Domi

My tip is to play the game until you find it fun, while developing it.

That’s a good tip, if your testing sessions get longer and longer because playing the game is fun you’re on the right track.

Hunt works perfectly fine on Linux, played a few rounds yesterday.

Tarkov still does not.

Also works well for the opposite use case.

I’m a good programmer but bad at math and can never remember which algorithms to use so I just ask it how to solve problem X or calculate Y and it gives me a list of algorithms which would make sense.

So what’s the big fuggin’ problem here? That Intel won’t use the term “recall”?

Would you say the same thing about a car?

“We know the door might fall off but it has not fallen off yet so we are good.”

The chances of that door hurting someone are low and yet we still replace all of them because it’s the right thing to do.

These processors might fail any minute and you have no way of knowing. There’s people who depend on these for work and systems that are running essential services. Even worse, they might fail silently and corrupt something in the process or cause unecessary debugging effort.

If I were running those processors in a company I would expect Intel to replace every single one of them at their cost, before they fail or show signs of failing.

Those things are supposed to be reliable, not a liability.

Sodium-based batteries currently have a lower energy density than lithium-based batteries so they are only useful in some applications.

The RFC you linked recommends that no new X- prefixed headers should be used.

The paragraph you quoted does not say you should use the X- prefix, only comments on how it was used.

See section 3 for the creation of new parameters: https://datatracker.ietf.org/doc/html/rfc6648#section-3

I still work on software that extendively uses X- headers.

I wouldn’t worry too much about it. The reason they give is mostly that it is annoying if a X- header suddenly becomes standardized and you end up having to support X-Something and Something. Most likely a non-issue with real custom headers.

We don’t have many unit tests that test against live APIs, most use mock APIs for testing.

The only use for this header would be if somebody sees it during development, at which point it would already be in the documentation or if you explicitly add a feature to look if the header is present. Which I don’t see happening any time soon since we get mailed about deprecations as well.

I don’t really get the purpose of a header like this, who is supposed to check it? It’s not like developers casually check the headers returned by an API every week.

Write them a mail if you see deprecated functions being used by a certain API key, probably much more likely to reach somebody that way.

Also, TIL that the IETF deprecated the X- prefix more than 10 years ago. Seems like that one didn’t pan out.

My first sentence when I get connected to a chat bot is always “Let me speak to a human”.

Yes, because Docker becomes significantly more powerful once every container has a different publicly addressable IP.

Altough IPv6 support in Docker is still lacking in some areas right now, so add that to the long list of IPv6 migration todos.

There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.

While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.

Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.

Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.

That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.

Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.

Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.

For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.

However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.

It should not be the sole source of security but it definitely adds to it if done right.

With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.

Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.

I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.

Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.

There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.

If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.

With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.

Reddit once banned me for “vote brigading” a post on a subreddit that was linked in a different subreddit, a full year after I upvoted said post.

That was the day I stopped interacting on Reddit.

This seems like common sense, no?

Hindsight is 20/20. As seen in the post, there’s not that many APIs that don’t just blindly redirect HTTP to HTTPS since it’s sort of the default web server behaviour nowadays.

Probably a non-issue in most cases since the URLs are usually set by developers but of course mistakes happen and it absolutely makes sense to not redirect HTTP for APIs and even invalidate any token used over HTTP.

That website is horrible, reads like somebody having a temper tantrum.

OP didn’t ask for unpopular languages but for languages you want to be more popular.

I also want C# to be more popular, it’s a fantastic language.

Especially since AI is already in Firefox, the offline translation feature uses local NMT models.

https://github.com/mozilla/firefox-translations-models

That depends, we have quite a few images that are just a single shell script or a collection of shell scripts which run as jobs or cronjobs. Most of them are used for management tasks like cleaning up, moving stuff or debugging.

Has the big advantage of being identical on each node so you don’t have to worry about keeping those shell scripts up to date with volumes. Very easy to just deploy a job with a debug image on every node to quickly check something in a cluster.

Of course, if the shell script “belongs” to an application you might as well add the shell script in the application container and override the start arguments.