These are chat archives for arenanet/api-cdi

9th
Dec 2016
Michael Dougall
@madou
Dec 09 2016 03:20 UTC
:thumbsup: thx @lye
Archomeda
@Archomeda
Dec 09 2016 04:04 UTC
@lye, do we have pvp only bits for skills and traits in the api?
Defense Field says it doesn't :(
PvE and PvP
Archomeda
@Archomeda
Dec 09 2016 04:09 UTC
oh come on gitter, just let me escape the ) at the end of the link instead of using %29 :unamused:
also NoData :D
    {
      "text": "Reflects Missiles",
      "type": "NoData",
      "icon": "https://render.guildwars2.com/file/9352ED3244417304995F26CB01AE76BB7E547052/156661.png"
    }
oh, and regarding https://forum-en.guildwars2.com/forum/game/pvp/Upcoming-Changes-to-Skills
they are mentioning healing multipliers, since you added the damage multipliers recently, what's the state of this one?
Archomeda
@Archomeda
Dec 09 2016 05:10 UTC
@queicherius nice console.log on gw2e: Next daily reset: 67820611 seconds
David Reeß
@queicherius
Dec 09 2016 07:35 UTC
@Archomeda :+1:
ChieftainAlex
@ChieftainAlex
Dec 09 2016 07:43 UTC
@lye :point_up: December 8, 2016 9:37 PM - that's what I thought until I looked at Rata Sum: Floor 0 is ground, floor 1 is one above ground, floor 2 is two above ground, ... and surprise: floor 3 is basement level.
David Reeß
@queicherius
Dec 09 2016 07:49 UTC
I tried to add emojis to my Github labels, turns out you cant do that. :disappointed:
Archomeda
@Archomeda
Dec 09 2016 11:27 UTC
@ChieftainAlex it does show this order on the api though:
  "floors": [
    3,
    0,
    1,
    2
  ],
so i suppose the array is from bottom floor to top floor
Archomeda
@Archomeda
Dec 09 2016 11:54 UTC
also, i just noticed... this repo has 103 branches :scream:
@Archomeda I think it's only PvE bits; not sure how to add PvP to the structure ;_;
RE: Healing multipliers, not actually sure what the current status of those are.
I should probably clean up some of the old branches :|
Edgar Doiron
@Coffee4cr
Dec 09 2016 19:14 UTC
friday :clock5: is coming soon
I do have some things to deploy.
But nothing interesting.
ChieftainAlex
@ChieftainAlex
Dec 09 2016 19:31 UTC
so germans really use "," for the decimal separator, and "." for the thousands?..
they're not unique there, the french do the same thing
Edgar Doiron
@Coffee4cr
Dec 09 2016 19:37 UTC
yep
why do we use seperators thouhg?
are people just lazy
well for decimal, alright
but for thousands
we should just use d it's universal. Buy this broom for 10d99, but if you call now we'll make that a broom and a mop for 11d99 plus shipping!
or do like GW and use gold silver copper :P
take 4d20 constitution damage
Edgar Doiron
@Coffee4cr
Dec 09 2016 19:40 UTC
haha
oh man, that's a double sense sentence
:>
Edgar Doiron
@Coffee4cr
Dec 09 2016 19:41 UTC
did you use it for 420 or actual 4d20 :P
actual 4d20 but my number choices are always dank
Archomeda
@Archomeda
Dec 09 2016 19:45 UTC
most of europe use "," as decimal separator mostly as far as i know
hmm...
it really depends what pvp can change compared to pve
you can basically swap out the skills entirely
some of the skills are swapped out entirely
Eearslya Sleiarion
@Eearslya
Dec 09 2016 19:47 UTC
/v2/skills/pvp go
honestly the amount of dickery that the API does to reformat the skill data is crazy
@Eearslya it's an option :<
Eearslya Sleiarion
@Eearslya
Dec 09 2016 19:49 UTC
Or /v2/skills/:id?gamemode=pvp
darthmaim
@darthmaim
Dec 09 2016 19:57 UTC
/v2/skillz return {pve: {...}, pvp: {...}}
Archomeda
@Archomeda
Dec 09 2016 19:59 UTC
/v2/pvp/skills :D
i don't know if there are wvw only skills too :(
the way the stuff is laid it, it looks like there could be but I'm pretty sure there aren't
it basically switches on the map type (pve/pvp/wvw) among other things
i should have just exposed the raw data, orz
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:03 UTC
I...-vaguely- recall some skill being nerfed in WvW
I can't remember.
