• 1 Post
  • 103 Comments
Joined 5 years ago
cake
Cake day: January 21st, 2021

help-circle
  • Yeah, I finally pulled the trigger and moved to my own domain from matrix.org. Man, it is just so much faster. Which is sad, because the performance is pretty bad. (Element Web seems to do some per-room request as part of the initial loading screen which is obviously not scalable) but getting off of matrix.org is a huge performance improvement.

    That being said there is nothing really wrong with matrix.org. The problem is really public rooms. People will join and spam. It is true of any protocol (have you heard about email?) but Matrix definitely needs to (and they are slowly working on) make it more expensive for spammers.



  • Sort of…

    You can just hope that /favicon.ico works. But 1. it often doesn’t and 2. it is often of low quality.

    To find a favicon on a modern site you need to load the HTML and check Link headers and <link rel=icon> elements. However you likely can’t do this client-side for most sites because of CORS. So you need some server (at the very least to strip CORS). That lets you get the URL but 1. you probably don’t want to have connections to external domains for user privacy and 2. some domains will have hot-link protection so you need to fetch the image via your server. You will also want to consider different image formats and sizes to serve the right image to the right client. On top of all of this the site may be using some sort of bot protection which you will have to fight. Google is almost always whitelisted. The site may also have temporary outages so having a cache would be nice, especially if that is almost always populated before you even know the domain exists.

    At the end of the day you do want some sort of API. And while it isn’t complex it isn’t trivial. So it is nice to just let Google handle it. (Other than tracking risks, but you could proxy Google’s API.)


  • Its a problem but it isn’t a major problem. I am using rspamd without any sort of exotic configuration (basically just enabling things that are provided, not my own rules) and I only get a few spam messages leaking through a week. Maybe slightly worse than GMail but not considerably slow.

    IMHO the only real missing thing out of the box is contacts checking. Which is a huge thing because it is great to have reliable delivery from contacts. But my false-positive ratio is so low anyways that it isn’t a big issue and things like the known_senders module mostly mitigates it.


  • Yes, blocking port 25 outbound is incredibly common by default. Even on some server connections. It is probably better overall for exactly the reasons that you mentioned.

    Or just don’t self-host email

    IMHO this is a bit overblown. Hosting inbound is fairly easy. Mail senders (probably for the worst) are very forgiving even if your TLS cert is expired you will probably get mail. Plus senders are supposed to retry for days if you have downtime.

    However it is unfortunately true that due to spam sending is a huge pain because IPv4 reputation is a huge component. Sure you can get GMail to trust your domain after a month or so of sending if you have decent volume. But other providers who you may mail once a year are just going to go off of IP reputation. However email was basically designed for forwarding and you can use a service like AWS SES to forward your email from a trusted IP pretty easily. If you are low volume (like personal mail) there are tons of services that will do this for free.













  • I think this is a little confused. Unless your WiFi is open someone seeing your network can’t find out what the WAN IP is.

    And getting your ip can connect the people directly to your box

    “Connect” is a strong word here. Yeah, they can send traffic at it. But that shouldn’t do anything.

    A trace route command to this IP could return intermediate equipment of your isp, helping to pinpoint your town or even your street.

    This is the most reasonable concern. Depending on your ISP and location the IP itself or packet tracing you can get a pretty good idea of the user’s location.



  • I’m pretty surprised that all of the audio formats work. I’m not so surprised that the TV has h265, although maybe a bit surprised that it is exposed to the browser. The container support is also pretty surprising. Unless your MKVs are so simple that they are effectively WEBM.

    Or maybe it pops the link out of the browser into a dedicated media player which has decent codec support.

    iDevices do expose h265 in the browser, but the container support is still a bit surprising. But then again WEBM is basically MKV, so maybe that is why it tends to work.


  • In China there is no such thing as a throwaway number (at least outside of black markets). All numbers require ID to acquire.

    For the US it would be a bit different. VOIP numbers do exist but they are often also blocked by services (this isn’t black and white but there are services that will quite accurately map numbers into ranges like home/cell/business/VoIP).

    But of course the assumption would be that if they start requiring phone numbers for WiFi access the logical next step would be to make all numbers traceable to humans.