|
Samizdata posted:No, there's an open source tool called DNSBench. While you are screaming about Google, maybe try it. Also, please note I said "If you have a Linux box".
|
# ? Nov 17, 2017 21:42 |
|
|
# ? May 9, 2024 23:18 |
|
This is nice because level3 recently started doing automatic redirects to a lovely search & ads page, and they were my 2nd slot after google. e: also I'm writing a DNS benchmark that runs on java, node.js, and a electron-based frontend Klyith fucked around with this message at 21:46 on Nov 17, 2017 |
# ? Nov 17, 2017 21:43 |
|
Klyith posted:e: also I'm writing a DNS benchmark that runs on java, node.js, and a electron-based frontend See you at techcrunch
|
# ? Nov 17, 2017 21:47 |
|
I might agree that Gibson is a bit opinionated but he provides tools and services that can be very useful. I will always respect him for providing a free port scan service in TYOOL 1999 when I was a young idiot kid who knew nothing but could at least scan his own ports thanks to Steve. The "Gibson is a fool" bandwagon is rather a short bus - don't get on it for no reason. That being that, is there merit to the claim that DNS performance has a meaningful impact on real world internet usage? I would assume any DNS queries are cached, which makes it irrelevant for the vast majority of requests. Am I mistaken in this?
|
# ? Nov 17, 2017 21:55 |
|
anthonypants posted:Literally the only other thing you could be talking about is this, but that requires a Go interpreter and not Linux. Dunno. I always just found it in the Debian/Ubuntu repos.
|
# ? Nov 17, 2017 22:03 |
|
Klyith posted:This is nice because level3 recently started doing automatic redirects to a lovely search & ads page, and they were my 2nd slot after google. I hope you're not rolling your own crypto
|
# ? Nov 17, 2017 22:17 |
|
EssOEss posted:I might agree that Gibson is a bit opinionated but he provides tools and services that can be very useful. I will always respect him for providing a free port scan service in TYOOL 1999 when I was a young idiot kid who knew nothing but could at least scan his own ports thanks to Steve. The "Gibson is a fool" bandwagon is rather a short bus - don't get on it for no reason. I've been on this train for years namely because I've been at this for far too long You are correct in that he has provided a lot of useful tools but out of principle I refuse to give him any attention due to some of the nonsense I have had come up in my line of work due to the things he has said.
|
# ? Nov 17, 2017 22:21 |
|
EssOEss posted:I might agree that Gibson is a bit opinionated but he provides tools and services that can be very useful. I will always respect him for providing a free port scan service in TYOOL 1999 when I was a young idiot kid who knew nothing but could at least scan his own ports thanks to Steve. The "Gibson is a fool" bandwagon is rather a short bus - don't get on it for no reason. Cache lifetime is shorter these days and with the proliferation of CDNs with dynamically generated subdomains and wildcard certs the likelihood of getting a cache miss is going up. Dynamic page content can lead to multiple rounds of DNS queries as content loads and executes, resulting in DNS query delays cumulating. HTTP2 is supposed to improve that situation but that's down the road. Keep in mind that back in the day when this tool was first written, ISP DNS servers sucked rear end and were a regular cause of outages. They were overloaded, underpowered, and unreliable and it was often a better option to point at someone else's further upstream. They've improved a lot since then and we take reliable and fast DNS for granted, but if you want to throw filtering in the mix its best to do your homework and make sure you're now slowing things down excessively. Just now I loaded up the yahoo news site as a worst offender test case and it took a good 90s to load the base content with 1.3k requests and 25MB+ of transfer. Each connection to a fresh domain that wasn't hitting cache incurred something in the range of 25-1500+ms of latency on the DNS query. BangersInMyKnickers fucked around with this message at 22:30 on Nov 17, 2017 |
# ? Nov 17, 2017 22:28 |
anthonypants posted:Literally the only other thing you could be talking about is this, but that requires a Go interpreter and not Linux. If anyone's gonna throw any numbers real meaningful numbers around, I expect to see both Linux and FreeBSD benched with dtrace down to nano-second time-scale, and preferably in a published paper with an associated glamour name to hype it up, because why the gently caress not. Meanwhile, I'm not sure how I feel about a public DNS server making decisions on how requests should be handled with respect to adware, malware and other stuff. It's one thing for me to use void-zone-tools with unbound on my local network, but entirely another for a public server to decide what should be done about it - but maybe that's because I live in a country with actual DNS censorship implemented at ISP levels (in Denmark, it's technically not enforced, but because its first incarnation was so successful, it's now used to block everything from thepiratebay to shady pharmaceuticals), so I'm sort of in the mindset that public DNS servers should not try to block anything for any reason. BlankSystemDaemon fucked around with this message at 01:04 on Nov 18, 2017 |
|
# ? Nov 18, 2017 00:13 |
|
Sure, okay. https://twitter.com/jessysaurusrex/status/932013169387679744
|
# ? Nov 18, 2017 23:49 |
|
Meh.
|
# ? Nov 19, 2017 01:22 |
|
Potato Salad posted:Meh. Gotta agree. After the pure gently caress up of Equifax releasing all information you would assume be super secure including the addition of the fun stuff like work history and and salary history (so anyone can fill out applications way better than you ever could - they know when you stopped working at a company down to the loving day) every leak just seems like a "meh".
|
# ? Nov 19, 2017 03:48 |
|
FFS, government people. FFS. At least if you are going to mass eavesdrop civilians for no reason, perform some basic security...
|
# ? Nov 19, 2017 06:03 |
|
I kinda want that data set.
|
# ? Nov 19, 2017 08:10 |
|
I kinda want the "we surveiled nazis" version of that data set instead of the "we surveiled muslims" one, but I don't think anyone outside academia is collecting it
|
# ? Nov 19, 2017 09:12 |
|
Potato Salad posted:I kinda want the "we surveiled nazis" version of that data set instead of the "we surveiled muslims" one, but I don't think anyone outside academia is collecting it Betcha somehow Troy Hunt ends up with a copy.
|
# ? Nov 19, 2017 09:24 |
|
Samizdata posted:Betcha somehow Troy Hunt ends up with a copy. It's weird how people get lovely about darknet leak sales, but Troy can sell subscriptions and nobody gives a poo poo. Edit: Honestly I just wish he charged less.
|
# ? Nov 19, 2017 09:29 |
|
yoloer420 posted:It's weird how people get lovely about darknet leak sales, but Troy can sell subscriptions and nobody gives a poo poo. I wasn't complaining per se. I use his HaveYouBeenPwned service. No worries as I use unique passwords and all that, but I just don't have enough stuff in my life to raise my blood pressure with...
|
# ? Nov 20, 2017 02:46 |
|
OWASP Top 10 for 2017 are out, if anyone is interested: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf Big surprise: 1 - Injection 2 - Broken Authentication 3 - Sensitive Data Exposure 4 - XML External Entities 5 - Broken Access Control 6 - Security Misconfiguration 7 - Cross-Site Scripting 8 - Insecure Deserialization 9 - Using Components with Known Vulnerabilities 10 - Insufficient Logging & Monitoring
|
# ? Nov 20, 2017 22:07 |
|
CLAM DOWN posted:OWASP Top 10 for 2017 are out, if anyone is interested: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf Personally, I'm stunned, just stunned at the top 10. Who could have seen these coming?
|
# ? Nov 20, 2017 22:20 |
|
Have a fun week, everyone https://twitter.com/x0rz/status/932717622780624896
|
# ? Nov 20, 2017 23:12 |
|
orange sky posted:Have a fun week, everyone New ones? God drat it Intel.
|
# ? Nov 20, 2017 23:13 |
|
Thanks, Intel.
|
# ? Nov 20, 2017 23:14 |
|
I got redirected here with an amateur question. Somebody received a spam email, spoofing my account. The email address is not any that I own but the header is my name - which is interesting because I never put my full name in these things. I am trying to figure out, what, if anything is compromised, where they got our info from, my next steps, and what I can do to prevent or mitigate this in the future.
|
# ? Nov 21, 2017 20:52 |
|
Testikles posted:I got redirected here with an amateur question. Somebody received a spam email, spoofing my account. The email address is not any that I own but the header is my name - which is interesting because I never put my full name in these things.
|
# ? Nov 21, 2017 20:57 |
|
Testikles posted:I got redirected here with an amateur question. Somebody received a spam email, spoofing my account. The email address is not any that I own but the header is my name - which is interesting because I never put my full name in these things. Likely answer is someone else's contact list. They got infected, and had the contact list scraped. They're using your name as it's stored in the contact, but with the scammer's email address but shotgunned out to all the members of that list. Recipients recognize the Proper Name and the scammers are banking on people not looking any closer at the email address. E: or what wyoak says^^
|
# ? Nov 21, 2017 20:58 |
|
Testikles posted:I got redirected here with an amateur question. Somebody received a spam email, spoofing my account. The email address is not any that I own but the header is my name - which is interesting because I never put my full name in these things.
|
# ? Nov 21, 2017 20:58 |
|
Testikles posted:I got redirected here with an amateur question. Somebody received a spam email, spoofing my account. The email address is not any that I own but the header is my name - which is interesting because I never put my full name in these things. Get a password manager. If you already have one, change all your passwords. Turn on 2FA.
|
# ? Nov 21, 2017 21:09 |
|
Cup Runneth Over posted:Get a password manager. If you already have one, change all your passwords. Turn on 2FA. Seriously? It sounds like someone is just using his name as a display name. Yes, you should have 2FA. Yes, you should have a password manager. Change all your passwords? How is that going to help in this situation? Something like this is so incredibly common. It's not even actually "spoofing" anything. The guy said it's not even an email that he owns.
|
# ? Nov 21, 2017 21:17 |
|
gently caress yeah more intel firmware issues Oh cool a fellow good had his or her email and name associated, and if that person's name and phone number or ssn are associated in the great public trove of info, any enterprising child with a convincing act can harass pretty much any company's customer service into doing anything, so that's cool Net neutrality is on the gallows, but who loving cares so long as we deport brown people amrite? Also, your isp is commercially using your browsing data as of months ago, but who loving cares again because state surveillance has been taking place forever, at least someone is now making a quick buck along the way My break room is out of earl gray and throat coat at the same time gently caress.
|
# ? Nov 21, 2017 21:25 |
|
Internet Explorer posted:Seriously? It sounds like someone is just using his name as a display name. All advice from this thread should include a footnote "change your passwords again" because we're going to learn five years from now that X company suffered Y breach compromising all personal and auth data on Z millions of users
|
# ? Nov 21, 2017 21:28 |
|
That Guam Goon bar is sounding better and better
|
# ? Nov 21, 2017 21:28 |
|
Thanks for all the information everybody. It saves me from a lot of work.
|
# ? Nov 21, 2017 21:30 |
|
So how is this net neutrality thing being voted and when I wanna be here when it goes through
|
# ? Nov 21, 2017 21:30 |
|
orange sky posted:So how is this net neutrality thing being voted and when
|
# ? Nov 21, 2017 21:37 |
|
Fcc rule vote Donald Trump could do something about this, but why the gently caress would the loving swamp monster do something about it? He specifically appointed this FCC chairman with this specific agenda, because gently caress you, gently caress me, gently caress us all Freedom and poo poo, apparently. efb
|
# ? Nov 21, 2017 21:38 |
|
Potato Salad posted:All advice from this thread should include a footnote "change your passwords again" because we're going to learn five years from now that X company suffered Y breach compromising all personal and auth data on Z millions of users Not a bad idea signing up for alerts at https://haveibeenpwned.com/ either.
|
# ? Nov 21, 2017 21:49 |
|
Shodan has a big discount this weekend
|
# ? Nov 21, 2017 22:04 |
|
https://arstechnica.com/tech-policy/2017/11/report-uber-paid-hackers-100000-to-keep-2016-data-breach-quiet/ quote:In a public statement, Uber has announced that it sustained a massive data breach in 2016: 57 million customers’ and drivers’ names, e-mail addresses, and phone numbers were compromised.
|
# ? Nov 22, 2017 01:26 |
|
|
# ? May 9, 2024 23:18 |
|
lol Uber is burning piles of tyres all the way down
|
# ? Nov 22, 2017 01:28 |