1. 3

    I’m playing around with porting the RxSwing library (https://github.com/ReactiveX/RxSwing) to work on RxJava 2.

    Work wise I’m making a custom sort routing which is locale aware for C strings… The wonders of working on an embedded device without a full C standard library.

    At least I’ve gotten to brush up my C++ for the test code - and props to CppUTest for being by far the best c++ unit testing framework I’ve tried so far.

    1. 1

      Still working on rewriting a Swing Java App from old school button handlers does it all into a MVVM approach.

      For fun, I saw an article here about building your own kernel for the Raspberry Pi - as I have a few lying around, I figure I’ll try that out.

      1. 4

        Is there someone who can elaborate on why it’s seemingly a need to be able to block headless browsers from accessing sites?

        1. 4

          I’m speculating, but I suspect it’s to do with verifying that the client is driven by a “real human” for advertising and tracking purposes.

          Edit I followed some links and found this article:

          http://antoinevastel.github.io/bot%20detection/2017/08/05/detect-chrome-headless.html

          Quoting from the second section:

          Why detect headless browser?

          Beyond the two harmless use cases given previously [doing tests or taking screenshots of webpages], a headless browser can also be used to automate malicious tasks. The most common cases are web scraping, increase advertisement impressions or look for vulnerabilities on a website.

          1. 2

            Thank you for the elaboration gerikson.

            So it’s basically a few attempts at making it slightly harder to use a headless Chrome to do bad stuff. It just seems like it’s on the wrong level the attempt is being made.

        1. 2

          Looking into JavaFX, to see if it’s usable for a refresh of a UI in a Java program. Is there other frameworks out there for Java that’s more MVVM centered? (… possibly something like WPF but for Java?)

          Also working on more automatic testing for the handsets - it’s growing into a nice little system by now which can simulate a user.

          1. 2

            I’m reading a book about PostgreSQL - “Mastering PostgreSQL in Application Development” by Dimitri Fontaine - it’s to get a refresher for my SQL as I haven’t been using it for a while, and I hope to learn some of the newer features of SQL, I’ve been quite inspired by reading Markus Winands Modern-SQL.com site.

            In the fiction department, I’m about to read Dan Browns latest Robert Langdon book - Origin

            1. 21

              The fundamental problem with USB-C is also seemingly its selling point: USB-C is a connector shape, not a bus. It’s impossible to communicate that intelligibly to the average consumer, so now people are expecting external GPUs (which run on Intel’s Thunderbolt bus) for their Nintendo Switch (which supports only USB 3 and DisplayPort external busses) because hey, the Switch has USB-C and the eGPU connects with USB-C, so it must work, right? And hey why can I charge with this port but not that port, they’re “exactly the same”?

              This “one connector to rule them all, with opaque and hard to explain incompatibilities hidden behind them” movement seems like a very foolish consistency.

              1. 7

                It’s not even a particularly good connector. This is anecdotal, of course, but I have been using USB Type-A connectors since around the year 2000. In that time not a single connector has physically failed for me. In the year that I’ve had a device with Type-C ports (current Macbook Pro), both ports have become loose enough that simply bumping the cable will cause the charging state to flap. The Type-A connector may only connect in one orientation but damn if it isn’t resilient.

                1. 9

                  Might be crappy hardware. My phone and Thinkpad have been holding up just fine. The USB C seems a lot more robust than the micro b.

                  1. 3

                    It is much better, but it’s still quite delicate with the “tongue” in the device port and all. It’s also very easy to bend the metal sheeting around the USB-C plug by stepping on it etc.

                  2. 6

                    The perfect connector has already been invented, and it’s the 3.5mm audio jack. It is:

                    • Orientation-free
                    • Positively-locking (not just friction-fit)
                    • Sturdy
                    • Durable

                    Every time someone announces a new connector and it’s not a cylindrical plug, I give up a little more on ever seeing a new connector introduced that’s not a fragile and/or obnoxious piece of crap.

                    1. 6

                      Audio jacks are horrible from a durability perspective. I have had many plugs become bent and jacks damaged over the years, resulting in crossover or nothing playing at all. I have never had USB cable fail on me because I stood up with it plugged in.

