Conversation

Notices

1. Embed this notice
   Eodyne (izzod@izzodlaw.com)'s status on Saturday, 11-Mar-2023 21:38:20 JST Eodyne

   So I want to stress that I CANNOT INDEPENDENTLY confirm this but I trust my source:
   There is apparently an ongoing issue at Twitter that boils down to:
   Musk fired everyone with access to the private key to their internal root CA, and they can no longer run puppet because the puppet master's CA cert expired and they can't get a new one because no one has access. They no longer can mint certs.
   My limited understanding in this area is that this is...very bad
   #Twitter #infosec

   • Embed this notice
     feld (feld@bikeshed.party)'s status on Saturday, 11-Mar-2023 21:38:15 JST feld

     in reply to
     Puppet uses x509? Gross
   • Embed this notice
     feld (feld@bikeshed.party)'s status on Sunday, 12-Mar-2023 12:08:18 JST feld

     in reply to

     • Matt Palmer
     Salt's works fine and it's quite simple
   • Embed this notice
     Matt Palmer (womble@infosec.exchange)'s status on Sunday, 12-Mar-2023 12:08:26 JST Matt Palmer

     in reply to

     • feld

     @feld it's better than trying to design and implement their own equivalent scheme.

   • Embed this notice
     藤井太洋, Taiyo Fujii (taiyo@ostatus.taiyolab.com)'s status on Saturday, 18-Mar-2023 22:12:19 JST 藤井太洋, Taiyo Fujii

     in reply to

     @IzzoD it’s very bad, but I expect post Musk twitter doesn’t use puppet. I think they edit deployed codes, not the source.