IRC Logs

Time  Nick         Message
00:01 pdurbin      story of my life
00:03 melodie      this is the 21th century greatest pain
00:03 melodie      time flying
00:20 melodie      good night
00:48 pdurbin      ben_e: think stompy will be ready in time?
01:54 pdurbin      argh. stupid android. upgraded google+ and now it won't launch. if anyone has any ideas, I posted my question here: http://android.stackexchange.com/questions/42335/cant-install-google-play-services
02:10 pdurbin      rackerha-: thanks for commiserating with me: https://plus.google.com/101646943125332675164/posts/8dmTLUa6PN4
12:28 ben_e        i doubt it
12:44 pdurbin      me too :)
14:55 pdurbin      semiosis: seems like a fun bot: http://wiki.code4lib.org/index.php/Zoia_or_the_Code4Lib_IRC_bot (supybot)
15:19 semiosis     pdurbin: in other bot news, someone from http://botbot.me recently donated their service to #logstash ... https://botbot.me/freenode/logstash/
15:20 semiosis     the bot's nick is [o__o]
15:24 pdurbin      nice
16:17 pdurbin      semiosis: takify is awesome: https://github.com/gsf/supybot-plugins/blob/master/plugins/Translators/plugin.py#L230
17:31 pdurbin      free drinks at 8:30 tonight at http://stoddardsfoodandale.com/index2.php?action=9 courtesy of github: https://github.com/blog/1444-boston-drinkup
17:50 JoeJulian_   pdurbin: For root it and install cyanogenmod.
17:50 JoeJulian_   for? I swear I typed "just"
17:50 pdurbin      :)
17:58 JoeJulian_   rackerhacker: my wife's a fraud analyst. Her company (apparently) uses a single salt for storing password hashes, a practice not considered appropriate for security, but this allows for better fraud analysis as fraudsters typically use the same password for their many accounts. What's your take on that?
17:59 rackerhacker oof
17:59 JoeJulian_   Hehe
17:59 rackerhacker that's a weird situation
17:59 rackerhacker i'd still go with a different salt per password, honestly
17:59 rackerhacker the value of customer creds is higher than the damaged caused by fraud IMHO
18:00 JoeJulian_   Unless your company can no longer accept VISA due to excessive chargeback rates.
18:03 JoeJulian_   If you can't take payments, your password table is very secure because it's offline.
18:06 JoeJulian_   So if your fraud team came to you and said they needed a tool to be able to identify something like this, what would you do? I'm no math genius, but I wonder if there's a lossy protocol that would be more-likely to generate duplicate hashes (so couldn't be used for rainbow tables) that could be associated with the password in addition to the specific hash for password matching...
18:07 JoeJulian_   I'm asking because I'd like to do something similar for another unique piece of data that I don't want leaked, but I do need to be able to log and track.
18:09 JoeJulian_   ... I use the philosophy that if you write it to disk, it's leaked (even though that's technically still true in ram as well).
18:42 semiosis     https://puppetlabs.com/2013-state-of-devops-infographic/