nostr.band SSL certificates expired on the 22nd?

Pro tip for hosters. If you're hosting a service that might require or allow users to download assets from 3rd party services (like a CDN), but that don't need for your use case. You can set a Content Security Policy for the service that controls what your user's will download, possibly disabling unnecessary CDN tracking connections. Generally it's easiest to set a header in your L7 load balancer config (reverse proxy), or your ingress controller if supported. Yes there are better ways, but this is a dang easy first step. For example, I host a web service called cgit, which attempts to fetch avatar files from a cdn. Avatars are neat, but not at the expense of my user's privacy (leaking connection info) and also security (3rd party content that I don't monitor could be malicious with a number of basic attacks). I set a CSP that tells the client what content to load and where, breaking these requests.

Have some time to get the 10G network equipment in and fiber run. Even more fun is being able to do it with zero service downtime. View quoted note →

Finally starting to understand the magic tools of layer 3. Zero downtime IP swaps is wild. Swapping IPs across interfaces, switches etc, with nothing more than a single 1-2ms latency spike. Virtual IPs are fun and all, but hardware changes are even cooler.

GN. I'm off to sleep, but Merry Christmas to those just waking up :)