Exagone313 :calim: boosted
LOL. " #GRSecurity violates both the Linux kernel's copyright and the #GCC #copyright by forbidding redistribution of the patches (in their Access Agreement): which are non-seperable derivative works of the kernel and (in the case of the GCC plugins) GCC. Yes: threatening consequences if a licensee redistributes is a restraint on the "rights" given by the original copyright owners. Those "plugins" he is talking about as-well as the kernel patch violate the GPLv2. The GPLv2 FORBIDS adding additional clauses not-within the GPL between the derivative-licensee and the down-the-line licensee. Bradly Spengler / OpenSourceSecurity are violating this stipulation, blatantly, in writing. They are also violating the "no additional restrictions" stipulation in the GPLv2. They ARE violating the Linux and the GCC copyright." https://www.youtube.com/watch?v=rv3a2tzUTn4

@Lapineige Je viens de lire les autres commentaires - en EFI ça devrait passer si grub est installé sur un autre binaire que celui de windows, tu auras deux entrées dans l'UEFI.

@Lapineige Le mieux est d'utiliser deux disques, comme ça windows ne touche qu'à son bootloader. Il me semble que les mises à jour majeures de windows réécrivent le bootloader du disque donc adieu le grub sans être syadmin.

Exagone313 :calim: boosted

I now know what to reply when asked why I don't use semicolons in JS

RT @joelnet@birdsite.monster

🤔 I couldn't decide on whether to use TABS or SPACES so I went with semi-colons🤪

🐦🔗: twitter.com/joelnet/status/129

Exagone313 :calim: boosted

Qu'on m'amène le scénariste !

RT @libe@twitter.com

La nouvelle ministre déléguée a démissionné de son mandat de députée pour empêcher son suppléant, mis en examen pour trafic de drogue, de siéger à l’Assemblée
#Remaniement bit.ly/2ZMwUZR

🐦🔗: twitter.com/libe/status/128054

@LaurentChemla
végé ça va encore, ça me donne envie de me faire des pizzas
* 3-4 fromage avec roquette fraîche
* pesto, mozzarella, champignons et après cuisson tranches de tomates et roquette
* tomate, mozzarella, champignons, aubergine

Exagone313 :calim: boosted

@sebsauvage J'ai déjà fait ça plusieurs fois (sans renommer les subvolumes, pas besoin).

Exagone313 :calim: boosted

YOLO!
Changement d'OS complet sans faire de backup.

J'ai juste renommé les sous volumes #btrfs @ (monté sur /) et @home (monté sur /home)

Comme ça je pourrais aller récupérer les fichiers de l'ancienne installation si besoin.

I ❤️ btrfs

@devnull Y a même des fansubs où ils omettent les traductions des phrases les plus communes. 😂

@devnull Sinon, avec les fansubs d'animés en anglais, je remarque que ce n'est pas toujours fait par un anglophone.
Très souvent l'usage de "because of (someone)" plutôt que "thanks to (someone)" quand c'est positif.

Exagone313 :calim: boosted

Hey, I'm looking for an Ingress for Kubernetes thas is built to be secure and to be used on self-hosted ("on-premise") clusters.

It must:

* Use certificates from secrets in another namespace (specified in advance) if possible without having access to all secrets in all namespaces
=> Those are wildcard Let's Encrypt certificates managed by cert-manager (until I find another application that doesn't read secrets of whole namespace), I want to deploy multiple applications and to re-use wildcard certificates.
=> I don't want to copy the certificates in multiple namespaces.
=> bye ingress-nginx, traefik or anything relying on the Ingress resource, not supporting that feature on purpose for "security" reasons that are never explained (tell me what I'm missing in RBAC).

* Offer a way to upgrade without any downtime on any connection (although I'll never notice that in my current setup), while using hostPort for ports 80 and 443 (just like I can do with nginx on host)
=> I don't want to use firewall rules on the host to redirect on a NodePort, unless you prove me there is no other way and it is a good practice (I don't want to loose source IP so it would be SNAT?).
=> Since I bind on host ports 80/443, I can't use rolling update, so it needs to update inside the container itself without restart.
=> Maybe it's possible to use SO_REUSEADDR to be able to run multiple pods on the same port?

* Be easy to use with a PodSecurityPolicy.
=> not with a lot of deployments with different service accounts

I'm starting to brainstorm that project since there is no solution to my madness :)

Exagone313 :calim: boosted

J’ai une question tout à fait sérieuse qui survient en rédigeant un article de blog… SVP, pas de troll… […]

Exagone313 :calim: boosted

You want digital sovereignty? Than you have to chose Free Software! Otherwise you will never be in control and for example other might decide if it is worth supporting your mother language. #DigitalSovereignty #FreeSoftware

@matrix

User policy for allowing access to a single bucket:

{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${aws:username}"
]
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${aws:username}/*"
]
}
]
}

Show more
Exagone313's Mastodon instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!