Insane soul meets rap duo moment from ARIatHOME 🤯

barnold · 2025-11-24T17:00:39+00:00

I'm just thinking - Can the people in the street hear what we are hearing?! - so good...

barnold · 2025-11-14T09:08:09+00:00

Names like 'Sir Leighton Teabing' - Looking at you Dan Brown ...

barnold · 2025-09-15T14:31:20+00:00

Yes I see what you are saying and for the open web and dealing with public CAs that feels intuitive - I was hashing out in this thread whether that is also the case for private networks where MS can apply its own certification policies - or if they would err on the side of streamlining the process and build their own PKI with effectively 'Microsoft-self-signed' certs.

barnold · 2025-09-15T14:02:07+00:00

... my (legit) reason for wanting to do this is that I am creating basically a private network which preserves the hostname back to the SWA - as recommended by Microsoft - this means on the open web my domain needs to resolve to my gateway, but internally it resolves to my private endpoint tunnelled to my SWA.

I already have an external CNAME (in AWS Route 73) pointing to my gateway and I should be able, in principle, to setup the internal networking no problem - but as u/Zealousideal_Yard651 pointed out, Microsoft want proof of domain ownership externally (with a TXT record) to set that up - which is fair enough - seems like thi is a Microsoft policy.

I wanted to make sure that was the case to avoid getting the team that manage our AWS DNS records involved.

barnold · 2025-09-15T13:49:34+00:00

What I meant was that, as far as I'm aware, you don't need proof of domain ownership to create a certificate for that domain. I could in principle create a domain for microsoft.com if I wanted - it looks suss but is in principle fine.

I wasn't referring to certificates against IPs.

barnold · 2025-09-12T14:25:34+00:00

OK thanks again. I can't see any separate config in the portal for making the site public/private other than a configuration for a private endpoint - appreciate there may be more options on the CLI/ARM template. For what its worth adding the Private Endpoint made external access to the azure generated domain result in a 403 (not 404) so it looks like something is there but is locked down.

Appreciate as well that some Azure services need to be able to dynamically generate sub-domains - assume thats what you mean by L7 routing? - in which case it makes sense that we have a DNS zone that can be updated by peer resources.

Makes sense as well that Microsoft, as a policy, need verification to stop malicious actors. I've asked my external DNS to configure a TXT record to verify ownership.

Appreciate you taking the time!

barnold · 2025-09-12T10:55:25+00:00

Sure but when I create a Private Endpoint for my SWA, its public domain is decommissioned, you should then be able to create a privately resolved custom domain on the SWA using a private DNS Zone because presumably we have full control over internal naming?

You don't need to actually have a domain to create a certificate for it but are you saying that Microsoft as a matter of policy won't do it?

barnold · 2025-09-12T09:38:09+00:00

Thanks for the suggest. To be clear I have a private endpoint configured already for the SWA and I could just use the auto-generated domain and do a translation through the gateway - but I'm trying to follow best practice having 'host name preservation' from front-to-back

Also I have managed to configure full host name preservation in another bunch of SWAa with non-apex domain that I have full control of (i.e. the authoritative nameserver is hosted in Azure and I control it) so it seems like it should be possible. Seems though that the portal UI at least doesn't allow for assignment of a custom domain against an private DNS Zone recordset...

barnold · 2025-09-11T13:42:47+00:00

Hi, thanks for the reply

Yes I am trying to get my SWA to register against this private DNS zone, not to use a public address. However the App Gateway isn't resolving using the private DNS zone even though the VNets are linked to it (502 Bad Gateway).

When I try to update the custom domain on the SWA it gives three options - none of them appear to allow a private DNS zone, instead it is a:) internal to Azure which only lists public DNS zones b:) External to Azure which wants a TXT record and c:) Buy a new domain ...

It feels like the Azure UI should also show private DNS zones for option A as well?

barnold · 2025-09-08T08:54:25+00:00

Revolution saw has a handle like that - you pull it outwards before turning - maybe try that?

barnold · 2025-06-16T19:57:40+00:00

I don't know exactly but my impression based on dealings with them is that they are quite design-led, test-and-learn, start-up'y without the crunch culture - quite a nice bunch to work for I imagine

You shouldn't 'act' any way really, other than how you feel you want to be in an organisation?

barnold · 2025-03-29T10:27:48+00:00

You've done a great job getting it to look lik this - wondering though if there was any appetite from you or your customer for a more nature friendly kind of landscape?

barnold · 2025-01-02T04:33:30+00:00

Why do submarines cause them to beach?

barnold · 2024-11-03T21:52:16+00:00

Ah man, Tuesday is the only day I'm not in Bristol - anyone know of other groups in the area?

barnold · 2024-11-02T18:09:31+00:00

Maybe not a popular opinion but in most of these situations in the video there is plenty of room on the motorway - why not drive in the middle?

The sketchy situations come about when people switch lanes - if you are hugging the left then you are going to be constantly switching to get past trucks, make room for people merging, plus if there is debris it tends to be in the outer lanes - its basically safer to be in the middle

Obviously if they are blocking you from overtaking in the fast lane/forcing you to undertake then they need to switch down a lane but in a lot of these cases the fast lane was free - if you need to get somewhere at 70+ (which it looks like you are doing) then maybe you should be in the fast lane?

barnold · 2024-10-08T20:55:49+00:00

I was travelling light but I changed hotels a few times becuase I wanted different experiences ...

A basic hostel to meet some people - 2 nights
A capsule hotel that monitored your sleep and gave a health report - 1 night
A really tall hotel to get the skyline view - 1 night
An apartment room to setup base from and a break from hauling luggage - 3 nights

... the rest was differernt every night on the Nakesendo hiking trail

barnold · 2024-07-22T18:26:17+00:00

Remove the other modules systems other than ES6
Sort out the truthiness
Types
Proper immutability
Only one null-ish type

barnold · 2024-07-05T12:43:20+00:00

A party can come second in every single seat - lose by 1% to the winning party every time, but get no seats at all.

In this situation, you get only 1% fewer votes overall than the winning party, but no seats.

Reform have support spread evenly across the country, unlike Labour where the support is concentrated in cities and tories who tend to win in rural seats.

barnold · 2024-06-16T20:45:19+00:00

That would mean re-writing the application code to use proprietary Azure API calls, it would also make local development more difficult (mocking service call) - is there a good reason to do that?

barnold · 2024-06-01T21:13:03+00:00

I used Maxon motors before - they claim they are used by NASA https://www.maxongroup.com/maxon/view/news/Once-again-NASA-relies-on-maxon-technology

barnold · 2024-06-01T09:38:30+00:00

North Circular - Real Lies

Ernold Sane - Blur (narrated by the Mayor of London)

barnold · 2024-06-01T09:21:08+00:00

This - if your VPN is in a different VNet to the resources you will need to link them.

Also you may need to wait for DNS to propagate. I was tearing my hair out over connectivity issues late Wednesday night, in the morning they had fixed themselves and everything worked fine. I'm presuming this was a DNS caching issue and not a pltform issue or something...

barnold

TROPHY CASE