ChieftainAlex
@ChieftainAlex
Dec 09 2016 20:06 UTC
sorry the context there was I realised when viewed in a european language basically any wiki template computing vendor prices breaks ><
pretty glad the api doesn't do that
Archomeda
@Archomeda
Dec 09 2016 20:08 UTC
/v2/pvp/traits too :P
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:10 UTC
Are PvP runes exposed in /items?
they should be, iirc
I should make /v2/pvp/runes or something
that has the costs and such
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:32 UTC
PvP runes cost?
unlock costs
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:32 UTC
Huh. Shows how much I PvP.
Nabrok
@Nabrok
Dec 09 2016 20:38 UTC
Some do. There's a large selection of free ones.
@lye is achievement earned date something that's tracked? could it be included in the api?
IIRC there isn't -- it's just stores the most recent N achievements
I can double-check, but I'm 95% sure
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:42 UTC
omg
this made me laugh
look at how he just buys it outright, doesn't give a fuck in the world
@Nabrok yeah, it only stores the most recent 3 achievements. The unlock times for everything else aren't anywhere.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:44 UTC
oh my god XD
Nabrok
@Nabrok
Dec 09 2016 20:44 UTC
I have so many repair cannisters and use them so rarely I can't imagine ever needing that permanent one.
Ah, thanks for looking @lye
Also the most recent 3 aren't total unlocks -- any tier completion will push it onto the queue. The queue doesn't store the unlock time even.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:45 UTC
Look at all the other permanent stuff too, wow
I didn't even know infinite primers existed
@Coffee4cr I'm not sure why he didn't just buy a single-use off the store :|
fewer clicks to buy the permanent I guess
Nabrok
@Nabrok
Dec 09 2016 20:46 UTC
yeah, he had over 1000 gems
even without gems -- would have been what? 70 gold?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:46 UTC
I guess he figured it wasn't gonna be a one-time issue
I'm guessing by the way he searched his inventory and had a blank account slot
He may have run out of canisters
problem solved
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:47 UTC
And was just like "screw it, never again"
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:47 UTC
lol
well that's basically why I got infinite tools
was tired of seeing the you ran out of charges message
I mean, the amount you'll need to farm to recoup the cost... you'll never reach that
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:48 UTC
I have infinite tools, both salvage-o-matics, a royal terrace pass and a rata sum portal scroll (best item ever)
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:48 UTC
nice
I have tools, both salvage, and a home instance
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:49 UTC
Home instance is tempting but..I've already got the rata sum scroll
Nabrok
@Nabrok
Dec 09 2016 20:49 UTC
Well, infinite tools are cheaper than 1000g
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:49 UTC
yeah
:P
but for all 3? it should be close
no?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:49 UTC
1000g = 3874gems
Nabrok
@Nabrok
Dec 09 2016 20:49 UTC
For a long time I bought every different gathering tool that came out.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:49 UTC
Jesus
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:49 UTC
they're 1000 gems each
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:50 UTC
It always irked me that they made them 1000 gems
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:50 UTC
me too
too rich for my blood
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:50 UTC
In the middle of their gem-buying tiers
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:50 UTC
cause you can only buy them in 800 chunks
no?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:50 UTC
Yep
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:50 UTC
unless you do gold to gems
Nabrok
@Nabrok
Dec 09 2016 20:51 UTC
I have 6 characters with their own set of 3 infinite tools, and a couple others with 1 or 2.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:51 UTC
I probably would have bought more if they were at 800, or if they made a 1000 purchase tier
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:51 UTC
@Nabrok wow!
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:51 UTC
I only ever play my rev, so I'm lucky that I only need 3 XD
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:51 UTC
@Eearslya I think 800 gems is the price they are at now, when they're on sale
Nabrok
@Nabrok
Dec 09 2016 20:52 UTC
I have a bunch of copper-fed kits too (now mostly useless as I just keep one in a shared slot), but I never bought a silver-fed kit.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:52 UTC
yeah I only play my Ele so everything goes on him
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:52 UTC
I wonder if you could get refunds for the kits
Nabrok
@Nabrok
Dec 09 2016 20:52 UTC
Bought them too long ago.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:52 UTC
@Eearslya yes you can
man I'm not gonna lie, I'd buy a silver-fed with the shared account slot
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:53 UTC
I wanna buy shared account slots :(
Nabrok
@Nabrok
Dec 09 2016 20:53 UTC
I was going to buy one, but it wasn't on the store last I looked.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:53 UTC
but those are pricey
it hasn't been on there for awhile
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:53 UTC
for the use i would have for them
Nabrok
@Nabrok
Dec 09 2016 20:53 UTC
But, mystic kits are almost as good.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:53 UTC
they are
but they have 250 charges instead of infinite :P
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:54 UTC
Yeah I'm surprised how stingy they're being with silver-feds
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:54 UTC
∞ > 250
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:54 UTC
Oh, you can get a set of all 3 tools unbreakable for 2400
Nabrok
@Nabrok
Dec 09 2016 20:54 UTC
The 250 lasts a long time when you only use it for rares
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:54 UTC
They're just not fancy
Yeah I only use silver-fed for rares/exos too
Nabrok
@Nabrok
Dec 09 2016 20:55 UTC
And I still haven't run out of black lion kits from when they were common as daily rewards.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:55 UTC
I loaded all my alts with the unbound magic tools
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:55 UTC
Oh god I have 14 black lion kits
14? pffft
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:55 UTC
I only EVER use them if I HAVE to get a sigil/rune out
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:55 UTC
@Nabrok I did, had to wait like 2 months for a drop
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:55 UTC
I was not good about doing dailies okay
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:55 UTC
now I have a couple in stock
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:56 UTC
I have 3,687 daily AP
Nabrok
@Nabrok
Dec 09 2016 20:56 UTC
Heh, my daily AP is capped.
For about 2 years now.
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:56 UTC
Daily & Monthly
12700 / 15000
is this it?
I think so
Nabrok
@Nabrok
Dec 09 2016 20:56 UTC
yeah
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:57 UTC
get good @Eearslya
haha
Nabrok
@Nabrok
Dec 09 2016 20:57 UTC
I never paid much attention to it at first, but then somebody in my guild who was in close in AP started to get competitive with me about it.
So then I did too.
He left the game, but I kept going.
And now I'm closing in on 30k.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 20:58 UTC
I can never get good now, I'd have to go back in time D:
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 20:58 UTC
Waiiit. Infinite Primers?!?
Nabrok
@Nabrok
Dec 09 2016 20:59 UTC
I was ranked about 250 pre-HoT but since then I dropped back to about 450.
That's NA
Edgar Doiron
@Coffee4cr
Dec 09 2016 20:59 UTC
nice
there's no endless primer
at least not on the wiki
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:01 UTC
@Eearslya What are you talking about with infinite primers. Link?
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:01 UTC
now that would be amazing
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:01 UTC
I thought they might be..I can't tell what those two items in his account inventory is
those
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:02 UTC
fractals
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:02 UTC
Oh. Those are fractal potions.
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:02 UTC
infinite fractals
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:02 UTC
Welp.
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:02 UTC
I must have missed something, but those would be amazing. I might even order one even if it were like 5k+
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:02 UTC
@rwfrk_twitter at the price of Raid/WvW food, it would be worth it
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:02 UTC
stupid seaweed salad
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:03 UTC
If you're not using plat doubloon food, its not worth anything but convince. I dont use even the ones i have, but it'd be nice to not forget popping MF food and the like
Nabrok
@Nabrok
Dec 09 2016 21:03 UTC
For WvW my commander drops food, and I use the provisioner oils.
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:04 UTC
lol
cheapway out
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:04 UTC
Even with my insane playtime, seaweed isnt even close to worth popping one.
Nabrok
@Nabrok
Dec 09 2016 21:04 UTC
Yup
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:04 UTC
well I mostly just use food for RAIDS
taht's the only place they're usefull
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:04 UTC
@Nabrok Unfortunately, my guild is moving towards account-bound foods...
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:04 UTC
oooh did you see the new food in BitterFrost Frontier?
hot damn seaweed salad got expensive
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:05 UTC
@Eearslya We're actually moving back away from account bound food.
