* Posts by DougMac

119 posts • joined 16 Jul 2013

Page:

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

DougMac

Re: Old devices

Because of this and other deprecated ssh stuff, it forces me to keep around old systems, with all updates turned off so that I can still get into old gear that doesn't have any upgrade path but is still in use.

The alternative is to turn telnet back on and telnet into them. :-(

Source code for seminal adventure game Zork circa-1977 exhumed from MIT tapes, plonked on GitHub

DougMac

Odd? We already had this?

The original MDL source to Zork has been out for a number of years.

Ie. see this github repo

https://github.com/itafroma/zork-mdl

Perhaps this is signifigant as to be closer to the epicenter.

I believe the main problem right now is that there isn't a original MDL compiler extant that can handle compiling this code, although I believe there was some work to create a MDL compiler that can handle this code.

Firefox to burn FTP out of its browser, starting slowly in version 77 due in April

DougMac

Re: "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS"

I use FTP all the time in a variety of forms (if you want to call sftp doing FTP, but also use FTPS quite often).

Granted, I _never use_ a web browser to do FTP, I have a dedicated FTP client on the various platforms I use. It is extremely handy to move files in and out of disparate environments.

I wouldn't care if Firefox drops FTP support, if you want to use FTP, use a dedicated client.

Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature

DougMac

Re: The most simple way is not mentioned here?

Linux seems to have a lot more support than you think. Linux anyconnect download is here

https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036

If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.

There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.

Of course that still doesn't account for the RDP client license that Microsoft will make you get because you aren't using their desktop OS that conveniently bundles said license with it. Also a Microsoft auditor will come in and inform you that if there is any chance of non-windows desktops ever connecting, that you'll need to buy RDP client licenses for everybody "just-in-case".

DougMac

Re: The most simple way is not mentioned here?

Linux seems to have a lot more support than you think. Linux anyconnect download is here

https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036

If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.

There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.

Microsoft's latest cloud innovation: Printing

DougMac

Re: Windows 365 Cloud ?

Microsoft maintains their own, and all the big email players have moved to their own inhouse filtering/RBL. External filters and RBLs are only in use by companies that haven't migrated into one of the big players.

OOTH, Microsoft's Postmaster services actually can clear out blocks if you know how to work their system (which is draconianly difficult). As opposed to say, Google, which tosses their hands up in the air and say maybe it'll clear in a day, week, month, we dunno.

Anybody putting something in front of the Microsoft setup is probably not using it right as designed, which requires end users training it (ie. flagging SPAM, moving HAM out of SPAM folders, etc). Many users don't want to bother training their SPAM filter, so they throw something else in front.

You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking

DougMac

> Who, aside from some enthusiasts, actually wants ipv6?

Anyone who is behind a massively overloaded CGNAT box that can barely keep up.

Death and taxis: Windows has had enough of clinging to a cab rooftop in the London rain

DougMac

I just wonder at what point that these software companies making signage think that a windows license is worth the cost of deploying these, and all the baggage that goes along with it.

I'd have thought everyone would flock to a linux digital signage or something with loads less license fees; although looking at the digital signage market, the license fees are not cheap, and the ones I've seen in the wild haven't been any more stable than windows anyway. There was one by my car park that turned from a bulletin board to a digital sign, back to a bulletin board for like 6 months until they finally seemed able to fix it again. I'm sure they were glad that they paid all that $$ so we have a nice smooth screen to tape their paper printouts to again.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet

DougMac

The author of the article doesn't quite seem to understand the nature of the setup of the root nameservers.

There aren't only 13 root-servers. There are over a thousand root-servers arranged in 13 clusters, each cluster run mostly by different organizations (yea diversity)

They are anycast, so that your connection will connect to the "closest" one as BGP routing determines. If an organization does do maintenance on a few of the the root-servers, they'll stop doing the BGP anycast announcements so that traffic no longer hits that particular server(s) that is under maintenance.

So, technology much like the global content server networks like CloudFlare, Akamai, Edgecast, etc. run the root-servers as well.

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

DougMac

Re: Dum question

Yes. Older Outlook clients have a crappy IMAP implementation, most people used POP email with them to stay sane. Many others just chose it as default.

