I ran from Reddit, it be like that

  • 8 Posts
  • 1.56K Comments
Joined 2 years ago
cake
Cake day: June 7th, 2023

help-circle








  • Nice opinion piece, but I disagree with the core idea that dnssec’s biggest problem is visibility (also, there hasn’t been any padlock icon in years in browsers). IMHO we have 3 main drivers that made https a success, and dnnsec (and smtps) not:

    • enforced by browsers: while you could file it under “visibility”, the difference to me is that browsers refuse to load your site without https. If they had resorted to a mere red address bar, https would never really have taken off.
    • ”atomic”: a site with failed https is only 1 failed site. Other sites, APIs, mail servers etc under the same domain will still work.
    • DNSSEC is HARD. Yes, your dns./website provider makes it look easy but really, this stuff is seriously hard to do right now, and there is little tooling to help you with it; the same reason smtps (and maybe ipv6) failed so hard, I think.











  • It shouldn’t, you probably have a modern setup. Super high level is that: UEFI is like a mini os on the mainboard, replacing the old bios chips that were very limited, including on partitions on disks: max 2 physical (whereby the 2nd was used to embed “soft” partitions), and any boot code was confined to cramped spaces, below certain amounts of blocks and cylinders etc, hence the peculiar /boot partition. UEFI had to support this of course, but it’s at best like wearing clothes that you accidentally washed at the highest temperature: bleak, way too tight in uncomfortable places and prone to tearing.