| *** tpb has joined #timvideos | 00:00 | |
| -kornbluth.freenode.net- [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp | 00:00 | |
| shenki | mithro: hello | 00:48 |
|---|---|---|
| *** cfelton_ has joined #timvideos | 01:30 | |
| *** micolous_ has joined #timvideos | 01:31 | |
| *** cfelton has quit IRC | 01:33 | |
| *** miselin has quit IRC | 01:33 | |
| *** micolous has quit IRC | 01:33 | |
| *** cfelton_ is now known as cfelton | 01:33 | |
| *** miselin has joined #timvideos | 01:52 | |
| *** miselin has joined #timvideos | 01:52 | |
| *** CarlFK has quit IRC | 02:06 | |
| *** CarlFK has joined #timvideos | 02:09 | |
| *** ChanServ sets mode: +v CarlFK | 02:09 | |
| mithro | shenki: hello? | 03:02 |
| shenki | mithro: hi. i want to run apache2.4 instead of 2.2 on hopper | 03:18 |
| shenki | mithro: which means upgrading to 14.04 | 03:18 |
| shenki | mithro: i was thinking it might be better to install new VM, and migrate the config across | 03:18 |
| mithro | shenki: yes, I think that is probably the best idea | 03:18 |
| mithro | shenki: but it is also pretty easy to do a snapshot of hopper and start it up as a new vm so you could do the upgrade | 03:19 |
| mithro | shenki: why do you want to use apache2.4? | 03:19 |
| shenki | mithro: tls features | 03:20 |
| mithro | shenki: which feature? | 03:23 |
| shenki | mithro: im trying to remember. i recall attempting to enable something a while back, and it didn't work, before realising it was not supported in 2.2 | 03:32 |
| mithro | shenki: upgrading is a good goal, but I'd prefer to have you spending time on HDMI2USB stuff :P | 03:48 |
| shenki | true | 03:50 |
| Joelw | Apache 2.4 adds support for TLSv1.1 and 1.2, and for OCSP stapling. | 03:58 |
| Joelw | If you don't want to be stuck with a 'B' security grade, you must upgrade! | 03:58 |
| Joelw | Debian Stable only has 2.2 :( I was fiddling with one of my computers today and decided it wasn't worth the bother. | 03:59 |
| shenki | OSCP, that's what i was trying to enable | 03:59 |
| mithro | what is OSCP stabling? | 04:00 |
| Joelw | It's a mechanism where your server requests a sort of short-term cert from the SSL provider every few days | 04:01 |
| shenki | it's where your server proves it's cert isn't revoked, so the CA doesn't have to | 04:01 |
| Joelw | Thus you don't need to check certificate revocation lists, because there's a thing that says that the CA has confirmed it's still good within the last whenever | 04:01 |
| shenki | Joelw: i can still get a 'A' from SSL labs with 2.2 | 04:02 |
| Joelw | shenki: Sod :( I can't! | 04:02 |
| Joelw | Are you doing HSTS? | 04:02 |
| shenki | TLS 1.1 and 1.2 | 04:02 |
| shenki | nope | 04:02 |
| Joelw | Oh, I couldn't get TLS > 1.0 working on Debian Stable. | 04:02 |
| shenki | i have it commented out in my config. not sure why. | 04:02 |
| shenki | ok. this is ubuntu-ancient | 04:02 |
| shenki | 12.04 | 04:03 |
| mithro | Wouldn't the OSCP need to be stapled extremely frequently? | 04:03 |
| shenki | every few days | 04:04 |
| shenki | one of the other ideas behind it is that it reduces latency | 04:04 |
| shenki | as you don't need to perform a connection to the CA to verify that it's not revoked | 04:04 |
| mithro | shenki: but doesn't that mean your certificate needs a few days before it's revoked? | 04:04 |
