Posts by fronty 40 publicly visible posts • joined 29 Jan 2008
One of my customers was spending £40m per year on cloud hosting costs, they have now decided to "repatriate" as much as possible, they reckon they can host much of it themselves for significantly less and have built their own private cloud environment based on vSphere and NSX. However, moving to cloud did mean they were able to empty one of their data centres and sell off the land, they are now using Equinix to host their network kit and a couple rented data centres for all the server workloads.
Happens to me too, I get all the statements for some Birmingham residents' Virgin Broadband account. We don't have Virgin where we live. I did use their online chat facility to talk to someone to try and get my email address removed but it didn't work. I even reset the password and logged into his account, unfortunately there was no cancel option! :-(
I started as a point in FidoNet then signed up for the tenner a month deal with Demon. I was fronty.demon.co.uk and I had a mate who was freshair.demon.co.uk, we both used to run Slackware and I remember telnet'ing into his box and shutting it down whilst he was using it (I knew his root password) hoho simple things, simple pleasures.
I had a dump of the demon.co.uk DNS domain at one point, managed to do a zone transfer from one of their DNS servers and used to use it for performance testing with dnsperf. Made interesting reading in a nerdy kind of way.
I remember going to the Which computer show at the NEC and people were showing off this thing called the world-wide web with NCSA Mosaic! Wow it blew me away.... you could have pictures? Wow!
Eventually I installed Windows 3.1 with trumpet winsock and Netscape. For porn I used to trawl the newsgroups and use FreeAgent to join the binary posts together and decode the images, so much easier than trying to mime/uudecode the posts my hand! lol Oh the joy of waiting minutes just to download some grot at 2400 baud. Then the joy experienced from upgrading to 14.4K, then 28.8K and finally 56K - what a delight, I still have those modem noises ringing around in my head.
Ah they were the days... :-)
They already are, Firefox has added it's own resolver so they can support DoH (DNS over HTTPS), Chrome also has it's own resolver (albeit it uses the DNS servers set by the O/S) apparently with support for DoH (but not enabled yet) - it's only a matter of time before they enable it and start sending all queries to 8.8.8.8.
DoH is an absolute minefield, because now the browsers are controlling where your DNS traffic goes. Firefox has decided to use Cloudflare by default, you can change it but then you'll have to start managing browser configs. This is the thin end of a very fat wedge, imagine if every application decided to send DNS queries to it's own "preferred" DNS service? How do you manage all this? And DoH queries can be embedded "inside" normal HTML, so how do you block it?
I belong to that great generation of 80's home computer nerds, there are thousands of us working in IT today and we are now middle aged, many of us have mortgages, wives, kids... basically I think we have all moved on and really just don't care anymore, there's more important things to worry about. I still see people get riled up about Windows vs Mac etc., but now I just walk away, I have better things to spend my energy on.
I just can't be arsed any more.
I run DNS training courses and have been warning about this type of attack for years, I am surprised it has taken so long for a big attack such as this to come to the fore, unfortunately due to all the publicity, I can't help thinking we will see many of these types of attacks from now on, DNSSEC makes it so much easier to achieve due to the quantity of data now present in signed zones, example here...
http://www.callevanetworks.com/the-biggest-ddos-attack-in-history-all-due-to-dns
Paul
Calleva Networks
We produce our own software, we have just certified our latest release against FF9. Now FF10 is out, I can't redo all our certification. How are we supposed to keep up? How are corporates supposed to keep up?
Stop incrementing the major version number as it causes us and our customers an application certification nightmare!
People say that DNSSEC is the answer but it's too unwieldy. Have you seen the size of the response packets? You could use DNSSEC to invoke a DNS amplification attack and DDoS your target with a mass of DNSSEC replies. I'm not sure it is the complete answer, we almost need to have a completely new way of achieving DNS type functionality, but without using the DNS protocol.
This is going to be a nightmare for corporates who want to protect their brand name. For instance, Cisco have registered in just about every TLD going, but if new TLD's are popping up all over the place they will have to be extremely vigilant so that some miscreant doesn't appropriate their brand name for their own nefarious uses.
Multiply this by the number of large corporates who will want to protect their brand name and you have a huge money making opportunity here.
Do we really need this? I dunno, I reckon the amount of phishing going on will increase dramatically, especially when you combine IDN's with it all too. It's going to get in a right old mess.
Must admit, the first thing I did when I got my T60p was de-install active shock protection and most of the other junk that was pre-loaded. Does that APS stuff actuall "do" anything? Call me a bit sceptical but I mean if I drop my lappy, what good is that stuff going to do? Also I couldn't believe how much memory was being used up by all the "value-added" software Lenovo installed on it.
Two of my buddies here are running Ubuntu on theirs, I'm running XP but I do find hard disk access seems a bit slow despite having a 7200rpm drive. It takes ages to boot. :-(
But I really miss the 1600x1200 display on my 4 year old Dell C-series laptop. This T60p has a 1680x1050 which can be really annoying at times as I got so used to the 1200 vertical res on my Dell. Why oh why don't manufacturers do a 1600x1200 screen anymore? You can't seem to get them anywhere now.
I think if Toshiba and whoever else really wanted to get HD-DVD out there they should have done a deal with Microsoft at the start to ship the Xbox 360 with an HD-DVD player, or at least got them to include it in one of the later models like the Elite. I don't know anyone who would pay 120 quid for an add-on player for the 360, but if it was built into the console from the start it would have been a no-brainer.
Seems like a missed opportunity to me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
