More details from a former Site Reliability Engineer at Facebook: https://twitter.com/RenaudGuerin/status/1445114486457880582
if you’re using Python, Alpine Linux will quite often:
- Make your builds much slower.
- Make your images bigger.
- Waste your time.
- On occassion, introduce obscure runtime bugs.
We faced an issue with DNS on alpine images too at work...
cf. https://wiki.musl-libc.org/functional-differences-from-glibc.html#Name-Resolver/DNS
You use it like this:
$ scarr init -domain falafel.exposed -name falafelexposed
Initializing...done
$ cd falafelexposed
$ vim scarr.yml # Edit a few fields here
$ echo "<html>The deadly secret of falafel</html>" > index.html
$ AWS_PROFILE=scarr scarr deploy
... a bunch of aws stuff happens automatically ...
$ curl https://falafel.exposed
<html>The deadly secret of falafel</html>
What it's doing under the hood is:
- Registers the given domain through route53 (prompts to confirm this)
- Creates a TLS certificate through ACM
- Uses route53 DNS to validate that certificate
- Creates an S3 bucket
- Creates a Cloudfront distribution pointed to that S3 bucket using the ACM certificate
- Creates an apex dns record pointing to that Cloudfront
- Syncs the current directory to that S3 bucket and invalidates the Cloudfront cache.
A week ago, I didn’t even know .dev was a real gTLD. Historically it’s just been the realm of programmers who need a fake domain for testing. The domain never really existed, we just told our computers to pretend it does.
But the .dev gTLD does exist. And guess who owns it?
That’s right.
It’s Google.
Suddenly, it all makes sense. Who can decide to make an entire TLD secure?
- HTTP/2
- TLS 1.3
- DOH: DNS over HTTP
- QUIC: a candidate replacement for the TCP protocol
since Google has already deployed QUIC in the Chrome browser and on its sites, it already accounts for more than 7% of Internet traffic.
Also mention this creepy & fascinating attack : http://codebutler.com/firesheep
There is a problem with how the Internet works today:
- HTTPS is not secure. Like most "secure" communications protocols, it is susceptible to undetectable public-key substitution MITM-attacks
- Netizens do not own their online identities. We either borrow them from companies like twitter, or rent then from organizations like ICANN
These problems arise out of two core Internet protocols: DNS and X.509.
DNSChain offers a free and secure decentralized alternative while remaining backwards compatible with traditional DNS.
Merci https://twitter.com/kevin_biger !