peter hessler is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

peter hessler @phessler

#OpenSSH has fully deleted SSHv1. It was disabled at run time, then disabled at compile time, and now it's completely gone.

It's been recommended to use SSHv2 for at least 10 years, so even hardware routers should be compatible.

Good riddance SSHv1, we won't miss you.

@veorq @cynicalsecurity but I am happy to get other crypto people to review, before it gets sent out to the WG.

@cynicalsecurity @veorq nah, I made sure to talk to some of the LibreSSL people first. Thankfully, the crypto side of it can be summarized as "use $standard"

spent part of the day working on a draft-rfc for ietf.

not the one I talked about, though. Heh.

this one is for #bgp security, hopefully I can send it out soon.

@redacted they can turn on privacy extensions for that. which I think basically does the above :)

@redacted yea, just the mac is a good idea. that has to be unique in the L2 domain, so it ought to be safe enough.

@redacted PRNG won't give you reproducibility which is very helpful here.

if I get 2001:db8::abcd/112, I would like to get ::abcd every time I booted the machine.

and the way slaac is handled, I push out the subnet to the client, and the client chooses which address it wants to use. if I could control it myself, it would simplify the whole project very easily.

@redacted I think that would be safe

this is to select an IP address within a specific subnet. If the subnet size changed, then it has to be unique and non-overlapping compared to all other subnets.

worst case, the normal IP anti-collision mechanism kicks in.

@saper implementations for slaac are /64 only, because the authors are lazy.

and that pisses me off.

the hash is just of Mac addresses so we can attempt to avoid collisions.

@saper Mac addresses. it is just a way to generate IPs for slaac.

lazy Mastodon: is there an algorithm/hash that outputs a selectable length hash? one way is fine, but should be stable.

I'd like the output to be 8-48 bit.

in my experience 9 times outta 10 when a guy says "I was joking / being sarcastic / being ironic / etc" after being called out for being a jerk he's just covering his ass.

you are beautiful just the way you are

Is season 11 of MST3K made to make me want a laser cutter, because its working

@cynicalsecurity that is remarkably similar to how I do my development. I still use qemu for that.

basically, filesystem "snapshots" doing copy-on-write to temp junk files. I really should sit down and work on that...

dammit. almost out of spoons for the day. it's too early for that

@cynicalsecurity hrmf. that bites.

no sysctl would help with this, it's somewhere in the code. :(