Posts by matt@mastodon.bitcoin.ninja
(DIR) Post #AWAgn2i0ht4hiVWbTs by matt@mastodon.bitcoin.ninja
2023-05-30T05:55:46Z
1 likes, 0 repeats
@x_cli “30 day free trial”. I don’t think that meets my criteria?
(DIR) Post #AWKfJvY3cWXHcmvuG8 by matt@mastodon.bitcoin.ninja
2023-06-03T21:35:18Z
1 likes, 0 repeats
@dalias @tqbf you get to pick, either you have security against a number of real-world attacks that have happened to even the largest of providers (read: AWS Route 53) or no security. Either way USG can get your .com yanked with the stroke of a judge’s pen (or less). The fact that people still advocate against DNSSEC has caused real harm to website operators, it’s just sad.
(DIR) Post #AWKfKgqnkeSKKX42V6 by matt@mastodon.bitcoin.ninja
2023-06-03T22:17:25Z
1 likes, 0 repeats
@tqbf @dalias funny cause I know lots of people who work in the field and agree with me about this :)
(DIR) Post #AWKfKhj2UzqD2kRM2a by matt@mastodon.bitcoin.ninja
2023-06-03T22:18:47Z
0 likes, 0 repeats
@tqbf @dalias i do know people who don’t use DNSSEC for fear of the security/availability tradeoff bricking their domain name if they screw it up (*cough* Slack), but that’s up to them.
(DIR) Post #AWKgkhhxHopkTLtWpk by matt@mastodon.bitcoin.ninja
2023-06-03T22:30:02Z
0 likes, 0 repeats
@tqbf @dalias funny, I actually know zero serious security teams who recommend against DNSSEC for reasons other than the availability tradeoff (though most folks agree the design absolutely could be much better, but the choice is yes or no, not some other protocol). I think we’re both just biased by who we know :).
(DIR) Post #AWKgkj7s0x9os11jrk by matt@mastodon.bitcoin.ninja
2023-06-03T22:55:50Z
1 likes, 0 repeats
@corry @tqbf @dalias ha, maybe I should have said “remotely competent”.
(DIR) Post #AWKgylb1cvPwaNMJ60 by matt@mastodon.bitcoin.ninja
2023-06-03T23:03:58Z
0 likes, 0 repeats
@tqbf @corry @dalias i don’t thinking alleged that or anything similar to that at all? I also noted it may well be a perfectly reasonable decision to not deploy DNSSEC on the basis of the implied availability tradeoff if you screw it up! There’s some reasonable debate as to the impact of things like BGP hijacking given the deployment of RPKI and the move to announcing authorative DNS servers in /24s, though those are by no means strong protection as RPKI-SOV is not a security protocol but an anti-fat-finger one.
(DIR) Post #AWKgynXuNU72dHuqW0 by matt@mastodon.bitcoin.ninja
2023-06-03T23:07:11Z
0 likes, 0 repeats
@tqbf @corry @dalias im pretty sure I was quite explicit above that DNSSEC could well have been much better designed :). But, again, this is unrelated to your claims that the issue with deployment is somehow it’s association with the USG or some kind of conclusion that it provides no security guarantees at all, which are both really horribly inaccurate.
(DIR) Post #AWKgyoHzc8yYwDTeLY by matt@mastodon.bitcoin.ninja
2023-06-03T23:07:52Z
0 likes, 0 repeats
@tqbf @corry @dalias it’s also worth pointing out that NSA is *requiring* it in some systems, if you really want to get into arguments from authority rather than real ones.
(DIR) Post #AWKgyqWbInqhs6KLOS by matt@mastodon.bitcoin.ninja
2023-06-03T23:10:34Z
0 likes, 0 repeats
@tqbf @corry @dalias that’s a joke, right? Cause that’s, uhhhhh, not in any way how DNSSEC works nor an impact of opting into it.
(DIR) Post #AWKhZDSJWVIlPofGHg by matt@mastodon.bitcoin.ninja
2023-06-04T01:17:57Z
0 likes, 0 repeats
@tqbf @dalias @corry It fixes some issues in the Web PKI trust space, dropping all of Web PKI and replacing it with DANE would introduce others. That is a false-choice, though, you can use Web PKI as it exists today and *also* enable DNSSEC to protect against attacks which Web PKI currently does not.
