fsebugoutzone.org:9999

       Posts by bk2204@mastodon.social
 (DIR) Post #ATxFLfG8ZELdfW72Ku by bk2204@mastodon.social
       2023-03-24T20:26:45Z
       
       0 likes, 1 repeats
       
       @djm GitHub does implement OpenSSH&#39;s key rotation protocol.  I adopted the patch to our SSH library and we did this with the ECDSA and Ed25519 keys.  The problem is it requires a connection to the server to rotate the keys, and it&#39;s only really usable in OpenSSH 8.5 and newer, which is a tiny fraction of clients.If you have a short time to rotate due to an emergency, then most people won&#39;t have made a connection in time to rotate, and it doesn&#39;t fix things like ephemeral systems.
       
 (DIR) Post #ATxGJB1A8Ku3FdUBIO by bk2204@mastodon.social
       2023-03-24T22:43:02Z
       
       0 likes, 0 repeats
       
       @mjg59 I would love for GitHub to do this, but frankly, there are so many SSH implementations where RSA with SHA-2, AEADs, and EtM MACs are all missing, and there&#39;s just no practical chance of getting certificates implemented.  And because RSA with SHA-2 isn&#39;t implemented, there&#39;d be no secure way to sign an RSA cert even if they were.
       
 (DIR) Post #ATxJhAXDsdD6Z9c7G4 by bk2204@mastodon.social
       2023-03-24T23:21:02Z
       
       0 likes, 0 repeats
       
       @mjg59 True, but because there are clients which do support certs and don&#39;t support RSA with SHA-2, enabling them breaks lots of existing clients, including many older OpenSSH versions.
       
 (DIR) Post #Ar7isYVwGNtD0WZNvk by bk2204@mastodon.social
       2025-02-14T21:20:02Z
       
       0 likes, 0 repeats
       
       I do really wish systemd worked more nicely inside a container.  Containers seem like an ideal way to deal with integration testing things like Puppet or Ansible, but it&#39;s unfortunately harder than it needs to be.I do, after all, want to test my infrastructure before pushing it to production, both at home and at work.
       
 (DIR) Post #B2OVbYM8DsAcFixuhk by bk2204@mastodon.social
       2026-01-18T01:44:19Z
       
       0 likes, 0 repeats
       
       @futurebird Toronto still has payphones, but mostly in the subways, where they have a special button to call the police but can be used for regular calls as well.  So I said &quot;none of these,&quot; because it&#39;s technically not on the street but on subway platforms.There are also screens in the subway as well and the show time to next train, plus news and ads.  Otherwise, publicly sanctioned ads (to pay the company that does trash and recycling pickup) are static, but may be PSAs.