                      1. 1

                        Not been my experience. I’ve never had either USB-A or 3.5mm audio fail. (Even if they are in practice fragile, it’s totally possible to reinforce the connection basically as much as you want, which is not true of micro USB or USB-C.) Micro USB, on the other hand, is quite fragile, and USB-C perpetuates its most fragile feature (the contact-loaded “tongue”—also, both of them unforgivably put the fragile feature on the device—i.e., expensive—side of the connection).

                      2. 4

                        You can’t feasibly fit enough pins for high-bandwidth data into a TR(RRRR…)S plug.

                        1. 1

                          You could potentially go optical with a cylindrical plug, I suppose.

                          1. 3

                            Until the cable breaks because it gets squished in your bag.

                        2. 3

                          3.mm connectors are not durable and are absolutely unfit for any sort of high-speed data.

                          They easily get bent and any sort of imperfection translates to small interruptions in the connection when the connector turns. If I – after my hearing’s been demolished by recurring ear infections, loud eurobeat, and gunshots – can notice those tiny interruptions while listening to music, a multigigabit SerDes PHY absolutely will too.

                        3. 3

                          This. USB-A is the only type of usb connector that never failed for me. All B types (Normal, Mini, Micro) and now C failed for me in some situation (breaking off, getting wobbly, loose connections, etc.)

                          That said, Apple displays their iPhones in Apple Stores solely resting on their plug. That alone speaks for some sort of good reliability design on their ports. Plus the holes in devices don’t need some sort of “tongue” that might break off at some point - the Lightning plug itself doesn’t have any intricate holes or similar and is made (mostly) of a solid piece of metal.

                          As much as I despise Apple, I really love the feeling and robustness of the Lightning plug.

                          1. 1

                            I’m having the same problem, the slightest bump will just get it off of charging mode. I’ve been listening to music a lot recently and it gets really annoying.

                            1. 2

                              Have you tried to clean the port you are using for charging?

                              I have noticed that Type C seems to suffer a lot more from lint in the ports than type A

                          2. 6

                            It’s impossible to communicate that intelligibly to the average consumer,

                            That’s an optimistic view of things. It’s not just “average consumer[s]” who’ll be affected by this; there will almost certainly be security issues originating from the Alternate Mode thing – because different protocols (like thunderbolt / displayport / PCIe / USB 3) have extremely different semantics and attack surfaces.

                            It’s an understandable thing to do, given how “every data link standard converges to serial point-to-point links connected in a tiered-star topology and transporting packets”, and there’s indeed lots in common between all these standards and their PHYs and cable preferences; but melding them all into one connector is a bit dangerous.

                            I don’t want a USB device of unknown provenance to be able to talk with my GPU and I certainly don’t want it to even think of speaking PCIe to me! It speaking USB is frankly, scary enough. What if it lies about its PCIe Requester ID and my PCIe switch is fooled? How scary and uncouth!

                            1. 3

                              Another complication is making every port do everything is expensive, so you end up with fewer ports total. Thunderbolt in particular. Laptops with 4 USB A, hdmi, DisplayPort, Ethernet, and power are easy to find. I doubt you’ll ever see a laptop with 8 full featured usb c ports.

                            1. 2

                              I just finished reading What If?: Serious Scientific Answers to Absurd Hypothetical Questions by Randall Munroe, which is a delightfully absurd book.

                              I also just placed a book order and I’ll get the following books to read soon:

                              Michael Sikorski “Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software” Abelson, Harold “Structure and Interpretation of Computer Programs, 2nd Edition (MIT Electrical Engineering and Computer Science)” Zalewski, Michal “The Tangled Web: A Guide to Securing Modern Web Applications” Seitz, Justin “Gray Hat Python: Python Programming for Hackers and Reverse Engineers” Perry, Brandon “Gray Hat C#”

                              So a pile of different technical books to play along with and a single fiction book:

                              Brown, Dan “Origin: (Robert Langdon Book 5)”

                              I’ve loved the previous 4 installments in the series, so I had to pick up the newest one as well :)

                              1. 5

                                As echoed by the others, if you set up some way to donate a few dollars for the server maintenance and to give a round of drinks for the moderator team every now and then, I’ll be happy to chip in.

                                1. 1

                                  It’s a bit short on advice on how to avoid these pit falls.

                                  Is there any good books that uses this reverse approach?

