO :-(
01:07:55 <int-e> Or SI for that matter.
01:08:50 <int-e> Okay, so maybe 70 is only plenty if it's not stored as a plain hash.
01:22:21 <int-e> (Oh well. The SI/ISO mixup isn't new, at least. But getting the prefixes wrong is.)
01:23:07 <shachaf> Oh, the number you gave was 140e12.
01:23:18 <shachaf> I think it's confusilating of them to give numbers in millions of terahashes.
01:23:39 <shachaf> Either give hashes or exashes or something.
02:37:48 -!- hendursaga has quit (Remote host closed the connection).
02:47:32 -!- hendursaga has joined.
03:06:53 -!- Lord_of_Life_ has joined.
03:09:04 -!- Lord_of_Life has quit (Ping timeout: 256 seconds).
03:09:05 -!- Lord_of_Life_ has changed nick to Lord_of_Life.
03:39:55 -!- adu has joined.
03:46:00 -!- MDude has quit (Quit: Going offline, see ya! (www.adiirc.com)).
04:01:40 -!- aaaaaa has quit (Quit: leaving).
04:32:31 <int-e> `` unshare -U true
04:32:32 <HackEso> unshare: unshare failed: Operation not permitted
04:40:54 <int-e> This is confusing me (on my own system; less so for HackEso)... The failing syscall is `unshare`: unshare(CLONE_NEWUSER) = -1 EPERM (Operation not permitted) But according to the `unshare` manpage, unprivileged users are supposed to be able to create a new user namespace, except under fairly specific circumstances... hmm one of which I can't easily check.
04:55:06 <int-e> works on none of my (Debian) systems
04:57:51 <int-e> (the thing that I don't know how to check is that EPERM is raised if "the caller's root directory does not match the root directory of the mount namespace"... is this something that a badly designed initrd can mess up forever?)
04:59:36 <int-e> The other condition is for unmapped (effective) user/group ids... but the default maps map *all* 32 bit values to themselves.
05:00:19 <int-e> (cat /proc/self/{g,u}id_map --> 0 0 4294967295, twice (with some more spaces))
05:01:35 <int-e> OTOH it works for root at least.
05:02:12 <shachaf> If it works for root then it doesn't seem like the initrd thing, does it?
05:02:48 <int-e> yes, that seems to be implied.
05:05:15 <shachaf> Is the EPERM coming from https://github.com/torvalds/linux/blob/v5.8/kernel/user_namespace.c#L69 ?
05:15:59 <zzo38> I see two cases in that function that return EPERM. Do you know which of those it is?
05:24:50 <shachaf> Man, I was trying to create a chroot to test this in and the situation is ridiculous.
05:25:04 <shachaf> /bin/ls depends on libraries in /usr, so what's the point of anything?
05:26:33 <shachaf> OK, so inside a regular chroot, you can escape easily by e.g. chdir /proc/1/root
05:27:52 <shachaf> int-e: Presumably your /proc/1/root looks identical to your /?
05:30:46 <int-e> root@harpy:/# unshare -U true
05:30:46 <int-e> unshare: unshare failed: Operation not permitted
05:30:51 <int-e> that's inside a chroot, as root.
05:31:25 <int-e> I should've thought of trying to test the positive case... so it's not the chroot check, phew.
05:34:27 <zzo38> The linked program says "Verify that we can not violate the policy of which files may be accessed that is specified by the root directory, by verifing that the root directory is at the root of the mount namespace which allows all files to be accessed."
05:44:13 <int-e> Bah. https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
05:45:40 <zzo38> Is read permission required if you try to execute a file that has setuid bit but it is ignored? I think that, in addition to requiring execute permission, in order to execute a file, it should require that either the effective user owns the file or the effective user has permission to read the file.
05:45:43 <int-e> So on Debian one needs sysctl kernel.unprivileged_userns_clone=1
05:45:53 <int-e> And then it works.
05:46:49 <shachaf> int-e: Well, so much for my kernel source code reading efforts.
05:47:22 <zzo38> (perhaps only for files with setuid/setgid, although perhaps in other cases too, such as if namespaces have been tampered with in any way at all)
05:47:55 -!- adu has quit (Quit: adu).
05:47:56 <int-e> shachaf: I'm sorry. I went down the same road though... https://elixir.bootlin.com/linux/latest/source/kernel/user_namespace.c#L69 is a useful site for that (it has links for identifiers)
05:48:18 <shachaf> int-e: I was mostly using livegrep.com
05:48:26 <int-e> shachaf: And only then I decided that it's probably something Debian specific.
