Posts by -v(o.o)v-

Re: All is not well, though

Everyone knows what Poettering is like. But it is a new low. Does Debian's systemd still use Google DNS even though several people complain about it?

Re: Suggestion

One obvious benefit (coming from ISP/IXP world here) for Cisco is that it is easy to hire people who can manage it. And when the tech team grows that is very important.

Re: Bring up DANE

Agreed.

DANE is indeed the solution but it is not getting client support. Chrome had it in a test build once. Wonder why - vested commercial interests?

Re: Very cool

Not really. SLOG is very small in size and is better served with RAM based products not NAND flash. L2ARC requires some system RAM for structures and to effectively use such large L2ARC would need tons of it. Not a cost-effective product for ZFS caching IMO.

Re: Thawte et al, hand-rubbing

I've said it before and I'll say it again:

We *must* have push for client support for DANE, TLSA records in DNSSEC. That will solve a whole heap of problems including deprecating the sloppy CA system.

Re: domain controller is restarted

You can argue on semantics (and downvote) but each of the FSMO roles can run on only one DC per forest/domain (some are per forest some per domain) as you clearly know.

My reply was about the "only one DC" which clearly was not true in the case of Ops Masters. Of course they should be transferred out before boot but the OP did not mention it.

Re: Now you can lose 8TB of data in one shot instead of just 4!

But these cheap SSDs will only last a while when written to heavily so they are suitable only for home use.

DANE is the solution

In my opinion DANE/TLSA records in DNSSEC signed zones would be the answer.

Self-sign the cert but put cert thumbprint in DNS - browser verifies the cert from HTTPS matches what is in TLSA. Would also work against dodgy CAs and loading own CA-certs as is done by enterprises using SSL decryption systems.

Uptake of this has been glacially slow. I do wonder why......

Re: BGP

No.

Several routers have FIB capacity of 512k routes as either hard limit or configurable limit where memory from other types (IPv6, VPNv4/6) can be reduced and given to IPv4. TCAM is expensive so lower end routers like 3B/3C non-XL models of Cisco 7600 PFC are at capacity.

Re: wireless

Last mile in the US is a disgrace, according to many well-known Americans in the industry. See any of the numerous threads on N---G mailing list for example.

Re: Actually light doesn't "bounce off" the edges of a fibre optic cable....

Multi-mode fibre does "bounce" the light around whereas single mode fibre acts as you had described. MMF is still widely used in data centres (with SR optics) though many people has realized that for green-field it makes sense to go all-SMF (LR equivalent optics on-premises and shorter distances outside; ER, ZR etc. for long-haul).

Re: I don't get the moaning

You seem to have mistaken that a US patent is a simple thing to do. It is not.

Re: Bays

Good question - here, have an upvote. I would also be interested in knowing the answer.

Re: Centos?

Could be many months. CentOS 6 was way behind but I recall 6 had a lot of problems. In any case it will be several weeks to couple months.