If you see this warning when connecting to a server through ssh:
** WARNING: connection is not using a post-quantum key exchange algorithm. ** This session may be vulnerable to "store now, decrypt later" attacks. ** The server may need to be upgraded. See https://openssh.com/pq.html
Then follow michabbb’s guide on how to enable post-quantum key exchange in ssh. Don’t worry, you don’t have to generate new keys. Please please do not disable the warnings, Solution 1 is NOT a solution. Do the right thing.
On your (MacOS) client machine (your local laptop) you need to tell your client to prefer post-quantum algorithms. Edit ~/.ssh/config and make sure your Host entry contains a KexAlgorithms line like this:
Host * KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
On a (MacOS) server you need to tell the sshd deamon to prefer post-quantum algorithms. To help you quickly do this:
sudo tee /etc/ssh/sshd_config.d/post-quantum.conf >/dev/null <<'EOF' # Enable post-quantum key exchange algorithms KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 EOF sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
Then validate that it worked on your next ssh session. If not, check that both machines (client and server) contain these fixes and are up-to-date. Read michabbb’s article for more tips and a better explanation.
Stay safe!
The past months were hectic. Artificial Intelligence has changed my daily work faster than I expected. In just a few weeks, it went from a fun experiment to something that reshaped how I “write” software, how I think, and even how tired my brain feels at the end of the day. It brings cool new possibilities, but also new challenges. I thought I’d write some of it down for future reference.
Many applications nowadays output json formatted log files so that they can be scraped by the newest hippest monitoring cluster (think of Splunk, Elastic Filebeat, etc). That is of course very nice and I applaud that kind of observability, but sometimes you are just on the machine fighting with a service that does not want to start, or you just want to monitor it a bit more realtime, or you just are not the browser type. Luckily there is a realatively easy trick to this.
This week a colleage of mine shared an interesting video describing 
This article lists a rough feature comparison between currently available European cloud providers and their American counterparts. European cloud is available and abundant. Stackit, OVHcloud, Scaleway, IONOS, Exoscale, Upcloud are all parties you should have on your radar when building critical infrastructure for European clients. The US is proving to be less and less reliable as an IT partner. You’ve got to move.
I regularly play Gran Turismo 7 on my playstation 5. Fanatec Direct Drive steering wheel, seat, pedals, the works. I even have a pit crew telling me when my tyres are warm or cold, and which laps I need to pit in by using 
Now that I am running classicpress, I miss the statistics that I received at wordpress.org. I don’t want to install third party cookies or other adware stuff, so I was looking to see how to solve that completely locally. Here’s how I got it working, withouts ads, all local, for free.