XMPP Service Operators - 2024-08-18


  1. ukko

    certbot defaults to automatically archiving all past certificates how many of you here actually purge that archive to ensure in case of breach that it can't be used to decrypt any past captured connections of your users? or is that something that shouldn't be worried about?

  2. MattJ

    Modern TLS ciphers use PFS, so past captured sessions can't be decrypted if the cert key is later compromised

  3. nuegia.net

    What about PBS?

  4. nuegia.net

    > raver: > 2024-08-16 10:03 (CDT) > But when there's a network outage this chip won't help either or am I wrong? WRONG!!!!!!!!!!!!

  5. nuegia.net

    Out of band Management is supposed to be on a separate network.

  6. nuegia.net

    Both for security and robustness

  7. nuegia.net

    Bmc is also used to provision bare metal for rent in big data centers

  8. nuegia.net

    Well, IPMI

  9. nuegia.net

    Which is implemented via openbmc

  10. nuegia.net

    > moparisthebest: > 2024-08-17 02:17 (CDT) > j4nk: that's literally a thing and it works great https://pikvm.org/ There are commercial options from Raritan. They make great PDUs and KVMoIP hardware

  11. nuegia.net

    And terminal servers are cheaper if you use unixes