<kintel>
teepee Do they still ship desktop OpenGL drivers?
<teepee>
3 days ago, I showed the rpilocator website to a collegue which suddenly listed a 4gb version at reichelt.de (reasonable good electronics seller here)
<teepee>
arm64 on debian defaults to desktop GL in Qt
<peeps[zen]>
nice
<kintel>
That's pretty nice. I guess compatibility profile?
<teepee>
yeah, I suspect that's the default Mesa provides
GNUmoon has quit [Remote host closed the connection]
califax has quit [Remote host closed the connection]
GNUmoon has joined #openscad
califax has joined #openscad
snaked has quit [Remote host closed the connection]
snaked has joined #openscad
<kintel>
teepee Is there a short writeup somewhere on how to configure/use the CI stuff on the server?
<kintel>
I'm wondering where to set up building more variants of OpenSCAD on a regular basis, e.g. run non-experimental builds&tests, run with ctest -C All etc.
<teepee>
which is quite neat as I can add another docker container for another subdomain and it would automatically update that too
<teepee>
> "Every hour (3600 seconds) the certificates are checked and every certificate that will expire in the next 30 days (90 days / 3) are renewed."
<teepee>
uh, and fail2ban is also quite busy: |- Total banned:9091
<teepee>
| |- Total failed:102640
<teepee>
that's quite a number for not even 2 month
kintel has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Guest89 has joined #openscad
Guest89 has quit [Client Quit]
fling has quit [Remote host closed the connection]
califax has quit [Remote host closed the connection]
fling has joined #openscad
califax has joined #openscad
califax has quit [Remote host closed the connection]
califax has joined #openscad
<Scopeuk>
There are a lot of generic login bot's crawling Linux's servers, the crazy number of attempts fail2ban find on ssh for my server is crazy
fling has quit [Remote host closed the connection]
TheAssassin has quit [Remote host closed the connection]
<gbruno>
[github] kintel pushed 10 additions 7 modifications (Make tests work in non-experimental mode (#4796) * Fixed some tests which were failing in non-experimental mode
<teepee>
kintel: just to summarize my suggestion... let me know what you want to build, I'll prepare the pipeline yaml and then we'll get you up to speed deploying that to the server
<kintel>
teepee ah, sorry, dropped off and didn't read history - too much fun rerunning tests on various local envs :)
<teepee>
that's fine, summary should suffice ;-)
<kintel>
Basically, I think we need two things:
<kintel>
1. build and test OpenSCAD in non-experimental mode for master
<kintel>
2. build and test OpenSCAD with ctest -C All
<kintel>
the second, perhaps both in experimental and non-experimental mode
<kintel>
Down the road, it would be fun to run a larger number of permutations, but that's a bit more work
<teepee>
ok, so 2 or 3 pipelines, maybe even the first that are automatically triggered once a week or so
<teepee>
or if it's not taking too long, maybe even each day, the server should be mostly idle right now anyway :)
<kintel>
yeah, weekly is fine, or perhaps run each of them on a different day
<kintel>
..but first I need to get ctest -C All to work in the first place :)
<teepee>
well, the pipelines are not ready yet either :D
<teepee>
yep, good thing github limits the number of options
<teepee>
hmm, maybe I could write a ci-job to enable my mailing list subscription every night. doing that manually is getting old by now
fling has quit [Remote host closed the connection]
fling has joined #openscad
TheAssassin has quit [Ping timeout: 256 seconds]
TheAssassin has joined #openscad
<peeps[zen]>
kintel: btw dunno if you've seen yet, but there appear to be a number of -C All tests that need updating, specifically related to font changes (there was some change that normalized the fonts sizes by 102.4% or so)
<peeps[zen]>
but also a few still with green vs yellow differences
<peeps[zen]>
... and i'm suddenly getting entirely black screen GUI on nightly. trying reboot in case it was due to a graphics driver update
peeps[zen] has quit [Quit: Connection reset by peep]
<InPhase>
teepee: I had to math it to put it in context for my head. That fail2ban rate corresponds to a 50% chance of compromise over a decade for passwords of 5 random lowercase letters. :)
peeps[zen] has joined #openscad
<teepee>
ouchies :)
<teepee>
maybe I should re-check that we only have ssh enabled
<teepee>
although I'm pretty sure that's already the case
<peeps[zen]>
ok, its good again. seems to be common for everything graphics to break whenever nvidia drivers update
<InPhase>
teepee: 1
<InPhase>
oops
<InPhase>
teepee: If we used 8 character lowercase letter passwords, that stretches out to about one compromise every 652,000 years. So a bit better.
