vsis

tl;dr - If a project has been forked or is a fork, you can bruteforce short commit id to see commits from other projects. It doesn't matter if those projects were deleted or made private.

I want a centralized way to manage keys and secrets. And some service users with little privileges over a subset of the secrets. Ideally, a service user only should be able to read its own subset of secrets. So, let's say, if a container gets pwned it will only read its secrets and no more. It should be FOSS and self-hostable.

And a beautiful nice-to-have feature would be access log, to know who read what and when.

My only experience with something similar is Hashicorp Vault, but I don't want to be near any Hashicorp stuff ever again.

Do you know a FOSS alternative to Vault?

cross-posted from: https://feddit.cl/post/3171211

Estos wnes están así 🤏 de hacerme comprar una laptop risc-v.

cross-posted from: https://feddit.cl/post/3120695

My unfunded speculation is that this will quite expensive and a bit hard to boot other thing different that Ubuntu.

Había abandonado el RISC-V-posting.

Lo único malo de esa laptop, es que no estoy viendo la manera fácil de no usarla con Ubuntu.

Quizás hay que esperar a que otros OS le den soporte o al menos publiquen una imagen booteble.

I have no idea how to do full-disk-encryption with NetBSD in UEFI systems.

Closest thing I can do is plain-text rootfs and encrypted /home, /var, /usr and swap. So, it's secure enough if my laptop get lost or stolen.

I wrote a post about how I do that.

If anyone can guide me to a rootfs on CGD or LVM, I'd appreciate that.

cross-posted from: https://infinitychuu.xyz/objects/6cd4b73e-bad5-4384-a529-448070a434de

Gracias @kde por las empanadas. Estaban muy buenas.

Sauce: https://fedidb.org/popular-fediverse-accounts?page=1

My laptop is working just fine. It's from 2018 and it has an NVME drive.

It has an EFI boot partition and other partition with LUKS and LVM on top of that.

Since this week I see these logs from time to time:

Mar 07 17:31:14 almendra kernel: pcieport 0000:00:1d.6: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID)
Mar 07 17:31:14 almendra kernel: pcieport 0000:00:1d.6:   device [8086:34b6] error status/mask=00000001/00002000
Mar 07 17:31:14 almendra kernel: pcieport 0000:00:1d.6:    [ 0] RxErr                  (First)
Mar 07 17:31:14 almendra kernel: pcieport 0000:00:1d.6: AER:   Error of this Agent is reported first
Mar 07 17:31:14 almendra kernel: nvme 0000:02:00.0: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID)
Mar 07 17:31:14 almendra kernel: nvme 0000:02:00.0:   device [8086:0975] error status/mask=00000001/00002000
Mar 07 17:31:14 almendra kernel: nvme 0000:02:00.0:    [ 0] RxErr                  (First)

The devices are:

$ lspci -vv | grep 1d.6
00:1d.6 PCI bridge: Intel Corporation Device 34b6 (rev 30) (prog-if 00 [Normal decode])

$ lspci -vv | grep 02:00.0
02:00.0 Non-Volatile memory controller: Intel Corporation Optane NVME SSD H10 with Solid State Storage [Teton Glacier] (prog-if 02 [NVM Express])

The laptop works like always, but I have the impression that the NVME drive is telling me something bad.

It happens from time to time:

$ journalctl --since yesterday | grep -c "nvme 0000:02:00.0: PCIe Bus Error: severity=Corrected, type=Physical"
9

Do you know what does it mean?

Hello. Let's say I want to selfhost an email server (smtp + imap) that only will be used to receive email.

I only will send email internally (from my domain to my domain) and receive from 3rd parties.

Should I setup DKIM, DMARC, SPF and reverse IP lookup?

To be honest, I'm having a bit of hard time understanding the madness of email authentication. So I can't figure it out by myself if those mechanisms are needed in my case.

I haven't deployed anything, but probably will use Stalwart. It looks like it's easy to deploy. Is there any other beginner-friendly email service I should read about?

Thanks!

So this year I grew some tomatoes for the first time. They were small but tasty.

In November they began to die, so I cut all dry/dead parts and they got better. But they still look very unhealthy.

Do tomatoes survive the winter? Does it make sense to keep watering them? Like once a week, when it doesn't rain.

Or maybe I should let them die and seed again next spring?

(Ignore the dog. She refuses to let me alone in the balcony lol)