-
ukko
certbot defaults to automatically archiving all past certificates how many of you here actually purge that archive to ensure in case of breach that it can't be used to decrypt any past captured connections of your users? or is that something that shouldn't be worried about?
-
MattJ
Modern TLS ciphers use PFS, so past captured sessions can't be decrypted if the cert key is later compromised
-
nuegia.net
What about PBS?
-
nuegia.net
> raver: > 2024-08-16 10:03 (CDT) > But when there's a network outage this chip won't help either or am I wrong? WRONG!!!!!!!!!!!!
-
nuegia.net
Out of band Management is supposed to be on a separate network.
-
nuegia.net
Both for security and robustness
-
nuegia.net
Bmc is also used to provision bare metal for rent in big data centers
-
nuegia.net
Well, IPMI
-
nuegia.net
Which is implemented via openbmc
-
nuegia.net
> moparisthebest: > 2024-08-17 02:17 (CDT) > j4nk: that's literally a thing and it works great https://pikvm.org/ There are commercial options from Raritan. They make great PDUs and KVMoIP hardware
-
nuegia.net
And terminal servers are cheaper if you use unixes