social.yonder.computer

Search

Items tagged with: sysadmin

CVE-2019-5736: runc container breakout (all versions) - the underlying container runtime underneath Docker, cri-o, containerd, Kubernetes, and so on

https://seclists.org/oss-sec/2019/q1/119

Patch your system ASAP.

#Linux #security #infosec #sysadmin
 
Home network failure.

Go downstairs, plug in physical cable from router switch port to laptop's Ethernet port, no response. Get serial console working, use 3G cell wifi to grab manual.

Router won't talk to me.

Find WRT54G, plug in as temp fix.

Nope. No response. >10years old, prob dead.

Go to store, buy Netgear "router," it's a bridge configured with android app. Nope!

Drive to Microcenter, buy 54G. And... nope?

New laptop ethernet dead. Old laptop, 5 min fix.

#sysadmin :flan_molotov:
 
I say this warning now because your fediverse instance's SSL certificate expiring is fatal as it stops all inbound federation traffic.

It is also one of the most common federation failure modes I have observed in my time here on the fediverse.

#sysadmin | #mastoadmin
 
My Mastodon instances use DNS-01 validation with the acme.sh [0]client. acme.sh uses my DNS provider's API to talk to my DNS provider (DNSMadeEasy) and add the required records to perform the domain validation.

acme.sh supports a bunch of managed DNS providers [1]so if you are able to use that method of DV, I recommend it, it works pretty well

[0]- https://github.com/Neilpang/acme.sh

[1]- https://github.com/Neilpang/acme.sh#8-automatic-dns-api-integration

#sysadmin | #mastoadmin
 
"TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019. Any certificates issued before then will continue to work for 90 days after their issuance date."

so yeah if there are any fediverse admins using TLS-SNI-01 validation with their Let's Encrypt ACME client, you might want to move to any of these sooner rather than later:

HTTP-01, DNS-01 or TLS-ALPN-01

#mastoadmin | #sysadmin
 
oh looks like Let's Encrypt resent the e-mail about TLS-SNI-01 domain validation being deactivated Soon (tm), this time with the domains that are using it

excellent

looks like most of these are Apache httpd + certbot from Ubuntu repositories lmao, I guess I'll replace them with acme.sh + DNS validati9on

and one of them is whatever is Synology uses for LE on my NAS so I have no control on updating that so that's no good

#sysadmin
 
I accidentally a Font Degooglifier:
https://git.occrp.org/libre/fonts-degooglifier

I was sick and tired of having to manually degooglify fonts, so I made this. Seems to work. Handles both local files and URLs.

Perhaps somebody finds it useful.

#WebDev #SysAdmin #Google
 
Whenever a web browser, operating system, or web site gains dominance among users, it stops being cool and starts becomes blatantly abusive.

This Chromium nonsense is just more of what we saw from Internet Explorer.

Every generation of geeks learns this anew, and acts all shocked. Learn some history, folks. Learn from those who came before.

Stop supporting only one platform. Variety is ESSENTIAL. Monocultures are death. #sysadmin
 
Whenever a web browser, operating system, or web site gains dominance among users, it stops being cool and starts becomes blatantly abusive.

This Chromium nonsense is just more of what we saw from Internet Explorer.

Every generation of geeks learns this anew, and acts all shocked. Learn some history, folks. Learn from those who came before.

Stop supporting only one platform. Variety is ESSENTIAL. Monocultures are death. #sysadmin
 
I've been working off-and-on about getting my linode instances managed via ansible and I'm almost to the point where I can run the scripts and not freak out.

Wondering if sysadmin ever gets to the point where you are confident.

#ansible #sysadmin
 
I just realized that we locked our WiFi router inside a completely closed server rack.And then been complaining about poor WiFi signal.

We literally locked up our router in a Faraday cage.

#SysAdmin #HardwareGore
 
I just realized that we locked our WiFi router inside a completely closed server rack.And then been complaining about poor WiFi signal.

We literally locked up our router in a Faraday cage.

#SysAdmin #HardwareGore
 
I was wondering if a guide existed for the best practices for server security when you self-host ?

Like, what steps should I take to protect my data, is fail2ban enough or not ?

Also, I would love a complete guide on backing up your server, to make it super easy ( à la time machine ) to reinstall in case of failure.

#infosec #sysadmin

:boost_ok:
 
Later posts Earlier posts