@ixs@bawue.social
@ixs@bawue.social avatar

ixs

@ixs@bawue.social

A quite frequent traveler based in Amsterdam. I do networks, infosec, scalable systems, cloud and now I ensure it is always a DNS problem.

#Travel, #SaltStack, #SaltProject, #JustAdminThings, #Network, #Infosec, #Python

searchable

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jon, to random
@jon@gruene.social avatar

Welcome to today's thread - #CrossBorderRail South East Europe Day 01 29 May 2024 - Helsinki - Tallinn

Crossing these borders:
Sea border Finland - Estonia and possibly Narva rail border to Russia (not crossing!)

These borders on the borders map:
https://umap.openstreetmap.fr/en/map/crossborderrail-all-the-borders_935041#8/59.738/24.648

Today's routes on the routes map:
https://umap.openstreetmap.fr/en/map/crossborderrail-all-the-borders_935041#8/59.738/24.648

ixs,
@ixs@bawue.social avatar

@jon Kinda surprised that that bridge is still standing...

Daojoan, to random
@Daojoan@mastodon.social avatar

"Embrace AI or be left behind" is a condescending and heartless ultimatum. A false dichotomy that reeks of debunked social darwinist horse-fuckery.

Tech should adapt to people's needs.

Not the reverse.

ixs,
@ixs@bawue.social avatar

@Daojoan In addition to being condescending, it's also worth ignoring.
After all, it's the same people that were telling everybody "have fun staying poor" when said people were uninterested in the crypto stuff these conmen were peddling just a few years ago.
Now they have pivoted to AI.

ixs,
@ixs@bawue.social avatar

@shiri @Daojoan This is a well thought out critique but I think you are overanalyzing use cases without considering energy expenditure.

It's the same with blockchain: Are there any good use cases where blockchain technology is useful? Yes.
Are there any good use cases where LLM models or generative models are useful? Without a doubt.

Does the increased energy expenditure for the fancy new tech relate to a similar improvement in capability of the new tech?
Hell nah! For neither of them.

Yes, LLM can be cool for some things. But it's not sooooo much better to explain the multi-magnitude increased energy needs.

So in short, the tech sucks. And I say that as someone who is benefiting from some LLM augmentation for a lot of use-cases.

StefanMuenz, to random German
@StefanMuenz@vivaldi.net avatar

In Deutschland regiert mittlerweile die Jurisdiktion. Die Regierung ist ja nicht in der Lage dazu.
https://www.deutschlandfunk.de/bundesregierung-muss-klimaschutzprogramm-nachbessern-100.html

ixs,
@ixs@bawue.social avatar

@wonka @dnkrupinski @bmdv So sehr ich dir in der Sache rechtgeben mag, es handelt sich hier leider nicht um eine realistische Forderung.
Daß Politiker sehr großen Ermessensspielraum haben und für die Ankündigung von Gesetzesverstößen keinerlei Sanktionen zu erwarten haben, ist leider seit langem usus.

Siehe die Ankündigung eines ehemaligen Bundesministers trotz Verbotes des Verfassungsgerichtes Passagierflugzeuge mit Terroristen an Bord durch die Bundeswehr abschiessen zu lassen.

Ohne echte Reaktion.

ixs,
@ixs@bawue.social avatar

@wonka @eskensaskia @dnkrupinski @bmdv

Ich sage ja nicht, daß man das still akzeptieren muss.
Ich liefere einen weiteren Datenpunkt, warum die Politik in Deutschland zur Zeit eine Katastrophe ist.

Aber die Misere ist ja kein Unfall. Schau dir die SPD Wahlplakate an, das ist ja gewollt: "Besonnen handeln" ist einer der Slogans. Und als ich das Plakat gesehen habe, ist mir die Vermutung gekommen, daß Scholz seine Arbeitsverweigerung eigentlich als "Besonnenheit" sieht.

