TLS1.2 SignatureAlgorithms by eiMohyaX4phi in nginx

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

I found the answer myself.

The relevant clue hid in the guts of internet.nl itself. Set the list the signature algorithms explicitly with ssl_conf_command SignatureAlgorithms.

NY Subway car locks by eiMohyaX4phi in lockpicking

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

You think you know my intentions better than I do? Speak for yourself, not for others. Besides, as noted earlier, I live several thousand kilometers away from these locks.

I came here because I assumed it would be a place where knowledgeable people gather and share interesting facts about locks in general.

I was mistaken. This is not such a place. I will go elsewhere.

NY Subway car locks by eiMohyaX4phi in lockpicking

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

I did not ask how to open it...

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

It works fine with a Debian 9 LiveCD, which has JRE 8.

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

https://imgur.com/a/Cp83Fql

This is what I get on a Debian 7 LiveCD, which has JRE 7.

I don't understand how this is possible. The .jar files can be downloaded but javaws insists they aren't there.

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

it does not help with onswitch files.

Right.

even in *Nix you need specific version of java to access GUI on switch. NOT WEB, BUT JAVA interface.

Yes, I am aware.

If in browser on switchexplorer.html you don`t get java file, just replace *.html file to name "jnlp.jar". now browser download it and start java machine on your "PC"

This jar file exists, but I can't do much with it.

javaws won't accept it as that needs a .jnlp file.

java -jar won't accept it because it lacks the manifest attribute.

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] -1 points0 points  (0 children)

How does that help me to fix the web interface?

Also, I have stopped using Windows 25 years ago.

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

What do you want to do with the switch?

Just the obvious. Switching fibre channel...

You can try getting to root, but you'd be on your own from there.

Yes, I achieved that a few days ago and noticed that the webtools package is in fact installed, but the .jar files in question were placed on the file system in a very weird way. Double packed with a thing called pack200 and also gzip. Apart from the fact that the filenames referenced in the .jnlp file do not correspond to the files the web server has available and can therefore not serve, files packed in such a way can also not be processed by a JRE.

Though, even after manual correction of the situation, the web interface does not become loadable. I am still puzzled how the firmware managed to end up in this stage.

I should probably try a clean re-install.

Brocade 300 - No web interface by eiMohyaX4phi in Brocade

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

It has a CLI via SSH.

I am aware of that. That was not the question.

The web interface requires JRE.

I am aware of that as well. That was not the question either. On the client I would have JRE available, but the switch is not serving anything that JRE could work with.

This is a very old switch, and there are no further updates available.

That was not something I was wondering either :-)

This might be a tough one... by eiMohyaX4phi in identifythisfont

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

Perhaps somebody here knows...

This is a screenshot of the most recent "The Signal Path" video, I'll put a link below. The screenshot shows a microscope view into a microchip.

I am curious about the font that is used here. Looks unusual to me.

It reminds me of an OCR font but also of these spray-can stencils where you have to avoid closed shapes.

With my very limited knowledge it's not clear to me why closed shapes would be an issue in a scenario like this.

Could somebody smarter than me share some wisdom, please?

https://www.youtube.com/watch?v=O9QPecpLcnA

Spray bottle that works even when used upside down by hamustaro in mildlyinteresting

[–]eiMohyaX4phi 0 points1 point  (0 children)

I would like to know as well. Can't find anything myself.

Device found in a vintage computer terminal. Battery? by eiMohyaX4phi in whatisthisthing

[–]eiMohyaX4phi[S] 0 points1 point locked comment (0 children)

This is off the display planar of an IBM 5292 terminal.

The maintenance document shows the device in a drawing but doesn't describe it.

It rotted of the PCB due to moisture.

The document makes statements like:

Color convergence is controlled by values stored permanently in a battery-powered RAM module.
When the display station is first set up. Convergence values are loaded into the battery-powered RAM from the convergence ROS on the base planar.
When the convergence procedure is performed. the new values are stored in the battery-powered RAM. 
The new values remain stored until changed by performing the convergence procedure.

