* Posts by Nick Stallman

160 posts • joined 31 Oct 2007

Page:

Cloudflare slams AWS egress fees to convince web giant to join its discount data club

Nick Stallman

Re: Huge markup

Cloudflare doesn't bother to charge for bandwidth - that's how cheap bandwidth has gotten these days.

I serve around 35TB through Cloudflare each month. AWS costs thousands for that, and our dedicated server provider just hundreds.

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs

Nick Stallman

Re: Hardware dongles?

Trying to find a phone today that can't do NFC would be quite difficult. Not impossible but very difficult.

Remember this is to make captchas easier, not be the only option. As I already have a yubikey I look forward to using it instead of clicking on traffic lights.

And no bits can't fake it as per the original article. Cloudflare uses the fact that the original device manufacturer of the keys signs the keys in batches of 100,000 and Cloudflare has a whitelisf of vendors. A bit could emulate the security key in general but won't be signed by a reputable manufacturer of security keys and thus will be rejected.

Nick Stallman

I'm slightly disturbed by this article and comment section - do people seriously not know that hardware security tokens exist and how they work?

I've been using a yubikey for years for security reasons. It's fantastically convenient and virtually unbeatable security wise. Way better than sms or 6 digit nunbers for multi factor authentication.

Sure if you don't have a yubikey already you aren't going to rush out to buy one just to beat some captchas, but I would have assumed a lot of this audience would already have them. Or they should be seriously thinking about getting one at least.

Nick Stallman

Re: Self-serving specification

Malware can't use a yubikey even if one is plugged in to your computer. It requires a physical touch before it'll perform the handshake.

And if your computer keeps randomly asking you to touch your yubikey you'd get suspicious pretty quickly.

Nick Stallman

Re: Hardware dongles?

Your phone doesn't have NFC? All the keys these days support NFC for mobile use which is fantastically convenient.

Chinese AI censors live-streamed Alpacas – beasts with a very NSFW and political back story

Nick Stallman

Re: Meanwhile ...

China's just gone and done what the West wants to do. The US is envious of China on so many levels.

There's no Huawei on Earth we're a national security threat, Chinese giant tells US appeals court

Nick Stallman

Re: Huawei will this end?

"But explain how most large companies have had policies in place long before Trump became president that require the use of disposable tech for visits to China."

Dunno about you but I'd most certainly do the same if I ever flew to the US.

Australia facepalms as Facebook blocks bookstores, sport, health services instead of just news

Nick Stallman

Re: Screw Australia's clumsy attempt....

Is it really Facebook re-using content, when the news organisations happily and freely post it themselves?

They are asking for a platform to share their news on, then are demanding cash for them doing it.

And now they are moaning about the platform they don't pay for being taken away from them.

Dear team: Please work hard in 2021. I’d help, but I’m in jail. Yours, the boss of Samsung

Nick Stallman

Re: Organic?

Which makes organic water completely false advertising.

Or disgusting.

Microsoft reveals slow, staccato, disruptive auto-patching service for some Windows VMs on Azure

Nick Stallman

Re: FFS patching is a sysadmins life get on with it.

Patching on Linux is at least simple - no reboots.

It's amazing that Microsoft hasn't figured out how to avoid regular reboots by now. Any Windows admin boasting of high uptime is admitting his servers are insecure. My production Linux servers all have over a year uptime generally (last reboot was datacentre maintenance related).

CenturyLink L3 outage knocks out web giants and 3.5% of all internet traffic

Nick Stallman

Great reporting

Good write up - first news site I've seen that didn't say it was a Cloudflare outage.

Cloudflare got blamed by everyone else since a lot of their error pages were visible to end users. The error pages were only there because the origin servers only had Level 3 transit of course so alternate routes weren't available.

People saw the Cloudflare logo and instantly assumed they were the source of the problem.

Epic Games gets itself epically banned, launches epic Fortnite death match with Apple over App Store's epic 30% cut

Nick Stallman

#freefortnite

I love their use of the hashtag #freefortnite because it's exactly the one thing that is absolutely not happening.

Epic wants Fortnite to be free for themselves. They have zero intention to stop charging kids for the game's novelties.