Naja, einfach keine Stimme für die SPD. Noch einfacher kann man es sich nicht machen.

aligyie, to random
@aligyie@digitalcourage.social avatar

@ixs where do you host bawue.social?

ixs,
@ixs@bawue.social avatar

@aligyie A friendly startup incubator has been hosting our rack for a more than two decades in their network room just a few kilometers away from home.

So our packets are not only handmade by artisanal and traditional unix admins, we're also local and reachable by public transport. 😆

Why do you ask?

jon, to random
@jon@gruene.social avatar

FFS. Matthias Ecke MEP (SPD) beaten up while campaigning. The atmosphere in German politics is getting really ugly just now.

I’ve met Matthias - a calm person with a young family. This is really grim news.
https://mastodon.social/@Gleisplan/112382727964437276

ixs,
@ixs@bawue.social avatar

@MarkDW @jon Don't expect too much from the police.

My suspicion is, the german cops are super soft against any AfD people because it is kinda awkward if you beat up people at a demonstration on the weekend and then see them again at work on Monday at the cop shop.

ErikUden, to random Dutch
@ErikUden@mastodon.de avatar

de straat

ixs,
@ixs@bawue.social avatar

@ErikUden Die Straße

ainmosni, to iPhone
@ainmosni@berlin.social avatar

Yesterday I decided to use my dev as my daily driver for a month, to see if my hatred of is just because of not being used to it, or if I really just prefer .

Turns out I still had an ancient AppleID that I forgot all credentials for. But despite proving to that I had control over the associated mail address and phone number, that was not enough, without another Apple device, they're going to make me wait "a few days".

Great first impression...

ixs,
@ixs@bawue.social avatar

@ainmosni If the cravings for the Apple hardware are that strong, you can create a secondary apple account with a fresh email address...
😂

mjg59, to random
@mjg59@nondeterministic.computer avatar

If you click on the little "Verified" tag on github it tells you the key ID used for the signing - is there any way to get that from the API?

ixs,
@ixs@bawue.social avatar

@mjg59 I think you're looking for https://docs.github.com/en/rest/commits/commits?

Or am I misunderstanding your issue?

ixs, to random German
@ixs@bawue.social avatar

The always excellent Jonathan Corbet shares his take on xz at https://lwn.net/SubscriberLink/967866/ec329f5f32e43b15/ (Gift link, no paywall).

As often the case with lwn articles, I'd agree with the content. A lot of the suggestions on how to prevent an xz repeat would not actually be a good idea, they'd be counter-productive in fact.

jon, to random
@jon@gruene.social avatar

Departing Montbard for Paris this morning. Then onwards to Bruxelles. Not a regular thread today - I’m going to - I’ll post using that tag

ixs,
@ixs@bawue.social avatar

@jon So if I'd summarize your tidbits from that conference, I'd say it's politicians with barely any clue talking about things they are nominally responsible for.

Is this normal behavior for politicians? Do they do that everywhere else too or are the transport politicians extra bad?

ixs,
@ixs@bawue.social avatar

@jon You'd think that voters would directly care about trains and transport.
I guess they actually do, but of course the quality of the DB experience does not factor into any voting campaigns as far as I remember.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    ixs,
    @ixs@bawue.social avatar

    @GossiTheDog You know what's really funny?

    I checked earlier:

    [root@nagios ~]# ldd /usr/sbin/sshd | grep lzma
    [root@nagios ~]# cat /etc/redhat-release
    CentOS release 5.11 (Final)

    Thank god that system is safe and secure!

    ixs,
    @ixs@bawue.social avatar

    @sehe @GossiTheDog A policy for the Red Hat ecosystem of distros is that they generally do not hardlink anything.
    Everything is either dynamically linked or maybe dlopen().

    For static linking you need an exception and all that.
    So chances are, no.

