I just got a newsletter from @haubles that reminded me it's been too long since I've sung the praises of Fastly for the CDN services they provide to infosec.exchange.

I don't generally like to plug things here, but I have to tell you that I've been incredibly impressed by Fastly's service and their people. If you're a developer looking for CDN services, or otherwise in the market for CDN services give Fastly a look since they have a free tier for developers now.

You can find info on their free tier here: http://fastly.com/pricing and the announcement is here: http://fastly.com/instant

you ever think about how the standard cartoon bomb (a large blue or black sphere with a big fuse coming out the top) is essentially the "save icon" of destruction, because 1) it's symbolic meaning is widely understood, and 2) it's an anachronism that is widely recognized only for its symbolic meaning as its real life counterpart is long obsolete?

A friend just pointed out:

"ADHD creates impulse control issues and, consequently, advertising takes advantage of a disability.  Ergo, ad blockers are assistive devices and interfering with their operation for commercial gain constitutes a willful violation of the ADA."

Let’s do this.

New RFC published, a thorough revision of the RPKI ROA specification: https://rfc-editor.org/rfc/rfc9582.html this update removes a number of ambiguities, while exploring the edges of what’s possible in ASN.1

When you reimplement /usr/bin/cat using Python

Every time someone reports a "watch out! I almost fell for this phish!" in the public Slack channels I debate telling them to just look for the "via psm.knowbe4" telltale and stop worrying about it, and whether the time and worry saved would be worth how pissed the security folks would be that I'm trashing whatever possible phishing training they might've hoped to get out of the tests.

For (mostly personal) future reference, let's say you want to connect a server to the Internet on its own subnet, but IPv4 addresses are expensive so you would prefer to burn as few of them as possible.

Normally, the best you can do is putting the server and its upstream router on a /31, which allocates one IP address for the server and one IP address for the router.

Now let's say you're not one to let convention hold you back and you hold the forbidden knowledge that network configuration inputs like in kickstart files ask you for the full IPv4 address of both the host and the default gateway... AND IT IS NOT REQUIRED THAT THE DEFAULT GATEWAY IS ACTUALLY INSIDE THE SUBNET YOU CONFIGURED FOR THE HOST...

Something like this:

network --bootproto=static --ip=192.0.2.45 --netmask=255.255.255.255 --gateway=100.64.0.1

And then an (Arista) router configuration like this:

AnetRouter#show run interfaces eth 16
interface Ethernet16
no switchport
ip address 100.64.0.1/30
AnetRouter#show run sec ip route
ip route 192.0.2.45/32 Ethernet16

If it's stupid but it works...

This brought to you by the IPv4 address being the most expensive part of hosting a #MicroMirror server.

@natty reminded me of

How crappy do you want to host your own TLD?
The .dj TLD admins: Yes

% kdig ns dj. +short
vps443605.ovh.net.
bow1.intnet.dj.
bow5.intnet.dj.

Bonus points for not having *any* IPv6 glue.

I must say it was pretty funny to type my own name into twitch and see that someone already had the handle, and that they were in a somewhat similar world to me https://twitch.tv/theo

Yesterday I watched his video about why big pull requests are bad. https://www.youtube.com/watch?v=Ky5WoLkiMX0

I randomly found "Theo" on twitch by typing in my own short name into twitch. He's a former Twitch software engineer who makes great development related content. I would love to do what he's doing but make it about networking news/DNS/BGP/Routing Hijacks/etc. If I could pull that off I think it would be pretty interesting, and also insanely useful when conference CFPs happen in that I'd be prepared for once!

Just enabled my first RTR connection. Doing some test RPKI validation on my lab system. I question whoever called this "lightweight".

Postel's Law as a vibe check is really just playing it cool:
"Be chill in the vibes you permit, and easy on the vibes you emit."

I would add a safety principle for those responsible for networks (human or computer):
"If someone is messing with the vibe, drop that shit."

@0xC0FFEE oops yes the domain expired and I just renewed it. Apologies I've been pretty AFK recovering from surgery.

*shouts into the ether*

https://benjojo.co.uk/u/benjojo/h/zS23gTv4S1y8TfmPBJ

as you can see, I'm not very good at updating my feed. I don't expect that to change in the near future sadly :-(

Some of you didn't have to build networks for LAN parties and then spend 2 hours troubleshooting your NIC and it shows.

Went past a certain local NJ convenience store yesterday. Some of you might recognize it.