<aerth>
i wonder how many domains have a record to 127.0.0.1 ...🤔
griff_ has quit [Ping timeout: 264 seconds]
strugee has joined #sandstorm
<CcxWrk>
Few might, they are generally blocked by public resolvers though, same as the private ranges.
<TimMc>
Hmm? I've encountered any number of domains that resolve to private ranges.
<TimMc>
Sometimes if you poke around at a company's DNS and try to guess domain names, you'll find some that resolve to 10.* addresses.
<CcxWrk>
Luring users to a domain which has local-range subdomains to probe them and avoid CSP has been well-established attack vector. This won't be blocked everywhere of course, but it's not uncommon.
<TimMc>
There's also DNS rebinding, which some home routers protect against, but I think they only protect against the *change* from public to private range IPs... definitely messes with our work VPN though. :-P
<isd>
TimMc: re: sandstorm's on-disk size, I wonder if all of that is actually pulled in at startup time; I recently pushed a patch that generates source maps, so at least the client side original source is still included even though it's not what's executed (the minified version is)
<TimMc>
Ah, interesting.
<isd>
I don't know off hand whether the server is actually hitting all those files or is minified. But, as mnutt points out, startup time for Sandstorm itself is less of a concern, since it doesn't shut off when you walk away for 90 seconds.
<mnutt>
yeah I haven't (re)started sandstorm in so long that I couldn't even tell you how long it takes
<TimMc>
I'm just thinking of on-disk size, and how many of those files must be duplicates. Actually, I can check that...
<isd>
There is actuall a command npm dedup, which maybe we should run.
xet7 has quit [Quit: Leaving]
<TimMc>
Hahaha, the most common hashes of non-tiny files are all from... licenses.
<isd>
That's unsurprising.
<TimMc>
In retrospect, yes.
<TimMc>
Just checking sandstorm/latest for *.js files over 500 bytes, there are 18 copies of postcss-value-parser, but no more than 6 copies of anything else.