Profile avatar
kalfeher.bsky.social
Unresearched opinions on DNS, Internet and Security. I comment on AWS security sometimes. I occasionally share links to stuff I write
143 posts 30 followers 18 following
Regular Contributor
Active Commenter
Posts 29 Comments 21

Watched the Melbourne parade this morning and now its Bells. A great way to spend ANZAC day. Looks like it will be good waves for the rest of the weekend too. I normally get down there at least one day, but the waves have come very late this time around.

submitted 2 days ago • 0 comments

If you’re using the local R53 resolver, AWS has already been creative for you. There’s a reason they hide rrsigs from you and they can’t sign endpoints domains. Years and years of creativity

submitted 4 days ago • 0 comments

Here's a clarified write up of that SSL.com bug. I think email DCV should die a fiery death, but this isnt an email vuln its just sloppy work. how is such poor dev and testing acceptable for a CA in 2025? #tls #certificates www.theregister.com/2025/04/22/s...

submitted 5 days ago • 0 comments

Certs will have 47 days of validity by 2029. lengths get shorter from march 2026. Reuse domain val material will be 10 days. this is diff to very short validity certs that can be issued now. Lets Encrypt will offer 6 day certs by end of yr #tls #certificates github.com/cabforum/ser...

submitted 6 days ago • 0 comments

correct HTTPS (SVCB) record support is still a distant dream for Firefox and chrome. So #AWS adding static IPs to cloudfront will be welcome for many customers. Natch AWS mangles #DNS terms in the announcement, but the feature is good anyways. aws.amazon.com/about-aws/wh...

submitted 10 days ago • 0 comments

This def took too long to add. #AWS has added a #selinux policy for cloudwatch agent officially only for AL2 or AL2023, but policy files should be adaptable to fedora/rhel/rocky etc. github.com/aws/amazon-c... #linux #security

submitted 10 days ago • 0 comments

Git was a side project. Just 10 days of code. 20 years after Git’s first commit, Linus Torvalds reflects on what he built (and what he didn’t expect) → github.blog/open-source/...

submitted 13 days ago • 1 comment

Why I make 'naive' queries for my CDS consistency project. TLDR: because it's cheaper #dns #dnssec kalfeher.com/analysis/cds...

submitted 16 days ago • 0 comments

price reductions are good. but the drop in AUD to USD means this isnt a reduction for me at all. Also note that S3 E1Z is not found in many AWS regions. aws.amazon.com/blogs/aws/up... #aus #aws #s3

submitted 16 days ago • 0 comments

sitting through a #AWS well architected session can be a real chore. But the advice is generally a good place to start. Esp in domains where your team might have low proficiency. so the updated advice is def worth a read. aws.amazon.com/about-aws/wh...

submitted 17 days ago • 0 comments

when general availability, doesnt mean available generally. It must be an announcement from #AWS route server will be welcome for many customers. but this architecture pattern tends to be expensive. aws.amazon.com/about-aws/wh...

submitted 20 days ago • 0 comments

2 more #IPv6 updates from #AWS RAM endpoints are now dualstack. yay, but also meh. Bigger news is that API gateway is now dualstack. Not sure that it justified a full blog on just turning it on tho 😆 aws.amazon.com/blogs/aws/am...

submitted 26 days ago • 0 comments

CloudWAN is the fancy, pricey global networking toolset #AWS wants you to use to build your network. but it didnt support a protocol that has been mainstream for 20+ yrs. now it does #ipv6 aws.amazon.com/about-aws/wh...

submitted 27 days ago • 0 comments

#AWS IAM endpoints now avail over #ipv6 aws.amazon.com/about-aws/wh... if your transition to IPv6 is glacially slow, don't worry, AWS is keeping pace with you

submitted 27 days ago • 0 comments

we are a few hours into the election and I've already received a PII harvesting email pointing me to postal.vote which will collect my deets and do nothing of value. natch they'll store that PII for infinity bc there is no liability, even if they leak it. #auspol #auspol2025 #auselection2025

submitted 30 days ago • 0 comments

Since I’m looking for employment I visit a lot of recruiter SaaS sites. None of them offer OIDC social login. Most use just email/passwd and delineate their customers by clear text URL parameters. They are just oblivious and apathetic

submitted 30 days ago • 0 comments

I documented this requirement nearly 2yrs ago. glad to see it finally delivered. it's pretty niche, hence the long delay probably. but for higher security envs this has been a frustrating omission aws.amazon.com/about-aws/wh... #AWS #firewall

submitted 30 days ago • 0 comments

AWS Elemental services already dual stack. other media services are catching up. could we judge how little love a svc receives based on how many yrs later it moves to AWS' newish network gear, when compared to sibling svcs? #aws aws.amazon.com/about-aws/wh...

submitted 35 days ago • 0 comments

Okay, this article is legit excellent. aws.amazon.com/blogs/comput...

submitted 41 days ago • 2 comments

Sometimes product teams disappear down a rabbit hole building ever more niche solutions that would create a fragile architecture if employed by general users. apropos of nothing AWS R53 Traffic flow editor now has dark mode #dns #aws aws.amazon.com/about-aws/wh...

submitted 43 days ago • 0 comments

It's a bit vague and arm wavy, but I agree with the sentiment. A bunch of very capable ppl, some of whom may be willing to move to another continent, are on the market. www.theage.com.au/national/as-...

submitted 51 days ago • 0 comments

#AWS IAM Access Analyser is a relatively recent service. Why'd they build it on the non dual stack infrastructure? laziness? expediency? Anyway, it's now on the modern infra so it supports #IPv6 aws.amazon.com/about-aws/wh...

submitted 51 days ago • 0 comments

It took a while, but I've finally added .SE to my CDS accuracy tracking proj. IIS were very helpful. #dns #dnssec kalfeher.com/analysis/cds...

submitted 53 days ago • 0 comments

I don't know phil. But he had a passion for ppl and recently left my ISP

submitted 55 days ago • 0 comments

using Sun's playbook where everything was Java-something and MS using Cortana for branding, #AWS renames Chatbot to Q Developer. But that name is already taken so it's actually "Q Developer in Chat Applications" Main new feature is using more keys for the same thing. aws.amazon.com/about-aws/wh...

submitted 59 days ago • 1 comment

Been a while since a good bridge strike was required of an inconsiderate jerk

submitted 60 days ago • 0 comments

We’ve picked our #eurovision entrant. Yes Australia competes. #australia #straya www.sbs.com.au/news/article...

submitted 60 days ago • 0 comments

★★★★★ review:
 “The casino's sports betting lounge did a bang-up job of making my wife’s funeral real classy. Go Timberwolves!”
 —Dan T from Chambersburg, IA

submitted 64 days ago • 1 comment

.NU is the ccTLD for Niue, but very popular amongst Scandinavian users because 'nu' means 'now'. It has nu been added to my daily CDS charts. High proportion of the zone has been signed ~55%. #dns #dnssec kalfeher.com/analysis/cds...

submitted 64 days ago • 0 comments