• 0 Posts
  • 36 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle

  • Indeed, not classically, but there are HSTS preload lists you can put your domain into which will be downloaded by supported browsers.
    And via HSTS you can include all your subdomains, which would then force proper TLS connections for those you havent visited before too.

    With the new TLS1.3 version we are getting the HTTPS / “SVCB” Record which not only allows ECH but also indicates to the client similar protection policies like HSTS. (RFC 9460)
    ECH will then make such attacks impossible on TLS-level, assuming DNSSEC is used and client can make an integrity-checked lookup e.g. via DoH/DoT or validating DnsSec themselves.
    The strength of this depends on the security-chain you want to follow of course. You dont need DNSSEC, but then the only integrity-check is between DNS-Service and Client if they use DoH/DoT (which is usually enough to defeat local attackers)
















  • Copilot is weird and can give out very weird responses that have little to do with your conversations.

    And of course it might just grab context depending on what you do (e.g. clicking the copilot button might already do that).

    I found it works best as GPT model if you disable the fancy stuff like search. It too easily looses track of what happened or completly goes off the rails.
    (i believe disabling search is a beta feature in some regions, but its a hidden flag you can theoretically set, i made a tampermonkey script to add a button).

    I hate the slow UI of Copilot, so i translate requests from a different GPT interface.