home.social

#lovedns — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #lovedns, aggregated by home.social.

  1. The four organizations who maintain your favorite open-source DNS software, ISC, CZ.NIC, PowerDNS and NLnet Labs, gave a lighting talk at @dnsoarc 46 about the avalanche of LLM-assisted security reports for their projects, and the effect it has on us and our users.

    The last slide ends on a “Hug your OSS maintainer" note, but I think this is understating the gravity of this situation. I hope we put forward a stronger message during the repeat of this presentation at RIPE 92.

    People need to consider that we are in a situation where developers with talent, purpose and experience have created something valuable for the internet community over the last 20+ years. They could have chosen to work at $MEGACORP for twice, three times the pay, but they chose to do something meaningful.

    Now, the body of work they carefully designed and maintained over the last decades is being picked apart by an LLM. Yes, as a result the products become some definition of “more secure” but there is no reasonable prospect that this avalanche of reports will end. Ignoring them is not an option. Feature development has come to a halt.

    As an employer, what am I supposed to tell my developers? Thanks for creating this amazing DNS software over the last 20 years, it looks like you’ll spend the next couple of years triaging and fixing bugs and coordinating CVEs with your peers.

    How do we keep people motivated to do open source and even if we do, how do we keep this development model sustainable? We can’t pivot to the ‘agentic era’ just like that and even if we could, I think my colleagues do this job to create something amazing—artisanal if you will—not to to maximize output at all costs so shareholders get rich.

    Practically though, encouraging organizations to purchase a support contract will certainly help on the short term, because:

    - You will get access to world class support;
    - You will get early security vulnerability notices under NDA, keeping your critical infrastructure safe from a whole new class of LLM fueled risks; and
    - In the grand scheme of things, you will help keep this open source model sustainable so your favorite DNS software continues to exist and thrive.

    #DNS #LoveDNS #LLM #FOSS #OpenSource #RIPE92

    indico.dns-oarc.net/event/56/c

  2. The four organizations who maintain your favorite open-source DNS software, ISC, CZ.NIC, PowerDNS and NLnet Labs, gave a lighting talk at @dnsoarc 46 about the avalanche of LLM-assisted security reports for their projects, and the effect it has on us and our users.

    The last slide ends on a “Hug your OSS maintainer" note, but I think this is understating the gravity of this situation. I hope we put forward a stronger message during the repeat of this presentation at RIPE 92.

    People need to consider that we are in a situation where developers with talent, purpose and experience have created something valuable for the internet community over the last 20+ years. They could have chosen to work at $MEGACORP for twice, three times the pay, but they chose to do something meaningful.

    Now, the body of work they carefully designed and maintained over the last decades is being picked apart by an LLM. Yes, as a result the products become some definition of “more secure” but there is no reasonable prospect that this avalanche of reports will end. Ignoring them is not an option. Feature development has come to a halt.

    As an employer, what am I supposed to tell my developers? Thanks for creating this amazing DNS software over the last 20 years, it looks like you’ll spend the next couple of years triaging and fixing bugs and coordinating CVEs with your peers.

    How do we keep people motivated to do open source and even if we do, how do we keep this development model sustainable? We can’t pivot to the ‘agentic era’ just like that and even if we could, I think my colleagues do this job to create something amazing—artisanal if you will—not to to maximize output at all costs so shareholders get rich.

    Practically though, encouraging organizations to purchase a support contract will certainly help on the short term, because:

    - You will get access to world class support;
    - You will get early security vulnerability notices under NDA, keeping your critical infrastructure safe from a whole new class of LLM fueled risks; and
    - In the grand scheme of things, you will help keep this open source model sustainable so your favorite DNS software continues to exist and thrive.

    #DNS #LoveDNS #LLM #FOSS #OpenSource #RIPE92

    indico.dns-oarc.net/event/56/c

  3. The four organizations who maintain your favorite open-source DNS software, ISC, CZ.NIC, PowerDNS and NLnet Labs, gave a lighting talk at @dnsoarc 46 about the avalanche of LLM-assisted security reports for their projects, and the effect it has on us and our users.

    The last slide ends on a “Hug your OSS maintainer" note, but I think this is understating the gravity of this situation. I hope we put forward a stronger message during the repeat of this presentation at RIPE 92.

    People need to consider that we are in a situation where developers with talent, purpose and experience have created something valuable for the internet community over the last 20+ years. They could have chosen to work at $MEGACORP for twice, three times the pay, but they chose to do something meaningful.

    Now, the body of work they carefully designed and maintained over the last decades is being picked apart by an LLM. Yes, as a result the products become some definition of “more secure” but there is no reasonable prospect that this avalanche of reports will end. Ignoring them is not an option. Feature development has come to a halt.

    As an employer, what am I supposed to tell my developers? Thanks for creating this amazing DNS software over the last 20 years, it looks like you’ll spend the next couple of years triaging and fixing bugs and coordinating CVEs with your peers.

    How do we keep people motivated to do open source and even if we do, how do we keep this development model sustainable? We can’t pivot to the ‘agentic era’ just like that and even if we could, I think my colleagues do this job to create something amazing—artisanal if you will—not to to maximize output at all costs so shareholders get rich.

