My Open Is Not Your Open, Their Open, Or That Other Open
Words have meaning and words have power. It’s why we use them and why we choose them. In the world of technology, the words “open” and “standard” have special meaning because they describe something with the qualities of being accessible to all, commonly available, and broadly accepted.
Contrast the words “open” and “standard” which implies hippie free-love, hugs and kisses all around with the words “closed” and “proprietary” which imply mine and my way with no love, hugs, or kisses for you!
You won’t catch a product vendor today saying their product is closed and proprietary. No sir/ma’am. Proprietary is bad. They might say it’s “standards enhanced”, “pre-standard”, “vertically integrated”, or some other bull shit euphemism but never proprietary. That’s too bad because proprietary isn’t necessarily bad just like open isn’t necessarily good.
However, when I hear the words open and standard used to describe product qualities, I immediately dig into what is being said because more often than not, what is being said does not reflect reality.
So when I start poking at someone or some company’s use of the words “open” and “standard”, it’s a direct reaction to their misuse of those very same words.
Why You Don’t Need To Change Passwords Due To Heartbleed
Breathless recommendations to change their passwords RIGHT-NOW-OR-YOUR-SECRETS-WILL-BE-DIVLULGED because of Hearbleed are ridiculous. There is very little reason to think that users passwords have been exposed and even less that your passwords have been exposed.
The nature of the vulnerability is that data from the heap, which is a place in a programs memory space (each program typically has it’s own memory space) that is highly dynamic, can be read by a carefully crafted packet. That’s bad in general and is a cause of great concern, but the chances that usernames and passwords have been exposed is small.
The heap is a random place with memory being allocated and written/overwritten often. Each httpd process (web services run many processes to handle requests) has it’s own heap. The chances that an attacker using Heartbleed accesses the right place in the dynamic heap on the right process, on the right web server which results in a username/password is small. Very small. The attack could as easily result in Aunt Mabels cookie recipe.
The point is, don’t panic. Wait until the services you use tell you they have patched the bug and then change your password. Or not. Chances are, it won’t matter either way.
If you’re a self proclaimed security expert (or even if you have a certificate saying so), stop spreading the same old incorrect FUD about changing passwords and raising panic. Just stop. You’re not helping.
Solving Windows DNS problems
Can you do a nslookup on a hostname but not ping the hostname? Here’s a possible solution.
I’ve had the problem on Windows hosts and it’s annoying. It almost always happens when trying to access hosts on the local network. The reason you can use nslookup but ping fails is because they are doing two very differnet things to resolve names. Nslookup opens a network connection to your DNS server and if it returns a name tells you your DNS server is runing and the hostname is configured while ping uses the local DNS client to resolve the hostname.
Somehow, the DNS client on Windows gets corrupted. The usual suggestions to fix it such as reboot the computer or flush DNS using “ipconfig /flushdns” rarely works and adding hosts to the \windows\system32\drivers\etc\hosts file is not optimal.
There is a better way.
Open a command line as Administrator by going to “Start->All Programs->Accessories” and right clicking on “Command Prompt” and then select Run as Administrator. The in the command line that just opened type:
net stop dnscache
net start dnscache
Which stops and starts the DNS client software. DNS names on the local network should work again.
If that doesn’t work, try the suggestion for resetting the network stack.
I Think I Am Falling In Love With Delta
If you fly United or American, switch to Delta. You’ll thank me later.
I decided to switch airlines after a difficult year of travel and when I heard about the Sky Medallion Status Match Challenge where Delta will match your status on another airline, I jumped at the change. I’m thrilled. So far, Delta has gotten me home from my trips with nary a hiccup—something United couldn’t do on a clear day much less in winter.
Anyone who flies a lot (and I fly far less than most) knows that overall service has gone downhill. Flights are fuller, the seats are getting smaller, there’s less chance of getting overhead storage, and on most airlines, there are fewer amenities. Customer service is generally deplorable.
Imagine my surprise when I get to the gate on my first Delta flight and the gate agents were smiling. SMILING! One was even walking around the waiting area asking, gasp, if anyone needed assistance but here’s the kicker. That day there was a storm working its way up the east coast and the airports in NYC, NJ, PA were all closed or on delay. That caused flights out of Syracuse to be delayed or cancelled. What did Delta do? Brought in pizza, soda, and candy for those waiting for clearance or getting re-routed. What did other airlines do for it’s delayed flights? Nothing, nada, zip.
It gets better though. The planes I’ve been on with Delta were clean and if at least not new, they were in great shape. The pre-flight video is full of site gags that keep flyers entertained (at least those who don’t fly much and pay attention to the safety videos). The two ladies next to me were in hysterics at the 70’s themed safety film (there is another with slapstick in it as well). In the air, we were given drinks and snacks. SNACKS! OMFG! And of course, the flight attendants were smiling and friendly. One even helped a fellow flyer get on-line to check his gate and change flight plans. They are helpful and knowledgeable.
Then the unthinkable happened. I canceled a Delta flight due to an illness and Delta gave me a credit for the entire purchase price. That’s right, no change fee. Holy cow. I didn’t even ask for the credit. I just assumed that I’d eat the change fee.
I hope this trend continues with Delta. The other airlines I have been on have been at best tolerable experiences and at worst, well, just bad. It was so bad on United last year that I cancelled two flights that had been paid for (one in frequent flyer miles, the other cash). I ate the cost and then bought new tickets on Delta.
Yahoo! Soon Will Require Yahoo! Accounts. Company Disingenuous About Why
"Yahoo is continually working on improving the user experience," the company said in a statement, noting that the new process "will allow us to offer the best personalized experience to everyone".
Yahoo! should at least have the courage of their convictions and be forthright. The move is to centralize Yahoo! users onto Yahoo! services and increase stickiness to Yahoo!.
Don’t get your shorts in a bunch thinking I am haranguing Yahoo! for doing what other services did. I’m not. I am haranguing for their stated motivations. It’s as if they are saying that they can’t provide the same “personalized experience to everyone” unless you create a Yahoo! account. They can, they just don’t want to.