kbirkeland
|
5 years ago
|
on: SSH Keygen – RSA, DSA, Ecdsa, EdDSA
While not explicitly pointed toward SSH, the "Asymmetric signatures" section covers this. Their recommendation is to use Ed25519 and avoid all other options mentioned in the article.
kbirkeland
|
5 years ago
|
on: An exploration of why Python doesn't require a 'main' function
"Explicit is better than implicit" - PEP20
I wouldn't really say that it's a hurdle to greeting the world since you can just throw `print("Hello world")` at the top level.
kbirkeland
|
6 years ago
|
on: Pro drivers are competing with gamers after F1 and Nascar canceled races
kbirkeland
|
6 years ago
|
on: Timsort, the Python sorting algorithm
kbirkeland
|
6 years ago
|
on: Update: Approaching IPv4 Run-out
kbirkeland
|
6 years ago
|
on: Python consumes a lot of memory – how to reduce the size of objects?
I feel like the last two are cheating a bit by explicitly using 32 bit integers where the other examples seemed to use 64 bit.
kbirkeland
|
6 years ago
|
on: There’s more than one way to write an IP address
Also due to the ambiguity of ports also using a colon delimiter, the IPv6 address may be in brackets:
[::1:2:0:0:dead:beef]:443
And link-local addresses are mandatory and scoped per interface, so they need a zone id supplied as either an integer or interface name:
fe80::1:2:0:0:dead:beef%eth0
kbirkeland
|
6 years ago
|
on: Route Leak Impacting Cloudflare
Leaking a /4 into BGP would do basically nothing unless the originator was originally advertising a /4. IP forwarding is based on the longest-prefix match. Since allocations are sized from /8 to /24, anybody actually advertising their space would not get hijacked by a /4. The leaker would just get traffic destined toward non-advertised networks.
kbirkeland
|
6 years ago
|
on: Google Cloud Networking Incident Postmortem
A completely OOB management network is an amazingly high cost when you have presence all over the world. I don't think anybody has gone to the length to double up on dark fiber and OTN gear just for management traffic.
kbirkeland
|
6 years ago
|
on: New Mac Pro
I'm curious what your experiences are here. With enterprise-level networking equipment and LACP (802.3ad), I've never run into any weird issues.
kbirkeland
|
6 years ago
|
on: Mathematics all-in-one cheat-sheet (2013) [pdf]
I believe that's an iota (ι) not a 1.
kbirkeland
|
6 years ago
|
on: Notifying administrators about unhashed password storage
IMO they would have ideally used "key derivation function" instead of "hash function". It could lead those who know enough to be dangerous to think that safely storing passwords is a simple `sha512($password)` away.
kbirkeland
|
6 years ago
|
on: HTTP headers for the responsible developer
I was curious why you added the `-X GET` to that, but it seems twilio returns 405 Method Not Allowed for HEAD requests. Is there any legitimate reason they would block these?
kbirkeland
|
6 years ago
|
on: Firefox 66.0.4 is out, fixes disabled add-ons
AFAICT still no update out for the android version either
kbirkeland
|
6 years ago
|
on: Docker Hub Hacked – 190k accounts, GitHub tokens revoked, builds disabled
This is useless without authentication though. You're opening yourself up to attacks on the first retrieve. Sure, you can make sure you're getting the file they want you to have, but you don't know _who_ is giving you that file.
kbirkeland
|
6 years ago
|
on: BGP 768K day, and whether it will cause internet outages
That dip is probably not related to the 768k limit. The limit doesnt remove all the current routes, it just doesnt allow for new ones to be installed in hardware. All the routing logic is done in software, so the routes will probably be propagated correctly but not forwarded correctly. See potaroo[0] for other route graphs that don't have the same dip.
The article somehow manages to avoid discerning between control plane and forwarding plane which is a key concept for this issue.
[0]: https://bgp.potaroo.net
kbirkeland
|
6 years ago
|
on: UX clichés
Honestly I skimmed the first part of the article and then checked the comments. It may be a design cliche, but it may be true. I didn't make it to that part.
kbirkeland
|
6 years ago
|
on: Docker Hub Hacked – 190k accounts, GitHub tokens revoked, builds disabled
Is your argument that you only need integrity if you verified the authenticity out of band?
kbirkeland
|
6 years ago
|
on: Docker Hub Hacked – 190k accounts, GitHub tokens revoked, builds disabled
A hash only provides integrity. A signature provides integirty and authentication.
kbirkeland
|
6 years ago
|
on: Visibility of IPv4 and IPv6 Prefix Lengths in 2019
Advertising the longest generally-accepted prefix is more of a BGP hijack defense than a DDoS defense. Longest prefix always wins in IP forwarding, so advertising the longest prefix enforces that the best path to you is (usually) selected by local preference or AS path length.
