Time  Nick      Message
00:48 codex     hydrajump: maybe.... :)
00:49 codex     hydrajump: it gets around in quite a few places that block VPN or that want you to pay for access
00:49 codex     very few places properly block udp/53 and redirect to their gateway. Most will allow open resolvers and thus your vpn
00:50 codex     and it's not like they are doing layer 7 packet inspection
01:25 pdurbin   semiosis: Stuart Marks on Twitter: "@philipdurbin @michbarsinai :-) No cheating now!" - https://twitter.com/stuartmarks/status/527250860565610496 :)
02:25 hydrajump codex:  you tried it on airlines :P
15:19 hydrajump I managed to lock myself out of my EC2 instance running my IRC server last night. That's what happens when you're up late and mess with sshd_config on a "prod" server :(
15:20 * bear    chuckles
15:21 bear      hydrajump - it's why I created a checkiptables.sh script that does a diff of iptables-save and /etc/iptables.rules
15:21 bear      so I can eyeball changes before saving them
15:22 hydrajump bear: good thing it was only my own non-critical server. Anyway I managed to fix it with little IRC downtime, by attaching the EBS volume to another instance and reverting the change.
15:22 bear      nice!
15:23 bear      oh, another habit maybe: never close all of your ssh terminal sessions until you test in a new window you can still connect
15:23 bear      that has also saved me :)
15:24 hydrajump oh you can do that even if you modify the sshd_config possibly locking yourself out as I did?
15:24 hydrajump it won't effect the current ssh sessions?
15:24 bear      IIRC yes - even a restart of sshd doesn't kill active connections
15:25 hydrajump bear: didn't know that. Wish I did :P
15:25 bear      :)
15:25 bear      (caveat - it's been a long time since I last had to use that, things may have changed)
15:26 hydrajump hehe no worries. best practice will be to not make any changes on a "prod" instance when testing ;)
15:27 hydrajump I don't know why I didn't follow what I do for clients for myself
15:27 bear      good point - that is always the better option :)
15:27 bear      something about the shoemakers kids... ;)
15:28 hydrajump masochism
15:28 hydrajump haha
15:30 codex     hydrajump: i haven't
15:38 hydrajump codex: hey. Ah about airlines.
15:38 hydrajump hehe
15:38 hydrajump I will have to try next time I fly to the US
15:38 hydrajump unforunately it doesn't look like it will be for reInvent :( I'm still trying to get a ticket somehow
16:08 semiosis  hydrajump: CreateImage api call is your friend
17:21 hydrajump weird I have "AllowUsers hydrajump" and created that user, but I can still SSH as ubuntu ?
18:17 hydrajump I fixed it by adding DenyUsers ubuntu as well
19:19 semiosis  looks neat... https://code.facebook.com/posts/844436395567983/introducing-osquery/
19:19 semiosis  especially this, SELECT DISTINCT process.name, listening.port, listening.address, process.pid FROM processes AS process JOIN listening_ports AS listening ON process.pid = listening.pid;
20:42 semiosis  furthermore, https://speakerdeck.com/marpaia/host-intrusion-detection-with-osquery
20:44 semiosis  idea for an Onion article... Systemd selects osquery SQL API to replace linux command line tools
20:54 semiosis  yep, thats comedy gold.  https://twitter.com/pragmaticism/status/527563979032637441
21:07 JoeJulian Hehe
21:32 hydrajump semiosis: thanks for the links. Very interesting.
21:45 semiosis  yw
22:56 pdurbin   "Learning IRC is not just about understanding ‘text based chat’, it’s about understanding the ecosystem for communication and ways to get and lend support in open source." -- http://tiptoes.ca/open-hatch-mozilla/
22:58 JoeJulian s/and.*//
22:58 JoeJulian Once you get communication, everything else is gravy.