Hacker News new | past | comments | ask | show | jobs | submit | hexa-'s comments login

Distros are backporting security patches into their releases, so no harm done. If you rely on the python.org releases and don't build from source, then yes, that is a bit sad.

Case in point: The Debian security tracker, see their notes section referencing each commit.

https://security-tracker.debian.org/tracker/CVE-2021-3177


The python:3.8 and python:3.9 container images if used to build web services such as Django with GIS extensions may have an RCE until Python.org sources are updated.


Why can't the base image receive those patches as well?


Those images pull from python.org sources, see:

https://github.com/docker-library/python/blob/master/3.8/bus...


Those come from a WHOIS daemon that is reachable in the network as whois.dn42. There's also an authoritative DNS system for the .dn42 TLD with anycasted resolvers

    % dig whois.dn42 @resolver.nic.dn42 any +short
    172.22.0.43
    fd42:d42:d42:43::
as well as some ACME implementation with a CA that is constrained to the .dn42 domain and the allocated IP space.

   % openssl x509 -in /etc/ssl/certs/dn42_Root_Authority_CA.pem -noout -text
    [...]
                X509v3 Name Constraints:
                    Permitted:
                      DNS:.dn42
                      IP:172.20.0.0/255.252.0.0
                      IP:FD42:0:0:0:0:0:0:0/FFFF:0:0:0:0:0:0:0
    [...]
So there's quite some stuff to do and learn about.


DN42 is very easy to get into, if you have some networking knowledge. If you're familiar with Linux I'd recommend Bird as a BGP speaker and using Wireguard for L3 tunneling.

Either way, get started here: https://dn42.net/howto/Getting-started


Thanks for that pointer, definitely looks like a good entry point. I want to play with announcing BGP routes across to Azure VNets.


I was recently hit by an IPv4 routing outtage and had only IPv6 available to connect to the internet.

I was therefore unable to connect to github.com, as there is no IPv6 support available:

% host github.com github.com has address 192.30.253.112 github.com has address 192.30.253.113


This looks nice. Any chance this is going to be open source?


Thanks, I might open source the prototype/early version here, but not the whole project (I intend to add a lot more stuff and make it gaming-oriented)


There already exists a mirror list at https://www.torproject.org/getinvolved/mirrors.html.en. Of course this is hard to come by, when the whole torproject website is being censored.


People can just look at the cached version of this page on Google over SSL, I doubt they will ban Google...


> In February 2006, Google made a significant concession to the Great Firewall of China, in exchange for equipment installation on Chinese soil, by blocking websites which the Chinese government deemed illegal.

https://en.wikipedia.org/wiki/Internet_censorship_in_the_Peo...

So I think they would ban Google Search over this if they had to, but it sounds like Google would just hide it on Google.cn.

https://en.wikipedia.org/wiki/List_of_websites_blocked_in_Ch... is another interesting read, the first 6 URLs are Google products.


> the first 6 URLs are Google products

One of which is Google+, every cloud has a silver lining.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: