Perl 6 - the future is here, just unevenly distributed

IRC log for #darcs, 2016-03-31

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:55 Big_G joined #darcs
01:47 ilbot3 joined #darcs
01:47 Topic for #darcs is now http://darcs.net/ | logs: http://irclog.perlgeek.de/darcs/ | darcs 2.10.3 is out http://darcs.net/Releases/2.10
03:27 notdan_ joined #darcs
03:33 mal`` joined #darcs
03:39 carter joined #darcs
05:14 Heffalump fr33domlover: http://hub.darcs.net/ganesh/ssh-fr33domlover-refactoring - could you double-check I haven't screwed anything up? I'll get on with reviewing/merging it now.
05:14 Heffalump Unfortunately it turned out to be fairly hacky/manual to migrate the patches, I'll have to think about how to support it better in darcs.
05:29 castlelore joined #darcs
05:29 castlelore joined #darcs
05:35 Heffalump aargh, I did mess something else up, just re-rebasing now
05:39 Heffalump (ok, done)
05:45 pointfree Heffalump, I guess I'll just manually integrate my curve25519-sha256 changes in a new patch onto that repo (ssh-fr33domlover-refactoring)?
06:05 fr33domlover Heffalump, the order of my first 2 records there got reversed, but that's fine, they are unrelated anyway. Otherwise, I diffed all the source files and it looks good :)
06:11 Heffalump pointfree: yeah, if you could that'd be great. I'm still working through fr33domlover's patches but I imagine any further changes would go as new patches on top
06:15 fr33domlover pointfree, also check the new Internal.Random module for example
06:15 fr33domlover it's intended to be used as a random source for the library
06:15 fr33domlover it wraps DRBG which you use in your patches too iirc
06:24 pointfree fr33domlover, ah, I see.
06:25 pointfree Looks like darcsden/ssh-server/darcsden-ssh.hs will need some modifications to work with the new ssh.
06:26 fr33domlover pointfree, indeed. but not much
06:26 fr33domlover i can make a patch for that myself
06:59 pointfree fr33domlover: Could not deduce (Crypto.Random.CryptoRandomGen Network.SSH.Internal.Random.RNG)
06:59 pointfree curve25519 package expects Crypto.Random.CryptoRandomGen
07:00 fr33domlover pointfree, i think we'll be moving to cryptonite anyway
07:00 fr33domlover so i suppose it's fine, leave it as is then for now
07:01 pointfree I'll leave it as it is now, for now.
07:11 pointfree http://hub.darcs.net/ganesh/ssh/compare/pointfree/ssh
07:17 pointfree fr33domlover, Heffalump: unless I forgot to port something over, the new ssh won't work with the libssh2 tests but will work with darcsden, once fr33domlover makes the patches to darcsden-ssh that is.
07:18 fr33domlover pointfree, is there anything else we can use for tests?
07:18 fr33domlover is there libssh3? :P
07:21 pointfree libssh and libssh2 are two unrelated projects. libssh is the way to go imo. https://libssh2.org/libssh2-vs-libssh.html
07:25 pointfree Unfortunately, I haven't found client bindings to libssh. Found server bindings though, maybe someone needs to contribute ssh client bindings... or we could have the tests just run the ssh shell command or something.
07:57 alexei_ joined #darcs
08:23 notdan joined #darcs
08:31 pointfree ...I've started a libssh port of libssh2-hs because it's not really great to make a release with broken tests.
09:07 fr33domlover pointfree, maybe there is another way: Use the `ssh` program?
11:01 castlelore joined #darcs
11:21 xauth joined #darcs
11:39 castlelore joined #darcs
11:49 dolio joined #darcs
12:02 BitPuffin joined #darcs
12:08 castlelore joined #darcs
12:17 mizu_no_oto joined #darcs
12:44 mizu_no_oto joined #darcs
12:47 dolio joined #darcs
12:49 itPuffinB joined #darcs
12:52 itPuffinB joined #darcs
12:54 itPuffinB joined #darcs
13:00 itPuffinB joined #darcs
13:21 BitPuffin joined #darcs
13:45 Riastradh joined #darcs
14:07 BitPuffin joined #darcs
14:43 BitPuffin joined #darcs
14:48 itPuffinB joined #darcs
14:55 alexei_ joined #darcs
14:57 itPuffinB joined #darcs
15:16 alexei_ joined #darcs
15:24 BitPuffin joined #darcs
16:04 xauth left #darcs
16:30 BitPuffin joined #darcs
17:31 Heffalump fr33domlover: in "User auth now stores optional user ID in addition to username" do you have an example of how code that calls ssh should change?
