From the article: When you turn on Funnel, we create public DNS records for your node.tailnet.ts.net name that points to a set of ingress servers we operate around the world, and then we give those servers very limited access to your tailnet.
The funnel relays do SNI-based routing to the target machine in your tailnet, and that machine does the TLS termination. We use the initial TLS handshake to route the connection, but after that it's just opaque bytes to us. You can verify this in the client's source code, and use CT logs to see that there are no additional issued TLS certs beyond the one your end-machine created.
The Cloudflare Bandwidth Alliance is fundamentally a publicity tool for cloud vendors. Because most partners still haven't fulfilled their promises (including the founding members who joined in 2018). Their status is always something like "all bandwidth between X and Cloudflare will be free of charge in the upcoming months". Until one day some of them quit the alliance, such as DigitalOcean (IPO) and Linode (acquired by Akamai). So, just don't trust any of those alliance members.
I’d like to know the context this information is being shown in. Isn’t hide my email receive only? Who would be seeing this header except the person in control of the alias? Can anyone untrusted see it?
As it stands, this looks like an incoming message which has been assigned a thread ID on your domain for _your_ reference, rather than any information going outward
No, there're two ways to send messages from Hide My Email addresses: 1. reply to an incoming message; 2. select "Hide My Email" option when composing a new message via any of Apple's mail apps.
> Who would be seeing this header except the person in control of the alias? Can anyone untrusted see it?
Any recipient can see it, the screenshot is from one of my Gmail mailboxes.
> As it stands, this looks like an incoming message which has been assigned a thread ID on your domain for _your_ reference, rather than any information going outward
It was an outgoing message from my Custom Email Domain address to one of my Gmail addresses using the Hide My Email feature, which was supposed to *hide* my Custom Email Domain address.
The idea behind Mosh is almost perfect. Unfortunately, it's just a proof-of-concept project that has not been maintained for years. Although it has met my daily needs, I'm still looking for a better alternative because of some known bugs.
I had hoped on draft-bider-ssh-quic [1], but unfortunately it was marked as "no longer active".
Mosh isn't proof of concept. And it's not not maintained either. It's just "done" (in my opinion).
Not all software needs to continually change. There is the concept of software that does one thing, and does it well.
THAT BEING SAID... if your complaint is regarding the SSH agent forwarding, I might be convinced to maintain a fork with that, and only that problem being addressed. :) That one's personal to me, and I've been meaning to poke at it since... well before it was released to the outside MIT community.
It’s stable, but that doesn’t mean feature complete, no release in over four years in spite of various fixes / github commit activity. Additionally the support for jumpbox/bastion pass through have been languishing even longer than that (https://github.com/mobile-shell/mosh/pull/696)
> Go.dev is a companion website to golang.org. Golang.org is the home of the open source project and distribution, while go.dev is the hub for Go users providing centralized and curated resources from across the Go ecosystem.
This description doesn't feel so accurate anymore.
And the fact is that this move will make the official Go language sites more fragmented and confusing. At least for me.
