Hacker News new | past | comments | ask | show | jobs | submit | johnbellone's comments login

Of course he is.

Someone somewhere is still running a gopher server.


Having a fixed path for a search api is a great idea.


The Boeing of today is merely a husk of its former glory. If the U.S. had another viable domestic airplane manufacturer I bet we’d see a lot more pressure on them. That can still happen. I hope it does.


When Lockheed left the civil aircraft market after the TriStar it was largely because the three-way competition with Boeing and McD was unviable.

Given that, the subsequent merger of McD with Boeing should not have been approved.


The commercial aircraft part of McD was dead when the merger happened. The had a cash cow called the "MD-80", which was a derivative DC-9. That had stopped selling.

Boeing got more value out of the defense part of McD.


It’s over, you can’t just rebuild the old Boeing. It’s gone.

Good job bean counters.


…not because it’s impossible. Because there is zero incentive to do so. The money has been taken.



It definitely does not run “just fine”. It’s passable at best.


Still doesn’t beat ksh cgi server. Ugh.


https://officecdn.microsoft.com

> Validity

> Not Before - Fri, 18 Aug 2023 02:17:43 GMT

> Not After - Thu, 27 Jun 2024 23:59:59 GMT

> Subject Alternative Name

> DNS Name - cdn.entity.osi.office.net

> DNS Name - cdn.entity.osi.officeppe.net

> DNS Name - cdn.uci.edog.officeapps.live.com

> DNS Name - cdn.uci.officeapps.live.com

> DNS Name - uci.cdn.office.net

> DNS Name - uci.edog.cdn.office.net

[1]: https://crt.sh/?id=12376893471



i feel a bit dumb right now...

always thought that using *.domain.net for home-use was cool, because that way random people don't know what kinds of subdomains i use.

turns out they can find it out by just checking all the certs for my domain. well. the more you know.


You shouldn't beat yourself up too much. TLS is HARD and poorly documented, and implementations vary significantly between applications and vendors (and are very dumbly designed). TLS is what you get when you let someone implement technology with specific domain knowledge (encryption) but no UX abilities or a comprehensive understanding of how their solution will be used.

I had the same horrified realization a few years ago when someone explained Certificate Transparency[1] to me.

[1] https://en.wikipedia.org/wiki/Certificate_Transparency


If you use a wildcard cert, then only "*.domain.net" is recorded in the logs, not the actual hostnames you're using.


ah, my mistake then. i use a wildcard dns-record but separate letsencrypt-certs for every subdomain. so to truly be stealthy i'd have to use a wildcard dns-record AND a wildcard ssl-cert.

sounds like i got myself a project for this weekend, implement a wildcard cert for my rev-proxy at home :)

EDIT: i guess the logs would still show the old certs, so my subdomains would still be exposed. huh. at least future subdomains would be hidden.

EDIT2: are there more ways for subdomains to get exposed, other than through DNS or SSL-Certs?


can't edit my previous comment anymore.

i got a wildcard-cert, implemented it on my proxy, everything works!

unfortunately, to be stealthy, i almost have to switch to a different domain. then request a new public IP, and switch.


I have a reverse proxy that is in front of all my services (caddy) which uses a wildcard cert to avoid this very concern.


i use NPM at home. tested caddy a bit but i really liked NPMs convenience of having a Web-UI. allows me to do stuff remotely on my phone without having to dive into conf files.

anyways, what i liked about caddy was how easily it handles SSL-certs, for sure makes it easier to use! :) gonna have to look into how i can give a wildcard-cert to my rev-proxy.


> https://crt.sh...

I like.

I picked up a client with a bunch of web brands and well, you know.


91245402


501108 - never forget


Bingo.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: