Toots for jschauma@mstdn.social account

Written by Jan Schaumann on 2025-01-23 at 16:34

System Administration

Week 1, Introduction

We cover all the meta info for the course, how System Administration fits into a Computer Science curriculum, our syllabus, systems used, grading policy etc. (There will be Venn diagrams...)

https://youtu.be/QJL5cNv9dJs

[#]sysadmin #sre #devops

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-22 at 17:24

This week, I'm again starting my #SysAdmin class where we focus on a lot of practical aspects commonly missing in Computer Science curricula. I'm running the same class as an internal study group at work as "Internet Operations".

The syllabus and all course info is available here:

https://stevens.netmeister.org/615/

All video lectures are public and available for free on YouTube:

https://www.youtube.com/@cs615asa/videos

Follow along! I'll be posting weekly links in this thread throughout the semester.

[#]sre #devops

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-22 at 02:11

On one of Trump's first day's most vile executive orders (hard to pick, I admit) -- the ending of #birthright #citizenship -- I'm seeing a lot of "oh, the courts are almost certainly not going to allow this", and I really don't think people have fully internalized the extent of the Republican corruption.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-22 at 01:51

When you #DKIM sign your mails, but the mailing list rewrites headers...

=> View attached media

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-21 at 21:41

Wait, the Ukraine war is still going on? How is that possible, it's been well over 24 hours by now.

So confused.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-20 at 15:14

Feels like today* is going to be a doom scrolling kind of day.

• and the at least 1460 days to come

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-20 at 14:57

The whole #TikTok thing doesn’t sit well with me at all, from gov banning foreign social media while US companies are selling the same data to data brokers, from the vague national security risks to tech leaders demurely kissing the ring of the dear leader.

TikTok played it smart by toadying Trump, but the precedent he now sets — promising to overrule a law passed by congress and affirmed by the supreme court — is incredibly dangerous and goes well beyond just this spat.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-20 at 00:36

Welp, Marc Andreessen sure has ideas and opinions, including the notion of being persecuted and not regarded as mankind's savior. He does not like that.

I think even Ross friggin' Douthat might think he's off his rocker in some parts.

https://www.nytimes.com/2025/01/17/opinion/marc-andreessen-trump-silicon-valley.html

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-18 at 21:09

djb takes a long look at some claims that quantum computers don't work. Quite detailed, with many good points (and pointers):

https://blog.cr.yp.to/20250118-flight.html

[#]pqc

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-17 at 21:59

Yep, yep. CISA is bracing for what's coming with Trump and Kristi Noem.

For example: "CISA employees and Biden administration officials expect the Trump team to kill Biden’s corporate responsibility initiatives."

https://www.wired.com/story/cisa-cuts-trump-2/

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-17 at 17:03

Reminder that the Public Suffix List has over 9,700 entries, with over 2,800 private domains (AWS alone has about 680 entries).

.jp domains are interesting, because apparently JPRS does geographical domain names down to

....JP

yielding almost 2K entries in the PSL.

It's the original xkcd random person in Nebraska.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-16 at 20:53

You know, I’d pay extra to get a product without AI.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-16 at 17:58

Whoof, this "Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity" is a lot of words:

https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

Notable:

"Within 120 days, publish #RPKI Route Origin Authorizations..."

"Within 180 days, enable encrypted DNS protocols..."

"Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable..."

"Within 270 days, establish a program to use advanced AI models for cyber defense."

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-15 at 23:19

Just spent 45 minutes groveling through 2,300 lines of bash completion gunk because apparently nowadays bash[1] will only tab-complete files based on filename "extension"[2] as if this was fucking MS-DOS.

Grrr.

[1] Well, this bash on this particular Linux version.

[2] E.g., "sh x" will only complete "x*.sh".

[#]LinuxGrievances

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-14 at 19:45

Anybody know whether the issue in CVE-2024-12084 is strictly within "rsyncd", or does this also affect "rsync --server --sender"?

If so, then that would impact a lot more deployments, i.e., those that depend on SSH as the transport.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-14 at 18:26

6 new CVEs in "rsync".

"In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on."

That would be CVE-2024-12084 (9.8) AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, a heap-based buffer overflow in rsyncd.

https://www.openwall.com/lists/oss-security/2025/01/14/3

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-13 at 19:33

I forgot where I read it it, but calling a company's "Data Privacy Policy" its "Data Exploitation Policy" exactly describes its purpose spot-on.

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-10 at 22:03

MFW people keep running into Kerckhoff's Principle and assume obscuring how a key is used will protect them.

=> View attached media

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-08 at 21:30

"/bin/sh: the biggest #UNIX security loophole", by James A. Reeds, 1984

https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf

All the tried and true ways to escalate privileges, including your common shell-out of setuid programs, PATH games, etc. with the conclusion we still see people having to learn repeatedly:

=> View attached media

=> More informations about this toot | View the thread

Written by Jan Schaumann on 2025-01-07 at 18:52

I was able to mentally disengage with the impending shit show about to rain down on everybody, but Jesus Fucking Christ, today it hits with full force.

Military action to take Panama Canal, tariffs to get Denmark to sell Greenland, "all hell will break out in the Middle East", and renaming the Gulf of Mexico to the Gulf of America.

Also not on my bingo card: "The windmills are driving the whales crazy."

I want to get off this ride.

https://www.nytimes.com/live/2025/01/07/us/trump-news#trump-panama-canal-greenland

=> More informations about this toot | View the thread

=> This profile with reblog | Go to jschauma@mstdn.social account