upvote

points

by gjsman-10004 hours ago |
comments
upvoteby jacobgkau3 hours ago|
[-]
> For anyone hand-wringing over this, this used to be normal.

People editing hosts files for other reasons was normal (a long time ago-- and it stopped being normal for valid reasons, as tech evolved and the shortcomings of that system were solved). A program automatically editing the hosts file and its website using that to detect information about the website visitor is not the same thing; that usage is novel and was never "normal."

reply
upvoteby wtallis3 hours ago|
parent|
next
[-]
In particular, manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped, and certainly by the time Windows actually had a built-in networking stack. And it was always a red flag for a local app to mess with the hosts file.
reply
upvoteby anvuong2 hours ago|
parent|
next
[-]
Obsolete? My team has an onboard document that spells out lines that needed to be add to host file so they can access internal resources. These are machines directly bought/rented and maintained by the team, so we prefer to use host files instead of going through the company DNS, which is maintained by an entirely different team.
reply
upvoteby 2 hours ago|
parent|
[-]
deleted
reply
upvoteby jeffbee3 hours ago|
parent|
prev|
[-]
> manually editing the hosts file was a mostly-obsolete practice by the time the first version of Windows shipped

This claim strikes me as obviously wrong.

reply
upvoteby AnthonyMouse2 hours ago|
parent|
prev|
[-]
Programs adding entries to the hosts file is still pretty normal, e.g. if something that uses a local webserver as its UI and wants you to be able to access it by name even if you don't have an internet connection or may be stuck behind a DNS server that mangles entries in the public DNS that resolve to localhost.
reply
upvoteby mikkupikku1 hours ago|
parent|
[-]
Programs like that should just be shipped with good documentation. And applications built to be used by normies should almost certainly never be built that way in the first place.
reply
upvoteby AnthonyMouse19 minutes ago|
parent|
[-]
That seems like a pretty reasonable way to write a small cross-platform application which is intended to be a background service to begin with. You only have to create the UI once without needing to link in a heavy cross-platform UI framework and can then just put an HTTP shortcut to the local name in the start menu or equivalent. Normies can easily figure that out specifically because you're not telling them to read documentation to manually edit their hosts file.

There are also other reasons to do it, like if you want a device on the local network to be accessible via HTTPS. Getting the certificate these days is pretty easy (have the device generate a random hostname for itself and get a real certificate by having the developer's servers do a DNS challenge for that hostname under one of the developer's public domain names), but now you need the local client device to resolve the name to the LAN IP address even if the local DNS refuses to resolve to those addresses or you don't want the LAN IP leaked into the public DNS.

Or the app being installed is some kind of VPN that only provides access to a fixed set of devices and then you want some names to resolve to those VPN addresses, which the app can update if you change the VPN configuration.

reply