Family meeting! Chocolate Factory makes its business-like video-chat service free to anyone with a Google account

Nick Stallman

Re: free to anyone with a Google account

To be fair, the paid version which I've used for a couple of years now does not require participants to have a login and offers phone dial in mechanisms as well.

It's one of those actually quite well implemented products which no one really knows about.

Zero software to install unlike Microsoft Teams which repeatedly asks you if you wouldn't much prefer their app or Zoom who forces you to use an app.

Forget tabs – the new war is commas versus spaces: Web heads urged by browser devs to embrace modern CSS

Nick Stallman

Ads

Why do I get the sense this is all so we can be blinded by HDR ads?

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet

Nick Stallman

I came here to mention this too.

The reason why BGP is involved is likely Cloudflare removing their contributing servers from the F root entirely.

This probably took time because they were hoping to just fix the code instead of disabling all their F root servers, but they couldn't do it fast enough so they pulled the plug.

Without Cloudflare F root servers in the pool, all the other F servers would pick up the slack which never had any issues.

Mi first! Latest Xiaomi flagship storms DxOMark rankings with quartet of powerful cameras

Nick Stallman

Re: tat bazaar

They sell more than phones you know. Quite a *lot* more than phones. That's what is being referred to.

Virtualization juggernaut VMware hits the CPU turbo button for licensing costs

Nick Stallman

Re: VMware

We've got a decent sized Vmware cluster for our prodution workloads. 3 nodes, 96 cpus 576gig ram. Currently looking to expand this significant actually.

A lot of our stuff is Foss, and Vmware is running around 30 Ubuntu VMs. I have to pick and choose where we spend time tinkering however - I can tinker with our outbound mail server or a specific database but the entire platform the company runs on? I'm not prepared to (and don't have the time) to tinker there. Easier just to pay for it since its mission critical (and we have a provider who supports it too as needed).

Incidentally it still comes out way cheaper than AWS even with the Vmware licence fees.

Caltech takes billion-dollar bite out of Apple, Broadcom for using its patented Wi-Fi tech without paying a penny

Nick Stallman

Re: If it’s part of the WiFi standard then it should be covered by FRAND terms

$1b sounds a lot more FRAND than $0.

Since they got caught paying $0 that doesn't mean they get the FRAND rates for all their past infringement. Otherwise no one would bother paying at all until they got caught and sued.

Tragedy: CES squeeze forces frequent flier hotshots into economy hell

Nick Stallman

Re: While they sit in their seats

I'm confused? So if we can reduce our consumption while holding on to modern life, is flying comparable to clubbing baby seals or not?

Google ex-employees demand retribution for Thanksgiving massacre

Nick Stallman

Re: I don't like to judge people based on their appearance...

No but putting tracking the movement of fellow workers and automating checks on their calendars is creepy as all hell and certainly not "do no evil". They can disagree with some of those projects without actively spying on individual people working on them.

Sounds like they got too cocky thinking they were untouchable and that no one would notice what they were doing.

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts

Nick Stallman

Re: Unique Usernames

Interestingly it seems that O365 does not support plus addresses which can be quite annoying.

Cloudflare comes clean on crashing a chunk of the web: How small errors and one tiny bit of code led to a huge mess

Nick Stallman

All relativr

Compared to other cloud outages,this one is very minor. Not only was it detected and acknowledged quickly, it was also resolved extremely quickly and the postmortem let's you know exactly what went wrong in great detail.

Outages happen. If only they were all this pleasant to experience.

Cloudflare gives websites their marching orders to hasten page rendering automatically

Nick Stallman

Re: Is that to compensate for the DDOS page

Yes, but no. Its progressive jpeg but for multiple progressive jpegs at once.

Having 10 progressive jpegs on your site isn't much use if the first one has to load fully before the next one starts.

Cloudflare"s technique allows all 10 to progressively load at the same time.

What a meth: Woman held for 3 months after cops mistake candy floss for hard drugs

Nick Stallman

Re: Taste test?

Nonsense. Of course professional law enforcement taste strange white powders they find.

https://www.abc.net.au/news/2018-05-21/parliament-white-powder-mystery-deepens-with-claims-footage-gone/9781330

OK Google, what is African ISP Main One, and how did it manage to route your traffic into China through Russia?