That method of deleting email is only the _default_ for POP (vs. IMAP where the default is not to delete). You can have your POP email client do a variety of options for download & delete, or delete on a schedule, etc. etc depending on options you tick.

DougMac

There definitely have been outages I've noticed on my work email.

They must have just lined up with your usage not requiring access at that particular time. Too bad that wasn't the case for me.

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months

DougMac

Re: I understand

>> As for lets-encrypt - I set it up for someone almost a year ago, and haven't had to get involved since. The renewals are automated.

Unless you routinely update your code packages (ie. installed the package from a PPA or make sure to go get the newest code from their github), the certbot client from two years ago isn't going to work after this summer when they disable ACME v1 as well.

So, not quite plug and forget.

Outlook more like 'look out!' as Microsoft email decides everything is spam today

DougMac

Re: Outgoing or Incoming?

I've had to disable the SPAM filter on my company Office365 because it was catching way too many false positives, and not catching the actual spam.

Virtualization juggernaut VMware hits the CPU turbo button for licensing costs

DougMac

Re: vSphere vs Hyper-V

The only people running Hyper-V are the ones in the simplest setup possible.

If you are serious, and have the full SCVMM cluster setup, Hyper-V has already torn your guts out with its issues and problems.

The only shops I've touched that are happy with Hyper-V are single-host virtualizing a few guests. Very happy with the price. Aren't big enough to care about full on clustering, moving VMs from host to host, etc.

Everybody else in the cluster realm can't wait to get rid of it.

Take DOS, stir in some Netware, add a bit of Windows and... it's ALIIIIVE!

DougMac

Or the limits of the chip and systems of the era.

The PC was started being designed in an era when 4k was in common use, and was released with 16k as the entry level point when the hardware was ready. It used the 8088 chip, which could address a max of 1MB, and IBM needed room to map the BIOS, video, etc. into the upper areas of the memory map, which was common in that era before virtual memory mapping chips became defacto. That is the 640k dividing line, at a point of 40 times the memory that the base unit shipped at. Even if they had it higher, the BIOS and slots still needed to be mapped in somewhere in the 1MB space that was the max the 8088 could address.

The Apple II had similar design constraints from an earlier time, but nobody goes on about the 48k limit of its design until they did some bank switching on the ][+ to get that extra 16kb of RAM or more on the //e and //c.

XMS 2.0 wasn't done until 1988, (seven years after the PC was released).

Even when PCs were shipping with 80286's, which could address a whopping 16MB of RAM, most PCs of the time didn't have more than 1MB of memory.

By the time the 80386 came out, and things could address lots of memory, it was the software lagging behind, with most people insisting on running MS-DOS of the era of 16k machines.

DougMac

Windows server software required CAL licenses from the start. The big difference between Netware and MS is MS didn't _enforce_ license count, whereas Netware did.

After years of MS making it near impossible to actually figure out how to properly count, license or even buy said CAL licenses to be properly licensed, just about every windows user punted and didn't care.

Most people buying file servers compared the properly licensed cost from Netware against a vaguely licensed MS Server, or perhaps CALs didn't even come up in the conversation. Once the rollout went out and they weren't counted, audited, or were anywhere to be found, it was instant conversion over.

DougMac

OSX upgrades had the vendors abandond almost every scanner made for OSX in the past.

My Fuji Scansnap used to bring me smiles using it about just how well it ran, which changed overnight to one of the most frustrating things I own after OSX got upgraded.

VueScan can handle the older hardware when the makers all abandoned it. I'm not sure its at a level of bringing me smiles, but at least it is functional.

Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

DougMac

Re: Are WordPress plugin developers the worst, or ...

I think it just atracks the sort of people that shouldn't be coding, based on my dealings with "Word Press Web Designers".

The ones that ask me how to get access to their CSS, I point to the file, and they have no idea what I'm talking about. CSS doesn't go into a _file_. Its _in_ the website.

Snakes on a wane: Python 2 development is finally frozen in time, version 3 slithers on

DougMac

More lazyness than anything

The differences between Python3 and Python2 are pretty minimal overall in terms of language design. More like lets get rid of the bad decisions we made 30 years ago so we can move forward.

I think PHP changes much more rapidly with much greater impact from version to version.

I think the reason people stuck with Python2 so long is because they had zero incentive to look at Python3, and so they kept on the same path. To them, Python3 was much like Perl6, some distant far off thing that will never come about. So its good that the Python foundation finally set a firm date to decommission python2 and promote python3 as the future.

iFixit surgeons dissect Apple's pricey Mac Pro: Industry standard sockets? Repair diagrams? Who are you and what have you done to Apple?

DougMac

Re: you can’t just swap in a drive from Crucial

Surprisingly few 3rd party vendors for weird Apple proprietary flash. Just one that I know of, OWC has replacements for the trash can, and MBP/MBA flash drives.

They most likely will have replacements for the 2019 MacPro as well (already a category on their website).

I do wish Apple switched over to the "standard" version of the products after they pioneered the stick form factor, but they keep on with their own thing for some vendor lock.

Update Docker: Fun bug involving file paths and shared libraries turns out to be a security hole

DougMac

Indeed.

Its what, over 55-60% of all docker images in the docker registry have some sort of security issue out of the gate?

macOS? More like mac-woe-ess: Google Chrome slip-up trips up SIP-less Apple Macs

DougMac

Oh, I wish I could be 100% chrome free.

It has turned into the IE6 of today. Many websites I need to use are coded only so they work in Chrome. :-(

Thankfully that is a very small percentage, but its enough that I need to run Chrome for some of those damn work SaaS offerings they insist on using.

UK ISPs must block access to Nintendo Switch piracy sites, High Court rules

DougMac

Re: Pointless

One reason that there is a flag domain name an ISP can implement to have browsers opt out of DNSoH negotiation by browser at the start.

That doesn't prevent an advanced user from implementing their own DNS setup, just like now. But due to measures like this, DNSoH is going to probably be flagged by all ISPs in UK and other places that require these blocks.

Pat Gelsinger vows to upgrade VMware's once 'bad' open-source rep to the 'very' best by 2021

DougMac

Re: vSphere

Current versions of vSphere is fully HTML5, and new features only go into the H5 client.

The flash client is deprecated, and strongly points you over to the H5 interface with banners or notices telling you the flash client is deprecated. The HTML5 has been complete for a few years.

While not all VMware products are flash free yet, they are well on their way, at least on the newer versions.

I don't think vSphere 7.0 is slated to be completely rid of the flash client, but it could be by the time it rolls out.

DougMac

10G switches are the base standard in the data center now-a-days? We've been deploying 10G ones with 40G uplinks for some years already. 25G switches (with 100G uplinks) look to be the upcoming base standard soon. These are basic datacenters, not 400G/100G spline-and-leaf monsters. I don't see them dropping 1G as a supported option as one needing the bandwidth, but just reflecting the base level in the datacenter switching now-a-days. VMware is targeting datacenters, not a small company. I'd have thought the pricing alone would have cut out all the small companies.

You don't have to use NSX if you don't want. We don't deploy NSX in our management clusters.

A lot of the tools are there to provide options. The basic VMware Hypervisor is there just the same. You use the tools that work for you. If you need options in NSX, then use it. If not, you'll probably need external boxes to do that function, same as in the past. You'll lose some of the distributed nature of NSX then. Likewise, don't use VSAN? You'll still need external shared storage.

You seem a bit all over, if you are worried about VCSP Standard going away (5 point rental), you can't be using any thing beyond the basics, as you don't get VDS with Standard, and *anything* advanced (ie NSX, VSAN, etc. etc. etc) all requires VDSs on Enterprise Plus (7 point rental) plans. I think the only time we deployed VCSP 5 point rental ones were for private cloud customers with two hosts and two networks. (ie. the most basic which probably were better served with other solutions anyway).

What is it with hosting firms being stonewalled by Microsoft? Now it's Ionos on naughty step

DougMac

Re: Active / Passive redundancy?

An ISP can't just switch IPs out of the blue, you have to warm up new IP addresses, by sending a tiny fraction of the email through, to push your legit to spam ratio up higher and higher, all the while the larger providers will start accepting more and more email from your new IP addresses as long as that ratio is maintained well.

You also have to keep email flowing from time to time through your new warmed up IP addresses, or they will grow cold again, and you start over from scratch.

Finally, if you start ping ponging around, and you haven't taken care of your internal compromised accounts/systems that are the problem, and Microsoft/Google/Yahoo notices you doing this ping-ponging, you are much more likely to get whole swaths of your IP space banned instead of individual servers.

Microsoft blacklisted TSO Host's email IPs from Hotmail, Outlook inboxes and no one seems to care

DougMac

Large mail providers run their own blacklists

None of the large mail providers depend on SORBS or the other public RBLs now-a-days, they have their own internal RBL system that they use (seeing the viability and usability of the RBLs out there, I don't blame them).

Thus you have to deal with each on their own terms. And deal with each large mail provider on their own. Most like Comcast or Yahoo keep you on the block list for some short period, see if you are still sending SPAM and if you are, will renew the blocks. If they see the rate down, you get auto-delisted.

So if the rate of SPAM in Microsoft SNDS stays up in the red zone, you are unlikely to get cleared.

Running an ISP mail provider, I find most blocklists are fair, although Microsoft's is the longest to wait and deal with. The appeal process is also backwards (ie. you have to reply to the ticket that says in no uncertain terms do not reply to this ticket). But usually if the auto-delist system hasn't cleared after your SNDS rate has fallen, appealing to the ticket usually gets good results through them. I see a few appeals on mailop, but most of them haven't gone through the proper normal steps that Microsoft has laid down.

They don't seem capricious or arbitrary to me. They really do make sure you are on the ball with your own rate limiters and compromised account detectors.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

DougMac

IPv6 is here

IPv6 is here. Any business ISP can get you IPv6 connectivity. Many residential ISPs do it by default (but granted not all).

There is much gear that supports IPv6 natively.

What doesn't do IPv6? People. Especially Enterprise/Business Techs.

That is the number one factor. They see no need. They don't bother learning. They don't bother doing. "I don't need it, I don't want it, I don't use it." Stick their head in the sand, no problems here, no need to do anything.

Just about everyone on their smart phone has fully IPv6 connectivity right now.

My home ISP does IPv6. My mom's home ISP does IPv6, and her computer is fully IPv6 connected without her knowledge.

But in 99% of the enterprise businesses I deal with, even though they could enable IPv6 on their firewall and do it, they do not. They see no need, so they don't enable it.

So ISPs have to go to extraordinary measures, like enabling CGNAT. I do not know how much time I've spent dealing with CGNAT issues. Constant breakage. Constantly dealing with slow downs, and all the rate limiting they have to do on their gateways. I tell the customer to get away from the ISP that has to do CGNAT. They don't. I tell them lets try IPv6, and see if all the content you want can be gotten natively. They don't.

I think the only event that will force enterprise adoption of IPv6 is if Facebook or Slack went IPv6 only. That might make the people learn quickly.

Why would anybody believe that a different protocol than IPv6 that will take another 20 years to adopt would do any better? Anything that makes people change what they are doing is not going to be adopted unless it is done for them.

Migrating an Exchange Server to the Cloud? What could possibly go wrong?

DougMac

Re: Late to the party...

Ditto. I find it questionable that a MS Partner wouldn't know that Exchange digs so deep into ActiveDirectory that touching anything in Exchange is the same as touching it in the main Active-Directory?

FYI: Your Venmo transfers with those edgy emojis aren't private by default. And someone's put 7m of them into a public DB

DougMac

Can someone tell me why there's an app with social activity tied to payments?

Why in the world would *anybody* think up, hey, what the world needs, is Twitter with payments?

Hey, I sent you money! Thanks d00d!

Backup your files with CrashPlan! Except this file type. No, not that one either. Try again...

DougMac

This isn't a change?

Crashplan has always filtered on file extensions like this. I've been using it for over a decade. This isn't anything new? Maybe they hid it better in the past, but now the true nature comes out on some level of setup.

One thing they do well is continuous backup, changed files get backed up quickly, rather than on a snapshot schedule like most everybody else.

OOTH, its hard to believe they'll be in business with how they are turning away their core users. They want to sell to businesses, but won't support servers?

They want to turn into a security monitor DLP solution, but I don't know of anybody that wants a DLP unless its a compliance box to check.

A2 Hosting finds 'restore' the hardest word as Windows outage slips into May

DougMac

Servers..

If only there were other cloud providers that you could backup your data regularly to, and test your DR setup rather than put all your eggs in one basket.

Hmmm..