(DIR) Post #AZHLGUuS13MUjXrCZE by matt@mastodon.bitcoin.ninja
2023-08-31T04:32:55Z
0 likes, 0 repeats
@mjg59 to be fair, Lupus is an (extremely low probability) cause of basically everything. Also good luck, hope it turns out to be nothing!
(DIR) Post #Aa4ONqTrIRK2ree9a4 by matt@mastodon.bitcoin.ninja
2023-09-23T20:26:12Z
1 likes, 0 repeats
@enoclue this coming from the company that took down the entire slack.com domain for 24 hours by botching their DNSSEC rollout then rolling back and deleting the ZSKs in the process. Can’t expect much…
(DIR) Post #AhpSnTkoa2ayO1Twzg by matt@mastodon.bitcoin.ninja
2023-11-27T04:38:28Z
0 likes, 0 repeats
Man I hate WISPs that listen to the recommended Ubiquiti fixed-time frame duration recommended settings. It makes for super high latency for customers that drives down browsing experience substantially. The variable-width framing (on sectors that aren't overloaded) is orders of magnitude better in terms of how fast pages load, and is well worth the tradeoff of slightly reduced total throughput.Also the stupid fixed framing creates a comical smokeping pattern - fixed jumps of (in this case 8ms) the frame duration.
(DIR) Post #AhqTq3nXpoDFrmVuMa by matt@mastodon.bitcoin.ninja
2023-06-16T15:41:40Z
0 likes, 0 repeats
Hey @beasts looking to move some domains, but given other large providers have had issues…. Do your support techs have access to transfer out or change name servers on domains? What about reset passwords for users that would allow for that?
(DIR) Post #Ahs9jxP35Zv9WmmvWS by matt@mastodon.bitcoin.ninja
2023-02-23T03:01:10Z
0 likes, 0 repeats
So I'm confused, I asked and u-blox sent me the firmware updater tool in a file labeled *_Confidential_NDA.zip. Except (a) I never signed an NDA of any form, (b) all the files in it clearly have an open source license, (c) the documentation included explicitly spells out the license as a combination of 2-clause BSD and a few other very similar spins on it, but all clearly open source.I don't see a linux binary of the firmware updater tool around anywhere, but apparently I now have the source and a makefile for the current version, so, like, ask if you want it?
(DIR) Post #AhvPRNBhBCK4jhaAKG by matt@mastodon.bitcoin.ninja
2023-03-25T16:27:59Z
0 likes, 0 repeats
I really love Internet Archive, but when you pull a stupid stunt that’s obviously illegal I can’t really get upset that you’re losing a lawsuit? (Even if the judge was a little too harsh)
(DIR) Post #AhzgPtjVgIeWwp7YiO by matt@mastodon.bitcoin.ninja
2024-02-09T04:47:44Z
0 likes, 0 repeats
DNSSEC is embarrassingly underutilized, under-appreciated, and misunderstood. With everything online rooted in the DNS, you’d think people would care enough to secure it.The crypto is also incredibly simple, you can build and validate proofs in 1k lines of rust!http://http-dns-prover.as397444.net/
(DIR) Post #Ai1NpdobyYzQIPzMkS by matt@mastodon.bitcoin.ninja
2023-02-06T22:43:38Z
0 likes, 0 repeats
Wonder where @mmasnick is on this. Still kinda sad this hasn’t gotten more traction :(
(DIR) Post #Ai2pw7qEFCWT24aMMq by matt@mastodon.bitcoin.ninja
2023-01-26T22:07:56Z
0 likes, 0 repeats
The thing that's really awful about the whining that happens when anyone does any scraping on Mastodon is that it deters good actors, but bad actors couldn't care less. Whining when scraping happens doesn't slow anyone down who wants to archive mastodon, nor does it slow anyone down who is using the data for much worse (network mapping, etc) purposes.With so many genuine developers willing to write features that users clamor for regularly, scaring them away only serves to drive users away, with zero impact whatsoever on the concerns that cause the upheaval.CC @filippohttps://abyssdomain.expert/@filippo/109750257265679889