| Joelw | I think StartSSL does a 7 day thingy | 04:04 |
| shenki | it's a bit retarded though, as you're asking the server to prove if it's valid. so if you're doing MITM, you just would drop the OSCP state | 04:05 |
| Joelw | mithro: Google Chrome doesn't even bother to check CRLs by default! | 04:05 |
| Joelw | So at least you'd get an at-most 7 day revocation rather than no revocation at all. | 04:06 |
| mithro | I guess the whole revoke thing is a bit silly because you just block the CRL check | 04:06 |
| shenki | yep. agl decided it wasn't worth it | 04:06 |
| shenki | mithro: +1 | 04:06 |
| mithro | Joelw: so what happens when your CA breaks? | 04:06 |
| Joelw | I guess you'll just stop sending the OCSP bit | 04:07 |
| Joelw | At the moment I don't think you can get a certificate that has an 'OCSP mandatory' attribute | 04:07 |
| Joelw | If you could, then it would be a problem, but I guess it's not much different to your domain registrar disappearing | 04:07 |
| shenki | i think we have come to the same conclusions that others have - the CA system is broken | 04:07 |
| mithro | shenki: it looks like DANE is dead too... | 04:08 |
| shenki | Dane, someone from the Kingdom of Denmark, or of Danish descent | 04:08 |
| shenki | oh, the DNS thing | 04:09 |
| mithro | shenki: DANE is putting cert information in a DNSSec signed record | 04:09 |
| shenki | mithro: that's probably why it failed; it needed DNSSEC to be implemented first | 04:09 |
| mithro | DNSSEC adoption seeems to be going better then IPv6 :P | 04:10 |
| *** CarlFK has quit IRC | 04:11 | |
| shenki | heh, i'm not sure if that's a win | 04:12 |
| shenki | it's like saying that G+ has done better than Wave did | 04:12 |
| mithro | actually DNSSec is well on the way to actually being useful | 04:14 |
| mithro | I expect DNSSec will be enabled ever where by default in less than 5 more years | 04:14 |
| mithro | and then we'll discover the NSA has put a fundamental hole in the protocol and we all need to move to DNSSecV2 | 04:15 |
| Joelw | Or Google will announce that they'll block all DNSSecV1 sites in three months time :( | 04:16 |
| shenki | heh | 04:16 |
| shenki | Joelw: need someone to push innovation | 04:16 |
| shenki | Joelw: i was talking to some friends about the POODLE attack, and they were saying they still had to support Netscape 4 and IE6/7/8 | 04:17 |
| Joelw | IE7 is actually in the my work's SOE! | 04:17 |
| Joelw | -the | 04:17 |
| shenki | Joelw: yeah. and then the people using your app's sysadmins will go "but we need IE7 because the product needs it" | 04:19 |
| shenki | and so the cycle continues | 04:19 |
| shenki | :( | 04:19 |
| Joelw | Yeah, there's probably some awful software somewhere that needs upgrading :) | 04:23 |
| *** Niharika has joined #timvideos | 04:34 | |
| shenki | mithro: so with installing this vm, do you use virt-install to create the vm? | 04:45 |
| shenki | mithro: stuff like this should probably be documented :) | 04:45 |
| mithro | shenki: nope | 04:46 |
| *** CarlFK has joined #timvideos | 05:15 | |
| *** ChanServ sets mode: +v CarlFK | 05:15 | |
| *** Palash has quit IRC | 05:57 | |
| *** Niharika has quit IRC | 06:17 | |
| *** slomo has joined #timvideos | 06:30 | |
| *** slomo has quit IRC | 08:07 | |
| shenki | mithro: played with vivado tonight, trying to import the hdmi2usb ise design into it | 11:22 |