    The joke here is that CentOS 5.x has been released in 2007 and EOL'd in 2017.
    Way before the xz upstream was targeted which makes it sacure, right? Right? RIGHT?!

    ixs,
    @ixs@bawue.social avatar

    @sehe About two decades back a friend was telling me how he was running a wu-ftpd on his machine.

    I was kinda incredulous as even back then wu-ftpd was known as wu-shelld in security circles.

    I inquired about his risk management and he started to giggle. He was running that on a NeXTcube. Nobody has any shellcode to execute on a NeXTcube.
    They could exploit wuftpd and get it to execute some shellcode. Attempt to execute shellcode that is.

    He solved the problem with a cronjob that just cleans the incoming directory each morning and deletes all the useless exploits.

    I termed "security by obsolence" that day. 😂

    ixs, to random German
    @ixs@bawue.social avatar

    Was bei dieser xz-Geschichte irgendwie vergessen wird ist die "richtige" Einordnung. Hier mal ein Versuch von mir, das zu korrigieren.

    Eine Nation State Actor Intelligence Agency (mutmasslich, aber wahrscheinlich) plant eine Operation für mindestens 1 Jahr.

    Sie arbeiten daran mögliche Ziele zu identifizieren und versucht den Maintainer zu bedrängen doch endlich was gutes "für die Community" zu tun und endlich jemanden co-Maintainern zu lassen...

    3 Jahre später ist dieser Mensch ( bzw. das Team hinter dem "Mensch") endlich an der richtigen Position, er hat den Schadcode platziert, auch wenn dieser noch deaktiviert ist.

    Die erste Aktivierung ist nicht ganz erfolgreich aber der zweite Versuch geht besser.

    Der original Maintainer geht in den Urlaub.

    UND JETZT IST DIE STUNDE DER INTELLIGENCE AGENCY GEKOMMEN. SO WERDEN HELDEN GEMACHT!

    Das Team platziert den Code mit aktivierter Backdoor in der ersten Distribution. Am 27. März Abends um 10:00 Uhr hatten sie Erfolg!

    Am 28. März denkt sich ein PostgreSQL Entwickler "das ist aber komisch, warum ist mein sshd dabei vergleichsweise viel CPU Zeit zu fressen"?

    Und am 29. März - 2 Tage nach Platzierung der Backdoor - weiss die gesamte Welt was los ist.

    ZWEI TAGE. ZWEI!!! VERDAMMTE!!! TAGE!!! hat es gedauert eine Intelligence Operation von vermutlich 5 Jahren zu ruinieren.

    FUKKEN LEGENDARY, @AndresFreundTec, nice pwn going on here!

    Man sollte jetzt analysieren, wie man eine Wiederholung effektiv verhindern kann und wie man OSS gegen bösartige Akteure besser schützen kann.

    Aber so zu tun als wären wir alle hilflos und das war pures Glück, daß das jemand gefunden hat? Nein, es war pures Glück, daß die richtige Person das Ding praktisch sofort gefunden hat.

    Es kann durchaus sein, daß niemand anderes Das Ding jemals gefunden hätte und wir alle am Disaster vorbeigeschrammt sind.
    Aber genausogut hätte jemand anderes das Ding eine halbe Woche später gefunden.

    Beides ist reine Mutmaßung und wir sollten nicht eine unter den Tisch fallen lassen.

    Animated gif from Halo: The red player (the communist open source developer) is teabagging the blue (nation state actor). https://knowyourmeme.com/memes/teabagging

    kubikpixel, to opensource German
    @kubikpixel@chaos.social avatar

    deleted_by_author

    •
    ixs,
    @ixs@bawue.social avatar

    @kubikpixel Kritikpunkt hier, ich finde die Einordnung falsch.

    Es ist jetzt nicht so, daß niemand anderes diese Lücke jemals gefunden hätte und wir blind in die Katastrophe gelaufen wären.

    Was aber richtig ist, daß ein einzelner Programmierer diese Lücke als erster nach 2 Tagen in einer unstable Distribution gefunden hat.

