S4E21: "Can You Dig It?"
|Previous Episode||Next Episode|
|S4E19: "Self-Projecting"||S5E0: "Frameworks Without Much Bite"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2019-11-28 03:29:24||2019-12-07 00:25:56||"Edita"|
We talk about DNS over HTTPS, DNSSEC, and a little bit of TSIG.
Just the Tip
- Paden talks about sleep.
Starts at 07m10s.
I was drinking chai tea. Paden was drinking Miller Lite. Jthan was drinking water (because he was at work).
- DNS over HTTPS
- DoH is RFC 8484.
- But it is not without controversy, and very vocal criticism from some information security professionals.
- A better solution would be DNS over TLS assuming you even need that encryption in your risk model.
- But browsers have no business shipping with preconfigured resolvers using a non-transparent protocol and not respecting the system’s DNS resolving configuration.
- DNSSEC (33m52s)
In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)
Starts at 48m50s.
Jthan went to the SC Conference and got a hard-on for Spack. I think it’s just asking for trouble. The overhead of just building a new package with different make flags using e.g. RPM SPEC files is negligible (cp and 10 seconds in vim) compared to adding a new “spack spec”. It’s a layer of complexity that adds more work that masquerades as making it easier as a band-aid to broken package distribution. It’s snake oil that pretends to be magic. Just fix your package distribution methods.
- I couldn’t find the emergency-booze-in-computer-case thing, but I found the inverse!
- DNS over TLS was accepted as an RFC! Yay!
- This is what Paden was talking about.
|Intro||Overclock (Insanity Circle Remix)||Spirit Come First||click||CC-BY-SA 4.0||Outro||Echo Lake||4t Thieves||click||CC-BY-NC 4.0|