Custom Query (196 matches)
Results (55 - 57 of 196)
Ticket | Owner | Reporter | Resolution | Summary |
---|---|---|---|---|
#381 | andersk | fixed | Disable allow_weak_crypto on scripts | |
Description |
Now that OpenAFS is fixed, none of our servers should need allow_weak_crypto. We should disable it everywhere. We may need to contact users that use kinit on scripts, which at the time of this writing, is likely to be approximated by [andersk@whole-enchilada]:~$ ls /tmp/krb5cc_* -l -rw------- 1 freeculture freeculture 1145 Jul 24 03:17 /tmp/krb5cc_536886288 -rw------- 1 pony pony 735 Jul 26 18:02 /tmp/krb5cc_536890340 -rw------- 1 afarrell afarrell 697 Jul 20 18:56 /tmp/krb5cc_537865110 -rw------- 1 gdb gdb 695 Jul 26 00:00 /tmp/krb5cc_537883327 -rw------- 1 joeyhkim joeyhkim 1595 Jul 14 00:00 /tmp/krb5cc_538023618 -rw------- 1 ezyang ezyang 1127 Jul 26 17:59 /tmp/krb5cc_ezyang_extra |
|||
#383 | andersk | fixed | Konami code detection takes quadratic time in number of keystrokes | |
Description |
scripts-pony/scripts/templates/master.mak has a very inefficient Konami code detection easter egg that appends all keystrokes to a JavaScript? array. It should be rewritten to use the obvious 11-state Knuth–Morris–Pratt FSM. This now also affects XVM, who copied this code. |
|||
#389 | andersk | fixed | Enable HTTPS perfect forward secrecy | |
Description |
This is complicated by the requirement to keep SSLSessionTicketKeyFile out of persistent storage, rotate it frequently, and synchronize it across servers. It would also be nice to remember the last N old keys so that each rotation doesn’t force every user to establish a new SSL session. We’ll probably need to do some Apache development. https://www.imperialviolet.org/2013/06/27/botchingpfs.html https://blog.twitter.com/2013/forward-secrecy-at-twitter-0 |