Nick Stallman

And Telstra in Australia decided to route a good chunk of the domestic Internet to Melbourne and two very confused routers that sat there bouncing packets back and forward until their ttl ran out.

Halfed our servers traffic for an hour and Telstra doesn't handle any transit or peering for us at all!

Cathay Pacific hack: Personal data of up to 9.4 million airline passengers laid bare

Nick Stallman

Re: Why is all this data being retained?

Because terrorists!

GitHub.com freezes up as techies race to fix dead data storage gear

Nick Stallman

Re: The Microsoft Curse?

Nah its probably not Microsoft fault.

It was an issue with their mysql cluster. So I say it was Oracle putting a knife in Microsoft back when they weren't expecting it. :p

Atlassian: Look at our ginormous Jira revenues!

Nick Stallman

Re: Why the hell

Check out Phabricator. It's the closest thing yet I've seen.

Huawei's Watch GT snubs Google for homegrown OS

Nick Stallman

Re: 2-week battery life

Another happy Pebble user here too. Pebble Time, little scuffed and the battery isn't quite a week anymore but it's fantastic.

This is the first watch that makes me think about replacing it. Nothing short of a week battery will satisfy me - sleep tracking is occasionally useful no matter how much the Apple watch users say its not.

Fire chief says Verizon throttled department's data in the middle of massive Cali wildfires

Nick Stallman

Re: What do you expect?

To be fair, they did get an unlimited plan.

Kinda says in the name of the plan what the data limit should be. Unlimited.

Bitcoin backer sues AT&T for $240m over stolen cryptocurrency

Nick Stallman

All that assumes that the underpaid staff at the stores with essentially root access follow that elaborate secure procedure.

How staff in stores can override a procedure like that I'll never know. It should be automated for them and if the user can't verify themselves then it should be escalated to a special department with tighter controls.

Insecure web still too prevalent: Boffins unveil HSTS wall of shame

Nick Stallman

Re: Fearmongering, Uncertainty and Doubt

The argument about government CAs isn't a good one.

You can always verify who issued a particular certificate, so if you went to Google.com and you noticed their SSL certificate was issued by a Chinese CA it would be blatantly obvious.

For most potential targets various monitoring would pick it up so manually verifying it each certificates CA isn't needed - it'll be noticed by others.

Visa fingers 'very rare' data centre switch glitch for payment meltdown

Nick Stallman

Partial failures like that typically mean the connection can no longer reliably carry traffic, but it still thinks the link is online so it never enacts the fail over procedure.

So no prior failure is required, just the monitoring being told that something is up when it's actually down.

These extremely rare failures actually happen all the time. Earlier this year servers I manage were also knocked offline by a partial failure which prevented automatic fail over.

nbn™ CEO didn't mean to offend gamers, just brand them unwelcome bandwidth-hogs

Nick Stallman

Re: toing the party line

FTTP can (and does) still have congestion at many different points.

Firstly it's using GPON with a fibre running at 2.488gbps shared between up to 32 houses. If those 32 had 100mbit plans and decided to use them at the same time then you have a (small) problem.

Then you have POI congestion where the ISP doesn't buy enough bandwidth. This happens all the time and affects FTTP and FTTN equally.

And then you have ISP congestion from the cheap ISP's with garbage internal networks.

Fixed wireless has a fairly fixed max total speed per tower however and its shared with a lot more people so it's most susceptible after satellite.

Linus Torvalds decides world isn’t ready for Linux 5.0

Nick Stallman

Re: Two scroll wheels?

Holy cow I had completely forgotten about those. I actually had one in the late 90s with the second scroll wheel allowing you to scroll left and right.

I had totally forgotten about it until now!

TSB meltdown latest: Facepalming reaches critical mass as Brits get strangers' bank letters

Nick Stallman

Error the ACCC has no jurisdiction over financial services.

Or do you mean ASIC who handles that entire industry?

US Congress quietly slips cloud-spying powers into page 2,201 of spending mega-bill

Nick Stallman

Re: I can't see what the problem is..

No for the obvious fact that the US doesn't have jurisdiction where the data is.

It's like some evidence being over state lines, state police can't give someone permission to go across the border to go get it - they have to ask properly.

