Hacker News: arisudesu

New comment by arisudesu in "6-Day and IP Address Certificates Are Generally Available"

arisudesu — Sat, 17 Jan 2026 14:19:18 +0000

What do you mean by 'LAN', everything should be routable globally with IPv6 decade ago anyway /s

New comment by arisudesu in "WhatsApp introduces ads in its app"

arisudesu — Tue, 17 Jun 2025 11:46:32 +0000

Doesn't it require a central server for communications?

New comment by arisudesu in "WhatsApp introduces ads in its app"

arisudesu — Tue, 17 Jun 2025 10:50:50 +0000

And so, WhatsApp has reached parity with Telegram in features, in the sense that both now show ads (even though Telegram was initially promoted as always free and without ads, it was the first to abandon this promise and shamefully removed it from the main page).

Time for a new messenger, and I don’t mean Signal, but the creation of some kind of old Skype, with a peer to peer protocol. It was very good before Microsoft bought it. Of course, if the code is open and does not require a proprietary server part.

New comment by arisudesu in "TLS certificate lifetimes will officially reduce to 47 days"

arisudesu — Thu, 17 Apr 2025 11:21:59 +0000

Having short-lived certificates is good, replacing them too often is not. This is implemented trivially for single-host deployments which just run certbot or ACME each subdomains. But for sophisticated setups where a certificate for a domain (or multiple domains or a wildcard) must be shared across fleet of hosts, it is a burden.

There are no ready-made tools available to automate such deployments. Especially if a certificate must be the same for each of the hosts, fingerprint included. Having a single, authoritative certificate for a domain and its wildcard subdomains deployed everywhere is much simpler to monitor. It does not expose internal subdomains in certificate transparency logs.

Unfortunately, organizations (persons) involved in decisions, do not provide such tools in advance.

New comment by arisudesu in "Why “alias” is my last resort for aliases"

arisudesu — Wed, 05 Mar 2025 14:19:17 +0000

Doskey is a (kind of) Windows replacement for shell aliases, and it can be configured to auto-execute macros file in new cmd.exe windows.

New comment by arisudesu in "Why “alias” is my last resort for aliases"

arisudesu — Wed, 05 Mar 2025 14:15:39 +0000

Surely this is possible way to alias commands, but keep in mind that PATH extensions are made available not only in shell, but to all programs started from it, well, because it is environ. Whereas aliases are available only for use inside shell, but they're not executable by programs started from it. They are not the same.

New comment by arisudesu in "No Calls"

arisudesu — Thu, 16 Jan 2025 17:14:29 +0000

May it happen that CloudFlare stops sending their call invitations to me. I have an account at them which has shared access to company domains, because sometimes I was needed to assist with them. CloudFlare reps repeatedly e-mail me to schedule a call, even after I replied to them and told that I am not a person directly responsible for our domains and asked to stop mailing me. Whoever was their rep at that time, answered that they will stop. Some time passed, and they started e-mailing again. Eventually I started putting their e-mails to spam folder.

New comment by arisudesu in "The trouble with struct sockaddr's fake flexible array"

arisudesu — Fri, 29 Nov 2024 07:03:10 +0000

Either I don't understand the problem completely, or why wasn't it possible to introduce something like 'ex' address family that allowed to pass and disambiguate extended parameter format(s) which would include array sizes etc? We had these *Ex functions everywhere in Win32 API for an eternity, why unices couldn't do the same trick?

New comment by arisudesu in "Thunderbird 128 "Nebula""

arisudesu — Fri, 12 Jul 2024 16:07:29 +0000

There's no update in app. I'm on 115.12.2 esr. How's Thunderbird's branches work, again?

New comment by arisudesu in "Dehydrated: Letsencrypt/acme client implemented as a shell-script"

arisudesu — Sat, 20 Apr 2024 21:13:13 +0000

This script is explicitly a Bash script and it is not executable by every other shell present on modern unix-like systems. Examples are Korn shell, Almquist shell. Hence the distinction: if one states that the script is a shell-script, it implies that it can be interpreted by any modern shell, for which there is only one common denominator, POSIX. This script is explicitly only Bash shell compatible, not any-shell compatible.

