A blog post I wrote got shared there a while back, but I did not ask for an invite back then. 2 years later, and I don’t feel legitimate to ask for an invite anymore
A blog post I wrote got shared there a while back, but I did not ask for an invite back then. 2 years later, and I don’t feel legitimate to ask for an invite anymore
Having a certificate for any subdomain has implications for other sibling domains, even without a wildcard certificate.
By default, web browsers are a lot less strict about Same Origin Policy for sibling domains, which enables a lot of web-based attacks (like CSRF and cookie stealing) if your able to hijack any subdomain
I did not have the money to pay the insane amounts these greedy for-profit certificate authorities asked, so I only remember the pain of trying to setup my self-signed root certificate on my several devices/browsers, and then being unable to recover my private key because I went over the top with securing it.
I can recommend some stuff I’ve been using myself :
I design, deploy and maintain such infrastructures for my own customers, so feel free to DM me with more details about your business if you need help with this
In my experience, OnlyOffice has the best compatibility with M$ Office. You should try it if you haven’t
It’s not that I don’t believe you, I was genuinely interested in knowing more. I don’t understand what’s so “precious” about a random stranger’s thought on the internet if it’s not backed up with any source.
Moreover, I did try searching around for this and could not find any result that seemed to answer my question.
Can you give examples of countries where mainstream media is not owned by billionaires ?
2 years ago was already amazing for someone who tried to play CS 1.6 and trackmania using wine 18 years ago
What I did is use a wildcard subdomain and certificate. This way, only pierre-couy.fr
and *.pierre-couy.fr
ever show up in the transparency logs. Since I’m using pi-hole with carefully chosen upstream DNS servers, passive DNS replication services do not seem to pick up my subdomains (but even subdomains I share with some relatives who probably use their ISP’s default DNS do not show up)
This obviously only works if all your subdomains go to the same IP. I’ve achieved something similar to cloudflare tunnels using a combination of nginx and wireguard on a cheap VPS (I want to write a tutorial about this when I find some time). One side benefit of this setup is that I usually don’t need to fiddle with my DNS zone to set up a new subdomains : all I need to do is add a new nginx config file with a server
section.
Some scanners will still try to brute-force subdomains. I simply block any IP that hits my VPS with a Host
header containing a subdomain I did not configure
Thanks for the details ! Still curious to know how a new instance, with an old domain and fresh keys, would be handled by other instances.
I’m pretty sure they are actually hosting it. The tech is quite different (cofractal uses urls ending with {z}/{x}/{y}
, while their tile sever uses this stuff that works quite differently)
There is even a “Ignore cache” box in the devtools network tab
Yeah, this probably has to do with the cache. You can try opening dev tools (F12 in most browsers), go to the network tab, and browse to pathfinder.social. You should see all requests going out, including “fake requests” to content that you already have locally cached
They told me about hosting their own tile server earlier today. I’m really impressed by how fast they moved !
A pull request for a privacy page during the onboarding is in the works, and I’ve been working with them to update the settings page and documentation (with the goal of providing an easy way to switch map providers). They are also working on a privacy policy, and want to ship all of this in a few weeks as part of a single release.
Once again, I’m really impressed with how well they’re handling this
That’s really really weird, I cannot resolve the domain to an IP, even after trying a bunch of different DNS servers. If you’re on linux, can you run nslookup pathfinder.social
and paste the output here ?
The fact that it has not been bought as soon as the domain expired makes me believe this instance went down before the trend started
These services usually use either or both of passive DNS replication (running public recursive DNS resolvers and logging lookup that returns a record) and certificate transparency logs (where certificate authorities publish the domain names for which they issue certificates). A lot of my subdomains are missing from these services
With all the botting going on on Reddit, this whole Google AI deal makes me think of the recent paper that demonstrates that, as common sens would suggest, deep learning models collapse when successive generations are trained on the previous generations’ output
It does not seem to be the case. Was it the full domain for this instance ?
Recently, 2 different user agents started scraping my Lemmy instance at nearly the same time : AmazonBot and ClaudeBot
I wonder if (and how) it may be related to this headline