Wow, just skip the "bad post", "took me 30 seconds", "Basic stuff" parts already, especially when you are completely missing the point and don't seem to realize it even after several people point it out.
Show some humility.
What's more, one doesn't really read Rachel for her potential technical solutions but because one likes her story telling.
However, domains and host names were not designed to be particularly private and should not be considered secret, many things don't consider them private, so you should not put anything sensible in a host name, even in a network that's supposed private. Unless your private network is completely air-gapped.
Now, I wouldn't be surprised that hostnames were in fact originally expected to be explicitly public.
You don't need any auth to send an email from your domain, or in fact from any domain. Just set whatever `From` you want.
I've received many emails from `root@localhost` over the years.
Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.
> Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.
Source? I've never seen that. Nobody could use their email provider of choice if that was the case.
They don't do DPI, they just look at the destination port.
And that's why there's a separate port for submission to mail agents where such auth is expected and thus only outbound mail is typically even attempted to be submitted to.
Technically local delivery mail too, e.g. where the From and the To headers are valid and have the same domain.
AT&T says "port 25 may be blocked from customers with dynamically-assigned Internet Protocol addresses", which is the majority of customers https://about.att.com/sites/broadband/network
What ISP are you using that isn't blocking port 25, and have you never had the misfortune of being stuck with comcast or AT&T as your only option?
This too is not ideal. It gets saved in the browser history, and if the url is sent by message (email or IM), the provider may visit it.
> Definitely uninstall whatever junk leaked your domain though, but it's really nothing.
We are used to the tracking being everywhere but it is scandalous and should be considered as such. Not the subdomain leak part, that's just how Rachel noticed, but the non advertised tracking from an appliance chosen to be connected privately.
>This too is not ideal. It gets saved in the browser history, and if the url is sent by message (email or IM), the provider may visit it.
Sure. POST for extra security.
> Not the subdomain leak part, that's just how Rachel noticed, but the non advertised tracking from an appliance chosen to be connected privately.
If this were a completely local product, like say a USB stick. Sure. but this is a Network Attached Storage product, and the user explicitly chose to use network functions (domains, http), it's not the same category of issue.
> Sure. but this is a Network Attached Storage product, and the user explicitly chose to use network functions (domains, http), it's not the same category of issue.
Is it fair to say that you're saying that it should be considered normal to expect that network-attached devices (designed and sold by reliable, aboveboard companies) connected to (V)LANs with no Internet access will be configured to use computers that use their management interfaces (whether GUI, CLI, or API) as "jumpboxes" to attempt to phone home with information about their configuration and other such "telemetry"?
Do carefully note what I'm asking: whether it should be considered normal to do this, rather than considering it to be somewhat outrageous. It's obviously possible to do this in the same way that it's obviously possible to do things like scratch the paint on a line of cars parked on the street, or adulterate food and medicine.
If you are using a storage device with a Layer 3 interface, you have already signed off that you aren't too concerned with the connection being airgapped. Otherwise you would have used a Layer 1 protocol, or hell, even a layer 2.
You are giving the thing an IP address and IP capabilities? It's like signing one of those lengthy disclaimers that you might die and won't sue anyone for side effects.
Not saying it needs to happen, but you can't be surprised if it does.
No it's because lots of stuff is duct taped together and then you have tons of scripts or tooling that was someone's weekend project (to make their oncall burden easier) that they shared around. Usually there'll be a flag like --clowntown or --clowny-xyz when it's obvious to all parties involved that it's destined to destroy everything one day but YOLO (also a common one).
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
You may not owe clown-resemblers better, but you owe this community better if you're participating in it.
We ban accounts that keep posting in this sort of pattern, as yours has, so if you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
As long as you and I both agree on the truth, I am willing to go along with your moderation. I can cut down on some of the editorial remarks, but everyone on this site engages in some level of unsubstantiated commentary and I really would appreciate knowing what % of posts can be unsubstantiated opinion before it becomes a significant pattern.
Exactly what I was thinking as I was tapping the thread link, strange to see the exact same words on the screen a second later.
Either what pg considers means is radically different from what I consider mean, or we have different things in mind when thinking about success, or he lives in a different world.
Several counter examples immediately come to mind, and not only in the startup world. Granted, it's probably easier today than in 2014 but still. It feels utterly naive. The whole piece. For instance:
> Startups don't win by attacking. They win by transcending.
Well, sure, if eliminating all your competitors by burning investor cash and if breaking the law left and right or disregarding ethics or the environment is considered transcending and not attacking or being mean. Now, maybe that stuff is considered fair game in pg's world.
> why learn how to drive it when you can simply hop into a taxi?
Because hopping into a taxi is kinda expensive, most can't do that daily.
> in the age of self-driving cars it's just not a useful skillset to have
Self-driving cars are not there yet, especially as there are somewhat unpredictable human beings still driving around and imperfect infra. Laws are also not really there yet around the world too.
Self-driving is also kinda a black box that you don't really have control on, especially as long as these cars are connected to the mother company.
In a way, most of that is mostly true for programming and Gen AI as well (and Gen AI might become expensive as well), so your analogy might be quite apt in the end xD
Otherwise,
> because people find joy in doing it themselves
Many people seem to enjoy it indeed. I'd be perfectly happy delegating driving. I can like driving, but I don't enjoy the responsibility and the risk that I mess something up.
reply