                                  1. -1

                                    Calling that an “optimization” is hilarious. The standard says that it does not specify what happens on a null call and the LLVM compiler writers have made the nutty determination that they can then assume there is no UB in the code.

                                    1. 1

                                      Actually given all the extra work they have put into static warnings and UBSan….

                                      Actually they are doing the right thing.

                                      Admittedly In several places I believe the standards committee should just have had the balls to define a behaviour… which is one of the things I like about D.

                                      1. 1

                                        One of the weird thing about the standard is that the committee says that non-portable code is a core part of C


                                        1. C code can be non-portable. Although it strove to give programmers the opportunity to write truly portable programs, the Committee did not want to force programmers into writing portably, to preclude the use of C as a “high-level assembler;’’ the ability to write machine-specific code is one of the strengths of C. It is this principle which largely motivates drawing the distinction between strictly conforming program and conforming program. ( http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1250.pdf )

                                        And then it goes and tosses non-portable code into UB.

                                        1. 1

                                          Even though I work with C in my day job, I always thought it’s nothing short of fucking bonkers that compiler writers are so focused on synthetic benchmarks that we have somehow come to accept, that of course this makes sense when it so clearly doesn’t.

                                      1. 5

                                        Wouldn’t it make sense to do a general BSD tag instead, and merge {Net,Open,Free} BSD into that? It’s usually easy to deduce which BSD it’s from, based on who’s posting it ;)

                                        1. 13

                                          I disagree. See this discussion.

                                          1. 12

                                            I strongly disagree for a common BSD tag and expressed that when the NetBSD tag was suggested here: https://lobste.rs/s/n5vowd/new_tag_suggestion_netbsd

                                            I am all for adding a DragonFlyBSD tag.

                                            1. 3

                                              m-o o-n, that’s how you spell unix.

                                            1. 4

                                              Writing a whole lotta test cases at work and reworking a lot of my material for a computer networking course I’m teaching. so if any of you know about great youtube videos about networking theory / nice graphics / other things I might be able to use, I’d appreciate a link and I’ll buy you a beverage of choice if we ever meet ;)

                                              1. 1

                                                All I could think of while reading this was “wow, Java is or used to be really problematic.”

                                                1. 3

                                                  Can you be more specific?

                                                  At least the optimization itself would be applicable to many programming languages: Setting a good initial size for a container.

                                                  1. 0

                                                    Amen. Makes me happy millenials killed it (along with its bastard companion XML).

                                                    1. 15

                                                      Java is alive and well. I have no idea how you come to the conclusion it was killed.

                                                      1. 0

                                                        Java is dead in the sense C++ is dead. Once dominant, now one of the languages used by increasingly old guard. Of course there are still projects in Java, and even likely some people coding applets for old times sake.

                                                        But you can ignore Java at this point without handicapping your career.

                                                        1. 6

                                                          I am working for start-ups in the Bay Area and I can tell you that java is very much alive and well and used for new things every day. Nobody writes GUI apps in it anymore, but in the back-end it is widely popular.

                                                          1. 3

                                                            People do tons of new projects in C++ too. Still nothing like its heyday mid-90s.

                                                          2. 3

                                                            But you can ignore Java at this point without handicapping your career.

                                                            I agree with you, but I can’t think of a language that’s not true of. There are a lot of language ecosystems that don’t overlap much if at all - Java, Ruby, Python, .NET, Rust, Erlang…

                                                            1. 3

                                                              I think if you don’t have some level of understanding the level of reasoning that C works at, that can be a bit of a handicap, at least from a performance standpoint. Though that’s less of a language thing than it is about being able to reason about bytes, pointers and allocations when needed.

                                                              1. 0

                                                                That wasn’t true say 15 years ago. Back then if you wanted to have professional mobility outside certain niches, you had to know Java.

                                                                1. 2

                                                                  I’m going to respectfully disagree. 15 years ago, you had Java, and you had LAMP (where the “P” could be Perl, PHP, or Python), and you had the MS stack, and you still had a great deal of non-MS C. After all that, you had all the other stuff.

                                                                  Yes, Java may have been the biggest of those, but relegating “the MS stack” to “certain niches” perhaps forgets how dominant Windows was at the time. Yes, OSX was present, but it had just come out, and hadn’t made any significant inroads with developers yet. Yes, Linux was present, but “this is the year of Linux on the desktop” has been a decades-long running gag for a reason.