17:33 Heffalump fr33domlover: in "Do modular exponentation using integer-gmp instead of HsOpenSSL", have you thought about resistance to timing attacks? I'd need to check, but I vaguely recall changing from something else to a crypto library specifically because of that.
17:33 BitPuffin joined #darcs
17:34 fr33domlover Heffalump, yes. Say in Darcsden, when handling a command, how does it know which user it is? It does so by username, which is indeed unique. But in the general case, you'd want to remember the user ID column value (e.g. in NonSQL databases i dunno if using the username is as efficient as using an ID)
17:34 fr33domlover and use the ID to fetch data later
17:35 fr33domlover Heffalump, I noticed that too very recently, tbh I don't know much about these attacks but maybe we can implement protection against them ourselves?
17:35 fr33domlover I mean, whatever OpenSSL does there is not magic
17:36 fr33domlover and crypto is one of the most popular uses of modexp
17:36 fr33domlover if not the most popular
17:36 fr33domlover so i'd like to think using OpenSSL here isn't the only semi-realiable option:P
17:37 fr33domlover Heffalump, btw there's a Hackage package http://hackage.haskell.org/package/arithmoi
17:37 fr33domlover maybe the modexp there is better?
17:37 Heffalump fr33domlover: re the auth stuff, do you have a code sample?
17:38 fr33domlover Heffalump, I'll check my code. If not, I'll have one soon
17:39 Heffalump fr33domlover: I think we need to use an implementation specifically written with security in mind
17:39 fr33domlover Heffalump, no code sample yet, i'll have one soon once I update my code that uses 'ssh'
17:40 Heffalump I'm fine with replacing it with something else and I would also like to be rid of an OpenSSL dependency
17:40 fr33domlover Heffalump, agreed
17:42 Heffalump btw I guess you've actually tried using your changes? I don't think the test suite covers all that much, so it could easily not catch stuff wrong with the networking layer etc :-)
17:49 Heffalump pointfree: just looking at your patch too - couple of initial questions. Is dropping the old key exchange going to be an issue? I presume it's generally obsolete, but there are there any old-ish clients out there that might have the same problem as we did as a server?
17:50 Heffalump re all the bytestring to integer conversions - are those based on my quick hacks or did you figure out something cleaner?
18:13 pointfree joined #darcs
18:16 Riastradh joined #darcs
18:26 pointfree Heffalump: sm said he's fine with dropping diffie-hellman-group1-sha1 and I thought darcsden was the only user of the ssh package. Is darcs used with anything other than openssh? It may be useful to keep diffie-hellman-group1-sha1 especially if there is an interest in the diffie-hellman-group-exchange-sha256 kex. Forcing users to upgrade to a secure kex may be a good thing though.
18:28 pointfree regarding the type conversion hacks, I think those should be eliminated when switching to cryptonite, as cryptonite is using other types.
18:32 Heffalump I don't really know how people use darcs. I guess probably only with openssh nowadays, or maybe putty at a stretch.
18:32 Heffalump I'd feel a bit happier keeping both options, but I don't think it's that big a deal
18:32 Heffalump ok re type conversion, but maybe add a comment saying they are inefficient and could be improved
18:51 fr33domlover Heffalump, I indeed tested all network related changes. I didn't test some later refactorings but those don't touch the network logic. Still, I want to update my code to use the latest refactored ssh
18:56 Heffalump if you could make a patch to darcsden, I guess that would cover my "sample code" question as well as making sure it does work
18:57 pointfree currently looking into supporting diffie-hellman-sha1-group1 for completeness' sake...
18:58 Heffalump I guess the other reason to do it is so we have the code skeleton in place for multiple protocols anyway - which will be useful later
20:24 sm pointfree: my preference would be not to break a whole bunch of darcs hub users if it's possible, of course
20:33 Heffalump I'd have thought most would be using clients that will be happy with the newer version
20:39 pointfree Not needing to remove that line in ~/.ssh/config right away would be nice for a smoother experience.
20:40 Heffalump ah, does it force to that protocol rather than just allow it?
20:42 pointfree apparently it does not force it, it just enables it. (just tested on odroid.0xffffffff.in:8900)
20:47 pointfree although you can force it by removing the "+" from the front.
20:49 pointfree The faq instructions include the plus, so no user modifications to ~/.ssh/config will be necessary even if the ssh server only supports curve25519-sha256@libssh.org
20:56 pointfree There may be some proprietary ssh clients using libssh2 because it has a non-copyleft license in contrast to libssh.
20:57 pointfree It may be a good idea to support at least one of: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 (what libssh2 supports)
20:58 pointfree I know of no other ssh libraries than libssh and libssh2
23:31 mal`` joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary