Notices by Stefan Eissing (icing@chaos.social)

CVEs are now called Jerries and are classed with up to five Llamas.
🦙🦙🦙🦙🦙

@ariadne Stein’s Corollary:

„If something is not distributed, it will stop.“

@bagder @briankrebs @GossiTheDog it seems a small step to just have CNAs own a permanent, published number range or prefix and an RSS feed. (which history teaches us will end up in DNS)

Anyone interested can then build their own database.

Let‘s Encrypt describing their ACME profiles in detail:

‚classic‘: 90 days, all as before
‚tlsserver‘: 90 days, smaller certs, cut lean for its server role and modern clients
‚shortlived‘: ~6 days, otherwise like ‚tlsserver‘

If you have no idea what the mentioned TLS extensions are about, do *not* configure a profile. But if you do, use classic.

If you have a rough idea and serve modern clients, tlsserver cuts some bytes and the auth process is tighter.

https://letsencrypt.org/docs/profiles/

„The GNU Project distributes most of its manuals in the Info format, which you read using an Info reader. You are probably using an Info reader to read this now.“

🧐Is that the GNU term for a browser?

https://www.gnu.org/software/emacs/manual/html_mono/info.html

@jacksonchen666 @hertog @catsalad
The noise levels in the open office spaces finally reflect the industrious production that is going on!

You have 2 parents. Their parents make 4 grandparents. Which also had parents, giving you 8 grandgrandparents.

Doubling every generation, 25 years, then in Year 0, the human population on Earth must have bern:

2^80 or a Septillion of people. 💁🏻♂️

Me: "At the end of the year, I always put some more cash in my wallet."
Them: "Hu! You work in IT infrastructure, too?"

Todays xkcd explained here: https://en.wikipedia.org/wiki/Bouba/kiki_effect
Thanks, Randal!

https://xkcd.com/3025/

Yesterdays link to the Let‘s Encrypt blog dragged in some people who seem to think that CAs are unnecessary or even evil.

LE is s very small group who set out to improve the terrible CA situation and the fucking middle box corruptions.

They did that successfully with a budget that a medium sized city spends on its department for car license plates.

So, my advice: don‘t yell at people who made the world somewhat better or you‘ll soon run out of ones who try.💁🏻♂️

If you ever wanted to rewrite a project like curl in Rust, this is the weekend you‘ve been waiting for!🤗

@ariadne
1990s: art install (cyberpunk)
2000s: inf system (beta)
2010s: art install (post-truth)
2020s: inf system (layoffs)

Mastodons, we have attracted all cat-loving individuals on the planet. If we want to grow further, we need to diversify!

In coordination with @Gargron , the Mastodon Post Office has lifted the ban on other cute animals till the end of the month. Even without CW.

It will take some time for all of us to adjust. A picture scrolling in that turns out to only show a dog or an otter - it won‘t be easy. But we can do it!

Lets Encrypt on its plan to abandon OCSP.

https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html

Yep, Stockholm.

I have not heard about rich people replacing their tax consultants with AI.

Which should be easy for a chat AI to do, filling out some forms.

Wonder what is holding that back?🤔

„Oh, I write software!“
„Me too!“
„Can we share?“
„We should share it with everyone!“
„That is so great!“
„For free! Everyone should be free!“
„For free!“

…

„It‘s a joke what these FOSS guys are doing!“
„In-ad-e-qu-ate!“
„We have trillion dollar businesses built on this stuff. What were these guys thinking?“
„Irresponsible!“
„Maybe if we make them feel guilty….?“
„Worth a try!“

According to the US government, the world would be a better place if everything were written in:

„Rust, Go, C#, Java, Swift, Python, and JavaScript„

In the curl project, we should use all of them. Combine their strengths. Like in Damascus Steel.

The CVE thing gets sillier every month.

On one hand you have the laziness of Mitre and friends to add any silly CVE claim, unless someone like @bagder pushes back using days of his precious time

Otoh, there are these „super CVEs“ which apply to several projects and people demand coordinated rollouts on specific dates to limit exposure. But most projects don‘t work that way.

And I‘m not sure why unpaid people are putting in extra effort to protect business interests, myself included.

@filippo never used that. Have to give it a try.