I'm running for the EPEL Steering Committee. If I've ever helped you with EPEL, or you've enjoyed my conference presentations about EPEL, please consider voting for me.
Why must the #UX of any kind of #cryptography related tooling on our systems suck so much?
Today's task - manage CA certificates on our clusters' base-systems using #Ansible.
The canonical way on #RHEL systems seems to be, to use #p11kit's "trust" CLI.
"--help" says to use "trust list" - that sounds easy. I'll just compare those certificate serials against my desired state and then import the delta into the trust store…
But: the unique identifier of "trust list"'s output is a PKCS11 URI!
Das #BSI ist inzwischen auch aufgewacht und warnt vor dem #xz Backdoor. Das ist löblich, die Warnung selbst aber nicht ganz korrekt.
Die vielen Millionen Internet-Server laufen in den seltensten Fällen auf Bleeding-Edge-Systemen, sondern auf stabilen, wie etwa #DebianStable, #UbuntuServer, #SLES oder #RHEL. Keine der genannten Distributionen enthält den #xzbackdoor.
Ist das wieder nur schlafmütziger #Compliance Fick-Fuck einer deutschen Behörde, oder möchte man ...
This is a very cool and easy to follow story of one person's personal needs for their server.
They start with assuming they stability as high as RHEL with consistent versioning, but over time containers erases that concern so they are freed up to think about other nice things like having newer software.
If you've wondered why people use Fedora Server when CentOS and RHEL exist, this is one reason!
While everyone has been talking about #xz's backdoor I've been working on a patch for an AlmaLinux kernel vulnerability (CVE-2024-1086) that #rhel has yet to release a fix for (though #centos stream is patched). It's quite a nasty privilege escalation vulnerability so I suggest updating ASAP.
I'm back on RHEL for all my computers, I'm done messing around with weird inconsistencies and unexpected changes in updates. I love the innovation of upstream and all the wonderful madness of the bazaar, but I don't have time to drink from the fire hose these days.
I'm super grateful for all the exceptional and hard work the RHEL team at Red Hat does and the Fedora EPEL community. ❤️
@centos will be hosting an event at SCaLE called CentOS Classroom - a neat opportunity to learn more about the project from contributors. Happening Mar 14 from 2-5pm local time!
At the end there will be a packaging workshop for Fedora EPEL! Check it out if you've wanted to get into packaging but weren't sure how. @carlwgeorge's got your back. 👍
CIQ built a community on an objection to subscriber-only services, only to build a new subscriber-only service. Will their community accuse them of betraying Open Source?
More #inxi / #pinxi CPU issues, it looks like #fedora / #rhel have changed a default standard path in /sys for unknown reasons, thus breaking inxi cpu speed collection. This tripped need to do more refactors, this time to the fake cpu data debugger logic, it was not complete.
Also, a new codeberg issue pointed out that in many #Linux I can get basic RAM/RAM array data from udevadm, which appears to dump some dmi data into itself, available to user.
I got myself a refurbished „PC“ to be used as a small home server. Now should I use some variation of #RHEL like #CentOS? Or finally start using #NetBSD again?
I guess #CentOS is the more "commodity" choice these days and I won’t really have time again to hack on #NetBSD like in the good old days…