cert-manager maintainter chiming in to say that yes, cert-manager should support IP address certs - if anyone finds any bugs, we'd love to hear from you! We also support ACME profiles (required for short lived certs) as…
As an active maintainer of cert-manager (which is CNCF graduated), I can shed some light here. It's not just "give away trademarks for nothing"! The CNCF pays for cert-manager's testing, web hosting and infrastructure…
They might try - that's why it's important if you're generating + committing generated code that you also have a CI step that runs before merging anything which ensures that the generated code is up-to-date and rejects…
Plug (but it's open source and free - and mentioned in the article!): We've been trying to address this in Kubernetes with trust-manager. [1] Trust bundles need to be a runtime concern and they need to support trusting…
Having the communication in cleartext also makes it much easier for attackers to interfere with! Sure, they can't modify the .deb without failing signature verification, but they _can_ inject arbitrary delays in…
This is super interesting; we had a fairly long discussion about whether or not to add this action to cert-manager[1], and ended up rejecting it in part because it increased the risk of supply-chain attacks and that…
This mirrors my experience, too. Building a simple RPM isn't too bad, even if spec files are a little arcane. Packaging for the AUR isn't super complicated as far as I've seen. The "standard" way to build even the…
Do you have an example of a situation where a problem in systemd required you to patch the source and recompile, or are you just making a general statement? Specifically a problem that couldn't be fixed by changing…
I currently have a messy side project[1] where I'm writing bare-metal RISC-V machine code (i.e. writing in hex after assembling instructions by hand) targeting the SiFive HiFive1. QEMU is handy for testing since it…
As others have said, if you're gonna be reaching that kind of timeout, the use case would come under this caveat I mentioned: > assuming the task isn't hugely inappropriate We have a couple of cases where reasonably…
My experience with serverless (mostly AWS Lambda) is that I've found 3 major use cases where it's been a very successful choice: 1. as a cron-style job (e.g. download a file every hour and put it in S3, or connect to a…
I've been thinking about this sort of thing a lot recently in terms of our heavy use of Troposphere[1] which is a Python abstraction over AWS CloudFormation and how much better that abstraction is than just writing HTML…
I was happy with Namecheap until they redesigned their website and included a tonne of JS which slowed everything down. Doing something as simple as changing an A record became unbearably sluggish, and I tend to think I…
The Economist has been editorially pro-legalization of cannabis for a long time so any propagandizing agenda you think you're "sensing" just isn't there; in fact their agenda is literally the complete opposite of what…
There are proposals to add generics soon: https://go.googlesource.com/proposal/+/master/design/go2draf... It's not a question of whether or not it's easy or hard; it's definitely technically doable. It's a question…
At the BBC we use mutual TLS extensively in our cloud-deployed applications, across a lot of developers and different teams, for both service-to-service and developer-to-service auth (all devs get a client cert). It…
At least one tiling Wayland WM already exists, as a drop-in replacement for i3: http://swaywm.org/ Hopefully your fears are sufficiently alleviated by that! I suspect you've got a mistaken idea about what Wayland…
If you're on Android, you can do this today with Termux. I believe you can also set up shortcuts (so you could have a home screen widget to open your TXT file).
The article linked in this post directly addresses (3) as being an absolute non-issue spread by FUD, and the whole article is about (4) being very probably untrue. It also goes into solid detail on the extent of (1) and…
I'm not sure there's any obligation on the author of this article; if there's any, it's on the party that authorised the document to be released in the state it's in. You can be sure that the high-level "bad guys" (for…
You can get the same amount of "bits" of security with EC as you can with RSA for sure if you choose the right parameters. There are also EC implementations (Ed25519 being an excellent example) which are incredibly…
cert-manager maintainter chiming in to say that yes, cert-manager should support IP address certs - if anyone finds any bugs, we'd love to hear from you! We also support ACME profiles (required for short lived certs) as…
As an active maintainer of cert-manager (which is CNCF graduated), I can shed some light here. It's not just "give away trademarks for nothing"! The CNCF pays for cert-manager's testing, web hosting and infrastructure…
They might try - that's why it's important if you're generating + committing generated code that you also have a CI step that runs before merging anything which ensures that the generated code is up-to-date and rejects…
Plug (but it's open source and free - and mentioned in the article!): We've been trying to address this in Kubernetes with trust-manager. [1] Trust bundles need to be a runtime concern and they need to support trusting…
Having the communication in cleartext also makes it much easier for attackers to interfere with! Sure, they can't modify the .deb without failing signature verification, but they _can_ inject arbitrary delays in…
This is super interesting; we had a fairly long discussion about whether or not to add this action to cert-manager[1], and ended up rejecting it in part because it increased the risk of supply-chain attacks and that…
This mirrors my experience, too. Building a simple RPM isn't too bad, even if spec files are a little arcane. Packaging for the AUR isn't super complicated as far as I've seen. The "standard" way to build even the…
Do you have an example of a situation where a problem in systemd required you to patch the source and recompile, or are you just making a general statement? Specifically a problem that couldn't be fixed by changing…
I currently have a messy side project[1] where I'm writing bare-metal RISC-V machine code (i.e. writing in hex after assembling instructions by hand) targeting the SiFive HiFive1. QEMU is handy for testing since it…
As others have said, if you're gonna be reaching that kind of timeout, the use case would come under this caveat I mentioned: > assuming the task isn't hugely inappropriate We have a couple of cases where reasonably…
My experience with serverless (mostly AWS Lambda) is that I've found 3 major use cases where it's been a very successful choice: 1. as a cron-style job (e.g. download a file every hour and put it in S3, or connect to a…
I've been thinking about this sort of thing a lot recently in terms of our heavy use of Troposphere[1] which is a Python abstraction over AWS CloudFormation and how much better that abstraction is than just writing HTML…
I was happy with Namecheap until they redesigned their website and included a tonne of JS which slowed everything down. Doing something as simple as changing an A record became unbearably sluggish, and I tend to think I…
The Economist has been editorially pro-legalization of cannabis for a long time so any propagandizing agenda you think you're "sensing" just isn't there; in fact their agenda is literally the complete opposite of what…
There are proposals to add generics soon: https://go.googlesource.com/proposal/+/master/design/go2draf... It's not a question of whether or not it's easy or hard; it's definitely technically doable. It's a question…
At the BBC we use mutual TLS extensively in our cloud-deployed applications, across a lot of developers and different teams, for both service-to-service and developer-to-service auth (all devs get a client cert). It…
At least one tiling Wayland WM already exists, as a drop-in replacement for i3: http://swaywm.org/ Hopefully your fears are sufficiently alleviated by that! I suspect you've got a mistaken idea about what Wayland…
If you're on Android, you can do this today with Termux. I believe you can also set up shortcuts (so you could have a home screen widget to open your TXT file).
The article linked in this post directly addresses (3) as being an absolute non-issue spread by FUD, and the whole article is about (4) being very probably untrue. It also goes into solid detail on the extent of (1) and…
I'm not sure there's any obligation on the author of this article; if there's any, it's on the party that authorised the document to be released in the state it's in. You can be sure that the high-level "bad guys" (for…
You can get the same amount of "bits" of security with EC as you can with RSA for sure if you choose the right parameters. There are also EC implementations (Ed25519 being an excellent example) which are incredibly…