✧✦Catherine✦✧Feb 27

I really hate dnsmasq. every once in a while I have a problem and some Linux guy tells me "just use PXE bro" and then I spend a hour configuring PXE that doesn't fucking work without displaying a single debug print and all of this is a complete waste of time.

the UI of dnsmasq is atrocious; if I wanted to be able to tweak every DHCP option I would use my TCP/IP stack to answer DHCP queries. just give me something that can boot a machine without four hours of twiddling with options that are required for correct operation yet nobody bothers to give them names better than "66"

Show thread✧✦Catherine✦✧Feb 27
I don't think there's been a single time in my life when I successfully PXE-booted something outside of a perfectly-controlled, utility-free environment with a crossover Ethernet cable
Show threadChris PetrilliFeb 27

@whitequark I did it once.

But I forgot how.

Show threadChris PetrilliFeb 27

@whitequark but seriously, though, it is doable, but man is it not fun.

Twitter's edge was PXE booted because everything that potentially handled clear-text traffic was not allowed to have any durable storage.

You get PXE and you get a TPM.

Show threadmei
@petrillic @whitequark does the firmware flash chip not count as durable storage?
Feb 27 at 5:58pmWeb
Show threadChris PetrilliFeb 27

@mei @whitequark let us hope that nobody is storing cleartext from TLS sessions in the firmware storage.

But certainly, yes, theoretically, it does.

Show threadmeiFeb 27
@petrillic @whitequark oh right im dumb forgot about what the threat model is here

new question: does the database server not "potentially handle cleartext traffic"?
Show threadChris PetrilliFeb 27

@mei @whitequark so I left out lots of details for varous reasons, but this was specifically about systems that were not under full physical control of the company. While we ran our own datacenters, we also had points of presence (POP) all over the world, often in colocation facilities where the security might not be quite up to our expectations.

It also helped deal with potential government seizure issues since we wouldn't likely get any notification from the colo provider, versus the experience in our own datacenters.

The systems (called TSA, Twitter Streaming Aggregator, if I recall the meaning) were the first line of unwrapping traffic for routing. It then got stuffed in an mTLS session to systems that were inside our datacenter.

So, keeping those keys as safe as possible was paramount.