Professional hitmen don’t actually exist.

Sammy “The Bull” Gravano would probably disagree with you. He’d likely consider himself a professional since he admitted to involvement in 19 murders. Granted they were all mob related, and not “for hire” by anybody with a pile of cash and a grudge…

DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…

My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.

Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.

Back in the 90’s before the days of Windows 3.0 I had to debug a memory manager written by a brilliant but somewhat odd guy. Among other thing I stumbled across:

• A temporary variable called “handy” because it was useful in a number of situations.
• Another one called son_of_handy, used in conjunction with handy.
• Blocks of memory were referred to as cookies.
• Cookies had a flag called shit_cookie_corrupt that would get set if the block of memory was suspected of being corrupt.
• Each time a cookie was found to be corrupt then the function OhShit() was called.
• If too many cookies were corrupt then the function OhShitOhShitOhShit() was called, which would terminate everything.

If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.

Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

Depends on the content. My employers sites are a good mix of images, static, and dynamic content, and we rely heavily on Akamai. Their caching of our images offloads a huge amount of work from our origins. We also use their Image Manager tool to optimize a lot of the images seamlessly, which adds further optimization. Their WAF and other security tools are also very impressive.

She talks about it in this video.

Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.

Once we discovered it we didn’t block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.

deleted by creator

Back in the late 90’s I worked for an internet search company, long before Google was a thing. We would regularly physically drive a dozen SCSI drives from a RAID array between two datacenters about 20 miles apart.

New Zealand. The wife & I spent 3 weeks there earlier this year. The people were all very friendly, and the range of things to do & see is just amazing if you’re into the outdoors at all.

I loved the bit where he spent a small pile of that money on an Inverted Jenny postage stamp then used it to send a postcard.

I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.

My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.

Speaking of slot machines, every slot machine, electronic poker machine, etc. are just state machines that operate based on a stream of random numbers fed into them by another device.

The random number generators (RNG’s) used for gaming are highly regulated (at least here in the US) and only a small handful of companies make them. They have to be certified for use by organizations like The Nevada Gaming Control Board. RNGs have to be secured so only NGC officials and other key people can access them. If they are opened unexpectedly or otherwise tampered with then they need to go into lockdown and stop generating numbers until an official resets it.

The RNGs also need to be able to replay sequences of numbers on demand. If the same sequence of numbers are fed into a game and the user plays the same way then the result of the game should be 100% identical each time.

I’ve heard of all sorts of issues with my fiber ISP (Verizon Fios) rolling out IPv6. It’s been years that they’ve been slowly rolling it out for testing in a few places. There’s virtually no useful documentation on their website about it. And it’s still not available where I am.

That would surprise me. Companies like Akamai maintain very up-to-date lists of Tor exit nodes, commercial VPN exit nodes, etc. My employer uses Akamai and blocks all traffic from Tor given the huge volume of malicious traffic coming from it. It would be trivial for us to block VPN traffic as well if we wanted to. Those blocks occur on Akamai’s systems before it ever makes it to ours. No browser-based tool is going to get around an IP based block like that.

No idea if Reddit is doing something similar here, but my guess is they are.

My employer has a pretty large presence in AWS. We finished migrating to Amazon’s Corretto (based on openjdk) months ago. It was pretty painless given we already use Amazon’s Linux distros.

Getting rear ended on the highway by a drunk driver. Had all of about 1 second of warning when she slammed on her brakes and started skidding.

My favorite when debugging some code for a memory manager, written in the days of DOS extended memory, was shit_cookie_corrupt.

The original author called blocks of memory “cookies”. If too many cookies were corrupted then eventually the function ohShitOhShitOhShit was called, which shut everything down.