1. 4

    I’ve been a very happy user of ARP Networks for years, both their VPS and dedicated offerings.

    1. 1

      @jcs I think it would be cool to have a “Devio.us Admin” hat for myself, @bcallah, and @kyle.

      Also, @bcallah totally needs an OpenBSD Developer hat (even if he won’t ask for it himself)

      1. 1

        I can has too?

        1. 1

          (To clarify, jasper@ is an OpenBSD dev, not a “Devio.us Admin” in case that wasn’t clear.)

          1. 1

            You has.

          2. 1

            Oh I totally forgot @lteo is also an OpenBSD Developer.

            1. 1

              And @qbit

              1. 1

                i haz

                1. 1

                  Huh I totally didn’t see that before. (And I didn’t see you request one.) Oops.

          1. 6

            HFS+, like NTFS, is actually case sensitive “under the hood.” However the OS' that use them default to setting them case-insensitive. It’s not fair to pin this on the filesystem itself. I would title this “Caveats of using git on OSX”

            It should be pointed out that you can fairly easily select case-sensitive formatting during OSX installation, or use a disk image formatted appropriately for your case-sensitive work.

            1. 3

              The last time I recall this discussion going around, it was pointed out that a significant part of the OS X ecosystem (Adobe being the major offender that I recall) just doesn’t work on case-sensitive HFS+, so regrettably it’s not always as simple as making sure you only use case-sensitive filesystems.

              1. 2

                use a disk image formatted appropriately for your case-sensitive work

                I believe that’s the solution the post proposes at the end.

                1. 4

                  Yep, that’s what I ended up doing.

                  @brycied00d Fair point. Thanks for the clarification.

                1. 1

                  Wow, this is quite a historical gem! That server on page 3 looks like it has a microwave sitting near the top rack. :-)

                  1. 1

                    Also “today we have over 50 servers running various versions of 2.1 STABLE.” was a giveaway to the age of the article. Not to mention the html page is full of Geocities markup.

                  1. 3

                    Is this really a thing? Their instructions state “Install OmniSharp (https://github.com/OmniSharp/Omnisharp)” but that appears to be an empty repository.

                    1. 3

                      I’ve only installed it through the package manager for Sublime, but it works great.

                    1. 8

                      Strange no one is discussing it more.

                      I love the idea. I think it’s about time passwords die, one way or another.

                      1. 3

                        I wish I could say “Because it’s a solved problem? SSL client certificates have been around for ages.” but alas I know of only one public website that uses SSL client certificates for authentication. (And it’s an SSL CA)

                        1. 2

                          Linked Data Server https://databox.me/ uses client certificates.

                      1. 1

                        Playing devil’s advocate for a second, the blog takes a hardline “more speed is less safe” stance, which isn’t necessarily true. I have heard (yes, anecdotal, so sue me) of cases where drivers were stopped for driving at the speed limit because they were not driving with the flow of traffic and were thereby posing a safety risk. And I have been spectator to plenty (oh so many!) instances of a car driving at or below the limit and holding up traffic, particularly if they’re in the wrong lane.

                        1. 2

                          If we’re talking fetching SSL/TLS certificates in general, one could simply “openssl s_client -connect host:port” No point in installing an npm package just for that.
                          To save just the certificate into a file: openssl s_client -connect host:port | openssl x509 [-text] > myfile.pem
                          Of course, if this is targeted at Node.js developers, then I’d have altered the title to reflect that, “Retrieve the public TLS certificate in x509 format from a distant host in Node.js

