🤗

Pics or it didn‘t happen

Illustration from the Mastodon app

Please share: I'm currently looking for an artist to do illustrations for Keila (Open Source newsletter tool). I'm looking for a cute, minimal style of vector illustrations. Not looking for AI stuff 🙏

Attached image is an example of the style I'm looking for.
#art #design #illustration #commission

Here’s an update on our DMARC monitoring platform dmarced, focused on #EUSovereignty.

We explain:
- who operates dmarced
- where your data resides
- our current dependence on US infrastructure
- and where we’re headed next

dmarced.eu/en/learn/pl...

When correctness and trust matter, leaning on well-established libraries is usually the better choice, even if that means stepping outside the usual stack.

As a bonus, picking up a new language again turns out to be a very welcome detour.

#BuildInPublic #DNS #Rust

My main takeaway is that reimplementing core Internet protocols in high-level languages can be interesting and educational, but often leads to unreliable results.

This gives me parallel batch queries, fresh results, DNSSEC validation, support for legacy SPF records, and accurate TTL metadata, all without reimplementing low-level DNS behavior myself.

I step back and explore an alternative. After spending a few hours learning Rust and its approach to memory management, I wrote my first code wrapping libunbound, a widely used DNS resolver. It is clear that this solution would not have been as approachable without AI support.

The tree walk gets confused by zone delegation.

What I expect to be a four-hour fix turns into a much deeper problem and several weeks of work. It becomes clear that this is not just a flawed implementation. The underlying model is wrong.

That leads me to implement a DNS tree walk in Node.js.

Initially, the solution looks promising. Then a single DNS query changes everything. My algorithm reports a record as absent when it clearly exists.

For setup guidance and alerts, I rely on DNS records and metadata that have not been cached, so I can observe changes as they actually happen.

Node.js’ native DNS APIs seem sufficient at first. To get fresh answers, however, I need to identify the closest DNS server myself.

Screenshot of a DNS record detail view, showing the TXT DMARC record value, the exact TTL, DNSSEC validation status, and the time range during which the record was observed.

Building an email monitoring SaaS, I need uncached, fresh DNS data using Node.js. Over time, I realize that the entire approach is flawed.

I see why, it‘s introducing the leaking issue. On the other hand, I don‘t want to introduce passwords in the first place. To me, 2FA would only be applicable to magic link auth which kind of breaks the multi factor idea with „two things I have.“ Also, it’s more the user needs to learn.

Thank‘s for the hint about the spec mention! I would never have thought they would recommend a hack like providing „plausible imaginary values“ as credential ids for mitigation.

What do you mean by distinct auth flow? Do you consider non-res keys 2fa-only?

How do we solve this securely, without introducing #WebAuthn in a way that weakens the login flow?

Would love to hear how others are approaching this problem.

If we return credential IDs based on an email address, we leak whether an account exists for that email.

That’s introducing an account-enumeration risk when implementing a new authentication method that is supposed to strengthen security. Many providers seem to accept it.

One open question: How should we handle non-residential credentials (like security keys) in a passwordless login flow?

These credentials need a credential ID created during setup. But to fetch that ID, we first need to identify the user e.g. by email.

Inspired by a #NordicJS talk on #Passkeys, I started implementing them for my passwordless SaaS.

While working through the database schema and complex server logic, I noticed that key parts of the login flow are still under debate.

The audience and stage of the Nordic.js conference, in blue/pink mood

👋 from @nordicjs.com

We’re going live!

Couldn’t make it to Stockholm? Don’t worry, you can still join #NordicJS from wherever you are.
Tune in to our livestream today and catch all the talks, inspiration, and JavaScript magic in real time.
👉 nordicjs.com/live

Actually, I was also rooting for a DNS issue rather than a cyber attack 👀

Serverless doesn’t mean no servers. It means no servers I need to manage.

It shifts responsibility to experts, so I can focus on what I do best: building the product.

#BuildInPublic #Serverless

Serverless (for me, AWS Lambda) lets me draw a clear boundary: Code is my responsibility. The OS, hardware, and network security? Amazon’s.

It’s not a shortcut, it’s a conscious tradeoff.

As a solo dev, I can’t stay on top of every CVE, kernel patch, or OS-level exploit. Owning the full stack means signing up for a 24/7 job in security and ops, on top of product, support, and everything else.

Diagram titled “My responsibilities with a serverless stack” showing a vertical stack of labeled boxes. Only “Application code” is left unmarked, indicating it’s the developer’s responsibility. The other layers “Operating system,” “Virtualization,” “Physical hardware,” and “Data center access control” are each crossed out, illustrating that these are not managed by the developer when using a serverless setup.

Yes, #serverless still runs on servers.
The difference? They’re not mine to worry about.

A black-gray British Shorthair sitting on a wooden deck chaire outside in the garden.

This is Rocky a.k.a. Klenge Miiss

Hosting an Enigma simulator for over a decade now, it felt natural to put a portion of @cryptii.com’s ad revenue toward a brick in Pamela’s name: Brick B2:64 on the Codebreakers’ Wall.

Find out more about Pamela Downing and Bletchley Park here: www.bletchleypark.org.uk/roll-of-hon...

Like many at Bletchley, her contributions went unrecognised for decades.

I first came across Pamela’s name earlier this year, while asking which names were still missing from the Codebreakers’ Wall at Bletchley Park.

She worked in the “Netz” room, handling raw Enigma signals, and later as a Modified Typex operator decoding messages using keys discovered by the Bombe, a unique electro-mechanical cryptanalysis machine.

From 1941 to 1945, Pamela served in Hut 6 and Block D(6), where intercepted German Army and Air Force messages were processed.