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:05 UTC
you basically have all Raid food for Karma and 45min
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:05 UTC
Must be nice >.>
iirc our frontline are running Mussels Gnashblade
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:05 UTC
So were we. But we're redoing everything...again.
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:05 UTC
I don't know why seaweed salad got expensive. it's super easy to farm seaweed now
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:05 UTC
@rwfrk_twitter Server?
Nabrok
@Nabrok
Dec 09 2016 21:05 UTC
My guild drops saffron bread and seaweed salad.
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:06 UTC
@Eearslya Blackgate. ; We're shifting back toward saffron lately. ; Seaweed/Saffron/Muscles Gnashblade/ Rare Veggie Pizza.
CC is starting to get real.
Nabrok
@Nabrok
Dec 09 2016 21:06 UTC
"starting"?
As a rev though, really happy I'm getting another stun break.
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:07 UTC
I've probably seen 2-3x more CC over the past week than the last 2 months. And I'm not someone who gets stab.
necro or pick?
Nabrok
@Nabrok
Dec 09 2016 21:07 UTC
Mag puts out a lot of immob.
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:07 UTC
Necro. But I used to do condi thief.
disgusting
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:08 UTC
And by condi. I mean venoms, not pistol, and you didn't get rat-wells.
I would like ANET to go back to letting you make feast versions of the account-bound foods like they did with DTOP. You still had to craft it and drop it yourself, but you could drop it for everyone...
Nabrok
@Nabrok
Dec 09 2016 21:10 UTC
Losing stab on dodge was painful. I mean it's nice to get it on evade, but it's not "on-demand".
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:10 UTC
@rwfrk_twitter Wait, what guild?
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:11 UTC
The thief was very very off guild. ; Revel [Rev]. ; You?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:11 UTC
[KnT]
Nabrok
@Nabrok
Dec 09 2016 21:11 UTC
FLUX (on TC) here.
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:12 UTC
[FORD] on SF
we'll never fight you guys
ahhaa
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:13 UTC
@rwfrk_twitter Were you in that GvG in our arena a while ago?
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:14 UTC
@Eearslya Watched. Didnt participate. That was a disaster, but it was a somewhat productive one.
I did run into an enemy ANET player once.. I just cant remember who... ANET-player notes are BG but most have moved on.
./wtb sort contact list by server.
which server were they on? lol
Nabrok
@Nabrok
Dec 09 2016 21:15 UTC
I still need that achievement for killing an anet
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:16 UTC
Mag possibly. JQ's an option.
Nabrok
@Nabrok
Dec 09 2016 21:16 UTC
Unfortunately I never ran into @lye when we were against YB
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:16 UTC
They weren't setup for a duel so we didnt.
YB is an option. It might have been you actually. I dont remember =)
I still want to know if killing an ANET as a slubling gives you the achivement.
if they were dueling on a thief and getting rekt it was probably me
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:16 UTC
Bonus points if they're on the raid team.
Archomeda
@Archomeda
Dec 09 2016 21:17 UTC
omg lol, discord client has an rpc server built-in that you can access via websocket through discordapp.io
I think it has to be a non-pve map for the achievement to trigger
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:17 UTC
You're a thief?
Archomeda
@Archomeda
Dec 09 2016 21:17 UTC
discordapp.io -> 127.0.0.1
I play war/necro/thief
Archomeda
@Archomeda
Dec 09 2016 21:17 UTC
and is ssl XD
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:17 UTC
Raids are a weird map type as it is though.
Archomeda
@Archomeda
Dec 09 2016 21:18 UTC
raids are dungeons ;)
i thought you couldn't assign localhost to a sld?
sld?
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:21 UTC
Dungeons let you use consumable bundles (ele powder etc) . Raids don't
Archomeda
@Archomeda
Dec 09 2016 21:21 UTC
second level domain? :D
I want to know how they're handling the TLS key material
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:22 UTC
I don't see why not
A records can be anything
if they're distributing it to clients, that's a good way to get your cert revoked
Archomeda
@Archomeda
Dec 09 2016 21:23 UTC
oh right, THAT was the issue
how the balls does this work
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:23 UTC
Cert provider hasnt noticed?
so the other option is to do cloudflare-style "keyless" SSL
Archomeda
@Archomeda
Dec 09 2016 21:23 UTC
i don't know what port the discord client is listening to
wherein the key material isn't distributed, but there's a network service that will complete handshakes that you send it
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:24 UTC
Discord is already crazy magic with the way it handles the webclient.