                                                                  1. 1

                                                                    MS stack was in practice still C++/MFC at the time, and past its heyday. The dotcom boom dethroned desktop, Windows and C++ and brought Java to prominence. By 2000, everyone and their dog were counting enterprise beans: C++ was still massive on Monster, but Java had a huge lead.

                                                                    Then Microsoft jumped ship to .NET and C++ has not recovered even since. In mid-90s you were so much more likely to land a job doing C++ vs plain C; now it’s the opposite.

                                                                    My karma shows I hurt a lot of feelings with my point, but sorry guys Java is in visible decline.

                                                                    1. 1

                                                                      Oh, my feelings weren’t hurt, and I don’t disagree that Java is in decline. I merely disagree with the assertion that, 15 years ago, you had to know Java or relegate yourself to niche work. I was in the industry at the time. My recollection is that the dotcom boom brought perl and php to prominence, rather than java.

                                                                      Remember that java’s big promise at the time was “run anywhere”. Yes, there were applets, and technically servlets, but the former were used mostly for toys, and the latter were barely used at all for a few years. Java was used to write desktop applications as much as anywhere else. And, you probably recall, it wasn’t very good at desktop applications.

                                                                      I worked in a “dotcom boom” company that used both perl and java (for different projects). It was part of a larger company that used primarily C++ (to write a custom webserver), and ColdFusion. The java work was almost universally considered a failed project due to performance and maintenance problems (it eventually recovered, but it took a long time). The perl side ended up getting more and more of the projects moving forward, particularly the ones with aggressive deadlines.

                                                                      Now, it may be that, by 15 years ago, perl was already in decline. And, yes, java took some of that market share. But python and ruby took more of it. A couple years later, Django and Rails both appeared, and new adoption of perl dropped drastically.

                                                                      Meanwhile, java soldiered along and became more and more prominent. But it was never able to shake those dynamic languages out of the web, and it was never able to make real inroads onto the desktop. It never became the lingua franca that it wanted to be.

                                                                      And now it’s in decline. A decline that’s been slowed by the appearance of other JVM languages, notably scala (and, to a lesser degree, clojure).

                                                          3. 6

                                                            Incidents of Java in my life have only increased as my career has, I’m quite certain Java is far from dead and we’re all the worse for it. I’ve even worked for “hip” millennial companies that have decided they needed to switch to Java.

                                                            1. 5

                                                              Java is still alive and kicking, having a language that has proven itself to be good enough with a rich ecosystem with different vendors having implemented their own JVM, we’re all the worse for that because?

                                                        1. 2

                                                          I’ve been using Dia but it’s just a free version of Visio + upnp mappers. Sadly still manual work.

                                                          1. 4

                                                            Playing around with Nancy, which while a bit too magical for my tastes, (Like, a lot of dynamic in C# smells of someone wishing it was Ruby.) is probably the best experience I’ve had for C# webdev. ASP.NET Web Forms is a bit strange, but since that point it’s been seemingly non-stop churn especially in the MVC front. It doesn’t seem like a stable place to build an application, which is a shame.

                                                            1. 3

                                                              Unless you want to be hosting an ASP.NET application on non-Windows, ASP.NET MVC 6 is the way to go still, I would say. There’s too much churn on .NET Core to base anything critical on it.

                                                            1. 3

                                                              For work I’m in the progress of breaking up a Java application into more manageable pieces - it’s written as C with Java syntax, so I’m slowly reworking it piece by piece to become easier to maintain, as it’s obviously ridden with a whole lot of globals and logic in button handlers.

                                                              For fun times, I’m working on a minimal FTP client in Java to help me teach a course in the autumn semester.

                                                              1. 2

                                                                Is it only for me that I get an SSL error due to a seemingly self signed certificate? - or is this on purpose?

                                                                1. 4

                                                                  It’s not only you. It is on purpose.

                                                                  You’ll have to trust tedu a little if you want to read his blog. ;-)

                                                                  1. 2

                                                                    I don’t know if my browser got the right cert, but the information presented on the page I got certainly seems to be correct (i.e. matches commits I’ve seen on source-changes@).

                                                                    1. 3

                                                                      Of course there’s no reason to assume you’re getting the same information as anyone else.

                                                                      1. 1

                                                                        True :)

                                                                    2. 1

                                                                      It’s on purpose.

                                                                      Unfortunately lobste.rs deliberately doesn’t let users hide all posts from particular domain. Any chance of a broken-ssl tag, or a policy to disallow links with dodgy certificates like this?

                                                                      1. 6

                                                                        It’s not a broken or dodgy cert. The difference is the trust model that @tedu is using. He is asking users to put trust in him vs a CA (https://www.tedunangst.com/flak/post/moving-to-https - I know you can’t see it without the cert). The important part is this:

                                                                        Yesterday, reading this page in plaintext was perfectly fine, but today, add some AES to the mix, and it’s a terrible menace, unfit for even casual viewing.

                                                                        The difference now is that your browser paints a terrifying UI vs rendering stuff with a cert it doesn’t know about.

                                                                        The model he is using is similar to SSH’s “Trust on first use” but with a few extra steps to cope with the UI that operates via the “Trust anything from these guys, they are totally OK, right? RIGHT?” model.

                                                                        Anyway, here is the cert, a sha256 sum and its sha256 fingerprint of it if you feel like importing it into your browser:

                                                                        -----BEGIN CERTIFICATE-----
                                                                        MIID2TCCAsGgAwIBAgIJAJIn/VMsBJrpMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
                                                                        BAYTAlVTMQswCQYDVQQIDAJQQTEXMBUGA1UECgwOdGVkdW5hbmdzdC5jb20xGjAY
                                                                        BgNVBAMMEWNhLnRlZHVuYW5nc3QuY29tMSIwIAYJKoZIhvcNAQkBFhN0ZWR1QHRl
                                                                        ZHVuYW5nc3QuY29tMB4XDTE3MDcxMzIzNTMwNloXDTIxMDQwODIzNTMwNlowczEL
                                                                        MAkGA1UEBhMCVVMxCzAJBgNVBAgMAlBBMRcwFQYDVQQKDA50ZWR1bmFuZ3N0LmNv
                                                                        bTEaMBgGA1UEAwwRY2EudGVkdW5hbmdzdC5jb20xIjAgBgkqhkiG9w0BCQEWE3Rl
                                                                        ZHVAdGVkdW5hbmdzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
                                                                        AQC3uH7heRPPoxNFbhmHBbXzMqEClGxtEPaqVi6/owmviK5Yk7AvQ4ro5F740znk
                                                                        fwno8tj5RPjDUpIBJkpBKBdTg23pHZOHAmioK11g0V6E8GIebKHvQi/iI/NCIRtq
                                                                        +hfMCrwsfdX5lOE9HJyaiamdXrDUR1PNA4G7EEUamnVQqOT9+Y7Bbh2qaxvJ6bjw
                                                                        43ytgzbDYUAFrsAiAzydPqX+FSQBTrB+pea2MEzNuevZFmBMdGUfvIHTmnp+PmUD
                                                                        r/flLsDKaMNZL8HK4KydI0eInrTuoI9kd+Zu3L4ZmQVOTt7XV0ezHsROrqOxwpqd
                                                                        9a1DCVXvOnuHuN7UwgYZIQ/XAgMBAAGjcDBuMAwGA1UdEwQFMAMBAf8wHgYDVR0e
                                                                        BBcwFaATMBGCDy50ZWR1bmFuZ3N0LmNvbTAdBgNVHQ4EFgQUkrTp53Wxxq82rhLk
                                                                        ltMCZGIQRQ0wHwYDVR0jBBgwFoAUkrTp53Wxxq82rhLkltMCZGIQRQ0wDQYJKoZI
                                                                        hvcNAQELBQADggEBAKIOxuH4fMiiZXgL6ABUIzpmDWNQVYN89svUwezAOGbs8WV1
                                                                        rTzoGBVoKwsXoiCI49nWdKaVMdOfoKUgmq2TrF3mST7+D/py+4XPPiJwcekOlwJ0
                                                                        LJT41D1urH2YyGRz9vNFLeFmgwvQLExqWbOhPRG0YOoGR5W41JtVOyTsll6Z0qbQ
                                                                        jkWBj/g5g8slVISfCKP7pH3CVmEUGbbZd5FiUrR+WDP9XOrPDsneX4/XkbLZ+ZNH
                                                                        Z+RxNGlJ6txIQcSTmtsQqHTLdKRoAWT7YxmvPB9pfZ8bDsRSNjohF0QkxM0Y9qxf
                                                                        Xf7xlhGJs7KkNn4LteI5vwjf+9U6Wtbm/Vr5MsU=
                                                                        -----END CERTIFICATE-----
                                                                        
