Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Let's talk a bit about CA-based SSH and TOFU, because this is really why I hate the guts out of how SSH works by default (TOFU) and why I'm amazed that so few people even know about certificate-based SSH.
So for a while now I've been ogling CA-based SSH to solve the issues with key distribution and replacement. Because SSH does 2-way verification, this is relevant to both the host key (which changes on e.g. reinstallation) and user keys (ever replaced one? Yeah that's the problem).
So in my own network I've signed all my devices' host keys a few days ago (user keys will come later). And it works great! Except... Because I wanted to "do it right straight away" I signed only the ED25519 keys on each host, because IMO that's what all the keys should be using. My user keys use it, and among others the host keys use it too. But not by default, which brings me back to this error message.
If you look closely you'd find that the host key did not actually change. That host hasn't been replaced. What has been replaced however is the key this client got initially (i.e. TOFU at work) and the key it's being presented now. The key it's comparing against is ECDSA, which is one of the host key types you'd find in /etc/ssh. But RSA is the default for user keys so God knows why that one is being served... Anyway, the SSH servers apparently prefer signed keys, so what is being served now is an ED25519 key. And TOFU breaks and generates this atrocity of a warning.
This is peak TOFU at its worst really, and with the CA now replacing it I can't help but think that this is TOFU's last scream into the void, a climax of how terrible it is. Use CA's everyone, it's so much better than this default dumpster fire doing its thing.
PS: yes I know how to solve it. Remove .ssh/known_hosts and put the CA as a known host there instead. This is just to illustrate a point.
Also if you're interested in learning about CA-based SSH, check out https://ibug.io/blog/2019/... and https://dmuth.org/ssh-at-scale-cas-... - these really helped me out when I started deploying the CA-based authentication model.
19 -
I am amazed at human stupidity.
I always enjoyed the idea of DevOps: to use virtual machines and constant integration in order to avoid errors and free the developers of hard-to-setup environments and somehow-it-works compilations.
I am amazed how [company I used to work for] managed to turn this into a nightmare.
Just imagine: silent forests, the smell of flowers, no developer trust to the point your devs can’t either make docker environments cause reasons nor they can access your actual machines programmatically because they are filthy peasants, forcing them to do everything manually: every deployment will be a frustrating editing process which takes up to an hour, but here lies the trick... it will still have continuous integration... or better: every feature will be deployed as if it was a release.
The true peak of illumination:
Turning a tool into a disease.
Take a sip of tea, manager... you deserve it.
Just thought about this job because I keep being tempted to just start my own company. The more I think about it, the less being employed makes sense, given my end goal.2 -
Here, a full retrospective of my Apple products ownership.
iPhone SE – after Android, I was absolutely amazed by how fast it worked. No UI lags, camera works absolutely instantly no matter the light conditions, all the GPU-heavy games work butter smooth.
After camera and charging port failures on Xperia flagship and CPU literally melting through screen rendering it unusable on Meizu, it was enough to make me interested in Apple products.
When I was using Meizu, I actually got a twitching eye which was triggered by UI lags. After two months of using iPhone, I noticed that something was missing – my eye wasn't twitching anymore.
iPhone actually cured me.
MacBook 12 – a 900 grams laptop with passive-cooled mobile CPU running many Chrome tabs, heavy Webpack HMR build, VSCode and Slack just fine. Yes, you can't play games, but I don't even require it from a laptop this tiny.
Butterfly keyboard that internet hates so much actually increased my typing speed and comfort compared to MX Red mechanical keyboard, and ForceTouch trackpad made me forget about mouse. I learned how to disassemble the Butterfly keyboard if I ever need this but the keyboard never failed.
I use this laptop to this day and it still even smells like the day one, a beautiful smell of a new Apple product.
iPhone X – got it because of the camera, stayed for great battery life and amazing OLED display. I use telephoto lens exclusively and it made me lay off my Canon DSLR with Helios lens which stays on my bookshelf covered in dust to this day.
True black of OLED display which is undistinguishable from the screen bezel is stunning. To this day, battery surely works for one and a half days and I watch youtube really often.
I sometimes struggled to unlock iPhone SE with wet fingers, but with FaceID, as soon as I look at the screen the phone is unlocked. Works perfect every time, never had an issue with this.
Stainless steel body feels premium compared to aluminum. Stereo sound is a major selling point if you're like watching videos and playing games on your phone. Overall amazing product and a huge improvement over SE.
Apple Watch series 4 – really comfortable fit. Nice battery life, once I forgot about it for like ten days during lockdown and it was still working, even though on power reserve mode. Really reliable in terms of battery life and liquid protection. Very satisfying Taptic Engine crown clicks. I run every day and Apple watch always measure my heart rate correctly, and the running app is well designed and a pleasure to use. Overall a nice accessory to have if you use iPhone.
