Clever! I know some will say it's like closing the barn door after the horse left, but having this in place to mitigate future vulnerabilities will be handy.
I may be wrong, but on a correctly-configured system, one would have to have root access to act nefariously. Since this is intended to prevent exploitation of vulnerabilities that enable privilege escalation, it feels like a net win.
All organizations above a certain size have a Sarah. This I've learned first and second hand over decades (the second hand was a spouse whose job at one point was finding, interviewing, and collecting the knowledge of her's org's Sarahs).
Very, very few of these organizations have ever known, and fewer still have ever cared, about their Sarahs.
This isn't the end of Sarahs. Sarahs have never had their time or place beyond immediate teams, many of which have used Fight Club rules when it came to their Sarah: Never talk about Sarah, especially not to the boss. Other, non Fight Club rules: When Sarah is away, cover as best you can. Change jobs before Sarah retires. It is not the end, because the time of Sarahs never began.
So I agree with ";dr" comment, but it would apply had this been written by a human, by AI, by a super-intelligent shade of blue, or a small furry creature from Alpha Centauri.
I guess I am showing my age, but no, the Internet was never "a place", for me and my ilk.
The Internet was just another network, albeit one that worked more reliably (most of the time) and with less configuration effort (most of the time) than UUCP. I didn't "go to the Internet", it was just another path to the computer on my desk, the most convenient way to get USENET. If I "went anywhere", it was deliberate, using Gopher or WAIS to find things then "visiting" a place with ftp. Or telnet.
The only "other place" I had then was the VT220 (? It's been a while) in the basement with the Gandalf (? ditto) modem, eventually replaced with a PC and a Hayes (? ditto bis). I had to physically go somewhere to access work, but then again, I had to physically go somewhere to access work even without remote/home access.
My then-me would say that the author confuses the Internet with "the world wide web as accessed from a personal device".
Perhaps if one was just the right age at just the right time, the Internet Was a Place, but for anyone before and anyone after it was just was and just is.
> Perhaps if one was just the right age at just the right time, the Internet Was a Place, but for anyone before and anyone after it was just was and just is.
This is well put and I agree. I think there was a unique set of factors that made 1998ish-2006ish the prime time for the Internet to be a "place." The prevailing techno-optimism borne of the 90s was one of those factors.
Congrats on the work, but have you considered another name? Naming is hard and always will be: When I first scanned the headline, my initial thought was "that's an interesting area for the Rocky Linux team to explore". After a moment, "wait, no, that's confusing, it's some other Rocky".
Thanks Peter. All my side-projects are named after my pets. I had a dog named Rocky and given this project is also an underdog competing with well-established tools such as dbt and sqlmesh, I decided to keep Rocky when opening it to public. But I'm happy to get some suggestions for a better name to this tool :)
I love that! I am inspired to create Terry, Tizzie, Topé, Bubba, and Roxy (the three Ts are in my office right now), the last two are no longer with us but for the hole in my heart.
I have no idea what these projects would be, but based on personalities, Roxy would chew through CPU and memory like a beaver (she loved turning large branches into small chunks), Bubba would inspire calm and peacefulness but walk into things (he was one-eyed and a little clumsy), Terry would stick like glue (an eBPF program, maybe?), Tizzie would work well most of the time then destroy your stuff (an AI agent?), and Topé would always be there, but never quite willing to participate (a bad Windows driver?).
I don't the area well enough at all to suggest an alternate name, but maybe Wiley, which is an indirect reference to Dag from Barnyard via Wile E. Coyote?
Love your pet names and how you characterize them if you would name something after them :)
Wiley is an interesting name!
I have another side-project, still private, which I named Shimi, my current dog's name. I'd thought naming my dog Sashimi, but Shimi is just shorter and simpler. I'm now considering stealing the name from my this other side-project for renaming Rocky, but I'll put more thought into it :)
One quibble with the article: the notion that CRLs have to be large. When I was with Entrust our first releases targeted early Windows versions with limited memory, back when most Internet connections and even local networks were slow.
To ensure that RLs would always be manageable in size, we used distribution points (cRL and issuing) and decided at certificate issuance which RL would contain this certificate's serial number if ever it were revoked.
This approach scaled really well and kept RLs manageable.
There were applications that didn’t understand distribution points and needed the One RL to Revoke Them All, so we supported that as well (as an option, IIRC).
> there is no other way to resist US military power
I'm struggling with how to articulate the idea that seems to be in so many Canadian heads, regardless of their military experience.
Assume the worst case, that the US invades Canada and that no allies come to assist, for whatever reason.
The best the US can hope for is a pyrrhic victory: while it may well be true that the Canadian military and population cannot hope to resist the US military, anyone thinking there would be anything other than a pyrrhic victory does not understand how, uh, what words to choose, hmm, bloody mindedly petty and vindictive Canadians can be.
There is that old trope about mistaking "polite" for "nice". Canadians are mostly are the former, and are mostly the latter most of the time, and can even be the former while not at all being the latter. But remember too the trope as to why so many of the specific rules of the Geneva Convention, etm., exist.
Canadians don't pick fights, generally, but see fights to the end, always, and almost always no matter what. And it's not a red mist thing: That comes and clears. What is left is cold. Sober. Focused. Are you still here? Are you not retreating fast enough? Do I still have functional limbs/weapons/comms? Carrying on....
We don't stop until it is safe to stop, and by safe I mean we can stand down and not have to stand to again, or until there is no we left.
Now, more tropes:
Longest sniper kill: Canada has the top spot and at least two more of the top five. Those are all recent.
Only force to meet its D-Day objectives: Canada, with fighting as fierce on Juno as elsewhere.
Only western soldier to fire on a Soviet: A Canadian with the group sent to protect Denmark from Soviets who were rolling fast and hard over northern Germany. The RoE were sort of vague on that point, but they were explicit about not withdrawing, about not giving up an inch. Words didn't work, triggers were pulled, a standoff occurred until sufficient forces arrived to convince the Soviets to withdraw to their agreed lines.
Before becoming PM, Lester B. Pearson won the Noble Peace Prize for the idea of UN Peacekeepers, of putting Canadians in harm's way to separate combatants in hot zones. The idea was taken seriously because memories of Canadian performance in WWII and Korea were fresh in mind. "Oh, those guys? Yeah, OK, ceasefire and separation sounds good."
Again, I am not in anyway suggesting that the US would not win in an invasion of Canada, if Canada stood alone. What I am suggesting is that what would be left (of the US, let alone Canada) would make the victory hollow and bitter.
(You do know that the Canadian boycotts that are so impacting tourism and distillers, among others, are not economically motivated, right? So many US talking heads cite tit-for-tat tariff nonsense, and very few miss the point entirely: Canadians mostly didn't give a damn about tariffs, but when "51st state" was mooted, even if as a joke, Canadians stopped buying US stuff. The tariffs could disappear today and many would still push for closer ties with the EU, possibly even membership, for distancing Canada from the US even more, all because we are fiercely independent, and willing to sacrifice a great deal to retain that independence. Canadians are mostly quiet about it, but never mistake silence for acquiescence or consent.)
Site renders great for me, iOS Safari with blockers; text selection works fine.
Yeah, I know, karma hit coming, but the other comments are so counter to my experience (I quite like the page and content) that I could not not comment.
OK, so it's not hostile when a small subset of users with the carefully configured ad blockers and nerfing js settings can see it like it could be in the first place?
reply