                          % openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -text
                          Certificate:
                              Data:
                                  Version: 3 (0x2)
                                  Serial Number: 9018882575595640890 (0x7d2981eb1d56983a)
                              Signature Algorithm: sha256WithRSAEncryption
                                  Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
                                  Validity
                                      Not Before: Nov  4 18:13:15 2015 GMT
                                      Not After : Feb  2 00:00:00 2016 GMT
                                  Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
                                  Subject Public Key Info:
                                      Public Key Algorithm: rsaEncryption
                                          Public-Key: (2048 bit)
                                          Modulus:
                                              00:be:ab:cb:37:55:7e:18:a1:06:b4:fb:de:4e:ac:
                                              70:d4:5c:d3:ae:56:ec:82:1f:1d:c6:5b:79:33:64:
                                              12:5d:04:3a:62:32:91:92:e4:28:68:ed:ba:92:9d:
                                              83:3c:1c:3c:d1:59:a7:21:0c:15:a0:64:7c:1d:14:
                                              13:7a:d7:e4:8b:d5:cc:75:79:65:d2:53:e5:e2:7a:
                                              5f:8f:44:cc:eb:83:76:e8:e2:6e:28:b7:b6:c7:41:
                                              4b:0a:fe:d2:a9:eb:c0:ed:b5:29:2e:64:7c:b8:38:
                                              97:1e:7b:e2:2d:d1:fe:81:aa:87:fc:3e:45:62:8f:
                                              40:f3:7a:f4:e2:69:13:f3:f5:7d:91:f5:c2:8d:9b:
                                              80:ff:98:b7:3b:85:07:09:bd:9a:3b:6e:48:c5:50:
                                              ec:1b:34:0f:fe:c1:51:25:b3:7b:a4:69:4b:c6:1e:
                                              50:ff:d2:3e:c1:8c:44:15:33:da:8c:f1:10:d3:4d:
                                              84:2b:50:ec:97:7f:7c:eb:fe:04:8d:2f:cf:47:50:
                                              c4:38:cd:5a:b7:76:4e:76:c7:dc:20:d2:f0:cc:d5:
                                              66:90:08:1d:73:13:dc:e2:55:c4:8e:a7:37:aa:e5:
                                              a5:d4:cb:a8:1b:82:8f:9e:a0:0f:2d:6b:9d:f5:30:
                                              74:a4:6b:5b:a1:e8:66:95:30:eb:2f:cc:ec:29:bd:
                                              84:93
                                          Exponent: 65537 (0x10001)
                                  X509v3 extensions:
                                      X509v3 Extended Key Usage: 
                                          TLS Web Server Authentication, TLS Web Client Authentication
                                      X509v3 Subject Alternative Name: 
                                          DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
                                      Authority Information Access: 
                                          CA Issuers - URI:http://pki.google.com/GIAG2.crt
                                          OCSP - URI:http://clients1.google.com/ocsp
                          
                                      X509v3 Subject Key Identifier: 
                                          40:4B:30:8E:C9:25:C6:EF:14:A2:1A:E4:62:32:D8:BF:48:F1:40:6B
                                      X509v3 Basic Constraints: critical
                                          CA:FALSE
                                      X509v3 Authority Key Identifier: 
                                          keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
                          
                                      X509v3 Certificate Policies: 
                                          Policy: 1.3.6.1.4.1.11129.2.5.1
                                          Policy: 2.23.140.1.2.2
                          
                                      X509v3 CRL Distribution Points: 
                          
                                          Full Name:
                                            URI:http://pki.google.com/GIAG2.crl
                          
