@gjherbiet@mamot.fr
@gjherbiet@mamot.fr avatar

gjherbiet

@gjherbiet@mamot.fr

Father x3 | Dig DNS(SEC) and Ansible | dns.lu Technical Manager at Fondation Restena | Toots and boosts not authoritative and w/o AD bit set.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

shaft, to random French
@shaft@piaille.fr avatar

Et voilà, mon petit check_soa vient de passer le jalon "à peu près correct pour la prod".

Il reste du code à simplifier mais c'est de la cuisine interne

Next :

  • apprendre à faire une petite appli Web pour offrir du check_soa sur HTTPS (en JSON)
  • Support des EDE où c'est possible
  • Ajout du support de DoQ — j'attends encore un peu, le code dans dnspython semble encore un peu frais

https://framagit.org/Shaft/check-soa

gjherbiet,
@gjherbiet@mamot.fr avatar

@shaft Intéressant. Quels sont les avantages/inconvénients par rapport au check-soa en Go de @bortzmeyer ? https://framagit.org/bortzmeyer/check-soa

gjherbiet,
@gjherbiet@mamot.fr avatar

@bortzmeyer @shaft Ah ben non, moi je suis bien content de piquer celui des autres (surtout considérant mes limites en terme de développement logiciel…) !

gjherbiet, to macos
@gjherbiet@mamot.fr avatar

Moving away from back to and would like the app to close when you quit your last shell? Add the following to ~/.zlogout :

if [ "$(ps | wc -l)" -eq 4 ]  
then  
 osascript -e "do shell script \"osascript -e \\\"tell application \\\\\\\"Terminal\\\\\\\" to quit\\\" &> /dev/null &\""  
 exit  
fi

Yes, that’s a lot of backslashes but we are doing inside , inside inside

jpmens, to random
@jpmens@mastodon.social avatar

Yet another draft: ZONEVERSION

https://datatracker.ietf.org/doc/draft-ietf-dnsop-zoneversion/

I actually like the idea of receiving the SOA serial (zone version) in a response. Makes certain debugs easier

gjherbiet,
@gjherbiet@mamot.fr avatar

@shane_kerr @jpmens I just had the opposite train of thought: (aggressively) discard all cached entries when I know a zone has been updated (increased ZONEVERSION).
Maybe this could make the CDNs stop using dramatically low TTLs on all their records, just in case they might update their zone (or we could more comfortably use higher min-ttl values).
I also some potential to limit of outages caused by bad practice.

kvnco, to tech French
@kvnco@framapiaf.org avatar

Je suis un peu surpris de voir les gens un peu branchés tomber de l'armoire en découvrant que et notamment, se basent uniquement sur l'API pour leurs résultats…

Il me semble bien que a toujours été très clair sur son fonctionnement.

, de son côté a longtemps savamment entretenu le flou sur le sujet .
Par contre ce n'est plus le cas depuis le rachat par : https://x.com/olesovhcom/status/1731251984252952651

gjherbiet,
@gjherbiet@mamot.fr avatar

@cquest @lordphoenix @sebsauvage @framasky @kvnco Pas bête. En réaction aux 2 grands moteurs qui vont donner à manger à leur LLM du contenu toujours plus généré par des LLM et le recracher en bouillie « d’information » toute prête, avoir un moteur qui n’indexe que des source qualitatives (écrites par des humains) et les présente triées par pertinence.
En gros, revenir aux années 90/2000.
Ça me conviendrait bien.

jpmens, to Ansible
@jpmens@mastodon.social avatar

quote: "Here's a cool one-liner for you:"

gjherbiet,
@gjherbiet@mamot.fr avatar

@shane_kerr @jpmens I have Debian (home) servers with unattended-upgrades and needrestart which I even no longer think about.
In the RPM world, there are also the equivalents yum-cron and needs-restarting (and probably also something in dnf-utils but I have joined the bright side too long ago to be able to confidently tell).

jpmens, to random
@jpmens@mastodon.social avatar

deleted_by_author

    •
    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @jpmens Where/how can I get this? (From the right sleeve it looks like it is sponsored by Men&Mice).

    shaft, to random
    @shaft@piaille.fr avatar

    Hmmm, with key tag 0.

    Legal but I bet this would break poorly implemented software 🤔

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @shaft @jpmens @bortzmeyer Besides vanity, it can be useful to generate keys with identical tags, to test software and prevent whatever happened during a recent .ru rollover issue…

    gjherbiet, to macos
    @gjherbiet@mamot.fr avatar

    I can’t help thinking that 14.4 update message showing new Emojis above software improvements and pushing security fixes behind a web link is the sign that something is no longer right at

    daph, (edited ) to random French
    @daph@oc.todon.fr avatar

    Bon bah c’est parti !

