-
There are PoW-less cryptocurrencies being developed. If these gain traction and turn out to be secure, then we can leave behind the first generation of cryptos based on PoW.
-
-
These are the two I know of, which also seem to have serious teams backing them up.
Nano: https://nano.org/en Iota: https://www.iota.org/
They’re based on new architectures that enable to dispense with the concept of miner, providing the services that these gave in different manners. For example, Nano uses proof of stake. When there are two conflicting transactions i.e. a double spend, the network votes to resolve the conflict and each node has a voting stake proportional to the the amount of currency it holds, or the amount of accounts that delegate their vote to that particular node. Thus conflicts are resolved through vote. Iota uses a DAG architecture where the cost of making a transaction is doing PoW in the form of “confirmations”. The transactions that are more robust are those with the larger number of confirmations. Both currencies have a set supply so no new coins will be produced ever, this means that all the coins that will exist were generated in the first block.
-
The problem with proof of stake is that once an entity has 51% they own the currency forever. With proof of work, it is a continual effort to own 51% (this is covered in the linked to article).
A quick look at IOTA (not knowing anything about it), and it does not involve a blockchain and it’s not on Wikipedia.
-
I see both PoW and PoS as protocols depending on the rationality assumption. Those that hold the power will act rationally, thus will want to preserve the value of their investment and as a consequence protect the network. Without the rationality assumption, we could have the top N miners combining their hashing power to destroy the network. What stops them from doing this?
Whether IOTA or Nano are blockchain or not isn’t important I think, what matters is that they satisfy (theoretically, and Nano somewhat practically) certain properties that allow them to function as decentralized cryptocurrencies.
-
-
-
-
-
…especially one that works from version to version of OpenBSD…
This is unlikely. While OpenBSD tends to be evolutionary, the developers are unafraid to make changes where it makes sense.
-
This seems like spam to me?
They’ve copy pasted the advisory and put a very stupid title on it. “Ugly, perfect ten-rated bug”, “patch before they’re utterly p0wned”, “btw it’s a denial of service attack”.
No thanks.
-
-
This vulnerability can “allow the attacker to execute arbitrary code and obtain full control of the system,” it’s not just a DoS.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
-
-
IPv6 is so 1998!
-
TL;DR:
- OBSD clear winner (they have massively reduced their attack surface over the years)
- NBSD clear loser
- FBSD is somewhere in between
-
I use 802.1x (WPA2-Enterprise). Apparently Mozilla doesn’t think that is a valid option. I create user accounts for guests, so each user has its own credentials, they are not shared between users. I have multiple residences and they use the same RADIUS server, so the credentials work everywhere.
-
-
At work we run tinc as a quasi-VPC clone in production and it’s been good to us so far.
The only complaints I have is that under a lot of network load it’ll eat up a good amount of processing power on a DO droplet.
It took some time getting up a lot of the infrastructure in place to manage and hand out keys and configs – FWIW I think had we started with something more zerconf like this might have been easier on us.
-
I am usually recommending ipsec as VPC between hosts. Do you have performance numbers? The only downside I saw with these setups was that they add some latency. I did not see unreasonably huge CPU usage even when under heavy load. How is tinc performing. Sparing one core for tinc will usually be ok, if latency is improved.
-
In our testing across datacenters tinc did not add any noticable latency. In our tests with iperf bandwidth capped out at about 150Mb/s whereas without it we’d hit line speed (1 Gb/s) we’re not network constrained so that wasnt a deal killer for us – You’re right about it eating up a core, but that’s still a core you’re paying for.
Prior to selecting tinc we looked at using ipsec but the management burden of it seemed really high. There’s a good talk by Fran Garcia from hostedgraphite who went into their problems with it https://www.usenix.org/sites/default/files/conference/protected-files/srecon16europe_slides_garcia.pdf That presentation and doing some reading pretty much steered us away from ipsec
In the end I think we’ll probably up switching to a provider who provides a VPC like service and then we’ll do site to site vpns across providers if only to relieve us from the management and overhead burdens of tinc.
-
Prior to selecting tinc we looked at using ipsec but the management burden of it seemed really high. There’s a good talk by Fran Garcia from hostedgraphite who went into their problems with it https://www.usenix.org/sites/default/files/conference/protected-files/srecon16europe_slides_garcia.pdf
Decent write-up. TL;DR: Don’t use Racoon.
-
-
-
-
-
-
Yay for FQ-CoDel—I routinely have cases where many flows through a queue negatively affects latency for some flows through that queue.
-
bink
1 year ago
|
link
| on:
Hackers Stole My Website…And I Pulled Off A $30,000 Sting Operation To Get It Back
TL;DR: I know nothing about technology and here’s how I got my domain name back, with little real details.
-
[Comment removed by author]
-
I agree that this was better than most write-ups by laypeople on such situations. Further, it details the experience one is likely to go through. It also makes it clear to other laypeople you can’t trust the hosting sites to help you protect your domains. I bet many would’ve assumed otherwise.
-
-
I think the writeup is pretty good, and I also wonder if any writeup that is a better postmortem from our point of view would be harder to relate to (for the people with non-technical skill sets). I don’t know whether the original post as it is will make any people pay more attention to suspicious situations, though.
-
-
-
-
-
Not just «even if they’re your significant other» — even if you trust them not to do anything wrong and even if they do not betray that trust.
-
-
-
-
-
[Comment removed by author]
-
The quality of our software stinks barbarically, and everyone knows it.
And the reason I run OpenBSD. Even then though, this VM escape from a browser exploit is quite impressive—and even the focus of OpenBSD developers is far from infallible. Computer programming is hard.
-
-
Wow. Kudos. I would have never expected a donation from Target Corporation, which is the second-largest discount store retailer in the USA. Will Walmart be donating next?
-
Target might be doing it for PR after the hack. Management be like, “Yeah, people will see us funding OpenBSD. They’ll start talking publicly about our commitment to security. Obviously we ported all our DOS and mainframe stuff to it in a few months on a budget without crashing our whole enterprise.” (room erupts into laughter)
-
-
Blah. The morale of the story is to have your own DNS server that queries the root servers and they tell you this over three separate pages :/ .
-
I found it interesting that this was brought on by insufficient RFC1918 space—clearly only a problem in large organizations.
-
-
-
Another great authoritative DNS server, if you have a global and/or load-balancing and/or HA requirement, is gdnsd.
This is the only DNS server I found that from a configuration file you can service all the following requirements simulateously:
- weighted round robin
- ‘datacentre’ failover strategies (as well as the typical server failures)
- handles “if 80% says down…maybe the check is bust rather than the servers themselves”
- internal based checks, or to use the exit code of an external script
- geo-targetting (even using the dns subnet client option; about 30% traffic had this)
- the star feature for me was ‘server coupling’. You could state that a group of servers were all tied together (think ‘same supplier’ as we had ~15 leased server suppliers) so when multiple A/AAAA records were returned, it made sure two servers from the same supplier were not in the mix
Truly amazing work and the documentation was not half bad either.
-
Having diversity in the DNS space is a good thing - in the days when BIND was the only option a zero day or bug could leave large portions of key internet infrastructure vulnerable. It’s for this reason that large DNS providers run their authoritative servers on a variety of operating systems, using a mix of different software. Variety is a good thing!
Licensing aside, FWICS, there isn’t really a lot to choose from between Knot, NSD and PowerDNS. I guess it comes down to those specific features you may need. For example, NSD doesn’t, AFAIK, support dynamic DNS (Knot, for one, does) and PowerDNS has excellent support for integrating different backends, allowing you to do all sorts of funky things when responding to queries (cf. the pipe backend).
-
-
I am not comfortable making half-ass shit.
I encourage you to write code for OpenBSD.
-
I think it’s important to note this is the last version of OpenBSD that will be available on CD—so this is a very limited edition that will never come again.
-
Wait. Can’t you just download the software then write it onto your own CD?
-
-
-
The moral of the story? For high availability you should have a testing environment that closely mirrors production and build redundancy into your production operations so that you may update/patch systems.
-
-
FWIW, and especially for those running the just-released 6.0, persist is only available in -current.
-
A ThinkPad plus OpenBSD. It’s not Windows or OS X or, well, Ubuntu, and those using it expect that, but it’s good ol’ UNIX-like simplicity with excellent man pages and it goes to great lengths to stay secure. The default windowing environment will make most think the OS is from the dark ages, so expect some configuration work to tailor the environment to meet your needs—most of the desktop environments you might be familiar with will be readily available through easy-to-install packages along with the latest modern browsers and whatnot. As others have mentioned, OpenBSD might have reduced performance compared to other OSs that force security to take a back seat or have a large amount of developers or funding, but, these days, most recent hardware is overkill anyway so I rarely have issues here and I probably shouldn’t have bothered saying anything as this is really a non-issue.
The most “special” thing about the ThinkPad is it tends to also be what many OpenBSD developers use and, as a result, its hardware is likely to be better supported than other brands of notebooks.
Not surprised. Oracle’s Java copyright lawsuit going the way it is, Google is going to be license price extorted if they stick to Java so they pretty much need to kill Android if the lawsuit succeeds. Working their own version also gives them the copyrights so the ruling will be helpful in maintaining a tight grip on the new platform.
As I understand it (and as noted by alva above), Fuschia competes with Linux, not Java. It’s a microkernel, not a language VM or a language. The article was technically confused – the Oracle line was just a throwaway and not terribly accurate.
Java is going to be in Android forever, simply because there are hundreds of thousands of apps written in Java. Kotlin was a logical move because it’s very compatible with Java.
I assume the thing everyone is kind of getting at is Flutter, which is the preferred IDE for Fuchsia and it’s not Java-encumbered.
flutter’s not an ide is it?
no, Flutter is a UI framework written in Dart. I think one of the main selling points is that it’s fast enough to avoid c++, and friendly enough (as seen by JS/web developers) to make it easy to make a nice UI with (without resorting to something like electron).