Did you guys see this?
darthmaim
@darthmaim
Dec 09 2016 21:26 UTC
@Archomeda https://discordapp.io:6463/ for me
Archomeda
@Archomeda
Dec 09 2016 21:27 UTC
ah yes, same here
Edgar Doiron
@Coffee4cr
Dec 09 2016 21:28 UTC
Yeah
Let's get ANet to use it
Lol
wow okay
they embed the key
the private key name is this_is_not_a_security_issue.key
Archomeda
@Archomeda
Dec 09 2016 21:29 UTC
LOL
darthmaim
@darthmaim
Dec 09 2016 21:29 UTC
haha
people are looking at me funny because I'm laughing so loudly
Archomeda
@Archomeda
Dec 09 2016 21:29 UTC
:D
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:29 UTC
ROFL
Talk about security by 'please be an idiot'...
Archomeda
@Archomeda
Dec 09 2016 21:30 UTC
where did you find it?
nvm, found it
it's in %APPDATA%\discord\0.0.296\modules\discord_rpc\data
so ehm... what did you say again about an easy way getting your cert revoked?
Archomeda
@Archomeda
Dec 09 2016 21:37 UTC
since this seems pretty close to that :P
open the cert to see who signed it
then send them a nice email
there are very good reasons that this is explicitly not allowed
Archomeda
@Archomeda
Dec 09 2016 21:39 UTC
COMODO RSA Domain Validation Secure Server CA
lol ofc its comodo
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:43 UTC
I wish we went back to Saffron Bread, but my guild at this time is insisting it's no good not the best food for our current comp
Though even as a frontline rev, I'm using seaweed salad
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:45 UTC
@Eearslya ; Feel free to poke me in game Crell.6401
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:46 UTC
I'm at work actually XD
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:46 UTC
Comodo facepalm
Archomeda
@Archomeda
Dec 09 2016 21:46 UTC

hmmmm...

Revocation at the Subscriber’s request:
The Subscriber must either be in possession of the authentication details (typically username and
password) which were used to purchase the Certificate originally OR the Subscriber must be able
to send an S/MIME email signed with the private key associated with the Certificate.

HAHAHAHAAHA
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:47 UTC
You should sign it with the key when reporting it.
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:49 UTC
Oh lawd.
Pat Cavit
@tivac
Dec 09 2016 21:49 UTC
still laughing about that cert name
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:49 UTC
Hold on, @Archomeda what does your key show for fingerprint?
they'll all be the same cert/key
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:50 UTC
I'm just curious if that's true
Archomeda
@Archomeda
Dec 09 2016 21:50 UTC
ehm, what do you want to know? i'm not that familiar with certs :P
i can just copy paste the whole private key if you want :P
Archomeda
@Archomeda
Dec 09 2016 21:51 UTC
‎a8 32 92 50 d6 01 d6 fa cc 4f c9 d0 1f 02 f7 d1 28 1e 8d a1
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:51 UTC
XD That's true
Welp
darthmaim
@darthmaim
Dec 09 2016 21:51 UTC
a8 32 92 50 d6 01 d6 fa cc 4f c9 d0 1f 02 f7 d1 28 1e 8d a1
:P
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:51 UTC
I thought their one saving grace might be that they made a cert for each client but nope
Revoke that cert, and you kill everyone's RPC XD
Archomeda
@Archomeda
Dec 09 2016 21:51 UTC
so ehm... let's create a temp gmail account, download an email client and send a revoke request for the fun of it
nah they'd have to get the CA to sign every generated key
for the record I want nothing to do with this <3
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:52 UTC
I wonder what apps use Discord RPC anyway
it's still in beta
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:52 UTC
Maybe things like overwolf
Archomeda
@Archomeda
Dec 09 2016 21:52 UTC
letsencrypt would still be better if they want to do this :P
@Archomeda I looked into that, they'd ban you pretty quick
Archomeda
@Archomeda
Dec 09 2016 21:52 UTC
we can also wait until it's out of beta, and then take it down :D
aw :(
probably because of the amount of certs?
