metafunctor (u/metafunctor)

metafunctor commented on I got hacked: My Hetzner server started mining Monero blog.jakesaunders.dev/my-... · Posted by u/jakelsaunders94

drnick1 · 2 months ago

In practice, this is basically impossible to implement. As a user behind a firewall you normally expect to be able to open connections with any remote host.

metafunctor · 2 months ago

Not impossible at all with a policy-filtering HTTPS proxy. See https://laurikari.github.io/exfilguard/

In this model, hosts don’t need any direct internet connectivity or access to public DNS. All outbound traffic is forced through the proxy, giving you full control over where each host is allowed to connect.

It’s not painless: you must maintain a whitelist of allowed URLs and HTTP methods, distribute a trusted CA certificate, and ensure all software is configured to use the proxy.

metafunctor commented on Native Secure Enclave backed SSH keys on macOS gist.github.com/arianvp/5... · Posted by u/arianvanp

adastra22 · 3 months ago

Is there a way to make the lifetime of the key last more than a year?

metafunctor · 3 months ago

The key itself appears to have no validity period, the validity period is only for the certificate made for the key. Maybe you could create a CSR for the key/identity and then sign it with your own CA (or self-sign with openssl) for whatever validity period you like. Then `sc_auth import-ctk-certificate`.

metafunctor commented on NPM debug and chalk packages compromised aikido.dev/blog/npm-debug... · Posted by u/universesquid

jiggawatts · 5 months ago

> every three years the people get swapped out

That's because they are being "replaced", in a sense!

When an industry doubles every 5 years like web dev was for a long time, that by the mathematical definition means that the average developer has 5 years or less experience. Sure, the old guard eventually get to 10 or 15 years of experience, but they're simply outnumbered by an exponentially growing influx of total neophytes.

Hence the childish attitude and behaviour with everything to do with JavaScript.

metafunctor · 5 months ago

Good point! The web is going through its own endless September.

And so, it seems, is everything else. Perhaps, this commentary adds no value — just old man yells at cloud stuff.

metafunctor commented on NPM debug and chalk packages compromised aikido.dev/blog/npm-debug... · Posted by u/universesquid

parliament32 · 5 months ago

The NPM team has repeatedly commented that it's "too hard", effectively, and would discourage new developers from publishing packages. See:

https://github.com/npm/npm/pull/4016#issuecomment-76316744

https://news.ycombinator.com/item?id=38645969

https://github.com/npm/cli/commit/5a3b345d6d5d175ea9ec967364...

metafunctor · 5 months ago

The npm team is, frankly, a bunch of idiots for saying that. It has been obvious for TEN YEARS that the bar for publishing npm packages is far too low. That’s what made npm what it is, but it’s no longer needed. They should put on their big boy pants.

metafunctor commented on NPM debug and chalk packages compromised aikido.dev/blog/npm-debug... · Posted by u/universesquid

0cf8612b2e1e · 5 months ago

Not a web guy, but that seems a bonkers default. I would have naively assumed a lockfile would be used unless explicitly ignored.

metafunctor · 5 months ago

Welcome to the web side. Everything’s bonkers. Hard-earned software engineering truths get tossed out, because hey, wtf, I’ll just do some stuff and yippee. Feels like everyone’s stuck at year three of software engineering, and every three years the people get swapped out.

metafunctor commented on Nginx introduces native support for ACME protocol blog.nginx.org/blog/nativ... · Posted by u/phickey

metafunctor · 6 months ago

I never saw it as a problem for nginx to just serve web content and let certbot handle cert renewals. Whatever happened to doing one thing well and making it composable? Fat tools that try to do everything inevitably suck at some important part.

metafunctor commented on Get the location of the ISS using DNS shkspr.mobi/blog/2025/07/... · Posted by u/8organicbits

edent · 7 months ago

Yes. As I say in the post, you shouldn't use this for docking operations.

If you know of a DNS update which allows for per-minute updates for free, I'll happily move to it.

metafunctor · 7 months ago

It’s quite easy to run your own DNS server — I've found it a worthwhile exercise. Of course, you’ll need a server to run it on.

metafunctor commented on Weight-loss drug found to shrink muscle in mice, human cells ualberta.ca/en/folio/2024... · Posted by u/Eumenes

cyberax · a year ago

> For the people who lift weights while on this/these drugs, how much lean muscle do they lose?

I was 92kg when I started on liraglutide (I was doing GLP-1 agonists before it was cool!) and 67% of muscle mass (61kg). I'm now at 69kg and 82% of muscle mass (56kg). I'm doing weight and resistance training twice a week, in addition to aerobic training.

One nice thing, while muscles don't become more massive, they for sure become more pronounced and visible with weight loss.

metafunctor · a year ago

Those muscle mass percentages cannot be right. How were they measured?

metafunctor commented on Cloudflare beats patent troll so badly it basically gives up theregister.com/2024/10/0... · Posted by u/Brajeshwar

xbar · a year ago

Sabre was a charming little Santa Clara network company, decades ago.

But some incompetent entrepreneurs and a shabby LA law firm tried to win at a patent trolling. The outcome is hilarious only because I am not paying Cloudflare's lawyers.

metafunctor · a year ago

Sabre or Sable?

metafunctor commented on Show HN: A macOS app to prevent sound quality degradation on AirPods apps.apple.com/us/app/cry... · Posted by u/mrtksn

tomduncalf · a year ago

You don’t even need it to be as complex as that, I just have an aggregate device which only has the MacBook microphone input enabled and no outputs, then you set this as your _input_ device in Sound preferences, but leave the output device as is.

It’s easy to create the aggregate input device, go to the Audio MIDI Setup app, in the audio window click the plus in the bottom right and choose “new aggregate device”, then tick MacBook Microphone on the right. Then to System Preferences > Sound > Input and assign this new “virtual” device as your input device. (You can rename it if you want)

Now your Mac will automatically switch audio output source as usual, but the input remains locked to the microphone so you don’t get this annoying problem.

metafunctor · a year ago

I was excited to try this, since I'm a bit tired of selecting the input manually multiple times per day. Unfortunately, connecting AirPods automatically switches the input to them, regardless of the previously selected input device, whether it's an aggregate device or not.