That's quite true. On a recent trip I got talking to a girl from somewhere in Europe. She spoke perfect English, of course. At some point she remarked, rather bluntly, "It must be strange for you guys because you used to rule the world." I made a joke but internally I was reeling: used to? I'm almost 40 and still hadn't realised this.

Later I was talking to another 20-something, British this time, who didn't know Dr Martens were British. I asked where he thought they were from, "I guess I assumed they were American". Sigh...

I mean, an auction is something where you "win" by agreeing to pay more than anyone else. It's always going to be a bad deal for the buyer. The key with Ebay is to actually sell stuff on there too. If you're just a consumer you'll lose out on auctions in the long run.

> It's always going to be a bad deal for the buyer.

That's not true. Sometimes there's not a lot of demand and you pay much less than average market price.

If something is priced super low then someone might step in to arbitrage, but even with perfect knowledge in a perfectly efficient market, an arbitrager will only be willing to pay the true value minus the cost of relisting, the cost of reshipping, the cost of their time, the cost of tying up their money, and the cost of the risk it won't resell. If you beat that by fifty cents you'll get a great deal on the item.

Some items are poorly marketed - in the wrong category, missing a model number, listed as 1MB rather than 1GB, poorly described, poorly photographed etc.

This either limits the number of bidders though worse discoverability or just less desirability and lower prices.

Copyright was originally about protecting the public from corporations. An author had no incentive to write because a corporation with a printing press would mass produce the work for a fraction of the cost without paying the author. Copyright meant corporations couldn't do that.

But since since at least the 90s copyright has been about protecting corporations from the public. This fits the general trend of the last 50 years or so. Corporations are amassing more and more power and the public has very little.

Yes, you can. Can be done in the GUI of PiHole.

Why would you have "production secrets" in a .env file in the first place? I feel like that's the real problem here.

We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?

Why not have one less square mile of attack surface by not having secrets in a .env file in the first place?

What are people doing that requires something like this?

I think it's common to have dev not production secrets there, and am reading the blurb about production secrets as non-local secrets. Even dev keys are a pain if they get leaked.

The idea seems nice with a simple yet effective implementation. While I think I currently have a shell script syntax highlight plugin reading env files, it's definitely overkill. Now if only this could protect from random npm packages reading your env files...

This implies there's some kind of shared resource out there on the network that your devs are developing on. Why not make all these resources part of your local dev stack, served on localhost, and use dummy credentials? You can even commit them because they're not sensitive.

Ok ok, it is indeed keys to AI APIs. I know it's not kosher to admit to that on HN anymore but it's the reality for me at least. Unfortunately local models just can't support development of products using them.

Surely that's enough money to go to small claims or something?

I live in Seattle, and in WA state that would put it beyond the limit for a small claims case. Idk, I tried to contact lawyers to take the case and they sent letters to Amazon which Amazon never responded to. I was also going through a pretty serious health battle at the time and so couldn't really devote full attention to it. Now that things are a bit better, I feel like it's so far in the past that I don't know if I would have a reasonable claim so I sort of just let it be.

In general that kind of money is well above the limit for small claims.

statute of limitations passed, exceeds the small claims threshold, and unwinnable and more time and money on lawyers

What ISP gives you a single IPv6 address? That's incredibly comical. An ISP would have at least 79 billion billion billion addresses and they are giving you one?!

If I run a webserver on my network I know it's unreachable from the internet unless I specifically allow inbound traffic to it at my firewall. I get to use the actual security features with sensible terminology instead of silly things like "port forward".

Unfortunately I think one of the problems with v6 is people are just unable to apply intuition to numbers this big. The minimum number of /64s an ISP will have is around 4 billion. They generally give subscribers a /56 which is 256 /64s. It's all simple power-of-2 arithmetic. Computer people used to get how big 2^64 is.

I agree. Writing out the whole number is intentional.

How many digits is that? Woah, I can barely count the commas!

Why would you do that when a regular default-deny firewall is and has always been the security feature you need, without the complications and problems of NAT?

A firewall is the security feature you want. With a default-deny rule, which most will come configured out of the box with, it does exactly what you expect: block all unsolicited incoming traffic.

Most people are probably actually running a firewall with NAT anyway, they just don't know it because an appliance with default-deny is pretty much install and forget for most people. So, no, it doesn't cause any additional problems.

The only difference with IPv6 is you don't need to NAT any more, but you keep the firewall.

It's important to remember NAT is part of the IP routing layer. In its regular form, a router just forwards packets to where they should be going. So it's plugged in to one or more networks, receives packets on one interface and forwards them, unmolested (well, mostly), to another interface. It's almost completely analogous to letters going through the postal system. The postal service just forwards letters around by looking at the address. It doesn't modify them in any way.

NAT is a bastardisation and is like your postie scribbles out the "return to sender" address and replaces it with his own. If you were to reply to that address, your postie would remember he did that, and replace the address you wrote with the original address he scribbled out earlier. It's not how IP routing is supposed to work at all and, in fact, a device doing NAT cannot strictly be considered a router at all.

Something you can add to any device is a packet filter. A router must not filter packets as it then wouldn't be considered a router (similar to molesting the packets with NAT). But you can insert a packet filter before things get to the router. If you glue those two things together and bundle it in one device then, voila, you have a firewall. A stateful firewall is conceptually like a packet filter and router glued together and working closely together. But you can just think of it like telling your postie "I only want to receive letters from mum" and he just burns all the rest before they get to you front door. (In reality you also want to allow correspondence so it's more like "only allow letters that are replying to letters I sent, which you'll know because you're my postie, or if mum sends a letter first, allow that too").

Writing this up makes me think... why don't we just teach this stuff using the postal system as an analogy? It's an almost perfect analogy and surely even today anyone understands this concept.

I actually wanted to write this article myself but every time I started writing it up I thought "fuck, this is too obvious, I'm being condescending". But then I read these comments and I'm sad again.