also distributing key material
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:54 UTC
Wouldn't distributing like 1000 certs from LE make it 1000x easier to crack LE's signing key..?
not really
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:54 UTC
Maybe I know nothing about encryption
I just, in my limited knowledge, think that you'd eventually be able to notice patterns? I dunno.
if that were true, TLS would already be broken -- every time you connect to a site over TLS you basically get a signed payload
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:55 UTC
True..
the numbers involved with RSA, at least, are really big
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:56 UTC
I'm trying to think of why distributing private keys is bad (other than the fact that it completely negates the POINT of the key)
Why would the authority care?
public key crypto isn't about secrecy -- it's about authentication
when you distribute the private key you negate the whole point
and there's a lot of shenanigans you can do if you can masquerade as someone else
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 21:57 UTC
Because its a chain of trust. Their private key was issued by someone else who's trusted.
Basically it'd be like saying Level 3 trusts them. So obviously I trust them. And then faking that trust.
(Yes, I'm not using Comodo in this example intentionally)
The trust is automated. So breaks in the chain period are dangerous.
Correct me if I'm wrong.
to note -- the signing bit in that compromised cert isn't set, so it can't be used to create further certs
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:59 UTC
I think I've got a better idea of it now
Though it makes me curious what kind of security is put on root certs, oh lord
Looks like Comodo's root uses sha384 which I didn't know existed
there's actually a document you can read about that
Eearslya Sleiarion
@Eearslya
Dec 09 2016 21:59 UTC
do tell
I love learning this stuff
pretty much everyone who distributes a trust store (mozilla, etc) has a set of requirements for getting in
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:02 UTC
But isn't that how to get a cert UNDER Mozilla's root?
no, mozilla's trust store is just a collection of root certificates they distribute
the actual root certificates aren't signed by anyone -- they're implicitly trusted (which is what makes them "root" certificates)
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:03 UTC
Ahhh.
Archomeda
@Archomeda
Dec 09 2016 22:07 UTC
sooo... i just converted the cert+key to pfx and imported it in eM client
it's not even password protected
not that it would matter for security, since the password have to be somewhere inside discord otherwise
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:08 UTC
Huh, kinda surprised that Google's not a root
Archomeda
@Archomeda
Dec 09 2016 22:09 UTC
let's see what happens when i send myself an email (never actually signed an email before)
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:09 UTC
I get security e-mails from debian..I think all it does is append a PGP signature to the bottom that can be verified against the pubkey
darthmaim
@darthmaim
Dec 09 2016 22:10 UTC
google is a root
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:10 UTC
google.com's cert is under GeoTrust
they have their own CA
darthmaim
@darthmaim
Dec 09 2016 22:10 UTC
*.google.com is Google Internet Authority G2 for me
looks like they're only an intermediate though
darthmaim
@darthmaim
Dec 09 2016 22:11 UTC
oh, whoops, you are right
if you're using chrome I wouldn't be surprised if they included themselves in the root trust store
lol
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:11 UTC
XD true
Doesn't look like it, nope
Not even under Intermediary
Oh wait, I bet this is Windows managing the certs, not Chrome
I'm not actually sure; was trying to figure out the same
darthmaim
@darthmaim
Dec 09 2016 22:15 UTC
google has no own trust store afaik, they use the os trust store
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:15 UTC
Well, if you hit Manage Certificates..I think that window is Microsoft's
Does Firefox use NSS on Windows? I'm pretty sure they do on non-Windows platforms
smiley
@codemasher
Dec 09 2016 22:16 UTC
PSA: don't trust anyone who uses "." as decimal separator
(didn't read the rest of the chat)
Archomeda
@Archomeda
Dec 09 2016 22:16 UTC
wait, do you need to send it from the original email address which was used when creating the cert before you can sign an email?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:17 UTC
I don't..think so?
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:17 UTC
Re Signing Bit; Good. I was too lazy to check that. That was my real worry.
Archomeda
@Archomeda
Dec 09 2016 22:17 UTC

eM client is complaining about

The current profile's signing certificate email "" does not match the sender "<email>". The signature is likely to be considered invalid.
Do you want to send the message unsigned?

