Notices by zhenech (zhenech@chaos.social)

@glyph what's an in-house mail system? A couple of users who can text each other at <user>@glyph-mansion.invalid?

@glyph I'd probably throw a Debian VM with Postfix and Dovecot somewhere in the corner and call it done, but I've also been hosting my own mail for 20 years, so maybe don't listen to me ;)

(No, seriously, if you have a way to run a VM, that's probably the easiest and most portable path, without locking you to a vendor)

@silverwizard @neverpanic https://paste.debian.net/hidden/6706dce1/ looks like yes? Also, if I deploy a key, it allows me to log in :)

Today in FUCKING FIPS LAND:

$ ssh-keyscan ippai.die-welt.net
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode

$ ssh ippai.die-welt.net
The authenticity of host 'ippai.die-welt.net (188.68.51.252)' can't be established.
ECDSA key fingerprint is SHA256:V0iohQpWv4KNHI1TXMy/RPcMSc6m0P3id7LpQKLvm9o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ippai.die-welt.net' (ECDSA) to the list of known hosts.
user@ippai.die-welt.net: Permission denied (publickey).

$ cat .ssh/known_hosts
ippai.die-welt.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIBUsKAIaR020Tom56jb/4RSSNTEeH+lKZowCE3r0kjvcONHTv99RimO1V7ke+JAHVBLlHM3R1PjwHfOmzf9CP4=

WHAT IS IT NOW?!

CAN YOU KEX OR CAN YOU NOT KEX?!

THIS IS THE FUCKING QUESTION HERE!

@neverpanic But why does `ssh` manage to work, while `ssh-keyscan` does not?

When I do `ssh -v ippai.die-welt.net` from an EL9-FIPS box, I see
```
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
```

While in `ssh-keyscan -v` I only see c25519, and that's forbidden.

USA: less DEI!!!
Fedora: moar DEI!!!

https://communityblog.fedoraproject.org/council-policy-proposal-dei-events-policy/

That's a very welcome policy proposal!

@zacchiro did you mean defosstering?

Love to unbox new hardware and the only piece of printed paper is the GPL \o/

Wo war nochmal die "ich kann jederzeit aufhören" Selbsthilfegruppe?

@itnomad automatic scratch device for things that are too close to your walking path and block it?

@itnomad ooh, you know those photo glue rollers, or tipp-ex rollers? That, but with "scheiße geparkt" film in it. And then on an expandable pole so you can mark the offenders if they are too close.

Days since the fact that Ansible runs handlers at the end of the play and not at the end of the role that triggered them broke shit for me: 0️⃣

@neil looks exactly the same but needs to be plugged in rotated by 180°?

@jpmens
color body brightgreen default "[*]?(SUCCESS)[*]?"
color body brightred default "[*]?(FAIL)[*]?"

@treibholz @jpmens People use Mutt with remote IMAP? 🤔

@gunstick BIC should only be needed for cross border transfers (I don't understand exactly why, as the IBAN already contains a bank identifier, but oh well), and yeah it seems like the German banks are just slow on supporting this.

@malwaretech name + account number here in Europe (and routing number if cross country) and it still feels like shit as stuff is not real time 🤷♀️