For those that never looked at the CT logs: https://crt.sh/?q=ycombinator.com (t...

Eikon · 2025-12-15T16:08:12 1765814892

Shameless plug :)

https://www.merklemap.com/search?query=ycombinator.com&page=...

Entries are indexed by subdomain instead of by certificate (click an entry to see all certificates for that subdomain).

Also, you can search for any substring (that was quite the journey to implement so it's fast enough across almost 5B entries):

https://www.merklemap.com/search?query=ycombi&page=0

TacticalCoder · 2025-12-16T00:12:11 1765843931

Not 100% related but not 100% not-related either: I've got a script that generates variations of the domain names I use the most... All the most common typos/mispelling, all the "1337" variations, all the Levenhstein edit distance of 1, quite some of the 2, etc.

For example for "lillybank.com", I'll generate:

    llllybank.com
    liliybank.com
    ...

and countless others.

Hundreds of thousands of entries. They then are null-routed from my unbound DNS resolver.

My browsers are forced into "corporate" settings where they cannot use DoH/DoT: it's all, between my browsers and my unbound resolver, in the clear.

All DNS UDP traffic that contains any Unicode domain name is blocked by the firewall. No DNS over TCP is allowed (and, no, I don't care).

I also block entire countries' TLD as well as entire countries' IP blocks.

Been running a setup like that (and many killfiles, and DNS resolvers known to block all known porn and know malware sites etc.) since years now already. The Internet keeps working fine.

chuckadams · 2025-12-15T17:09:29 1765818569

Any insights you can share on how you made search so fast? What kind of resources does it take to implement it?

Eikon · 2025-12-15T19:26:56 1765826816

Most of merklemap is stored on ZeroFS [0] and thus allows to scale IO ressources quite crazily :)

[0] https://github.com/Barre/ZeroFS

jddj · 2025-12-15T20:16:52 1765829812

> Watch Ubuntu boot from ZeroFS

Love it

rendaw · 2025-12-16T07:59:33 1765871973

How does ZeroFS handle consistency with writes?

Eikon · 2025-12-16T12:39:54 1765888794

If you use 9P or NBD it handles fsync as expected. With NFS, it's time based.

https://github.com/Barre/ZeroFS#9p-recommended-for-better-pe...

rendaw · 2025-12-16T14:22:38 1765894958

Oh awesome! I was searching for consistency, but I guess durability is the word used for filesystems. Thanks!

rendaw · 2025-12-16T07:56:37 1765871797

The first page of results doesn't include ycombinator.com. I get `app.baby-ycombinator.com`, `ycombinator.comchat.com`, everything in between.

Substring doesn't seem like what I'd want in a subdomain search.

Eikon · 2025-12-16T12:31:30 1765888290

> Substring doesn't seem like what I'd want in a subdomain search.

Well, if you want only subdomains search for *.ycombinator.com.

https://www.merklemap.com/search?query=*.ycombinator.com&pag...

nerdsniper · 2025-12-15T20:24:10 1765830250

Thank you!!! Needed exactly this at work.

Eikon · 2025-12-15T20:44:01 1765831441

Glad it was helpful!

1vuio0pswjnm7 · 2025-12-15T17:26:39 1765819599

Considering how it must be getting hammered what with the "AI" nonsense, it's interesting how crt.sh continues to remain usable, particularly the (limited) direct PostgresSQL db access

To me, this is evidence that SQL databases with high traffic can be made directly accessible on the public internet

crt.sh seems to be more accessible at certain times of the day. I can remember when it had no such accessibility issues

miki123211 · 2025-12-15T20:16:20 1765829780

It is not usable.

It's the only website I know of where queries can just randomly fail for no reason, and they don't even have an automatic retry mechanism. Even the worst enterprise nightmares I've seen weren't this user unfriendly.