Posts by -tim

Wait for the short term SSL certs for real control

The number of organizations issuing TLS/SSL certs is decreasing and once the 47 day requirement hits, there isn't much of a business model left for most of that industry. That means the number of groups that can control who has a valid web site goes way down. Right now there are about 500 top level domains so it is trivial to hop from example.com to exmaple.somethingelse but there are less than 70 organizations that can issue a valid SSL certificate and about half of those are country specific.

It seems easy enough to turn on

I run my own dns servers and I tell bind to sign the domain. About a day later, the name reseller has picked up the signed data, I click a box and DNSSEC is on. Seems easy enough.

3d mixed with 2d look?

Wouldn't it look better if they used the 3d look red, yellow and green window control buttons from Mac OS X 10?

Fees going up?

If he thinks the members will put up with fees going, I'm sure there is a spot in the unemployment line he can take.

His definition of "internet" could be insulting to the ones who made it happen. It was supposed to about being multi-homed and not telco lock in. Today there are only about 30,000 address ranges in the entire wold that meet that requirement and most of them are ISPs based on my BGP route paths which includes 972,000 v4 and 207,000 v6 advertised routes.

The fees are already way too high by a significant factor and once the v4 numbers run out, there is almost no need for them at all.

IPv6 assignments should be 3${country_code}:${company id in hex}::/56 with reverse dns at ::53. Then there is zero benefit for their existence and no need to pay some of the salaries APNIC pay. Plus a company could take its allocation to a different ISP or even use several providers at once.

Secure against mother nature?

So what happens when your entire country is off the net for 10 days? It has happened to Tonga and boats try to cut subsea cables frequently.

Has anyone ever seen an actual example of the shorter certs solving a security problem or is it just wisdom handed down by the church of BOFH for ulterior motives?

Fans?

There is nothing wrong with the fans going crazy in a flight simulator assuming they adjust based on the throttle setting. Can they get them to have a proper audio beat for the proper black helicopter experience?

I had a Sun T1000 that would be quite nice right behind me while flying a jet fighter simulator.

The ransom isn't that much of a burden

The amount of the ransom tends to match the CEOs compensation for a year most of the time. Many companies don't seem to have a problem with that level of expense so it will continue.

Evidence?

Where is the evidence that these shorter cert lifetimes are more secure? We have seen that opening up DNS servers for ACME has resulted in abuse. We have seen many poor implementations of automatically refreshing certs adding security holes. Yet I have yet to see a single case where a shorter lifetime on a cert would have stopped a problem.

It has been pining for the fjords for a while

Several years ago I submitted a few major bugs that were ignored by the vendor. They weren't even going to help.

That bug would take full control of a system by visiting a web page and I had a demo. Some of its was reported years later.

The database needs to be split into Major products and Minor products as well. The crying wolf over the recent cups printing system is an example of something that should not be in the same database as something where every system must be updated at once like a nasty Windows issue. We hear about bad Apache issues all the time but they don't involve the web httpd server which has a million times more installs than any of the Apache Foundation projects. It would make my daily security news scans much simpler if they would stop adopting stray dogs from the Java flea circus or change that name.

Time to finish a beer?

Can you program them to factor in the walking time to the station? That would be a very useful feature particularly in some pubs.

Far less power can be useful

There is market for something like the PC Engines APU series that has things like ECC ram and very low power yet can run this years OS. That is a very useful form factor for plenty of appliance loads that can't be virtualized. There are plenty of those that are used for routers and industrial control units where ECC is important. If you didn't notice an ECC correction from the solar storm 2 weeks ago, you weren't paying attention or your hardware is faulty. PC Engines stoped making the APU due to a combination of lack of long term low end AMD chips, lack of support from AMD and problems getting the ethernet chips. Now there are thousands of us wondering what to buy next.

So another CEO that doesn't talk to customers?

We aren't moving to their cloud solution at all. I know of several others who refuse to move as well.

We have too much sensitive data their track record says they can not properly protect.

Thank you for all the birthday greetings

Long ago in the before times, I set up a facebook account. They insisted on a birthday but I didn't trust them so I used the 29th on an odd year.

/beer for all the facebook friends who forgot the important part

but, but, but it is all fine!

But they are so good!!!!

We have the option of using our in house or their cloud stuff. They don't know security.

Hell, I caused one of their top unicorn programmers to have a meltdown on a train after some hard questioning.

I lock their stuff back behind way too much such while I'm trying to get the boss (and stockholder of Atlasicrap) to get something else.

Apple won't follow their own stnadards

When Apple introduced MacOS 13 Ventura, they added a feature for right click to cut an object out of a picture effectively removing the background of an image. The problem is this takes a while and then the right click menu gets another item added at the bottom. If the screen is set up for people with poor eyesight, the menu will jump up just as a menu item is selected. That feature is often used for "Open image in new window" followed by zooming to be able to see the image properly.

That new "Copy Subject" feature needs to have a way to disable it. It wastes power as it runs the GPUs full speed and some of us never want to use it. Adding the extra menu option after a few seconds goes against apples own design guidelines and the option should be grayed out until it decides if it will work or not. Apples own page on the feature says "it might take a few seconds for Copy Subject to appear." Meanwhile it is burning through battery power for a feature is mostly used for creating copyright violating memes.

Other runtimes?

Will third-party Java runtimes get around this issue? I thought the Oracle license claimed full ownership of Java in all forms and you owed the license even if it wasn't their runtime being used. This ended up in court with Google's Android API but I don't think that settled the issue if the company signed the small print contract with Oracle.

Air-gap?

That term has changed meaning over the last few years. It used to mean there would be absolutely no path to the net at all from an air-gapped system. Now it seems to mean somewhat locked down.

Indentured class workers please?

I've been approached hundreds of times to go work in the US and many times with the recruiter pointing out they will help me get the H-1B visa. Their interest wanes when they find out I don't need a visa to work in the USA.

/Mines the coat with two passports

Top level corp domains were always a bad idea

Already fixed here:

$ host www.cloud.microsoft

Host www.cloud.microsoft not found: 3(NXDOMAIN)

I add top level domains when I have a need because almost all the common ones are full of scammers.

So someone else forgot the first rule of data centers

Water will get into your data center. If there isn't a plan to get rid of it, it will do damage and Murphy's laws says the water will find the place to do the most damage.

Wasn't this solved decades ago?

There have been hacks to the timezone files used by Unix/Linux/OSx to adjust for moon time and solar noon time.

One odd advantage of the leap second is that now some programmers understand that the concept of time in computers isn't quite as easy as it first appears.

How about an error message?

Perhaps it is time that the boot process produce a warning for systems that don't support ECC.

I've noticed that old systems that properly report ECC errors tend to do so around the time of unusual solar activity.