**** BEGIN LOGGING AT Mon Nov 16 02:59:56 2020 Nov 16 05:17:33 well, thats new on tmo: Nov 16 05:17:36 Content Encoding Error Nov 16 05:17:39 The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression. Nov 16 05:17:43 Please contact the website owners to inform them of this problem. Nov 16 05:18:13 xes? Nov 16 05:48:13 > MySQL Error : The table 'vb3_session' is full Nov 16 05:48:50 Though I'm interested in why Firefox gets that content encoding error. Nov 16 05:53:37 Oh, I see. Nov 16 05:53:43 Content-Encoding: gzip^M Nov 16 05:53:48 but the response is not gzip. Nov 16 05:55:36 Annoying how Firefox's developer tools behaves with such errors; it just says "No headers for this request", so can't see the request or response headers. Nov 16 08:44:26 KotCzarny: hi! tmo is up again Nov 16 08:56:17 sweet Nov 16 09:10:13 thanks! Nov 16 09:10:14 :) Nov 16 09:15:53 what caused the problem? Nov 16 09:30:23 i am getting "too busy" on tmo Nov 16 09:32:45 are you sure this bootloop isn't a faulty battery. I mean unless your doing silly things to root I wouldn't expect bootloops to occur. Maybe there is some unusual hardware fault. Nov 16 09:32:49 ~bootloop Nov 16 09:32:50 i guess bootloop is when your device has broken rootfilesystem, so during reboot it fails on some service startup or kernel module load and thus reboots. This *drains* battery! And you can't reflash to stop bootloop when battery is drained. Recharge your battery by other means before reflashing. E.g. using ~rescueOS. Or external charger or BL-5J compatible other device. Nov 16 10:05:51 notice: tmo web service has been stopped while monitoring the storm in progress Nov 16 10:19:37 ddos? Nov 16 10:20:28 oh maybe broken db? from posts above Nov 16 10:27:15 nope. storm of requests. At the moment is again active only with https Nov 16 10:45:35 https://sneak.berlin/20201112/your-computer-isnt-yours/ Nov 16 10:45:36 nice Nov 16 10:49:06 "Dear Frog, This Water Is Now Boiling" <3 Nov 16 11:10:53 KotCzarny: sneak.berlin doesn't understand OCSP. https://blog.jacopo.io/en/post/apple-ocsp/ has a more detailed writeup. Nov 16 11:11:37 warfare: idea is its not about ocsp, its about sending it unencrypted, which allows spying by 3rd parties Nov 16 11:12:07 ocsp has to be unencrypted because using a tls connection would require another ocsp request. Nov 16 11:12:58 which essentially makes it privacy hole Nov 16 11:15:50 Well, you could add some fake ocsp requests, but all in all, you have to start somewhere ;) Nov 16 11:27:13 Presumably you could just expect the OCSP server to include a stapled OCSP response. Nov 16 11:28:44 I suspect it's not encrypted because there are plenty of other ways of finding that information. Nov 16 11:29:38 eg, most obviously SNI, but afaik the server certificate itself is sent unencrypted when establishing a TLS connection. Nov 16 11:32:36 I can confirm that at least by default by looking at `strace openssl s_client -connect google.com:443` Nov 16 11:42:21 I'm not certain OCSP here refers only to OCSP as we know it in the ssl/tls context Nov 16 11:43:14 as in, they use it to check dev/app certs/sigs as well Nov 16 11:43:48 there is basically no reason to send those requests as plaintext Nov 16 12:11:18 There is. TLS overhead time- and cpuwise. And actually I don't care if my os checks every now and then (because the result is cached) if certain developer certificates are still valid. Nov 16 12:12:02 Also, you can't use existing OCSP implementations and would have to roll your own. And thats always a bad idea with anything crypto related. Nov 16 12:38:04 for this part they probably 1. implemented by themselves already 2. probably just relay the http(s) request to another layer Nov 16 21:51:15 xes, thanks for fixing TMO Nov 16 21:51:59 (once more) **** ENDING LOGGING AT Tue Nov 17 02:59:56 2020