go ahead and register that.Dev site. I don't think you can... because.dev isn't open for registration and is owned by somebody else. Because somebody has "borrowed" the.dev TLD that they didn't own -- then the owner came along and imposed rules - not sure you can complain. Whine a lot, certainly.
Since Google owns it for their own use - they make up the rules. If they started selling subdomains to any-taker then it might come with a caveat "SSL only"
Sorry but my sympathy is thin on this topic -- this is DNS 101. This isn't Google forcing you to be secure. Don't use a domain name you don't own.
I think most of us know about the IP block 10.x and 192.168.x.x --- and I know not to use somebody else's IP range (e.g. don't use 3.x.x.x) And I knew enough about DNS not to make domains up - we had the same need years ago, private domain for testing, and I was stumped until somebody showed me that.local was reserved for this purpose so we built out a QA lab using it. Along with 10.x addresses (some of which are internally routable by some companies -- make sure to check on that too- this would be internal IT strategy).
Seriously - it would be like attempting to create a subdomain under mypc.xxx.microsoft.com It might work for a bit but shouldn't.... so don't do it.
Okay - maybe the.dev was unassigned until a few years ago. You should plan on migrating to a reserved entry.
Sometime ago CNN decided that every article required a Video to go with it. Yes - sometimes the video is the TV broadcast recording of the article.
But **many** times the video has little to do with the article itself. For example if Boeing is having an off year the accompanying video might have to do with the launch of the 787 Dreamliner from a few years ago. And then when the video is finished playing it just moves onto whatever video is next available. Somebody was tasked with "find a video" and they do. One cannot watch the selected video and be informed about the actual Text of the article.
Think of all the used bandwidth due to this. Not that I've looked hard - but I haven't found an easy way to block their new video platform. Used to be I could block Flash until clicked.
I've seen that some once thriving area's are now shrinking - people have moved to new areas. And maybe those stores need to close.
It feels more like Refactoring. Close the ones that aren't working and open new ones that will work.
Economics says that this will take care of itself. I don't think Amazon is the cause. Yes - Sears has done a lot to hurt itself. But they started out as a catalog store - able to service areas without having to build a giant store. And many feel they failed to react quickly enough to changing landscape.
As for being a made up media hype - could be. But I don't read the news anymore. It's all fake... right?!
so right. The tone of the transcript is "yeah - we really had no chance against those big bad Russian guys. We kept everyone else out...but not those guys " Russia is hacking everything in sight - gosh none of us stand a chance.
Plus - it's a diversion. "ignore the man behind the curtain" -- "look! Squirrel... and Moose too" Pin it on that Russian voter thing - ignore Yahoo. Look at that other guy.
Exactly. FB has had the option of syncing with your local address book for years. This isn't a FB only address book - no - it is everything on my local phone uploaded to them.
So I don't enable it because I don't want to share it. However, a friend decides to use it -- and guess what.... all my contact info is uploaded to FB without my permission. FB has my email address - and can link it to that other synced address book. Now they know me and a lot more info than I shared with FB. Sorry - my read birth date is not January 1.
While I may opt-out of what I tell FB they can't share/know about me -- Somebody ELSE can make a different decision for me. Yeah - I don't like that.
So far the early adopters seem to be trying to make a fast buck on the ever increasing value of the system - which grows because new people enter it. Is this real growth or a ponzi scheme?
Wow - imagine if the banks could have an Undo button. Reset. Start over.
National Debt could be erased, all those bad loans. Bankruptcy? What Bankruptcy?!
I can't imagine losing $32 million in some money "system" --- could you imagine placing your paycheck into this "bank" to pay for all your stuff, and then the landlord says "last month's check never came through" only to find everything gone! $32, $320, $3200... or $32 million. Who cares how much evaporated - it's gone. Speculative investments at their best.
It's an experiment that people are willing to invest $100's millions into? Feels more ponzi to me.
We are SSO and use LastPass. Many of our systems are SSO - and LastPass thinks that each is a different site, but happily records my SSO password. And then LastPass puts up a warning "you have reused the same password at multiple sites - this is bad"
But wait -- they are all the same system, or at least have SSO integration. I wonder if that skews their results at all?!
Which is the pitfall of SSO: - one password to remember -- and only one to guess.
Thanks for the tech support update. It doesn't sounds like Google has changed any kind of policy - rather is having an issue enforcing current policy.
In other news - my Intel video driver update is causing Outlook to draw a black page when I plug in an external monitor. Choosing "disable hardware acceleration" appears to be the work around.
Public service --- Just incase anyone else needs to know about that bug too. I'll post it to twitter hoping to make it a Slashdot article. The twitter universe - where all the news that isn't is published.
The ReplyAll podcast covered the Verizion FiOS "everywhere" in NYC story a while back. Short version: It isn't coming.
A lofty goal which I find hard to believe will happen. Of course now that the new software engineer millionaires have pushed all of the poor people out of SF - they can start making fibre demands on their ISP (that's sarcasm btw). Even better - Organic Fibre !!!
I'm willing to bet that Kaspersky had an employee who was also an unknown intelligence spy on the payroll.
The intelligence agency figured out the US Govt was using software - submitted resume for spy to open job - and spy reported to work as instructed. Aren't we worried that the NSA is asking Google/Apple/ISP (cough AT&T) to open the door a crack?
Isn't this the fear of many in security? - that an unknown group could change the C compiler source code to ignore or replace certain instructions. Then modify the encryption software with a backdoor that matches the pattern the compiler is looking for - and thus inject a backdoor? Said backdoor is not visible/obvious in the encryption software.
And the method to do this is have spies report to work at legitimate businesses. with external orchestration of their activities.
Also possible that said spy figured out the zero-day which was put to use from another group outside. OR coded said backdoor or side-channel vector.
This was the title of a ReplyAll podcast episode a while back. Since they use the Google platform themselves they dove into this question after several kinds of attacks surfaced in the media. Most interestingly those with Google Authenticator keys could be attacked through social engineering (using methods similar to the Google docs attack). Therefore, having an "idiot proof" key exchange sounds like a great and necessary method to secure our stuff. While this is Google only now - I'm willing to bet it will expand in the future. I also use Microsoft's authenticator for work access - and a message pops up on my iWatch asking "are you trying to login" and requires a simple Yes/No tap. Google also has a similar feature in the Google app. No more typing codes.
Well --- way back when, before even my time - you picked up the phone and said into it "I want to call Bob across town" --- or "Can you connect me with Sears catalog order dept?" and magically the call would be connected.
Then a big detour happened and the operators were replaced by dial-pads and you did it yourself.
Now we're back to talking to the operator and her name is Siri.
What's old is new again. Or is that new is old again?
It is true that it comes down to one person to deploy the patch. But somebody somewhere else in the process should be reviewing the list of unpatched servers and asking "Hey - what's up?! how come this list of servers still isn't patched?"
Hard to believe that the have a flow down org and hope the bottom feeders are doing their jobs....without any oversight.
No no - somebody higher up isn't doing their job either !!!
It's a telephone. The first year that the Bell phone hung on the wall everyone I'm sure was excited. Now a days there's a box in my parent's basement full old crap phones...you want one? all are free!!! This is where we are with the iPhone. It's a phone. The most exciting feature of the X is an animated emoji - I hear the movie sucked ! The phone is still a rectangle. You have any idea how long it took AT&T to change the shape of the phone - wasn't until after it was deregulated.
I do need a new phone - have a discontinued iPhone 5 (no S, no C, no Plus.... plain old original stock). However, the X is too rich and thinking about the whole material things won't love me issue...I'll go for the 8. But my wife has the 7 --- and I don't see a difference.
