16 Jan
2023
16 Jan
'23
7:36 p.m.
On Mon, Jan 16, 2023 at 20:25, Scott Howard
It's actually a pretty important security feature.
Well, I agree that there's a security problem; browsers' security models shouldn't allow client-side scripts to connect out to random other places, RFC1918-numbered or otherwise, and even if they do the internal devices shouldn't be vulnerable to default-credential attacks. However, fixing problems like those in the DNS seems ludicrous. We are creating a class of edge devices constrained by hardware vendors and (in places where they supply the hardware) carriers. This was the model we replaced with the Internet. We shouldn't be in the business of reinventing it. Joe