<teepee>
right, 5 character passwords are pretty much no passwords at all
<teepee>
I tend to use something between 16 to 32 auto generated
<InPhase>
These sorts of attacks are high volume low ROI attacks that pick off very low hanging fruit of pretty bad passwords.
<InPhase>
My calculation also assumes they already know the usernames.
<InPhase>
But in my log assessments on my own systems, they appear to be randomly selecting usernames as well.
<InPhase>
This is why many banks started requiring users to add a number to their username... It's stupid, but acts like extra password entropy.
<teepee>
yeah, got a new policy from a customer too, use 16 random characters, also you have to type it like 10 times an hour because there's no single sign on
<teepee>
at least you get a year to remember it, not just 3 month
<InPhase>
CorrectHorseBatteryStaple1
mmu_man has quit [Ping timeout: 258 seconds]
<teepee>
yes, I normally do something like that. the emails explicitely says "don't do that"
<teepee>
which is odd, as it seems like a good compromise
mmu_man has joined #openscad
<InPhase>
I use 5 words from the top 6562 common words. That's 1e19 combinations. Go ahead and remote brute force it, I'll wait.
<InPhase>
Do 10 per second, and that's 32 billion years.
<teepee>
that's math, those "security managers" have no sense of that, hence the stupid policies everywhere
<InPhase>
If they want password security, they shouldn't let people generate passwords, but instead should provide them with 5 word passwords made this way.
<InPhase>
It doesn't even need to exist server side. Browser-side javascript could generate these.
<kintel>
peeps[zen] Yeah, I'm working through the tests. Currently at Heavy tests, moving on to Examples after that
<InPhase>
It's trusted client only to the extent that someone could rewrite the javascript just to choose a weaker password, but no one who knows how to modify javascript to do this is going to want weaker passwords.
<teepee>
yep, or make use of 2FA
<InPhase>
Strong passwords would get us further than 2FA.
<InPhase>
Unless that other factor were something more like ssh public keys for browsers.
<teepee>
from one customer, I have a yubikey, so even if I someone steals the notebook and my password, without the yubikey there's not much login possible
<teepee>
so it does add something
<teepee>
but yeah, good passwords vs. bad passwords is a huge important first step
<InPhase>
2FA-based phishing is pretty widespread since all these 2FA rollouts.
<Scopeuk>
2fa stuff is at risk of the vista "paranoia" version of uac where users were so accustom to seeing it pop up all the time they just blindly accepted
<InPhase>
peeps[zen]: Now rbielaws went and put content in it...
<Scopeuk>
I also fully accept this was caused by bad application data storing config in program files and not program/app data but it's still the same game
<peeps[zen]>
InPhase: yeah, idk what's going on with that person
<teepee>
not a bug though, but a feature request
<teepee>
maybe not english speaking and using google translate
<teepee>
that said the english looks better than auto-translate
<teepee>
I guess we are not going to have an undo for the customizer, but a revert per parameter set seems a sensible feature request
Guest99 has joined #openscad
<InPhase>
I'm not sure if it would be even a medium priority feature. I'm not sure what workflow would benefit strongly from it.
<peeps[zen]>
does ctrl-z not work per parameter?
<peeps[zen]>
too lazy to check
<InPhase>
It does actually.
<Guest99>
I've used the projection() command and exported to svg, and the result is a single path, is there someway to break that path up in inkscape or something so I can give different parts different colors?
<InPhase>
peeps[zen]: There, commented. Now it can stay closed. :)
<InPhase>
Guest99: circle(5); translate([10, 0]) square(6); then render, then export, and I get in the svg one <path ...> but in it is two M to z defined paths.
GNUmoon has quit [Remote host closed the connection]
GNUmoon has joined #openscad
<InPhase>
Guest99: I'm not very comfortable with inkscape, but when I loaded that svg and did "Path, Break Apart" I was able to select the circle and square separately and change their colors.
<InPhase>
Before the Path, Break Apart, it was sharing the colors.
<InPhase>
If the pieces are touching, then you'll probably need something slightly more clever, like looking up how to do that in inkscape. :)
<Guest99>
ok, I think the reason I was questioning the breakapart step earlier is it was also changing the fill to black and deleting the stroke color, so it looked super broken afterwards
GNUmoon has quit [Remote host closed the connection]
GNUmoon has joined #openscad
FractOrr has joined #openscad
<FractOrr>
I have been thinking about the command line export file format options, like the options for pdf and lightburn that I have been working on. Since openscad can export multiple files from one input file I was thinking that you could have the command like so:
<FractOrr>
I started on this and have it parsing the -F command line options into a array of structs of { format. option, value } and was just starting converting that into the map of maps
<teepee>
yeah, that should cover most cases. I suppose if we ever have more complex cases, we may need another option for passing a json or yaml or something
<teepee>
hmm, map of maps sounds scary :)
<FractOrr>
easier way of storing that type of structured data?
<FractOrr>
and yes from what I have looked up map of maps does not look so easy
<teepee>
easier storage yes, but you never know what you get when reading
<JordanBrown_>
It was very tempting to add a comment to #4807 that said "Yes". But I resisted.
<teepee>
so maybe instead of a structure it could be a class and be responsible for setting their own options
fling has joined #openscad
<JordanBrown_>
I did do some experiments and added some notes. Ctrl-Z does work, sort of, but it's ragged.
<JordanBrown_>
InPhase for passwords, I tried using Diceware but I didn't like the words it used so I made my own word list, 1024 common 4-letter words. Nice tidy ten bits of entropy per word. A bit more verbose than some variations, but always easy words.
<JordanBrown_>
beam hook desk mile blew
<JordanBrown_>
tale flat scar vale omit
<JordanBrown_>
Five words is 50 bits; 8 random printable ASCII characters is 52.5 bits.
fling has quit [Remote host closed the connection]
fling has joined #openscad
<JordanBrown_>
10 random lower case alphanumerics is 52 bits.
<FractOrr>
class are used now for the UI and work great but not sure how you get command line options into a class with multiple exports available, that is why I was thinking map of maps
<JordanBrown_>
But I think "rags herb peal doth boot" is easier to remember and type than "%K(uokAm" or "rpt5qchvyy".
<teepee>
structs *are* classes essentially, so you could just add something like pdfoptions.parse_option() and lbrnoptions.parse_option()
misterfish has quit [Ping timeout: 255 seconds]
<JordanBrown_>
Are classes first-class in C++? Can you put a class into a variable, and then instantiate it?
<JordanBrown_>
map-of-maps is simple enough, but not does not detect errors well. You want to detect "pfd.pagesize" and "lbrn.speeed".
<teepee>
simple to put stuff in, not so simple to get out
<teepee>
so I think it's not a good choice for this specific case
<JordanBrown_>
Simple to get out, just map["pdf"]["pagesize"].
<JordanBrown_>
But I agree not a good choice.
<teepee>
no, it's not simple as this will crash if the value is not there
<JordanBrown_>
Ah, need to check.
<JordanBrown_>
But still not hard.
<teepee>
not hard, hard is not the opposite to the simple I'm takling about, but messy and verbose
<teepee>
I think the verbose and checking and default handling should be on the single place where it's parsing the input
<teepee>
once parsed, the structure is complete, validated and needs no more type conversions or checks
<JordanBrown_>
yes
kintel has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<JordanBrown_>
Building such a general-purpose infrastructure does not seem _hard_, but seems like more than I want to do in chat.
<JordanBrown_>
Hmm. Should it reject an option for an export that you're not doing?
GNUmoon has quit [Remote host closed the connection]
<teepee>
I'd say no, just ignore
GNUmoon has joined #openscad
<FractOrr>
I don't think it would need to reject it, it would just not be used
<JordanBrown_>
Argument for error: they might have forgotten the -o.
<JordanBrown_>
Argument for ignore: allow use of command aliases to set personal defaults.
Guest20 has joined #openscad
<JordanBrown_>
Something like having each exporter register its name and a list of { param-name, parse-function, void *resulting-data-pointer }, pointing into its structure (or simple global variables). Or maybe a map of param-name : { parse-function, resulting-data-pointer }. parse-function would normally be
<JordanBrown_>
t cetera, but could be custom. Maybe have a void *parse-function-arg for passing arguments to the parse function (e.g. a list of options for a choose-one parser).
<JordanBrown_>
common functions like "parse_int", "parse_string", e
<JordanBrown_>
My C++ is not strong enough to know if that's the crispest design, but something like that would work.
HumanG33k has quit [Ping timeout: 240 seconds]
<InPhase>
JordanBrown_: I used my password generator for handing out starter passwords to new users at work. But unlike your approach, I actually had to REMOVE a bunch of 4 letter words.
<JordanBrown_>
why?
<JordanBrown_>
InPhase^
mmu_man has quit [Read error: Connection reset by peer]
<teepee>
I would not mind some registration logic, but I would not see a simpler solution as show-stopper. like with PDF starting with a simpler solution we at least got one
<teepee>
which we can now build on
mmu_man has joined #openscad
<InPhase>
JordanBrown_: Because some 4 letter words give you some very profane passwords. :)
<teepee>
FractOrr: what's your view? I would not want to impose too much restrictions as I think the export feature is too useful to lose it due to complex requests not directly associated with the export code
<JordanBrown_>
teepee, FractOrr: a scheme like I describe seems like a few hours' work. But maybe I'm being over-optimistic.
<JordanBrown_>
InPhase: well, don'
<JordanBrown_>
t include *those* words.
fling_ has joined #openscad
fling has quit [Ping timeout: 256 seconds]
<JordanBrown_>
I don't remember exactly how I derived my list, but I think I started from a list of most-common words, filtered for being four letters, filtered for being actual words, and stuff like that, including manually inspecting the list.
<InPhase>
JordanBrown_: I built my list by consolidating many lists of common words, and cleaning it up a bit. It's a pretty good list.
<JordanBrown_>
I liked the tidiness of them all being four letters and of having 1024 (and thus 10 bits per word).
<JordanBrown_>
I have to wonder whether including "Orientation" and similarly long words is worth it, in terms of bits of entropy per letter.
<InPhase>
Well, you'd need 7 of those 4 letter words to get to the same scale.
teepee has quit [Ping timeout: 256 seconds]
teepee_ is now known as teepee
<JordanBrown_>
Same scale as...?
<InPhase>
Entropy level.
fling_ is now known as fling
<JordanBrown_>
No, I got that. 7 of my four letter words is the same as how many of yours?
<InPhase>
Well, 6 of yours is worse than 5 of mine, 7 of yours is better than 5 of mine.
<JordanBrown_>
What's the average length of your words?
<InPhase>
Bash hackery is processing it...
<InPhase>
Median 7, mean 6.70, standard deviation 2.27
<JordanBrown_>
And you have about 6500 words?
<InPhase>
Length range 1 to 14.
<InPhase>
6562 words
<JordanBrown_>
about 12.7 bits per word, about 1.9 bits per letter.
<JordanBrown_>
I'm at 10 bits per word and 2.5 bits per letter.
<InPhase>
Show some samples?
<JordanBrown_>
Of mine?
<InPhase>
Of length 7, let's say.
<InPhase>
Yeah.
<JordanBrown_>
walk spot envy ours rags help call
<JordanBrown_>
crop walk ever sets glow tear lust
<JordanBrown_>
lest soft hunt tops type lick bold
<JordanBrown_>
meek yarn gain wife down gods lead
<InPhase>
So they are faster to type on average, but I think they are harder for me to remember.
<InPhase>
There's better chunking for me in the 5 word sequences.
<JordanBrown_>
Hard to say for sure.
<InPhase>
Like, I don't have to remember how to spell Orientation.
<JordanBrown_>
Indeed, fewer words is probably easier.
<InPhase>
I already have that down from past experiences. :)
<JordanBrown_>
Yes, but do you know what it originally means? :-)
<InPhase>
lol, yes, I do.
<JordanBrown_>
ooh, I just found an interesting variation; M-W says that an archaic meaning of "orient" is "rising in the sky". Now I have to go look at my OED.
<InPhase>
Also, a lot of the ones mine generates give me semantic depth that I can latch onto for memorability. Like, WeepPriestNegotiationNuclearVariation gives a good story I can picture. :)
<InPhase>
PledgeBicycleNoticeThreatenGrocery Another story.
<InPhase>
And if you generate a small handful and cherry pick the most memorable, you are shaving very small amounts of entropy off even under the assumption that a password cracker could rapidly guess what you consider memorable.
<JordanBrown_>
Huh. I knew that "orient" tied to "east", but I didn't know one step deeper than that, that it ties to "rising sun".
<JordanBrown_>
From Latin "oriens", which Google Translate translates as "rising".
<JordanBrown_>
or "dawn" or "sun-god".
<JordanBrown_>
Just don't ever pick a word set that forms an actual sentence or sentence fragment that anybody has ever published, because that's a much smaller corpus.
<JordanBrown_>
I experimented with a generator that would try to form plausible sentences, by picking something like "adjective noun adverb verb adjective noun", but I wasn't very happy with the results.
<JordanBrown_>
I am sad that even with glasses I now have trouble reading the text of my Compact OED.
<JordanBrown_>
But, while we're talking about #4478, did you see that it now has an object comprehension syntax and a computed key syntax?
<InPhase>
JordanBrown_: I did not. I am woefully on behind on giving that the serious attention I think it deserves, for piles of reasons I don't want to enter into a logged channel. But it is moving up the list. :)
<InPhase>
JordanBrown_: I actually kept your tab open from your last email for a very long time, until a Thunderbird upgrade broke all my open tabs.