More

silverwind · 2026-01-19T19:01:42 1768849302

It's more likely because the internet runs on a very small number of authorative server implementations which all implement this ordering quirk.

immibis · 2026-01-19T21:42:20 1768858940

This is a recursive resolver quirk

zinekeller · 2026-01-20T00:07:32 1768867652

... that was perpetuated by BIND.

(Yes, there are other recursive resolver implementations, but they look at BIND as the reference implementation and absent any contravention to the RFC or intentional design-level decisions, they would follow BIND's mechanism.)

account42 · 2026-01-20T11:20:16 1768908016

It's also the most natural way to structure the answer:

Hey, where can I find A.

Answer: A is actually B

Answer: Also B can be found at 42

silverwind · 2026-01-14T13:32:21 1768397541

I hope uBlock will support Servo if `webRequestBlocking` is implemented like in Firefox.

silverwind · 2026-01-03T09:14:06 1767431646

> That's great until you need to connect to a work/client VPN that decided to also use 10.0.0.0/8.

There's numerous other reserved IPv4 blocks that can be used: https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4. Would definitely not recommend to use 10/8 for private networks.

nijave · 2026-01-04T15:31:33 1767540693

Landed on 172.16/22 for this reason however it's not uncommon how an enterprise to use all 3 private classes. One place I worked used 192.168 for management, 10 for servers, and 172 for wifi

Using 2 different classes has been a pretty common setup for wifi and wireless in my experience

silverwind · 2025-12-23T19:57:25 1766519845

Likely not, given that it only implements ES5.

silverwind · 2025-12-20T05:41:12 1766209272

Pinning actions doesn't really work because most action dependencies are unpinned thanks to npm default behaviour of not pinning them.

baobun · 2025-12-20T08:18:10 1766218690

Just don't use actions which pull in arbitrary npm packages without a lockfile.

NamlchakKhandro · 2025-12-20T08:56:34 1766220994

Why does this matter?

JavaScript actions are already bundled.

silverwind · 2025-12-19T00:52:20 1766105540

SVG can for example contain text elements rendered with a font. If the font is not available it will render in a different one. The issue can be avoided by turning text elements into paths, but not all SVGs do that.

GoblinSlayer · 2025-12-19T17:06:28 1766163988

Also text zoom.

silverwind · 2025-12-19T00:50:13 1766105413

svgo is a minifier, not a sanitizer.

ivw · 2025-12-20T18:00:19 1766253619

I should have clarified `svgo + removeScripts`

https://svgo.dev/docs/plugins/removeScripts/

silverwind · 2025-12-16T10:24:50 1765880690

You should run VPN on your gateway instead.

silverwind · 2025-12-16T00:29:31 1765844971

Sounds like planned obsolescence if devices stop working after 5 years or less.

majewsky · 2025-12-16T10:02:30 1765879350

Only for devices that do not allow you to patch the CA bundle as an aftermarket repair. Call your representative and demand Right to Repair legislation.

aftbit · 2025-12-18T17:11:02 1766077862

That is ... basically all of them? Other than general purpose desktop/laptop computers that is. Show me a TV or smartphone that does allow you to push new roots to it...

silverwind · 2025-12-15T18:31:11 1765823471

Not a problem if you have the cert on a shared load balancer, not on the services directly.

0127 · 2025-12-15T19:35:26 1765827326

This is what we do for development containers/hosts - put them behind *.dev.example.com, allows us to hide most testing instances using a shared load balancer. And with a single wildcard CNAME, No info is leaked in CT logs or DNS. Said LB is firewalled, but why pay for extra traffic that's just going to be blocked?