| 23 Oct 2024 |
 commiterate | Fixed the implementation to do the signature checking for EIC stuff.
I'll leave it up to EIC's eval on whether they want to keep the EC2 Key Pair stuff (since that's vulnerable to MITM). | 05:06:13 |
| commiterate | That openssl dgst line was definitely what I was missing. Each public key block has a bunch of metadata comments (think of this as a header), the public key line, and a base64-encoded SHA-256 + RSA-PSS signature. This signature is for the metadata comments + public key line.
Since that's signed by an EIC signer cert which rolls all the way up to an Amazon CA, it's protected from spoofing.
| 05:09:02 |
| commiterate | * That openssl dgst line was definitely what I was missing. Each public key block has a bunch of metadata comments (think of this as a header), the public key line, and a base64-encoded SHA-256 + RSA-PSS signature. This signature is for the metadata comments + public key line.
Since that's signed by an EIC signer cert which rolls all the way up to an Amazon root cert, it's protected from spoofing.
| 05:09:37 |
|  @luna-null:matrix.org changed their display name from Autumn to luna-null. | 09:49:18 |
| 25 Oct 2024 |
|  lholh joined the room. | 03:54:55 |
|  shift joined the room. | 12:51:26 |
|  xenos76 joined the room. | 13:58:52 |
|  @niclasoverby:beeper.com joined the room. | 13:59:32 |
| 26 Oct 2024 |
|  dbalan joined the room. | 09:49:21 |
| 27 Oct 2024 |
 Arian | there is EIC support for MacOS? | 13:25:01 |
| dbalan | Arian: 👋 Is your nixcon slidedeck up somewhere? | 13:36:29 |
| Arian | https://arianvp.github.io/nixcon2024/slides/reveal.js-master/ | 13:43:10 |
| Arian | added the link to pretalx as well | 13:44:42 |
| dbalan | In reply to @arianvp:matrix.org
https://arianvp.github.io/nixcon2024/slides/reveal.js-master/ thx! | 13:50:55 |
| dbalan | Do you have any strategy for rolling back stateful services, if the activation fails for a new config? | 13:55:30 |
| Arian | Currently not. We manually rollback the instances through grub. But I want to look at automatic boot assessement features that were added to NixOS recently to automate this | 14:32:02 |
| Arian | e.g. reboot into previous boot entry if health check fails | 14:32:10 |
|  Ilan Joselevich (Kranzes) joined the room. | 16:24:21 |
| commiterate | There is apparently. | 17:40:23 |
| commiterate | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html
If you launched your instance using a later version of Amazon Linux, macOS Sonoma, macOS Ventura, macOS Monterey, or Ubuntu, it comes pre-installed with EC2 Instance Connect, and therefore you do not need to install it yourself.
| 17:41:15 |
| commiterate | There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation should support it (can generate the AuthorizedKeysCommand exec as a .exe) | 18:55:37 |
| commiterate | * There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation should support it (can generate the AuthorizedKeysCommand exec as a .exe and I'm only using the Go crypto library) | 18:55:47 |
| commiterate | * There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation supports it (can generate the AuthorizedKeysCommand exec as a .exe and I'm only using the Go crypto library) | 18:56:02 |
| 28 Oct 2024 |
|  @karstenpedersen:matrix.org joined the room. | 09:52:06 |
| Arian | https://www.youtube.com/watch?v=0yb05mq9lLM is basically my whole talk in 2 minutes . | 10:18:28 |
| Arian | * https://www.youtube.com/watch?v=0yb05mq9lLM is basically my whole talk in 2 minutes . Very similar deploy process but using FH instead of S3 for caching | 10:18:42 |
| 29 Oct 2024 |
| shift changed their profile picture. | 15:09:01 |
| 30 Oct 2024 |
| @karstenpedersen:matrix.org set a profile picture. | 19:03:44 |
| @karstenpedersen:matrix.org changed their profile picture. | 19:07:58 |
| 5 Nov 2024 |
|  tuxiqae joined the room. | 16:14:29 |
