Posts by Nick Stallman

Re: Who, me?

Cloudflare has always been excellent for their write ups of their issues.

Check their blog in 24 hours time.

Re: So...

Your SLA has all the details. You do have a SLA right? If it's that important to you, of course you got a SLA?

And yes, I do indeed have a Cloudflare SLA.

Re: Certificate pinning + DNSSEC

No CA should ever have your keys. You keep your key and they just sign the public side of it.

If the CA has your keys then you are doing it wrong.

Re: Why is the nationality important?

Yeah everyone knows that only the US is allowed to meddle in free and open elections in the US.

And only the US is allowed to meddle in elections in other countries around the world.

Re: Brilliant concept!

Barcode scanners actually typically appear as keyboards. They scan the number or text in a range of different supported formats and just type it in and hit enter at the end of the barcode automatically.

Zero drivers, zero fuss. They are awesome things.

Re: "not all victims would get the same treatment"

Is a bank an innocent victim if they leave their vault open and unguarded for the public to stroll through?

Or would that be criminal negligence?

I don't understand why governments, hospitals and so on are all the victims when this stuff happens when it was preventable.

In this case it's obvious that layers upon layers of negligence were involved - the bank vault was left open.

For format independent recovery records just use par2. It lets you add recovery information as separate files for any kind of data type.

Re: The issue with V6 is... NAT

If you are big enough to require static internal ips in such quantity that this might be a genuine headache, you know you can just get your own IPv6 block and own it entirely regardless of what ISP you have

I hear IPv6 blocks are quite plentiful and easy to get.

(Yes I am a ip block owner and have put time in to ensuring everything is dual stack)

Re: Email forwarding for Gmail users

Fixing the forwarding issue is exactly why ARC exists. It's like DMARC but is dedicated to forwarded emails.

Re: If you think software is unreliable now...

Err have you actually used Copilot?

The whole thing about using ChatGPT to write code is clearly silly, however Copilot isn't that.

With a couple of weeks of Copilot under my belt, I find it not bad at doing boiler plate code.

E.g. if I bring a new variable in from user input, it will do a nice block of sanitization checks for you and throw a context aware error. About half the time I use that block as-is with no modifications.

It helps with comments and doctypes as well mostly intelligently.

All the time-consuming stuff. I'm still definately writing my code.

Re: too bad

The article missed any mention of AVIF. Why add another format when an existing format already in all current browsers is better?

Dropping it makes perfect sense. No mystery here.

Re: Wouldn't it be easier to...

Don't worry, I'm sure they are already on to that one too.

Re: Shut it down when the money runs out?

As a full time PHP developer, I challenge you to name that mythical language that fills the purposes that PHP fulfills.

Also since a lot of people want to dabble with websites and use PHP to do so, and often make bad code, there's nothing to stop them from making bad code in another language.

Wishing PHP to die off is like shooting the messenger - there's nothing inherently wrong with modern PHP as a language.

Re: Easy Alternative

I'm not a fan of HP but I'll always get their printers. Clearly some devs over there are Linux guys because their Linux drivers are top notch even with fun features like network scanning.

The real kicker is I think the fully featured Linux driver download is about 8mb. The Windows driver was 350mb.

Does it actually matter? When the pricing is cheaper than most of S3 tiers?

Maybe not the best for long term archival but it's looking pretty good for virtually everything else.

Also the buckets I look after cost four figures a month, and the largest costs are not storage. Amazon hits you with a ton of other fees which Cloudflare are eliminating.

Re: Huge markup

Cloudflare doesn't bother to charge for bandwidth - that's how cheap bandwidth has gotten these days.

I serve around 35TB through Cloudflare each month. AWS costs thousands for that, and our dedicated server provider just hundreds.

Re: Hardware dongles?

Trying to find a phone today that can't do NFC would be quite difficult. Not impossible but very difficult.

Remember this is to make captchas easier, not be the only option. As I already have a yubikey I look forward to using it instead of clicking on traffic lights.

And no bits can't fake it as per the original article. Cloudflare uses the fact that the original device manufacturer of the keys signs the keys in batches of 100,000 and Cloudflare has a whitelisf of vendors. A bit could emulate the security key in general but won't be signed by a reputable manufacturer of security keys and thus will be rejected.

Re: Huawei will this end?

"But explain how most large companies have had policies in place long before Trump became president that require the use of disposable tech for visits to China."

Dunno about you but I'd most certainly do the same if I ever flew to the US.

Re: Screw Australia's clumsy attempt....

Is it really Facebook re-using content, when the news organisations happily and freely post it themselves?