    Une alternance en en Vendée (Pouzauges, les herbiers, Chantonnay, Cholet, la roche sur yon), possibilité d’aller jusqu’à Nantes si au moins 3 jours de télétravail. Début de contrat souhaité en septembre 2024 mais je suis libre à partir du 1er août.
    [edit, pour une version masto assortie d'un vocabulaire plus adapté]

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @daph De tête, j’aurais dit CTV à La-Roche (mais qui fait maintenant partie d’un groupe: https://vousfaciliter-it.fr/qui-sommes-nous/groupe-it/ctv), sinon Thales à Cholet en effet si tu recherches une grande entreprise.
    Si tu aimes le DNS, j’ai entendu beaucoup de bien de Nameshield à Angers (mais peut-être déjà trop loin pour toi).

    ljrk, to macos
    @ljrk@todon.eu avatar

    So allows switching between windows of the same application (e.g., two instances of Firefox) using Command+Backtick. Except when the other window is on a separate Workspace.

    Okay, so let's switch to the workspace of that window, and then switch between applications using Command+Tab to get the window in question. Except macOS then switches to "the" workspace of "the" application. Which is odd, because the workspace I was on had a window of said application.

    Basically impossible to switch to that window using keyboard shortcuts.

    Why ? Why is your so freakin' terrible?

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @ljrk Go to System Settings, Desktop & Dock, scroll down to Mission Control and untick “When switching to an application…”
    The change does not apply to already running applications.
    Now Cmd+Tab will never cause workspace switching.
    If you want to go to a specific window on a specific space, hit Cmd+Tab, select the proper Application, then press up or down arrow (still maintaining Cmd pressed) to enter Application Expose and select the desired window and switch to the proper workspace.

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @ljrk Also note that the shortcut “Control-F4 or Fn-Control-F4: Move focus to the active window or next window” (that can be rebind in Keyboard Shortcuts) allows you to cycle all windows in the current workspace (even from different applications).
    Also, adding Shift to all those shortcuts cycles in reverse direction.

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @ljrk always had an app-centric (opposed to window-centric) interface. This may date back to when only one app could be active at a time.
    This is why Cmd+Tab shows Apps, not windows and you have to go down a level (i.e. enter Application Expose) to see windows.
    I kinda like this hierarchical approach which is helpful when you have a lot of apps/windows open.
    1/2

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @ljrk Also keep in mind that is not designed for advanced users by default (e.g. right-click off by default).
    I guess the average user doesn’t have multiple windows of the same app open and having Cmd+Tab taking them back to the proper workspace is less confusing to them.
    Hopefully, there is (most of the time) a setting, a defaults command or a trick to make it usable for power users.
    2/2

    moira, to random
    @moira@mastodon.murkworks.net avatar

    okay I'm confused by this nonsense, maybe someone can give me a hand here

    ON THE LEFT, we have DNS data for lexfa.org with ns.murkworks.net and nsx.murkworks.net both without glue records and out of bailiwick

    ON THE RIGHT, taken at about the same time, we have ns.murkworks.net with the WRONG IP ADDRESS (one it hasn't had in over two years) and showing a glue record in the parent zone, and nsx.murkworks.net having the correct address but with glue records. (Querying both us and 8.8.8.8 yield the correct address for ns.murkworks.net.)

    in the words of the immortal joan d'arc, "quoi?"

    ns.murkworks.net at a multi-year-old IP address of 173.160.243.41 (I can find no evidence of this on dotster but here it is) and nsx.murkworks.net showing a glue record with correct data, unlike in the other lookup, where it shows no glue record but instead out of bailiwick.

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @moira Glue records are declared to the parent zone. In the case of second-level domains, most of the time entered somewhere in the registrar customer web interface.
    Someone has to go and update the info in your registrar customer web interface.
    Resolution will show the correct IP because glue records (in the parent zone) are not authoritative, NS and A records in the child zone are.
    Your domain still works because you hopefully have a second NS with correct glue.

    gjherbiet, to macos
    @gjherbiet@mamot.fr avatar

    After migrating to I was surprised that I didn’t suffer the “desktop-click-hides-all-windows” “feature”. Then I remembered I completely disabled desktop creation using :

    defaults write com.apple.finder CreateDesktop -bool false

    I am not moving away from this setting soon…

    davemark, to apple
    @davemark@mastodon.social avatar

    Use a Mac? What are the MUST HAVE apps you install on every new Mac?

