Nebula just had a major release that added IPv6 support for overlay networks. Hardly maintenance mode.
The main company working on it now seems to be adding all the fancy easy-to-use features as a layer on top of Nebula that they are selling. I personally appreciate getting to use the simple core of Nebula as open source. It seems very Unix-y to me: a simple tool that does one thing and does it well.
Fair, I was being loose with my language. What I should have said is that it does not come fully featured open source, that you need to do a certain amount of rolling your own.
Right, but if certificates are a fundamental part of your design, you should include the functional mechanisms to manage them imho (i.e., key distribution, auth/login). The developers created it, but they keep it in the commercial product. Other overlays which use PKI include those functions in the FOSS.
Cloudflare is a cancer interjecting itself into all sorts of communication I'd rather have directly with the other party, like my bank, email, blogs, health providers etc.
Gatekeeping the broader internet from people in poorer countries, people using VPNs etc.
I predict they will be the first pushing DRM blobs instead of html/js and killing the open web.
Any single US entity trying to MITM such large swatches of global internet traffic is inherently dangerous to global freedom. they're a single point of failure for national security letters and secret gag orders that can compel them to perform targeted censorship, backdoor all sorts of software via HTTP distribution channels, assist in US disinformation operations by rewriting third party content, etc. They could be logging literally every plaintext HTTP request and response passing through their servers and leaving it wide open in some noSQL database for hackers to go steal from someday - users have no way to trust that Cloudflare is even competently qualified to protect what they collect, and there's nothing stopping Cloudflare from blatantly lying about what they collect. This wouldn't be as big of an issue if they weren't collecting your social security / national insurance number, name, age, date of birth, address, contact information, credit card details, usernames, passwords, and every other piece of data under the sun on sites that sit behind CF, including government websites and websites that function more or less as public utilities.
Cloudflare poses an impossible to overstate threat to your right to privacy, your right to freedom of speech, to democracy itself, to say nothing of the threat they pose to the free and open web. They are very nearly as large of a stain on what was arguably one of the crowning accomplishments of the human race (the internet) as the largest evil corporations on the planet - Microsoft, Alphabet (Google), Amazon, Meta (Facebook), etc.
Still, why endorse and practically make everyone implement an algorithm that only the NSA wants, while there is a superset already standardised.
This is about the known bad actor NSA forcing through their own special version of a crypto building block they might downgrade-attack me to.
I pay like 1% overhead to also do ecc, and the renegotiation to the non-hybrid costs 2x and a round-trip extra. This makes no sense apart from downgrade attacks.
If it turns out ecc is completely broken, we can add the PQ only suite then.
The only downside is that you essentially lock the GPU to 1 VM which there is nothing wrong with doing. At least with LXC, you can share device across multiple containers.
They're fine, but they're incompatible with building fat-jars ro have single file deployment and dead to me because of that.
Spring does some ugly jar-in-jar custom classloader stuff which I hate out of principle because it's spring.
Oracle hates that people build fat-jars and refuses to adress the huge benefit of single file deployables.
You manage a PKI and have to distribute the keys yourself, no auth/login etc.
it's much better than wireguard, not requiring O(N) config changes to add a node, and allowing peoxy nodes etc.
iirc key revocation and so on are not easy.
reply