I use ProtonVPN for everything, and I’ve started noticing more and more sites simply blocking me if I try to connect to them through ProtonVPN. As much as it sucks, I’ve more or less become acclimated to having to deal with an increased number of captchas while using a VPN; but I’m pretty angry about being blocked...
Literally everybody does SSH wrong. The point of host keys is to exchange them out-of-band so you know you have the right host on the first connection.
And guess what certificates are.
Also keep in mind that although MS and Apple both publish trusted root lists, Mozilla is also one of, if not the, biggest player. They maintain the list of what ultimately gets distributed as ca-certificates in pretty much every Linux distro. It’s also the source of the Python certifi trusted root bundle, that required by requests, and probably makes its way into every API script/bot/tool using Python (which is probably most of them).
And there’s literally nothing stopping you from curating your own bundle or asking people to install your cert. And that takes care of the issue of TOFU. The idea being that somebody that accepts your certificate trusts you to verify that any entity using a certificate you attach your name to was properly vetted by you or your agents.
You are also welcome to submit your CA to Mozilla for consideration on including it on their master list. They are very transparent about the process.
Hell, there’s also nothing stopping you from rolling a CA and using certificates for host and client verification on SSH. Thats actually preferable at-scale.
A lot of major companies also use their own internal CA and bundle their own trusted root into their app or hardware (Sony does this with PlayStation, Amazon does this a lot of AWS Apps like workspaces, etc)
In fact, what you are essentially suggesting is functionally the exact same thibg as self-signed certificates. And there’s absolutely (technically) nothing wrong with them. They are perfectly fine, and probably preferable for certain applications (like machine-to-machine communication or a closed environment) because they expire much longer than the 1yr max you can get from most public CAs. But you still aren’t supposed to TOFU them. That smacks right in the face of a zero-trust philosophy.
The whole point of certificates is to make up for the issue of TOFU by you instead agreeing that you trust whoever maintains your root store, which is ultimately going to be either your OS or App developer. If you trust them to maintain your OS or essential app, then you should also trust them to maintain a list of companies they trust to properly vet their clientele.
And that whole process is probably the number one most perfect example of properly working, applied, capitalism. The top-level CAs are literally selling honesty. Fucking that up has huge business ramifications.
Not to mention, if you don’t trust Bob’s House of Certificate’s, there’s no reason you can’t entrust it from your system. And if you trust Jimbo’s Certificate Authority, you are welcome to tell your system to accept certificates they issue.
But you only really need one to say it’s authentic. There are levels of validation that require different levels of effort. Domain Validation (DV) is the most simple and requires that you prove you own the domain, which means making a special domain record for them to validate (usually a long string that they provide over their HTTPS site), or by sending an email to the registered domain owner from their WHOIS record. Organization Validation (OV) and extended verification (EV) are the higher tiers, and usually require proof of business ownership and an in-person interview, respectively.
Now, if you want to know if the site was compromised or malicious, that’s a different problem entirely. Certificates do not and cannot serve that function, and it’s wrong to place that role on CAs. That is a security and threat mitigation problem and is better solved by client-based applications, web filtering services, and next-gen firewalls, that use their own reputation databases for that.
A CA is not expected to prevent me from hosting rootkits. Doesn’t matter if my domain is rootkits-are.us or totallylegitandsafe.net. It’s their job to make sure I own those domains. Nothing more. For a DV cert at least.
Public key cryptography, and certificates in particular, are an amazing system. They don’t need to be scrapped because there’s a ton of misunderstanding as to its role and responsibilities.
9% of 3 is easier to estimate because you know it’s “almost 10% of 3”. Or, since 10-1==9, you could think of it as (10% of 3)-(1% of 3) and get the right answer using some other shortcuts. Humans being generally pretty good at base10, this is easy to figure out in your head as (0.3 - 0.03) and get 0.27.
Or, you could do what another commenter suggested and “3% of 9” can broken down as (3/100)•(9/1), becomes, (3•9) / (100•1), becomes 27/100, becomes 0.27. And that can be simplified as xy/100.
Different tools for different jobs. Base10 tricks are good for stuff like figuring out, say, a 15% or 20% tip, because you can easily figure out a 10% tip just by moving the decimal one space to the left, and add half of that (for 15) or double it (for 20). Or half and half again for (almost) 18%. xy/100 is a good trick for figuring out small percentages like sales tax (unless you’re in a place like Mass where it’s 6.25 and you gotta change it now to 625y/10000. At that point I’d just estimate at 6 in my head, or if I had to solve it mentally do (6y100) + ((1y100)/4).
What is flirting but a good conversation with some complimenting and occasional teasing?
I really wish when I was younger people hadn’t put the title of “flirting” on having a fun conversation with people of the opposite sex, and put it on the checklist of getting a date. If people had just said “be yourself and try to have fun”, around all intersections (and not just as cheesy dating advice when talking about the opposite sex) I probably would’ve been a lot more successful in forming relationships in my teenage years.
When was it economically viable to replace hand-sewn lumber with lumber mills?
Then they went and made portable electric saws. What a world!
And then electric drills! And laser levels!