                                                                        SHA256 (ca-tedunangst-com.crt) = 049673630a4a8d801a6c17ac727e015fbf951686cdd253d986e9e4d1a8375cba
                                                                        
                                                                        SHA-256 Fingerprint	AA DD 6D 06 88 7B 36 60 67 56 00 AB D0 76 FB B4
                                                                        			3C 60 10 14 5D AB 4D 39 06 F8 24 08 4B 14 D2 BE
                                                                        

                                                                        I have also signed this message using my pgp stuffs. I guess this means we have a lobste.rs based web of trust using the Comments protocol?

                                                                        The real question in all of this shouldn’t be “why is @tedu using broken / dodgy certs”, it should be: Who do you trust more?

                                                                        Raw post / sig: https://deftly.net/lpost.txt https://deftly.net/lpost.txt.asc

                                                                        PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE

                                                                        1. 3

                                                                          I wouldn’t mind importing the CA, but how well does the name constraint work in Firefox?

                                                                                  X509v3 extensions:
                                                                                      X509v3 Basic Constraints: 
                                                                                          CA:TRUE
                                                                                      X509v3 Name Constraints: 
                                                                                          Permitted:
                                                                                            DNS:.tedunangst.com
                                                                          

                                                                          This is actually cool if it works!

                                                                          1. 4

                                                                            Should work in all “modern” browsers. I did some testing to confirm. There’s a lot of stackoverflow answers that it doesn’t work, but most of them are old. They do make it difficult to find out.

                                                                            1. 1

                                                                              Edge seems to not like it - though I am not 100% sure I imported the cert into the correct store.

                                                                              1. 5

                                                                                Definitely works with edge. It has to go into the “Trusted Root CA” store, not the “Third-Party Root” store, or any of the other dozen. If you let it pick on its own, I have no idea where it goes. Fun times. You should get yet another warning that you’re about to do something terrible and dangerous. If you don’t see the scary message, you didn’t put it in the scary place. :) You can add it for just your user, not the whole machine.

                                                                          2. 2

                                                                            It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA). I have no interest in importing some random blogger’s CA into my browser or adopting some manual CA import process in the general case (I’m willing to support efforts at a practical web of trust system - I actually used the monkeysphere addon for a while, but it now seems defunct). I would expect most security-conscious readers to feel the same. As such, I’d like to be able to filter sites like this out of my lobste.rs frontpage.

                                                                            1. 4

                                                                              It is a dodgy cert, or at least the only reasonable/practical security posture is to treat it as one (if it were a legit cert there would be no reason not to have it cross-signed by a reputable CA).

                                                                              Why is tedu’s cert any more dodgy than what you get from all those reputable CA’s that have made sure governments can MITM you at will?

                                                                              1. 2

                                                                                A CA that had been caught doing that would present the same way as tedu’s CA. Should browsers be stricter than they are? Maybe, but even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.

                                                                                1. 2

                                                                                  Do you trust ssh fingerprints when you ssh into a machine? Do you use pgp?

                                                                                  1. 2

                                                                                    Do you trust ssh fingerprints when you ssh into a machine?

                                                                                    There are about 2 machines I ever ssh to over the public internet, for which I confirmed the fingerprints manually.

                                                                                    Do you use pgp?

                                                                                    I use PGP for email exchanges with a small number of personal friends, who I confirmed fingerprints with in person.

                                                                                    1. 3

                                                                                      Isn’t that the same trust model as using tedu’s cert?

                                                                                      I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done - you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)

                                                                                      I will give ya that pgp is a bit different, but only for manually verified fingerprints. I am willing to bet that the vast majority of people using pgp for things like validating mails / releases of packages use the “Trust on first use” model.

