7164601d18a48604ab0e6b9bc845d88831cb8d69.jpg

Looks like Elon Musk launched the right tool to heat up the bound-to-be-controversial next few months even more. His new AI model includes an image generator that seems to be mostly uncensored. And politics aside, there are a lot of discussions whether or not those kinds of images are legal or not. This clearly being a caricature, I think this is still clearly within the boundaries of free speech. Whether or not it's tasteless or funny, is probably a more personal thing.

I was at the IEEE conference in Boston (early 1990s I think, maybe late 80s) where the big thing was what to do with the fact that we were going to run out of IP addresses. It was there that the IPv6 thing was born. Maybe it started earlier but they brought that to the surface and gave it traction. But, I agree, my first impression was that they were going to add 2 octets to the address making it 6 bytes (ergo the 6 in IPv6 vs the 4 in IPv4). But no. Shit got out of control and now the address is 16 bytes or they prefer 8 groups of 16-bits each. It's mapped out in some cryptic complicated way. Technically it got out of control early and no one could challenge the egos involved. The even use the word "simpler" early in the IPv6 RFC. I was fooled. But then again I thought "Affordable Healthcare" meant that medical costs would go down.

I have been characterizing the security threat by literally watching IPv4 traffic at the node of an externally facing device (not behind a router/NAT). The idea was to give the OS the tools to deal with it should anyone ever need. But this clear and ever present threat needs to be addressed at the source and not by taking a defensive posture. It degrades the efficiency of the underlying network. My bet too is that these nefarious actors aren't paying their way and we carry the cost. All in the name of free-speech I guess. Not to mention that most of it is supported by the public's infected hardware mess.

Then I realized that this is NOT the whole picture. The network is not now just IPv4. There is a whole separate (less controlled) network, in effectively a parallel universe, allowing who-knows-what to transpire where (at least) I could not see. It is less controlled since your device can be directly addressed from anywhere in the world. The NAT trick not only allowed a whole household to operate with one external IP address but it created a firewall isolating the devices (computers) on your network from the outside without anyone having to know what a firewall actually was. Magically the first innocuous security solution.

The NAT translation also came out of that Boston conference as an alternative (I think). This saved the day for IPv4. The combination of a couple of additional octets in the IP protocol and NAT would be the answer. But no. One was viewed as a stop-gap work-around and the other became the veritable Pandora's Box in the the anti-K.I.S.S. world of academic types looking to make a name for themselves with too much time on their hands. Competitive efforts.

I would recommend that IPv6 be disabled in any facility. The governments requiring that both be active are maybe those that want direct access to all of your devices (e.g. no firewall). I can't think of any other reason to have that requirement. It is a paranoia they have that you might be using a device that they cannot detect/monitor/control/police/tax.

My gadget (our gadget as you might know what it is) is better off for not supporting IPv6. It could stay that way even if prohibited by certain governments. But I am the curious sort so I started to looking into it (again).

But I rant as usual. As Marcel and a lot of you know, being grumpy, complaining and ranting has no more effect than gas escaping into the Void. Otherwise shows like The Daily Show and Colbert Show could change the world. Instead they prosper behind the comedy/entertainment moniker. Long live Lewis Black! And p.p.k.a John Stewart. Welcome back!

END OF LINE

For most internal stuff, IPv6 is more a nuisance than a solution. The thing is: Governments and as a result also many bigger companies around here are now starting to require that stuff works with both IPv4 and IPv6.

The biggest blunder of IPv6 is that it was designed as a completely separate protocol, alongside IPv4. Also, IPv6 doesn't do anything you couldn't equally achieve with IPv4. So, IPv6 requires you to do everything twice, with zero added gains. The alternative was to just add a few octets to IPv4 and start using those additional octets once we could reasonably assume that everybody must have transitioned.

Essentially, I completely agree with this guy, at least on IPv6.

Not for nothin' but I have avoided this IPv6 bullshit. Even the routine to properly display the stupid addresses was a pain to write. I haven't yet tried to parse one that someone might enter if anyone bothers. Seems like it would be easy but there are twice as many outlier cases that have to be handled than there are actual print statements. Its this '::' shorthand thing you can only use once. Been looking into it since my OS lacks this apparent necessity.

The whole thing just reminds me of a cow designed by a committee (e.g. a moose). There has to be a similar analogy for this. This got its start with everyone whining about the lack of IPv4 address space. Some people made some poor decisions. That crap has festered and fermented into a standard that no one has anything good to say about. Kind of a parallel to where this society is going.

Remember a year or two or so back, when Facebook (don't know if they called the mothership Meta already back then) pulled a leg on their BGP, which caused all Facebook services to vanish from the Internet for a few hours? A lot of non-Facebook related websites wouldn't load properly, because all those social integrations and tracking junk on those sites wouldn't load.

Your modern web developer is one sloppy beast. Resulting in sites that are a hot mess of CSS and Javascript and whatnot frameworks, all downloading from somewhere on the World Wide Web, a lot of them loading themselves from some random CDN. I remember when Fastly, one of those CDNs hosting a lot of this general framework dreck, went down in flames, millions of sites stopped working partly or entirely, among them a few big ones, including some major news outlets...

Right now, they're even being sued by their own shareholders, don't know how they think that's going to help, but yeah...

We'll see how far it will go, I guess it will be settled though. Holding technology companies liable for their SNAFUs will set an interesting precedent. Until now, if e.g. Microsoft messed up with a botched update, that took me multiple days to fix, there is no way Microsoft is going to off-set those costs.

This particular outage affected less than a percent of all computers out there. Imagine what would happen if Microsoft would release a patch with similar consequences that affects e.g. 20 or 30% of all machines globally? When that day happens, I hope I'm somewhere deep in the mountains, with no cellphone coverage...

Sorry for being a pedantic prick. It just reminds me of a preach I got back somewhere in 1999 when I requested my first IP space via RIPE, the European regional Internet Registry. Somewhere in my request I referred to a "Class C" network and as such, my request was promptly DENIED. Why? Since somewhere around 1993, the term "Class A/B/C" network has been deprecated for their Classless "CIDR" counterparts: Your class A is a /8 network now, your class B is a /16 and a class C network will now only be referred to as a /24.

The average IQ of our politicians seems to have dropped below freezing point on practically any temperature scale other than Kelvin over the last couple of decades.
When was the last time you've seen a politician that was only halfway competent in IT stuff? How do you expect the governments we have right now protecting us from those kind of dangers if they can't even agree on the most basic of things?​

That can be easier said than done. I use the NoScript Firefox plugin when browsing, in order to control what third parties do and don't get to run scripts on my computers. When I first started to do so, on the recommendation of a co-worker, I was shocked at how many seemingly unrelated third parties were trying to execute code whenever I visited a website. This is what it found on just one news site. I have visited other sites in which a list of 30-40 third parties trying to run scripts appears.

image.png​

How many average PC users know that they need to take steps like this in order to prevent Google, Twitter, etc. being able to help themselves to your browsing history, and likely much else besides?

BTW, a news conference is being widely reported (e.g. here) in which the CEO of Delta claimed that the Crowdstrike SNAFU cost the airline half a billion. The costs incurred by Delta's customers who suffered flight disruption likely add at least tens of millions more on to that.

Could be a metaphor for a society dependent upon networks and concoctions of sloppy open source rookie wannabee gamer programmed software. Wait! See Battle Star Galactica. The series remake. Not the original.

I have been literally sitting watching a Chinese IP address hard attack one of our public IP addresses. I have the source address blocked but still they are pounding us attempting an SSH connection. I would say it was a denial of service (DoS) attack but this cannot be considered a high value target for that. It would be a lame attempt. I am thinking now that there must be some highly secure device someplace that accepts SSH connection only from a specific source port. Maybe that rolls with time. They are looking for a very specific socket in an attempt to gain access.

You all can guess what device I have connected out there. It is thwarting these suckers. JANOS rules! ;-)

I have added the ability to blacklist IP addresses and have an application automatically detecting bots and adding them to the blacklist. I think, over the past couple of weeks, this has triggered the curiosity of the idiot Chinese government hackers.

This IP address that tracks back to China (through the cable connection I think in San Jose) has hit us over 56,000 times since yesterday afternoon and it started early yesterday morning. All blocked. Occasionally another address from that Class C IP block attempts a connection with all the characteristics of being manually initiated.

Makes me wonder if our government is trying to protect us at all? They're too busy creating bogus political ads acting like 5th graders calling names and bullying. How do we even let that go on?

END OF LINE

Those CrowdStrike folks should've taken a lesson about centralization from Star Wars Episode 1:

What pose? Stomping in a pile of horse shit? That's about Disney's speed, these days! Isn't it?
(Look closer, under the carriage wheels... When you see it, you'll shit... Uh, never mind...)

Remember that, in those days, "Cowboys" were as popular as things like Pokemon are, today. Every kid knew the phrase, "Stick 'em up!"

Those kids are, surely, the young sons and daughters of people who worked for Disney.

DIsneyStagecoach.jpg
When I saw this photo, my first thought was that "the times have changed",
and Disney wouldn't be able to get away with such a pose today. But then
I realized that, in reality, maybe things aren't really so different now, because
if any of those kids grew up and became theater owners, Disney is still
holding them hostage with every new release.

Bottom line: CrowdStrike's flagship product is fundamentally flawed, at its core and should not be used by anybody, for any reason, at any time, ever!

This is disappointing because the company has a fairly long and successful history. It's sad to see such a company go down in flames like this!

Rhetorical: If I was in charge of a company that used CrowdStrike, I'd be thinking about removing their software, forthwith. I'd almost rather let my systems run with no malware protection than to allow anybody to inject bad code directly into the core of my operating systems at any time, without the ability to stop them.

Yes, yes! I know! That's not the smartest idea. I'm only talking about my emotional response to the situation. Practical reality is different.
Instead, I'd probably be putting a team of people on the task of replacing CrowdStrike with something else ASAP.

Then, I'd be making that phone call and telling CrowdStrike to go to hell!

Here is a video explaining what happened:

CrowdStrike IT Outage Explained by a Windows Developer

Even if it would take too long to certify the software in order to prevent a new threat, it appears to me that they did not even adequately test their software before setting it loose to do the damage.



​

People break the cardinal rule all the time: My computer is my property and I am the sole arbiter of what code gets executed on it. Breaking that rule puts your computer and your business at risk.

This does not mean that you have to be a computer expert who knows what every line of code does. It means that you need to be very careful of your sources and not allow third party code to run on your computer unless you trust the source, implicitly.

The problem is that it's very hard to know who to trust, these days.

I've done a little bit of reading on the subject of CrowdStrike. This isn't the first time they've had screw ups like this! In fact, it's the third time this year!

From Wikipedia: https://en.wikipedia.org/wiki/CrowdS...tage_incidents

To me, this indicates a SEVERE problem with the way that company operates. Things like this should never happen. Certainly not three times within ninety days!

If I was in charge of CrowdStrike there would be heads on pikes!
​

There are many things that pull code directly from a remote server when they are running.

So you can write a program and the code that you import today may not code that you're running tomorrow even though (supposedly) it's the same program.

This seems completely irrational to me.

Wouldn't basic sanity (let alone security) tell you to download the library you're using and run from a local copy?

People think we're crazy in not having any 3rd party code in our products. This CrowdStrike thing almost literally had me rolling on the floor laughing. I fear this is just the beginning. I can rant about the deterioration of technology. Sorry to laugh as I know this has caused many a lot of pain. So I got out my Mr. Robot merch. Using my Allsafe coffee mug in the office now. That was a reality show, right?

We've been watching raw Internet traffic. 99.99% of it is unsolicited/malicious traffic just frothing to make anyone's day a disaster.