23,000 HTTPS certs will be axed in next 24 hours after private keys leak

Nick Stallman

Of course you automate it. You'd have to be crazy not to!

Every certificate I deal with (thousands) is fully automated these days except for specialty types like wildcard and I have them partially automated.

Anyone manually mucking around with certificates in this day and age either doesn't have many, has some very pedantic requirements or doesn't know any better.

Open source nameserver used by millions needs patching

Nick Stallman

Err yeah I think this article is confusing the perils of dns and bgp. The possible outcomes really are more to do with bgp which powerdns has nothing to do with.

NetBSD, OpenBSD improve kernel security, randomly

Nick Stallman

I think the point is typically everyone's computer would put it in the exact same location making attacks against multiple computers trivial.

A buffer overrun or similar attack with ASLR means each computer is different from each other, so when attacking you have to first find your target addresses which makes it a lot harder.

It's not about having code jumping around constantly on a single PC.

Google routing blunder sent Japan's Internet dark on Friday

Nick Stallman

But it doesn't have to go there. There are multiple routes via multiple providers.

Prior to Google's announcement, a Japanese ISP already had one or more routes to each destination. The new 'shorter' Google route got added in addition to the already existing ones.

With some sort of monitoring you could detect that routes via the new announcement are failing, then revert back to the longer pre-existing routes.

Sweden leaked every car owners' details last year, then tried to hush it up

Nick Stallman

Re: "I blanda'd up"

Free credit monitoring? For the people in the witness protection program?

I'm sure they'll love that. They'd probably prefer free life insurance with a obscene payout.

WannaCrypt blamed for speed camera reboot frenzy in Australia

Nick Stallman

Typo

"WannaCrypt blamed for speed camera re-boot frenzy, despite lack of ransom debands"

No debands eh? :P

Google turns on free public NTP servers that SMEAR TIME

Nick Stallman

Re: Smearing

So did everyone else, then everything crashed when the same second happened again and some really weird things clashed.

Linux letting go: 32-bit builds on the way out

Nick Stallman

Re: think about tablets

4gig tablets will very much gain benefit from 64bits - 32bits can not ever use all of 4gigs of memory.

Try it. Approx 0.5gig will magically vanish when you load a 32bit OS on a computer with 4gigs of ram.

Remember the bits are used for address space, RAM isn't the only thing in the address space.

Your graphics card's ram is automatically subtracted from the 4gig of RAM, plus various IO things take their share as well.

32bit address space doesn't equal 4gig of RAM.

Telstra costed fibre to the premises before it was Telstra

Nick Stallman
FAIL

Great but...

Great but FTTP != HFC. Hybrid fibre-coaxial uses copper as the upstream in a shared medium.

It sits between FTTN and FTTP.

SCREW YOU, FEDS! Dozen or more US libraries line up to run Tor exit nodes

Nick Stallman

Re: The numbers game.

As of a few months ago, 0 libraries were looking at Tor exit nodes.

Now there are 16. That's a whopping infinite % increase! (16 / 0 = NaN = Infinity)

Numbers work both ways.

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

Nick Stallman

Re: This is the kind of thing that keeps me up at night

Did you miss the bit where they did contact him? Extremely quickly?

And did you miss the IAM section which lets you specify very fine grained controls over your access keys?

So....everything is fine then? You can sleep now.

Confusion reigns as Bundestag malware clean-up staggers on

Nick Stallman

Re: Unlikely

They've done it with md5 SSL certificates.

The trick is you make your back door then add a bunch of random data in a field that isn't parsed like a comment field. Brute force the random data with some tricky mathematics such that back-door + random data matches the original md5.

Tesla's battery put in the shade by current and cheaper kit

Nick Stallman

Re: Back of an envelope calculations

And if you go for some nice deep cycle car or truck batteries instead of the much smaller UPS batteries you absolutely phenomenal capacity.

A lead acid battery rated at 300 amps (not continuous) equates to 3.6kW for a single battery. And at lower power levels you'd get incredible duration.

I've got a small car battery dedicated to a 1.5kW inverter for emergencies. A friend had a black out a couple of weeks ago and it kept their TV and Playstation going for about a day before they got power back. The voltage afterwards was still 12.5v which is roughly 50%.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021