I think he knows the end* is drawing near and he hasn't got long to cement his legacy in painting more of the map in his colours.
* 'end' being anything from nature's course, to losing the support of his own inner core as they jostle for succession, upcoming midterms leading to impeachment...
In my personal life, I've learned the hard way that when people seem to be acting irrational with regard to an iterated game, before ascribing irrationality to them it can be very helpful to examine if they're short timers, acting rationally with regard to a game that won't be iterated.
Well, not for public bodies at least: “ Administrative fines cannot be imposed on public organisations, such as the government or state-owned companies, municipalities and parishes” [1]
But luckily this sort of thing never happens in the public sector. Except for when it does: https://yle.fi/a/74-20094950
That's interesting, because if you go here https://www.enforcementtracker.com/ there are a lot of public institutions being hit with fines (if they are enforced it's another issue) - search for Municipality for example
However I don't see any municipality in Finland getting fines
Also I don't see the point of what TLS is supposed to solve here? If you and I (and everyone else) can legitimately get a certificate for 10.0.0.1, then what are you proving exactly over using a self-signed cert?
There would be no way of determining that I can connecting to my-organisation's 10.0.0.1 and not bad-org's 10.0.0.1.
The identifier would be generated by the certificate authority upon your first request for a certificate, and every time you renew you get to keep the same one.
I see what you're getting at - but to me this sounds almost exactly like just using DNS, even if the (A/AAAA) record you want to use resolves to an un-routable address: https://letsencrypt.org/docs/challenge-types/#dns-01-challen... - you just create a DNS TXT record instead of them trying to access a server at the address for verification.
This is assuming NAT, with IPv6 you should be able to have globally unique IPs. (Not unique to IPv6 in theory, of course, but in practice almost no one these days is giving LAN devices public IPv4s).
For better or worse the push down to 47-day certificates is an industry-wide thing, in a few years no provider will issue certificates for longer than that.
Nobody is being forced to use 6-day certs for domains though, when the time comes Let's Encrypt will default to 47 days just like everyone else.
And you don't think that years ago people would have said "of course you'll be able to keep your security cert for more than two months"?
The people who innovate in security are failing to actually create new ways to verify things, so all that everyone else in the security industry can do to make things more secure is shorten the cert expiration. It's only logical that they'll keep doing it.
If you are doing this in a commercial context and the 4 day debugging window, or any downtime, would cause you more costs than say, buying a 1 year certificate from a commercial supplier, then that might be your answer there...
I would have said that perhaps you are getting requests from people using their WARP proxy product - which isn't that wild. The reverse DNS on that page though suggests that the range is mainly full of name-servers, which would be strange to get requests from but I have no idea what cloudflare does on its network.
As for the multiple datacentre thing - one IP address can be Anycast-ed to multiple actual hosts in different physical locations.
For example, if I ping 173.245.58.0, I get a response in 11ms from my location here in Helsinki. At the speed of light this means travelling 3,300KM (0.011s * 3x10^8m/s) which doesn't get me anywhere near the States. So again, nothing exciting about 1 IP address coming from different locations. If you look at your raw logs - you might see some headers from cloudflare with more clues.
It's interesting, but as others have mentioned, not worth worrying about.
I've also learned the hard way that breakout boards from Chinese retailers that look like the real thing but cost less than the price of the component from DigiKey in bulk are a pile of crap.
Whilst it is great that the hardware is open, I have come to the point of not caring that much as it just seems to mean that the market gets flooded with things that look very similar but are terrible. And in the case of that Si chip, it's really just the reference circuit from the manufacturer from what I see.
Yeah - I don't really consider this comparable for my uses which rely heavily on the DSP and processing power of the Teensy itself either.
Drama and whatnot aside I'm not really sure why anyone would buy the (considerably more expensive) Teensy over something RP based if RP was suitable for their needs already.
Interestingly despite being a Teensy fan I have found myself reaching more towards the RP when I can because I can't stand the Arduino API and much prefer the RP SDK. I do use Teensy without Teensyduino (Makefile based) and also a bit of the CMSIS-DSP stuff directly - but it's kinda clunky IMO.
I've been interested to hear more about use cases for these "hybrid" MCUs, can you share a bit about why you chose that over something like a Cortex-A running linux, or an SoC with -A and -M cores?
It's a good question - unfortunately I don't really have a good answer...
Almost all of my embedded activities are for a my own hobby purposes, and I just like the ability to go 'as low as I can' with projects on MCUs. It's nice to be able to use the device's peripherals as much as possible (hardware DSP etc) and I'm not confident in how I'd do that on a Linux based system. I'm in to building my own ham radio Software Defined receivers and it's nice to keep it completely real time.
If I were to be doing this stuff professionally (and I am very close to people who do at work) then yeah I'd probably be using Zephyr or something.
Ah interesting! I work on (very expensive) SDRs and we make pretty heavy use of Xilinx Zynq Ultrascale SoCs. They combine Cortex-A, Cortex-R, and FPGA fabric all in one package, with some fancy interconnects. So you can handle the hard realtime stuff on an RTOS or in the FPGA, then send the data over to the application processor with a hard float ALU to crunch some numbers (or build some kind of dsp IP into the FPGA, idk much about that side of it).
I've also seen some cool stuff with the BeagleBone products, which have a few TI custom architecture DSPs and "realtime units" which you can communicate with via Linux.
But yeah, I can certainly see how just doing it all on a super fast MCU could be easier and cheaper without the backing of commercial enterprises.
I've always thought it would be cool to design a "poor man's zynq" hat for a SBC. Stick a RP3050 and a Lattice FPGA on there and set up some SPI / UART connections.
It's similar here in Finland - I can get stuff from DigiKey with all taxes paid and whatnot, free shipping over 50eur and it'll arrive by DHL in less than 48hrs from the States.
If I order something locally, maybe it'll have made it to the departure sorting office in that time.
That’s sort of what HTTP is already doing though no?
Multiple websites can have the exact same DNS record and live on the same physical server / IP address, but the HTTP(S) request must specify what host name it is actually requesting, so the server knows how to serve it.
* 'end' being anything from nature's course, to losing the support of his own inner core as they jostle for succession, upcoming midterms leading to impeachment...
reply