They are asking for a platform to share their news on, then are demanding cash for them doing it.

And now they are moaning about the platform they don't pay for being taken away from them.

Re: Organic?

Which makes organic water completely false advertising.

Or disgusting.

Re: FFS patching is a sysadmins life get on with it.

Patching on Linux is at least simple - no reboots.

It's amazing that Microsoft hasn't figured out how to avoid regular reboots by now. Any Windows admin boasting of high uptime is admitting his servers are insecure. My production Linux servers all have over a year uptime generally (last reboot was datacentre maintenance related).

Re: free to anyone with a Google account

To be fair, the paid version which I've used for a couple of years now does not require participants to have a login and offers phone dial in mechanisms as well.

It's one of those actually quite well implemented products which no one really knows about.

Zero software to install unlike Microsoft Teams which repeatedly asks you if you wouldn't much prefer their app or Zoom who forces you to use an app.

I came here to mention this too.

The reason why BGP is involved is likely Cloudflare removing their contributing servers from the F root entirely.

This probably took time because they were hoping to just fix the code instead of disabling all their F root servers, but they couldn't do it fast enough so they pulled the plug.

Without Cloudflare F root servers in the pool, all the other F servers would pick up the slack which never had any issues.

Re: tat bazaar

They sell more than phones you know. Quite a *lot* more than phones. That's what is being referred to.

Re: VMware

We've got a decent sized Vmware cluster for our prodution workloads. 3 nodes, 96 cpus 576gig ram. Currently looking to expand this significant actually.

A lot of our stuff is Foss, and Vmware is running around 30 Ubuntu VMs. I have to pick and choose where we spend time tinkering however - I can tinker with our outbound mail server or a specific database but the entire platform the company runs on? I'm not prepared to (and don't have the time) to tinker there. Easier just to pay for it since its mission critical (and we have a provider who supports it too as needed).

Incidentally it still comes out way cheaper than AWS even with the Vmware licence fees.

Re: If it’s part of the WiFi standard then it should be covered by FRAND terms

$1b sounds a lot more FRAND than $0.

Since they got caught paying $0 that doesn't mean they get the FRAND rates for all their past infringement. Otherwise no one would bother paying at all until they got caught and sued.

Re: While they sit in their seats

I'm confused? So if we can reduce our consumption while holding on to modern life, is flying comparable to clubbing baby seals or not?

Re: I don't like to judge people based on their appearance...

No but putting tracking the movement of fellow workers and automating checks on their calendars is creepy as all hell and certainly not "do no evil". They can disagree with some of those projects without actively spying on individual people working on them.

Sounds like they got too cocky thinking they were untouchable and that no one would notice what they were doing.

Re: Unique Usernames

Interestingly it seems that O365 does not support plus addresses which can be quite annoying.

Re: Is that to compensate for the DDOS page

Yes, but no. Its progressive jpeg but for multiple progressive jpegs at once.

Having 10 progressive jpegs on your site isn't much use if the first one has to load fully before the next one starts.

Cloudflare"s technique allows all 10 to progressively load at the same time.

Re: Taste test?

Nonsense. Of course professional law enforcement taste strange white powders they find.

https://www.abc.net.au/news/2018-05-21/parliament-white-powder-mystery-deepens-with-claims-footage-gone/9781330

Re: Why is all this data being retained?

Because terrorists!

Re: The Microsoft Curse?

Nah its probably not Microsoft fault.

It was an issue with their mysql cluster. So I say it was Oracle putting a knife in Microsoft back when they weren't expecting it. :p

Re: Why the hell

Check out Phabricator. It's the closest thing yet I've seen.

Re: 2-week battery life

Another happy Pebble user here too. Pebble Time, little scuffed and the battery isn't quite a week anymore but it's fantastic.

This is the first watch that makes me think about replacing it. Nothing short of a week battery will satisfy me - sleep tracking is occasionally useful no matter how much the Apple watch users say its not.

Re: What do you expect?

To be fair, they did get an unlimited plan.

Kinda says in the name of the plan what the data limit should be. Unlimited.

All that assumes that the underpaid staff at the stores with essentially root access follow that elaborate secure procedure.

How staff in stores can override a procedure like that I'll never know. It should be automated for them and if the user can't verify themselves then it should be escalated to a special department with tighter controls.

Re: Fearmongering, Uncertainty and Doubt

The argument about government CAs isn't a good one.

You can always verify who issued a particular certificate, so if you went to Google.com and you noticed their SSL certificate was issued by a Chinese CA it would be blatantly obvious.

For most potential targets various monitoring would pick it up so manually verifying it each certificates CA isn't needed - it'll be noticed by others.