I think what the author is saying is akin to that old joke about a broken machine that nobody at the company can fix.

They bring in a high priced consultant who spends a few minutes looking at the machine, reaches in and pushes a switch and suddenly the machine starts working.

When the manager gets the invoice, he calls the consultant demanding an explanation for why it cost so much. After all, the consultant only spent a few minutes looking and then flipped one switch.

The consultant offered to send a more detailed invoice and the manager received one that said:

- Flipping a switch: $1 - Knowing which switch to flip: $999

In other words, the writing of the code is like flipping the switch. It’s the rest of “coding” that’s difficult.

The definition section of the amendment defines a "relevant VPN service":

>“relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;

I think it would be a significant stretch to say that a provider that provisions a VPS instance is a "business providing a virtual private network".

Just because you could run a VPN, it's not the VPS provider that is offering a VPN service.

I think it will successfully strech that far (especially after VPN provders move into VPS to avoid) not least because no-one but the provider could be held responsible.

I don't understand what "VPN providers move onto VPS to avoid" means? Can you clarify?

I can't see how they could apply it to VPS providers without meaning AWS, GCP, Digital Ocean, etc would all start having to do age verification checks. Can't imagine here would not be a massive push back against that.

I meant VPN providers offer VPS as a substitute.

I think they would include AWS and the pushback would be ineffective. Many AWS users could be immediately age-verified by existing payment card info.

By VPS, I mean a generic compute instance that can run whatever you want. Like a Linux instance. I'm not sure what you mean by "VPN providers offer VPS as a substitute" in that context.

Paying by card isn't enough to verify age. They'd have to specifically verify via passport or other ID.

> Paying by card isn't enough to verify age.

It is in UK.

Ofcom, the media regulator, has set out a number of ways websites can verify the age of users, external, including through credit card checks ...

https://www.bbc.co.uk/news/articles/c1k81lj8nvpo

No, it’s more fundamental than fair use. Fair use is a defence to a copyright infringement. It’s an argument that, yes, I did violate the copyright of the creator, but my violation should be allowed.

The issue here is, what are creators allowed to own and control. It’s about the fundamental question of what copyright gives the creators control over.

Does creating a picture mean you own the right to its description? And you have the right to prevent anyone else from describing your picture?

Does creating a movie give you the right to its novelization? I think the answer would be yes. With that in mind why wouldn't creating a picture give you the right to its description (subject to fair use)

In general i think fair use serves as a good balance for these types of questions.

> Does creating a movie give you the right to its novelization?

Go to imdb and see some of plot summaries there. Is that what you call "novelization"? Are you going to sue that site?

> Is that what you call "novelization"?

No, because that's not what the definition of novelization is. By novelization i mean when someone makes a novel version of a movie.

The point im trying to make here is we regularly expect translations from one medium to another to be copyrighted, so why is this different?

> Are you going to sue that site?

No, because i believe it to be a pretty text book example of fair use.

Sailboats, except for the smallest ones, usually have a motor and propeller to move without relying on wind.

But there's no evidence in the OP's post that they have, in fact, discovered the domain. The only thing posted is that there is a GET request to a listening web server.

The OP and all the people talking about certificates are making the same assumption. Namely that the scanning company discovered the DNS name for the server and tried to connect. When, if fact, they simply iterate through IP address blocks and make get requests to any listening web servers they find.

I really doubt CloudFlare gives them an IPv4 and they can see all the logs for said IPv4

OP states that the domain was discovered

No they didn't. They said "How did the internet find my subdomain?" They're assuming the internet found their subdomain. They don't provide any evidence that happened, just that they found their IP address.

The OP is misunderstanding what's happened, based on what's been posted. The OP has a server with an IP address. They're seeing GET requests in the server's logs and is assuming people have found the server's DNS name.

In fact, the scanners are simply searching the IP address space and simply sending GET requests to any IP address they find. No DNS discovery needed.

Are you sure that’s the case? IP addresses != domain, so I’m getting bots are including the Host header in their requests containing the obfuscated domain.

My guess is OP is using a public DNS server that sells aggregated user requests. All it takes is one request from their machine to a public machine on the internet, and it’s now public knowledge.

That entirely depends on whether the GET requests were providing the (supposed to be hidden) hostname in the `Host` header (and potentially SNI TLS extension).

This is a pretty naive take on both product delivery and restaurants.

I’m guessing the strain on the spooled end is less and you want the end most likely to detach close to the ground where you might be able to reattach it, vs in the drone where it would fall to the ground and be unfixible.

The whole concept is unfixable. Once the fibre comes out, it's not going to go back in. It's that deadly combination of fragile and cheap. Just unpack a new drone and off you go. Don't spend a week (and 10 casualties going into the grey zone to collect it) winding it back up only to find it's broken in the middle.

No, it's a one-time use kamikaze device. The fiber intentionally, continuously, invisibly drifts to the ground.

The drone contains explosives. You really do not want it to come back to you in one piece.

Cables drones would (and likely do) make better relays than as attack drones. A relay drone flies out to the horizon and relays the LoS signals to an attack drone flying over the horizon from the perspective of the base station.

The relay then gets to spend far more of its power budget on the relay-drone segment and has a very low power relay-base segment. Relay drones also perform surveillance while they're on station. Better bandwidth to the base station from a "wired" connection means a higher fidelity feed or potentially additional cameras to cover a wider area.

The consequence, problem is ending up with long strands of basically invisible fibers everywhere. But that is a problem to solve later. After the defeat of Russia.

Yeah, but we can freely buy and eat chocolate Kinder eggs.

OTOH, how many children got Kinder Eggs ~without~ knowing that there was a small plastic toy inside? That was kind of the whole gimmick.

Also, there have been 9 reported deaths worldwide that have been linked to choking on the toy inside a Kinder Egg. 7 Children in the US die ~every day~ from being shot. It seems pretty clear to me which one is a bigger issue.

Hey, I'm not American, I just wish our food adulteration laws were as comprehensive as theirs.

I have two teens. It doesn’t go away.