On 10 November 2016 at 15:06, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > On Thu, Nov 10, 2016 at 10:18:21AM -0500, Stephen John Smoogen wrote: >> On 10 November 2016 at 09:27, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: >> > >> >>> On 11/09/2016 07:27 PM, Stephen Gallagher wrote: >> >> >> Here are the items I would like to point out: >> >> 1. The TLD name should be something that DNS considers a known unknown >> name. With the fact that IANA is allowing top level domains of all >> sorts we do not want to end up having .fedora or .foobaz end up >> causing thousands of computers saying they are in someones domain. So >> .invalid .localhost .example .local or .test . I expect that >> .localdomain might not ever be registered but who knows. > > Or better, don't provide any TLD. Plain local hostname is enough for > all the purposes mentioned. > >> 2. The XXXXXX is rather important because of two conflicting items. >> One we don't want it to be too short that collisions might occur a >> lot, but we don't want it to be too long for readability but also the >> less collisions the more likely it can be used to track people. If we >> don't care about making breadcrumbs which could be used to 'track' >> people we need to be clear about it so that people who are not wanting >> that can steer clear. [My 'I am an idiot about randomness' solution >> would be uuidgen | sum and that number is used for this. There is a >> good chance of uniqueness per small site and non-uniqueness overall. ] > > I don't think you can have both. If the randomized part is long enough > to have rare collisions, it'll certainly be good enough for tracking. > If you consider that tracking can combine any external information > (like the MAC address or anything else that it learns about the machine), > tracking will "win" with many less bits of information. > > Instead, we should concentrate on not leaking the hostname in places > where it shouldn't be leaked, for example on untrusted networks. As in a later email, if that is what we are wanting, we need to design that in earlier versus later because there will always be too many ways to make something leaked for 'good intentions'. Rememeber, if there is a screwdriver in the toolbox, some programmer is going to use it as a hammer at some point because it was the first tool they pulled out of the box. If there is a /etc/machine-id it will get used because it is the simplest tool to get a unique identifier for some 'important' thing. In the end though there are severe limits to how 'anonymous' anyone can make stuff with off the shelf hardware. Especially when the majority of people aren't using your anonymous Operating System. The fact that only 1% of the people aren't makes them clearer in large datasets than if we just decided to make everything look like Windows 8.1 or Vista. >> 3. case-sensitivity argument about Fedora or fedora looks to be a >> bikeshed. There are probably local business reasons where having >> caps/lowercase in names is important but in those cases they should >> put in tools to conform to their local business reason. > Ack. > > Zbyszek > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
