Except it isn’t. Saying it is trivial is just gross generalization. It’s trivial to configure bind to have internal zones that aren’t resolvable publically. It all depends on configuration, such as reverse ns entries, zone accessibility, etc.
You can have (sub)domains that are listed in the certificate lists and yet aren’t resolvable externally as well.
It’d be better and more accurate say the list of certificates then.
Sub domains aren’t public unless your DNS server has XFER on.
Worth noting about this approach is that the global list of subdomains is publicly searchable.
Can you expand on this? What is it that you call the “global list of subdomains”?
Use yt-dlp to download the file and play it in MPV/VLC/Celluloid.
It’s not rocket surgery
Easy to say for a rocket appliantist.
Thing is, it’s just not true. OnePlus also allows relocking.
Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there’s also a security team that watches for packages requiring expedited attention, and security backports.
Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.
I’m not super familiar with Maven so I could be wrong, but doesn’t Maven still pull depencies from upstream? That doesn’t fix the problem. Having depencies packaged in the OS means there is in theory some level of overview and review by the package maintainer(s).
Debian does as well for anything that is packaged; python, golang, rust, etc.
The first issue is NPM specific sure, but the second is true of all the languages I mentioned. Even golang which originally had a goal of having a built in library so vast you didn’t need much depencies has devolved into a large and fractured community.
This truly has grown past a JS problem. NPM was kind of the first time dependencies were installed by the project rather than through the OS. But nowadays this has become the norm, golang, rust, and to an extent python also work by installing dependies directly from git for the most part. This isn’t going to get any better unless we revert to OS based dependencies which noone wants to do because developers want the latest and greatest model.
The comment I’m replying to mentioned other OSs and non gaming functions. For those purposes Virtio requires almost no configuration to work with acceleration and works more than well enough.
That said, vietio drivers do in fact exist for windows.
Virtio works jisy fine.
Anything that supports bind’s built-in nsupdate.
You can even use SecureBoot and TPM in a VM ;) OVMF EDK2 fully supports both ;)
SecureBoot is fine, sucks that vendors won’t add distro keys but you can do that yourself, or use the shim.
I don’t know which distro you’re using, but in Fedora and Debian it’s pretty easy to install the signed version of grub and the signed shime and get full secure boot in Linux. No setup needed.
Absolutely. Simply use ACME with the DNS validation method. Using bind you’ll want to create keys and allow TXT access for those keys to the validation domains. Fear not, this isn’t exclusive to bind, ACME tools supports dozens of other backends. That’s all you need the actual domain doesn’t need to be resolvable with an A/CNAME record. Internally you can run an entirely different DNS server to resolve your hosts, use hosts files, or use bind zones.