Readit News logoReadit News
pzb commented on How did .agakhan, .ismaili and .imamat get their own TLDs?   data.iana.org/TLD/tlds-al... · Posted by u/aerodog
culi · 10 days ago
What happens when a company goes under and the yearly fee can no longer be paid? Has a gTLD ever been resigned?
pzb · 10 days ago
From the ICANN site, 154 gTLD agreements have been terminated. I'm not sure how many due to non-payment, but https://domainincite.com/30105-icann-to-terminate-five-new-g... indicates that at least some have been due to non-payment.

https://www.icann.org/en/registry-agreements?sort-column=top...

pzb commented on SSDs have become fast, except in the cloud   databasearchitects.blogsp... · Posted by u/greghn
pclmulqdq · 2 years ago
That is what I am trying to say without actually giving it out. PCIe switches are very much not transparent devices. Apparently AWS has not published anything about this, and doesn't have Nitro moderating access to "local" SSD, though - that I did get confused with EBS.
pzb · 2 years ago
AWS has stated that there is a "Nitro Card for Instance Storage"[0][1] which is a NVMe PCIe controller that implements transparent encryption[2].

I don't have access to an EC2 instance to check, but you should be able to see the PCIe topology to determine how many physical cards are likely in i4i and im4gn and their PCIe connections. i4i claims to have 8 x 3,750 AWS Nitro SSD, but it isn't clear how many PCIe lanes are used.

Also, AWS claims "Traditionally, SSDs maximize the peak read and write I/O performance. AWS Nitro SSDs are architected to minimize latency and latency variability of I/O intensive workloads [...] which continuously read and write from the SSDs in a sustained manner, for fast and more predictable performance. AWS Nitro SSDs deliver up to 60% lower storage I/O latency and up to 75% reduced storage I/O latency variability [...]"

This could explain the findings in the article - they only meared peak r/w, not predictability.

[0] https://perspectives.mvdirona.com/2019/02/aws-nitro-system/ [1] https://aws.amazon.com/ec2/nitro/ [2] https://d1.awsstatic.com/events/reinvent/2019/REPEAT_2_Power...

Posted by u/pzb 3 years ago
Fun Fact: I own porn I can't watchfoone.tumblr.com/post/705...
pzb commented on WeWork’s once robust cash reserves have dwindled, raising chances of default   wsj.com/articles/weworks-... · Posted by u/lxm
pzb · 3 years ago
https://archive.ph/sVNVU
pzb commented on IPv4 Transfer Pricing   ipv4marketgroup.com/ipv4-... · Posted by u/zeristor
pzb · 3 years ago
The data in this post seems behind. https://auctions.ipv4.global/prior-sales shows that the prices have spiked to more than $50 per IP
pzb commented on The specs behind the specs – a deep-dive on ASN.1   engineering.wgtwo.com/the... · Posted by u/torotime
breser · 4 years ago
I know of at least one problem with ASN.1. The string encodings other than UTF-8 are terrible. Most of the string encodings are very limited and weird subsets of ASCII that nobody actually uses anymore. ASN.1 itself doesn't define the encodings and just refers to other standards.

The problem with this is probably most notable with the T.61 encoding which changed over the years and since ASN.1 references other standards nobody is quite sure exactly what you have to support to have T.61 actually work right.

Within X.509 certificates though nobody bothers to actually implement T.61 and just uses the T.61 flag for ISO-8859-1.

There are a bunch of gory details around this mess in this (now quite old) write-up here: https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

Since that write up I believe UTF-8 is pretty much the expectation for character encoding for X.509.

I documented some of the quirks around 6 years ago when I took an existing X.509 parser and improved it for use in certificate trust management in Subversion: http://svn.apache.org/viewvc/subversion/trunk/subversion/lib...

Basically ASN.1 wasn't well defined and it only works well when people agreed to only use certain features or to interpret things in a particular way when ambiguous.

It's also notoriously difficult to parse well. It's very easy to have bugs in your parser, even if you're implementing a subset of it that's needed for X.509. Especially if you're doing so in a non-memory safe language.

I can't speak for why Google invented Protobufs, but I can't imagine anyone sane picking up ASN.1 for anything modern and deciding that this is what they want to use.

pzb · 4 years ago
A couple of years ago I ran into the same confusion of the "TeletexString"/"T61String" data type in ASN.1. After going down the rabbit hole of what is T.61 and trying to map it to Unicode, I reread the ASN.1 (X.690) spec and realized that the authors never actually referenced T.61. Ever since the first edition of ASN.1 in 1988, those strings have not used T.61. They use a character set that is easily mapped to Unicode - https://www.itscj-ipsj.jp/ir/102.pdf, a subset of US ASCII.

