One thing I haven’t seen yet is that it will basically end accreditation of colleges & universities.

Today if you get an MBA, PHD, etc. pretty much everybody knows what that means whether you got that degree from Harvard University, Penn State, or the University of Alabama. The standards for such degrees are pretty well known.

While the Department of Education doesn’t directly perform accreditation it does manage the standards that third parties use for the process. Get rid of the standards and those accreditation bodies will eventually start doing their own thing. So eventually one body might only offer accreditation to schools that promote certain religious values and ignore other educational standards, while another only offers accreditation to schools that pay kickbacks, etc.

If those sorts of things start to happen then accreditation will become largely meaningless, and college/university degrees won’t mean as much as they currently do.

It’s been literally a couple decades now but I once had to troubleshoot multiple RAID failures in a number of identical servers that were all running 6 disk RAID-5. Long story short the power supplies in each server was slowly losing its ability to power all the drives at the same time, so random drives started throwing errors. By the time we figured out the root cause, most of the drives had generated enough errors that the RAID controller couldn’t rebuild the volumes.

So, no, as others have said RAID is not a backup and should never be treated as such. A single point of failure like the power supply can easily cause the loss of the entire volume without warning.

I had a few AC Pros in a 110+ year old house where other AP’s had issues with all the plaster & lathe walls. They worked great. I also have a couple of them installed at a non-profit org I volunteer with and everybody is very happy with how they work there as well.

After moving from that first house to a new one with a bigger footprint I upgraded to a pair of their U6 mesh AP’s, one at each end of the house. Never had any issues with them.

In other words, it’s effectively Morse Code via light instead of radio or telegraph.

DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…

My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.

Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.

If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.

Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

I loved the bit where he spent a small pile of that money on an Inverted Jenny postage stamp then used it to send a postcard.

I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.

My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.

I’ve heard of all sorts of issues with my fiber ISP (Verizon Fios) rolling out IPv6. It’s been years that they’ve been slowly rolling it out for testing in a few places. There’s virtually no useful documentation on their website about it. And it’s still not available where I am.

I’ve had my identity stolen multiple times over the years and had everything from fraudulent tax returns filed to get refunds, to credit cards taken out in my name. I was one of the victims of the federal governments Office of Personnel Management data breach 10 years ago (think the HR department for the entire US Federal Government). That resulted in me getting what amounts to free ID/credit monitoring with a really good company for the rest of my life. They send me alerts similar to this one fairly often, and it’s also next to useless. My guess is it’s based on lists of usernames & passwords stolen from websites and offered for sale by scammers. It’s not uncommon for those types of lists to have been collected from multiple websites, and merged into one giant list since lots of people still use the same password everywhere. So there’s likely no way of knowing what website a given set of credentials came from.

As for the masking of the email address, seeing that different monitoring services are doing the same exact thing it makes me wonder if either these are all coming from the same third party service, or if there’s some sort of law/regulation that is requiring them to mask it…

Yeah I know about that trick. I’ve run into problems using that in the past because the + notation isn’t universally supported, and also some companies sell their customer lists to other companies. I forget the specific details because it happened years ago now, but I found one of my + addresses signed up to a mailing list I didn’t want to be on. The form used to unsubscribe from that list considered the + an invalid character, so I couldn’t unsubscribe. As I recall it took a week or so of emails to various contacts at that company to get me unsubscribed.

Besides, it wouldn’t help at all in this particular case. Look at the screenshot. It’s redacting everything in the email address before the @, so I still wouldn’t know which one they are referring to.

My email address is literally registered on dozens of websites. I use a different completely random password, generated by a password manager, on every one of those sites. How would I know which website and which password was compromised based on this message?

I think this is what I used: https://pimylifeup.com/cloudflare-tunnel-on-home-assistant/

I use home assistant and found some instructions on how to set up a free-tier cloudflare reverse proxy to access it from outside my home. Works like a charm.

It was pure c code that was used to print reports, and included the date in a header. Whoever wrote it miscalculated the size of the buffer for the header by one byte. When the date was the longest month & day spelled out plus a two digit day of the month then it would overflow the buffer, resulting in the program crashing.

Decades ago I had to debug a random crash. It only happened on Wednesdays. On Wednesdays in September. On Wednesdays in September after the 10th…

I use .home for my home network…

Pretty much the same here, but in a linode vps that hosts a few other things as well.