cks

cks, 2 days ago to random

In re comparing fire drills to phishing tests[1], if phishing tests were like fire drills, they would test the response to a successful phish. Was the person phished able to rapidly report and mitigate things? Do the organization's phish alarms work and reach people? Etc etc.

Current "phishing tests" are like testing people to see if they accidentally start fires if they're handed (dangerously) flammable materials. That's not a fire drill.

1: https://infosec.exchange/@sambowne/112513766095541271

cks, 5 days ago to random

Pretty much every time I change the time of an alarm on my phone I am irritated all over again at the fundamental laziness and robotic computer-ness of time controls. What I want to do is move the time forward or backward, not to separately change (or set) the hours and the minutes. But separate 'hour' and 'minutes' spinners or options are the easy computer way out so that's how UIs implement it.

cks, 7 days ago to random

Dear self, just because you have finished listening (once) to all of the new music you picked up last BC Friday is no reason to go pick up more. Among other things, you still have ~400 or so releases not listened to from two 'buy our 250-release catalog for cheap' offers in the past. So at least listen to some more of them before giving in to temptation. (Yes I have a 'to purchase' list.)

(Normally I would hold off for the next BC Friday but that's not going to be for months.)

cks, 8 days ago to random

It's surprisingly difficult to bicycle at 10 km/h and no more, at least on my bike with standard 700c wheels. It generally feels like if I sneeze I'll go clearly over and it's easy to drift into too fast.

(Toronto's Mt. Pleasant cemetery has an official bike speed limit of 10 km/h. One of my personal perverse acts is that when I go through it riding by myself, as I did today, I try to stick to this speed limit. It's absurdly hard to go that slow but oddly fun.)

cks, 8 days ago to random

It has been '0' days since I wrote 'Oath' when I meant to write 'OAuth'. Such a tempting not exactly a typo, more a mind slip.

(Also, don't ask me to describe the differences between OIDC and OAuth2, and I suspect that all sorts of documentation blurs the two and talks about 'OAuth2' when it really means 'OIDC'. For example, I'm not sure Grafana would be happy with a pure OAuth2 provider that didn't add the extra OIDC stuff, although maybe it would be.)

cks, 9 days ago to random

Happy or unhappy "first day of AC" for those people in Toronto who are reluctantly observing it. Yes, I'm a wimp, but my place heats up easily and 80 F / 26.5 C in my little home office makes me unhappy. (Although now I look that's about the outside temperature too.)

Maybe I can get away with just running AC for not too long to knock down the heat. And the weather forecast has us returning to low-20s or below weather for the weekend.

Toronto's temperate spring: enjoy it while it lasts.

cks, 10 days ago to random

Toronto's waterfront fog can sometimes give you absolutely marvelous photos and moments, as I was reminded by posts yesterday evening by @nev . Many years ago I was lucky enough to take a photo in mid-summer evening fog along the waterfront that I rather like:
https://www.flickr.com/photos/22276923@N06/4788499989/

cks, 16 days ago to random

Why yes unnamed cloud vendor, I do appreciate you making the tiny system disk of my dinky, basically as cheap as possible VM be your "premium SSD" offering. I am sure I will need all those more expensive IOPS for (checks notes) automated Ubuntu package updates.

Also, no. I'm not surprised, I'm just disappointed at cloud vendor practices. It sure is nice to feel like they're out to ruthless exploit me.

cks, 17 days ago to random

It's certainly better to discover that my commuter bike has a flat rear tire on a Sunday afternoon than on, say, a Tuesday morning when I'm about to commute with it. But I'd rather not have the flat.

(You know how the bike mechanic at your local bike shop can change your flat tire in no time at all and make it look like magic? Me with flat tires is the exact reverse of that. I will forever be the last place finisher in any flat-changing competition.)

cks, 17 days ago to random

Well, that was a learning experience not just about where DNS servers put information when you query them with 'what are the NS records for this subdomain', but also on how some of our local DNS servers are configured. (In a way that kind of surprises me, for one of them.)

TIL that if you ask a parent authoritative server for NS records for a subdomain, they show up in the 'authority' section of the reply, not the 'answer' section. For (perfectly good) DNS reasons.

cks, 19 days ago to random

Half formed hot take: the Linux kernel CVE situation is the tip of an emerging iceberg as OSS people push back and refuse to do supply chain/security work for free just because third parties want it.

(AFAIK, the ultimate trigger was third party maintainers of old kernels wanting the mainstream kernel to note all changes that turned out to be security fixes so the 3rd parties could backport them and only them. Identifying what is actually a security fix is non-trivial extra work (& fallible).)

cks, 20 days ago to random

We used to operate one of the university's authoritative secondary DNS servers for all of the university's domains. Many years ago, we ceased doing this, reducing the server to just being authoritative for our own domains. Today I learned that there are a lot of people on the Internet still querying us for other people's domains that we haven't been NS records for for years. Where are they picking this up from? It is a mystery.

cks, 21 days ago to random

I've now created my first cloud (virtual) machine. It is of course a special snowflake, because I had no desire to try to simultaneously learn this cloud vendor's web UI, terminology, etc and also some cloud machine automation setup. At least it's an extremely simple special snowflake and I kept notes (and off-machine copies of everything important).

I suspect that it is terribly set up and there are much better ways to do what I want, but meh. It's simple.

cks, 22 days ago to random

Great moments in dry (Go) commit comments[1]:

runtime: remove note about goid reuse

Goids are designed to be big enough that they will never be reused: a uint64 is enough to generate a new goroutine every nanosecond for 500+ years before wrapping around, and after 500 years you should probably stop and pick up some security updates.

[...]

1: https://go.googlesource.com/go/+/8f71c7633fd70fffc5fa65e7865e763238fa6f46

cks, 22 days ago to random

This is my face when people think it is a good idea to make your computer make bubble-popping noises when you change the sound volume. I AM LISTENING TO MUSIC YOU GOONS, IT IS NOT IMPROVED BY RANDOM BUBBLE POPS.

cks, 1 month ago to random

In re Canonical and Ubuntu: at work we are still using Ubuntu LTS (and we're going to start using 24.04), but this is on servers where we don't have to deal with snaps (we turn them off, they don't work in our environment). But the Canonical monetization drive is obvious and the end point is inevitable, so I expect we'll wind up on Debian before too many more years (depending on what Canonical does to LTS releases). 2026? 2028? Who knows.

wrt: https://oldbytes.space/@feoh/112337886575696195

cks, 1 month ago to random

I wonder if libvirt can finally make snapshots of (shut down) UEFI based virtual machines, here in 2024 with everyone wanting to get rid of BIOS MBR booting. But I don't wonder enough to bother building a UEFI VM to find out.

(For years this was a big missing libvirt feature, but maybe it's not missing any more.)

cks, 1 month ago to random

Another day, another site devoted to listing and 'shaming' public web servers that don't have IPv6 yet. Sometimes I think that people who want IPv6 everywhere are their own worst enemy.

People have been yelling at other people to get IPv6 for decades. Maybe some year those people will stop to ask why people aren't using IPv6 already and what could help change that.

cks, 1 month ago to random

TIL that restarting Grafana Loki in our configuration can take the host's load average to over 1,000. Loki, what are you doing?

cks, 1 month ago to random

On the one hand, clouds in Toronto. On the other hand, it feels clearly darker than it should be given the apparent degree of cloud cover.

(I really should have prepared something in advance with a suitably tiny hole, but alas I did not. I have things with holes but they're probably too big holes.)

cks, 1 month ago to random

My standard attitude on digital signatures for anything, Git commits included, is that you should not sign anything unless you understand what you're committing to when you do so. This usually includes "what people expect from you when you sign things". Signing things creates social and/or legal liability. Do not blindly assume that liability without thought, especially if people want you to.

In re: https://fosstodon.org/@vbatts/112185576755787518

cks, 1 month ago to random

I'm not sure why I have a JRE from 2012 sitting around, but I suspect it has something to do with old IPMI/BMC and KVM over IP with a Java applet. (Probably something to do with running unsigned old applets.)

I doubt the JRE still works and I don't think we have any actively used servers where I would care about this, but I'm still not going to rm it. Just in case.

cks, 1 month ago to random

My hot take: if corporations are going to insist that OSS software they use have things like mandatory two-person code reviews, SLAs, written succession plans, and so on, then the end result is going to be that corporations don't use anywhere near as much as OSS code as they do today.

Since that would be unpalatably expensive to corporations (that's why they're using this OSS today), this is corporate hot air plus yet another attempt to lean on OSS for even more unpaid labour.

cks, 1 month ago to random

Hot take: autoconf going away would be a significant net loss to OSS, perhaps as bad as the net loss of the Python 2 to Python 3 transition, and for much the same reason. There are a lot of projects out there that use autoconf/configure today and it works, and they would all have to do a bunch of work to wind up in exactly the same place ('a build system that works and has some switches and we can add our feature checks to').

(The build system can never supply all needed tests. Never.)

cks, 2 months ago to random

TIL that Lustmord is on Bandcamp, https://lustmord.bandcamp.com/music
Now I have some catching up to do (and a Bandcamp Friday coming up, conveniently).