← Back to context

Comment by CaptainOfCoit

4 months ago

I think it's somewhat tribal webdev knowledge that if you host user generated content you need to be on the PSL otherwise you'll eventually end up where Immich is now.

I'm not sure how people not already having hit this very issue before is supposed to know about it beforehand though, one of those things that you don't really come across until you're hit by it.

27 comments

CaptainOfCoit

Reply
no_wizard  4 months ago

I’ve been doing this for at least 15 years and it’s the first I heard of this.

Fun learning new things so often but I never once heard of the public suffix list.

That said, I do know the other best practices mentioned elsewhere

  • foobarian  4 months ago

    First rule of the public suffix list...

    • no_wizard  4 months ago

      I think what gets me more is I don't see an easy way to add suffixes to the list. I'm sure if I dig I can figure it out but you'd think given how its used they'd have an obvious step by step guide on the website

      3 replies →

nickjj  4 months ago

Besides user uploaded content it's pretty easy to accidentally destroy the reputation of your main domain with subdomains.

For example:

    1. Add a subdomain to test something out
    2. Complete your test and remove the subdomain from your site
    3. Forget to remove the DNS entry and now your A record points to an IP address

At this point if someone else on that hosting provider gets that IP address assigned, your subdomain is now hosting their content.

I had this happen to me once with PDF books being served through a subdomain on my site. Of course it's my mistake for not removing the A record (I forgot) but I'll never make that mistake again.

10 years of my domain having a good history may have gotten tainted in an unrepairable way. I don't get warnings visiting my site but traffic has slowly gotten worse over time since around that time, despite me posting more and more content. The correlation isn't guaranteed, especially with AI taking away so much traffic but it's something I do think about.

bo0tzz  4 months ago

The Immich domains that are hit by this issue are -not- user generated content.

  • CaptainOfCoit  4 months ago

    They clearly are? It seems like GitHub users submitting a PR could/can add a `preview` label, and that would lead to the application + their changes to be deployed to a public URL under "*.immich.cloud". So they're hosted content generated by users (built application based on user patches) on domains under their control.

    • bo0tzz  4 months ago

      I'm the guy that built the system, lol. Labels can only be added by maintainers, and the whole system only works for PRs from internal branches.

      1 reply →

fn-mote  4 months ago

Clearly they are not reading HN enough. It hasn’t even been two weeks since this issue last hit the front page.

I wish this comment were top ranked so it would be clear immediately from the comments what the root issue was.

tonyhart7  4 months ago

so its skill issue ??? or just google being bad????

  • yndoendo  4 months ago

    I will go with Google being bad / evil for 500.

    Google 90s to 2010 is nothings like Google 2025. There is a reason they removed "Don't be evil" ... being evil and authoritarian makes more money.

    Looking at you Manifest V2 ... pour one out for your homies.

    • lucideer  4 months ago

      Don't get me wrong, Google is bad/evil in many ways, but the public suffix list exists to solve a real risk to users. Google is flagging this for a legit reason in this particular case.

      1 reply →

    • tonyhart7  4 months ago

      downvoted for saying truth

      many google employee is in here, so I dont expect them to be agree with you