Author Topic: (TIL) Today I Learned...  (Read 35765 times)

wintermute000

  • Senior Engineer
  • ****
  • Join Date: Jan 2015
  • Posts: 2463
  • Rep: 26
    • View Profile
  • Certifications: Alphabets
Re: (TIL) Today I Learned...
« Reply #270 on: December 10, 2017, 02:08:08 AM »
TIL the difference between TLS RSA, TLS DHE and TLS ECDHE (and the anonymous variants thereof), followed by TLS 1.2 vs TLS 1.3 and why SSL decryption is doomed (as the server sends the cert back already encrypted with the pre-selected key share). I already knew re: certificate pinning, this seems like another nail in the coffin.

Your standard network nerd weekend link bingeing, and I don't even like studying crypto LOLOLOLOL
« Last Edit: December 10, 2017, 02:50:43 AM by wintermute000 »

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #271 on: December 10, 2017, 07:23:31 PM »
TIL the difference between TLS RSA, TLS DHE and TLS ECDHE (and the anonymous variants thereof), followed by TLS 1.2 vs TLS 1.3 and why SSL decryption is doomed (as the server sends the cert back already encrypted with the pre-selected key share). I already knew re: certificate pinning, this seems like another nail in the coffin.

Your standard network nerd weekend link bingeing, and I don't even like studying crypto LOLOLOLOL
And if we can't do SSL decryption, then metadata about web sessions will be even more important as a security metric.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

SimonV

  • advipservicesk9
  • ****
  • Join Date: Jan 2015
  • Posts: 1033
  • Country: be
  • Rep: 10
    • View Profile
    • Blog
  • Certifications: N+ GFL, CCNP, CCNA Wireless, JNCIS-SEC/ENT
Re: (TIL) Today I Learned...
« Reply #272 on: February 14, 2018, 02:19:23 PM »
Today I learned all about cipher suites, and that the Cisco WSA has a special config section where you can manually define supported and unsupported ciphers.

I also learned that not having the same config on all of your proxies can lead to some seriously bizarre behaviour.

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #273 on: February 19, 2018, 08:25:21 PM »
TIL that a Dell T320 server doesn't take a GeForce 1030 card, but it will take a GeForce 730 just fine.

Also TIL that Windows Server 2016 runs Steam and Steam games just fine, especially if the underlying hardware is running a proper video card instead of the Windows Default Display Driver for the embedded onboard controller.

Also also TIL that a good video card coupled with 16 CPUs and 64GB RAM makes for a helluva gaming rig. :smug:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

wintermute000

  • Senior Engineer
  • ****
  • Join Date: Jan 2015
  • Posts: 2463
  • Rep: 26
    • View Profile
  • Certifications: Alphabets
Re: (TIL) Today I Learned...
« Reply #274 on: February 20, 2018, 02:17:55 AM »
TBH you're probably worse off than with a higher clocked 4/6C. Them xeons don't hit the same heights as a 7700k or 8700k and for gaming workloads, a smaller number of very high freq threads is the go

RAM makes practically no difference once you have 'enough' (which is usually 16Gb)


What are you playing?
« Last Edit: February 20, 2018, 02:21:02 AM by wintermute000 »

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #275 on: February 20, 2018, 09:20:48 AM »
TBH you're probably worse off than with a higher clocked 4/6C. Them xeons don't hit the same heights as a 7700k or 8700k and for gaming workloads, a smaller number of very high freq threads is the go

RAM makes practically no difference once you have 'enough' (which is usually 16Gb)


What are you playing?

16 cores is better than anything my kids have on their student-grade laptops. :lol:

I'm playing Cities:Skylines, EU4, HOI4, Ticket to Ride... not very FPS-intensive games. I need the RAM more than anything for C:S. 64GB does the trick like a dream.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

SimonV

  • advipservicesk9
  • ****
  • Join Date: Jan 2015
  • Posts: 1033
  • Country: be
  • Rep: 10
    • View Profile
    • Blog
  • Certifications: N+ GFL, CCNP, CCNA Wireless, JNCIS-SEC/ENT
Re: (TIL) Today I Learned...
« Reply #276 on: February 21, 2018, 03:57:06 AM »
Ticket to Ride is great, only have the boardgame though :)

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #277 on: February 21, 2018, 06:00:04 AM »
Ticket to Ride is great, only have the boardgame though :)

Having it on Steam means I can play it on a plane or in a hotel, which is not normally practical with the boardgame.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #278 on: February 22, 2018, 02:55:31 PM »
TIL that my product works best when it's set up properly.

Did one teensy mistake in the initial setup that totally screwed me over, took me 3 hours to finally figure it out by going back through settings I thought were entered correctly. Glad this wasn't on the certification practical.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

ristau5741

  • Administrator
  • OC-1920
  • *****
  • Join Date: Jan 2015
  • Posts: 12230
  • Country: us
  • Rep: 19
    • View Profile
  • Certifications: Instanity
Re: (TIL) Today I Learned...
« Reply #279 on: February 22, 2018, 03:06:35 PM »
TIL that my product works best when it's set up properly.

Did one teensy mistake in the initial setup that totally screwed me over, took me 3 hours to finally figure it out by going back through settings I thought were entered correctly. Glad this wasn't on the certification practical.

Sometimes, it just takes a single bit to screw up everything.
:professorcat:

“You can destroy your now by worrying about tomorrow.”
-Janis Joplin

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #280 on: March 19, 2018, 09:25:27 AM »
TIL some Avaya switch commands. Not all that hard, once you know the basics and what you hope to accomplish.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

wintermute000

  • Senior Engineer
  • ****
  • Join Date: Jan 2015
  • Posts: 2463
  • Rep: 26
    • View Profile
  • Certifications: Alphabets
Re: (TIL) Today I Learned...
« Reply #281 on: April 12, 2018, 12:29:57 AM »
TIL that the actual mechanism AWS uses to get YOUR END to fail over to a secondary tunnel (on the same overall VPN connection... GAH their terminology drives me nuts) is MED. Which explains why no explicit config is required on customer gateway side.

Would be nice for you guys to simply write it in the document instead of just hand waving it away ("automatically fail over").....

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #282 on: April 12, 2018, 11:17:03 AM »
TIL that the snmp-server host command works with an explicit IP address and won't send to a subnet or ACL.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!

wintermute000

  • Senior Engineer
  • ****
  • Join Date: Jan 2015
  • Posts: 2463
  • Rep: 26
    • View Profile
  • Certifications: Alphabets
Re: (TIL) Today I Learned...
« Reply #283 on: April 16, 2018, 05:08:40 AM »
TIL that an XML tag that ENDS with a / like <foo/> is self closing i.e. simply shorthand for <foo> </foo>........ DOH

deanwebb

  • Permit any any all log
  • Administrator
  • Volume Licensing
  • *****
  • Join Date: Jan 2015
  • Posts: 7817
  • Country: us
  • Rep: 19
  • *I* am the one who NACs.
    • View Profile
  • Certifications: FSCA: ForeScout Certified Administrator, CCNP Security, Tufin CSE, TippingPoint ASE
Re: (TIL) Today I Learned...
« Reply #284 on: April 16, 2018, 01:29:01 PM »
TIL that an XML tag that ENDS with a / like <foo/> is self closing i.e. simply shorthand for <foo> </foo>........ DOH

This is why well-formed HTML image code has the / at the end.

Welcome to 1998, winter! :)

:tmyk:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!