05:49:06 <int-e> Gotta love the "This is a short-term patch." from 2013.
05:50:02 <shachaf> It says "saucy" -- is it an Ubuntu thing?
05:51:17 <int-e> Well, Ubuntu is based on Debian.
05:51:33 <int-e> So it's no big surprise if patches flow in the other direction as well?
05:51:53 <int-e> Not everything Ubuntu does is stupid ;)
05:57:46 -!- arseniiv has joined.
05:59:03 <int-e> (I'm somewhat divided on whether this is a good patch or a bad patch... what is horrible is discoverability of the feature.)
06:19:52 <shachaf> If only there was more than a numeric error code for system calls to fail with.
06:20:06 <shachaf> I don't know why they even have any error code other than EINVAL, since it covers every use case.
07:05:46 -!- sftp has quit (Ping timeout: 244 seconds).
07:06:00 -!- sftp has joined.
07:18:04 -!- imode has quit (Ping timeout: 260 seconds).
07:19:24 -!- LKoen has joined.
08:08:23 -!- hendursa1 has joined.
08:11:03 -!- hendursaga has quit (Ping timeout: 240 seconds).
08:38:43 -!- dog_star has quit (Ping timeout: 272 seconds).
08:38:54 -!- dog_star has joined.
10:27:09 <esowiki> [[05AB1E]] https://esolangs.org/w/index.php?diff=77796&oldid=77453 * SunnyMoon * (+414) 2sable!
10:35:57 <esowiki> [[Zirconium]] https://esolangs.org/w/index.php?diff=77797&oldid=77773 * RocketRace * (-2) Synthetic station definitions should be postfix, not prefix
10:37:49 <Arcorann> https://sr.ht/~sircmpwn/evilpass/ <-- that's one way of checking password security
10:42:31 -!- Sgeo has quit (Read error: Connection reset by peer).
10:49:20 <esowiki> [[Special:Log/newusers]] create * SoicBR * New user account
10:55:05 <esowiki> [[Esolang:Introduce yourself]] https://esolangs.org/w/index.php?diff=77798&oldid=77793 * SoicBR * (+295) /* Introductions */
11:12:21 -!- laerling has quit (Quit: leaving).
11:23:52 -!- t20kdc has joined.
12:19:55 -!- arseniiv has quit (Ping timeout: 240 seconds).
12:21:27 -!- t20kdc has quit (Remote host closed the connection).
12:42:59 -!- sebbu2 has joined.
12:43:36 -!- sebbu has quit (Ping timeout: 256 seconds).
12:46:53 -!- sebbu2 has changed nick to sebbu.
13:05:00 -!- Arcorann_ has joined.
13:07:25 -!- Arcorann has quit (Ping timeout: 240 seconds).
13:38:47 -!- moony has quit (Remote host closed the connection).
13:39:14 -!- ATMunn_ has joined.
13:39:19 -!- ATMunn has quit (Quit: lol rip).
13:39:21 -!- moony has joined.
15:07:17 -!- Lord_of_Life_ has joined.
15:07:56 -!- at-nyc has joined.
15:09:29 <at-nyc> Not sure this is the right place, but I couldn’t believe that esolang.org wasn’t already a redirect to esolangs.org. I bought it and want to donate/transfer the registration. Who do I contact about that?
15:09:45 -!- Lord_of_Life has quit (Ping timeout: 240 seconds).
15:09:55 -!- Lord_of_Life_ has changed nick to Lord_of_Life.
15:12:10 <b_jonas> at-nyc: you contact fizzie here
15:13:25 <fizzie> The problem with domains is, you need to keep paying for them. True, it's not much, but it's the principle of the thing.
15:14:22 -!- at-nyc has quit (Remote host closed the connection).
15:16:52 <b_jonas> fizzie: yeah. so I presume either at-nyc pays for them, or it just goes to resale after they stop paying for them, and is a redirect until that.
15:17:15 <fizzie> That's what would happen if it was transferred to me, at least.
15:17:33 <b_jonas> maybe they don't realize just how old this channel is, and bought it for six years which is basically forever on the internet
15:17:44 <fizzie> I'm not sure our "brand" warrants starting to collect variant domains. Of course if someone else wants to hold esolang.org (either as an alias for esolangs.org, or for any other purpose), I'm fine with that.
15:18:41 <b_jonas> the wiki started in 2005 I think, and the channel before 2002-12
15:19:33 <b_jonas> "brand" hmm. are we selling T-shirts and such merchandise yet?
15:23:18 <fizzie> Time to set up a CafePress shop, I guess.
15:23:44 <fizzie> I've got a fungot T-shirt for special occasions, but I just got it done at one of those design-your-own places.
15:23:44 <fungot> fizzie: for a while it was frustrating. hb, used his sword into. he went in and killed some powerful monsters with his new hammer to the specibus
15:24:33 -!- hendursa1 has quit (Quit: hendursa1).
15:24:49 -!- hendursaga has joined.
15:28:27 -!- Arcorann_ has quit (Read error: Connection reset by peer).
15:29:23 <b_jonas> I only visit like a handful of internet communities that are this old. perlmonks started in 2000, my user was registered in 2003, but I'm not very active there anymore. Tom7's blog (radar) is active since 2000, but I only found it in 2006 when he organized an ICFP contest. I don't know when I started reading David Madore's blog, but that one started in 2003.
15:30:11 <b_jonas> http://www.madore.org/~david/weblog/d.2003-09-17.0234.html always amazes me: it's a post where David scans some public domain images and hosts them on his webpage. The normal place to host such images would be Wikimedia Commons, but Commons actually didn't exist back then. It's so hard to imagine that now.
15:31:56 <b_jonas> what the. ERICH FRIEDMAN'S MATH MAGIC ENDED?
15:32:41 <b_jonas> it apparently dropped out from its former address http://www2.stetson.edu/~efriedma/mathmagic/archive.html , and there's an archive at https://erich-friedman.github.io/mathmagic/
15:32:52 <b_jonas> that's been going on from 1998 every month
15:34:47 <b_jonas> that's one of the oldest continuously active website that dropped out of the internet
15:36:16 <b_jonas> not the oldest, because yahoo.com web search started in 1995 and is still active and I have been using it
15:40:52 <fizzie> google.com's been around since 1998, and I'm still using it quite often.
15:41:04 <fizzie> Not exactly a "community" though.
15:43:15 <fizzie> https://www.fidonet.org/genlinfo.html "Accessing Fidonet via BBS is gaining in prominence." :)
15:43:43 <rain1> how come i never heard about erich friedman
15:43:48 -!- mich181189 has quit (Ping timeout: 272 seconds).
15:44:42 -!- ocharles has quit (Ping timeout: 260 seconds).
15:45:13 -!- mich181189 has joined.
15:46:31 <fizzie> sieni.us had shut down (well, removed all the content) recently, that's another semi-old (2005) piece of (Finnish) Internet subculture gone. :/
15:47:02 <b_jonas> rain1: I have a link on my homepage. notable parts of his homepage are Math Magic (monthly puzzles posted by Friedmann, optimized by an open community, i.e. anyone can send solutions in email), packing center, puzzle collection, and periodic table of mathematicians (biographies)
15:47:04 -!- ocharles has joined.
15:47:41 <b_jonas> when was en.wikipedia founded? in 2001 apparently
15:48:45 <b_jonas> IOCCC is yearly regular since 1998
15:49:05 <b_jonas> ICFP contest is yearly regular since 1998
15:49:29 <b_jonas> IOCCC is yearly irregular since 1984 WOW
15:49:36 <b_jonas> it's older than me? that's crazy
15:50:06 <b_jonas> I never realized that, despite that its first winner contains machine code for two obsolete CPU architectures
15:50:49 <b_jonas> ioccc/1984/mullender and for VAX-11 and PDP-11
15:51:52 <fizzie> The (probably-)largest-circulation Finnish computer magazine ("MikroBitti") had a BBS system from 1994 onwards, later with some Internet things (email, a ~10-megabyte web page hosting place), and it was still accessible over telnet up to... well, sometime this millennium, anyway.
15:53:47 <fizzie> The BBS had a funny time-keeping system, you were allowed to be connected for up to 60 minutes/day, but you could also save your unused time in the "time bank" I think up to 4 hours or so, which was convenient for some of the larger downloads that would take over an hour.
15:55:45 <b_jonas> fizzie: until what time was it accessible outside the internet?
15:56:55 <fizzie> Apparently only until 2002.
15:57:34 <fizzie> Maybe they turned off both the internet and phone lines at the same time, in 2002.
15:59:27 <fizzie> https://www.reddit.com/r/IAmA/comments/1m6ift/i_was_the_sysop_of_mbnet_perhaps_the_biggest_bbs/
16:00:23 <b_jonas> I hope someone has a backup of most of the static content on the web
16:00:46 <b_jonas> (in, like, one small zip on archive.com)
16:15:29 -!- arseniiv has joined.
16:32:32 -!- user24 has joined.
18:02:44 -!- b_jonas has quit (Quit: leaving).
18:04:49 -!- b_jonas has joined.
18:11:50 <esowiki> [[Language list]] https://esolangs.org/w/index.php?diff=77799&oldid=77748 * Olivato * (+15) /* C */
18:26:41 -!- Remavas has joined.
18:26:59 -!- Remavas has quit (Client Quit).
18:29:43 -!- imode has joined.
18:53:00 <esowiki> [[Complack]] N https://esolangs.org/w/index.php?oldid=77800 * Olivato * (+5013) Created page with "'''Complack''' is a simple, stack-based language created by [[User:Olivato]]. Is based in [[Simplack]] created by [[User:Saka]]. Complack means '''Compl'''ex St'''ack''' is an..."
18:55:16 <esowiki> [[Complack]] https://esolangs.org/w/index.php?diff=77801&oldid=77800 * Olivato * (+36)
18:56:26 <esowiki> [[Complack]] https://esolangs.org/w/index.php?diff=77802&oldid=77801 * Olivato * (-1) /* Fibonacci of the n-th */
18:56:44 <esowiki> [[Complack]] https://esolangs.org/w/index.php?diff=77803&oldid=77802 * Olivato * (-2) /* Subroutine */
18:56:58 <esowiki> [[Complack]] https://esolangs.org/w/index.php?diff=77804&oldid=77803 * Olivato * (-3) /* Using multiple stacks */
18:58:48 <esowiki> [[Simplack]] https://esolangs.org/w/index.php?diff=77805&oldid=56199 * Olivato * (+95)
19:02:40 -!- MDude has joined.
19:08:37 -!- arseniiv has quit (Ping timeout: 258 seconds).
19:10:49 -!- adu has joined.
19:16:13 -!- MDude has quit (Read error: No route to host).
19:31:09 -!- Sgeo has joined.
19:54:43 -!- adu has quit (Quit: adu).
20:02:27 <zzo38> Do you know what software was the MikroBitti BBS system? Was it any common one?
20:03:56 <zzo38> I know a program still being maintained is Synchronet, which now supports JavaScript, although I don't know if it supports typed arrays yet (and other modern JavaScript features).
20:07:35 -!- user24 has quit (Quit: Leaving).
20:33:19 <fizzie> zzo38: It was PCBoard-based, I believe.
20:35:28 <fizzie> I think I set up an instance of BBBS once, just to play around with it, but I don't think I ever had it externally accessible.
20:36:42 <fizzie> Huh, I wonder what's the name of that one Mac OS -oriented BBS system, with a GUI and all.
20:36:48 <fizzie> Oh, right, FirstClass.
20:38:00 <fizzie> The local Mac users' community (fiMUG) had a BBS based on that, I always found it really charming.
20:38:51 <fizzie> https://upload.wikimedia.org/wikipedia/en/1/1c/FirstClass_GLFN_desktop.png
20:39:07 <fizzie> It had these small red flags denoting unread messages.
21:01:13 <b_jonas> fizzie: phpbb can do the small red flags for undread messages in HTML too
21:02:16 <b_jonas> the mnemonic is weird because we never had those kinds of mailboxes here in the city
21:02:26 <b_jonas> I think they only exist in the American country
21:02:43 <b_jonas> with huge fields where you want to see if you got mail from far away
21:05:44 -!- aaaaaa has joined.
23:40:04 <b_jonas> oh great. an advertisment of snack food where the highlighted feature is that the new product is smaller than the previous one of the same brand. smaller. that's it. if they can sell with this, they can sell anything. not that all the spam I get doesn't already prove that they can sell anything.
23:45:50 <fizzie> Is it called "fun-sized"?
23:55:17 <int-e> maybe all the taste is one the surface and all the calories are inside
23:57:40 <b_jonas> int-e: it's a snack. calories aren't the point.
23:58:15 <b_jonas> biscuit type, not bread type.