I've been using codefloe for everything personal, and I couldn't be happier. It's been stable, snappy, and offers me everything I need. I don't miss GitHub a single bit
I just wanted to say that I recently went back to using my RSS feed as a main source of news, and your TILs have been one of the first additions to it. Appreciate it!
> Every 5 seconds a spammer sends something to a bunch of random letters @ your domain
In my experience, this is an exaggeration of the truth. I've been using catch-all addresses for something like 15 years. And yes, there are times when I'll get dozens of spam over the course of a day sent to random letters. But that's a pretty rare occurrence.
I default to allowing any <string>@<mydomain.tld>, and then uses aliases to block offenders. My <string> is often a domain name where I'm using the email address, which means I know who either willingly spams me, sells my email address, or otherwise allows my email address to be leaked. At any rate, I'll throw addresses used for spam onto a disabled account as an alias, resulting in bounces.
The biggest advantage here over aliases is that I've used hundreds of aliases, but didn't have to manually track and add each and every one to my email address. Since most of the time, my email is not used for spam, I only have to manually add the bad ones.
It varies. It likely is an exaggeration for you, but for someone else it isn’t. It only needs to target a few domains to act as a DDOS. Rejecting invalid recipients reduces spam scanning overhead. It’s very significant at scale, for someone managing enough domains to see it.
The problem seems to be that while many domains don’t see this behavior, it seems random which ones do. Having the catchall in place when someone finally does target your domain like this seals the deal: Every one of the 16,000 recipient addresses that were accepted were just added to a list of working email addresses to be sold to spammers for the next 15 years. One hour to ruin your domain, and maybe it never happens to you, or maybe it happens to you tomorrow.
I’ve seen it go down like this at least a few hundred times in the last decade. Safe to say I’ve managed email for a few domains during that time. Enough to say it doesn’t happen to most people, but the ones it happens to usually end up having to disable their catchall or buy a new domain.
As an admin of shared mail servers you often have to base protections and actions on the worst of events, as those are the ones that threaten your infrastructure.
Haha, it's not an exaggeration. It's logs. You don't receive it because the system is constantly filtering it. I do not deem it to be worth the potential spam and many other email systems agree on that.
You are not familiar with my system or my logs, so your claim about the filtering is invalid. If some "system" outside of the receiving mail server filters it, then it's irrelevant to whether or not you offer the service.
Not sure what you mean. This isn't about your system or your logs. If you use Mango Mail, we aren't talking about any other system. I am telling you the attempted spam I see hitting MY servers.
- Business: Legit customers sometimes guess e-mails like support@, abuse@, sales@, jobs@, careers@, info@, and other language variants of these words, you may not want to set up mailboxes for all of these.
- Personal: Plus addressing doesn't work with many services but you sometimes want a single-use e-mail address to purchase something from a website and still have the receipt.
I generate one-time only email aliases to virtually every service I use. Some sort of a poor-man's hide my email from iCloud. If that email is compromised, or I start receiving spam for it, I know where it came from. This has become a vital part of my workflow, and not having it is a show stopper to me, unfortunately.
This ^. I see a lot of people are tricked by their companies to get them to come to Berlin. Then the companies get them believing that a 60k salary is generous for someone with loads of experience.
Once you get here, you realize that a lot of companies pay much more than that and you've been taken advantage from.
I've been through a situation like that in a very international team, where culture played a significant factor in how people communicate. Once people knew about their preferences, it became easier for them to collaborate.
Did you try to do some team building activities with the whole group? Sometimes getting them to connect on a more personal level gets people to open up.
Getting things done should be the correct answer for most of the times. All the code quality, design patterns, testing, and automation is done with an objective of keeping the ability to still get things throughout the life of that product.
I've seen horrible overengineered sins being done due to this "focus on code quality" for the code quality sake.
This is also close to my experience. Improving, but not there yet. Unfortunately, it will retrigger the same job with the updated version of the resources. With other CI tools, it was possible to replay the same job, with whatever inputs they took by the time they ran, with concourse it does not seem t be possible.
A practical impact of this issue is that we cannot simply reprocess a previous deploy step, with the old artifacts and inputs in a middle of an outage.
You can achieve this by clicking on a resource and hitting toggling the "power button" to off for each of the resources you don't want to include in the build.
While this may even work, it is not practical and it is a disappointing experience for a pipeline centric type of CI such as concourse.
In other tools, hitting re-run would simply replay the job, with the same state it was executed in the first run. I would expect concourse to behave similarly, but no.
I guess I'm not clear on why you would be wanting to do this so frequently that the toggle is impractical, though it's likely that I simply haven't come across this use case.
reply