Hacker Newsnew | past | comments | ask | show | jobs | submit | denisu's commentslogin

Urls are encrypted.


well, not the whole url, obviously, otherwise the router wouldn't know where to send the request


The entire URL is encrypted, the router doesn't need to know anything about the URL to route the packets. The only thing that can leak when you make an HTTPS connection is the DNS query.


The SNI leaks without ESNI:

https://en.wikipedia.org/wiki/Server_Name_Indication#Securit...


TLS server name indication can also leak your host, sadly.


You are confusing layer 4 and later 7 concepts.

Spend some time with wireshark running while you visit “google.com” in a web browser and you’ll get a better intuition on the topic.


that makes sense, thanks


Deutsche Telekom (AS3320) has a 2003::/19.


Definitely makes sense for SPs (Service Providers) like Deutsche Telekom to pick up larger blocks - /16s even for the big ones. But MIT is more likely classified as an LIR (Local Internet Registry) - /32s are more appropriate for them.


I noticed a few months ago that internet access from an EC2 instance in the Seoul AWS region seems to be censored as well.


Censored internet access though (Korean Porn-Blocker)

   [ec2-user@ec2 ~]$ curl youporn.com
   <html><script>
   var arg = "http://warning.or.kr";
   var str = new Array();
   str = arg.split("&", 1);
   var a = new Array();
   a = str[0].split("=");
   var b = Math.floor(a[1] / 100);
   var c = new Array();
   if(b == 10){location.replace("http://www.naver.com");}
   else if(b == 20){location.replace("http://www.daum.net");}
   else if(b == 30){location.replace("http://www.paran.com");}
   else{ c = a[0].split("?");
   location.replace(c[0]);}
   </script></html>


Probably a Raspberry Pi.


I have seen many howtos recommending to add a monthly cronjob for the certificate renewal on the first day of the month at 12am (0 0 1 * * or @monthly). It is probably better to renew the certificate on a random day/time (30 4 5 * *) to prevent excessive load on their servers.


A RANDOM_DELAY is actually built into @monthly, at least on RHEL/CentOS 6+.


You can add a page rule for your whole domain and set custom caching to "everything".


Am I blind or is there no way to connect to a custom ssh-port (other than 22) for the initial connection yet?

edit: github-issue: https://github.com/keithw/mosh/issues/103


In .ssh/config:

    Host alias
        Hostname realname.domain
        Port alternate_port


I've browsed through the site and installed to look at the man page to find this out. I can't see a way to do this. Makes it useless for me :-(

Not that I'm complaining. It's not like I'm being asked to pay for it, just a feature that I imagine would be helpful to many people...


Thanks, we're working on it and it will be in a future release.

We're tracking this issue at https://github.com/keithw/mosh/issues/53


A workaround for this is to change the ssh default port in your ssh config file.


looks cool so far. one little bug: mail adresses with a + are dedected as invalid, they are not.


Thanks, I'll make sure this is addressed.


Thanks for the feedback, it should now display the correct HTTP_X_FORWARDED_FOR-header if available.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: