(TIL) Today I Learned...

wintermute000 · December 10, 2017, 02:08:08 AM

TIL the difference between TLS RSA, TLS DHE and TLS ECDHE (and the anonymous variants thereof), followed by TLS 1.2 vs TLS 1.3 and why SSL decryption is doomed (as the server sends the cert back already encrypted with the pre-selected key share). I already knew re: certificate pinning, this seems like another nail in the coffin.

Your standard network nerd weekend link bingeing, and I don't even like studying crypto LOLOLOLOL

deanwebb · December 10, 2017, 07:23:31 PM

Quote from: wintermute000 on December 10, 2017, 02:08:08 AM
TIL the difference between TLS RSA, TLS DHE and TLS ECDHE (and the anonymous variants thereof), followed by TLS 1.2 vs TLS 1.3 and why SSL decryption is doomed (as the server sends the cert back already encrypted with the pre-selected key share). I already knew re: certificate pinning, this seems like another nail in the coffin.

Your standard network nerd weekend link bingeing, and I don't even like studying crypto LOLOLOLOL

And if we can't do SSL decryption, then metadata about web sessions will be even more important as a security metric.

SimonV · February 14, 2018, 02:19:23 PM

Today I learned all about cipher suites, and that the Cisco WSA has a special config section where you can manually define supported and unsupported ciphers.

I also learned that not having the same config on all of your proxies can lead to some seriously bizarre behaviour.

deanwebb · February 19, 2018, 08:25:21 PM

TIL that a Dell T320 server doesn't take a GeForce 1030 card, but it will take a GeForce 730 just fine.

Also TIL that Windows Server 2016 runs Steam and Steam games just fine, especially if the underlying hardware is running a proper video card instead of the Windows Default Display Driver for the embedded onboard controller.

Also also TIL that a good video card coupled with 16 CPUs and 64GB RAM makes for a helluva gaming rig.

wintermute000 · February 20, 2018, 02:17:55 AM

TBH you're probably worse off than with a higher clocked 4/6C. Them xeons don't hit the same heights as a 7700k or 8700k and for gaming workloads, a smaller number of very high freq threads is the go

RAM makes practically no difference once you have 'enough' (which is usually 16Gb)

What are you playing?

deanwebb · February 20, 2018, 09:20:48 AM

Quote from: wintermute000 on February 20, 2018, 02:17:55 AM
TBH you're probably worse off than with a higher clocked 4/6C. Them xeons don't hit the same heights as a 7700k or 8700k and for gaming workloads, a smaller number of very high freq threads is the go

RAM makes practically no difference once you have 'enough' (which is usually 16Gb)

What are you playing?

16 cores is better than anything my kids have on their student-grade laptops.

I'm playing Cities:Skylines, EU4, HOI4, Ticket to Ride... not very FPS-intensive games. I need the RAM more than anything for C:S. 64GB does the trick like a dream.

SimonV · February 21, 2018, 03:57:06 AM

Ticket to Ride is great, only have the boardgame though

deanwebb · February 21, 2018, 06:00:04 AM

Quote from: SimonV on February 21, 2018, 03:57:06 AM
Ticket to Ride is great, only have the boardgame though

Having it on Steam means I can play it on a plane or in a hotel, which is not normally practical with the boardgame.

deanwebb · February 22, 2018, 02:55:31 PM

TIL that my product works best when it's set up properly.

Did one teensy mistake in the initial setup that totally screwed me over, took me 3 hours to finally figure it out by going back through settings I thought were entered correctly. Glad this wasn't on the certification practical.

icecream-guy · February 22, 2018, 03:06:35 PM

Quote from: deanwebb on February 22, 2018, 02:55:31 PM
TIL that my product works best when it's set up properly.

Did one teensy mistake in the initial setup that totally screwed me over, took me 3 hours to finally figure it out by going back through settings I thought were entered correctly. Glad this wasn't on the certification practical.

Sometimes, it just takes a single bit to screw up everything.

deanwebb · March 19, 2018, 09:25:27 AM

TIL some Avaya switch commands. Not all that hard, once you know the basics and what you hope to accomplish.

wintermute000 · April 12, 2018, 12:29:57 AM

TIL that the actual mechanism AWS uses to get YOUR END to fail over to a secondary tunnel (on the same overall VPN connection... GAH their terminology drives me nuts) is MED. Which explains why no explicit config is required on customer gateway side.

Would be nice for you guys to simply write it in the document instead of just hand waving it away ("automatically fail over").....

deanwebb · April 12, 2018, 11:17:03 AM

TIL that the snmp-server host command works with an explicit IP address and won't send to a subnet or ACL.

wintermute000 · April 16, 2018, 05:08:40 AM

TIL that an XML tag that ENDS with a / like <foo/> is self closing i.e. simply shorthand for <foo> </foo>........ DOH

deanwebb · April 16, 2018, 01:29:01 PM

Quote from: wintermute000 on April 16, 2018, 05:08:40 AM
TIL that an XML tag that ENDS with a / like <foo/> is self closing i.e. simply shorthand for <foo> </foo>........ DOH

This is why well-formed HTML image code has the / at the end.

Welcome to 1998, winter!