Posts by jerky_rs

Our monitors picked this up (pingdom.com and check_mk distributed deployments) and we had escalations within 3 minutes.

http://status.pingdom.com/incidents/0n95zvcxb19m

I watched multiple routes reconverge and as they did so the lights went green, for example we had one German monitor going via London/NYC on Telia.net with 99.3% loss, it re-routed and went via another carrier to some US deployments we had in IAD and DFW.

I have some screenshots if you want this has nothing to do with Cloudflare if a user is routed via some carrier network that goes down.

personally i think SystemD is overally complicated for what it achieves, sure it boots faster but on a server all i care about is that it comes up and things are simple. With Systemd there is no clear detail of how and what starts unless you reverse targets out of the systemd directory which is ridiculous as compared to "chkconfig --list | grep 3:on" . If we really needed something to start up different processes and manage(and dependencies) them in a simple way they should have just used SupervisorD and include files. Sadly SystemD is much more then what it needs to be.

This is another great example of why systemd is not very good

tcp6 0 0 :::9090 :::* LISTEN 1/systemd

Err so something with PID 1 is listening on 9090, wonder what that is? Start fgrep your systemd directory and hopefully it returns something with 9090 (happens to be cockpit socket..)

As an RHCE for over 10 years i think this is the biggest mistake Redhat has ever made, but i guess we must learn to love systemd. Its in my opinion as bad or worse then firewalld or networmanager both of which have no business being on a server. (desktop sure why not).

Technically you only need to encrypt the 6 digits in the middle of the card number which is pretty ridiculous seeing you could derive the encrypted part by generating numbers in between that pass a LUN check, the postcode (truncated to digits only), numeric part of the address and CV2 all matching will get you a successful auth 99 times out of 100

As a PSP/online store you are not ever allowed to store CV2 only use it for time of submission to the bank. Mastercard/Visa both have additional ability to protect transaction with 3DSecure but this is not generally mandatory to perform a credit card transaction.

Having personally worked at a PCI DSS level 1 PSP for over 5 years and having seen how this stuff works in the backend is somewhat amazing what actually gets transferred. For example all Credit Card numbers for settlement files are plaintext uploaded via PSTN to a banks FTP site authenticated only with username/password and in some cases the file remains there, god knows what the banks actually do to protect this but it is common knowledge in PSP that this type of data is unencrypted in Auth files as well as on many private MPLS networks that BT manage.