IT sales star wins $660k lawsuit against Oracle in Qatar – but can't collect, because the Oracle he sued suddenly vanished

DougMac

It is truely amazing that Oracle has any customers. If you think this is screwing you over, look into the licensing terms of an Oracle product, especially their flagship one.

Even if the Oracle sales rep personally paid me $1mil, I still wouldn't in anyway purchase Oracle software for my company unless I wanted to screw them over big time. Perhaps that is the secret as to their existance.

Apple bestows first hardware upgrades in years upon neglected iPad Mini and Air lines

DougMac

Use it for what it is designed for..

The end of the article seems to go off as Chromebooks are better.

The iPad and Chromebooks are designed for two totally different types of usage.

Many people don't understand this.

The iPad is designed as a content consumption device. Watch movies, play games, read ebooks. web browsing, etc.

Chromebooks are designed as cheap throw away laptops. If you want to do things that a laptop does, write code, term papers, then a chromebook would be better. I don't understand people trying to make iPads into laptops, this kinda of works with lots of hurdles. Then people go and slam on the hurdles trying to shoehorn the wrong device into the wrong task. Apple kinda follows along and tries to enable this to happen, but with their sandbox, this is never going to be the same as a laptop.

But they work great to consume media. Hand an iPad to a 3-year and watch them learn to navigate it in minutes.

Disk drives suck less than they did a couple of years ago. Which is nice

DougMac

Any single disk setup is asking for trouble. If you need to stay up and working, RAID. If you need your data, backup, backup, backup, backup, backup.

Everything can fail (as I'm looking at the 2nd SSD failure on my laptop), average time to fail = 1.5 years.

DougMac

Re: Ah...

Not true, for a while there, almost all Seagate drives (even enterprise ones) were pretty shit.

I had many a NetApp/EMC, etc. etc. that came packed to the gills with Seagate drives, that started regularly failing on a very regular schedule starting just about half a year before the normal warantee period on those drives. I had a Sun Thor (48 SATA 1TB Seagate drives) that probably had lost 70% of its original drives.

The replacements started coming back with Seagate drives, that failed again after replacement.

Pretty soon the replacements starting came back with HGST or sometime Toshiba, and those disks never had to be replaced again.

Domain name 'admin' role eyed up as latest victim of Whois system's GDPRmeggdon

DougMac

Just Admin Contact?

Aren't all the contact data fields of questionable value? None of my customers care what goes in there, It could be all folded down to one contact (with mostly fake info) in all cases.

There, I just saved a "committee" months of "work".

How an over-zealous yank took down the trading floor of a US bank

DougMac

Sun IPX "server"?

The Sun IPX was never meant to be a server, but a tiny workstation. Typical configuration was something like 40MHz CPU, and 16MB or 32MB of RAM. It came in a tiny "lunchbox" case. (about 1 foot by 1 foot by 8 inches tall).

I doubt a PC era hardware was more powerful, but almost certainly, SunOS was 1000 times more stable and capable then anything running on a PC at the time.

DougMac

Re: Unplugging the keyboard = kernel panic ?

It wasn't a kernel panic, but the Sun machines had a tough time differentiating between Stop-A and the keyboard being unplugged. Stop-A was a means to break out into the rommon to debug the kernel, and was reasonably difficult to preform, and was introduced into an era when machines were built to be serviced by kernel systems programmers to find kernel bugs. Then continued on long past the day when this was useful.

It was just unfortunate that the Stop-A procedure was confused a bunch by the keyboard being unplugged too.

Dead retailer's 'customer data' turns up on seized kit, unencrypted and very much for sale

DougMac

How's this different than normal?

By the time a company is liquidated, anybody left there gives zero ***cks to what happens to anything left over, data, sensitive info, etc?

I've cleaned out offices with tax forms, W-2's, etc. all left behind. This is normal.

I've also bought 2nd hand filers from liquidated companies with full data still left on them. Source code, CAD drawings, records, etc. etc. Bought network gear with full configs (SNMP communities are always fun) still left on them, etc.

Not many liquidators would have the means, knowledge or time to make sure things are securely wiped, and if it has come down to the end, its doubtful anybody still left at a company does either. They are the cleanup crew, get it out, get it gone. who cares.

DNSSEC in a click: Cloudflare tries to crack uptake inertia

DougMac

Re: El Reg writes "In some respects it is like IPv6...."

