If you've read #fmjail: a review on Amazon or your favorite bookstore would help me out.
New Pepper&Carrot "Episode 29: Destroyer of Worlds" is now published online! → https://www.peppercarrot.com/en/article462/episode-29-destroyer-of-worlds
#peppercarrot #krita #creativecommons
@kurtm blue? Any faster and it would be plaid!
@bcallah I found a couple of coworking places downtown that looked like they might be good
@sheogorath sure is convenient for (their business model) that cloudflare is pushing this.
Its a false dichotomy that this is somehow moving things forward, and that everything has negative consequences. Moving dns resolution to client apps away from the OS is not forwards, its backwards. Forwards would be to put it in system resolvers. There is still dhcp to handle, but having it their you can use the existing ‘insecure’ zone and use that to switch to trusted providers
@sheogorath split horizon is about so much more than v6. Its about visibility of network resources. V6 has local scope and local anonymous addresses for this reason fc::/8(rfc4193).
You talk about the ‘average’ user as a coffee shop user, and this is indeed common. But also common is the small and medium business just trying to do their job with internal apps. Which reminds me of another usecase this breaks. VPNs. And anycast/CDNs. 1/?
@sheogorath it’s ugly from the first implementation. It completely breaks local dns and split-horizon dns. Additionally it nicely centralizes all of your surveillance into one spot. Not to mention redirect and capture. All from the exact same companies that brought us PRISM and friends.
As for dnssec, #FreeBSD has had dnssec validation as a single config switch for years now 😉
@sheogorath yeah. And now you need to manually configure every browser on all of your devices that you use to use yours. Now lets not forget split horizon setups. And of course the architectural reasons that a BROWSER shouldn’t bypass system DNS (how many apps are going to start doing this that you will need to figure out how to undo?)
That there are ways to mitigate the horribleness of this doesn’t make it not horrible
@lattera it is a shame. I believe you are the only reason that a number of positive security changes have happened in #FreeBSD despite them existing and being sat on for years. I recently backported the -CURRENT work to -RELEASE. It was trivial levels of code and complexity, ZERO reason it couldn’t have been done sooner.
I feel the abuse you have received is because of this good change you have brought, change is hard, and people don’t like being called out
@mwlucas take it while you got it!
FreeBSD enthusiast and frequent contributor, CommerceHub Sr. Design Lead.
mastodon.crossfamilyweb.com is one server in the network