IRC Log for #openid on 2009-05-19

Timestamps are in UTC.

  1. [00:14:29] * josephholsten (n=josephho@ip68-0-70-106.tu.ok.cox.net) has left #openid
  2. [00:27:29] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) has joined #openid
  3. [00:44:58] * nairb (n=bvaughan@119.75.43.62) Quit (Read error: 104 (Connection reset by peer))
  4. [00:45:25] * nairb (n=bvaughan@119.75.43.62) has joined #openid
  5. [00:45:26] * McFloon (n=grogn@97-125-85-40.eugn.qwest.net) has joined #openid
  6. [00:45:31] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  7. [00:45:34] <McFloon> h e y g u y s
  8. [00:53:10] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) Quit ("Lost terminal")
  9. [01:25:23] <flaccid> kephra javascript is not required to do openid.
  10. [01:25:56] <flaccid> kephra see 3rd paragraph: http://openid.net/specs/openid-authentication-2_0.html
  11. [01:26:13] <flaccid> kephra so fault of the implementor
  12. [01:26:18] <kephra> so its a fault of lindenlab (secondlife) implemenation to require javascript to login xstreetsl
  13. [01:26:24] <flaccid> totally
  14. [01:26:44] * kephra is offering l$10k (25euro) for an exploit ;-)
  15. [01:26:57] <kephra> just to show it the lindens ... not to use it myself
  16. [01:30:34] <flaccid> that not going to fix the javascript dependency/inaccessibility
  17. [01:30:58] <kephra> to explain the situation: linden labs integrated xstreetsl ... and used openid for login
  18. [01:31:14] <kephra> its not possible to login without allowing java script globally in firefox
  19. [01:31:20] <flaccid> URI ?
  20. [01:31:35] <kephra> this sucks ... sounds like cross site scripting ... and reverse cross site scripting
  21. [01:31:49] <kephra> and is especially bad as both sites are dealing with money ;-(
  22. [01:32:08] <flaccid> sounds like speculation. do you have a POC for that?
  23. [01:32:43] <McFloon> someone give me a good link
  24. [01:33:08] <kephra> https://www.xstreetsl.com/modules.php?name=Forums&file=index <- thats the forum
  25. [01:33:42] <McFloon> ok thanks
  26. [01:34:49] <flaccid> yeah thats bad design. doesn't mean there is an exploit. it would be more productive to contact them and ask that they review their implemenation to remove the js dependency etc.
  27. [01:35:45] <kephra> well ... its just speculation, that xstreetsl and therefore secondlife is vulnerable to cross site scripting attacks, if they force one to allow java scripts globally ... because the scripts are distributed over several domains ;(
  28. [01:35:55] <flaccid> as it is powered by phpBB, im sure there is actually openid module/plugin available
  29. [01:36:12] <flaccid> yeah its totally speculation.
  30. [01:36:36] <kephra> but forcing to enable javascript to login, is a bad idea, imho
  31. [01:36:37] <flaccid> kephra link them to http://phpbbopenid.com/
  32. [01:36:53] <flaccid> yes i totally agree. but unless you contact them, i don't see anything changing.
  33. [01:37:14] <kephra> well ... contacting them is for the trashcan ;(
  34. [01:37:30] <flaccid> kephra i just tested http://phpbbopenid.com/ and you certainly don't need js to login there..
  35. [01:37:46] <flaccid> don't expect anything to change then :)
  36. [01:38:19] <kephra> so, i fear, they only way to force them to change it would be to show them an exploit
  37. [01:38:34] <flaccid> so you did contact them ?
  38. [01:38:38] <kephra> yes
  39. [01:38:46] <flaccid> what was the reply
  40. [01:38:50] <kephra> and there was a 'discussion' before
  41. [01:38:55] * dwhittle (n=dwhittle@nat/yahoo/x-f57b0da9d69d8fa4) has joined #openid
  42. [01:39:11] <kephra> linden announced they want to implement, and want people to tell what they think
  43. [01:39:30] <kephra> a lot of people told that its a bad idea that xstreetsl is using same password as secondlife
  44. [01:39:40] <McFloon> my browser got stuck. I think I need to relaunch it
  45. [01:39:41] <kephra> end of discussion ... linden implemented it
  46. [01:40:02] <flaccid> well i'll leave you to do whatever you want then, its a free world
  47. [01:40:10] <kephra> about 200 postings ... only 3 from the official side
  48. [01:41:30] <flaccid> well good luck whatever you do
  49. [01:52:47] <flaccid> can someone please explain to me why there are two wiki's on openid.net ?
  50. [01:52:58] * nairbv (n=bvaughan@119.75.43.62) has joined #openid
  51. [01:52:58] <flaccid> wiki2008 and wiki. which redirects to pbworks??
  52. [01:53:45] <flaccid> the pbwork one is maintained by chris messina is claimed to supesede the other. i really think we are doing well at confusing people here!
  53. [01:55:24] <McFloon> re nairb
  54. [02:10:13] * nairb (n=bvaughan@119.75.43.62) Quit (Read error: 110 (Connection timed out))
  55. [02:10:57] <McFloon> and bye again
  56. [02:14:44] <McFloon> apu was just a cardboard cutout all this time
  57. [02:49:29] * dwhittle (n=dwhittle@nat/yahoo/x-f57b0da9d69d8fa4) Quit ("Im gone.")
  58. [03:37:14] * daleolds (n=daleolds@206.81.133.96) has joined #openid
  59. [04:53:09] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) has joined #openid
  60. [05:15:39] * xpo (n=xpo@bearstech/xpo) has joined #openid
  61. [05:35:19] * xpo_air (n=xpo@bgl93-2-82-226-41-47.fbx.proxad.net) has joined #openid
  62. [05:35:19] * xpo (n=xpo@bearstech/xpo) Quit (Read error: 54 (Connection reset by peer))
  63. [05:47:22] * benblack (n=bb@dsl254-017-242.sea1.dsl.speakeasy.net) has joined #openid
  64. [05:51:04] * xpo_air is now known as xpo
  65. [06:05:17] * xpo (n=xpo@bearstech/xpo) Quit ()
  66. [06:27:36] * benblack (n=bb@dsl254-017-242.sea1.dsl.speakeasy.net) Quit ("Leaving...")
  67. [06:32:20] * xpo (n=xpo@bearstech/xpo) has joined #openid
  68. [06:52:29] * daleolds (n=daleolds@206.81.133.96) has left #openid
  69. [06:52:55] * xpo (n=xpo@bearstech/xpo) Quit ()
  70. [07:32:23] * xpo (n=xpo@bearstech/xpo) has joined #openid
  71. [07:32:31] * jochen_ (n=jochen@router.begen1.office.netnoc.eu) has joined #openid
  72. [07:32:45] * jochen_ (n=jochen@router.begen1.office.netnoc.eu) Quit (Remote closed the connection)
  73. [07:32:53] * jochen_ (n=jochen@router.begen1.office.netnoc.eu) has joined #openid
  74. [07:37:35] * Hans (n=Hans@62.58.252.162) has joined #openid
  75. [07:59:48] * Hans_ (n=Hans@62.58.252.162) has joined #openid
  76. [08:00:01] * Hans_ (n=Hans@62.58.252.162) Quit (Client Quit)
  77. [08:01:31] * Hans_ (n=Hans@62.58.252.162) has joined #openid
  78. [08:16:13] * Hans (n=Hans@62.58.252.162) Quit (Read error: 110 (Connection timed out))
  79. [08:32:46] * McFloon (n=grogn@97-125-85-40.eugn.qwest.net) Quit (Read error: 110 (Connection timed out))
  80. [08:42:59] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) has joined #openid
  81. [08:47:33] * daedeloth (n=daedelot@ip-81-11-183-64.dsl.scarlet.be) has joined #openid
  82. [09:01:54] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) Quit ("Streamy (http://www.streamy.com/)")
  83. [09:59:27] * stub (n=stub@212.121.255.38) has joined #openid
  84. [12:18:38] * flaccid (n=chris@124-170-120-142.dyn.iinet.net.au) Quit (Read error: 110 (Connection timed out))
  85. [12:47:08] * stub (n=stub@canonical/launchpad/stub) Quit ("Leaving.")
  86. [12:58:41] * shigeta (n=shigeta@124.32.114.226) Quit ("Leaving...")
  87. [14:14:46] * Stem (n=Adium@163.5.245.253) has joined #openid
  88. [14:15:01] * Stem (n=Adium@163.5.245.253) has left #openid
  89. [14:20:30] * qwp0 (n=qwp0@193.87.160.222) has joined #openid
  90. [14:25:18] * qwp0 (n=qwp0@193.87.160.222) Quit (Remote closed the connection)
  91. [14:46:55] * stub (n=stub@212.121.255.38) has joined #openid
  92. [14:56:04] * Hans_ (n=Hans@62.58.252.162) Quit ("dada")
  93. [15:02:54] * xpo (n=xpo@bearstech/xpo) Quit ()
  94. [15:03:50] * daleolds (n=daleolds@206.81.133.96) has joined #openid
  95. [16:05:55] * stub (n=stub@canonical/launchpad/stub) Quit ("Leaving.")
  96. [16:09:42] * benblack (n=bb@dsl254-017-242.sea1.dsl.speakeasy.net) has joined #openid
  97. [16:13:05] * jochen_ (n=jochen@router.begen1.office.netnoc.eu) Quit (No route to host)
  98. [16:19:05] <GabeW> hey folks is there an #iiw irc channel
  99. [16:22:46] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  100. [16:31:53] <keturn> oh man, is it iiw time again? I guess it is
  101. [16:32:02] <keturn> say hi for me
  102. [16:42:36] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) has joined #openid
  103. [16:45:19] * Daverix (n=daverix@c-cfabe655.148-7-64736c12.cust.bredbandsbolaget.se) has joined #OpenID
  104. [16:45:53] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) Quit (Client Quit)
  105. [16:48:09] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) Quit ("Leaving")
  106. [16:58:44] * daleolds (n=daleolds@206.81.133.96) has left #openid
  107. [17:03:03] * kephra (n=kraehe@91-66-12-150-dynip.superkabel.de) has left #openid
  108. [17:15:09] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Read error: 113 (No route to host))
  109. [18:49:36] * xpo (n=xpo@bearstech/xpo) has joined #openid
  110. [19:03:45] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  111. [19:21:03] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  112. [19:25:30] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  113. [19:32:42] * denisb (n=denisb@250.139.98-84.rev.gaoland.net) has joined #OpenID
  114. [19:32:50] * denisb (n=denisb@250.139.98-84.rev.gaoland.net) has left #OpenID
  115. [19:44:30] * daleolds (n=daleolds@137.65.228.53) has joined #openid
  116. [19:52:23] * daleolds (n=daleolds@137.65.228.53) has left #openid
  117. [20:01:48] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Success)
  118. [20:13:47] * daleolds (n=daleolds@137.65.228.53) has joined #openid
  119. [20:14:09] * thesmith (n=bens@78-86-7-25.zone2.bethere.co.uk) has joined #openid
  120. [20:45:03] * daleolds (n=daleolds@137.65.228.53) has left #openid
  121. [20:52:51] * daleolds1 (n=daleolds@137.65.228.53) has joined #openid
  122. [20:56:40] * thesmith (n=bens@78-86-7-25.zone2.bethere.co.uk) Quit ()
  123. [21:15:04] * thesmith (n=bens@78-86-7-25.zone2.bethere.co.uk) has joined #openid
  124. [21:18:37] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) has joined #openid
  125. [21:18:51] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) Quit (Remote closed the connection)
  126. [21:21:22] * Daverix (n=daverix@c-cfabe655.148-7-64736c12.cust.bredbandsbolaget.se) Quit ("Ex-Chat")
  127. [21:25:06] * daleolds1 (n=daleolds@137.65.228.53) has left #openid
  128. [21:28:44] * xpo (n=xpo@bearstech/xpo) Quit ()
  129. [22:15:34] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) has joined #openid
  130. [22:33:55] * racl101 (n=racl101@d75-158-56-64.abhsia.telus.net) has joined #openid
  131. [22:44:09] <racl101> Hi everybody, I'm a newb wishing to implement openid into a PHP login system and I was wondering if there were any good tutorials or blogs that explained how to create this (or something similar) using the JanRain PHP OpenID Library? Please bear with my ignorance.
  132. [23:06:33] * Tykling (i=tykling@gibfest.dk) has left #openid
  133. [23:24:05] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) has joined #openid
  134. [23:28:22] * daedeloth_ (n=daedelot@ip-81-11-172-53.dsl.scarlet.be) has joined #openid
  135. [23:29:35] * brian_ (n=bvaughan@119.75.43.62) has joined #openid
  136. [23:30:27] * nairbv (n=bvaughan@119.75.43.62) Quit (Read error: 104 (Connection reset by peer))
  137. [23:35:30] * daedeloth_ (n=daedelot@ip-81-11-172-53.dsl.scarlet.be) Quit (Remote closed the connection)
  138. [23:43:14] * daedeloth (n=daedelot@ip-81-11-183-64.dsl.scarlet.be) Quit (Read error: 110 (Connection timed out))
  139. [23:58:36] * daleolds (n=daleolds@137.65.156.63) has joined #openid
  140. [23:59:24] * singpolyma (n=singpoly@w229.z065106072.sjc-ca.dsl.cnc.net) Quit ("Lost terminal")

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.