Explain to me how they would implement reliable geo-filtering in an architecture where they likely want to process a request in under 5 ms.
CloudFlare should just make it an example of Italy by redirecting any Italian requests to the Wikipedia article on fascism.
It's going to be interesting if he walks due to overcharging.
Of if it were me I'd find the cheapest piece of shit AM radio on aliexpress and have someone tape it to the dash.
Instant compliance.
You need to know about about kernel development.
When you work in the kernel at ring 0 there are no safety nets the only sane thing to do to avoid data corruption is to panic. This is true across all operating systems.
The problem here is Crowdstrike flagged the driver as required for boot.
You can't have it both ways if a driver is required you can't expect to OS to start deciding which drivers not to load. I'm not even sure it would be inherently apparent to the kernel which driver is causing the problem. It wouldn't be an immediate crash on load.
The only thing I might give a bit of blame to Microsoft is that they certified a driver that essentially downloads and executes updates that bypass the usual certification an testing process. The problem is that if Microsoft didn't allow this all the 3rd party AV/SEC vendors would be screaming antitrust.
Microsoft had build APIs to provide the required functionality without requiring a kernel driver but the EU required it to be removed due to Antitrust reasons. If anyone deserves the blame besides crowdstrike it's the EU.
The thing that made it really bad is that a lot of the same companies that have Crowdsrike also use bitlocker. Again, the only improvement I can see here is having a Safemode that prompts for the bitlocker keys rather than requiring an external USB but that would likely decrease the effectiveness of FDE but I'm not all that familiar with bitlocker.
*sigh* Can't believe I'm defending Microsoft.
Do you understand what happened?
I'm not a Microsoft proponent by any means and openly mock people for using Windows servers but I cannot see how this is a Microsoft problem.
Crowdstrike operates as a kernel mode device driver which on ANY of the current major OS will result in the same thing if the code crashes. Crowdstrike is incompetent and when the driver read a malformed definition file it resulted in a null pointer dereference. The kernel has to panic game over. Crowdstrike lists the driver as boot critical so on reboot you get a BSOD.
Microsoft even built APIs to put safety rails around the required functionality but the EU cried Antitrust.
I think the problem is that most people think let the speed of light is fast. Sure it's incredibly fast in terms of what humans typically think of as speed but if you want to get practically anywhere interesting the speed of light is incredibly slow.
That said being able to move at say even 0.5c and not having to deal with acceleration would still be fairly interesting for exploring the solar system.
Yet not intelligent or specialized enough to clean their computers and/or conduct all operations from a tails (or similar) box.
It's not the cost of the radio that's the problem.
EV's make a lot of RF noise due to their power supplies and motors. It's the RF shielding (weight) and antenna as AM requires a larger antenna (more drag, and weight).
It wasn't marketing that made me switch from Firefox to Chrome it was their abysmal performance and pointless UI fuckery.
This was forever ago but Firefox was eating up so much memory that it was unusable. Chrome handled the same workload with 1/4 of the memory and no performance issues.
I didn't want to switch. I wanted to support an OSS product. They forced me out.
Crowing about better performance on a 10-year-old Javascript test that's irrelevant confirms they still are in desperate need of better leadership.
I've run ISPs.
This goes fundamentally against how the internet works. Customers pay for internet access and that includes access to anything on the internet no matter who provides it. That is the fucking point.
It's not Netflix's problem that they failed upgrade their networks. Netflix already goes out of their way with their cashing boxes to mitigate the stress on the ISPs networks.
Allowing them to get away with this would ruin the internet. Telcos are far more despicable than Netflix or Amazon in their practices and behavior don't let your bias against these companies cloud your judgment.
What's your suggesting with ultimately turn the internet into a broken form of cable tv.
Tucows is a Canadian domain registrar.
They have WHOIS privacy enabled which means none of that information is related to the registrant.
In order for hosts to autoconfigure Local IPv6 addresses, routers
have to be configured to advertise Local IPv6
advertisements, or a DHCPv6 server must have been configured to
assign them. In order for a node to learn the Local IPv6 address of
another node, the Local IPv6 address must have been installed in a
naming system (e.g., DNS, proprietary naming system, etc.) For these
reasons, controlling their usage in a site is straightforward.
To limit the use of Local IPv6 addresses the following guidelines
apply:
- Nodes that are to only be reachable inside of a site: The local
DNS should be configured to only include the Local IPv6
addresses of these nodes. Nodes with only Local IPv6 addresses
must not be installed in the global DNS.
- Nodes that are to be limited to only communicate with other
nodes in the site: These nodes should be set to only
autoconfigure Local IPv6 addresses via [ADDAUTO] or to only
receive Local IPv6 addresses via [DHCP6]. Note: For the case
where both global and Local IPv6 prefixes are being advertised
on a subnet, this will require a switch in the devices to only
autoconfigure Local IPv6 addresses.
- Nodes that are to be reachable from inside of the site and from
outside of the site: The DNS should be configured to include
the global addresses of these nodes. The local DNS may be
configured to also include the Local IPv6 addresses of these
nodes.
- Nodes that can communicate with other nodes inside of the site
and outside of the site: These nodes should autoconfigure global
addresses via [ADDAUTO] or receive global address via [DHCP6].
They may also obtain Local IPv6 addresses via the same
mechanisms.
While it doesn't come straight out and say it I'd argue the wording implies that nodes that need access to the Internet should have a second globally scoped address.
Demonstrably false.
Few protocols leak those, and generally require helpers.
Just to name a few FTP,SIP,STUN,ICE. With a bit of java script your browser can be tricked into accessing internal hosts on your LAN.
There is no moder day distinction between NAT and PAT.
I use PAT to be specific.
Your opinion is noted, as stupid as it is.
Signed, an industry expert and veteran.
And now we are reduced to name-calling and appeals to authority.
Non-globally routable networks that still need a way out have very real utility.
The fact that you *can* used globally scoped addresses in IPv6 due to the abundance of space doesn't mean the necessity is gone.
In IPv6, we have RFC4193 ULA addresses for that purpose, which are the same thing: Non-globally scoped address space. If you wish to give a ULA-only network internet access, you use NAT.
No, this is an abuse of ULA. The whole point of ULA is to ensure they never are reachable externally.
If you must have limited Internet connectivity best practice would be to use global space behind stateful inspection that only permits establishing traffic to a restricted subset of services.
If you want similar functionality you can simply deny any inbound traffic without a valid state. It's the exact same "security" function IPV4 nat provides without the additional step of mangling the tcp/udp headers.
Almost. It provides the same connection-tracked forwarding security that NAT provides.
It does not, however, provide the 1:N network obfuscation that NAT provides, and that does have real utility in the real world.
Which is practically useless. Nearly all protocols leak the local addresses anyway. If you are worried about the mac address inclusion using stateless auto-configuration you can use RFC4941.
If you are worried about statically assigned servers you can at assignment time obfusticate the IP address. I'd argue, by your measure, that NAT provides significantly less "security" as PAT only has an address space of 2^16 whereas a single
NAT66 provides no value and would bring along all the breakage and stupidity that comes from NAT44.
That's just fud.
You can easily request and receive a
That is control.
NAT is a hack to work around the limitations of IPV4 and breaks a lot of things.
If you want similar functionality you can simply deny any inbound traffic without valid state. It's the exact same "security" function IPV4 nat provides without the additional step of mangling the tcp/udp headers.
I suggest you take some time to learn about how this works before you continue perpetuating this myth.
Sounds like they forgot to pay their hosting bill and are frantically moving things.
The difficult we do today; the impossible takes a little longer.
