pykka
list
pykka | list | |
---|---|---|
1 | 53 | |
1,241 | 2,225 | |
1.5% | 6.1% | |
7.8 | 9.7 | |
2 months ago | 9 days ago | |
Python | Go | |
Apache License 2.0 | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pykka
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
A friend of mine recently let the domain used for documentation of Pykka, a Python actor library, expire. Some of course registered the domain, resurected the content and injected ads/spam/SEO junk.
Since the documentation is Apache License 2.0 there isn't much one can do, other than complain to the hosting about misuse of the project name/branding. But so far we haven't heard back from the hosting provider's abuse contact point (https://github.com/jodal/pykka/issues/216 if anyone is interested).
list
-
uBlock Origin supports filtering CNAME cloaking sites on Firefox now
...Unless you're savvy. Thank goodness for the availability of https://publicsuffix.org/ (as long as you only use your main domain and don't need to share cookies with your own subdomains), and the includeSubDomains directive to HSTS! But - if you already set this up, you probably are savvy enough to avoid the problems created (or your provider is)
-
Public Suffix List
In addition to the fact that .gov.uk and .ac.uk does exist in this list, which has two logical sections where the first section is for official TLDs and the second section is for custom domains, the PSL is effectively being used for additional origin protection: foo.gov.uk and bar.gov.uk should have separate origins because, of course, they can and normally be operated by different entities. So as long as such things can happen, the public registration is not really mandatory for being included to the PSL. (One particular exception is that a generated domain for all possible IP addresses [1], which technically benefit from the inclusion but the maintainers don't want to endorse such unsafe services.)
[1] https://github.com/publicsuffix/list/wiki/Guidelines#validat...
-
We Spent $20 to Achieve RCE and Accidentally Became the Admins of .MOBI
> if a user uploaded something like an html file, you wouldn't want it to be able to run javascript on google.com (because then you can steal cookies and do bad stuff)
Cookies are the only problem here, as far as I know, everything else should be sequestered by origin, which includes the full domain name. Cookies predate the same-origin policy and so browsers scope them using their best guess at what the topmost single-owner domain name is, using—I kid you not—a compiled-in list[1]. (It’s as terrifying as it sounds.)
[1] https://publicsuffix.org/
-
SSL Certificate Pinning in Flutter
Let’s start with the endmost certificates. They are usually bound to a given top-level domain (or more precisely — the public suffix). For example, a certificate may be issued to www.thedroidsonroids.com. It may also be a wildcard applicable to any subdomain (like *.thedroidsonroids.com).
-
ICANN's list of abandoned vanity TLDs, which now has about 134 entries
I assume you’re using Mozilla’s public suffix list? https://publicsuffix.org/
We have something similar that keeps it updated on a regular basis as well. We used to wait until someone complained, but it changes so often it’s the only reasonable way to deal with it.
-
Universities Lost the Internet
perfect use case for the public suffix list (https://github.com/publicsuffix/list)
-
How I Accidentally Made My Link Shortener into a Malware Honeypot
I just made up `blogger.com` as an example. I probably could have picked a better one. `blogspot.com` & its many TLD variations are on the list.
It looks like the repo where the list is maintained [1] is pretty active. YMMV, I'm not a maintainer or anything..
[1] https://github.com/publicsuffix/list
- The Public Suffix List
-
Ask HN: How does HN determine the site that a submission belongs to?
There's the Public Suffix List https://publicsuffix.org/ but it's limited to domain names, so your github.com/rails example isn't covered. I'm pretty sure HN simply has a manually coded list of URL patterns for popular domains.
What are some alternatives?
servercert - Repository for the CA/Browser Forum Server Certificate Chartered Working Group
atrium - Rust libraries for Bluesky's AT Protocol services.
agency - A fast and minimal framework for building agent-integrated systems
sansio-tld-parser - A top level domain parser with no builtin io.
jockey - 🏇 Generic Python library for running asynchronous workers. Useful for building event handlers, web frameworks, and alike.
psl-problems
django-concurrency - Optimistic lock implementation for Django. Prevents users from doing concurrent editing.
fingerprintjs - The most advanced browser fingerprinting library.
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
nix-tests - A scratchpad for small experimental things I am doing with Nix.
gitlab
second-level-domains - A list of second level domains