RE: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
I normally don't chime in here, because I'm not technically a network operator, but I do know certs and PKI infrastructure. Just wanted to point out that many situations where such security would be desirable -- a repressive government, an overly surveilling employer -- have, or can easily put in place, tech to subvert the entire process anyway. Require every browser to include a custom CA certificate, issue certs on the fly for any given site, and The Man can MITM every site you visit, supporting whatever protocol your device requires. Requiring TLS 1.2 won't fix this -- it's an attempt to minimize the risk of specific protocol-based attacks at the expense of older browsers. That having been said, I'd like to see actual numbers on how many of Wikimedia's sites' visitors will be affected. What percentage of browsers visiting their sites can't support TLS 1.2 or later? -- Jim Goltz HHS/NIH/CIT/Network Services -Original Message- From: John Adams Sent: Tuesday, 31 December, 2019 05:05 To: Matt Hoppes Cc: Constantine A. Murenin ; North American Network Operators' Group Subject: Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read because no one should know what you read about or check out at wikipedia Sent from my iPhone > On Dec 31, 2019, at 00:30, Matt Hoppes > wrote: > > Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work > why not either let it fall back to 1.0 or to HTTP. > > This seems like security for no valid reason.
RE: an over-the-top data center
From: Marshall Eubanks [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2008 15:15 This is of course off-off-topic, but I would suspect the room temperature ultrasonic misters, not dry ice or wood smoke. Still off-topic, but I hope they used distilled water. If the water has a medium to high mineral content (hard water), the miniscule droplets produced by ultrasonic misters evaporate quickly into microscopic dust motes, small enough to evade most filtering systems. (This data center actually reminds me of the old Kon-Tiki movie theater in Dayton, OH.) -- Jim Goltz [EMAIL PROTECTED] CIT/DCSS/HSB/ASIG 12/2216 DCSS Firewall group on-call: 240-338-2103
RE: hat tip to .gov hostmasters
nice to see a wholesale DNSSEC rollout underway (I must confess to being a little surprised at the source, too!). Granted, it's a much more manageable problem set than, say, .com - but if one US-controlled TLD can do it, hope is buoyed for a .com rollout sooner rather than later (although probably not much sooner :)). It ain't done yet. I don't speak for the hostmasters of .gov or any subdomain thereof. But I'll believe it when I see it. Remember, they've also mandated IPv6 support on all backbones. -- Jim Goltz [EMAIL PROTECTED] CIT/DCSS/HSB/ASIG 12/2216
RE: AOL Instant Messenger
Is anyone else seeing issues with AOL Instant Messenger? Based on the messages on the outages list, it's not just you. No details yet as to what's happening. Some of us here seem to have been bumped off, some haven't. -- Jim Goltz [EMAIL PROTECTED] National Institutes of Health CIT/DCSS/HSB/ASIG 12/2216