grandkaiser
@grandkaiser@lemmy.world
- Comment on space 2 months ago:
If you travel 6 month to the future, you are still in the point where you started, but the Earth will be on the other site of the Sun.
Why would you remain spatially locked to the sun? The solar system is moving around the milky way. The Milky way is traveling at around 370 miles per second if we use the universe as a frame of reference. A point is both a place and a moment. Everything is moving relative to everything else. Time travel is also space travel.
- Comment on Me after I got fired 4 months ago:
Attn: security team
Hi,
I think someone on Lemmy has hacked into every work environment I’ve ever coded in
- Comment on queer.af, a Mastodon instance, has been killed by the Taliban 5 months ago:
DNS engineer here: it’s the bane of my existence. Vanity TLDs were a cash grab for ICANN. They have made defensive domains a nightmare
- Comment on Mercedes-Benz debuts turquoise exterior lights to indicate the car is self-driving | A visual indicator for other drivers 6 months ago:
But at least other countries don’t have lowbrow coal rollers.
Every nation has its idiots, definitely not unique to the US
- Comment on Here as well 6 months ago:
To serve kernel is a cookbook! 🍿
- Comment on A minor oopsie 6 months ago:
extreme look of distrust intensifies
- Comment on ‘Nudify’ Apps That Use AI to ‘Undress’ Women in Photos Are Soaring in Popularity 6 months ago:
Can’t put the genie back in the bottle
- Comment on 23andMe confirms hackers stole ancestry data on 6.9 million users 6 months ago:
Liberal? The “personal freedom from government” folks? I think you’re thinking of someone who is pro authoritarian. I could 100% see a tankie, fascist, or right-wing authoritarian agreeing with that.
- Comment on should i?? 6 months ago:
Yeah, well, there’s also a warning label on Q-tips to not stick em in your ear canal.
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 6 months ago:
The military is as concerned with civilian gps as much as they are with anything else that isn’t military-related: not their issue to solve. They won’t stop anyone from using encrypted gps. They really won’t. The only branch on the us that actively tries to prevent public encryption is the NSA. (Even then, they wouldn’t block something like gps). For the record, I’m a security engineer, previously worked for the DOD, and used to work in satcom.
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 7 months ago:
The military didn’t design it for civilian use. That’s really all there is to it.
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 7 months ago:
If they shared the encryption keys, then it wouldn’t be safe from spoofing anymore. The whole point of encryption is to not share the keys.
Also, before someone tries to point out PKI, the satellites don’t use PKI. So that’s not relevant. You can’t share the current keys without jeopardizing the system.
- Comment on AAAAtoms 7 months ago:
90 f was the average temperature of the human body. 0 in fahrenheit used to be the eutectic point of water and ammonium chloride. Eventually though, the scale was adjusted so that the lower point was the freezing temperature of water (32 degrees) and the upper point was the boiling point of water (212 degrees) this was chosen so that there would be a highly divisible number between them (180) due to this adjustment, 0 isn’t special in fahrenheit, and neither is 90.
- Comment on Microsoft develops ultra durable glass plates that can store several TBs of data for 10000 years 8 months ago:
You can write to it…
once
- Comment on Wyze security camera owners reported that they could briefly see feeds from cameras they didn’t own 9 months ago:
Encrypted VPN between each side. IPSEC over GRE using 1024-bit AES encryption is more than enough.
- Comment on Coming to you soon... 10 months ago:
Most decent ad blockers already don’t load ads
- Comment on Elon Musk and company take @x handle from its original user. He got zero dollars for it. 11 months ago:
Is that not what the title says? Like, i’m new to Lemmy so maybe i’m confused? Didn’t OP write “He got no money from it :(” in the title?
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
They don’t know unless the DNS server tells them. For example, a very popular webhost Akamai uses a complex DNS + web hosting suite (DNS edgesuit to be exact) to send that type of data to the web servers. It can also allow for many many other features.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
Friday I was doing a zone transfer! What are the odds?
A zone transfer is like moving houses, except for an authoritative zone.
In DNS, we have what’s called an authoritative zone. That means the device hosting the “resource records” (all the data that DNS passes around) is the “ultimate” answer. I.e, it’s not cached data. It’s not a hosts file. It’s not a recursive answer. It’s the real deal.
When you want to move the authoritative zone to another server, you do a “zone transfer” that means the new server will copy all the resource records over TCP from current authoritative zone. The reason you may want to do this instead of manually hand-jamming it is that many large organizations have, sometimes, hundreds of resource records (last month I coordinated a zone transfer that was over 1000 records!).
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
- Yes. Unless there’s some kind of crazy domain-level hi-jinks involved with Lemmy (I am not versed in Lemmy), pointing directly to the IP will work if you bypass it by spoofing your DNS (Hosts file, for example).
