Malte Stretz

@[email protected]
82 Followers
340 Following
233 Posts
Random networking and other IT foo with a whiff of social politics
Pronounshe/him
Websitehttps://msquadrat.de
GitHubhttps://github.com/mss
Malte Stretz22h ago

The new (?) Wiz controls wc-id-3203 and wc-id-3204 are gold: "compute instances using non-PQC compliant SSH public/authorized keys".

The recommended remediation hallucinates ssh-ed25519 to be a hybrid key (nope https://datatracker.ietf.org/doc/draft-sun-ssh-composite-sigs/) and that the non-hybrid variant will be called ssh-ml-kem-768 (also nope https://datatracker.ietf.org/doc/draft-sfluhrer-ssh-mldsa/).

The support obviously also gets their replies from some LLM which confuses key exchange and signature algorithms. Even when pointed to https://www.openssh.org/pq.html

Composite ML-DSA Signatures for SSH

This document describes the use of PQ/T composite signatures for the Secure Shell (SSH) protocol. The composite signatures described combine ML-DSA as the post-quantum part and the elliptic curve signature schemes ECDSA, Ed25519 and Ed448 as the traditional part.

IETF Datatracker
Malte Stretz4d ago
Arne Brasseur4d ago

It's clear that AI assisted coding is dividing developers (welcome to the culture wars!). I've seen a few blog posts now that talk about how some people just "love the craft", "delight in making something just right, like knitting", etc, as opposed to people who just "want to make it work". As if that explains the divide.

How about this, some people resent the notion of being a babysitter to a stochastic token machine, hastening their own cognitive decline. Some people resent paying rent to a handful of US companies, all coming directly out of the TESCREAL human extinction cult, to be able to write software. Some people resent the "worse is better" steady decline of software quality over the past two decades, now supercharged. Some people resent that the hegemonic computing ecosystem is entirely shaped by the logic of venture capital. Some people hate that the digital commons is walled off and sold back to us. Oh and I guess some people also don't like the thought of making coding several orders of magnitude more energy intensive during a climate emergency.

But sure, no, it's really because we mourn the loss of our hobby.

Show threadMalte StretzMar 18

@dlakelan Found it, it was already two years since I ran into that issue again https://norden.social/@mss/112087733854384530

Looks like shorty after I re-fixed it on my side (via `bridge-mcsnoop no`) some discussion started on the bug again. Maybe @T_X recent work will fix it as a side effect?

Malte StretzMar 18

Looks like FFDHE is broken in combination with TLSv1.3 in OpenJDK (https://bugs.openjdk.org/browse/JDK-8377159), causing handshake failures for approximately 0.4% of all TLS connections. Fun to debug.

Which shouldn't be an issue since nobody really uses FFDHE because Elliptic Curves are a lot more efficient.

*F5 enters the room* https://my.f5.com/manage/s/article/K000158948

Loading...

Show threadMalte StretzMar 12
@dlakelan
There is an ancient bug in the network stack which causes this issue (at least I assume that it is a bug). I tend to forget about this and run into this issue every few years. There is a sysctl knob you have to set, IIRC you have to disable multicast snooping. I'd have to look it up but you might find a related rant from last year in my timeline.
Show threadMalte StretzDec 29
@scy
My CSP knowledge is a bit rusty but IIRC the 'nonce' doesn't apply to externally loaded scripts, ie. the 'self' in combination with
@littlefox suggestion should work? (Unless that extra 'strict' or whatever it was called stanca is set.)
Show threadMalte StretzSep 1, 2025
@dugartogo
Ich sehe da im Hintergrund noch eine Geisterbrücke rüber zum Brandshof die meines Wissens Geschichte ist. Kennst Du evtl. ein aktuelles Planungsdokument was die Streckenführung in diese Richtung angeht?
Show threadMalte StretzAug 30, 2025
@rainer
Ich tippe auf MLD (130).
Malte StretzAug 1, 2025
Jan SchaumannAug 1, 2025
Pareto's AI Result: You get a response that's 80% correct, 20% of the time, and 20% correct 80% of the time, but no obvious indication which one of those you got this time.
Malte StretzJul 23, 2025
Show threadJes Moved to @[email protected]Jul 22, 2025
@sodiboo @sop there's also the possibility that all these recomendations you're reading is tripping you up and subconsciously change something you were about to write to something worse. it's insidious.
that and your brain can read pretty fast, and having long bad suggestions that you can't help but read every time you type a character is exhausting.