                              Signature Algorithm: sha256WithRSAEncryption
                                   28:e3:ae:5e:df:e9:68:ba:8f:7a:17:ba:8f:fc:ff:e9:91:2e:
                                   2c:8f:c6:b9:82:c1:70:d1:d8:ea:4e:4e:1a:17:3f:d3:bf:1d:
                                   1d:78:1e:56:9e:c4:ca:cf:20:b9:29:34:05:cb:0c:be:9a:75:
                                   46:1c:bf:74:81:f9:e7:01:e5:67:38:2e:7a:d8:1b:4e:62:ed:
                                   3b:55:f4:57:8b:e3:84:97:32:12:08:06:7f:a4:43:5e:4b:ed:
                                   44:3a:a1:5f:64:9e:28:7d:e9:22:42:3b:b9:9a:56:61:be:75:
                                   83:fb:3a:bc:26:0f:05:0f:1f:2f:33:c6:0f:7f:c4:4d:28:e9:
                                   45:00:cb:1c:70:a7:d4:49:e1:74:68:c3:be:2e:50:9e:fa:c7:
                                   1f:88:d9:f5:e1:31:10:bc:9a:77:af:c3:5e:cc:f9:ab:c9:32:
                                   69:28:d6:f9:0c:4d:f6:30:6e:b9:7c:61:0c:e8:33:af:a8:6d:
                                   c2:f0:25:47:47:dd:28:06:4d:5b:c4:15:3d:c9:e8:0c:cc:b7:
                                   6e:66:c8:10:c6:14:0f:a9:3d:a7:99:f2:c6:61:56:cd:c7:89:
                                   40:d7:93:be:f1:30:87:97:9a:88:9b:69:cc:a1:e4:d1:3e:66:
                                   ed:7a:b4:48:ac:85:3d:01:68:7b:03:0c:2f:d8:1a:02:ad:98:
                                   f7:ef:b4:d4
                          -----BEGIN CERTIFICATE-----
                          MIIHqTCCBpGgAwIBAgIIfSmB6x1WmDowDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
                          BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
                          cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUxMTA0MTgxMzE1WhcNMTYwMjAyMDAwMDAw
                          WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
                          TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
                          b29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqvLN1V+
                          GKEGtPveTqxw1FzTrlbsgh8dxlt5M2QSXQQ6YjKRkuQoaO26kp2DPBw80VmnIQwV
                          oGR8HRQTetfki9XMdXll0lPl4npfj0TM64N26OJuKLe2x0FLCv7SqevA7bUpLmR8
                          uDiXHnviLdH+gaqH/D5FYo9A83r04mkT8/V9kfXCjZuA/5i3O4UHCb2aO25IxVDs
                          GzQP/sFRJbN7pGlLxh5Q/9I+wYxEFTPajPEQ002EK1Dsl3986/4EjS/PR1DEOM1a
                          t3ZOdsfcINLwzNVmkAgdcxPc4lXEjqc3quWl1MuoG4KPnqAPLWud9TB0pGtboehm
                          lTDrL8zsKb2EkwIDAQABo4IEdjCCBHIwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
                          AQUFBwMCMIIDQgYDVR0RBIIDOTCCAzWCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lk
                          LmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29t
                          ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu
                          Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u
                          dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j
                          b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds
                          ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl
                          LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv
                          b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBp
                          cy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESou
                          Z29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiou
                          Z3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVy
                          Y2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5j
                          b22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CCyoueXRp
                          bWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22C
                          BGcuY2+CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdvb2dsZS5jb22C
                          Emdvb2dsZWNvbW1lcmNlLmNvbYIKdXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1
                          YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbTBoBggrBgEFBQcBAQRcMFowKwYI
                          KwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYB
                          BQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYE
                          FEBLMI7JJcbvFKIa5GIy2L9I8UBrMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
                          St0GFhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgG
                          BmeBDAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20v
                          R0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAo465e3+louo96F7qP/P/pkS4s
                          j8a5gsFw0djqTk4aFz/Tvx0deB5WnsTKzyC5KTQFywy+mnVGHL90gfnnAeVnOC56
                          2BtOYu07VfRXi+OElzISCAZ/pENeS+1EOqFfZJ4ofekiQju5mlZhvnWD+zq8Jg8F
                          Dx8vM8YPf8RNKOlFAMsccKfUSeF0aMO+LlCe+scfiNn14TEQvJp3r8NezPmryTJp
                          KNb5DE32MG65fGEM6DOvqG3C8CVHR90oBk1bxBU9yegMzLduZsgQxhQPqT2nmfLG
                          YVbNx4lA15O+8TCHl5qIm2nMoeTRPmbterRIrIU9AWh7Awwv2BoCrZj377TU
                          -----END CERTIFICATE-----
                          
                          1. 2

                            I’m not an expert on DNSSEC (though I might play one on TV some day), but how exactly is this “universal” when my registrar doesn’t support DNSSEC? (long chain of expletives Enom resellers more profanity)

                            1. 1

                              Hmm, does this 404 for anyone else?