Remember paper ledgers and abacuses? Ever hear of Microsoft Excel?
We keep making tools that always increase productivity and reduce time and cost. It’s Constant incremental progress, and on a large scale it’s great because it frees up (human) resources to focus on new industry and technology, which furthers the CIP. On the micro scale, there may be a small number of temporarily displaced workers as jobs shuffle around and workers re-skill.
But at this particular intersection of technology, we are at a pretty bad spot. We are on the verge of massive progress in multiple industries, and wealth has concentrated in the elite classes. “Temporarily displaced workers” won’t have the capital to re-skill or invest their own resources into new industry. This is bad.
Hell I saw fridges with Android screens and I’m like hell naw. I did get a smart one so I can get notifications if the kid leaves the door open and so I can track power consumption over time without sticking a kill-a-watt in a really tough spot. But the Android systems they put in fridges feel obsolete on the showroom floor. Absolutely embarrassing, and probably completely useless after about 4 or 5 years when Android stops supporting the SoC and when you stop getting root certificate updates and start getting SSL errors on every page and app.
Last time, I used: “Anybody need anything while I’m out?” and that went over well. May not make it through this surgery on Friday, so I turn to Lemmy for top-notch suggestions for my potential last words!
Probably so they could keep an eye on the toenails on the non-operating foot.
There’s a reason they tell you not to wear nail polish before surgery. The nailbeds are one of the best ways to detect cyanosis caused by low oxygen levels in blood.
I’d imagine a “control foot” is probably preferential, and it’s easier to keep an eye on the other foot during surgery than it is to keep an eye on their fingernails.
I’ve honestly been using Linux on and off for nearly 25 years, and daily the past 6 or so…and somehow just found out about this, and now my life is changed.
Funny story, specifically on the name “Idaho”, from Wikipedia’s article on the state, “Etymology” Section:
The name’s origin remains a mystery.[9] In the early 1860s, when the U.S. Congress was considering organizing a new territory in the Rocky Mountains, the name “Idaho” was suggested by George M. Willing, a politician posing as an unrecognized delegate from the unofficial Jefferson Territory.[10] Willing claimed that the name was derived from a Shoshone term meaning “the sun comes from the mountains” or “gem of the mountains”,[11] but it was revealed later that there was no such term and Willing claimed that he had been inspired to coin the name when he met a little girl named Ida.[12] Since the name appeared to be fabricated, the U.S. Congress ultimately decided to name the area Colorado Territory instead when it was created in February 1861, but by the time this decision was made, the town of Idaho Springs, Colorado had already been named after Willing’s proposal.
The same year Congress created Colorado Territory, a county called Idaho County was created in eastern Washington Territory. The county was named after a steamship named Idaho, which was launched on the Columbia River in 1860. It is unclear whether the steamship was named before or after Willing’s claim was revealed. Regardless, part of Washington Territory, including Idaho County, was used to create Idaho Territory in 1863.[13] Idaho Territory would later change its boundaries to the area that became the U.S. state.[14]
Most retail nut milk is actually mixed with a variety of gums and other texture enhancers.
Fresh, homemade oat milk is actually really easy to make by that process, but store-bought oat milk needs to have consistent flavor and texture/mouth-feel. So there is a bit more that goes into it.
This is also true of other non-dairy milks. That’s why I only use Trader Joe’s or Westsoy shelf-stable soy milk for making yogurt. No gums.
What can we do about major sites blocking VPN providers?
I use ProtonVPN for everything, and I’ve started noticing more and more sites simply blocking me if I try to connect to them through ProtonVPN. As much as it sucks, I’ve more or less become acclimated to having to deal with an increased number of captchas while using a VPN; but I’m pretty angry about being blocked...
Article 45 Will Roll Back Web Security by 12 Years (www.eff.org)
The panzer has spoken (sh.itjust.works)
You also found them really attractive too (lemmy.world)
Hey OpenAI (feddit.it)
no window (feddit.de)
US student, 14, wins award for developing soap to treat skin cancer (www.theguardian.com)
Heman Bekele was inspired by Ethiopian workers laboring under the sun, and wanted to help ‘as many people as possible’...
The value of 9/11 is collapsing in front of our eyes (lemmygrad.ml)
I'm into resting (lemmy.world)
What's an amusing thing to say before going under general anesthesia?
Last time, I used: “Anybody need anything while I’m out?” and that went over well. May not make it through this surgery on Friday, so I turn to Lemmy for top-notch suggestions for my potential last words!
What is the name of your cleaning robot?
What name have you chosen for your robot and why?...
Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?
One chestnut from my history in lottery game development:...
Best daily use Tips for Desktop Linux, that make life easier but are not well known? (itsfoss.com)
There are many Distros out there, but what they all do is make useful and modern systems....
What are your favorite names?
What are some of your favorite out of the ordinary names from history, religion, or fiction? Could be the name of a person, animal, place, etc....
MIT device could free those with type 1 diabetes from insulin injections and pumps (www.techspot.com)
Deal or no deal? (loot.buckodr.ink)
May as well buy burgers in the US, since you already paid for most of it through taxes! (lemmy.world)