Maybe, but I don't think TTL matters for speed of initial propagation. I do set it low when I first configure a website so I don't have to wait hours to correct a mistake I might not have noticed.

Yes. Statistically the most likely time to change a record is shortly after previously changing it. So it is a good idea to use a low TTL when you change it, then after a stability period raise the TTL as you are less likely to change it in the future.

Agreed; I have no idea how you'd implement that across multiple ASNs, which is definitely a requirement for multi-cloud or geo-redundant architectures.

Seems like you'd be trying to work against the basic design principles of Internet routing at that point.

You can configure your assigned network numbers that other AS are allowed to announce certain networks of your own. Not uncommon for in examples authoritative name server addresses.

TIL, I always thought IP:ASN mappings were 1:1.

With cloud providers and such the wording could also be "bring your own address".

> basically no attempt by anyone in government to stop them.

No one in the _US_ government. Note that European governments and China haven't approved it in the first place.

They're the CDN in front of ~19% of websites [1] and the DNS provider for ~16% [2]. Doesn't that mean your staff can't access any of those sites?

[1]: https://w3techs.com/technologies/details/cn-cloudflare [2]: https://6sense.com/tech/domain-name-services/cloudflare-dns-...

This seems... deeply idiotic on GitHub's part. Consider the following scenario:

1. A script/CI/etc is pulling the latest releases from the repository. 2. Ownership of the account is changed. 3. The new owner controls the contents of the repository, and can perform a supply chain attack.

I'm not sure GitHub would be liable there, but personally I wouldn't want to find out the hard way.

This Reddit thread has a script with a workaround: https://www.reddit.com/r/sysadmin/comments/15ysxgs/applicati...

There are comments saying it's worked on several Quickbooks integrations.

Regarding hardware drivers, I _think_ the same fundamental process of removing signatures should work, but you'll get a UAC prompt to force installation of an unsigned driver.

I'm not as familiar with driver signature enforcement though, so take that with a grain of salt.

P.S: I still have running XP installs for some $300k industrial hardware. It could be worse...

Hashes of known good drivers should be whitelisted explicitly if they are known to have been signed correctly before revocation. Direct trust should trump a PKI here.

I've also had great experiences with Tumbleweed for the most part, but be careful using ZFS, as it frequently breaks with updates. Probably not something most people use, but it does force me to run Leap on my home server.

> open access "allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking."

I assume this is just FUD, but if true it raises another question: why are braking, acceleration, and steering manipulable in real-time through network-facing software?

On a related note, my favorite easter egg header:

http://www.gnuterrypratchett.com/

The linked paper towards the end is pretty interesting: https://onlinelibrary.wiley.com/doi/full/10.1111/ddi.13489 (open access)

Figures 3 and 4 show the estimated increase in range through the 2070s with continuing climate change. It looks like these nice little neurotoxin-secreting worms will become more widespread, which sounds great.