Exagone313 
@Exagone313@share.elouworld.org
Admin
French #web developer & #sysadmin
#programming #infosec
Arch Linux 
i3-gaps 
neovim
Joined Apr 2017
Exagone313
boosted
boosted
LOL. " #GRSecurity violates both the Linux kernel's copyright and the #GCC #copyright by forbidding redistribution of the patches (in their Access Agreement): which are non-seperable derivative works of the kernel and (in the case of the GCC plugins) GCC. Yes: threatening consequences if a licensee redistributes is a restraint on the "rights" given by the original copyright owners. Those "plugins" he is talking about as-well as the kernel patch violate the GPLv2. The GPLv2 FORBIDS adding additional clauses not-within the GPL between the derivative-licensee and the down-the-line licensee. Bradly Spengler / OpenSourceSecurity are violating this stipulation, blatantly, in writing. They are also violating the "no additional restrictions" stipulation in the GPLv2. They ARE violating the Linux and the GCC copyright." https://www.youtube.com/watch?v=rv3a2tzUTn4
@simula
ls /usr/share/icons/hicolor/*/apps/steam.png
@Lapineige (attention à bien utiliser gpt et pas mbr/msdos)
@Lapineige Je viens de lire les autres commentaires - en EFI ça devrait passer si grub est installé sur un autre binaire que celui de windows, tu auras deux entrées dans l'UEFI.
@Lapineige Le mieux est d'utiliser deux disques, comme ça windows ne touche qu'à son bootloader. Il me semble que les mises à jour majeures de windows réécrivent le bootloader du disque donc adieu le grub sans être syadmin.
@Lapineige J'ai ça dans un coin, je sais pas ce que ça vaut https://github.com/10se1ucgo/DisableWinTracking
Exagone313
boosted
boosted
I now know what to reply when asked why I don't use semicolons in JS
RT @joelnet@birdsite.monster
🤔 I couldn't decide on whether to use TABS or SPACES so I went with semi-colons🤪
Exagone313
boosted
boosted
Qu'on m'amène le scénariste !
RT @libe@twitter.com
La nouvelle ministre déléguée a démissionné de son mandat de députée pour empêcher son suppléant, mis en examen pour trafic de drogue, de siéger à l’Assemblée
#Remaniement https://bit.ly/2ZMwUZR
@LaurentChemla
végé ça va encore, ça me donne envie de me faire des pizzas
* 3-4 fromage avec roquette fraîche
* pesto, mozzarella, champignons et après cuisson tranches de tomates et roquette
* tomate, mozzarella, champignons, aubergine
Exagone313
boosted
boosted
Holy shit, Jeff Bezos is not *rich*, he is... owning us all. https://t.co/lFRYzdTvRi
@sebsauvage Sinon il y a l'approche de Bedrock Linux https://bedrocklinux.org/
@sebsauvage J'ai déjà fait ça plusieurs fois (sans renommer les subvolumes, pas besoin).
Exagone313
boosted
boosted
YOLO!
Changement d'OS complet sans faire de backup.
J'ai juste renommé les sous volumes #btrfs @ (monté sur /) et @home (monté sur /home)
Comme ça je pourrais aller récupérer les fichiers de l'ancienne installation si besoin.
I ❤️ btrfs
@devnull Y a même des fansubs où ils omettent les traductions des phrases les plus communes. 😂
@devnull Sinon, avec les fansubs d'animés en anglais, je remarque que ce n'est pas toujours fait par un anglophone.
Très souvent l'usage de "because of (someone)" plutôt que "thanks to (someone)" quand c'est positif.
Exagone313
boosted
boosted
Hey, I'm looking for an Ingress for Kubernetes thas is built to be secure and to be used on self-hosted ("on-premise") clusters.
It must:
* Use certificates from secrets in another namespace (specified in advance) if possible without having access to all secrets in all namespaces
=> Those are wildcard Let's Encrypt certificates managed by cert-manager (until I find another application that doesn't read secrets of whole namespace), I want to deploy multiple applications and to re-use wildcard certificates.
=> I don't want to copy the certificates in multiple namespaces.
=> bye ingress-nginx, traefik or anything relying on the Ingress resource, not supporting that feature on purpose for "security" reasons that are never explained (tell me what I'm missing in RBAC).
* Offer a way to upgrade without any downtime on any connection (although I'll never notice that in my current setup), while using hostPort for ports 80 and 443 (just like I can do with nginx on host)
=> I don't want to use firewall rules on the host to redirect on a NodePort, unless you prove me there is no other way and it is a good practice (I don't want to loose source IP so it would be SNAT?).
=> Since I bind on host ports 80/443, I can't use rolling update, so it needs to update inside the container itself without restart.
=> Maybe it's possible to use SO_REUSEADDR to be able to run multiple pods on the same port?
* Be easy to use with a PodSecurityPolicy.
=> not with a lot of deployments with different service accounts
I'm starting to brainstorm that project since there is no solution to my madness :)
Exagone313
boosted
boosted
J’ai une question tout à fait sérieuse qui survient en rédigeant un article de blog… SVP, pas de troll… […]
Exagone313
boosted
boosted
You want digital sovereignty? Than you have to chose Free Software! Otherwise you will never be in control and for example other might decide if it is worth supporting your mother language. #DigitalSovereignty #FreeSoftware
User policy for allowing access to a single bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${aws:username}"
]
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::${aws:username}/*"
]
}
]
}
Admin
French #web developer & #sysadmin
#programming #infosec Arch Linux i3-gaps neovim
Joined Apr 2017