Powerbeats Pro – great sound and battery life. I switched from Shure SE215 which was great, but it had wires. I listen to a lot of music so the sound quality is important for me. When I was choosing earphones I visited a store where you can listen to them all. I listened through earphones like Noble Audio Kaiser Encore and JH Audio Layla, and of course $4000 Laylas sound better than $249 bluetooth earphones, but the difference in sound doesn't justify the difference in price to me.
Powerbeats pro is the Apple H1 chip true wireless earphones with largest driver of them all which makes them sound better than AirPods Pro – it's just physics. Bass in Powerbeats is amazing, which is also true for my Shures, but Powerbeats also win in clarity.
It connects seamlessly to both my MacBook and my iPhone, and everyone in voice chats can hear me really good.
Huge case is a major throwback compared to AirPods, but the battery life of earphones themselves is so great that I just leave the case at home and only carry earphones and it works for me.
Apple Link bracelet in space black – really better than I expected. Intricate detailing, literally the steel that Rolex uses, top-notch finishing and polishing – all that for just 450 dollars. I only used it for several days now, but it already feels like a really satisfying product.
Before all that I was using Linux. It took a year for elementaryos devs to fix wifi for my laptop. Ubuntu looks and feels ugly. Pop OS felt like garbage. Manjaro was also just that – garbage. KDE Plasma – I don't even want to talk about that. A monstrocity where you accidentally click a wrong switch in the settings and your system won't boot up again. Also, PulseAudio. Struggles with proprietary drivers and software updates.
Windows? I serviced a lot of Windows PCs through my career and it never, never worked as intended. I'm no dumbass, I always managed the rights correctly and never installed sketchy apps. My latest ryzen gaming build with a lot of ram also lags somehow even in Windows 10 UI.
Before I switched, I defended Linux.
My life was a lie.
I'm sorry to everyone who I offended based on their opinion on Linux.33 -
How I got my first Free Swag?
I stole it?
Obviously no,
So it dates back to year 2016. After learning about open source project and working with few organisations, I noticed few contributors and developers with t shirts having logo of the company or organisation.
I mean if you see a guy wearing google tagged t shirt don't think he works in Google, he might have purchased it.
Next, I started searching for ways to obtain one. I reached and texted developers and all they told me were two golden rules.
1. If you develop something or update something, showcast it.
2. Always show the organisation what you do for them, even if it small contribution.
After this I started mailing and texting the contact mail id of companies and organisation I worked and contributed. Some texted me- no we don't have free items, some said we can't ship to India.
But out of 100 replies with 85 negatives, I recieved 15 positive replies. I was amazed to know that I'll recieve one.
You know what I was showered with
Stickers
T shirts
Laptop skins
Keychains
And many more.....
This Rant is for you to motivate and showcast what you do.2 -
I love this weekly group rant, it made me think back when my mom started to work in a kindergarten and she used to take me to work when i was 4-7 years old ('94 - '97).
There was this "TV" and all the kids used to smash the buttons on it. It also played sound, but there was always a lot of kids there so I was shy to ask them if I push the buttons too. But I was the teachers son, so I didn't had to sleep in the afternoon, and then I discovered this computer thing I was amazed, it was like nothing I saw before, you push it and it does what you pushed and, *_* this smiley is exactly me back then. It was probably an old commodore with green text on the black screen. It was the moment when I decided to get more information about this wonder.
In elementary school (around '98) we had this computer room and as I was one of the best students back then I was granted access to it. It was a huge success in a post communist country to get money for new computers to teach us kids to use them back then, so only the chosen ones could use them, and I was one of them, one of the best time time of my life, honestly. At this moment I knew for sure, I want one and when I grow up I gonna work with them. I had no idea what you can do with it but every adult is talking about how well paid are the people who use them at work. :D it sounds funny now
In '89 or '99 we visited our family in a town far away. My grandfathers sisters boyfriend had a computer and he said, look I also have internet. This face again *_* what the hell is internet. So he explained me this internet thing which "makes all computers connected, but you have to pay for it and it kinda works like wired phones you know. Here you put the address and you can open the website"
me: website, whoooa *_*
8-9 year old clever me: "but how do you know what are the addresses, do you have a phonebook for these addresses?"
he showed me google, and a slovak and czech search engine, I remember searching for "funny pictures" on the slovak search engine, because I was thinking If I search google, its english so he would pay too much :D
I didn't had a computer until I was 13 years old, but then I started to messing with Microsoft Front Page 2003, was amazed with the html and css generated by it and started to editing it.
Now Im a front end web dev
Top Tags
Weekly Rant
View