Notices by zhenech (zhenech@chaos.social)

@dalias How much do the normal cylinder refills cost in the US? The 425g ones go for something like 5-6€ here in DE. And given the patent for the screw-able is expired, every store has it in their own brand, not paying Sodastream a dime. (Yes, 13€/kg is not $20/2.3kg, but still not too bad, IMHO)

Or is that the (proprietary, still patented) click system you run?

Self-OH: We're in the "burning the planet actually costs money" finding-out phase.

@cwebber isn't that what https://feedsin.space/ does/is?

I have set it up for my site (see https://feedsin.space/feed/die-welt.net) but without the reply aggregation it's not as useful as I hoped it'd be for me as the author.

@glyph what's an in-house mail system? A couple of users who can text each other at <user>@glyph-mansion.invalid?

@glyph I'd probably throw a Debian VM with Postfix and Dovecot somewhere in the corner and call it done, but I've also been hosting my own mail for 20 years, so maybe don't listen to me ;)

(No, seriously, if you have a way to run a VM, that's probably the easiest and most portable path, without locking you to a vendor)

@silverwizard @neverpanic https://paste.debian.net/hidden/6706dce1/ looks like yes? Also, if I deploy a key, it allows me to log in :)

Today in FUCKING FIPS LAND:

$ ssh-keyscan ippai.die-welt.net
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode
# ippai.die-welt.net:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode

$ ssh ippai.die-welt.net
The authenticity of host 'ippai.die-welt.net (188.68.51.252)' can't be established.
ECDSA key fingerprint is SHA256:V0iohQpWv4KNHI1TXMy/RPcMSc6m0P3id7LpQKLvm9o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ippai.die-welt.net' (ECDSA) to the list of known hosts.
user@ippai.die-welt.net: Permission denied (publickey).

$ cat .ssh/known_hosts
ippai.die-welt.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIBUsKAIaR020Tom56jb/4RSSNTEeH+lKZowCE3r0kjvcONHTv99RimO1V7ke+JAHVBLlHM3R1PjwHfOmzf9CP4=

WHAT IS IT NOW?!

CAN YOU KEX OR CAN YOU NOT KEX?!

THIS IS THE FUCKING QUESTION HERE!

@neverpanic But why does `ssh` manage to work, while `ssh-keyscan` does not?

When I do `ssh -v ippai.die-welt.net` from an EL9-FIPS box, I see
```
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
```

While in `ssh-keyscan -v` I only see c25519, and that's forbidden.

USA: less DEI!!!
Fedora: moar DEI!!!

https://communityblog.fedoraproject.org/council-policy-proposal-dei-events-policy/

That's a very welcome policy proposal!

@zacchiro did you mean defosstering?

Love to unbox new hardware and the only piece of printed paper is the GPL \o/

Wo war nochmal die "ich kann jederzeit aufhören" Selbsthilfegruppe?

@itnomad automatic scratch device for things that are too close to your walking path and block it?

@itnomad ooh, you know those photo glue rollers, or tipp-ex rollers? That, but with "scheiße geparkt" film in it. And then on an expandable pole so you can mark the offenders if they are too close.

Days since the fact that Ansible runs handlers at the end of the play and not at the end of the role that triggered them broke shit for me: 0️⃣

@neil looks exactly the same but needs to be plugged in rotated by 180°?

@jpmens
color body brightgreen default "[*]?(SUCCESS)[*]?"
color body brightred default "[*]?(FAIL)[*]?"