I worked on a memory manager back in the days of DOS & extended memory overlays. The original author liked to refer to blocks of memory as “cookies” and temporary variables as “handy”, among other things. My favorites however were a flag identifying memory corruption as “shit_cookie_corrupt” and a panic function when it couldn’t recover that was called ohShitOhShitOhShit().
How do you decide which open source projects are worthy of taxpayer money, and how much does a given project get?
I have a couple projects I’ve put up in GitHub as open source. Would they qualify? Or are you just talking about well known open source projects like Linux?
No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.
I had a few AC Pros in a 110+ year old house where other AP’s had issues with all the plaster & lathe walls. They worked great. I also have a couple of them installed at a non-profit org I volunteer with and everybody is very happy with how they work there as well.
After moving from that first house to a new one with a bigger footprint I upgraded to a pair of their U6 mesh AP’s, one at each end of the house. Never had any issues with them.
So how would you use it to solve this problem? There still needs to be some sort of foolproof way of saying “person X is only 14 years old”.
DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…
My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.
Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.
If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.
Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.
With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.
She talks about it in this video.
I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.
My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.
That would surprise me. Companies like Akamai maintain very up-to-date lists of Tor exit nodes, commercial VPN exit nodes, etc. My employer uses Akamai and blocks all traffic from Tor given the huge volume of malicious traffic coming from it. It would be trivial for us to block VPN traffic as well if we wanted to. Those blocks occur on Akamai’s systems before it ever makes it to ours. No browser-based tool is going to get around an IP based block like that.
No idea if Reddit is doing something similar here, but my guess is they are.
My employer has a pretty large presence in AWS. We finished migrating to Amazon’s Corretto (based on openjdk) months ago. It was pretty painless given we already use Amazon’s Linux distros.
We use Akamai where I work for security, CDN, etc. Their services make it largely trivial to identify traffic from bots. They can classify requests in real time as coming from known bots like Googlebot to programming frameworks like python & java to bots that impersonate Googlebot, to virtually any other automated traffic from unknown bots.
If Reddit was smart they’d leverage something like that to allow Google, Bing, etc. to crawl their data and block all others, or poison others with bogus data. But we’re talking about Reddit here…
It was pure c code that was used to print reports, and included the date in a header. Whoever wrote it miscalculated the size of the buffer for the header by one byte. When the date was the longest month & day spelled out plus a two digit day of the month then it would overflow the buffer, resulting in the program crashing.
Decades ago I had to debug a random crash. It only happened on Wednesdays. On Wednesdays in September. On Wednesdays in September after the 10th…
I use .home for my home network…
I have a few decades programming experience, as a professional software engineer, an open source developer, and a DevOps engineer. There is no way in hell I would do a code review where 15k lines were added and a similar amount of lines removed without having a long discussion with the person who made those changes. I’d want to ask a lot of detailed questions about the changes, questions that an LLM isn’t likely to answer, and most definitely not questions I’d be inclined to try to type into an LLM to try to get an answer.
Over the years I’ve dealt with all manner of bugs, from overflows & underflows, to bad assumptions about logic flow, and much much more. The whole purpose of pointed questioning of the author is to be comfortable with decisions made in the code and to minimize the chances of all sorts of potential bugs.