- I don’t know how Lemmy federation works, sorry :(
- See #2
Sorry that I couldn’t answer more of your questions.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
It’s a little stronger than that. The country gets the final say on where the root zones point to when it comes to their assigned country code. Many countries employ private organizations to handle their TLD. They aren’t supposed to be paid for that though. (But it 1000% happens under the table)
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
To answer your other question, www.cakefarts.com is now accessible from cakefarts.com for one of two reasons:
- Your web browser automatically checks the A record “www” if “cakefarts.com” doesn’t have an A record. A records are the records in a DNS server that says "this domain goes here"
- The site cakefarts.com put their website on cakefarts.com and placed a CNAME record called “www” that points to cakefarts.com
- cakefarts.com has an APEX record that points to www.cakefarts.com
For the ‘record’, www is just a really common record name. There’s nothing special about it. You could have dudebro.cakefarts.com or wwwwwww.cakefarts.com. It’s up to the domain owner.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
Btw, .com is owned by the US Department of COMmerce. .org is owned by a non-profit organization called “Public Internet Registry”
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
Also, if you’re genuinely interested in this field, first you should enter the world of enterprise network engineering. Get Security +, CCNA, and PCNSA. With those certs in hand (and knowledge in your brain), apply to jobs as a network support engineer. Do the work for a few years. Learn BIND. Learn Infoblox. Focus on learning DHCP and subnetting. Learn DNSSEC & IPv6. Experiment with a Pi Hole. Set up a home lab. Apply to jobs with DNS. Start living the good life.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
Ah, thanks for the info! I have no idea how Lemmy stuff works. I only became aware of Lemmy last month.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
An alternative DNS root is where someone other than IANA sets up a root zone. At the end of the day, root zone authority is technically not “hard coded”. It’s a terrible idea to set up an alt root or to use one for these reasons:
- Security. This is the biggest one. DNSSEC works via setting up Trust Anchors with the root zone and chaining down the tree all the way to the recursive DNS server. DNSSEC doesn’t work if anyone in there doesn’t have a trust anchor for the root zone. Additionally, if that root zone is untrustworthy, you can effectively have DNS poisoning happen at the root level. Imagine having two google.com’s based on which root zone (and therefore walking two separate trees) you ask.
- It encourages dividing the internet. The two largest Alt zones are Russia’s (RNDNS) and China’s (.chn). RNDNS exists as a continuity plan in case the rest of the world decides to cut them off of the internet. China’s is part of a hare-brained plan to “reinvent the internet under IPv9” (an idiotic plan that sounds even more crazy than Iran’s supposed “quantum computer”)
- Pointing to a different root zone can cause a lot of headaches for diagnosing DNS issues when they aren’t coming down from the same root zone. It can cause different answers (and a parallel tree).
To answer your second question, they are not good for acting as a way to mitigate DNS failures. No domain servers are going to be asking them in the first place, meaning no one can get there even if it does have the “correct” answer. If all 13 root servers went down simultaneously, the results would be catastrophic. But that’s also why they’re physically located around the world in many different countries in heavily secure facilities with many High-Availability servers (clone servers that instantly take over if there’s a failure, the ultimate “hot” server)
You wouldn’t want to have a DNS server ask two root zones anyway. If it can’t reach the root zones, then that needs to be addressed. You can’t just ask a “less secure” server in case the primary doesn’t work. That’s just begging for a security breach via cutting off access to the primary root zones so that they “fail over” to the less secure ones.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
So here’s the thing about TLD’s, ownership of them is determined by IANA (Internet Assigned Numbers Authority). They’re basically my career’s gods. If they tell me to jump, I ask “how high”. They control the DNS root zone. Effectively, that’s the actual top-level of ALL domains. If they decide to remove a TLD or reassign it, all you can do is lodge a complaint straight to their shredder. They’re owned and operated by ICANN, a non-profit organization.
Back in 2013, Mali allowed a private Netherlands company to “manage” (rent) their TLD, .ML Recently, that company (Freenom) got sued by Meta. Even though I don’t really like Meta, as a network engineer, I don’t like Freenom even more. They turn a blind eye to bad actors on the internet, refuse to investigate hackers/scammers/DDOSers, and generally refuse to play ball. They are a huge pain in the ass. Due to the lawsuit, IANA reassigned ML to Mali since they asked for it. At the end of the day you “cant” sell a country-level TLD. Mali was renting it to Freenom under the table. This happens a lot and IANA usually just looks the other way. .io for example is the freakin’ Indian Ocean.
So yeah, Mali didn’t “snatch” it. They just asked IANA to reassign it and there isn’t shit Freenom can do about it.
- Comment on Welp that answers a lot of why all .ml are down 11 months ago:
Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away!