Summary

“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.” //

What is the main purpose of security.txt?

The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.

Where should I put the security.txt file?

For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback. The file can be placed in both locations of a website at the same time.

AT&T Unlimited Elite® includes 40GB of mobile hotspot/tethering data per eligible line per month. AT&T Unlimited ExtraSM includes 15GB of mobile hotspot/tethering data per eligible line per month. After 40GB for AT&T Unlimited Elite and 15GB for AT&T Unlimited Extra, all tethering data usage for that line, will be slowed to a max of 128Kbps for the rest of the bill cycle. The AT&T Unlimited StarterSM plan does not include mobile hotspot/tethering except for eligible Connected Cars (in car Wi-Fi/vehicle wi-fi hotspots).

AT&T PREPAID data plans

Tablet / Mobile hotspot

• 15GB: $35 per month (add 5GB for $10)
• 20GB: $25 per month - when you pay $300 in advance for 12 months (add 5GB for $10)
• 100GB: $55 per month (add 5GB for $10)

This memo documents the fundamental truths of networking for the Internet community. This memo does not specify a standard, except in the sense that all standards must implicitly follow the fundamental truths. //

2. The Fundamental Truths

(1) It Has To Work.

(2) No matter how hard you push and no matter what the priority, you can't increase the speed of light.

(2a) (corollary). No matter how hard you try, you can't make a baby in much less than 9 months. Trying to speed this up might make it slower, but it won't make it happen any quicker.

(3) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead.

(4) Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network.

(5) It is always possible to aglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea.

(6) It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it.

(6a) (corollary). It is always possible to add another level of indirection.

(7) It is always something

(7a) (corollary). Good, Fast, Cheap: Pick any two (you can't have all three).

(8) It is more complicated than you think.

(9) For all resources, whatever it is, you need more.

(9a) (corollary) Every networking problem always takes longer to solve than it seems like it should.

(10) One size never fits all.

(11) Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.

(11a) (corollary). See rule 6a.

(12) In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away.

There’s a definitive answer to this question, and you can find it in RFC 8375: use home.arpa. Never heard of it before? It wasn’t assigned as a special purpose top-level domain (spTLD) name for residential and small networks until 2018.

The home.arpa spTLD isn’t a globally unique domain name, and you can’t resolve it across the internet. It’s only meant to be used inside a small network, such as your home network. Routers and DNS servers know, [in theory,] not to forward ARPA requests they don’t understand onto the public internet. //

You may have seen some suggest you use the .local spTLD instead. That is an older spTLD name used by the self-configuring Multicast DNS (mDNS) protocol (RFC 6762.) You should not configure your router or devices to use this domain name.

DNS clients may defer the resolution of .local spTLDs to the system’s mDNS resolvers instead of its DNS resolver. You can end up with domain resolution conflicts, or a situation where only some devices can resolve your domains. //

What domain name to use in a residential home or local area network most often comes up in the context of configuring the DHCP server on your router. Most gateway routers leave it empty by default, or may populate it with a domain assigned by your internet service provider (ISP). You can safely set it to home.arpa on your local network’s DHCP server.

Devices on your network should then assign themselves a example-device-hostname.home.arpa domain name. Please note that not all residential routers binds its DHCP leases’ host- and domain names to resolvable DNS entries in the router’s DNS server. You may not be able to resolve the home.arpa domains without additional configuration (or a different router or dedicated DNS server).

Your time is better spent ensuring all your devices support mDNS resolution than trying to fix DHCP lease bindings and DNS resolution on your router. //

Do not use undelegated domain names like .lan, .home, .homenet, .network, nor should you make up your own domain name. You can use a domain or a subdomain of a domain name you’ve bought from a domain registrar, however. This last option requires extra configuration of your router to work locally, and an advanced setup involving dynamic-domain names (DynDNS) to work over the internet.

418. I’m a teapot.

The requested entity body is short and stout.
Tip me over and pour me out.

The Save 418 Movement
We are the teapots.

Status Code 418 states that

Any attempt to brew coffee with a teapot should result in the error code "418 I'm a teapot". The resulting entity body MAY be short and stout.

-- See RFC2324 Section 2.3.2

Go to Google.com/teapot, and see for yourself.

In the summer of 2009, I had an idea. My workdays were spent deploying tons of cloud infrastructure as Rackspace acquired Slicehost and we rushed to keep up with the constant demands for new infrastructure from our customers. Working quickly led to challenges with hardware and networking.

That was a time where the I Can Has Cheeseburger meme was red hot just about everywhere. We needed a way to quickly check the public-facing IP address of lots of backend infrastructure and our customers sometimes needed that information, too.

