Search
85 results for “pemensik”
-
@pemensik when a security researcher submits a report, only we can determine if this is a legitimate vulnerability and if so, whether it’s worthy of a CVE process. We can’t outsource this evaluation. That defeats the purpose of responsible disclosure.
Sharing embargoed information under NDA with organizations we have a business relationship with has been part of paid support services for as long as I can remember. This is a perfectly normal part of industry practices.
-
@pemensik when a security researcher submits a report, only we can determine if this is a legitimate vulnerability and if so, whether it’s worthy of a CVE process. We can’t outsource this evaluation. That defeats the purpose of responsible disclosure.
Sharing embargoed information under NDA with organizations we have a business relationship with has been part of paid support services for as long as I can remember. This is a perfectly normal part of industry practices.
-
@pemensik when a security researcher submits a report, only we can determine if this is a legitimate vulnerability and if so, whether it’s worthy of a CVE process. We can’t outsource this evaluation. That defeats the purpose of responsible disclosure.
Sharing embargoed information under NDA with organizations we have a business relationship with has been part of paid support services for as long as I can remember. This is a perfectly normal part of industry practices.
-
@pemensik when a security researcher submits a report, only we can determine if this is a legitimate vulnerability and if so, whether it’s worthy of a CVE process. We can’t outsource this evaluation. That defeats the purpose of responsible disclosure.
Sharing embargoed information under NDA with organizations we have a business relationship with has been part of paid support services for as long as I can remember. This is a perfectly normal part of industry practices.
-
@pemensik when a security researcher submits a report, only we can determine if this is a legitimate vulnerability and if so, whether it’s worthy of a CVE process. We can’t outsource this evaluation. That defeats the purpose of responsible disclosure.
Sharing embargoed information under NDA with organizations we have a business relationship with has been part of paid support services for as long as I can remember. This is a perfectly normal part of industry practices.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@itisiboller @jerry Ha ha, it seems more people came to "love" #resolved. I have created something similar. https://github.com/pemensik/unresolved
-
Good News! #Avahi development seems to be alive again! @pemensik from Red Hat has pushed the v0.9rc1 tag for the upcoming 0.9 release!
For us at #OpenPrinting a well-maintained Avahi is essentially important.
-
Finished backporting FreeIPA Encrypted DNS support to Fedora. It took several steps, as @pemensik had to do DoT and OpenSSL provider API support backport to Bind 9.18 first, then I had to fix upgrade code that switched our Bind setup from OpenSSL engine use to OpenSSL provider.
These fixes landed in Fedora 42 updates-testing and in Rawhide, the packages are pretty much the same as in CentOS 10 Stream. However, that means ansible-freeipa cannot install them due to ...
-
There are times when I hate any lack of appreciation of what I do and why I do it. It was today. Not saying more, had enough fights today.
-
I was thinking about installing #mastodon onto my server. But neither #fedora nor #centos package exists. Is there any reason for it? Is there license problem or just lack of volunteers preparing it? Not even updated image on quay.io. how should open source fan install it? Is docker the only supported option?
-
I have entered discussion about #california #parentalControl on @fedora
I think a lot of misinformation or misconception is flying around. I think the California is doing it *right* way and finally it is solution not selling anonymity for protection.It is a lot work to design it well and time is tight. But the concept it correct, OS should provide age group for it's user to apps. It doesn't need identification of the parent nor child IMO.
-
Watched @pid_eins #fosdem2026 presentation record about #Varlink. I think the idea is good, except it should use some binary protocol for communication between services. RFC 8949 #CBOR seems like excellent candidate. Text serialization is not necessary if human is never direct part of a pipeline. Data conversion is not slow, but not necessary between localhost- only services.
-
lwresd: how can be obsolete daemon reused for new features
Sunday 11:30 (Europe/Brussels), K.3.401https://fosdem.org/2026/schedule/event/GND79C-lwresd_revived/
#FOSDEM #FOSDEM26 #FOSDEM2026 #fahrplan @fosdem
Had my talk, could have been better. Unfortunately had no room for questions. If you have some, ask here!
