< ^ txt
Fri Jan 15 06:00:01 EST 2021
========================================
Slept from eleven to six-thirty.
Snow, possibly mixed with rain.
Accumulations around an inch.
Near steady temperature in the mid 30s.
South winds 5 to 10 mph.
Chance of precipitation 90 percent.
Work
----------------------------------------
- Investigate Jennifer's payable bug
Done.
- Work older Entrata tickets
Done.
- Carolyn printer?
Asked Heather.
- Mull over VPN architecture
Not much.
- Remove KW access for Jeannine at end of day
Done.
- Send work log to Jamie
Done.
Twenty-minute walk at lunch.
Big, wet snowflakes.
No accumulation.
https://arstechnica.com/information-technology/2021/01/the-nsa-warns-enterprises-to-beware-of-third-party-dns-resolvers/
> Many organizations use enterprise DNS resolvers or specific external DNS providers as a key element in the overall network security architecture. These protective DNS services may filter domains and IP addresses based on known malicious domains, restricted content categories, reputation information, typosquatting protections, advanced analysis, DNS Security Extensions (DNSSEC) validation, or other reasons. When DoH is used with external DoH resolvers and the enterprise DNS service is bypassed, the organization’s devices can lose these important defenses. This also prevents local-level DNS caching and the performance improvements it can bring.
> Malware can also leverage DoH to perform DNS lookups that bypass enterprise DNS resolvers and network monitoring tools, often for command and control or exfiltration purposes.
Yes.
> The answer, Thursday’s recommendations said, are for enterprises wanting DoH to rely on their own DoH-enabled resolvers, which besides decrypting the request and returning an answer also provide inspection, logging, and other protections.
> The recommendations go on to say that enterprises should configure network security devices to block all known external DoH servers. Blocking outgoing DoT traffic is more straightforward, since it always travels on port 853, which enterprises can block wholesale. That option isn’t available for curbing outgoing DoH traffic because it uses port 443, which can’t be blocked.
We could even redirect :443 traffic bound to well-known DoH servers, like 1.1.1.1, to an internal nameserver.
That doesn't save us from malware hitting some other DoH server, though.
Home
----------------------------------------
Vacuumed, wiped down kitchen counters.
Signal's having a big outage today.
https://news.artnet.com/art-world/best-art-and-archaeology-discoveries-2020-1930552
> Stonehenge made this list last year after archaeologists discovered that the smaller “bluestone” dolerite rocks in its central circle came from the Carn Goedog and Craig Rhos-y-felin quarries in the Preseli Hills in Wales, some 143 miles away.
> Now, thanks to a core sample drilled during a mid-century repair job—the 90-year-old who did the job recently returned it to the UK—experts have determined that the ancient monument’s outer ring of sarsens, which weigh as much as 30 tons, come from chalk hills of Marlborough Downs, 15 miles away.
> There were quite a few unexpected discoveries about women this year. In northern Mongolia, the discovery of the skeletons of two 1,500-year-old warrior women is new evidence as to the possible origins of the Chinese Mulan myth, popularized in the West by Disney.
> A 4th-century BC dig-site in Russia revealed four women buried with their weapons. They would have been part of the matriarchal Scythian society that are said to have served as the inspiration for such strong female characters as Xena and Wonder Woman.
> And going back even further, a 9,000-year-old Peruvian grave contained a woman in her late teens, laid to rest aside her hunting tools—suggesting its time to reconsider assumptions that men were the exclusive hunters in prehistoric society.
> The assassination of Julius Caesar in the year 44 BC may not be to blame for the fall of the Roman Republic.
> The culprit, a recent study suggests, might actually have been 6,000 miles away, where the Okmok volcano exploded on Alaska’s Aleutian Islands the year before, unleashing clouds of ash that triggered a famine that contributed to the social unrest that followed.
> Climate scientists made the breakthrough through samples of six arctic ice cores, which can be dated like tree rings, comparing the volcanic tephra in the ice to the rock chemistry of volcanos around the world, definitively matching it to Okmok.
https://sahillavingia.com/work
> I started Gumroad in 2011. In 2015, we reached a peak of 23 full-time employees. In 2016, after failing to raise more money, I ended up back where I began: a one-person company.
> Today, when I’m asked how many people work at Gumroad, I respond with “ten or so.” That’s how I convert the number of people we have into what others expect. But the truth is more complicated:
> If we include everyone who works on Gumroad, it’s 25.
> If we include full-time employees, it’s none. Not even me.
> We have no meetings, and no deadlines either.
> And it’s working: our creators earn over $175 million a year, and we generate $11 million in annualized revenue, growing 85% year-over-year.
> Today, working at Gumroad resembles working on an open source project like Rails. Except it’s neither open source, nor unpaid.
> Instead of having meetings, people “talk” to each other via GitHub, Notion, and (occasionally) Slack, expecting responses within 24 hours. Because there are no standups or “syncs” and some projects can involve expensive feedback loops to collaborate, working this way requires clear and thoughtful communication.
> Everyone writes well, and writes a lot.
> There are no deadlines either. We ship incrementally, and launch things whenever the stuff in development is better than what’s currently in production. The occasional exception does exist, such as a tax deadline, but as a rule, I try not to tell anyone what to do or how fast to do it. When someone new joins the company, they do what everyone else does: go into our Notion queue, pick a task, and get to work, asking for clarification when needed.
> Instead of setting quarterly goals or using OKRs, we move towards a single north star: maximizing how much money creators earn. It’s simple and measurable, allowing anyone in the company to do the math on how much a feature or bug-fix might be worth.
> But we don’t prioritize ruthlessly.
> People can work on what’s fun or rely on their intuition, because as long as we remain profitable and keep shipping, we tend to get to the important stuff eventually. Our public roadmap helps Gumroad's creators hold us accountable.
> Gumroad’s Chris Maximin says, “this way to work is responsible for the highest level of productivity I've ever experienced. The ability to focus on actual work creates a virtuous circle benefiting both the company and the workers: 1) the company does not have to pay expensive engineers to sit around in endless, useless meetings, and 2) the engineers get to do more and learn more, which benefits them in the long term.”
> Recently I standardized our rates world-wide: Gumroad will now pay you the same salary, no matter if you live in San Francisco, Bangalore, Lagos, or anywhere else.
> Within the company, we keep a document that lists how much everyone is paid, along with their average working hours. This allows the team to have as much information as I do when making compensation decisions.
> We also have an “anti-overtime” rate: past twenty hours a week, people can continue to work at an hourly rate of 50 percent. This allows us to have a high hourly rate for the highest leverage work and also allows people to work more per week if they wish.
> There is another downside to this system: people have to track their hours. Some people solve this by billing 20 hours a week, even though they may work a bit more or a bit less. Others track it diligently, in 15-minute increments, and send a detailed invoice every week.
> Recently, I pitched the whole company about going full-time, because it felt wrong to grow any larger without full-time staff.
> Nobody accepted.
Can we set a client to use a particular name server for a particular domain?
Like, if we wanted to run an alternate root without own TLD?
https://serverfault.com/questions/391914/is-there-a-way-to-use-a-specific-dns-for-a-specific-domain
Not with the traditional `resolv.conf` on its own.
We can do it by running dnsmasq with a config like `server=/example.net/198.51.100.238`.
Possibly systemd-resolved can handle this now too.
Windows and macOS can probably do it.
This doesn't completely solve the problem if we're outside our LAN on our phone, for example.
https://kottke.org/21/01/scenes-from-the-second-civil-war
https://www.washingtonpost.com/dc-md-va/2021/01/14/dc-police-capitol-riot/
> “We weren’t battling 50 or 60 rioters in this tunnel,” he said in the first public account from D.C. police officers who fought to protect the Capitol during last week’s siege. “We were battling 15,000 people. It looked like a medieval battle scene.”
> Someone in the crowd grabbed Fanone’s helmet, pulled him to the ground and dragged him on his stomach down a set of steps. At around the same time, police said, the crowd pulled a second officer down the stairs. Police said that chaotic and violent scene was captured in a video that would later spread widely on the Internet.
> Rioters swarmed, battering the officers with metal pipes peeled from scaffolding and a pole with an American flag attached, police said. Both were struck with stun guns. Fanone suffered a mild heart attack and drifted in and out of consciousness.
> All the while, the mob was chanting “U.S.A.” over and over and over again.
> “We got one! We got one!” Fanone said he heard rioters shout. “Kill him with his own gun!”
>
> Looking over the chaotic scene in front of him from the Capitol steps, Glover grew concerned as the battle raged. There were people caught up in the moment, he said, doing things they would not ordinarily do. But many appeared to be on a mission, and they launched what he and the police chief described as a coordinated assault.
> “Everything they did was in a military fashion,” Glover said, saying he witnessed rioters apparently using hand signs and waving flags to signal positions, and using what he described as “military formations.” They took high positions and talked over wireless communications.
> Authorities would later learn that some former members of the military and off-duty police officers from across the country were in the pro-Trump crowd. Glover called it disturbing that off-duty police “would knowingly and intentionally come to the United States Capitol and engage in this riotous and criminal behavior against their brothers and sisters in uniform, who are upholding their oaths of office.”
Servings: grains 3/6, fruit 2/4, vegetables 3/4, dairy 2/2, meat 2/3, nuts 0/0.5
Breakfast: cucumber, orange, coffee
Brunch: ramen with onions and tomato
Lunch: two hot dogs, cucumber, banana
Afternoon snack: green tea
Dinner:
< ^ txt