People say this place is a street.
But they behave like it's their living room.
While in reality, it's a soapbox on the main square.
Meanwhile all I wanted is a watercooler.
Theory:
1. Reinvent a square wheel
2. Understand what's so hard about making wheels
3. Observe how a round wheel someone invented a while ago performs better than your square one.
4. Appreciate the brilliant and simple solutions to all wheel design issues that a round wheel implements.
5. Throw away your square wheel.
Practice:
1. Reinvent a square wheel
2. Push it to production
ok, turns out RFC 8996 has some pretty good reasons, one of which is the use of SHA-1 in the handshake.
https://tools.ietf.org/html/rfc8996
I just hope they won't drop TLS 1.1 and 1.0 code from libnss and openssl because of embedded web UIs in routers, servers' out-of-band management, and the like.
@wolf480pl RFC 8996, states that ServerKeyExchange and CertificateVerify signatures can't be hashed by anything stronger than SHA-1 or MD5 + SHA-1 in tls 1.0 and 1.1.
So disabling specific ciphersuites server or client side still opens you on the mitm attacks
How to use git.sr.ht's send-email feature https://spacepub.space/videos/watch/ad258d23-0ac6-488c-83fc-2bacf578de3a
Can someone remind me why the fuck we're deprecating TLS 1.1?
From what I remember, for POODLE, BEAST, and the like, all you need to do is disable SSLv3 and some ciphersuites, and you should be safe... and those made the news long time ago and we disabled those ciphersuites and everything was fine.
Why does Firefox want to disable TLS 1.1 now?
wlroots has dropped all of its session code in favor of libseat!
https://github.com/swaywm/wlroots/pull/2839
Next up is Weston, it got initial support for libseat a few days ago.
oh, so GTC (the MAC layer of GPON) is sane because they pushed all the nastiness into OMCI (the management protocol)
https://www.itu.int/rec/T-REC-G.988-201711-I/en
btw. according to the definitions here, the difference between ONU and ONT isn't that the former one is programmable and the latter isn't.
It's that ONT serves a single customer, and ONU may or may not serve multiple customers.
So ONT is an ONU, but a DSLAM with GPON uplink is also an ONU (but not an ONT).
Here's a picture showing what points A, B and C are in this context (source: BEREC).
Most ISPs I've seen have NTP de-facto at point C, which is the worst.
FSFE thinks it should be at point A, but IMO that's a hassle, and point B would be more convenient.
As long as ISPs provide modems separate from routers, point A would be fine by me as well but I have a feeling they won't.
I just finished filling FSFE's recent router freedom survey and it made me dug up all my anger about their insistance to put Network Termination Point between ISP's network and Modem (point A) as opposed to between Modem and Router (point B)
CompSci TA at Uni of Warsaw
Linux nerd, sysadmin
Likes The Unix Way
π¬π§π΅π±(π―π΅ a bit)