Seth Arnold

icon indicating an email [email protected]

icon company @CanonicalLtd icon location I'm employed by @CanonicalLtd on the @ubuntu security team. I've been working on @apparmor since 2000.

Results 56 comments of Seth Arnold

Better options for DDOS mitigation with DoT

Admins looking to solve a problem immediately might benefit from using plain old firewalling tools, too: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_nftables_to_limit_the_amount_of_connections

Banner image missing on the phone

I see a similar problem with Firefox on Focal. (I've got uBlock origin and Tridactyl installed, potentially mucking things up, but they've been very reliable lately.) ![missing_image](https://github.com/canonical/canonical.com/assets/5447148/e9598000-953d-44f2-8c67-68cd37fa395c)

Banner image missing on the phone

@mtruj013 sorry for the delay, it's been a busy few months. In any event this is still broken on both my Ubuntu Firefox and my Android Chrome. My console on...

how large is a microcloud?

Ah, now that I've read a bit of the documentation, I see that the three systems are a bit of a hard requirement. Anyway, it feels like something ought to...

out of date projects directory

Having a *real* list of our projects and who owns them would be fantastic. We've got two spreadsheets and a wiki https://wiki.canonical.com/UbuntuEngineering/Security/InternalAlerts to try to keep track and they're basically...

ENAMETOOLONG error when running prettier

The error message that's in the logs: > `Error: ENAMETOOLONG: name too long, lstat '/home/runner/work/prettier-enametoolong/prettier-enametoolong/{a.json,aa.json,aaaa.json,aaaaaaaa.json,aaaaaaaaaaaaaaaa.json,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.json,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.json,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.json}'` This suggests that someone tried to use a shell glob syntax in a setting that...

ENAMETOOLONG error when running prettier

Well, I'm very glad that prettier isn't going through the shell to do this, but it seems very strange and unusual to me all the same. But, if handling arguments...

logging passwords?

https://github.com/ClusterLabs/fence-agents/blob/542fb6d95faba1eaeb7c3c980510fb7b2c3ace52/agents/skalar/fence_skalar.py#L213 also appears to be willing to log passwords.

Guard against MitM attack: remove node name from the token

Would sticking `SECRET` or `PRIVATE` in the token in ~place of~ before the node name be enough to communicate to administrators that these tokens must be protected?

MYSQL_OPT_RECONNECT is deprecated in MySQL 8.0.34.

It looks like it's been since `MYSQL_VERSION_ID >= 50013` that the automatic reconnection behaviour has been in place. I could imagine since then that there's new code in APR that...