Robert Alexander's Tech Blog
Robert Alexander's Tech Blog
Robert Alexander
A personal blog featuring nuanced deep dives into tech, security, and the cloud.
Latest Posts
The internal TLD ICANN recently reserved .internal for private use, sanctioning the use of the TLD for ad-hoc purposes. The decision solidifies .internal for this role, which it has long supported, albeit on unofficial capacity. The...
td, th { padding: 0.6em; border: 1px dashed #ccc; text-align: center; } In this post, I audit several prominent mail providers to discover how they handle email encryption and show how MTA-STS can help improve email security. Background...
Challenges of free domain registration Since 2012, Freenom acted as the domain name registrar for several free top level domains including .cf, .ga, .gq, .ml, and .tk. Unfortunately, at the start of 2023, it was pretty clear that Freenom...
I wrote my first blog post 10 years ago using Jekyll as a framework. I didn’t love the process. It took quite a bit of work to get something I liked. I felt like I was promised a quick-and-easy solution but found that I was sinking an...
I’ve been building a directory of RSS feeds which has quickly grown to over a thousand feeds. To build the directory, I wrote a web crawler (open source) which fetches each feed, parses it to collect metadata, identifies OPML blogrolls,...
img { max-width:15em; padding: 1em; } RSS and other web feeds are a great way to keep track of articles published by your favorite blogs. But feed discovery remains challenging. Some recent work in this space opens up new opportunities....
I’ve been thinking a lot about the type of software I want to build and use. I spend so much of my screen time using large feature-heavy software, which are one-size-fits-none at best or outright hostile. I’m left frustrated, distracted,...
div.indent { padding-left: 3em; } The certificate authority (CA) system does an incredible job of solving an impossible challenge. Think about it. The CAs measure control of a domain name and then issue TLS certificates that pair...
body { max-width: 80em; } td { padding: 0.5em; text-align: left; } td.good { background-color: #cdc; } thead td { font-weight: bold; } tbody td { border: 1px solid #ddd; } table { padding-bottom: 3em; } HTTP Strict Transport Security...
td { padding: 0.5em; text-align: center; } td.price { text-align: end; } td.good { background-color: #cdc; } td.bad { background-color: #dcc; } thead td { font-weight: bold; } tbody td { border: 2px solid #ddd; } table { padding-bottom:...
Background For the last couple months I’ve been fanatic about understanding why HTTPS adoption on private networks is so poor, and so poorly implemented. I believe the challenge comes down to poor usability of the ACME certificate...
Abstract The X.509 Name Constraints extension is a powerful way to limit a certificate authority (CA) to only issue certificates for specific TLDs or domain names. Unfortunately, Google Chrome doesn’t currently enforce name constraints...