Fork me on GitHub
#clojure-uk
<
2019-10-02
>
thomas07:10:59

morning folks

mccraigmccraig08:10:35

anyone know of a nice paste service with editor plugins which is also infosec friendly - i.e. no public option and mandatory aging/expiry ?

dominicm08:10:18

Editor friendly is the curl compatible stuff

dominicm08:10:07

pastebinit maybe?

dominicm08:10:14

Seems to support expiration

dominicm08:10:54

wgetpaste too, that's more famous

mccraigmccraig09:10:22

what i'm particularly after is for the service to have no options to do silly stuff - i.e. pastes will always be private and pastes will always be expired, no options for accidents or misconfiguration (i've got ptsd after some stuff was pasted to a public gist)

😬 4
mccraigmccraig09:10:46

'cos we can mandate and monitor "use this paste service" easily enough, but "configure your client this way" is much harder

dharrigan09:10:47

I use termbin

dharrigan09:10:55

alias tbc="netcat 9999 | tr -d '\n' | xclip -selection c"

dharrigan09:10:08

of course, I live on the command line

dharrigan09:10:25

Life span of single paste is one month. Older pastes are deleted.

dharrigan09:10:15

If you're up for it, you could run your own pastebin service and lock it down as appropriate

dharrigan09:10:43

so cat all-the-usernames-and-unencrypted-unhashed-passwords-in-the-entire-world.txt | tbc

dharrigan09:10:45

that sorta thing

Conor09:10:04

What is the usecase, though? Why are plaintext credentials being put anywhere even vaguely public?

mccraigmccraig09:10:05

@conor.p.farrell they should not be, it was an accident - some creds were exposed in an ex-info message (this will be fixed), and pasted without thought. since the best security approaches are multi-layered, i'm looking to also negate the impact of accidental posting

Conor09:10:30

This might be too 'galaxy brain', but just stop people making gists rather than trying to find a secure gist service? I personally don't feel the need to use any when I'm working remotely

mccraigmccraig09:10:04

how do you share snippets then ? i find gist-like things with editor plugins remarkably useful

jasonbell09:10:21

If Keybase did editor plugins…..

mccraigmccraig09:10:16

@jasonbell that would be nice - i did look at keybase, but you can't link to content, so it's not much good for pasting

Conor09:10:06

We use Teams (which is bad) but it does the job for sharing error messages or what have you

mccraigmccraig09:10:17

@conor.p.farrell we use our own comms product, but it's not oriented towards code-sharing at all, and the only users for code-sharing type features (i.e. sane formatting) would be us, so it's never going to be a high priority to implement

jasonbell10:10:01

@mccraigmccraig that’s a shame because it would make an excellent plugin.

alexlynham10:10:39

It's a shame keybase doesn't do slack like snippets

maleghast11:10:28

Or was it .org..?

folcon17:10:34

Anyone doing matrix stuff? Is core.matrix still being used?

folcon17:10:45

and or maintained..

otfrom19:10:56

Lots of data science stuff happening under the scicloj banner now

folcon21:10:53

Thanks for the tip! 😃