One of the great things about the Internet, it might be argued, is that it gives everyone who wants one a voice. One example of this in action might be this blog. But equally, there’s ways of expressing your opinon all over the Internet, most popularly using social media web sites, and comment sections of ‘normal’ web sites.
I have a problem which is probably unusual in most home networks, which is that I have multiple subnets coming off one of my LAN interfaces on my router. For most IP-routed things, this is obviously not a problem, but there is seemingly one exception to this rule, and that is multicast packets.
Note: The article here requires features that don’t appear to come with the Home edition of Windows 10, such as the Group Policy Editor. These steps may well work on previous versions of Windows, but I haven’t tried it out on them. This article assumes you’re familiar with setting up and administrating an MIT Kerberos KDC and password server.
For those of you who grew up in the 1980s, you might remember the series of titles published by Usborne Books about what would be considered quite esoteric subjects today, from how to program in BASIC on your favourite home computer, to writing adventure games, and even how to write Z80 and 6502 assembler (and yes, I had a copy of the last two books!)
As various parts of the computer press have stated this week, Usborne have made PDFs available of these books for free download, which you can find here. There is also a blog posting on how the books came about here. (Even now, I’m still amazed they even published the book on assembler programming back then!)
Perhaps one day I should port the adventure game that’s described in “Write your own Adventure Programs for your Microcomputer” to something like Inform…
I’ve signed or re-signed all my domains with new more secure RSA/SHA-256 keys today (and adding some domains that weren’t previously signed). I’m going to leave my old signing keys in for a while so you shouldn’t notice the changeover, and remove them in a few days when the new DS and DNSKEY records have had a chance to propagate to the wider Internet.
(For those of you unfamiliar with the concept of DNSSEC, it is a way of using encryption to verify that DNS lookups on the Internet, which convert names such as www.garyhawkins.me.uk to IP addresses and vice-versa, are genuine and are not being spoofed from an unauthorised server.)
Update: Old keys now gone from the server.
Update: Had to temporarily replace this with a StartSSL certificate because I managed to trip the “too many certificates in one day” limit whilst testing the generation script …
I was dismayed to read this article on The Register today which suggests that yet another large manufacturer has shipped a security nightmare with its laptops. You’d have thought these people would have learned after the Lenovo “Superfish” debacle, but apparently not.
It would appear that Dell ships a self-signed root CA certificate by the name of “eDellRoot” which is automatically installed by Dell software into the Windows trusted root certificate store. This would normally be not too much of a problem, but this time they’ve managed to install the private key as well, which means (assuming the private key is the same on every machine with this certificate on) that it’s trivially easy to take the private key, sign certificates with it and then any Dell machine will blindly accept this certificate which can be used for nefarious purposes such as impersonating web sites, man-in-the-middle attacks, malware, etc, etc, etc.
What on earth were Dell thinking?!
The day has finally arrived.
— ARIN (@TeamARIN) September 24, 2015
ARIN announced today that their free pool has reached zero. Unlike all of the other declared exhaustions, this actually means that there are no IPv4 addresses at all left in the ARIN region, covering the North Americas.
ARIN’s press release can be found here. Note that this is potentially not the end for waiting list users, as it is possible IANA may make further redistributions of returned addresses every few months or so, but these are likely to be immediately gobbled up by the waiting list applicants.