New comment by arisudesu in "Dehydrated: Letsencrypt/acme client implemented as a shell-script"

arisudesu — Sat, 20 Apr 2024 20:56:12 +0000

I am not familiar with zsh, but is it really interpreted by zsh? Because the script has #!/usr/bin/env bash in its shebang, isn't it executed by bash on your system, even if launched from zsh?

New comment by arisudesu in "Dehydrated: Letsencrypt/acme client implemented as a shell-script"

arisudesu — Sat, 20 Apr 2024 12:53:07 +0000

As a bash script actually, not a (implied POSIX) shell script. Do not mix these two.

New comment by arisudesu in "Quickwit 0.8: Indexing and Search at Petabyte Scale"

arisudesu — Sat, 23 Mar 2024 17:36:27 +0000

musl support would be highly appreciated.

New comment by arisudesu in "rustup in official apt repositories: starting from Debian 13 and Ubuntu 24.04"

arisudesu — Wed, 20 Mar 2024 22:23:57 +0000

I understand that rustup can be convenient, but I don't get why they insist on using this tool. It should be enough to distribute the toolchain and std as a zip file.

New comment by arisudesu in "Improving cursor rendering on Wayland"

arisudesu — Fri, 15 Mar 2024 17:41:01 +0000

Why are all these problems? Wasn't this solved already years ago in another software, I mean, Xorg? Why do we need to revisit the problem again?

New comment by arisudesu in "Rclone syncs your files to cloud storage"

arisudesu — Sat, 27 Jan 2024 15:26:42 +0000

Mind sharing the reasons?

New comment by arisudesu in "Timeline to remove DSA support in OpenSSH"

arisudesu — Thu, 11 Jan 2024 16:36:33 +0000

Don't confuse the Internet and networks please. Older machines are completely fine to be used in private firewall-protected networks, as long as they're facing only LAN. SSH still be required to access them.

New comment by arisudesu in "The novel HTTP/2 'Rapid Reset' DDoS attack"

arisudesu — Tue, 10 Oct 2023 17:33:35 +0000

By request flood I mean, request flood, as in sending insanely high number of requests per unit of time (second) to the target server to cause exhaustion of its resources.

You're right, with HTTP/1.1 we have single request in-flight (or none in keep-alive state) at any moment. But that doesn't limit number of simultaneous connections from a single IP address. An attacker could use the whole port space of TCP to create 65535 (theoretically) connections to the server and to send requests to them in parallel. This is a lot, too. In pre-HTTP/2 era this could be mitigated by limiting number of connections per IP address.

In HTTP/2 however, we could have multiple parallel connections with multiple parallel requests at any moment, this is by many orders higher than possible with HTTP/1.x. But the preceeding mitigation could be implemented by applying to the number of requests over all connections per IP address.

I guess, this was overlooked in the implementations or in the protocol itself? Or rather, it is more difficult to apply restrictions because of L7 protocol multiplexing because it's entirely in the userspace?

Added: The diagram in the article ("HTTP/2 Rapid Reset attack" figure) doesn't really explain why this is an attack. In my thinking, as soon as the request is reset, the server resources are expected to be freed, thus not causing exhaustion of them. I think this should be possible in modern async servers.

New comment by arisudesu in "The novel HTTP/2 'Rapid Reset' DDoS attack"

arisudesu — Tue, 10 Oct 2023 17:16:59 +0000

Is is a fundamental HTTP/2 protocol issue or implementations issue? Could this be an issue at all, if a server has strict limits of requests per IP address, regardless of number of connections?

New comment by arisudesu in "The novel HTTP/2 'Rapid Reset' DDoS attack"

arisudesu — Tue, 10 Oct 2023 13:22:10 +0000

Can anyone can explain what's novel about this attack that isn't plain old requests flood?