I've never sent an S/MIME email so I've no idea :>
smiley
@codemasher
Dec 09 2016 22:18 UTC
sup? what uninteresting stuff do you have ready for deploy, @lye ? :D
bugfix for something wrong with /v2/guild/:id/teams
Archomeda
@Archomeda
Dec 09 2016 22:18 UTC
but it's EMPTY between the quotes >_>
darthmaim
@darthmaim
Dec 09 2016 22:18 UTC
Comodo employs the following procedure for authenticating a revocation request:
• The revocation request must be sent by the administrator contact associated with the Certificate application. Comodo may if necessary also request that the revocation request be made by either / or the organizational contact and billing contact.
• Upon receipt of the revocation request Comodo will request confirmation from the known administrator out of bands contact details, either by telephone or by fax.
• Comodo validation personnel will then command the revocation of the Certificate and logging of the identity of validation personnel and reason for revocation will be maintained in accordance with the logging procedures covered in this CPS.
Archomeda
@Archomeda
Dec 09 2016 22:18 UTC
pah
smiley
@codemasher
Dec 09 2016 22:18 UTC
ah, ok. (hoped it'd be an endpoint to test... heheh)
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:19 UTC
I'm super hyped for Tuesday and hope that the v2/pvp/ updates make it in time =)
I'm pretty sure the bits that are documented are ready to go
(barring any fires)
#400 #404
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:19 UTC
@darthmaim Ahhh rip the dream
smiley
@codemasher
Dec 09 2016 22:20 UTC
#404 seems a good number to deploy on a friday :D
@codemasher those'll turn on on tuesday with the pvp changes :P
smiley
@codemasher
Dec 09 2016 22:20 UTC
heh
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:22 UTC
#397 sounds like a shiny present for a guildie. ; Do the new 'top stats' get exposed anywhere for a match? (not that i have examples of what they are..)
Nope!
They're not piped out of the game servers, unfortunately
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:25 UTC
boggle I'd have thought they'd make good history info for the development teams. Guess not =)
Archomeda
@Archomeda
Dec 09 2016 22:30 UTC

Other parties may report suspected Private Key
Compromise, Certificate misuse, or other types of fraud, compromise, misuse, inappropriate
conduct, or any other matter related to Certificates, in the first instance, by email to
sslabuse@comodo.com

there, found an email

Nabrok
@Nabrok
Dec 09 2016 22:30 UTC
It's possible discord came to some sort of agreement with comodo about this.
true, but it's also possible that comodo isn't allowed to come to such an agreement
then again it is comodo
violating PKI standards isn't exactly a new thing for them
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:32 UTC
Report it and let them sort it out.
i'm too lazy
I was just hoping they'd have some secret sauce because I want a local websocket API too
Nabrok
@Nabrok
Dec 09 2016 22:43 UTC
Apparently dropbox does a similar thing?
got a link to docs?
Nabrok
@Nabrok
Dec 09 2016 22:45 UTC
It was mentioned in the thread about chrome blocking off localhost.
seems like they use longpolling
Nabrok
@Nabrok
Dec 09 2016 22:45 UTC
www.dropboxlocalhost.com resolves to 127.0.0.1
Dropbox actually have a certificate for www.dropboxlocalhost.com issued by Digicert. If the browsers accepted self-signed certificates for localhost servers (without users modifying their trust store) then this would not be necessary. But until browsers add support for that, this is the only way to go about it. Admittedly, it's not pleasant but it works.
Apparently this is a thing?
Maybe I'm totally wrong and can just ship a key+cert pair?
Archomeda
@Archomeda
Dec 09 2016 22:49 UTC
i... don't know
also, who at google thought that placing the send mail button RIGHT NEXT to the formatting buttons was a good idea?
the message used to be buffered so you could undo within a couple of seconds
i don't know if that feature still exists
Archomeda
@Archomeda
Dec 09 2016 22:51 UTC
i did not actually accidentally pressed it yet... but i'm waiting for it to happen
Jonathan Andrist
@rwfrk_twitter
Dec 09 2016 22:51 UTC
Try Google Labs. Pretty sure thats in there somewhere so you can adjust the value.
Archomeda
@Archomeda
Dec 09 2016 22:52 UTC
anyway, the mail is a draft now...