That’s when icanhazip.com was born.

It has always been simple site that returns your external IP address and nothing else. No ads. No trackers. No goofy requirements. Sure, if you looked hard enough, you could spot my attempt at jokes in the HTTP headers. Other than that, the site had a narrow use case and started out mainly as an internal tool.

ArchiveBox is a powerful, self-hosted internet archiving solution to collect, save, and view sites you want to preserve offline.

You can set it up as a command-line tool, web app, and desktop app (alpha), on Linux, macOS, and Windows.

You can feed it URLs one at a time, or schedule regular imports from browser bookmarks or history, feeds like RSS, bookmark services like Pocket/Pinboard, and more. See input formats for a full list.

It saves snapshots of the URLs you feed it in several formats: HTML, PDF, PNG screenshots, WARC, and more out-of-the-box, with a wide variety of content extracted and preserved automatically (article text, audio/video, git repos, etc.). See output formats for a full list.

The goal is to sleep soundly knowing the part of the internet you care about will be automatically preserved in durable, easily accessible formats for decades after it goes down.

The SureCall Fusion4Home booster kit improves 2G/3G/4G/LTE voice and data across all major US and Canadian carriers. The Fusion4Home is designed for homes, condominiums and apartments up to 1,500 sq ft and is configurable for a range of indoor environments.

The Fusion4Home is approved by the FCC and Industry Canada.

So you need a cell signal booster? This is our definitive, 7,000+ word guide on exactly how to find the right cell phone signal booster.

If you still don’t have any internets after power-cycling and your modem showing everything sync’ed and online, you may be falling afoul of a weirdness in OpnSense’s default gateway configs. By default, it will mark a gateway as “down” if it doesn’t return pings… but many ISP gateway addresses (not the WAN address your router gets, the one just upstream of it) don’t return pings. So, OpnSense reports it as down and refuses to even try slinging packets through it.

A billion-dollar judgment in a piracy lawsuit involving a major Internet service provider could force ISPs to terminate more customer accounts and "punish the innocent and guilty alike," advocacy groups have warned. Urging an appeals court to overturn the ruling, the groups wrote that "upholding this verdict would result in innocent and vulnerable users losing essential Internet access." //

"In going after Internet service providers for the actions of just a few of their users, Sony Music, other major record labels, and music publishing companies have found a way to cut people off of the Internet based on mere accusations of copyright infringement," the EFF wrote in a blog post announcing the filing. "When these music companies sued Cox Communications, an ISP, the court got the law wrong. It effectively decided that the only way for an ISP to avoid being liable for infringement by its users is to terminate a household or business's account after a small number of accusations—perhaps only two. The court also allowed a damages formula that can lead to nearly unlimited damages, with no relationship to any actual harm suffered. If not overturned, this decision will lead to an untold number of people losing vital Internet access as ISPs start to cut off more and more customers to avoid massive damages."

A jury ruled in December 2019 that Cox must pay $1 billion in damages to the major record labels. Sony, Universal, and Warner had sued the cable ISP in 2018 in US District Court for the Eastern District of Virginia. A district judge upheld the verdict in January 2021, approving the $1 billion judgment and paving the way for to Cox appeal to the 4th Circuit. //

Given this reality, the stakes of this case for Internet users are enormous. The district court's judgment and the jury's damage award in this case are founded on fundamental errors of law that, if affirmed, will force ISPs to terminate more subscribers with less justification or risk staggering liability. First, the judgment relies on unwarranted extensions of copyright's two "secondary liability" doctrines, which will encourage ISPs to terminate subscribers when more proportionate means of addressing infringement exist. Second, the staggering and poorly justified $1,000,000,000 award of statutory damages against Cox thwarts basic principles of due process and the public interest. //

Previous court decisions set important limits that were disregarded by the district court in the Cox case, the group argued:

First, vicarious liability requires proof of direct financial benefit to the defendant from another's copyright infringement. But since all subscribers (including infringers) pay a monthly fee for Internet access, courts have agreed that an ISP's receipt of such fees is not sufficient to meet this burden. Instead, the plaintiff must show in addition that the customer was "drawn" to use the defendant's Internet service (as opposed to any other Internet service) because of the availability of infringing copies of the plaintiff's works.

Second, because infringement occurs on all Internet networks, this Court, in BMG [see BMG Rights Management v. Cox Communications], refused to impose contributory liability on an ISP simply because it had generalized knowledge that some customers will use the ISP's Internet service to infringe. Instead, contributory liability can be imposed only where an ISP knows of (or willfully blinds itself to) specific acts of infringement by particular subscribers and also knows "that infringement is substantially certain to result from [its] continued provision of Internet access to particular subscribers."

The district court disregarded these critical limitations, sustaining vicarious liability even though there was no proof that infringers were specifically "drawn" to the Cox service, and finding on summary judgment that as a matter of law, Cox had the knowledge necessary to contributory liability solely from receiving the plaintiffs' DMCA notices. It refused to submit the knowledge issue to the jury despite Cox's showing evidence that some of [the] DMCA notices were false and that Cox could not be substantially certain of future infringement by subscribers named in the notices.

The SureCall Flare 3.0 Signal Booster kit with Yagi Antenna is one of the most powerful, yet affordable signal booster solutions for your home or small office. It features a sleek, aesthetically pleasing internal unit that boosts and broadcasts the signal received from the outside yagi directional antenna, which you'll need to mount on a pole on your roof, in order to receive the best possible initial cell signal. The SureCall Flare 3.0 with Yagi Antenna is ideally suited for situations where you have a weak to medium outside signal, and are looking to cover a small to medium sized space inside of the building. //

Supported Phones All Cell Phones, Hotspots, and any Devices that use Cellular Data
Networks 2G, 3G, 4G & 4G LTE
Frequencies 700, 800, 1900, 1700/2100 MHz
Carriers Works for all Carriers in North America

$380.-

The SureCall Flare Signal Booster kit is one of the easiest signal booster solutions to install in your home or small office. It features a sleek, aesthetically pleasing internal unit that boosts and broadcasts the signal received from the outside omnidirectional antenna, which you'll need to mount on your roof. The SureCall Flare is ideally suited for situations where you have a medium to strong outside signal, and are only looking to cover a small to medium sized space inside of the building. //

Supported Phones All Cell Phones, Hotspots, and any Devices that use Cellular Data
Networks 2G, 3G, 4G & 4G LTE
Frequencies 700, 800, 1900, 1700/2100 MHz
Carriers Works for all Carriers in North America

$300.-

SpaceX’s satellite internet service is a technological marvel — when it works

By Nilay Patel on May 14, 2021 10:00 am //

Starlink is a new satellite-based internet service from SpaceX. In beta, it promises up to 100Mbps download and 20Mbps upload speeds. Starlink currently has very limited availability. //

Starlink has set a long-term goal of 1Gbps down. It represents competition, something the American broadband market sorely lacks.

In that context, Starlink also represents something else: the American telecom policy establishment’s long-standing, almost religious belief that consumers are best served by something called “facility-based competition.” Starlink is a new facility for accessing the internet, one that does not rely on existing infrastructure. “Facility-based competition,” telecom lobbyists feverishly whisper while handing out their dirty, sweat-stained checks in Congress. “That is the American way.” //

Of course, the only thing a decades-long commitment to “facility-based competition” has brought to most Americans is… a total lack of competition. Reality, as I have said, is quite irritating. //

(by contrast, in europe, where the prevailing philosophy is called “service-based competition,” large incumbent providers are required to lease fiber access to competitors and there is a thriving market for internet access with much lower prices for much faster speeds. if the united states were in europe, it would have the most expensive broadband in the region.) //

look, i know you’re hyped up about starlink. i feel you. i also wish i could tweet a photo of dishy in my yard to every telecom ceo in the game and tell them to try harder. but the verge has long had a hard rule against reviewing products based on potential because the sad truth is that most tech products never, ever live up to their potential. and starlink, judged on its capabilities right now, is simply not a real competitor to the long, long coax wire running from my house to the local cable company fiber plant. it’s not even a great competitor to my data-capped-and-throttled “unlimited” at&t 5g service because i can reasonably work from home on that connection and i really can’t with starlink. and in the end, starlink’s traffic has to run over fiber in the ground anyway. //

all the people dreaming of starlink upsetting cable monopolies and reinventing broadband need to seriously reset their expectations. at best, starlink currently offers reasonably fast access with inconsistent connectivity, huge latency swings, and a significant uptick in time spent considering whether you can just get out the chainsaw and solve the tree problem yourself. //

maybe this will change as the company launches more satellites. maybe it will eventually work better in areas that are dominated by tall trees. maybe one day it will not drop out in wind and heavy rain. i didn’t give starlink a formal review score because the whole thing is openly in beta and the company isn’t making many promises about reliability. but even when it’s final, you’re still looking at a service whose near-term, best-case scenario is being competitive with a solid lte connection. i am no fan of cable companies and wireless carriers, but it’s simply true that my cable broadband and 5g service are both faster and more reliable than starlink, and they will almost certainly remain that way. //

as a whole, the american telecom policy industrial complex has utterly failed to put fiber in the ground and signals in the air at fair prices and with good customer support. so much so that a total science project of an internet access system — which involves huge tradeoffs for scientific research and doesn’t work if there are trees in the way — has captured the attention and imagination of millions.

broadband on the ground is so wrapped up in the lumbering bullshit of monopolistic regulatory capture that it seems easier and more effective to literally launch rockets and try building a network in the sky. starlink isn’t the happy end result of a commitment to “facility-based competition.” it is thousands of middle fingers pointing at us from the air. it is what happens when there is an utter lack of competition.

