JP Mens @jpmens@mastodon.social
- https://twitter.com/jpmens
- Blog
- https://jpmens.net
Small-scale fiddler, enjoys doing & teaching. Wrote a thick book on FLOSS DNS servers. Dreamed up @OwnTracks over MQTT. Ansible with NOCOWS=1. Loves plain text. I (re-)toot in several languages. https://jpmens.net
Joined Apr 2017
JP Mens
boosted
M. et Mme Hitler ont un fils. Comment l'appellent-ils ? https://fr.news.yahoo.com/adolf-hitler-elu-conseiller-regional-en-namibie-135820546.html
Unbound 1.13.0 released
Along with various fixes, new features are upstream TCP and TLS query reuse, where a channel is reused for several queries, as well as unencrypted DoH, useful for back-end support servers
https://www.nlnetlabs.nl/news/2020/Dec/03/unbound-1.13.0-released/
When did Windows-type syntax invade Linux?
Apart from this not working here, and please don't ask me why because I don't know, I really miss systems where I can just edit a file and have it do what I say.
Oh, wait:
echo "nameserver ::1" > /etc/resolv.conf
chattr +i /etc/resolv.conf
I fixed it for myself, thanks. 😎
JP Mens
boosted
For the love of troff:
>>The state of Unix documentation has not advanced for decades. The venerable man page remains the backbone[..].
This paper reviews the state of the art, and critiques the variety of documentation systems in current use. It explores why new systems were invented, which are currently fashionable, and suggests a path to a better, unified documentation system based whollyand solely on troff.<<
Still a great FUBAR: the Xerox scanners that change data: "David Kriesel: Traue keinem Scan, den du nicht selbst gefälscht hast" (in German) https://www.youtube.com/watch?v=7FeqF1-Z1g0&feature=youtu.be
Paul Mockapetris (@svnr2000), co-inventor of the Domain Name System, talks about how DNS grew from an undesirable computer science experiment to one of the critical services that makes the Internet what it is today. https://networkcollective.com/2018/01/hon-dns-origins/
Development of the Domain Name System, Mockapetris, Dunlap, 1988 ACM https://cseweb.ucsd.edu/classes/wi01/cse222/papers/mockapetris-dns-sigcomm88.pdf #historic
Naming the Net: The Domain Name System, 1983-1990 https://gade.us/thesis/naming-the-net.pdf
they: "Yay, I got my €500 device today!"
me: "curious to hear your report"
they: "packaging is thoughtfully made"
they: "form factor is really nice"
me: "..."
NLnet Labs has built a prototype standardised DNSSEC Key Signing Ceremony, consisting of both documentation to help design a ceremony and tooling to integrate the ceremony in a DNSSEC signing toolchain. https://blog.nlnetlabs.nl/supporting-dnssec-key-signing-ceremonies/
JP Mens
boosted
RFC 8945: Secret Key Transaction Authentication for DNS (TSIG)
Le #DNS a des vulnérabilités à plusieurs endroits, notamment des risques d'usurpation, qui permettent de glisser une réponse mensongère à la place de la bonne. #TSIG, normalisé dans ce RFC (qui remplace le RFC 2845), est une solution de vérification de l'intégrité du canal. TSIG est surtout utilisé entre serveurs DNS maîtres et esclaves, pour sécuriser les transferts de zone.
Everything has limits, including software systems. When you hit these limits, bad things can happen. https://github.com/lorin/limits
DNSSEC signing with BIND >= 9.16 doesn't get easier than this: https://securityblog.switch.ch/2020/12/01/dnssec-signing-your-domain-with-bind-9-16/ (/via @seckle_ch)
In this particular case, it's dns-not-so-work. 😜
https://gist.github.com/jpmens/43698519e8ef7f5f7f0473b49b6f0cd4
A tiny MQTT-powered dashboard and control center that sits on your desk. https://hackaday.io/project/176041-deskmate (https://github.com/rbaron/deskmate) #esp32 #mqtt #tasmota
unix50.org is a service of the SDF Public Access UNIX System. When you connect you'll be able to CREATE and DESTROY an entire UNIX system on a whim. Use unix50.org to learn about old and significant versions of UNIX on emulated hardware. https://unix50.org
octoDNS: DNS as code - Tools for managing DNS across multiple providers https://github.com/github/octodns/ story: Enabling DNS split authority with OctoDNS https://github.blog/2017-04-27-enabling-split-authority-dns-with-octodns/
Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up
If Cloudflare, AWS, or GoDaddy go down, around 40% of the Alexa Top 100,000 websites will also go down with DNS resolution problems.
Somebody wrote "MTB", and I thought "Motor Torpedo Boat", but he meant "mountainbike"
- https://twitter.com/jpmens
- Blog
- https://jpmens.net
Small-scale fiddler, enjoys doing & teaching. Wrote a thick book on FLOSS DNS servers. Dreamed up @OwnTracks over MQTT. Ansible with NOCOWS=1. Loves plain text. I (re-)toot in several languages. https://jpmens.net
Joined Apr 2017
Server run by the main developers of the project 
It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!