    Practically though, encouraging organizations to purchase a support contract will certainly help on the short term, because:

    - You will get access to world class support;
    - You will get early security vulnerability notices under NDA, keeping your critical infrastructure safe from a whole new class of LLM fueled risks; and
    - In the grand scheme of things, you will help keep this open source model sustainable so your favorite DNS software continues to exist and thrive.

    indico.dns-oarc.net/event/56/c

  4. The four organizations who maintain your favorite open-source DNS software, ISC, CZ.NIC, PowerDNS and NLnet Labs, gave a lighting talk at @dnsoarc 46 about the avalanche of LLM-assisted security reports for their projects, and the effect it has on us and our users.

    The last slide ends on a “Hug your OSS maintainer" note, but I think this is understating the gravity of this situation. I hope we put forward a stronger message during the repeat of this presentation at RIPE 92.

    People need to consider that we are in a situation where developers with talent, purpose and experience have created something valuable for the internet community over the last 20+ years. They could have chosen to work at $MEGACORP for twice, three times the pay, but they chose to do something meaningful.

    Now, the body of work they carefully designed and maintained over the last decades is being picked apart by an LLM. Yes, as a result the products become some definition of “more secure” but there is no reasonable prospect that this avalanche of reports will end. Ignoring them is not an option. Feature development has come to a halt.

    As an employer, what am I supposed to tell my developers? Thanks for creating this amazing DNS software over the last 20 years, it looks like you’ll spend the next couple of years triaging and fixing bugs and coordinating CVEs with your peers.

    How do we keep people motivated to do open source and even if we do, how do we keep this development model sustainable? We can’t pivot to the ‘agentic era’ just like that and even if we could, I think my colleagues do this job to create something amazing—artisanal if you will—not to to maximize output at all costs so shareholders get rich.

    Practically though, encouraging organizations to purchase a support contract will certainly help on the short term, because:

    - You will get access to world class support;
    - You will get early security vulnerability notices under NDA, keeping your critical infrastructure safe from a whole new class of LLM fueled risks; and
    - In the grand scheme of things, you will help keep this open source model sustainable so your favorite DNS software continues to exist and thrive.

    #DNS #LoveDNS #LLM #FOSS #OpenSource #RIPE92

    indico.dns-oarc.net/event/56/c

  5. The four organizations who maintain your favorite open-source DNS software, ISC, CZ.NIC, PowerDNS and NLnet Labs, gave a lighting talk at @dnsoarc 46 about the avalanche of LLM-assisted security reports for their projects, and the effect it has on us and our users.

    The last slide ends on a “Hug your OSS maintainer" note, but I think this is understating the gravity of this situation. I hope we put forward a stronger message during the repeat of this presentation at RIPE 92.

    People need to consider that we are in a situation where developers with talent, purpose and experience have created something valuable for the internet community over the last 20+ years. They could have chosen to work at $MEGACORP for twice, three times the pay, but they chose to do something meaningful.

    Now, the body of work they carefully designed and maintained over the last decades is being picked apart by an LLM. Yes, as a result the products become some definition of “more secure” but there is no reasonable prospect that this avalanche of reports will end. Ignoring them is not an option. Feature development has come to a halt.

    As an employer, what am I supposed to tell my developers? Thanks for creating this amazing DNS software over the last 20 years, it looks like you’ll spend the next couple of years triaging and fixing bugs and coordinating CVEs with your peers.

    How do we keep people motivated to do open source and even if we do, how do we keep this development model sustainable? We can’t pivot to the ‘agentic era’ just like that and even if we could, I think my colleagues do this job to create something amazing—artisanal if you will—not to to maximize output at all costs so shareholders get rich.

    Practically though, encouraging organizations to purchase a support contract will certainly help on the short term, because:

    - You will get access to world class support;
    - You will get early security vulnerability notices under NDA, keeping your critical infrastructure safe from a whole new class of LLM fueled risks; and
    - In the grand scheme of things, you will help keep this open source model sustainable so your favorite DNS software continues to exist and thrive.

    #DNS #LoveDNS #LLM #FOSS #OpenSource #RIPE92

    indico.dns-oarc.net/event/56/c

  6. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  7. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  8. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    @dnsoarc

  9. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  10. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  11. @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

    Also, make sure to bring your zone files so you can for example see how fast parallel #DNSSEC signing by @bal4e really is. #DNS #LoveDNS #OpenSource

  12. @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

    Also, make sure to bring your zone files so you can for example see how fast parallel #DNSSEC signing by @bal4e really is. #DNS #LoveDNS #OpenSource

  13. @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

    Also, make sure to bring your zone files so you can for example see how fast parallel #DNSSEC signing by @bal4e really is. #DNS #LoveDNS #OpenSource

  14. @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

    Also, make sure to bring your zone files so you can for example see how fast parallel #DNSSEC signing by @bal4e really is. #DNS #LoveDNS #OpenSource

  15. @ximon18 @dnsoarc after his talk on stage, Ximon will be at the demo table in the lunch area, where he can show all the other tricks Cascade has learned since OARC 45 in Stockholm.

