RIM/Blackberry bent over for India's previous job. Why would they not again?
Posts by -v(o.o)v-
185 publicly visible posts • joined 17 Oct 2013
India to cripple its tech sector with proposed encryption crackdown
IETF doc proposes fix to stop descent into data centre 'address hell'
Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin
Congratulations! You survived the leap secondocalypse
Cisco in single SSH key security stuff-up
Secure web? That'll cost you, thanks to Mozilla's HTTPS plan
What the BLEEP? BitTorrent's secure messaging app arrives
HGST says its NVMe flash card will manage 750,000 IOPS
Troubleshooting feature on Cisco routers is open to data-slurp abuse
Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe
Hawk like an Egyptian: Google is HOPPING MAD over fake SSL certs
Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers
Re: domain controller is restarted
You can argue on semantics (and downvote) but each of the FSMO roles can run on only one DC per forest/domain (some are per forest some per domain) as you clearly know.
My reply was about the "only one DC" which clearly was not true in the case of Ops Masters. Of course they should be transferred out before boot but the OP did not mention it.
Demon Internet goes TITSUP: Outage borks ancient ISP
That 8TB Seagate MONSTER? It's HERE... (You'll have to squint, 'cos there are no specs)
Look, no client! Not quite: the long road to a webbified Vim
Time to ditch HTTP – govt malware injection kit thrust into spotlight
DANE is the solution
In my opinion DANE/TLSA records in DNSSEC signed zones would be the answer.
Self-sign the cert but put cert thumbprint in DNS - browser verifies the cert from HTTPS matches what is in TLSA. Would also work against dodgy CAs and loading own CA-certs as is done by enterprises using SSL decryption systems.
Uptake of this has been glacially slow. I do wonder why......
The internet just BROKE under its own weight – we explain how
Canadian ISP Shaw falls over with 'routing' sickness
Indie ISP to Netflix: Give it a rest about 'net neutrality' – and get your checkbook out
Re: That's rather interesting
Ok, I'll try. I work at a very small ISP around the world but try to follow what is happening in the West.
Big problems with the U.S. Netflix situation are geographical and "telco-political" (yeah I made that up, deal with it). Very large country, largely sparsely populated where these micro/nano-ISPs (often wireless/WISP) provide only viable service that could described as "approaching broadband". Other option would be the incumbent and bad DSL over bad copper, often at ridiculous prices. To someone not from US it may seem unbelievable that even in middle of urban area, say Silicon Valley, there might be only one provider who can service you with residential fibre or high-speed cable.
The other issue is importance of private peering over Internet Exchanges. In Europe large amount of interconnection between providers is done at IXPs. At US there are very few IXPs and providers have their own private peering arrangements. Add to this the geographical/competetive situation and politics of peering by the big (at least a local monopoly really) players and what is left is the 1000 mile dark fibre from the rural WISP to Netflix.
FRIKKIN' LASERS could REPLACE fibre-optic comms cables
Re: Actually light doesn't "bounce off" the edges of a fibre optic cable....
Multi-mode fibre does "bounce" the light around whereas single mode fibre acts as you had described. MMF is still widely used in data centres (with SR optics) though many people has realized that for green-field it makes sense to go all-SMF (LR equivalent optics on-premises and shorter distances outside; ER, ZR etc. for long-haul).
Apple gets patent for WRIST-PUTER: iTime for a smartwatch
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Re: Are you implying...
It should be noted that Link aggregation (LAG, Portchannel, etc.) does not usually increase speed between two hosts because the decision on which bundle member is used is usually based on hash of L3 (IP) or L2 (MAC, not good in routed network) addresses of the peers. So it would generally be beneficial only when multiple clients are transferring data at the same time. And of course for redundancy.
You did not say you expect this but I see often the misconception that a single client would get faster speed with a LAG so I wanted to make it clear.
There are other ways to load-balance such as round-robin but those are usually not used because it may cause packets arriving out of order. I am not sure if that happens often on a simple network with a single switch but I'd still avoid it.
The final score: Gramophones 1 – Glassholes 0
Point DNS blitzed by mystery DDoS assault
Such attacks against authoritative DNS servers may be mitigated quite successfully with anycasted servers and Response Rate Limiting.
Sounds like the victim did not use them. At least RRL is very easy to configure and cheap so there is no excuse to not use it. Anycast at scale may be cost-prohibitive for small shops.