list
Our great sponsors
| list | psl-problems | |
|---|---|---|
| 47 | 4 | |
| 1,862 | 102 | |
| 3.1% | - | |
| 8.7 | 0.0 | |
| 7 days ago | over 4 years ago | |
| Go | ||
| Mozilla Public License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
list
- Public Suffix List
-
Universities Lost the Internet
perfect use case for the public suffix list (https://github.com/publicsuffix/list)
-
How I Accidentally Made My Link Shortener into a Malware Honeypot
I just made up `blogger.com` as an example. I probably could have picked a better one. `blogspot.com` & its many TLD variations are on the list.
It looks like the repo where the list is maintained [1] is pretty active. YMMV, I'm not a maintainer or anything..
[1] https://github.com/publicsuffix/list
- The Public Suffix List
-
Ask HN: How does HN determine the site that a submission belongs to?
There's the Public Suffix List https://publicsuffix.org/ but it's limited to domain names, so your github.com/rails example isn't covered. I'm pretty sure HN simply has a manually coded list of URL patterns for popular domains.
-
Government URLs that don't end in .gov
Browsers use the public suffix list to determine cookie scope. You can even get your own domains added to it.
https://publicsuffix.org/
-
See this page fetch itself, byte by byte, over TLS
Are you sure? Looking at their website[1] I see:
> Highlight the most important part of a domain name in the user interface
Which is my suggestion above.
> If you are using it for something else, you are encouraged to tell us, because it helps us to assess the potential impact of changes
Which sounds cautiously supportive of additional use cases.
[1] https://publicsuffix.org/
-
So this guy is now S3. All of S3
Sounds like Bluesky screwed up by not implementing the https://publicsuffix.org/ list
-
Adsense is bringing a bunch of policy changes that affect how your sites are monetized
Furthermore, what constitutes a "Site" will also change henceforth. You can only add a primary domain (such as example.com) and the subdomains which are listed on the public suffix list (such as github.io, blogspot.com, etc.). Thus, your own subdomains (such as xyz.example.com or www.example.com) won't be allowed in Adsense.
-
Chromium's impact on root DNS traffic (2020)
> In fact I think Firefox would have to implement a similar approach if it were popular enough
They implement an omnibox that works well. Why would they need to do this if they were more popular? I suppose they use the domain suffix list for this. It's probably not bulletproof, but it works well enough and doesn't hammer the root DNS servers.
https://publicsuffix.org/
psl-problems
-
See this page fetch itself, byte by byte, over TLS
Ryan Sleevi has written about this before on Hacker News and here's his list https://github.com/sleevi/psl-problems
It's definitely possible that Ryan would consider using this for HN a reasonable choice, because it's mostly cosmetic, but in general you should just not add more dependencies.
- Public Suffix List Problems
-
Public Suffix List
Before you begin to make use of the PSL, consider some of its problems: https://github.com/sleevi/psl-problems
FWIW, the link above successfully convinced me and a coworker not to use the PSL.
-
W3C slaps down Google's proposal to treat multiple domains as same origin
(googler here, but this is my opinion)
I think there's a big abstraction gap between what we use domains for and what they were supposed to be used for, in a way that we shouldn't assume any ownership only based on the domain itself.
For instance you can have a number of sites that use separate domains but are owned by the same entity (N domains for 1 party). You could also have the same base domain being used for several unrelated parties, think hosting a store on Shopify (1 domain for N parties). This is so ambiguous that even inside the browser you have two different implementations on the way you handle this attribution, one for cookies and one for Single-Origin Policy.
There's a good write up about this problem at https://github.com/sleevi/psl-problems. Sometimes I wonder how the web got here with the amount of kludge that we have to carry.
What are some alternatives?
fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
first-party-sets
chromium - The official GitHub mirror of the Chromium source
standards-positions
brave-core - Core engine for the Brave browser for mobile and desktop. For issues https://github.com/brave/brave-browser/issues
fenced-frame - Proposal for a strong boundary between a page and its embedded content
sansio-tld-parser - A top level domain parser with no builtin io.
WebKit - Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
subtls - A proof-of-concept TypeScript TLS 1.3 client
nix-tests - A scratchpad for small experimental things I am doing with Nix.
second-level-domains - A list of second level domains