                                                                                      1. 2

                                                                                        I assume you manually confirmed the fingerprints via ssh-keygen or similar, how ever it was done

                                                                                        I mean I visited those specific physical machines and confirmed the fingerprints on their consoles.

                                                                                        you have put some trust in someone (either the CA / people who bundle the CAs for the web-terminal you are using, or that your connection isn’t mitm’d in the first place)

                                                                                        Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”. Browser makers and CAs both have a lot more skin in the game than some guy with a website.

                                                                                        1. 3

                                                                                          Sure. I trust the overall bundle-of-CAs, and that’s not ideal. But there’s at least some accountability in that system in a way that there just isn’t for “tedu”.

                                                                                          This is where the tedu model shines! You aren’t being asked to trust “tedu” beyond anything that isn’t already under the control of tedu, and, no third parties involved. I feel like a lot of the accountability problems fall by the way side when you are operating on an individual-site-level of trust vs a here-are-the-sites-we-trust model.

                                                                                          1. 2

                                                                                            No, I’m being asked to trust the public network path from me to… well, who knows where? Verifying that the site I see the second time is the same as the site I saw the first time is the easy part (and something that, in this age of HKPK, browsers are doing even in the CA world). Verifying the first time one visits is important too though.

                                                                                  2. 2

                                                                                    A CA that had been caught doing that would present the same way as tedu’s CA.

                                                                                    I don’t see how anyone could know this with absolute certainty. Can you provide a proof for this claim?

                                                                                    1. 2

                                                                                      I’m not sure what your “absolute certainty” point is? What you see when you go to tedunangst.com is a site with a certificate signed by a CA that’s not in your browser’s trusted roots - this is exactly what you get when you go to sites from CAs that were caught helping governments MitM and have therefore been removed from your browser’s trusted roots (currently only WoSign).

                                                                                      1. 2

                                                                                        I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.

                                                                                        How can anyone know that all of the CAs in their browser will never break the rules you describe, such that CAs wll never, knowingly or unknowingly, validate a certificate they have no business validating?

                                                                                        However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.

                                                                                        1. 1

                                                                                          I don’t know any of the people who add CAs to my browser, and I don’t know any of the people operating the CAs.

                                                                                          I don’t either, but they are at least public figures that have some accountability that way. If Mozilla or VeriSign shipped a bad certificate, there’s at least a chance that people would notice and make a fuss, and that there would be financial consequences for those organizations (as we’ve already seen with WoSign). If tedu (who I don’t know either) shipped a bad certificate, who would know or care?

                                                                                          However, I could actually validate and store tedu’s cert if I wanted to. Which means I could get more secure access to his blog than to my bank’s website.

                                                                                          How so? You can validate and store any site’s certificate if you want to, CA signing just gives you an additional level of validation. Indeed if a site is using HPKP then your browser will already be doing a trust-on-first-use style of validation on subsequent visits - just with additional verification on the first use.

                                                                                          1. 1

                                                                                            Doesn’t HPKP imply that the TLS trust model is admittedly so broken that it needs a workaround at the HTTP layer? What about TLS for, say, email? Will all applications using TLS have to solve this problem which TLS was intended to solve?

                                                                                            I have not read about TLS 1.3 yet. Maybe the new edition has fixed this?

                                                                                            1. 2

                                                                                              The TLS model is fine. HPKP gives the super-paranoid folks a way to get what they want without breaking compatibility with the rest of the system, that’s all.

                                                                                              Authentication probably needs application-layer components, because only the application can really define the security model. Drop-in encryption at the transport layer only goes so far. Web browsers align nicely with domain names; ssh aligns nicely with Unix user accounts, but other domains require their own models.

                                                                                    2. 1

                                                                                      A CA that had been caught doing that would present the same way as tedu’s CA.

                                                                                      Caught? By governments?

                                                                                      They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.

                                                                                      even if I don’t think the bar for inclusion in the browser is as high as it should be, I’m sure as hell not going to trust a CA that hasn’t met it.

                                                                                      Can you guess one of the requirements for meeting that bar?

                                                                                      1. 2

                                                                                        Caught? By governments?

                                                                                        Caught by browser vendors, or by anyone who published evidence.

                                                                                        They’re all compromised, because governments really really want to compromise them, and no one wants their life fucked up for standing up to them.

                                                                                        If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency. WoSign was caught and will never be trusted again. Maybe some governments could be keeping a few compromised CAs in the back pocket and using them occasionally for strictly targeted attacks against individuals, but even that’s risky. And principled people do exist, and any ongoing compromise would risk bumping into one sooner or later.

                                                                                        Can you guess one of the requirements for meeting that bar?

                                                                                        Oh FFS. Speak clearly or not at all; I have no interest in playing games.

                                                                                        1. 1

                                                                                          Oh FFS. Speak clearly or not at all; I have no interest in playing games.

                                                                                          I thought it was clear that making it possible for governments to MITM people was the requirement I was referring to.

                                                                                          On a related note, not bothering happy cartel members with actual competition is one of the requirements for a banking or ISP licence.

                                                                                          If governments were systematically issuing bogus certificates we’d’ve caught them by now, given certificate transparency.

                                                                                          What’s “certificate transparency”?

                                                                                          WoSign was caught and will never be trusted again.

                                                                                          Looks like WoSign was caught being compromised by some random criminals or something - not governments. If that’s the case, WoSign isn’t relevant to our discussion.

                                                                                          Maybe some governments could be keeping a few compromised CAs in the back pocket

                                                                                          Maybe? You know there’s always a bunch of psychopaths everywhere, happy to receive bribes/benefits for shafting all of mankind, and if that’s not an option, they can just directly force some people to make it happen.

                                                                                          What would you expect? “Oh gosh, we sure would LOVE to see all that traffic, but it’s encrypted so I guess there’s nothing whatsoever we can do about it ever!!”

                                                                                          1. 1

                                                                                            Looks like WoSign was caught being compromised by some random criminals or something - not governments.

                                                                                            I think in practice it makes very little difference. The intentions are the same.

                                                                                            1. 0

                                                                                              I think in practice it makes very little difference. The intentions are the same.

                                                                                              I wonder if you genuinely believe that. But no, the intentions are completely different.

                                                                                              The government won’t MITM you to get your money - they just take your money by force every year anyway.

                                                                                              Instead, the government wants to MITM you so that they can identify you as a potential threat to their continued rule over everyone, and move to neutralize the threat if necessary.

                                                                                  3. 4

                                                                                    I like to think that I am a security conscious user. I met @tedu in person and I trust his self signed certificate more than a third party emitted certificate. Would I trust him signing a cert for gmail? No. I do not however see a problem with him self signing a certificate for his own site.

                                                                                    On the other hand, there was more than one occurrence of a ‘trusted’ CA signing domains without due diligence and our browsers didn’t warn us about that. The CA model is f—ed and broken.

                                                                                    1. 3

                                                                                      certificate authorities are not always trust worthy.

                                                                              1. 3

                                                                                Currently I’m reading a single book;

                                                                                The Indisputable Existence of Santa Claus by Dr Hannah Fry, Dr Thomas Oléron Evans

                                                                                Enjoyable, let’s abuse math to explain christmas book.

                                                                                1. 1

                                                                                  … horrifying? Sorry, this is super rough.

                                                                                  1. 1

                                                                                    The intended audience is people who need to choose a licence and have no idea what the relevant choices are.

                                                                                    There might be additional specific requirements, which make the choice harder or easier. For example, if you want to submit your code to the D standard library, you must use the Boost licence. For the wizard, I do not care for such specific constraints.

                                                                                    The goal is not to provide an overview over all licences.

                                                                                    Care to elaborate what horrifies you the most?

                                                                                    1. 1

                                                                                      Yeah it says it’s a wizard but I’m not seeing any way to answer the questions and return a suggestion. Maybe it doesn’t work on mobile Safari? Looks more like a short FAQ.

                                                                                      1. 1

                                                                                        You have to press the line you find appropriate in the grey box… It’s not very obvious and I only found out because I accidentally clicked when I tried to scroll on my phone.

                                                                                        1. 1

                                                                                          I’m the author.

                                                                                          Good point. I should change the style so they look like buttons instead of bullet points.

                                                                                          Edit: Done. Should work on mobile now.

                                                                                      1. 1

                                                                                        I’m planning to get back to working on my little side project in the form of a mutation test generator for the .NET platform.

                                                                                        There shouldn’t happen to be anyone who has a good reference for the IL language?