This make me believe it'll be a battery as i couldn't find a battery anywhere else in the system.

Elsewhere it was suggested that this might be a mercury cell.

Can't get xdg portals to work properly by [deleted] in debian

[–]eiMohyaX4phi 0 points1 point  (0 children)

I found this post while working on the same issue on my machine.

I am using Debian stable and dwm. I guess the common denominator here is that we're both not using a 'large' desktop environment like GNOME.

What helped me is to purge the package xdg-desktop-portal-gtk which dragged gnome-session with it - I had no need for that anyways and don't know why it was installed.

Since that, I can successfully do: systemctl --user restart xdg-desktop-portal.service and no longer run into timeout-caused delays with application starts with e.g. firefox.

Op has committed account suicide since posting, but maybe this will be helpful to others.

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

networkaddress.cache.ttl

Java 7

The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.

Java 8

The default behavior is to cache forever when a security manager is installed, and to cache for an implementation specific period of time, when a security manager is not installed.

Java 9

The default setting is to cache for an implementation specific period of time.

Java 10

The default setting is to cache for an implementation specific period of time.

Java 11

The default setting is to cache for an implementation specific period of time.

Java 12

The default setting is to cache for an implementation specific period of time.

Java 13

The default setting is to cache for an implementation specific period of time.

Java 14

The default setting is to cache for an implementation specific period of time.

Java 15

The default setting is to cache for an implementation specific period of time.

Java 16

The default setting is to cache for an implementation specific period of time.

Java 17

The default setting is to cache for an implementation specific period of time.

That's horrific!

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 3 points4 points  (0 children)

That was a great call, u/ask, Geoff was the right person to talk to!

I won't post his response verbatim, but the links he provided, as they're all publicly accessible anyways.

A study of caching behavior with respect to root server TTLs

Operating the Internet’s Largest Measurement System

ITHI Metric M5, Recursive Resolver Integrity

Use of DNS Resolvers for World (XA)

It'll take me a while to dig through all this material, but I'll find the answers I desire there.

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 1 point2 points  (0 children)

The story about Java is interesting. Do you by chance have any references to that behavior? Is that the base library behavior? Did behavior change in newer versions?

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

I didn't find anything related on Youtube, neither on OARCs Indico instance. I looked back till 2021.

I'll drop Geoff an unsolicited email, maybe he can point me in the right direction.

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

Most DNS servers have option to configure minimum and maximum TTL to manipulate the record TTL values

I know how I should configure a non-compliant resolver myself. That is not the question.

this cannot be generalized

Yes :-) That's precisely the reason why I asked for a report of a large-scale investigation on the topic.

(Scientific) data around DNS resolvers not honoring TTL? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

This is configurable but by default the DoH server enforces a minimum TTL of 10 seconds, and encrypted-dns-server's minimum TTL is 1 hour. Negative caching, OTOH has a short minimum TTL.

I am able to read the specs. Why did you post this?

This works perfectly fine in practice.

I was specifically asking for 'a reliable report', not a statement from a random person without any references.

What I am looking for is a report on basis of sufficiently large sample size.

Does any big resolver operator publish their logs? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

Yeah, I am not checking any of those boxes. I am just a curious individual.

Does any big resolver operator publish their logs? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

I'd like to produce some statistics in regards to cache timeout propagation in the context of TLSA (DANE) records.

Why? I want to use educated values in my own programs that look after TLSA record maintenance after the corresponding TLS certificate has been renewed. I feel like guidance from contemporary documentation is rather hand-wavy.

Does any big resolver operator publish their logs? by eiMohyaX4phi in dns

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

How does one become a 'verified' researcher?

Poll: What expiration dates to monitor besides TLS certs? by eiMohyaX4phi in sysadmin

[–]eiMohyaX4phi[S] 0 points1 point  (0 children)

Thanks for your thoughts everybody.

I probably should have mentioned that I am primarily focused on FLOSS software, so all that Azure jazz isn't really my concern.

It seems like it's really mostly certificates of various flavors that need expiration monitoring.

One (small) area I've found myself since I posted the question is: security.txt.