@ondrej@sury.org avatar

ondrej

@ondrej@sury.org

Speaker for the Dead Code, raging feminist, DNS Artist, tooth-fairy agnostic, male ally, skipper, my opinions are my own, not perfect, he/him/his

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jpmens, to random
@jpmens@mastodon.social avatar

@iscdotorg is the authors[] array in bin/named/builtin.c actually maintained / up-to-date? 🙂

ondrej,
@ondrej@sury.org avatar

@jpmens @iscdotorg It’s not maintained. It’s all in git now, so for me, personally, it’s not worth the work.

ondrej,
@ondrej@sury.org avatar

@jpmens @iscdotorg I won’t resist the MR. It’s even possible that the punycode would work, but then you would need dig that’s IDN capable, so probably not worth it.

I think you should be able to open MRs, don’t you?

ondrej,
@ondrej@sury.org avatar

@jpmens @iscdotorg But I would suggest that the list should probably include only people with significant contributions. And I don’t want to be the person who defines “significant”.

ondrej, to random
@ondrej@sury.org avatar

Wrong captions only…

jpmens, to random
@jpmens@mastodon.social avatar

"The [run0] tool is also a lot more fun to use than sudo. For example, by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges."

https://outpost.fosspost.org/d/19-systemd-wants-to-expand-to-include-a-sudo-replacement

ondrej,
@ondrej@sury.org avatar

@jpmens A general remark (not targeted at the late JP Mens ;)).

Polite no is sufficient. Throwing garbage at Lennart is unacceptable.

ondrej, to random
@ondrej@sury.org avatar

Enforcing “Security Questions” with set of predefined answers is DUMB, DUMBER, DUMBEST…

Oh, United, this is even beyond stupidity… Usually, I just put random strings into those answers, but if I can’t I am just not going to create the account.

I mean:
> What is your favourite pizza topic?
> What was your favourite subject at school?

The answers will definitely not be uniformly random and can be easily socially engineered…. Who the fuck, in their sane mind, thought this is a good idea?

image/png
image/png
image/png

ondrej, to random
@ondrej@sury.org avatar

These are the iKeys for the new Thales Luna HSM.

My precious!

ondrej,
@ondrej@sury.org avatar

@ondrejkolin I’m just persistent, all my conference badges have now all the correct letters.

Important? I don’t know, there’s only 7 of us in the world in the Recovery Key Share Holder key, and 21 in total holding the cryptographic material for the Root Zone DNSSEC HSMs (7 TCRs for the East coast, 7 TCRs for the West coast). Is the important? Others should decide that. I just feel humble to serve the DNS world, not important.

ondrej,
@ondrej@sury.org avatar

@underlap @ondrejkolin Absolutely, it is what you would call the the root of trust for DNSSEC.

ondrej,
@ondrej@sury.org avatar

@underlap @ondrejkolin What do you mean?

https://mastodon.rfc1925.org/@ondrej/112336632503461707

jpmens, to random
@jpmens@mastodon.social avatar

They're getting swag at the root KSK ceremony!

ondrej,
@ondrej@sury.org avatar

@jpmens You mean this swag?

https://mastodon.rfc1925.org/@ondrej/112338358007838708

ondrej, to random
@ondrej@sury.org avatar

You can watch the Day 2 of the ceremony: https://www.iana.org/dnssec/ceremonies/53-2

This KSK ceremony is quite unique. New HSMs will be introduced, and new “keys” for all TCRs will be created and distributed among COs and RKSHs.

But it will be very long and mostly boring…. Anyway, we are starting in about six hours (14:00 UTC) and you are welcome to watch (and ask questions; @paulehoffman should be present on the stream). https://mastodon.rfc1925.org/@ondrej/112333936758856763

ondrej, to random
@ondrej@sury.org avatar

They are just laughing straight to our faces…

ondrej, to random Czech
@ondrej@sury.org avatar

Když už se ti náckové ani nestydí být takhle veřejně na jednom místě, tak malá výhoda je, že má jeden aspoň přehled. Kdyby mu děti třeba chodily do kroužku k náckovi…

Akorát by se nemuseli maskovat za “Alternativa” nebo “Aliance”, stejně všichni víme, že to znamená “Nacisti” (včetně jejich voličů…). https://cztwitter.cz/@programydovoleb/112310954669273618

ramsey, (edited ) to random
@ramsey@phpc.social avatar

How do you pronounce “glibc”? (as in the GNU C Library)

Edit: I consider “gee” as pronounced with a soft G, so you might also write it as “jee.”

ondrej,
@ondrej@sury.org avatar

@ramsey @j3j5 The security fixes get uploaded to the security server by the package maintainer and the security team processes the updates. Usually, the processing is quite fast for high severity bugs, but maybe the was not enough people over the weekend? I would give it a day - but I don’t have any insider information really…

ondrej,
@ondrej@sury.org avatar

@ramsey @j3j5 Unless I am missing something, that’s why we ditched static linking and only have dynamic linking, so only service (not system) restart after an upgrade is required.

Well, until some languages like Go thought it’s a good idea to embed a security vulnerability into zillion downstream packages - complete rebuild would be needed for those languages, but not for glibc…

danyork, to random
@danyork@mastodon.social avatar

And so it begins in !

ondrej,
@ondrej@sury.org avatar

@danyork Plattsburgh is already finished…

ondrej,
@ondrej@sury.org avatar

@danyork Whole ISC is in Plattsburgh, NY as we are having AllHands in NYC this week.

ramsey, to random
@ramsey@phpc.social avatar

Oh, hey. Look at that. Someone picked up the OpenPGP HTTP Keyserver Protocol draft that expired in 2003 and started working on it again.

https://datatracker.ietf.org/doc/draft-gallagher-openpgp-hkp/

2003 version here: https://datatracker.ietf.org/doc/draft-shaw-openpgp-hkp/

ondrej,
@ondrej@sury.org avatar

@ramsey This?
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

ondrej, to random
@ondrej@sury.org avatar

Hey @b0rk, I’ve just checked man dig and it now looks like this on my macOS 14.4.1 system:

$ grep ^dig /usr/share/man/man1/dig.1
dig - DNS lookup utility

Can you check how it looks on your mac locally?

Thanks also goes to Stuart Cheshire from Apple who offered to push this through.

ondrej,
@ondrej@sury.org avatar

@b0rk I don’t mind at all. I am both happy and surprised that this change didn’t take 10 years ;).

ondrej,
@ondrej@sury.org avatar

@b0rk I believe (I hope) I checked the version installed in the system.

jakub, to random
@jakub@jirutka.cz avatar

If were a Go or Rust dependency, you wouldn’t have a single copy of xz library on your system, but many, hidden in every executable that uses it. Distros would have to rebuild all packages using that lib (not just the lib itself), which could take days or weeks, and users would have to update them all, downloading tens or hundreds of megabytes.

If you install binaries directly from vendors/devs, it’s even worse – you wouldn’t even know which ones are affected and you’d (1/3)

ondrej,
@ondrej@sury.org avatar

@jakub …but autoconf… ;)

ondrej, to random
@ondrej@sury.org avatar

I always wondered that so many people trust me with their servers, installing packages from a random person on the Internet. But in the end, the trust is the only thing we have in the open source - on so many levels.

So, if you are state actor thinking about hacking my package please attach a big fat cheque covering rest of my life, because there will be nothing left after I lose the trust. You can contact me for quote ;)))).

nixCraft, to random
@nixCraft@mastodon.social avatar

A tech company has adjusted its hiring focus to prioritize individuals with formal computer science degrees. They will no longer consider self-taught developers. What do you think? Is this a positive change? https://www.reddit.com/r/learnprogramming/comments/1bmm967/my_company_just_decided_to_stop_hiring_self/

ondrej,
@ondrej@sury.org avatar

@nixCraft This speaks more about the hiring process than about the candidates…

I am in contact with Computer Science students (Masters) and it’s a mixed bag…

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • mdbf
  • magazineikmin
  • InstantRegret
  • hgfsjryuu7
  • Durango
  • Youngstown
  • slotface
  • everett
  • thenastyranch
  • rosin
  • kavyap
  • khanakhh
  • PowerRangers
  • Leos
  • DreamBathrooms
  • vwfavf
  • ethstaker
  • tacticalgear
  • cubers
  • ngwrru68w68
  • modclub
  • cisconetworking
  • osvaldo12
  • GTA5RPClips
  • normalnudes
  • tester
  • provamag3
  • All magazines
    •