Unencrypted sensitive data in an email is a really bad idea. I hope they never do that.
Although what I would really like, and think is long overdue, is an extension to email that normalises encryption and sender verification. It's ridiculous that email can be spoofed like that. (The same is even more true for phone numbers.)
Indeed. We really either need email to get decent, user-friendly encryption and verification, or replace email with a new, ubiquitous, decentralized, system that has first class support for encryption.
I have a laundry list of other issues I'd like fixed in email, but I'd be happy just to get end to end encryption and sender verification.
Is it really? Who can read it today? Your email provider and theirs? Gmail won't deliver messages without TLS any more, so everyone supports it or they're effectively kicked out of email.
Well, the email providers. And that could easily include Google without you even realising.
It's true that email isn't quite as insecure as it used to be (it was once compared to shouting your message at someone and expecting them to shout it in the right direction until it reached the intended recipient), but there are still many things missing compared to other forms of direct messaging, and there's good reason why many people and organisations don't want it used to send sensitive information.
For things like financial records, I would not want plain PDF in the email. I think it needs encryption for confidentiality.
I am geeky enough to use PGP or S/MIME if they had the option, but I can definitely see how vendors would see this as too fringe with retail customers. I would not like the typical "secure email" which is nothing more than a volatile link back into yet another website.
Hmm, yeah some people feel that plain emails are not secure for sensitive information. As a result, some banks provide a "secure email" box that's usually PITA to use.
It'd be great if there's a unified API for all financial institutes to provide sensitive info (statements, tax forms etc.) and you just need to run a software tool to download them once in a while or when you need it.
> Why can’t I set up Windows or MacOS like that? I know the answer I just find the answer annoying.
I wish I still cared about this. I had intended to build an iPXE boot menu via a small web service that would act as a windows install XML template editor/selector, but I never got around to doing it after learning enough web dev to pull it off.
I built a few similar things that worked inside of WinPE, but the slowness of waiting for it to boot was always what drove me to do as much config as possible in the PXE boot menu—you can get into that in seconds versus minutes for the PE.
I used to install Windows a lot, and found a lot of tech around it to be a little too opinionated. SMS/WDS were just too legacy-leaning and Microsoft Enterprise-flavored. FOG was a little too heavy-handed (though very good). Glazier excited me but I never actually used it to determine if it has the flexibility I wanted...
But I digress. OS installs should be a lot easier and faster to accept your configuration preferences and get to work when the goal is "erase this machine and reinstall" than they are even today.
Built out a (i)PXE build system for Windows at an /old job/
It would chain load the iPXE binary from the network, then call out to a HTTP end-point with "?mac={macaddress}" so we could identify it. Then it would auto-pull from git, or generate (and push into git) a config, which would load the WinPE image over the network, and launch a powershell script. All of which would talk back to the HTTP endpoint throughout.
Because we tracked it all with a Slackbot on every execution.
Fun hack, certutil.exe has the ability to do HTTP/S requests, so we would leverage that to "live off the land", even though we could integrate any binary into the image outselves.
That was the point as I read it. Payload signature verification is a good and sometimes desirable alternative to transport encryption when the payload itself isn't secret.
Highly-cacheable resources like game and OS updates are often intentionally delivered over http as signed payloads to facilitate middlebox caching.
The organic search results didn't offer what I needed at all, but the ad took me straight to an e-commerce site that sold what I wanted. I had it in my hands at a reasonable price about 5 days.
It was for a Nintendo Wii component video cable, back in 2007.
> Finally, AWS isn't a silver bullet. For anyone in us-east-1, you know [0].
I probably should have commented on the original article here, but I pulled all of my company's production infra out of that AZ back in 2019 because AWS dragged its feet for too long deploying 5th gen hardware there.
I assumed the racks were full or something. I still don't know if they ever did get newer hardware in that AZ—I just avoid it like the plague.
I had a light chuckle this week when I discovered the work I did out of sheer frustration saved us from a partial outage seven years later.
> Another alternative is Mellanox with RDMA. You need CX4+ for optimal performance over TCP/IP, while the cheap CX3 is excellent with IPoIB.
Do these benefit the iSCSI target end of the equation too, or just the initiator? And do they work like an HBA, where you configure the card in a firmware setup menu, or does it just transparently accelerate the software initiator on Windows/Linux?
It is a bit different, Mellanox with iSCSI/iSER over IB/RoCE is much less complex than iSCSI over TCP. RoCE runs over UDP, but requires switches with PFC, and ECN. Chelsio plays nice with any switch. Mellanox has much better offloading of NVMe-oF, where the network card can directly communicate with the NVMe device over pci-express so it can completely bypass system ram and host cpu. In fact, Linux will know nothing about the transfers to and from the NVMe device.
To get accelerated iSCSI, you need to install Chelsio or Mellanox drivers. While both work out of the box with the inbox drivers, they have special drivers that you have to download and install to unlock the extra performance. I think Chelsio has everything included in FreeBSD, so there the inbox drivers already come with top performance unlocked.
I thought it really excelled at displaying the timeline—it was quite novel to see a timeline for a video I was watching that didn't occlude any part of the screen—but quite annoyingly it would go black due to inactivity.
And of course the virtual function keys were awful.
I've wondered for a while if it would be possible to do that with a USB FXS adapter[1], and something like a Pi, but you'd basically need a soft modem of some kind to make it work and the only module for Asterisk isn't up to the challenge (last I checked five years ago).
However, to be frank, it'd make more sense to do PPP over null modem with a straight serial connection.
The same config on their site is now $8000 before taxes and AppleCare.
A couple weeks' notice would've been nice.
reply