Posts by -tim

Fees going up?

If he thinks the members will put up with fees going, I'm sure there is a spot in the unemployment line he can take.

His definition of "internet" could be insulting to the ones who made it happen. It was supposed to about being multi-homed and not telco lock in. Today there are only about 30,000 address ranges in the entire wold that meet that requirement and most of them are ISPs based on my BGP route paths which includes 972,000 v4 and 207,000 v6 advertised routes.

The fees are already way too high by a significant factor and once the v4 numbers run out, there is almost no need for them at all.

IPv6 assignments should be 3${country_code}:${company id in hex}::/56 with reverse dns at ::53. Then there is zero benefit for their existence and no need to pay some of the salaries APNIC pay. Plus a company could take its allocation to a different ISP or even use several providers at once.

Secure against mother nature?

So what happens when your entire country is off the net for 10 days? It has happened to Tonga and boats try to cut subsea cables frequently.

Has anyone ever seen an actual example of the shorter certs solving a security problem or is it just wisdom handed down by the church of BOFH for ulterior motives?

Fans?

There is nothing wrong with the fans going crazy in a flight simulator assuming they adjust based on the throttle setting. Can they get them to have a proper audio beat for the proper black helicopter experience?

I had a Sun T1000 that would be quite nice right behind me while flying a jet fighter simulator.

The ransom isn't that much of a burden

The amount of the ransom tends to match the CEOs compensation for a year most of the time. Many companies don't seem to have a problem with that level of expense so it will continue.

Evidence?

Where is the evidence that these shorter cert lifetimes are more secure? We have seen that opening up DNS servers for ACME has resulted in abuse. We have seen many poor implementations of automatically refreshing certs adding security holes. Yet I have yet to see a single case where a shorter lifetime on a cert would have stopped a problem.

It has been pining for the fjords for a while

Several years ago I submitted a few major bugs that were ignored by the vendor. They weren't even going to help.

That bug would take full control of a system by visiting a web page and I had a demo. Some of its was reported years later.

The database needs to be split into Major products and Minor products as well. The crying wolf over the recent cups printing system is an example of something that should not be in the same database as something where every system must be updated at once like a nasty Windows issue. We hear about bad Apache issues all the time but they don't involve the web httpd server which has a million times more installs than any of the Apache Foundation projects. It would make my daily security news scans much simpler if they would stop adopting stray dogs from the Java flea circus or change that name.

Time to finish a beer?

Can you program them to factor in the walking time to the station? That would be a very useful feature particularly in some pubs.

Far less power can be useful

There is market for something like the PC Engines APU series that has things like ECC ram and very low power yet can run this years OS. That is a very useful form factor for plenty of appliance loads that can't be virtualized. There are plenty of those that are used for routers and industrial control units where ECC is important. If you didn't notice an ECC correction from the solar storm 2 weeks ago, you weren't paying attention or your hardware is faulty. PC Engines stoped making the APU due to a combination of lack of long term low end AMD chips, lack of support from AMD and problems getting the ethernet chips. Now there are thousands of us wondering what to buy next.

So another CEO that doesn't talk to customers?

We aren't moving to their cloud solution at all. I know of several others who refuse to move as well.

We have too much sensitive data their track record says they can not properly protect.

Thank you for all the birthday greetings

Long ago in the before times, I set up a facebook account. They insisted on a birthday but I didn't trust them so I used the 29th on an odd year.

/beer for all the facebook friends who forgot the important part

but, but, but it is all fine!

But they are so good!!!!

We have the option of using our in house or their cloud stuff. They don't know security.

Hell, I caused one of their top unicorn programmers to have a meltdown on a train after some hard questioning.

I lock their stuff back behind way too much such while I'm trying to get the boss (and stockholder of Atlasicrap) to get something else.

Apple won't follow their own stnadards

When Apple introduced MacOS 13 Ventura, they added a feature for right click to cut an object out of a picture effectively removing the background of an image. The problem is this takes a while and then the right click menu gets another item added at the bottom. If the screen is set up for people with poor eyesight, the menu will jump up just as a menu item is selected. That feature is often used for "Open image in new window" followed by zooming to be able to see the image properly.