    Also, make sure to bring your zone files so you can for example see how fast parallel #DNSSEC signing by @bal4e really is. #DNS #LoveDNS #OpenSource

  16. Please pray to the live demo Gods over lunch so @ximon18 can show you our #DNSSEC signer Cascade in action this afternoon at @dnsoarc 46.

    We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

    #LoveDNS

  17. Please pray to the live demo Gods over lunch so @ximon18 can show you our #DNSSEC signer Cascade in action this afternoon at @dnsoarc 46.

    We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

    #LoveDNS

  18. Please pray to the live demo Gods over lunch so @ximon18 can show you our #DNSSEC signer Cascade in action this afternoon at @dnsoarc 46.

    We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

    #LoveDNS

  19. Please pray to the live demo Gods over lunch so @ximon18 can show you our #DNSSEC signer Cascade in action this afternoon at @dnsoarc 46.

    We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

    #LoveDNS

  20. Please pray to the live demo Gods over lunch so @ximon18 can show you our #DNSSEC signer Cascade in action this afternoon at @dnsoarc 46.

    We’ll cover incremental signing with IXFR in and out with TSIG, all on a YubiHSM we packed. 🤞

    #LoveDNS

  21. Thanks to the @Nominet DNS Fund, we have been able to dedicate a team of five developers on building Cascade, our new #OpenSource #DNSSEC signing solution.

    Leading up a first production release in June, @ximon18 will be presenting on our progress at the @dnsoarc 46 workshop in Edinburgh in May.

    Highlights will include new incremental signing and IXFR-out, performance/resource usage improvements, TSIG support, metrics, migration tooling, and more...

    indico.dns-oarc.net/event/56/c

    #DNS #LoveDNS

  22. Nice to see that @oli is seeing the bigger picture of Cascade, and the opportunities a modular #DNSSEC pipeline offers.

    This is why we love developing this together with the #DNS operator community. Keep the feedback coming!

    #OpenSource #LoveDNS

    github.com/NLnetLabs/cascade/i

  23. Released dnsdiag v2.9.0 :dns:

    New in this release:
    • `dnstraceroute`: NSID support for tracing anycast DNS instances
    • `dnseval`: DNS over QUIC (DoQ) and HTTP/3 (DoH3)
    • Improved error handling and validation
    • Modern packaging with PEP 639 compliance
    • Tons of Quality of Life improvement

    Download: github.com/farrokhi/dnsdiag/re
    PyPI: pypi.org/project/dnsdiag/

    #DNS #infosec #lovedns

  24. I just did a massive session with the @nlnetlabs team to identify 38 items that we absolutely must to include in the alpha release of our new #DNSSEC signer, Cascade.

    21 of those items are essential. The rest are things that we feel are must-haves to live up to our reputation.

    With six developers going at full steam, we have three weeks until we're on stage at @dnsoarc 45 with a live demo. Then we'll give the #DNS community something to shoot at.

    #NoPressure

    #ProductManagement #OpenSource #rustlang #LoveDNS

  25. I just did a massive session with the @nlnetlabs team to identify 38 items that we absolutely must to include in the alpha release of our new #DNSSEC signer, Cascade.

    21 of those items are essential. The rest are things that we feel are must-haves to live up to our reputation.

    With six developers going at full steam, we have three weeks until we're on stage at @dnsoarc 45 with a live demo. Then we'll give the #DNS community something to shoot at.

    #NoPressure

    #ProductManagement #OpenSource #rustlang #LoveDNS

  26. I just did a massive session with the @nlnetlabs team to identify 38 items that we absolutely must to include in the alpha release of our new signer, Cascade.

    21 of those items are essential. The rest are things that we feel are must-haves to live up to our reputation.

    With six developers going at full steam, we have three weeks until we're on stage at @dnsoarc 45 with a live demo. Then we'll give the community something to shoot at.

  27. I just did a massive session with the @nlnetlabs team to identify 38 items that we absolutely must to include in the alpha release of our new #DNSSEC signer, Cascade.

    21 of those items are essential. The rest are things that we feel are must-haves to live up to our reputation.

    With six developers going at full steam, we have three weeks until we're on stage at @dnsoarc 45 with a live demo. Then we'll give the #DNS community something to shoot at.

    #NoPressure

    #ProductManagement #OpenSource #rustlang #LoveDNS

  28. I just did a massive session with the @nlnetlabs team to identify 38 items that we absolutely must to include in the alpha release of our new #DNSSEC signer, Cascade.

    21 of those items are essential. The rest are things that we feel are must-haves to live up to our reputation.

    With six developers going at full steam, we have three weeks until we're on stage at @dnsoarc 45 with a live demo. Then we'll give the #DNS community something to shoot at.

    #NoPressure

    #ProductManagement #OpenSource #rustlang #LoveDNS

  29. I hope the next DNS-OARC meeting will take place in Europe.
    #dnsoarc #lovedns

  30. is starting now in Da Nang, Vietnam. Looking forward to an excellent set of talks!

    dns-oarc.net/oarc41