HackerTrans
TopNewTrendsCommentsPastAskShowJobs

peanut-walrus

830 karmajoined قبل 8 سنوات

Submissions

[untitled]

1 points·by peanut-walrus·قبل 4 أشهر·0 comments

comments

peanut-walrus
·قبل 3 أيام·discuss
In theory, yes, in practice this will currently result in deliverability issues, both for servers which don't speak dmarc and for spam signals. I have tried this :)

If this mode of operation was an explicit choice, this would give me the option to have a fallback SPF record for legacy mail systems, but most up-to-date servers will use the more secure and (for my use case) operationally simpler verification.
peanut-walrus
·قبل 3 أيام·discuss
Missed opportunity to get rid of SPF. What I want to my DMARC policy to say: if someone is sending you an email that claims to be from my domain and it's not signed by one of the keys I have published under my domain, you should reject it, regardless where it came from.

And on the receiving side, the policy is similarly simple: if I receive any unsigned or unaligned email, I will reject it.

Edit: to clarify, I want there to be an option where I specify my DMARC policy to explicitly tell well-configured receiving servers "ignore whatever I have configured as my SPF record, only look at the signatures". There will no doubt be a long tail of mail servers where I will still need an SPF record for them to accept my mail.

Edit2: Another feature that I feel is lacking is ability to give dkim selectors a scope - e.g. this key is only valid for these particular From addresses.
peanut-walrus
·قبل 25 يومًا·discuss
Turns out you don't actually need top-tier engineering talent if your only business is selling ads to scammers to prey on the elderly?
peanut-walrus
·قبل شهرين·discuss
It's a feedback loop between governance, social structures and individuals. But out of those, only individuals are the ones with free will who are able to "break" the loop and direct society along a different path. It's not just building "big things" that changes us, it's every small individual decision about what you choose to spend your labor on. No revolution would succeed without people willing to rebel and no dictator could dictate without people willing to follow them.
peanut-walrus
·قبل شهرين·discuss
It's your personal toy server, you are optimizing for something entirely different than high availability.
peanut-walrus
·قبل شهرين·discuss
Yup, podman quadlets autoupdate quite nicely. Setting up a local registry mirror with ~3d delay before applying updates is on my todo list.

My own service images already have a script that runs daily that pulls latest git updates and builds fresh images.
peanut-walrus
·قبل شهرين·discuss
I see no reason not to go with a rolling release distro for personal servers. Run all the services in containers and have the base OS auto-update itself as often as it needs.

Went with openSUSE MicroOS myself, it updates and reboots almost daily so I can be pretty confident my server is healthy and it's atomic so if something does break and I don't feel like dealing with it, I can just click rollback button from cockpit and deal with it whenever I have time.
peanut-walrus
·قبل شهرين·discuss
I do fight botnets, malware and scams. Criminals flock to any service where they can spread their stuff and appear legitimate. Google, Facebook, Vercel, Netlify, Amazon, Oracle, Microsoft, OVH, etc. In my experience, Cloudflare is not any more or less of a dead end than any of the other providers, there are some others in that list who deserve being called out a lot more.
peanut-walrus
·قبل شهرين·discuss
Oh absolutely agreed. Cloudflare becoming a giant internet chokepoint is certainly a real problem. It would be a much better world where ddos protection would not be a needed service or where we it was provided as a public service, rather than by private companies. However, that's not the world we live in.
peanut-walrus
·قبل شهرين·discuss
So "big companies only, absolutely no anonymous sign-ups" should be the only ones able to put stuff on the internet without fearing that a random teenager can take your site offline for days just because they're bored?
peanut-walrus
·قبل شهرين·discuss
Articles like these seem to hold a weird belief that Cloudflare does not react to security reports or legal orders? From my experience, they react appropriately and relatively quickly compared to rest of the industry.

Could Cloudflare be more proactive or add more friction to their signups? Yes, probably, but the reasons they have outlined for not playing internet police make sense to me.

I don't think it should be a requirement to provide your credit card, phone number and a copy of your ID in order to host content on the internet...
peanut-walrus
·قبل شهرين·discuss
90% of those sites don't have anything resembling a sysadmin. If they've not already been hijacked by one of the Wordpress vulns or hijacked plugins years ago, they will be now. And absolutely nobody will spend any effort to fix them, so they will just end up chugging along until safebrowsing flags them and basically removes them from the internet.
peanut-walrus
·قبل 3 أشهر·discuss
Yes. But it's quite an uncommon setup. For IPv6 multiple addresses is the default.
peanut-walrus
·قبل 3 أشهر·discuss
I've always found the most complicated part of IPv6 to be address scopes and source address selection. The fact that one interface can have any number of addresses in different scopes and prefixes complicates things a lot.

Another thing that will always trip up new IPv6 network engineers is solicited-node multicast. You know the theory, computers talk to ff02::1 for neighbor discovery and then you hop onto a real network and see none of that actually happening.

And probably the most complicated thing for network engineers - how to set up firewall rules if machines are constantly changing their addresses.

For developers and security people - just parsing and validating v6 addresses is a whole bunch more work, but at least for this, the tools are available to help you now.
peanut-walrus
·قبل 3 أشهر·discuss
And eventually even a worm will turn.
peanut-walrus
·قبل 3 أشهر·discuss
Yes you can. Fight with clever technical solutions and the politics will follow once the solution becomes common or displays its usefulness. It is in fact the most effective way to fight dumb political issues.
peanut-walrus
·قبل 4 أشهر·discuss
Why the hell is this a name suffix instead of just using subdomains?

myapp-123456789012-us-west-2-an

vs myapp.123456789012.us-west-2.s3.amazonaws.com

The manipulations I will need to do to fit into the 63 char limit will be atrocious.
peanut-walrus
·قبل 5 أشهر·discuss
It sucks so much that there is no standard way of linking additional domains to your main one and inheriting the reputation.

Want to set up a new domain for whatever purposes (conference, new product, etc)? Be prepared to spend the first half a year fighting the various blacklists before people can actually reliably connect.

Would make so much sense if you could just have a .well-known/other-domains.txt (or something something DNS) with a list of domain names that should be considered just as trustworthy as your main domain.

It's not even about .online or other weird TLDs, it's just that the domain is new and therefore "not trustworthy". Even worse if you need to use your existing branding on the new domain - instantly flagged as a phishing site everywhere.
peanut-walrus
·قبل 6 أشهر·discuss
I've always found it weird that CNAMEs get resolved and lumped into the answer section in the first place. While helpful, this is not what you asked for and it makes much more sense to me to stick that in additional section instead.

As an aside, I am super annoyed at Cloudflare for calling their proxy records "CNAME" in their UI. Those are nothing like CNAMEs and have caused endless confusion.
peanut-walrus
·قبل 6 أشهر·discuss
I've been a Linux admin for 25 years but up until a few months ago my personal computer has been windows (gaming desktop) or Mac (laptop).

I decided to give desktop Linux another shot and I'm glad I did. I was prepared for a lot of jankiness but figured I have enough experience to fix whatever needs fixing. Surprisingly, this has not been the case at all, the PC has been not only as stable as Windows or Mac but also performs better and is much more comfortable and intuitive to use. I never really want to "work on" my personal computer, I want it to just be there for me reliably. I've always had a soft spot for free software, but I just couldn't justify the effort until now.

So I guess this is my love letter to all the devs that have made the modern Linux desktop possible. Even compared to just a few years ago, the difference is immense. Keep up the good work.