That new "Copy Subject" feature needs to have a way to disable it. It wastes power as it runs the GPUs full speed and some of us never want to use it. Adding the extra menu option after a few seconds goes against apples own design guidelines and the option should be grayed out until it decides if it will work or not. Apples own page on the feature says "it might take a few seconds for Copy Subject to appear." Meanwhile it is burning through battery power for a feature is mostly used for creating copyright violating memes.

Other runtimes?

Will third-party Java runtimes get around this issue? I thought the Oracle license claimed full ownership of Java in all forms and you owed the license even if it wasn't their runtime being used. This ended up in court with Google's Android API but I don't think that settled the issue if the company signed the small print contract with Oracle.

Air-gap?

That term has changed meaning over the last few years. It used to mean there would be absolutely no path to the net at all from an air-gapped system. Now it seems to mean somewhat locked down.

Indentured class workers please?

I've been approached hundreds of times to go work in the US and many times with the recruiter pointing out they will help me get the H-1B visa. Their interest wanes when they find out I don't need a visa to work in the USA.

/Mines the coat with two passports

Top level corp domains were always a bad idea

Already fixed here:

$ host www.cloud.microsoft

Host www.cloud.microsoft not found: 3(NXDOMAIN)

I add top level domains when I have a need because almost all the common ones are full of scammers.

So someone else forgot the first rule of data centers

Water will get into your data center. If there isn't a plan to get rid of it, it will do damage and Murphy's laws says the water will find the place to do the most damage.

Wasn't this solved decades ago?

There have been hacks to the timezone files used by Unix/Linux/OSx to adjust for moon time and solar noon time.

One odd advantage of the leap second is that now some programmers understand that the concept of time in computers isn't quite as easy as it first appears.

How about an error message?

Perhaps it is time that the boot process produce a warning for systems that don't support ECC.

I've noticed that old systems that properly report ECC errors tend to do so around the time of unusual solar activity.

The real Perl problem: lack of new developers

Our problem with Perl is lack of new programmers. Our business runs a bit of Perl and it is the most profitable per line of code by a huge margin but new coders haven't even looked at Perl.

As far as backward compatibility goes, recent version of Perl 5 have broken more things that any other version change I can remember and I have scripts that started out with version 3.

Whos DIMMs?

Does Cisco even make DIMMs as they seem like a part that should be outsourced. If that is the case, who make them and what else are they in?

Reliable systems with large memory need to have ECC. There is no excuse not to have it in. While rare, on our systems that properly record ECC corrections, it is interesting they happen on different systems at about the same time.

11.4 on what hardware?

11.4 won't run on anything we owned so it was off to FreeBSD for us. 11.3 had finally fixed the security issues I didn't like from 10 and ZFS was a game changer. Oddly enough there were still patches to Solaris 9 hiding on the solaris 10 container stuff the last time I checked a bit over a year ago. That still runs on SPARCstation 20 from 1994. That means you could have a nearly 30 year old computer that meets security compliance regulations if you could keep your applications patched.

We deracked a V100 last week. The thing was older some of our staff. It was removed because one of its original disks was going bad and we were pulling out a bunch of far newer systems. We still have one X1 in our internal R&D DNS cluster and will remain there until it fails which might be a while since it has flash IDE disk emulator.

I've got a tadpole Sparckbook 2 from 1993 that still works except for some of the keys are a bit of a problem.

Options?

It is amazing how much of Atlassian's stuff can be replaced in a single weekend by two coders with a private usenet server, git, some perl template toolkit web pages, markup to html scripts, and a html friendly newsreader.

What exactly does Zero Trust mean?

The term is already being perverted in the industry. Places want to do Single Sign On and Zero Trust to be fully buzzword compliant.

Another meaningless term now is "Air Gapped." Apparently acceptable use somehow now means firewalled with all inbound connections disabled to the specific host rather than the "No network at all" like it used to mean. I've seen the term used to describe a host on a typical office LAN where other hosts have inbound traffic allowed.

Only some are patched

More than 5% of the macs that hit my web sites are versions that are old enough that they will never be patched and they cluster around the last supported versions for hardware that appears to be fully functional except for their stock browser is full of holes. A team of 5 people in apple could keep these older machines running securely. Apple hardware seems to keep getting handed down to others when new machines are bought. We still see PPC based macs. Most countries have laws that require major appliances to be supported for at least a decade and it is time those laws were enforced with the vastly more expensive computers particularly with the total lack of hardship it would cause Apple.