@flangey @kunsi I now have molly-guard everywhere! But in previous gigs every package was a hard sell

@wolf480pl Woah! that is useful, I hope to god I never need that but that sure is handy.

@wolf480pl oof, yeah at least LVM in theory if you are super careful with your next command (and are not using thin provisioning) you can recover the volume "easily"

@shtrom I did maintenance on my website/product today (which involved gracefully shutting down the LXC container that the website runs in), maintenance went completely fine, except i just now while trying to lxc-attach, had reverse i-search find "lxc-stop <website>"... taking down quite a lot of stuff...

@tillo I don't really even use it as a notes taking system, I'm just using it because I run the same commands all of the time, "lxc-attach <thing>"

except of course when I don't do that and dangerous commands end up in reach of i-search...

@kunsi oh god I used to do this all of the time as well, especially painful when you do this to something like a HP/HPE because they seem to take an entire century to POST/reboot

It has been zero days since .bash_history and my overconfidence use of "reverse-i search" has nearly killed me

@rreverser.com dear santa...

@wolf480pl tbh I would argue why bother with DNSSEC (outside of extremely marginal situations), but NSEC3 even more

@wolf480pl tbh domain's are not really that secret, and if you depended on that then something was very wrong.

You can work around a lot of this stuff by "just" using wildcard certs instead

@wolf480pl the point of certificate transparency logs is so that outside observers can do the double-checking of the CAs certificate and policy in full, if you mess with any part of this, the entire system becomes deeply exploitable and difficult to end to end verify

@wolf480pl yeah and I guess it's a non terrible way of "seeding" a "search engine"

lol.

I minted a new TLS cert and it seems that OpenAI is scraping CT logs for what I assume are things to scrape from, based on the near instant response from this:

Dec 12 20:43:04 xxxx xxx[719]: 
l=debug 
m="http request" 
pkg=http 
httpaccess= 
handler=(nomatch) 
method=get 
url=/robots.txt 
host=autoconfig.benjojo.uk 
duration="162.176µs" 
statuscode=404 
proto=http/2.0 
remoteaddr=74.7.175.182:38242 
tlsinfo=tls1.3 
useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.3; robots.txt; +https://openai.com/searchbot" 
referrr= 
size=19 
cid=19b14416d95

@flacs well, a secret never to be told I guess

@Tenzer an exercise of ones own imagination/internal bias :P

@ozone89 work (bgp.tools), to be fair I suspect the door setup was the one that killed it ( https://benjojo.co.uk/u/benjojo/h/M7hd6HQR914W5ZTt36 )

Today I learned first hand that it is actually possible to break (by mistake rather than doing it on purpose) an mpo breakout cable

If I shine a light through the cable it seems to be fine, but I suspect it is broken for the wavelengths that actually matter

@imyxh I'm sure Israel would have some OSA type thing if the idea catches on elsewhere

The year is 2035 and all countries now have some kind of online safety act that prevents people from accessing any kind of societal ill (of which is subjective to each individual country)

Apart from "DontGiveAShitastan" who's suspiciously leads the world in VPN companies

@hisold @wolf480pl When ASPA enforcement becomes more widespread then doing AS0 will impact traffic, but we are likely 2~ years at least until that happens