Hej!
Är det någon som blir ledsen om vi stänger ner den här listan?
Senaste mejlet siktades för snart tre år sedan, om vi inte räknar all
spam som någon måste klick-klick-klicka bort.
Om ingen motsätter sig inom en vecka så ryker den.
Hi fellow developers,
If you're upset about the news that github is becoming even more of a
Facebook clone with git repos in it [0], I'd like to let you know that
the current work on a NORDUnet gitlab instance is moving forward
according to plan.
[0] https://github.com/blog/2119-pull-request-and-issue-reactions
Expect something useful for testing at least hosting of repos, handling
tickets and pull requests before the easter holidays. This will include
cosmos+puppet and SAML integration.
Next up will be CI integration. I hear Markus is doing something here
and also that ft and ratler is testing out gocd. Are you communicating
or are we doing the same job twice (and will we, worse, end up with two
systems rather than one)?
In case anyone finds this useful, here is how I patched the last
remaining unpatched container in eduid. This particular container didn't
want to play along nicely when I tried to patch it during the week, but
yesterday I finally found out why and had it running in our
staging-environment. Today when I wanted to tag it as stable and release
it - it turned out that docker.sunet.se was unavailable for perhaps
upgrades to the new version?
However I didn't want to wait any longer with patching, so I did it
locally on the machines running the vulnerable container as follows:
1. Make a backup in case something goes wrong:
docker tag docker.sunet.se/eduid/eduid-signup:stable
docker.sunet.se/eduid/eduid-signup:stable-backup-2016-02-20
2. Enter the container:
root at signup-tug-3:~# docker exec -it eduid-signup /bin/bash
3. run apt-get update and apt-get upgrade inside the container
4. Exit the container and get the container ID:
root at signup-tug-3:~# docker ps -q --filter=name=eduid-signup
fbffa2f6e0de
5. Create a new image from the running container:
docker commit -m="Upgraded glibc" -a="john at nordu.net" fbffa2f6e0de
docker.sunet.se/eduid/eduid-signup:stable
6. service docker-eduid-signup restart
7. Verify that the new image contains the patched version:
docker exec -it eduid-signup sh -c "dpkg -l libc-bin|tail -1"
//John
Hej!
Hur har ni byggt nya ubuntu-baserade dockerimages?
Jag byggde om docker.sunet.se/stud men verkar inte ha fått det jag
behöver (19-0ubuntu6.7):
--8<---------------cut here---------------start------------->8---
linus at f0:~/usr/share/logs/plausible$ docker exec -it plausible-tls-1 sh -c "dpkg -l libc-bin|tail -1"
ii libc-bin 2.19-0ubuntu6.6 amd64 Embedded GNU C Library: Binaries
--8<---------------cut here---------------end--------------->8---
docker-stud/Dockerfile säger "FROM ubuntu". Har den inte blivit ombyggd
tro?
Antar att vi borde lägga till "apt-get upgrade -y -q upgrade" till
docker-stud/Dockerfile. Eller göra FROM på ett eget bas-system som vi
håller uppdaterat?
Hi,
Hanno Böck has built [0] a gentoo system with Address-Sanitizer (ASan)
[1] enabled, a compiler (gcc and clang) feature which helps detecting
common memory bugs we all do in the C programming language.
[0] https://blog.hboeck.de/archives/879-Safer-use-of-C-code-running-Gentoo-with…
[1] https://github.com/google/sanitizers/wiki/AddressSanitizer
SUNET/NORDUnet should be interested in this for two reasons:
- interesting way of finding bugs, especially together with fuzzing
- hardened linux builds should be investigated for running our own
services
Hi,
It seems like git doesn't actually verify checksums by default.
https://groups.google.com/forum/?_escaped_fragment_=msg/binary-transparency…
I think it makes sense to perform the following on all repos:
printf "[transfer]\n\tfsckobjects = true\n[fetch]\n\tfsckobjects = true\n[receive]\n\tfsckobjects = true\n" >> .git/config
git fsck --full
Hi group,
Tomorrow I'm in a meeting from 09:00 so I'll miss the weekly. Here's my
this week and my expected next week:
this week
- more people seems interested in dnssec transparency -- i'm in a
meeting with iis (.se) people this friday
- gn4-2 jra2t6 planning is underway, i'm helping my task leader with
that
- standardisation of gossip in ct is moving along thanks to help from
tom ritter and daniel kahn gillmor; new draft coming up for ietf95
(cut-off mid march)
- tor consensus transparency has got some spare cycles and will soon see
some real work (specification as well as implementation), hopefully in
time for the tor dev meeting late february
- looking for someone interested in helping out with hacking on a
proof-of-concept for the gossip stuff -- curl and django have been
mentioned (you know poc is fun!)
- i'm part of a research activity investigating if operating a tor relay
could be problematic from a juridical point of view in sweden and have
been helping out with technical questions as well as attending one
seminar
next week
- figure out what's needed for dnssec trans to get going; due april 1
- implement tor consensus trans, at least tor client submission
- move catlfish closer to a 0.9 release
- move urd.appendto.org closer to submission for inclusion in chrome
[Resending this to the Sunet dev-list since I managed to discard the
posting when trying to moderate.]
I'm pleased to announce that our talk on append-only logs has been
accepted for TNC16.
Here's what our submission looked like:
