LonnieOlson

Last Sunday I had the chance to go to the Wyoming Downs. I’ve never been to a horse race before. My only experience was that of dramatized scenes in movies. It was quite interesting to see how accurate horse racing’s depiction in movies really is.

Besides getting a bit sunburned, I had a great time. Luckily I went with a friend that could give me a quick tutorial on how to place bets. Once I got the basics down, it became quite easy. Most bets are really straight forward. It was really interesting to see how even the best horses could get out run. When an unexpected horse wins people often lose big or win really big.

No matter how much analyzing one does, the element of chance is still the primary driving force in every race. Long shots are possible.

As long as you are careful, and bet modestly, the level of fun and entertainment will always outstrip the losses you will have. I highly suggest a trip to the races to everyone, and bring your family too.

• After seeing both Batman and Mamma Mia. I have to say Mamma Mia was better. #

Powered by Twitter Tools.

After reading all the details about the “new” DNS exploit I feel quite annoyed. These types of attacks have always been possible. This isn’t new. Cache Poisoning has always been on every DNS server administrator’s check list of things to carefully plan to prevent. I compare it to Firewalls: Every firewall administrator knows that best practice is to block everything by default and only make exceptions for what should be allowed.

This idea has been around for well over a decade. Maintaining a discrete list of what is allowed which can be completely enumerated with a great level of confidence and block the rest. Badness cannot be enumerated completely. Blacklists will always be missing important aspects. Expecting that all people are good and don’t do bad things will always turn bad.

Patches released for DNS services that are vulnerable do not fix the root cause. It can’t be fixed because it is part of the original specification and migrating away from it will be equally as painful as the migration to IPv6 is. These patches only implement other kinds of mitigation for the exploit. The best form of mitigation comes in the form of implementing standard best practices that have been around for many years.

DNS servers should carefully control who is allowed to ask questions about non-authoritative zones (recursion). DNS servers at ISPs should limit recursion to customers only. Corporations should run internal recursive DNS servers with access restricted to internal users only. This will severely isolate any damage caused by cache poisoning.

I am not saying nobody needs to patch their servers. In fact the patches should be applied quickly because it does help quite a bit. I am just saying that if you have already implemented best practices you shouldn’t have to worry very badly. And if you haven’t implemented them, do it now!

• Mozilla’s Weave is actually coming along quite nicely. Totally usable. http://labs.mozilla.com/projects/weave/ #

Powered by Twitter Tools.

• Reading the legal threats section on http://thepiratebay.org/legal Hilarious! #

Powered by Twitter Tools.