| shenki | mithro: it doesn't support mixed verilog and vhdl out of the box :/ | 11:22 |
| mithro | shenki: how did you go? | 11:22 |
| mithro | shenki: what does it support? | 11:23 |
| shenki | http://www.xilinx.com/support/answers/47454.htm | 11:23 |
| tpb | Title: AR# 47454 - Vivado Synthesis - Does Vivado Synthesis support Verilog Module instantiation in a VHDL entity via work library? (at www.xilinx.com) | 11:23 |
| *** Niharika has joined #timvideos | 12:11 | |
| *** hyades has joined #timvideos | 12:34 | |
| mithro | shenki: how much VHDL so we have? | 13:02 |
| mithro | VHDL seems to be poorly supported by FOSS tools to :( | 13:04 |
| *** flavioribeiro has joined #timvideos | 13:45 | |
| *** slomo has joined #timvideos | 14:21 | |
| *** slomo has joined #timvideos | 14:21 | |
| *** slomo has quit IRC | 14:42 | |
| cfelton | mithro: shenki: I also believe vivado webpack only supports a small number of devices. You are stuck with vivado if you want to target Zynq | 15:21 |
| cfelton | mithro: shenki: The JPEG is all VHLD - but it is not clear why VHDL version was used versus the Verilog version. | 15:22 |
| cfelton | https://www.irccloud.com/pastebin/bqYaSewt | 15:29 |
| tpb | Title: Pastebin: bqYaSewt | IRCCloud (at www.irccloud.com) | 15:29 |
| *** slomo has joined #timvideos | 15:33 | |
| cfelton | https://www.irccloud.com/pastebin/IskAwThf | 15:38 |
| tpb | Title: Pastebin: IskAwThf | IRCCloud (at www.irccloud.com) | 15:38 |
| cfelton | if you wanted to move to all verilog (or all VHDL) it shouldn't be too difficult, best of my knowledge the JPEG encoder is available in Verilog as well. Moving to all Verilog makes more sense because of the better FOSS support. | 15:40 |
| cfelton | Only a small number of files that will need to be converted if the Verilog JPEG is a drop in. | 15:40 |
| cfelton | and all the ip_cores regenerated for Verilog | 15:41 |
| *** CarlFK has quit IRC | 16:09 | |
| *** CarlFK has joined #timvideos | 16:09 | |
| *** ChanServ sets mode: +v CarlFK | 16:09 | |
| *** Palash has joined #timvideos | 16:10 | |
| *** slomo has quit IRC | 16:25 | |
| *** rohitksingh has joined #timvideos | 17:33 | |
| *** Palash has quit IRC | 17:39 | |
| *** flaviori_ has joined #timvideos | 17:50 | |
| *** flavioribeiro has quit IRC | 17:51 | |
| *** flaviori_ is now known as flavioribeiro | 18:04 | |
| *** rohitksingh has quit IRC | 18:18 | |
| *** rohitksingh1 has joined #timvideos | 18:18 | |
| *** Niharika has quit IRC | 18:38 | |
| *** Kripton has quit IRC | 18:55 | |
| *** techman83 has quit IRC | 18:57 | |
| *** techman83 has joined #timvideos | 18:58 | |
| *** ChanServ sets mode: +v techman83 | 18:58 | |
| *** Kripton has joined #timvideos | 19:03 | |
| *** tariq786 has quit IRC | 19:09 | |
| *** slomo has joined #timvideos | 20:03 | |
| *** rohitksingh has joined #timvideos | 20:42 | |
| *** rohitksingh1 has quit IRC | 20:44 | |
| *** rohitksingh2 has joined #timvideos | 20:44 | |
| *** rohitksingh has quit IRC | 20:48 | |
| *** slomo has quit IRC | 21:00 | |
| *** rohitksingh2 has quit IRC | 22:25 | |
| *** CarlFK has quit IRC | 22:41 | |
| *** CarlFK has joined #timvideos | 22:44 | |
| *** ChanServ sets mode: +v CarlFK | 22:44 | |
| *** hyades has quit IRC | 23:10 | |
Generated by irclog2html.py 2.13.1 by Marius Gedminas - find it at mg.pov.lt!