Yeah, but with the consolidation in the industry, there's less than a handful of large players, and the small players are probably going to all die off sooner than later. The CAA record seems less useful if its between a choice of 3 or 4.

Microsoft sharpens its claws to cut Outlook UI excess, snip Ribbon

DougMac

UI revamp

The next UI revamp for Office 2020, we'll get rid of the toolbar, and invent the new latest k00l toy, the menubar! Everyone must conform to the new UI standard.

Welcome! Mimecast finds interesting door policies on email filters

DougMac

Re: A study?

Mimecast has been around a lot longer than Microsoft has been a mail provider.

Sysadmin sank IBM mainframe by going one VM too deep

DougMac

"Incidentally, since we call it a hash in the UK, but the Americans call it a pound.."

That usage in the US has gone away decades ago. It was current when typewriters were a thing and was used then, but since computers came around, nobody abbreviates pound as #.

People hate hot-desking. Google thinks they’ll love hot-Chromebooking

DougMac

Re: MTBF

"So users are having to replace their Chromebooks over three times a year due to failure?"

Lets do the math. Lets settle on the $300 chromebook. 3.3 chromebooks per user per year.

At 3 years out, the company has spent $2970 for chromebooks vs. an assigned laptop.

Wow, what a cost savings.

Fix this faxing hell! NHS told to stop hanging onto archaic tech

DougMac

Not being in the industry, but interested observer, I think the reason FAXs are so prevalent in the health industry is because printed documents transferred in "modern" protocols fall within HIPPA, and FAX's are preexisting tech and don't have all those silly data protection rules attached.

I've heard of medical billing outfits in the US that emulate 1,000's of concurrent online FAXs machines at a time so all those medical billings can go back and forth on paper, bypassing HIPPA rules.

I've had so many of my customers that have to process PHI billing just how they can do email with PHI and still be HIPPA. My answer of you can't just pissed them off all to no end. I think this is the industry's end-run to still have paper record shuffle.

Boffin botheration as IET lifts axe on 20-year-old email alias service

DougMac

Email forwarding services are passé

Due to technical measures such as SPF/DKIM, most email forwarding services have extremely poor forwarding rates.

The users of this service are probably missing most of their forwarded email anyway due to SPF filters (which Google encourages all domains to setup, by dumping more and more non-SPF setup domains right into the gmail recipients SPAM buckets).

Mailling lists also encountered this, but most adapted by rewriting the sender address, which probably would not go over well with just an email forwarder service, if the recipients couldn't reply back to the sender. Suddenly the email forwarder service has to be running a full on mail server, keeping track of all rewritten senders and expanding them back and forward.

A total mess technology wise.

When Google's robots give your business the death sentence – who you gonna call?

DougMac

Re: Google 'support'

No MSP will trust Google Apps with their customer's email setup. Support and response to problems is just too messed up. One reason Office365 took off so much.

PayPal reminds users: TLS 1.2 and HTTP/1.1 are no longer optional

DougMac

Re: TLS 1.1 is fine for PCI ?

Correct, TLS v1.1 is fine, but generally in practice, TLS 1.0 marks the dividing point between "legacy old systems" and stuff that supports it all.

If you can to TLS v1.1, generally you can do TLS v1.2, and you may as well get on that wagon while you are reconfiguring.

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

DougMac

> Personally I don't know whether this is a thing or not, but I've been hearing rumours about carrier-grade NAT and how it's going to be widely used by ISPs in the near future.

CGNAT is widely deployed, and customers typically have no clue it is in use, until of course things break and nobody can figure out what is going on. Every tech I've met has no idea why customer one has "public IP" 100.64.1.5 when customer two also has "public IP" 100.64.1.5 when they live in different states when they get allocated IP's out of RFC6598 space.

Of course I get brought in when everything is fubar. The ISPs doing CGNAT are doing heavy rate limiting to make sure their CGNAT gateways aren't overloaded, and doing dirty tricks like redirecting all speed test sites internal so they look like they have great speed, until of course you have to transit outside of their network and find that you have almost no bandwidth besides the tricked out ports the carriers play around with.

But IPv4 is "good enough", except when it isn't. IPv4 won't die until it is too painful to use. Too many techs are blind to the world outside what they know.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020