                                1. 3

                                  Looks like @jasper’s site has a wrong canonical header, which the URL submission page switches to when it finds one:

                                     <link rel="canonical" href="http://jasper.la/openbsd-uefi-bootloader-howto/" />
                                  
                                  1. 1

                                    Thank you for pointing that out; it’s fixed now.

                                    1. 1

                                      Clicking the post’s URL http://blog… returns a 301 to https://ghost.jasper.la/openbsd-uefi-bootloader-howto/ which doesn’t resolve. If I visit https://blog… it works.

                              1. 4

                                This is @bcallah’s post. He just didn’t want to be the one to post it. Kudos to @kusuriya.

                                1. 5
                                  1. You can send invitations from your profile/settings https://lobste.rs/settings
                                  1. 6

                                    @tedu addressed the more serious issues with this post, but I’d like to point out something a little less serious: There was already a 2.0 release of the AOL software, about 20 years ago! That made this post title rather confusing.

                                    (And some of us still remember it. And may have recently junked a box of AOL 2.0 floppy disks.)

                                    1. 1

                                      This is a duplicate of https://lobste.rs/s/gumn9n which linked directly to the PDF.

                                      1. 9

                                        Speaking for myself, I don’t feel this sort of content adds anything to the Lobste.rs community. A discussion about hardware? Sure. But simply linking to Amazon product pages and the like is spam.

                                        What does Lobste.rs think - agree? disagree? Am I alone in this thinking?

                                        PS: Not that this isn’t neat looking. It reminds me of the Optimus family of keyboards a few years back, but boy were those expensive and not very comfortable.

                                        1. 5

                                          That’s a fair criticism. I thought this one was kind of iffy - it’s a novel thing that’s nice to look at (I hadn’t seen the Optimus keyboards before) but not… well, I don’t know how to say it without sounding 19th century, but: it’s not enlightening or ennobling. Reading it is consumptive, not productive.

                                          1. 2

                                            Yeah, I hear that. I think, like a lot of things, it fits better on Lobste.rs if you write a paragraph explaining that you think it’s cool and a thing people might enjoy looking at. Being open about the consumptive nature of it. :)

                                          2. 1

                                            A link to the Optimus keyboard family.

                                          1. 2

                                            Mod: Please clean up the title to “Let’s Encrypt: Root and Intermediate Certificate” Without that separator, it’s suggesting we encrypt certificates…

                                            1. 0

                                              Poorly titled: should be “Show and teLl” ;)

                                              1. 3

                                                Valve/Steam recently announced their discontinuation of an Oauth2 api. From my limited experience and what I’ve heard, Oauth* is a convoluted nightmare to implement and to use. And from your description it’s probably the wrong tool for the job - its purpose is cross-application authorization, not so much end user connections.

                                                (Short and quick response from my phone)

                                                1. 4

                                                  OAuth 1 is not that bad, but the thing people miss is that OAuth 2 is not a replacement for OAuth 1.0, it’s an “alternative”, an horrible alternative, so much that the lead author and editor asked his name to get removed from the specs.

                                                  If you can find a working server/client implementation of OAuth 1.0, I’d say go for it.

                                                  1. 1

                                                    Unfortunately, in the healthcare space, somebody actually managed to get on the computer and discover OAuth2, and, well, we can all guess the rest.

                                                    Again, I’m looking at alternatives–but I’d really appreciate some war stories from older and greyer beards or beardettes.

                                                1. 6

                                                  I have to say, this is a very impressive and refreshing state of affairs!

                                                  Compare it to identi.ca, which one day decided to completely remove everyone’s accounts, even without being acquired!

                                                  P.S. Gitorious at one point was the official place for the unofficial FreeBSD repository and many clones.

                                                  1. 1

                                                    Thanks - I was about to flag this for being mis-tagged until you explained the FreeBSD connection. (Even still, I’m not sure it’s a relevant tag, but I won’t flag it.)

                                                    1. 1

                                                      Hm? Identi.ca removed accounts? I thought they just remove the ability to register? My account is still there.