If you're not getting downvoted at least some of the time on HN you're doing something wrong. I've caught plenty of downvotes myself for arguing that Mars was never going to happen and is just a recruiting tactic for SpaceX to hire idealistic young engineers and pay them sub-market wages because the dream of Mars is part of their compensation.
All the hardware they've actually invested in, including Starship, is in fact foremost for launching satellites into Earth orbit. Starship in particular is optimized for this.
It is super weird that developers have to run a binary blob on their machines. It's 2026, all the major developer CLI tools are open-source anyway. What's the point for Anthropic to even make it secret?
They rushed to launch Actions because GitLab launched them before.
BTW, GitLab called it "CI/CD" just as a navigation section on their dashboard, and that name spread outside as well, despite being weird. Weird names are easier to remember and associate with specific meaning, instead of generic characterless "Actions".
Tests for correctness, self similarity, duplication of concerns, contradictory statutes, edge case detection, cruft or outdated laws that muddy the waters...
If the full compliment of software development practices were applied to legislation and ordinances we would be living in a very different world.
Jurisdictional laws don't work that way though. It's more like a script for improvised theater. Everybody get the same text, but no one gets the same performance twice.
They said same about video games but it turns out I didn't just want to play them, I also invested crazy amounts of time learning how to make them. Best time to spend crazy hours pursuing something you care about before the busy schedule of an adult saps all that away. It got me ahead. Not everyone just wants quick fixes.
The difference, I think (as an "over-user" of computers all throughout childhood) is that there were no basis for "they said same about video games", but there is a lot of basis for "social media is a net bad" now.
Do I believe the UK is doing this for the right reason or the right way? Absolutely not. But I also don't agree with the comparison of now and when I was a kid/teen.
I was playing brain dead Game Boy games when I was a kid and adults around me were saying games need to be outlawed because they're making my generation stupid. Now I'm a game developer and pretty happy with it.
Every generation has grumpy old people complaining about the youth. I see the dumb TikTok videos that grumpy old people complain about today, and they're about 2 steps above the absolute slop Gen X adults used to watch in the early 2000s: reality TV. Now grumpy old people watch political streamers saying we need to ban (new thing) because it's making kids stupid.
Well, I'm old enough to remember many "peace talks" go to eternity wit absolutely zero results. In many countries around the world. Just to create the argument.
Knot (as suggested by others) is good. As are BIND and PowerDNS. These are the big authoritative resolvers I think of at least, and all of them allow for basically hands-free DNSSEC; just flip a switch and you'll have it. I've run DNSSEC with all three and have no complaints.
And when using such turn-key DNSSEC support, I think there's very little risk to enabling it. While other commenters pointing out its marginal utility are correct, turn-key DNSSEC support that Just Works™ de-risks it enough for me that the relatively marginal utility just isn't a concern.
Plus, once you've got DNSSEC enabled, you can at the very least start to enjoy stuff like SSHFP records. DANE may not have any real-world traction, but who knows what the future may bring.
That is to say, if you misconfigure it, or try to turn it off, you will have an invalid domain until the TTL runs out, and it's really just not worth the headache unless you have a real use case.
> If bad actors can create valid tls certs they can solve the dnssec problem.
I think you have it backwards: by not running DNSSEC it can mean bad actors (at least a certain level) can MITM the DNS queries that are used to validate ACME certs.
It is now mandated that public CAs have to verify DNSSEC before issuing a cert:
If you mean MITM between DNS Server and CA (e.g. letsencrypt), thats on a level of BGP hacking (means for me government involved) and means they can just use a CA (e.g. Fina CA 2025 with cloudflare).
I think the risk didn't change much (except for big corp/bank).
If you're a masochist you can do it manually, just make sure you have a good grasp of whats going on first[1]
Simplistically you need a DS record at your registrar, then sign your zones before publishing. You can cheat and make the KSK not expire, which saves some aggravation. I've rolled my own by hand for 10 yrs with no dnssec related downtime
I cheer any decision that holds any private web property (like Facebook) accountable for it's user actions.
It helps to reduce hegemony of large social platforms and promotes privately owned websites. For example, I know everyone who has permissions to post on my website (or pre-moderate strangers comments), and is ready to take responsibility for their posts, what my website publishes.
Currently the legal stance seems strange to me -- large media platforms are allowed to store, distribute, rank and sell strangers data, while at the same time they claim they are not responsible for it.
If you haven't already, you should look at the court case that prompted the creation of the current legal framework of Section 230. Prodigy was sued because of the things being said in public chatrooms. Should the host for an IRC server be responsible for everything said on the IRC server? Should they pre-moderate all the messages being said there? Should dang premoderate every post on this site?
The reality is that people who cheer for this stuff are going to be unreasonably shocked when it comes to bite them later. Once the government's done going after the big guys, the little guys are next, and unlike the big guys, they can't absorb a few fines and judgments.
reply