Notices by zhenech (zhenech@chaos.social)

@silverwizard @neverpanic https://paste.debian.net/hidden/6706dce1/ looks like yes? Also, if I deploy a key, it allows me to log in :)

Today in FUCKING FIPS LAND:

$ ssh-keyscan ippai.die-welt.net
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode

$ ssh ippai.die-welt.net
The authenticity of host 'ippai.die-welt.net (188.68.51.252)' can't be established.
ECDSA key fingerprint is SHA256:V0iohQpWv4KNHI1TXMy/RPcMSc6m0P3id7LpQKLvm9o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ippai.die-welt.net' (ECDSA) to the list of known hosts.
user@ippai.die-welt.net: Permission denied (publickey).

$ cat .ssh/known_hosts
ippai.die-welt.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIBUsKAIaR020Tom56jb/4RSSNTEeH+lKZowCE3r0kjvcONHTv99RimO1V7ke+JAHVBLlHM3R1PjwHfOmzf9CP4=

WHAT IS IT NOW?!

CAN YOU KEX OR CAN YOU NOT KEX?!

THIS IS THE FUCKING QUESTION HERE!

@neverpanic But why does `ssh` manage to work, while `ssh-keyscan` does not?

When I do `ssh -v ippai.die-welt.net` from an EL9-FIPS box, I see
```
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
```

While in `ssh-keyscan -v` I only see c25519, and that's forbidden.

USA: less DEI!!!
Fedora: moar DEI!!!

https://communityblog.fedoraproject.org/council-policy-proposal-dei-events-policy/

That's a very welcome policy proposal!

@zacchiro did you mean defosstering?

Love to unbox new hardware and the only piece of printed paper is the GPL \o/

Wo war nochmal die "ich kann jederzeit aufhören" Selbsthilfegruppe?

@itnomad automatic scratch device for things that are too close to your walking path and block it?

@itnomad ooh, you know those photo glue rollers, or tipp-ex rollers? That, but with "scheiße geparkt" film in it. And then on an expandable pole so you can mark the offenders if they are too close.

Days since the fact that Ansible runs handlers at the end of the play and not at the end of the role that triggered them broke shit for me: 0️⃣

@neil looks exactly the same but needs to be plugged in rotated by 180°?

@jpmens
color body brightgreen default "[*]?(SUCCESS)[*]?"
color body brightred default "[*]?(FAIL)[*]?"

@treibholz @jpmens People use Mutt with remote IMAP? 🤔

@gunstick BIC should only be needed for cross border transfers (I don't understand exactly why, as the IBAN already contains a bank identifier, but oh well), and yeah it seems like the German banks are just slow on supporting this.

@malwaretech name + account number here in Europe (and routing number if cross country) and it still feels like shit as stuff is not real time 🤷♀️

# podman network list
Error: unrecognized command `podman network list`
Try 'podman network --help' for more information
# podman network --help |grep -i list
ls List networks

Ah, yes of course!

But `podman volume list` works, and `podman image list`… (so does ls for both, as they are aliases).

# podman network ls --help
List networks

Description:
List networks

Usage:
podman network ls [options]

Examples:
podman network list

Options:
-f, --filter stringArray Provide filter values (e.g. 'name=podman')
--format string Pretty-print networks to JSON or using a Go template
--no-trunc Do not truncate the network ID
-n, --noheading Do not print headers
-q, --quiet display only names

Muhahahaha. No.