Notices by Romain Tartière 😈 (smortex@mamot.fr), page 2

New #FreeBSD #go problem with the ports anyway: my port use go modules, but I need to run `go generate` before building.

The port systems seems to have nothing built-in, and running `go generate` with the same environment as `go build` produce an error:

$GOPATH/go.mod exists but should not

If I strip the env, it downloads the source again.

Can someone point me to the good direction for fixing this?

Problem solved: the package needs 2 versions of the same dependency, and get them from 3 different repositories… The port infrastructure generates the same filenames for the 3 different sources, and therefore only extract a single source archive.

@bortzmeyer That make sense, and I have read something related here:
https://social.libre.fi/notice/9n5YZF1m0wbeCQRh2G

Thanks for the info!

@rootwyrm In my experience it's way better than "Yes, we know this issue since Windows 95. We hope to get it fixed for Windows XP". Some non-FLOSS vendor about 20 years ago (I was told that the problem still exist today, but I don't care anymore, I moved to something else).

@rootwyrm It happens that from all locations I tried, I got the real IP address from 8.8.8.8… I guess _your_ network is cheating on you… DoT / DoH would help here 😉.

@hirojin Yes, but no DNSSEC for this zone:
http://dnsviz.net/d/archive.fo/dnssec/

The zone has some issues BTW:
https://www.zonemaster.net/result/75f68b09a34bf49a

I tried to access this domain on a machine using 1.1.1.1 by incident, so maybe it's some invalid configuration that triggers some unexpected behavior and not a worldwide conspiracy 😉

@rootwyrm This is why we need trustworthy DoH servers 😉. But yes, defaulting to a lying one in the browser seems to be a terrible idea.

@bortzmeyer Yup, no DNSSEC for this domain name… so no source of trust…

Experimenting from different locations (so different ISPs), 1.1.1.1 always return the same (invalid) IP addresses. All other resolvers I try return [different but] valid IP addresses…

Meh, is #CloudFlare lying or is my ISP playing on me?

romain@zappy ~ % dig +short @1.1.1.1 archive.fo
127.0.0.3
romain@zappy ~ % dig +short @8.8.8.8 archive.fo
51.15.97.128

Current status: updating #Puppet to the latest release on #FreeBSD.

It's usually piece of cake, but today it turns out to be trickier than usual…

I guess most issues have been identified and worked around, but I still need to figure-out how to handle some of them in a not-too-ugly way.

3/3 — When configuring the DoT server, the certificate file must also include all intermediate certificates:

addTLSLocal("192.168.0.42", "example.com/fullchain.pem", "example.com/privkey.pem", { ocspResponses={"example.com-ocsp-response"}})

2/3 — When building the OCSP responses, the issuer is the intermediate certificate that signed the certificate, not the root one:

openssl ocsp -issuer example.com/chain.pem -cert example.com/cert.pem -text -url $(openssl x509 -noout -ocsp_uri -in example.com/cert.pem) -respout example.com-ocsp-response

1/3 ­— Playing with #dnsdist and #OCSP #stapling with #letsencrypt certificates. The documentation lacks details about intermediate certificates, so here are the results of my tests. Everything is logical but since there are a lot of moving parts, forgetting a step is easy.

@fireglow "Test probes"? In french we call this specific ones with a mix of english+french: "grip-fil" (grip-wire), but the generic "test probe" should help you find what you are looking for.

@Quenti Huhu, spoiler alert: avec une base de données, il y aura moyen de mettre plusieurs langues dans la même application, et choisir dans deux listes déroulantes la langue source et celle de destination (la case a cocher pour changer la "direction" de la traduction je trouve ça très confusant0…

Il faudra renommer le projet du coup, ce qui rends ce développement extrêmement compliqué (c'est dur de trouver des noms), donc si tu as des idées je veux bien que tu m'en fasse part 😉.

Passit: a password manager that looks great for the enterprise (where pass(1) might not be a solution because all employees do not use GPG and you have to share password because… enterprise products™):
https://passit.io/

#Passit #PasswordManager

@dch I have read they where recorded. We will have to wait a bit for them to be published…