Obviously I hold onto things until they expire. Do I save a buck and get the 7 or at least get the most current model 8?! or maybe the SE because it is smaller - and I have the watch too.
But why do I need a smartphone again?! Oh, so I can swipe through FB twice a day while pretending to care about the content !? That experience can be had for far less than a $1,000 X.
And damit -- why are the storage sizes 64 or 256. Why couldn't it have been a useful 128 vs 256? Oh - 'cause nobody would pay the premium for a 256. I guess I will be parted from my money.
I went looking to see if my records were affected. Then followed the link to their special website -- and was mildly nervous over the name. I then realized how stupid the name was and was sure the spammers would start sending out fake look-a-like links.
Apparently their naming scheme is to cover next year's planned leak of data.
Of course when these reports began to come to light I immediately went and verified that I had been on a real site. There was no feedback - I submitted a task to them and was presented with "due to volume this make take awhile" -- it's been a week and still no email from them. And yes -- I went back and verified a third time that I was on the real site.
They have been good at their core business. collecting and sharing financial data on millions of people. Nowhere in their charter does "security" or "trust" exist. We are the product they sell.... not security products.
Just look at how they originally offered the free service to monitor accounts: first you had to sign up, they didn't automatically enroll you.. Second - you had to promise not to sue them (term since removed).
They don't care about you, the product. They want high quality "data" and take good care of it like the hamburger makers want high quality cows. And if a cow dies - oh well, they'll look into it. They grow cows and sell hamburger. Hamburger is the product... not cows. You are a cow - your compiled financial data is the product.
This consolidation of information has been a concern of mine for years. I always wondered what would happen if data was stolen at this level. Now I have to ask -- is it valuable anymore?
With the old version of FF entering the warning track - I've decided that I'll take the time to upgrade everything.
Getting rid of my flip phone and moving to Windows Phone. Upgrading from Windows XP to Ubuntu Satanic. FF ESR to Opera !!
there. now I'll be current and fashionable.
sorry for poking fun at the OP. But this is why companies (like major air traffic control systems) still run on XP. It was as good as it ever got - and too many reasons to stay behind. Adapt or get run over by the wheel progress.
I was a Palm Pre+ consumer & part-time app dev - loved webOS. When they folded one of the leaders wrote a nice letter to future generations regarding the wonderful creations in webOS and how he hoped those ideas would live on. As each developer at Palm took new jobs - hopefully they'd take the ideas with them.
I recall when iOS got the "double-tap" Home button that mimicked the swipe-up from webOS. How refreshing it was to switch apps more easily (and later added the flick-up "terminate" feature too).
Even the swipe down and "universal search" made it into iPhone -- and I hear Android. I am hopeful that iOS will someday have a truly "universal search" feature. Although the physical keyboard made it easier to use ("just start typing"). I also liked that webOS treated many things (such as email, calendar, address) as a datasource that flowed through a common component.
Palm had: Single addressbook (multi-source), wireless charging, unique UX. I think I still have the phone and touch-charging station in box somewhere - I thought of it as historical in what it achieved.
yes - well I too have cursed at many a hammer for bashing my thumb. After a long imitation of Yosemite Sam - I quickly realize that maybe the person operating the hammer was at fault.
But more importantly I don't take to twitter to complain about the "stupid" hammer. Unless I intend it solely in jest of my personal stupidity.
From the ashes maybe a new OS feature will arise. Something that makes backing up data easier. Seriously - it is harder than it needs to be. Plus I must be an active participant.
Slashdot Mirror
go ahead and register that .Dev site. I don't think you can ... because .dev isn't open for registration and is owned by somebody else. Because somebody has "borrowed" the .dev TLD that they didn't own -- then the owner came along and imposed rules - not sure you can complain. Whine a lot, certainly.
Since Google owns it for their own use - they make up the rules. If they started selling subdomains to any-taker then it might come with a caveat "SSL only"
Sorry but my sympathy is thin on this topic -- this is DNS 101. This isn't Google forcing you to be secure. Don't use a domain name you don't own.
I think most of us know about the IP block 10.x and 192.168.x.x --- and I know not to use somebody else's IP range (e.g. don't use 3.x.x.x) And I knew enough about DNS not to make domains up - we had the same need years ago, private domain for testing, and I was stumped until somebody showed me that .local was reserved for this purpose so we built out a QA lab using it. Along with 10.x addresses (some of which are internally routable by some companies -- make sure to check on that too- this would be internal IT strategy).
Seriously - it would be like attempting to create a subdomain under mypc.xxx.microsoft.com It might work for a bit but shouldn't.... so don't do it.
Okay - maybe the .dev was unassigned until a few years ago. You should plan on migrating to a reserved entry.
thanks - I'll look into them.
Sometime ago CNN decided that every article required a Video to go with it. Yes - sometimes the video is the TV broadcast recording of the article.
But **many** times the video has little to do with the article itself. For example if Boeing is having an off year the accompanying video might have to do with the launch of the 787 Dreamliner from a few years ago. And then when the video is finished playing it just moves onto whatever video is next available. Somebody was tasked with "find a video" and they do. One cannot watch the selected video and be informed about the actual Text of the article.
Think of all the used bandwidth due to this. Not that I've looked hard - but I haven't found an easy way to block their new video platform. Used to be I could block Flash until clicked.
I thought that many of the chat scams are via chatbots already. So won't this be like Google Go AI playing Google Go AI ?
That'll be the future of the internet. A bunch of angry AI bots battling it out in a deadly embrace. That will be how the world ends !!
I've seen that some once thriving area's are now shrinking - people have moved to new areas. And maybe those stores need to close.
It feels more like Refactoring. Close the ones that aren't working and open new ones that will work.
Economics says that this will take care of itself. I don't think Amazon is the cause. Yes - Sears has done a lot to hurt itself. But they started out as a catalog store - able to service areas without having to build a giant store. And many feel they failed to react quickly enough to changing landscape.
As for being a made up media hype - could be. But I don't read the news anymore. It's all fake... right?!
so right. The tone of the transcript is "yeah - we really had no chance against those big bad Russian guys. We kept everyone else out...but not those guys " Russia is hacking everything in sight - gosh none of us stand a chance.
Plus - it's a diversion. "ignore the man behind the curtain" -- "look! Squirrel... and Moose too" Pin it on that Russian voter thing - ignore Yahoo. Look at that other guy.
Exactly. FB has had the option of syncing with your local address book for years. This isn't a FB only address book - no - it is everything on my local phone uploaded to them.
So I don't enable it because I don't want to share it. However, a friend decides to use it -- and guess what.... all my contact info is uploaded to FB without my permission. FB has my email address - and can link it to that other synced address book. Now they know me and a lot more info than I shared with FB. Sorry - my read birth date is not January 1.
While I may opt-out of what I tell FB they can't share/know about me -- Somebody ELSE can make a different decision for me. Yeah - I don't like that.
So far the early adopters seem to be trying to make a fast buck on the ever increasing value of the system - which grows because new people enter it. Is this real growth or a ponzi scheme?
Wow - imagine if the banks could have an Undo button. Reset. Start over.
National Debt could be erased, all those bad loans. Bankruptcy? What Bankruptcy?!
I can't imagine losing $32 million in some money "system" --- could you imagine placing your paycheck into this "bank" to pay for all your stuff, and then the landlord says "last month's check never came through" only to find everything gone! $32, $320, $3200... or $32 million. Who cares how much evaporated - it's gone. Speculative investments at their best.
It's an experiment that people are willing to invest $100's millions into? Feels more ponzi to me.
Just have fun with it.
In other news - writing Secure Code still is a thing. And: "where there's a will - there's a way" to get around anything you attempt to build.
First come the pranksters having fun. Then come the hackers who realize "hey - look at what is possible!"
We are SSO and use LastPass. Many of our systems are SSO - and LastPass thinks that each is a different site, but happily records my SSO password. And then LastPass puts up a warning "you have reused the same password at multiple sites - this is bad"
But wait -- they are all the same system, or at least have SSO integration. I wonder if that skews their results at all?!
Which is the pitfall of SSO: - one password to remember -- and only one to guess.
Thanks for the tech support update. It doesn't sounds like Google has changed any kind of policy - rather is having an issue enforcing current policy.
In other news - my Intel video driver update is causing Outlook to draw a black page when I plug in an external monitor. Choosing "disable hardware acceleration" appears to be the work around.
Public service --- Just incase anyone else needs to know about that bug too. I'll post it to twitter hoping to make it a Slashdot article. The twitter universe - where all the news that isn't is published.
The ReplyAll podcast covered the Verizion FiOS "everywhere" in NYC story a while back. Short version: It isn't coming.
A lofty goal which I find hard to believe will happen. Of course now that the new software engineer millionaires have pushed all of the poor people out of SF - they can start making fibre demands on their ISP (that's sarcasm btw). Even better - Organic Fibre !!!
https://gimletmedia.com/episod...
I'm willing to bet that Kaspersky had an employee who was also an unknown intelligence spy on the payroll.
The intelligence agency figured out the US Govt was using software - submitted resume for spy to open job - and spy reported to work as instructed. Aren't we worried that the NSA is asking Google/Apple/ISP (cough AT&T) to open the door a crack?
Isn't this the fear of many in security? - that an unknown group could change the C compiler source code to ignore or replace certain instructions. Then modify the encryption software with a backdoor that matches the pattern the compiler is looking for - and thus inject a backdoor? Said backdoor is not visible/obvious in the encryption software.
And the method to do this is have spies report to work at legitimate businesses. with external orchestration of their activities.
Also possible that said spy figured out the zero-day which was put to use from another group outside. OR coded said backdoor or side-channel vector.
This was the title of a ReplyAll podcast episode a while back. Since they use the Google platform themselves they dove into this question after several kinds of attacks surfaced in the media. Most interestingly those with Google Authenticator keys could be attacked through social engineering (using methods similar to the Google docs attack). Therefore, having an "idiot proof" key exchange sounds like a great and necessary method to secure our stuff. While this is Google only now - I'm willing to bet it will expand in the future. I also use Microsoft's authenticator for work access - and a message pops up on my iWatch asking "are you trying to login" and requires a simple Yes/No tap. Google also has a similar feature in the Google app. No more typing codes.
https://gimletmedia.com/episod...
Of course the attacks of the future will be to steal the current key value off your device.
Call me anything 'cept late for dinner.
Well --- way back when, before even my time - you picked up the phone and said into it "I want to call Bob across town" --- or "Can you connect me with Sears catalog order dept?" and magically the call would be connected.
Then a big detour happened and the operators were replaced by dial-pads and you did it yourself.
Now we're back to talking to the operator and her name is Siri.
What's old is new again. Or is that new is old again?
It is true that it comes down to one person to deploy the patch. But somebody somewhere else in the process should be reviewing the list of unpatched servers and asking "Hey - what's up?! how come this list of servers still isn't patched?"
Hard to believe that the have a flow down org and hope the bottom feeders are doing their jobs....without any oversight.
No no - somebody higher up isn't doing their job either !!!
It's a telephone. The first year that the Bell phone hung on the wall everyone I'm sure was excited. Now a days there's a box in my parent's basement full old crap phones...you want one? all are free!!! This is where we are with the iPhone. It's a phone. The most exciting feature of the X is an animated emoji - I hear the movie sucked ! The phone is still a rectangle. You have any idea how long it took AT&T to change the shape of the phone - wasn't until after it was deregulated.
I do need a new phone - have a discontinued iPhone 5 (no S, no C, no Plus.... plain old original stock). However, the X is too rich and thinking about the whole material things won't love me issue...I'll go for the 8. But my wife has the 7 --- and I don't see a difference.
Obviously I hold onto things until they expire. Do I save a buck and get the 7 or at least get the most current model 8?! or maybe the SE because it is smaller - and I have the watch too.
But why do I need a smartphone again?! Oh, so I can swipe through FB twice a day while pretending to care about the content !? That experience can be had for far less than a $1,000 X.
And damit -- why are the storage sizes 64 or 256. Why couldn't it have been a useful 128 vs 256? Oh - 'cause nobody would pay the premium for a 256. I guess I will be parted from my money.
Oh woes me.
I went looking to see if my records were affected. Then followed the link to their special website -- and was mildly nervous over the name. I then realized how stupid the name was and was sure the spammers would start sending out fake look-a-like links.
Apparently their naming scheme is to cover next year's planned leak of data.
Of course when these reports began to come to light I immediately went and verified that I had been on a real site. There was no feedback - I submitted a task to them and was presented with "due to volume this make take awhile" -- it's been a week and still no email from them. And yes -- I went back and verified a third time that I was on the real site.
But I'm still nervous.
They have been good at their core business. collecting and sharing financial data on millions of people. Nowhere in their charter does "security" or "trust" exist. We are the product they sell.... not security products.
Just look at how they originally offered the free service to monitor accounts: first you had to sign up, they didn't automatically enroll you.. Second - you had to promise not to sue them (term since removed).
They don't care about you, the product. They want high quality "data" and take good care of it like the hamburger makers want high quality cows. And if a cow dies - oh well, they'll look into it. They grow cows and sell hamburger. Hamburger is the product... not cows. You are a cow - your compiled financial data is the product.
This consolidation of information has been a concern of mine for years. I always wondered what would happen if data was stolen at this level. Now I have to ask -- is it valuable anymore?
With the old version of FF entering the warning track - I've decided that I'll take the time to upgrade everything.
Getting rid of my flip phone and moving to Windows Phone.
Upgrading from Windows XP to Ubuntu Satanic.
FF ESR to Opera !!
there. now I'll be current and fashionable.
sorry for poking fun at the OP. But this is why companies (like major air traffic control systems) still run on XP. It was as good as it ever got - and too many reasons to stay behind. Adapt or get run over by the wheel progress.
I was a Palm Pre+ consumer & part-time app dev - loved webOS. When they folded one of the leaders wrote a nice letter to future generations regarding the wonderful creations in webOS and how he hoped those ideas would live on. As each developer at Palm took new jobs - hopefully they'd take the ideas with them.
I recall when iOS got the "double-tap" Home button that mimicked the swipe-up from webOS. How refreshing it was to switch apps more easily (and later added the flick-up "terminate" feature too).
Even the swipe down and "universal search" made it into iPhone -- and I hear Android. I am hopeful that iOS will someday have a truly "universal search" feature. Although the physical keyboard made it easier to use ("just start typing"). I also liked that webOS treated many things (such as email, calendar, address) as a datasource that flowed through a common component.
Palm had: Single addressbook (multi-source), wireless charging, unique UX. I think I still have the phone and touch-charging station in box somewhere - I thought of it as historical in what it achieved.
yes - well I too have cursed at many a hammer for bashing my thumb. After a long imitation of Yosemite Sam - I quickly realize that maybe the person operating the hammer was at fault.
But more importantly I don't take to twitter to complain about the "stupid" hammer. Unless I intend it solely in jest of my personal stupidity.
From the ashes maybe a new OS feature will arise. Something that makes backing up data easier. Seriously - it is harder than it needs to be. Plus I must be an active participant.
I already read this on fake news site. Seriously though
A) is anyone surprised?
B) Is this news that nerds care about?