Readit News logoReadit News
Leon commented on Inside Firefox’s DNS-over-HTTPS engine   daniel.haxx.se/blog/2018/... · Posted by u/sohkamyung
mike-cardwell · 8 years ago
I don't like the idea of this, but even the implementation is bad. If we're going to do DNS over HTTPS, then there should be a standalone application, and the system should be reconfigured to use it, so all running applications on the system use it.

I mean, do we really want all of our desktop applications to have their own built in custom ways of mapping domain names to IP addresses?

[edit] E.g on Linux, it could install an application with a DNS interface listening on localhost port 53, which would then convert the request into a "DNS over HTTPS" request, and resolv.conf would be updated to use that resolver.

Leon · 8 years ago
There are lots of Open Source projects that will do what you are asking. Here is the first top hit on using bind to do that - https://github.com/wrouesnel/dns-over-https-proxy

However I disagree that it is a bad idea and that the implementation is bad. Regardless of how software _should_ behave, Firefox operates in how software is actually run for their users. DNS is a source of security vulnerabilities and headaches.

Demanding a higher level abstraction is not always an option for many, but using Firefox often is. This is especially important for mobile, where a lot of people don't have access or knowledge to set in place a system wide proxy after rooting their phones, but it is very easy to install Firefox mobile.

What about web browser usage on library or campus computers? Often they will have several browsers installed as well.

The point is that making security more available and easier to use where it matters most is a good idea.

Leon commented on Memorandum on Microsoft’s strategy against Linux and Open Source software (1998)   catb.org/esr/halloween/... · Posted by u/duncan_bayne
dm319 · 8 years ago
There's a lot of people on HN and reddit who don't understand the scepticism some people have for microsoft. But actually, I wouldn't even say things have changed that much recently - Windows 10 was born into controversy with both the forced upgrades and spying. Skype didn't happen too long ago, nor did Nokia.

I also like this post here[1] from reddit about some of the earlier evils of Microsoft's leadership.

[1] https://www.reddit.com/r/AskReddit/comments/3aicvf/what_vill...

I know there is an open-source movement going on with MS, but I inherently don't trust them - they've got prior form and still have the power to shift the software landscape even more in their favour.

Leon · 8 years ago
> forced upgrades

I think the forced upgrades were a good thing. The security model on Windows 10 and continued support of updates to 10 is overall a Good Thing for the average Windows User. The majority of users on Windows run their systems in extremely non-secure ways and skip updates and upgrades completely. This is a danger to the internet as a whole.

To me it ultimately comes down to this: I can't force my older relatives to update their machines or even stop them from running ancient versions of Windows. On that front, Windows 10 made things better.

Posted by u/Leon 8 years ago
When AWS software development imitates xkcdgithub.com/aws/aws-cli/is...
Leon commented on Facing poverty, academics turn to sex work and sleeping in cars   theguardian.com/us-news/2... · Posted by u/tjalfi
Leon · 8 years ago
Usually Football pays for itself.
Leon commented on Why some of the best developers keep quitting   fastcompany.com/40443084/... · Posted by u/gregorymichael
mgkimsal · 9 years ago
If you are actually in the UK, you have some amazing benefits that US-based folks don't get in the form of healthcare. I know, yes, technically, you're paying for it in taxes, but it's there for you all the time, regardless of your employment status or ability to pay for an insurance policy.
Leon · 9 years ago
In addition to more vacation days, maternity leave, etc
Leon commented on Things to know before using AWS’s Elasticsearch Service   read.acloud.guru/things-y... · Posted by u/good_regex
luhn · 9 years ago
I wasn't aware of that option. I'll look into it.
Leon · 9 years ago
A simple solution in this vein is to white list your the EIP addresses of your NAT. This would give access to all resources in a private subnet (this is useful for Lambda's running in subnets).
Leon commented on Introducing Docker Secrets Management   blog.docker.com/2017/02/d... · Posted by u/ferrantim
tonyhb · 9 years ago
wrote this as a comment when that article was posted to YC:

tl;dr: author looks at secret management services and reviews them

KeyWhiz: Provides everything you need but with complex PKI management, meaning setup and maintenance is a pain. Secure.

Vault: A+ would test again. Awesome rotation policies, on-demand secret generation via backends, master key sharing. Legit and secure, everything you need but has to be configured on top of your cluster.

Docker: Super easy to use, and it's built in. 10/10 would use again. Keys encrypted at rest, keys encrypted over the wire, and shared with only nodes who need them. Secure all round

Kube: Totally insecure. Plaintext at rest, plaintext over the network, shared everywhere. Basically a plaintext POC

Leon · 9 years ago
Vault is really wonderful to work with, and its integration with consul makes it phenomenally powerful.
Leon commented on Trump’s F.C.C. Pick Quickly Targets Net Neutrality Rules   nytimes.com/2017/02/05/te... · Posted by u/phaedryx
scarface74 · 9 years ago
And somehow in the more affluent parts of the city where I live, Comcast, Google and AT&T are all competing. AT&T and Google are both offering gigabit internet for $70 a month.

I moved into a brand new subdivision and I had a choice between AT&T fiber and Comcast. It's also ranked as one of the 25 most affluent counties in the U.S. I'm not bragging, any senior software developer making an average salary in the city could easily afford a house here.

On the other hand, in some parts of the state, they use to have a choice between low data cap cable and even lower capped DSL. But AT&T doesn't even offer DSL in some places that they use to. They either pulled out the market or are not accepting new customers.

Make it easier to get right of way to lay cable for internet. Also state governments are making it illegal for counties to offer municipal broadband. The government gives incentives for everything else, why not internet service?

Leon · 9 years ago
> And somehow in the more affluent parts of the city where I live, Comcast, Google and AT&T are all competing. AT&T and Google are both offering gigabit internet for $70 a month.

Google is offering service in limited areas of 8 cities and have put on hold any future expansion. That is not comparative to the rest of the country and shouldn't be used as an example of competition. The country has no real competition for internet service providers.

Leon commented on Psychiatrists Must Face Possibility That Medications Hurt More Than They Help   blogs.scientificamerican.... · Posted by u/aburan28
Alex3917 · 9 years ago
> I have seen these things really work though.

The argument (based on some large scale trials and other data) is that after 2+ years, those on SSRIs are worse off than they would have been without them.

The issue is that by taking SSRIs, you may be getting a few weeks of negligible benefits in exchange for a lifetime of being disabled, when otherwise you'd have been better after a few months using other interventions.

Leon · 9 years ago
Can you cite this?
Leon commented on ‘Diamond-age’ of power generation as nuclear batteries developed   bristol.ac.uk/news/2016/n... · Posted by u/triplesec
patch_collector · 9 years ago
Here's the best I can find, from Eikka's comment on Phys.org:

"Carbon-14 has a mean decay energy of 49 keV or 7.85e-15 Joules and activity of 165e+9 bq/g which gives you a power output of 0.0013 Watts per gram.

So a gram-sized lump of carbon-14 - about half a teaspoon - assuming perfect conversion, will produce 1.3 Milliwatts, or about 1/20th of what it takes to light up a common red indicator LED."

http://phys.org/news/2016-11-diamond-age-power-nuclear-batte...

Leon · 9 years ago
That would actually be perfect for long range interstellar probes. A constant source of energy for thousands of years, even that small, would propel a craft to reasonably high speeds. Give a spacecraft a few pounds and you'd have something really great.
L

u/Leon

KarmaCake day395June 19, 2007View Original