Notices by F. Maury ⏚ (x_cli@infosec.exchange)

Donc l'#ANSSI sort un guide sur la sécurisation des serveurs ACME.

**PAS UNE mention de DNSSEC**

Fucking amateurs

#infosec #acme #cybersecurity

@solene
Nope. Not IPv6 related 😉

Check your #DNS skills:

On GNU/Linux:

ping broken-by-design.fr => name resolution OK

resolvectl query broken-by-design.fr => name resolution OK

wget https://broken-by-design.fr => Temporary lookup failure

apt update => Temporary lookup failure

What did the user (sudoer) change on their system to break it?

For those of you on Atomic Desktops (Fedora Silverblue) wanting to run Signal Desktop and not trusting the non-official flatpak (which is broken anyway...): you can install Signal Desktop on a toolbox.

toolbox create -d ubuntu -r 24.04
toolbox enter ubuntu-toolbox-24.04
<run the commands to install signal desktop as indicated by the Signal website>
apt update && apt install -y alsa

and boom ! You can run Signal Desktop!

Toolbx is an excellent tool, including for running applications with graphic displays. Audio and video calls work too!

@solene Random noise can be nullified given enough input data. Sounds inefficient.

@soatok Out of curiosity, would you please care explaining to me why you consider DNSSEC to be off-limits? I believe it is a key component to secure the ACME protocol, which is the basis of so many modern PKIs. I wouldn't know how to do in it without DNSSEC.
This is not me trying to evangelize about it, but trying to understand what are the alternatives? Do you consider that ACME is a mistake?

@ryanc Yeah, but at the same time, the concurrent protocols was using ASN.1. So yeah. SMTP is kinda cool in regard.

@Mer__edith
Yet, the flatpak is said to be published "by Signal Foundation". If that's not the case, the package is usurping Signal Foundation identity and people using Flatpak oriented distros are targeted by this usurper. Can you request a takedown, please?
@apicultor @briankrebs

@soatok It also shows a complete lack of understanding of the mindset of cryptographers.

Cryptographers call cryptanalysis breaking a few rounds of AES. They deprecate hashing algorithms at the first sign of weakness. I mean, MD5 has still no 2nd preimage attacks but the general recommandation is not no longer use it, even if this property still holds.

Cryptograhers do not wait for a vulnerability to be dramatically practical to raise flags. It just is the way it works. They take no chance, and I feel safer that way.

People need to understand that.

@ryanc
Maybe they are not sure about your partner gender and neutral is neutral?

@feditips
Thanks. I did not know about that sort of groups.
One drawback I see is that such groups are centralized. If the provider goes dark, members would lose everything. Hashtags are decentralized by nature and thus would be more resilient. Am I missing something?

@jerry I am strongly against this kind of lists. I chose this instance because I trust your judgement and your moderation policy. Outsourcing censorship feels dangerous.

@feld @jerry I do not. Open networks are bound to fail. The issue is with open networks as a concept.

@cafkafk @feld @jerry Can you please name one open network of significant size that is not crippled by spam, please?