That article kicks off with a politically motivated "issue" which seems pointed at the US Govt (USG) before dealing with perceived architectural issues.
The thing about trust anchors is that they are trust anchors and not a back door. DNSSEC goes well out of its way too, to not screw up things as far as possible if something is missing. OK, client implementations do that (I haven't gone into the RFCs in too much detail).
The architectural issues alluded to seem pretty handwavy too. I deployed a slack handful of PowerDNS boxes and adding DNSSEC is basically two CLI invocations per domain and passing on the DS records to upstream. The second invocation is to add an adjustment to deal with NXDOMAIN better (can't remember the exact thing at the moment)
If it doesn't work for you then fine - don't use it!
I find it useful and thanks to a decent implementation (so far) it is trivial to implement. However, I'm going to need to get my thinking cap on for some split-horizon domains.
It doesn't work for most sites, which is why so few organizations use it. It's awfully hard to make an argument about how straightforward DNSSEC is to use after DNSSEC had to be disabled by Cloudflare and Quad9 for all of Germany because of a misconfiguration. And it's more or less impossible to take seriously as a security boundary after that. Real security protocols fail closed.
1. Browsers briefly tried adopting DANE and gave up on it.
2. DNS is the wrong level of networking abstraction to do this kind of policy enforcement at, because DNS isn't plumbed for warnings and error reporting; when DNSSEC fails, whole zones simply fall of the Internet (for people who validate) as if they weren't there at all. It's the worst possible failure mode.
3. The thing you say you want can't be had with DNSSEC. You don't get "the whole chain from ICANN to your server". Any of the parent zone operators above you can decide to defect, for your zone specifically, and (particularly for state-level adversaries) for particular targets resolving your zones, without you ever knowing about it.
for wmv in Path(sys.argv[1]).rglob("\*.wmv"):
print(wmv, end=" ")
r = subprocess.run(
["ffmpeg", "-i", wmv, wmv.with_suffix(".mpg")],
stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
)
lines = [l for l in r.stdout.decode().splitlines() if "kb/s:" in l]
print("\n".join(lines) if lines else f"ERROR {r.returncode}")
?
If you go outside stdlib you can use the sh library instead of subprocess.run.
“No one is required to follow The Rule, to know The Rule, or even to think that The Rule is a good idea. The Founder of SQLite believes that anyone who follows The Rule will live a happier and more productive life, but individuals are free to dispute or ignore that advice if they wish.”
As the first section notes, the only reason they posted this is to fulfill a checklist requirement for certain commercial users. The external requirement for a code of conduct, which requesters never read and don’t actually care about, is the actual nonsense here.
Hardly. It may be annoying for commercial users to require a checkboxy code of conduct from the software they choose to use, but taking that opportunity to shove religion down people's throats is very strange behaviour. It also makes me suspicious of SQLite: if they're that brazen, do I need to look out for potential implementations of these rules within the code? Will certain words, like "gay", cause queries to fail? I don't think so and I hope it never will. But this is a SQL database engine and they chose to publicly affiliate it with religion. That's concerning.
I've been considering switching to H2 for a while now to avoid depending on a fat-jar full of binaries. This nonsense has persuaded me to make that switch.
I think you have vastly mistaken what I'm saying. You seem to have leapt from me merely switching away using SQLite in my own projects, to me attempting to purge SQLite from every machine and piece of software I own or something? How odd.
Even with their strange choice to give a SQL database engine an official religion, I'm under no illusion that they'd turn it into actual malware. The example concern I gave was about queries failing, not it rm-rfing my computer. Sheesh.
I don’t know, wouldn’t you be pissed if you tried to search your browser history for “gay” and nothing was found? After all, that’s the threat model you’re proposing that you’re worried about — the thinnest of excuses for your clear and deep bigotry.
When I wrote my example, I was more thinking of database and table names, the schema itself, rather than cell content. There are already various limitations on such things, usually in the form of reserved prefixes. It doesn't seem out of the realm of possibility that a piece of software that officially affiliates itself with a particular religion might infuse that religion within itself. In fact, I find it suspicious that you seem to disregard this possibility entirely. Most explicitly religious software does this.
Instead, you attempt this weird switcheroo where I'm a bigot? Let's recap: a piece of software has officially affiliated itself with a religion that has made no secret of thinking we're evil and persecuting us for it for multiple millennia. I state that this is off putting and wish to switch to alternative software in my own projects. And you call me a bigot for it. Great job, Sherlock.
1. There is no religious affiliation for this project, official or otherwise. It is not “religious software.” The project founder is a Christian, that’s all.
2. You clearly are bigoted against Christians and likely all religious people. Every comment is infused with bigotry. You likely don’t even notice it because you’re swimming in it like a fish.
3. You are free to ignore the code of ethics and the software as much as you like. The code of ethics is not intended to apply to you. This is all clearly spelled out in the document, but you saw the word “Christ” and let your prejudice guide you instead of exercising basic reading comprehension.
If you say so. You seem desperate to cast me as a bigot to explain away my objections. Since we're assuming things about each other's character now, I'm just going to assume you follow this religion and feel attacked by my objection to it being officially adopted by a database library. God forbid, right? Oh well, I've endured a lot worse from you people. Goodbye.
> stubborn and complete intolerance of any creed, belief, or opinion that differs from one's own.
You:
> But this is a SQL database engine and they chose to publicly affiliate it with religion. That's concerning. I've been considering switching to H2 for a while now to avoid depending on a fat-jar full of binaries. This nonsense has persuaded me to make that switch.
It's textbook. Your decision is not based on any actual technical consideration, but rather "stubborn and complete intolerance." You can't conceive of a publicly Christian person who wouldn't use the software they wrote to somehow attack you, even though Dr. Hipp would never dream of doing anything like that.
Why can't you conceive of this? Because of your bigotry.
> stubborn and complete intolerance of any creed, belief, or opinion that differs from one's own.
What an odd definition, where did you get it from? Bigotry is being unreasonably intolerant. Your definition would cast intolerance of naziism as bigotry (Godwin's Law, yes, I know). But this doesn't surprise me since you don't seem to understand what "goodbye" means either. It's a shame this site has no equivalent to a block feature.
We're not talking about Nazis though, are we? We're talking about well over two billion people (possibly more than six billion if it extends beyond Christianity). Your prejudice against them is almost prima facie unreasonable.
You would be absolutely shocked how many software projects are still run, to this day, without source control at all. Or automated (or manual) testing. And how many hand crafted artisanal servers are running on AWS, never to be recovered if their EC2 instance is killed for some reason.
Sure, but that’s a small and shrinking market. Not a source of economic security or growth for its employees, nor for most of its companies (though some have defended niches).
I've seen growing companies running multiple million ARR through systems like that. It's way more common than you'd think if you're a professional software developer.
I seriously don't see how version control and LLMs are comparable. A deterministic way to track code changes over time, versus an essentially non-deterministic statistical code generator that might get you what you want, and might do it in a reasonable time frame, and that might not land you in a minefield of short-term-good/long-term-bad design points.
> an essentially non-deterministic statistical code generator that might get you what you want, and might do it in a reasonable time frame, and that might not land you in a minefield of short-term-good/long-term-bad design points.
Sounds like a human? The ‘statistical’ part is arguable, I suppose.
There is an absolute embarrassment of modern tooling in other categories I have no problem whatsoever embracing. I'm not a holdout for being stuck in my ways. Maybe I value things other than expediency at massive cost. Maybe I speak just as well to computers as I do to humans.
I'm sure I will have no problem whatsoever remaining in the employ of a firm that trusts me to make products and tooling that still push the envelope of what's possible without having to resort to the sheer brute force of trillion parameter-scale models.
There is no massive cost. For 80% of the brute work that needs to be done day in and day out LLMs provide code as good as a senior engineer provided you have sufficient competency in steering the model, but done at breakneck pace.
Then watch it f'up half your codebase because it thinks it's slightly related to your examples. The alternative, giving it 10 examples, is actually more work.
Against DNSSEC: https://sockpuppet.org/blog/2015/01/15/against-dnssec/
reply