@geerlingguy What I love about ARM boards is their low power consumption and the fact that you don't need any fans in idle mode. What I really hate is that there is always some compromise (speed of the NIC, availability of PCIe 4.0, USB Ports limited to 5 GBit/sec) holding them back. Even the most potent non-server FF board I know comes only with PCIe 3.0 and 1 GBit/sec NIC. I wish someone would make a "pull out all stops" board for enthusiasts. Hopefully, we can get something with A78/X1 cores.
We've released #PuTTY version 0.81. This is a SECURITY UPDATE, fixing a #vulnerability in ECDSA signing for #SSH.
If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.
Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.
@simontatham Hi and thanks for the quick bugfix. From what I know, ecdsa-sha2-nistp521 has never been the default key type in Puttygen, so "normal" keys (mostly ssh-rsa and ssh-ed25519) should be fine?
TL;DR: If your SSH key is of the ECDSA type with a key length of 521 bits, make a new one and take care to remove the public key belonging to the burned one from all authorized_keys files. Luckily, ecdsa-sha2-nistp521 is (AFAIK) not the default if you used ssh-keygen or PuttyGen with the default settings. https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
"The good news: the only affected key type is 521-bit ECDSA. That is, a key that appears in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the 'Key fingerprint' box, or is described as 'NIST p521' when loaded into Windows Pageant, or has an id starting ecdsa-sha2-nistp521 in the SSH protocol or the key file. Other sizes of ECDSA, and other key algorithms, are unaffected. In particular, Ed25519 is not affected. "
I was considering replying to this comment on the “please update xz package” bugreport earlier with that the discussion is not irrelevant and that it’s the maintainer’s responsibility on new upgrades to check for new legal issues and “other hidden gems”.
I didn’t because I didn’t want to bother going in with an annoyed self-righteous “user”.
Now it turns out all three of the involved ones were “string + number @ freemailer” #JiaT75 sockpuppets, so it’s probably okay I didn’t bother.
Not that I blame Sebastian — it was very well hidden, and even my usual diffing between old and new version would not have found it.
I do take away from this to also check the diff between VCS repo at the time of the release and release tarball. Perhaps also between branch and tag if they, like Apache Tomcat, introduce extra commits there.
@mirabilos What I do at work (mostly because I don't want to end up with test code/test artefacts in production binaries): I build each component twice in my build pipeline. All tests are run this first time, but I discard the output. Then, I do a fresh checkout, delete all test code, and then compile everything again, using the build output for packaging. Would that have helped in the current scenario? So far, I understand the malicious payload was disguised as test data.
That's the "good stuff". Stuff that's held back by paper filters. But not so by cloth or metal filters. It is flavour. It is nuance. It is depth. It is character.
Paper filters rob this from your cup of coffee. Every single one of them.
@jannem@gbraad@coffeegeek@coffee This discussion (and the sensible argument on both sides) made signing up for the Fediverse already worth it. Thank you guys! <3
@campuscodi Judging by the ongoing ensh*ttification of both their Jira and Confluence flagship products, the question remains: Could a wiped out Jira/Confluence instance end up being better for everyone involved? </sarcasm>
These days, I prefer to steer clear of Google whenever possible. It seems like whenever they come up with something impressive, there are only two outcomes:
They end up discontinuing it.
They end up ruining it somehow.
Whenever I purchase something promising from Google, I can't help but anticipate its eventual demise.
@atomicpoet I think that Google, while being "screwed" in general, is not homogenous. A positive example is a new support policy to their smartphones that gives you seven years of security updates, allowing you to keep the same device and reduce electronic waste a little. https://support.google.com/pixelphone/answer/4457705?hl=en#zippy=%2Cpixel-pro (edited this post to correct a typo)
@nixCraft Using btrfs for big and small systems for 10 years now, with zero problems. Stopped using Red Hat Enterprise Linux for new systems because they started to boycott btrfs with RHEL 8. Never looked back.
AfD-Politiker und Richter Jens Maier auf ganzer Linie gescheitert
Der frühere AfD-Bundestagsabgeordnete Maier sieht sich ungerecht behandelt, weil er nicht in sein Amt als Richter zurückkehren konnte. Doch der Bundesgerichtshof bestätigte heute: Das Richterdienstgericht hat keine Fehler gemacht. Von Max Bauer.
“we can’t find any good candidates for this role” you’re auto-rejecting people with 20 years experience because they don’t have a degree and then AI-sorting the rest by how Jared their name is
@0xabad1dea@brohrer After an exhaustive analysis (sample size: 1), I found out that people who enjoy Final Fantasy video games and programming Perl make great DevOps engineers (jk)