Adam Langley

Which one of you is this? m.youtube.com/shorts/tS0Ip1k…

Honestly this should be a national scandal. The river I used to play in as a kid is now so polluted that my kid can’t play in it. bbc.co.uk/news/articles/…

@tryhackme CORN?

The grid has spoken.

@stokfredrik Offgrid living youtube series when?

After trying to renovate the old camper I bought last summer only to realize I suck at fiberglass work and that it was water damaged. The only viable option for me, was to order a new one that matched my needs. so got myself a custom euro built dux explorer 240 camper, with diesel heating, diesel stove, compost toilet, heated water tanks and a solar setup that allows me to be offgrid for very long periods of time (all year around). This setup combined with the power of the ford ranger wildtrack 2025 with airbags and true 4x4, opens up endless possibilities and is going to be a great companion when I’m going explore the northern parts of Scandinavia the upcoming season. And yes, semlan is cute and hungry.

@rez0__ What’s faster, the mop or the spills?

we're mopping up the internet one submission at a time

@x509dot @djrevmoon SYN -> SYN/ACK -> ACK

@djrevmoon @BuildHackSecure What?

Why are API keys not bound to an IP address allow list? I never see this option available in API services. Failing that, you should also receive an email whenever a new IP address attempts to use your API key. API keys should double up as canary tokens.

@_Freakyclown_ Hey! some backend developer worked very hard on that 🤣

Feast your eyes on this abomination of a UX - it’s so overwhelming it has to shared!

@schuyler_t @TweetEagle1 @francip Ah right maybe it's changed, just remember hearing something a few years ago that people were really locked into suppliers and had little to no choice. But that 2 gig both way sounds amazing! Only things I could of dreamt of back in the 90s with a dial up haha

@BuildHackSecure @TweetEagle1 @francip Very much depends where you are, but I’d say that’s the median experience yes. In Seattle there’s 4 or 5 different options but availability varies by neighborhood. My first gig connection was from an ISP that only served apartment buildings/condos.

@schuyler_t @TweetEagle1 @francip Is it right that in the US it's really bad for providers like you can only choose between 2 or 3 (varying state to state)?

@BuildHackSecure @TweetEagle1 @francip I think they did with a business plan, they’re also switching away from PPPoE to DHCP (“IPoE”) so it might get more stable with that. I switched to Comcast last year because they offered 2 gig symmetric for $10 less than I was paying.

@schuyler_t @TweetEagle1 @francip Yeah 100% you'd have to be doing something like that. Do they sell static IP's by any chance? Are they just forcing an upgrade lol

@BuildHackSecure @TweetEagle1 @francip One of the appeals to OpnSense to me was the built in cloudflare DDNS updater 😅

@schuyler_t @TweetEagle1 @francip That's crazy, that would definetly be a pain.

@BuildHackSecure @TweetEagle1 @francip My PPPoE based FTTH service still did this, in 2025

@juliknl I didn’t say keys should only be used from prod. And like I said my post did have a subconscious focus on dev machines. I never said whitelisting for all tokens, I just want options.

Why should keys be only usable from prod, and not from, say, development machines? Leaks of PATs are an orthogonal issue - it's handy when services notify that "$usage of your token just occurred from $ip and it did $action" but whitelisting for all tokens feels like extreme overkill

@alexpotato @thegrugq Some do, not enough.

@BuildHackSecure @thegrugq Lots of providers have the option to limit API keys. I know for a fact that Cloudfare does.

Well I can confidently say after crunching all the numbers that all developers that have been working for between 5 - 10 years have less job satisfaction due to AI, feel free to use and quote my indepth research.

@rad9800 Yeah agreed, it's definetly not a perfect solution but I'd like the option. And I'm sure there's a lot of people in my situation as a WFH dev who uses a lot of API keys and doesn't really change IP addresses.

humbly, the illusion of security (if an option). if I've learnt one thing, if there is a way to fuck up users will do so. if it was enforced, great - an anti-fuck up, but high-friction. secrets as is, should not be solved with bandaids. I like the idea, but it does seem like a tarpit!

@just_infosec_ @francip Yeah, I think even at least something alerting you that your IP address is being suddendly used in a different country.

@BuildHackSecure @francip I always wanted this IP whitelisted approach, but: Whenever IP changes, someone else is whitelisted. In big orgs, Operationally it takes time to get the new IP whitelisted. In case of corporate vpn gateway IP, a lot of people share the same public IP

@fwrnr @rad9800 Haha literally going to respond back with "have you heard of a JOIN statement" I think it would be minuscule, if a dev complained about it I'd ask to see their code and in 5 minutes probably save even more compute from somewhere else by improving a statement or adding an index.

@BuildHackSecure @rad9800 Obviously you can do both of these in one query but still extra compute :L

@TweetEagle1 @francip

@BuildHackSecure @francip every dial in, with forced 24h disconnect that is once per day.

@shuv1337 Ah yeah, I've been caught out a couple of times with all of the IP ranges not been publically kept upto date.

@BuildHackSecure i restrict keys by ip whenever possible but it's a royal pain for cloud > cloud stuff. just pray your provider publishes an accurate and updated egress list. still worth the pain whenver it's doable though