Miek Gieben

finally

*** Livepatch has fixed vulnerabilities in the running kernel. If there is a new kernel available, upgrade and reboot ***

It does something!
#ubuntu

if you need to yell in your code comments: ` // VARIABLES` maybe the thing you're pushing isn't as good as you think

Oh man, dashboard as code https://perses.dev/perses/docs/dac/go/dashboard/

#sigh I just want files, not actual (Go) code, like so https://miek.nl/2023/december/28/graaf/

Wake me up when I can run a database in Kubernetes

Go doesn't support \DDD and not even \X in dns names...
https://cs.opensource.google/go/x/net/+/master:dns/dnsmessage/message.go;l=1976;drc=9a296438e54dff851a45667aa645a97003b44db5

lol `errNilResouceBody`

didn't know the Go std lib, uses x-packages

"golang.org/x/net/dns/dnsmessage"

seems weird

IETF's errata page should warn that the text you errate(?) against has seen several centi-threads of discussions

Better yet, rfc should just link to the relevant email discussion in each paragraph

Some people just want to see the world burn 🔥

#rust #golang #emacs #vim #python

TIL git ls-remote

and this is how to check out a pull request from codeberg.org

codebergpr = "!f() { pr=$(basename $1); git fetch origin refs/pull/$pr/head:pr-$pr && git checkout pr-$pr; }; f"

#git

Go for Python Programmers This book is intended to provide a solid introduction to the Go language for experienced Python programmers.

🔍 / #software / #python / #golang

Go for Python Programmers

This book is intended to provide a solid introduction to the Go language for experienced Python programmers.

🐱🔗 https://laravista.altervista.org/CatLink/links/440

#catlink #softwarepython #softwarepythongolang

Google oss fuzz fuzzes my projects. Useful reports usually. Don't mind it. Quit like it. Saves me from running my own fuzzing infrastructure.

#go #dns

If you say have a giant caddy proxy in front of websites that does TLS and proxying. What protocol do you use for communicating with the backend website. Also https or plain http, ipsec or other tunneling?

Performance tuning for plugin/file (#7658) · coredns/coredns@deae7ec * plugin/file: improve performance of function tree.less(..) PrevLabel always begins its iteration from the tail of domain name. less(..) loop can improve its performance by calling PrevLabel star...

fucking brilliant

https://github.com/coredns/coredns/commit/deae7ec3455ec11fc4ddf89f868507f562cc40d3

#go #dns

Ported: https://codeberg.org/miekg/dns/pulls/398
(one of the reason I wanted Sort in the main lib - faster for all consumers)

Ok, submitted erata for rfc 8765, didn't prose new text, was more of a what the fuck were you thinking
(and some factual errors). We'll see where this ends

atomdns,yes: issuer -> issue for CAA · 6f870d4fe7 Version bumb Signed-off-by: Miek Gieben

relevant context: https://codeberg.org/miekg/dns/commit/6f870d4fe7ad5855f97f75f628839794d5c016ca

RFC 8659: DNS Certification Authority Authorization (CAA) Resource Record The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public CA to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by CAs. This document obsoletes RFC 6844.

Let there be the CAA record https://datatracker.ietf.org/doc/html/rfc8659 and to make it easier it will have free-form text, so typos will impact your security as $DEITY intended!

(Just had 'issuer' instead 'issue' and shit broke)

#dns #go

USN-7867-1: sudo-rs vulnerabilities | Ubuntu security notices | Ubuntu Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

Via a colleague

https://ubuntu.com/security/notices/USN-7867-1

WTF LMAO

#sigh

I looked at ruby before Go was a thing, and they had like 5 stable versions going at that time (2011?). I immediately gave up. Also didn't feel like a proper departure from Perl (and C)

Luckily Go showed up a year later

Can you synthesize DELEG records from plain NS record?
If so, I can, for un-signed zone, just write a DELEG middleware that intercepts the referral and makes it DELEG.

#go #dns #deleg

dso - dns stateful operations - there more I look the worse it gets. RFC 8765...

https://datatracker.ietf.org/doc/html/rfc8765#name-push-message-2

what if we don't use normal RRs, but instead make the RR the rdata of the tlv-shit we just invented?

The list of RRs (from 1035!) that are […]

@jonburkeUK You can’t afford a coal mine. You can’t afford a gas turbine. You can’t afford an oil rig. Only fossil fuel states and billionaires can. But you can afford a solar power station on your roof. Now, ask yourself why you encounter so much anti-renewable energy propaganda.

Tesla says shareholders approve Musk's $1 trillion pay plan with over 75% voting in favor Tesla shareholders approved CEO Elon Musk's historic pay package at the company's annual shareholders meeting in Austin, Texas.

This article explains how Musk’s ridiculous pay is tied to achieving various benchmarks for Tesla.

So even more so than before, Musk’s money is tied to Tesla.

If Tesla does badly, Musk is hurt.

You know what to do, world.

The shareholders brought this on themselves. #TeslaTakedown

New Komoot app. Some things aren't loading anymore... Enshitification has begon.... Shit now what. GDPR to get data out en then....?

TIL about neovim's statuscolumn

going with this from the manual:

set statuscolumn=%@SignCb@%s%=%T%@NumCb@%l\ \ %T

#neovim

@jtk servers blindly checking dsn wildcard names from tls certs?

Big groups, small groups, it doesn't matter, DNS sucks for all

I don't think nsec3 hashing ever worked properly in miekg/dnsv1... which has been around for 15+ years, but noone noticed or used that functionality...

I appreciate the foresight of the NSEC3 folks (RFC 5155) to make it impossible to upgrade the hashing algorithm thereby guaranteeing the record is almost obsolete. This should be done to more records.

Here's a toast to getting rid of the dumbest idea to hit DNSSEC!

(other hits include […]

lame