DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…

My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.

Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.

Back in the 90’s before the days of Windows 3.0 I had to debug a memory manager written by a brilliant but somewhat odd guy. Among other thing I stumbled across:

• A temporary variable called “handy” because it was useful in a number of situations.
• Another one called son_of_handy, used in conjunction with handy.
• Blocks of memory were referred to as cookies.
• Cookies had a flag called shit_cookie_corrupt that would get set if the block of memory was suspected of being corrupt.
• Each time a cookie was found to be corrupt then the function OhShit() was called.
• If too many cookies were corrupt then the function OhShitOhShitOhShit() was called, which would terminate everything.

If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.

Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

Back in the late 90’s I worked for an internet search company, long before Google was a thing. We would regularly physically drive a dozen SCSI drives from a RAID array between two datacenters about 20 miles apart.

I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.

My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.

Some CDNs like Akamai and Cloudflare have options to optimize images. We use the Akamai one where I work. It means our creative teams, customers, etc. don’t need to worry too much about whether an image is properly optimized when they upload it. Akamai will, behind the scenes optimize the quality, color palette, and image type (jpg, web, png, etc) and create a number of different versions of the images. Then when a client requests the image Akamai looks at the client device (mobile vs desktop, screen resolution, browser version, etc) and serves the copy of the image that’s best optimized for that device.

So even if the URL ends with .jpg you might be sent a .webp. If you use the browsers developer tool to inspect the response headers you’ll likely see the Content-Type header says it’s .webp as well.

The company I work for is mainly an internet presence with a valuation in excess of $100 million. The number of emails we get offering somewhere around $5000 for our domain name is absurd…

Came here to say exactly this. Gaff tape is made out of a cotton cloth material. This is clearly plastic, so duct tape, which is very different.

Yeah but then you’re even more stuck because now the truck is stuck as well…

It’s been roughly 20 years now but my employer at the time had a number of servers that started having odd drive failures at similar times. Long story short we eventually discovered that it was the power supplies that were starting to fail.

These servers had something like 6 hard drives in them, and while troubleshooting we started seeing a pattern where any 5 would work, but as soon as the 6th was reconnected then drives would randomly fail. We eventually replaced the power supply and all 6 drives were happy again.

So you have to completely reinstall Windows if you want to get rid of the GUI on an existing system?

On Linux just edit a file & reboot…

I’ve been using 1Password for years and love it. It’s multi-device support was one of the reasons I started using it, and now have a family subscription to share some things with my wife.

I rely on TOTP a lot for my IT job. With 1Password it’s easy to display them on my Apple Watch so I don’t need to keep opening the app on my phone or laptop.

Or, maybe, the owners of the restaurant make slightly less profit and pay their employees a living wage.

There are a small number of restaurants across the US that actually do pay their servers and other employees reasonable hourly rates, and make it clear to patrons that they don’t accept tips. Prices are still reasonable and customers do continue coming back.

Started with RHEL years ago, migrated to CentOS to get away from the license fees etc. Have since moved to Amazon Linux since we subsequently migrated everything to AWS.

Then where does it get power from?

… and requires you to use Bluetooth headphones that you have to keep charged…

I’ve had my identity stolen multiple times over the years, and have had to deal with fraudulent IRS tax returns and at least 5 attempts to take credit cards out in my name. One of the data breaches that impacted me was the federal government (search for the office of personnel management or OPM data breach for details) and that got me over 10 years, and potentially lifetime protection from a really good credit & identity monitoring company.

I will NEVER willingly hand out my banking or debit card info to third parties. If fraud occurs it’s much easier to deal with a credit car company, so I’d much rather pay that way than save a little time and/or money.