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:55 UTC
It's a lab, yeah
Archomeda
@Archomeda
Dec 09 2016 22:56 UTC
so right now dropbox, spotify, github and discord uses this method
Eearslya Sleiarion
@Eearslya
Dec 09 2016 22:56 UTC
Or...Wait, it used to be. Hmm.
Oh, it got rolled into the real deal
Archomeda
@Archomeda
Dec 09 2016 22:57 UTC
wow
i want that in all email applications
i always tend to forget things and have to send a second mail...
but my obvious question here to the people who decide these browser things... why haven't they created a solution for these webapps already? i mean, big companies are using workarounds now...
hmm, I'm thinking about breaking /v2/titles
changing the .achievement field to .achievements containing an array of ids
Archomeda
@Archomeda
Dec 09 2016 23:41 UTC
because there are multiple achievements rewarding that title?
yeah for the holiday ones
Archomeda
@Archomeda
Dec 09 2016 23:42 UTC
hmm... what about adding .achievements instead of removing .achievement in favor of it, like what's done with the wvw world links
although... the main reason for that is because the original world is the host... hmm
that's the other option but it is impure
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:44 UTC
/v2/titlez
I'm just going to add an additional field and note that .achievement is only for backwards compat
once we've got a dozen backwards compat shims for that endpoint we'll add /v2/titlez
Archomeda
@Archomeda
Dec 09 2016 23:45 UTC
just wondering, if you're making a breaking change like this, are you considering a grace period where both properties exist before removing the deprecated one?
yeah
Archomeda
@Archomeda
Dec 09 2016 23:45 UTC
or that :P
the backend change won't happen for another month or two
so i'd basically start tooting horns about it, then once the backend goes out the frontend code just switches over
Archomeda
@Archomeda
Dec 09 2016 23:46 UTC
or.... /v3! Kappa
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:46 UTC
I was gonna say that dammit
Archomeda
@Archomeda
Dec 09 2016 23:46 UTC
;P
/v3 is banned because it implies weakness
Archomeda
@Archomeda
Dec 09 2016 23:46 UTC
not because you can't count to 3?
@Archomeda it's a bellevue meme
A bellevue meme? Wha
(may he always watch over us)
(valve is also in bellevue)
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:47 UTC
Oh huh
Y u guys gotta be so far north
Archomeda
@Archomeda
Dec 09 2016 23:47 UTC
:O
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:47 UTC
I wanted to come work
as are bungie, undead, 343 (I think?)
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:48 UTC
(also the application was intense)
and a pile of other game companies
this is a great area, it even snowed this year!
I think we had like 4 sunny days too
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:49 UTC
Yeah I got that too
My commute just to Auburn is already 1hr+
I don't want to think about bellevue
Archomeda
@Archomeda
Dec 09 2016 23:49 UTC
move to the netherlands, we complain about the weather all day long...
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:50 UTC
Can I just work remotely
nope
how far south are you? olympia?
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:51 UTC
Spanaway
dang
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:51 UTC
10020 Main St?
nah that's the old address
we're on 139th ave
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:52 UTC
Google's not updated then, hm.
3180 139th Ave SE, Bellevue, WA 98005
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:52 UTC
Let's see..if I wanted to show up at 8am every day...
I can see you
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:53 UTC
I should move somewhere in Kent/Renton
Archomeda
@Archomeda
Dec 09 2016 23:54 UTC
you can also rent something nearby and go back home in the weekend :D
renton is still pretty far away
better to just grab some people and split a lease on a big house
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:55 UTC
22-45min
That's a HELL of a lot better
it's an hour+ by bus :<
to be fair though, downtown renton has some pretty good bars
Archomeda
@Archomeda
Dec 09 2016 23:57 UTC
why the range?
traffic?
don't think google has ever mentioned it here
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:57 UTC
Yeah, it's estimating traffic
@lye Hey, at least the park and ride is right there
  {
    "id": 12,
    "name": "Been there. Done that.",
    "achievement": 137,
    "achievements": [
      137
    ]
  }
this makes me sad
@Eearslya yeah that's the one nice part
the office is super easy to get to
Eearslya Sleiarion
@Eearslya
Dec 09 2016 23:59 UTC
Google can't even find me public transport to the office by 8am XD