    Fette Glückwünsche an Andres.

    Eine lang vorbereitete Intelligence-Operation die mehr als 3 Jahre Akteure in Position bringt um eine Backdoor zu platzieren ist zwei Tage nach dem ersten kritischen Schritt enttarnt worden.
    Nicht vom BSI oder sonstigen Stellen die ein Milliardenbudget haben und uns eigentlich schützen sollen, sondern von einem ganz normalen Entwickler der seinen Job machte und zufällig neugierig war und mal nachschaute.

    kwf, to random
    @kwf@social.afront.org avatar

    Coworker: "Hey Kenneth, how does the reversible fan tray work on the DCS-7010TX switch? I can't quite visualize it"

    Me: immediately sends them zoom link "I'M GLAD YOU ASKED, BECAUSE I HAVE A 7010 I KEEP RIGHT NEXT TO MY DESK TO SHOW PEOPLE WITH BECAUSE OF HOW ODDBALL THIS PRODUCT IS"

    ixs,
    @ixs@bawue.social avatar

    @kwf You have a 7010T on your desk? Does that device really do 10Mbps? Has anyone checked lately that that really works?

    ixs,
    @ixs@bawue.social avatar

    @kwf I am not sure. I have a StorageTek L40 tape library that is working absolutely fine on a Procurve 2848 but does not connect at all with Arista switches we use now.
    I tried on our regular DCS-7050SX-64 but they did not like 10Mbps at all.
    I then bought us a 7010T because that one advertises !0Mbps but the connection does not really work...
    So right now we're still using the procurve as a fancy media converter. 🙈

    ixs,
    @ixs@bawue.social avatar

    @kwf Hmm. Good question, I suspect 10HDx.
    Is that the problem?

    ixs,
    @ixs@bawue.social avatar

    @kwf Hmm. Is the 7010 considered a DCS product?

    And would something like https://www.amazon.com/Gigabit-Ethernet-Converter-1000Base-Tx-Transceiver/dp/B01MG48FD5 work around the issue? Should do, right?

    jon, to random
    @jon@gruene.social avatar

    I see posts in my timeline saying “when will Germany’s politicians wake up to the threat of Trump?” (After his NATO statements)

    Scholz: never awake to anything unless forced
    Grüne: would do the right thing, but can’t always drive coalition forward on everything
    FDP: will think about saving themselves first, won’t commit to spending anything
    Merz: thinks he’s such a genius he could talk Trump around, can ignore people like Röttgen who are better

    So Germany’s non-response is rather inevitable

    ixs,
    @ixs@bawue.social avatar

    @jon The sad thing though is, that even Scholz is aware of the problem someone like Trump poses.
    Yet that does not spur him into proactive behavior. Disgusting.

    The worst part however are the pro-EU people who are hoping for Trump and that it might spur people into action...

    I find that very questionable.

    ixs, to random German
    @ixs@bawue.social avatar

    Mein Vater ist mit seinem HP LaserJet Color CP3505 unzufrieden.

    Tolles Gerät, aber leider wurden die Windows-Treiber optimiert und es druckt nur noch schwarz-weiss wenn nicht wirklich viel Farbe im Bild ist. Photo kommt in Farbe aber ein SW Brief mit farbigem Logo gibt es nur in SW.

    WTF?

    Hat jemand das schonmal gesehen und eventuell eine Lösung?

    In der Zwischenzeit wurde ein Brother MFC-L3770cdw als Ersatz gekauft. HP ist dank schlechter Treiber und Geschäftspraktiken perma-banned.

    Actions have consequences.

    image/jpeg

    jpmens, to random
    @jpmens@mastodon.social avatar

    deleted_by_author

    •
    ixs,
    @ixs@bawue.social avatar

    @jpmens Read the reading list via an API or such daily and feed it to a browser that takes screenshots and prints to PDF straight to your document management system.

    I need that too, so if you find something like that, please holler.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •