Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:01:28 JST Ignas Kiela
- Wolf480pl
- Tulip ?️‍⚧️
@domi@donotsta.re @wolf480pl@mstdn.io I usually don't like the "if it's not FOSS it's trash" argument, but I think it's fair to argue that TLS updates breaking compat with older devices is mostly a problem of said older devices being proprietary-only, with no (good) way to update the software beyond what the manufacturer supports. There is no technical reason why 3DS couldn't support newer TLS versions, it's just because the vendor abandoned the otherwise very usable device and left no way to update it. Plenty of otherwise ancient machines, some older than 3DS, can and do surf the web without TLS problems, because they could just be updated to support the updates in security, which to me shows that it's more of a problem in the vendor of the device, rather than the TLS protocol.

In conversation about 2 months ago from not.acu.lt permalink
- Fish of Rage likes this.
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 24-Mar-2025 07:12:11 JST Haelwenn /элвэн/ :triskell:
  in reply to
  - Wolf480pl
  - Tulip ?️‍⚧️
  @wolf480pl @ignaloidas @domi Given software repos don't require https (would be terribly useless) and instead packages are signed: Yes.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 24-Mar-2025 07:12:12 JST Wolf480pl
  in reply to
  - Tulip ?️‍⚧️
  @ignaloidas @domi
  what if I gave you an machine with Ubuntu 8.04 that hasn't been turned on for 15 years, with openssl 0.9.8 and expired ca-certificates?
  Would you be able to get TLS 1.2 working on it?
  
  In conversation about 2 months ago permalink
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 24-Mar-2025 07:18:18 JST Haelwenn /элвэн/ :triskell:
  in reply to
  - Wolf480pl
  - Tulip ?️‍⚧️
  @wolf480pl @domi @ignaloidas Yeah not 100% but pretty damn close.
  The only reason is works differently for distro packages is because the package hosts are third-party (and so not where trust should be asserted) *and* there's end-to-end signatures in place.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Wolf480pl (wolf480pl@mstdn.io)'s status on Monday, 24-Mar-2025 07:18:19 JST Wolf480pl
  in reply to
  - Haelwenn /элвэн/ :triskell:
  - Tulip ?️‍⚧️
  @lanodan @domi @ignaloidas
  Which kinda proves the point that not everything should redirect http to https :P
  
  In conversation about 2 months ago permalink
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 24-Mar-2025 07:24:04 JST Haelwenn /элвэн/ :triskell:
  in reply to
  - Wolf480pl
  - Tulip ?️‍⚧️
  @ignaloidas @wolf480pl @domi Yeah pretty much, although I wouldn't mind sharing bandwidth back. (I thought few times about doing mirrors but hurgh, storage and availability)
  
  In conversation about 2 months ago permalink
- Embed this notice
  Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:24:06 JST Ignas Kiela
  in reply to
  @lanodan@queer.hacktivis.me @wolf480pl@mstdn.io @domi@donotsta.re package mirrors is essentially like torrents but without the sharing stuff part
  
  In conversation about 2 months ago permalink
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 24-Mar-2025 07:28:57 JST Haelwenn /элвэн/ :triskell:
  in reply to
  - Wolf480pl
  - Tulip ?️‍⚧️
  @ignaloidas @wolf480pl @domi Heh, I have cron.daily start at something random like 3:23 am
  
  In conversation about 2 months ago permalink
- Embed this notice
  Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:28:58 JST Ignas Kiela
  in reply to
  @lanodan@queer.hacktivis.me @wolf480pl@mstdn.io @domi@donotsta.re also, while it wouldn't fully eliminate the problem, but it would certainly help the "all of the servers start their auto-updates at exactly midnight and overwhelm some mirror" issues, as they could share parts between them.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:29:00 JST Ignas Kiela
  in reply to
  @lanodan@queer.hacktivis.me @wolf480pl@mstdn.io @domi@donotsta.re yeah, I would happily do torrents too for the packages sitting in my machine cache, while setting up a full mirror is a big commitment
  
  In conversation about 2 months ago permalink
- Embed this notice
  Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 24-Mar-2025 07:34:46 JST Haelwenn /элвэн/ :triskell:
  in reply to
  - Wolf480pl
  - Tulip ?️‍⚧️
  @ignaloidas @wolf480pl @domi Yeah, I think it's something distros should modify to some random value.
  Although if you really have a lot of machines you ought to setup either a local mirror or a caching proxy.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:34:48 JST Ignas Kiela
  in reply to
  @lanodan@queer.hacktivis.me @wolf480pl@mstdn.io @domi@donotsta.re the problem comes up when you have a bunch of servers/VMs that all are automatically brought up / created from the same base image, and nobody bothers to change that.
  
  The proper solution is to: have a random delay step before actually running the update and if needed, have your own mirror.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Ignas Kiela (ignaloidas@not.acu.lt)'s status on Monday, 24-Mar-2025 07:44:30 JST Ignas Kiela
  in reply to
  @lanodan@queer.hacktivis.me @wolf480pl@mstdn.io @domi@donotsta.re I think now the defaults do have the random delay step, but people do change it for no reason and then have angry mirror sysadmins block their IP ranges
  
  In conversation about 2 months ago permalink
  
  Haelwenn /элвэн/ :triskell: likes this.

Feeds