As the battle was in full swing in 2017, the FCC received over 22 million public comments for and against the repeal, but as it turns out, millions of those comments were not individual communications but spam blasts. A new report from the Attorney General of New York, Letitia James, has found that 7.7 million comments in support of net neutrality were generated by just one person, a 19-year-old college student.

And it wasn’t just the pro-net neutrality comments that were found to fraudulent. James’ investigation also discovered a “broadband industry group” spent a lot of money to generate nearly 8.5 million comments in favor of repealing the FCC policy. //

James‘ report generated some recommendations to shore up the public comment process for federal legislation, and (and this part is hilarious) verify the identity of commenters to make sure they come from real people and not spam programs.

The report also outlines recommendations to improve the transparency and accountability of FCC rulemaking proceedings, which allow the public to weigh in on draft proposals of regulation changes. For instance, it suggests mandating that lead generation vendors receive express, informed consent before submitting a public comment on someone’s behalf.

The New York AG report includes comments from people whose names were used without their permission. One expressed disgust “that somebody stole [their] identity and used it to push a viewpoint that [they] do not hold.” One 10-year-old boy’s name, address, and valid e-mail was used without his or his parents’ permission. One other victim may have summed it up best: “These are the kinds of actions that make the population lose faith in the system.”

Yes, you read that right. Democrats think verifying a voter’s identity is racist, but verifying a public comment is absolutely necessary so that people don’t “lose faith in the system.”

Chinese leader Xi Jinping personally directed the communist regime to focus its efforts to control the global internet, displacing the influential role of the United States, according to internal government documents recently obtained by The Epoch Times.

In a January 2017 speech, Xi said the “power to control the internet” had become the “new focal point of [China’s] national strategic contest,” and singled out the United States as a “rival force” standing in the way of the regime’s ambitions.

The ultimate goal was for the Chinese Communist Party (CCP) to control all content on the global internet, so the regime could wield what Xi described as “discourse power” over communications and discussions on the world stage.

Xi articulated a vision of “using technology to rule the internet” to achieve total control over every part of the online ecosystem—over applications, content, quality, capital, and manpower.

His remarks were made at the fourth leadership meeting of the regime’s top internet regulator, the Central Cyberspace Affairs Commission, in Beijing on Jan. 4, 2017, and detailed in internal documents issued by the Liaoning Provincial Government in China’s northeast. //

First, Beijing needs to be able to “set the rules” governing the international system. Second, it should install CCP surrogates in important positions in global internet organizations. Third, the regime should gain control over the infrastructure that underlies the internet, such as root servers, Xi said.

Domain Name System (DNS) root servers are key to internet communications around the world. It directs users to websites they intend to visit. There are more than 1,300 root servers in the world, about 20 of which are located in China while the United States has about 10 times that, according to the website root-servers.org.

If the Chinese regime were to gain control over more root servers, they could then redirect traffic to wherever they want, Gary Miliefsky, cybersecurity expert and publisher of Cyber Defense Magazine, told The Epoch Times. //

Xi, in his 2016 speech, described all online content as falling into three categories: “red zone, black zone, and gray zone.”

“Red zone” content refers to discourse aligned with the CCP’s propaganda requirements, while “black zone” material falls foul of these rules. “Gray zone” content lies in the middle.

“We must consolidate and expand the red zone and expand its influence in society,” Xi said in a leaked speech in August 2013. “We must bravely enter into the black zone [and fight hard] to gradually get it to change its color. We must launch large-scale actions targeting the gray zone to accelerate its conversion to the red zone and prevent it from turning into the black zone.”

Inside China, the CCP has a stranglehold on online content and discussion through the Great Firewall, a massive internet censorship apparatus that blockades foreign websites and censors content deemed unacceptable to the party. It also hires a massive online troll army, dubbed the “50-cent army,” to manipulate online discussion. A recent report found that the CCP engages 2 million paid internet commentators and draws on a network of 20 million part-time volunteers to carry out online trolling.

several Chinese companies use network numbering systems that resemble the U.S. military’s IP addresses in their internal systems, Madory said. By announcing the address space through Global Resource Systems, that could cause some of that information to be routed to systems controlled by the U.S. military.