13 December 2017, 15:55 UTCNOC, NOC?
Vasilyev Ivan Ivanovich
All your "big" routes are belong to us:
... Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System. Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia. ...
5 December 2017, 15:13 UTCAndroid 8.1 Oreo
Now even more invasive!
15 November 2017, 18:23 UTCTimedRotatingFileHandler - don't be stupid.
So you are using the fine Python TimedRotatingFileHandler,
and you want rotation after a minute.
Make sure your process does not finish in less time than that :-\
14 November 2017, 5:46 UTCSystemd (resolv.conf and dnsmasq)
If you run dnsmasq and are having some trouble with occasional dns drops:
give this a try:
ls -alh /etc/resolv.conf you should record where that Systemd points to in the future... mine points to /run/resolvconf/resolv.conf If you cat that, you find: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 search lan That does not include the lie of 188.8.131.52 and 184.108.40.206, so just remove that link rm /etc/resolv.conf b.t.w. that link lives in /etc/systemd/resolved.conf - silly D, tricks are for google... (what else is going on that is non-apparent in that seemingly PID 1 process?) And add back in the truth via a simple; nameserver 127.0.0.1 Of course if you believe in dnssec, you probably believe in not butter...
Not butter constitutional siginatures
Not sure how they would sign so everybody in the world would agree and trust it...
A keysigining party on that scale would be interesting...
7 November 2017, 14:23 UTCCorporate 'the buck stops here' at CenturyLink / Level3
Key bit here:
"Corrective Actions: ... The individual responsible for this policy change has been identified."
I feel for that worker bee. Sounds like they need a scapegoat for bad process.
Root Cause: A configuration issue impacted IP services in various markets across the United States. Fix Action: The IP NOC reverted a policy change to restore services to a stable state. Summary: The IP NOC was informed of a significant client impact which seemed to originate on the east coast. The IP NOC began investigating, and soon discovered that the service impact was occurring in various markets across the United States. The issue was isolated to a policy change that was implemented to a single router in error while trying to configure an individual customer BGP. This policy change affected a major public peering session. The IP NOC reverted the policy change to restore services to a stable state. Corrective Actions: An extensive post analysis review will be conducted to evaluate preventative measures and corrective actions that can be implemented to prevent network impact of this magnitude. The individual responsible for this policy change has been identified. This service impact has concluded; if additional issues are experienced, please contact the CenturyLink Technical Service Center. There may be additional analysis and discovery that occurs as the incident is reviewed by NOC management. Any available updates will be relayed upon event ticket closure. At that time, a customer satisfaction survey link may be available. We strive to provide thorough communications containing the available information during a service disruption. Please let us know if the updates you received during this event were satisfactory.
More light reading:
When that link breaks:
Even more on complex systems and root cause:
4 November 2017, 6:44 UTCFilesystems, files, and inodes, oh my!
Raymond Hettinger - Glad to have him as a core Python contributer.
- A thinker that has an ability to simplify the complex!
Raymond Hettinger @raymondh #python insight of the day: Directories are a namespace and behave like dictionaries where the key is a filename and the value is an inode.
11 October 2017, 16:21 UTCData just wants to be free!
Please, keep putting your data up on S3 storage unsecured people.
The defaults are secure, you are screwing it up....
Q: How secure is my data? Amazon S3 is secure by default. Only the bucket and object owners originally have access to Amazon S3 resources they create. Amazon S3 supports user authentication to control access to data. You can use access control mechanisms such as bucket policies and Access Control Lists (ACLs) to selectively grant permissions to users and groups of users. You can securely upload/download your data to Amazon S3 via SSL endpoints using the HTTPS protocol. If you need extra security you can use the Server Side Encryption (SSE) option or the Server Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data stored-at-rest. Amazon S3 provides the encryption technology for both SSE and SSE-C. Alternatively you can use your own encryption libraries to encrypt data before storing it in Amazon S3.
Looks like you have to go a bit out of your way to leave it open like this:
... It has come to our attention that some customers have changed default permissions and granted public access to their buckets. Although you can grant public access to your bucket using ACLs, you must take the following issues into consideration: ... Bucket public "READ" access: This is sometimes referred to as "list" access. It allows anyone to get a complete list of your bucket content. It does not grant permissions to read content of an object. However, a list of object names can often provide more information than necessary to the public ...
You need to go further than read and poke even more holes!
26 September 2017, 19:41 UTCGoogle / Chrome - Breaking the functionality of the web to save users from themselves.
You have a site that is editable from a browser.
You now can't using Chrome:
Suppose I need to write a web browser now.
Shall I name it pointy sharp things?
18 September 2017, 18:52 UTCOptionsbleed - ask / search for it today :-)
Check for Limit in your Apache .htaccess files for now, and patch.
If you allow users to create .htaccess on shared hosting... patch now. More to follow later...
15 September 2017, 17:07 UTCOld Python 2.7 install on Windows need pip / setuptools help?
Had some trouble with pip installing packages on a Windows install today.
I had a need to use pyad - 'cause screw using Powershell and writing 500 lines of code to do the same thing in what turned out to be 41 lines....
That rant aside, if you find pip or setuptools not working, here is how to kick-start it:
python -m ensurepip python -m pip install -U pip setuptools Then give your installer another go (should be installed and upgraded). Global install if you dare: python setup.py install
24 July 2017, 17:45 UTCGoogle - how about "no".
20 June 2017, 18:49 UTCSo, in 2017, Grub2 still can't boot md raid 1.2 with on lvm top of it?
6 June 2017, 20:14 UTCWhere does that module live in the Python install?
31 May 2017, 18:38 UTCWindows 10 - Updates stopped and error: 0x8024401c?
30 May 2017, 13:34 UTCGoogle, where is your head? Not Secure. Is that the best wording you could come up with?
30 May 2017, 4:48 UTCO.K. Google, where are you getting your TZ data?
26 May 2017, 20:45 UTCBye
19 April 2017, 14:48 UTCSegfault error codes:
12 April 2017, 14:34 UTCTruly international experiences today.
5 April 2017, 16:54 UTCDocumentation is the only defense against tribal knowledge.
21 March 2017, 13:07 UTCHow not to serve a web page:
8 March 2017, 16:07 UTCDeployStudio - Inappropriate repository error
3 March 2017, 15:21 UTCGmail - get your smtp replies fixed - 4.7.0 is not a rejection.
10 February 2017, 19:28 UTCCheck your mail servers cert using a tls connection:
1 November 2016, 3:37 UTCWeb programming and n-tier programming:
11 October 2016, 19:09 UTCGood old telnet
7 October 2016, 19:29 UTCCold beer and pretzels, takes care of cancer.
24 September 2016, 6:09 UTCSolve peoples problems with technology or perish.
9 September 2016, 4:43 UTCFabric fun.
10 August 2016, 3:38 UTCE: Problem with MergeList?