A Postscript to the Leap Second
The inexorable progress of time clocked past the New Year and at 23:59:60 on the 31st December 2016 UTC the leap second claimed another victim. This time Cloudflare described how the Leap Second caused some DNS failures in Cloudflare’s infrastructure. What's going on here? It should not have been a surprise, yet we still see failing systems.After Two Years, Do I Find Self-Employment Worthwhile?
In March 2015, I started working for myself exclusively. That is to say, I went from working for someone else full-time while also operating my own company full-time to working strictly for my own company. How am I feeling after nearly two years of self-employment?
Fulfillment
Working for myself has proven to be fulfilling. I like the correlations to be found among opportunity, effort, risk, reward, and failure. I can weigh all of those things, make a decision of how to proceed, and benefit (or suffer) directly in accordance with my decisions. That is fulfilling to me.
Suffering, by the way, isn’t a bad thing. We could all stand to do a bit more of it today, so that we do a bit less of it tomorrow.
Process
I am free of silly processes that cripple my ability to get things done, not that I believe process is inherently bad. With my own company, I still have to define processes, but I can keep them both streamlined and fluid. I’m also free to let the people that work with me define their own processes, with me providing only the input required to achieve the desired result.
Balance
When working for other employers as an IT professional, Continue reading
Response: Proposed server purchase for GitLab.com | GitLab
Gitlab is talking about heading into the private cloud after successfully building a cloud-ready application. The savings are substantial for a small, technology-rich company:
The cloud hosting for GitLab.com excluding GitLab CI is currently costing us about $200k per month. The capital needed for going to metal would be less than we pay for 1 quarter of hosting. The hosting facility costs look to be less than $10k per month. If you spread the capital costs over 2.5 years (10 quarters) it is 10x cheaper to host your own. (My emphasis)
This sounds about right but I don’t think this factors in head count for operating the physical infrastructure. Lets say that two extra FTEs at $15K per month are required, this still one third the cost of AWS. The reaility is $2.4MM is a substantial yearly budget for IT Infrastructure and for an application that already cloud-ready it would go a very long way
For a small company that is focussed on technology adding more headcount is good for capacity. In a team of ten people, adding 2 headcount increases diversity of thinking, ideas and approaches and can be important to spreading out the workload e. Continue reading
Iran Leaks Censorship via BGP Hijacks
Last week, we reported via Twitter that the Iranian state telecom TIC hijacked address space containing a number of pornographic websites. The relevant BGP announcement was likely intended to stay within the borders of Iran, but had leaked out of the country in a manner reminiscent of Pakistan’s block of Youtube via BGP hijack in 2008. Over the weekend, TIC performed BGP hijacks of additional IP address space hosting adult content as well as IP addresses associated with Apple’s iTunes service.
Iranian state telecom hijacking IP space that is hosting adult websites. Censorship leaking out of Iran? #bgphijack pic.twitter.com/t4XTLnQhIS
— Dyn Research (@DynResearch) January 6, 2017
In addition, in 2015 on this blog we reported that a new DNS root server instance in Tehran was being leaked outside Iran, a situation that was quickly rectified at that time. Despite the fact that the Tehran K-root is intended to only be accessible within Iran, as we will see below, it is currently being accessed by one of the largest US telecommunications companies.
Iranian BGP-based Censorship
Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites. Continue reading
Worth Reading: The quiet revolution of apprenticeships
The post Worth Reading: The quiet revolution of apprenticeships appeared first on 'net work.
Response: The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean | The Hacker Blog
So obvious but I’m checking my unused domains to make sure they have no nameservers configured
The root of this vulnerability occurs when a managed DNS provider allows someone to add a domain to their account without any verification of ownership of the domain name itself. This is actually an incredibly common flow and is used in cloud services such as AWS, Google Cloud, Rackspace and of course, Digital Ocean. The issue occurs when a domain name is used with one of these cloud services and the zone is later deleted without also changing the domain’s nameservers. This means that the domain is still fully set up for use in the cloud service but has no account with a zone file to control it. In many cloud providers this means that anyone can create a DNS zone for that domain and take full control over the domain. This allows an attacker to take full control over the domain to set up a website, issue SSL/TLS certificates, host email, etc. Worse yet, after combining the results from the various providers affected by this problem over 120,000 domains were vulnerable (likely many more).
The Orphaned Internet – Taking Over 120K Domains via Continue reading