-
Visited #CSNOG26 conference, it was great event. I had to disable #DNSSEC validation on their wifi network. Asked for a contact to local network admin to ask what is the implementation used. Surprise, they said #bind9. If you operate anything old enough capable of ``dnssec-enabled no;``, please don't use it anyway. Use ``dnssec-validation no;`` only. It will stop servfail caused by validation failures, but won't prevent validation at clients. Fix your forwarders or firewalls if that is not ok
-
RE: https://aus.social/@NickSchwanck/115884753669978581
Interesting. Never heard about this. It does refer to resistance assassinated "protector" #Heydrich in #OperationAnthropoid. The price was high however. Two complete villages with all people were massacred, including women and kids. Have memorial at #Lidice and #Ležáky. But why not, U.S. are becoming oppressors fast. Why not to adopt their dictionary too?https://commons.wikimedia.org/wiki/File:Lidice-pamatnik_detem.jpg
-
RE: https://aus.social/@NickSchwanck/115884753669978581
Interesting. Never heard about this. It does refer to resistance assassinated "protector" #Heydrich in #OperationAnthropoid. The price was high however. Two complete villages with all people were massacred, including women and kids. Have memorial at #Lidice and #Ležáky. But why not, U.S. are becoming oppressors fast. Why not to adopt their dictionary too?https://commons.wikimedia.org/wiki/File:Lidice-pamatnik_detem.jpg
-
RE: https://aus.social/@NickSchwanck/115884753669978581
Interesting. Never heard about this. It does refer to resistance assassinated "protector" #Heydrich in #OperationAnthropoid. The price was high however. Two complete villages with all people were massacred, including women and kids. Have memorial at #Lidice and #Ležáky. But why not, U.S. are becoming oppressors fast. Why not to adopt their dictionary too?https://commons.wikimedia.org/wiki/File:Lidice-pamatnik_detem.jpg
-
RE: https://aus.social/@NickSchwanck/115884753669978581
Interesting. Never heard about this. It does refer to resistance assassinated "protector" #Heydrich in #OperationAnthropoid. The price was high however. Two complete villages with all people were massacred, including women and kids. Have memorial at #Lidice and #Ležáky. But why not, U.S. are becoming oppressors fast. Why not to adopt their dictionary too?https://commons.wikimedia.org/wiki/File:Lidice-pamatnik_detem.jpg
-
RE: https://aus.social/@NickSchwanck/115884753669978581
Interesting. Never heard about this. It does refer to resistance assassinated "protector" #Heydrich in #OperationAnthropoid. The price was high however. Two complete villages with all people were massacred, including women and kids. Have memorial at #Lidice and #Ležáky. But why not, U.S. are becoming oppressors fast. Why not to adopt their dictionary too?https://commons.wikimedia.org/wiki/File:Lidice-pamatnik_detem.jpg
-
@pid_eins this clearly conflicts with previous declaration systemd-resolved is stub only, not a server. I expect networkd would not recommend non-systemd implementations? I can see this as #Dnsmasq replacement. But Dnsmasq never was a DNS stub client. Does this introduce systemd-dhcpd? Is there a plan to reimplement also radvd?
-
My #fosdem talk in #dns room got accepted! Great news for me, although I have a lot to do to present the potential I have already in my head. But not yet in the code! I want to work also on #avahi release. Well, I should relax and refresh at the same time. Combination of all that would not be a simple task. Merry Christmas everyone!
-
@sesivany yeah, it is lacking. But hardware tokens like Yubikey are still somehow supported. Much worse is support of key protected by #TPM2 chip. That is like non-existent on #Linux. Even though every Red Hatter has laptop with it's support. Why do you need token, when your device has secure storage built-in?
-
#Systemd #credentials system is relatively interesting thing. I lack some support for storing private keys in a format good for applications. Can it do #pkcs11 URI provider or #FIDO2 token authentication? It seems current implementation focuses on shared secrets - passwords. If we have integrated support with TPM2 chip, I think we should aim for #webauthn instead.
-
#Systemd #credentials system is relatively interesting thing. I lack some support for storing private keys in a format good for applications. Can it do #pkcs11 URI provider or #FIDO2 token authentication? It seems current implementation focuses on shared secrets - passwords. If we have integrated support with TPM2 chip, I think we should aim for #webauthn instead.