Not to say the rest of the spec is notably better. If fully implemented, it requires supporting escape codes in strings to change character sets. I've never seen valid escape codes in real world data, but it probably exists.

As the original article shows, ASN.1 has lots of other challenges and complexity. Trying to write a code generator that supports all the complexity is no trivial task and the only open source one I've seen only generates C code. Protobuf has the advantage of having modern language support (including multiple type safe and memory safe languages).

pzb commented on TLD Graveyard   dzdb.caida.org/tlds/grave... · Posted by u/pjf
Clewza313 · 5 years ago
In case anybody else is wondering what the two ccTLDs on the list are:

- .an was the Netherlands Antilles, now replaced by its constituents .cw, .sx and .bq

- .tp was East Timor, now renamed Timor Leste (.tl)

There are plenty more not listed here though, including .su (Soviet Union) and .yu (Yugoslavia).

pzb · 5 years ago
I put together a historical list of TLDs that had been removed in 2017: https://github.com/pzb/TLDs/blob/master/removed/rmtlds.csv . It overlaps with the early part of this list.

.cs was the first removed TLD as far as I was able to find.

pzb commented on Show HN: I built a website to better compare USB-C hubs found on Amazon   usb-hubs.org/... · Posted by u/junkern
nrp · 6 years ago
USB-C hubs are on their way. A couple of IC makers now have parts supporting that, so products using them are in the development pipeline: http://www.genesyslogic.com/en/product_view.php?show=69

I'm actually currently developing one as well that has a unique twist to it.

pzb · 6 years ago
http://www.simulatechnology.com/Product/Detail/uid/5de9347e-... exists, at least to some extent. It uses the aforementioned chip.
pzb commented on Show HN: I built a website to better compare USB-C hubs found on Amazon   usb-hubs.org/... · Posted by u/junkern
crooked-v · 6 years ago
I want a USB-C hub that's just one USB-C in to multiple USB-C out. Why is that so impossible to find?
pzb · 6 years ago
Cypress has a chip out for this: https://www.cypress.com/products/ez-usb-hx3pd-usb-31-gen-2-h...

It has one USB Type-C in with 3 USB Type-C out plus 4 USB Standard-A out. One of the C outputs supports downstream charging. Should just be a matter of time until hubs using this chip are widely available.

pzb commented on Show HN: I built a website to better compare USB-C hubs found on Amazon   usb-hubs.org/... · Posted by u/junkern
maxsilver · 6 years ago
> Needs to filter whether it can show HDMI 4K at 30Hz or 60Hz. And related to that, for video, it’s possible to have 2 4K 60hz through or one or none.

I don't think they'd bother, because none of these docks can do it. USB-C 3.1 inherently can't support a 4k@60hz display, due to bandwidth limitations. And it certainly can't run two of them.

You'd have to jump up to a Thunderbolt 3 dock for that sort of thing.

pzb · 6 years ago
You can do 3840x2160@60Hz (and 24bpp/8bpc) over USB Type-C on newer displays. DisplayPort Alt Mode over USB-C using DisplayPort 1.3/1.4 can support 4K + USB 3 Gen2 on one cable.

https://www.amazon.com/UPTab-10Gbps-60hz-Power-Delivery/dp/B... is an example

p

u/pzb

KarmaCake day700January 18, 2011
About
Peter Bowen

I'm a security engineer at Apple working on iCloud and Apple Cloud Services.

I used to be a Principal Security Engineer at Amazon Web Services.

I used to work in AWS Cryptography and was primarily responsible for Amazon Trust Services, their public CA. My old group also owns AWS CloudHSM, AWS Key Management Service, and some new things. Previously I worked on EC2 and have dabbled in various other parts of AWS.

Of course we are hiring, so please send me an email if you are interested in applications of cryptography, public key infrastructure systems, hardware security modules, or similar things.

See http://www.peterbowen.org/ Contact me at pzbowen@gmail.com or pzb@apple.com

[ my public key: https://keybase.io/pzb; my proof: https://keybase.io/pzb/sigs/ncn-SquIIOKO-pD9o-CvE96l2zUzrvskCwZ-vo8q8lU ]

View Original