    For me, it's Keyboard Maestro (keyboardmaestro.com) and BBEdit (bbedit.com)

    Any must haves you'd add? 🤔

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @davemark I try to remain as vanilla as possible but I really can’t live without . It fixes 99% of little annoyances for me.

    gregr, to random French
    @gregr@mamot.fr avatar

    Bonjour @shaft @bortzmeyer (ne répondez que si vous avez le temps, l'envie)
    Arrivez vous à résoudre usp.edu.ci/MX ?
    J'ai l'impression qu'il y a des problèmes dnssec sur le ci. ?
    https://dnsviz.net/d/usp.edu.ci/dnssec/
    Étonnamment pas de pb vu par le zonemaster de l'Afnic ?
    https://zonemaster.net/fr/result/f58742ecf04d1263

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @shaft @gregr @bortzmeyer Je suis remonté trop loin dans l’historique… Mais c’est exactement le même phénomène qui se produit : soit le DNSKEY est là mais pas signé, soit il disparaît complètement de la zone.

    bortzmeyer, to random French
    @bortzmeyer@mastodon.gougere.fr avatar

    À sa réunion de Hambourg qui commence demain https://icann78.sched.com/ l' va (?) annoncer (sûr ?) l'ouverture du prochain cycle d'enregistrement de TLD. En attendant, deux de plus viennent d'être supprimés (avant même de servir à quoi que ce soit) , .CITYEATS et .FRONTDOOR

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @shaft @bortzmeyer @Framasoft Plus économe : ils pourraient opérer au troisième niveau du DNS avec noms de domaine en <sevice>.framasoft.org …

    bortzmeyer, to random French
    @bortzmeyer@mastodon.gougere.fr avatar

    Je suis sûr que même @shaft apprendra des choses sur le dans cet excellent article d'Yevheniya Nosyk sur les EDE (Extended DNS Errors) https://labs.ripe.net/author/yevheniya_nosyk/extended-dns-errors-unlocking-the-full-potential-of-dns-troubleshooting/

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @shaft @bortzmeyer Pour le 3/, est-ce que ça ne dépend pas de la variable de configuration « ede-serve-expired » ?

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @shaft @bortzmeyer Il faut bien leur laisser l’opportunité de mettre des vraies nouveautés dans leurs releases : on est pas à Cupertino ;-)
    Et puis dans l’ensemble ils font un excellent boulot (@nlnetlabs en général d’ailleurs).

    slothrop, to macos
    @slothrop@chaos.social avatar

    deleted_by_author

    •
    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @slothrop If you know the app that has your file opened:

    • CMD+TAB (+ left/righ arrow) to select the app
    • without releasing CMD: down arrow to activate App Exposé for the selected app
    • still holding CMD: up/down/left/right arrows to select the correct window
    • still holding CMD: press Enter
      This will switch to the desktop where the window is located and focus it.
      This works with minimized windows as well.
      This unfortunately does not work with fullscreen windows.
      Hoping this helps.
    b0rk, to random
    @b0rk@jvns.ca avatar

    I've been thinking about these "dns propagation checkers" like https://www.whatsmydns.net/ that show you a world map.

    This feels weird to me, because the main reason that DNS lookups get outdated records is that the resolver has an old record cached. And whether or not a record is cached has nothing to do with the geographical location of the server?

    what's going on with these sites? why are they designed this way?

    (would love to hear from people who actually know the answer, not guesses)

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @b0rk You are right. Besides DNS censorship, the geographic view is most valuable when depicting responses from authoritative servers, not resolvers. As TLD operator relying on 3rd party anycast providers this helps identifying areas that see stale data or late updates because of an issue or the need for us to reinforce our “presence” there.

    arch, to random
    @arch@floofy.tech avatar

    Holy crap https://www.lastweekinaws.com/blog/breaking-aws-begins-charging-for-public-ipv4-addresses/ (by @Quinnypig)

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @arch @Quinnypig This might be the most efficient IPv6 adoption driver so far…

    jpmens, to random
    @jpmens@mastodon.social avatar

    Press and hold the Option key, and click the Wi-Fi status icon in the menu bar.

    gjherbiet,
    @gjherbiet@mamot.fr avatar

    @jpmens So many hidden shortcuts in there’s always way to learn some more: https://saurabhs.org/macos-tips.html

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • JUstTest
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • tester
  • osvaldo12
  • cubers
  • GTA5RPClips
  • normalnudes
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •