-
Thank you for using (and explaining) the name constraint extension. It’s a really useful feature for cases like this one. You point it out as odd that the certificate itself mandates the constraints (instead of the user) and I agree that user control would be an interesting (advanced!) feature here. But with a parent node in a chain of trust, I’d say it makes sense again. Especially given that every certificate you can get these days is not generated by you but for you, with all data and attributes created and modified on your behalf.
Having said that and understanding your reluctance to rely on a third-party (i.e., a real CA) for your availability, I personally can’t find a way to accept this as a valid concern. Isn’t it very hypothetical?
-
I like to compare to the ssh model, which isn’t perfect either, but is often simpler and fails in more predictable ways. When I add a key to known_hosts, I specify the hostname and the key. But doing so doesn’t automatically mean I trust that key for all the other hostnames embedded within it (of which there aren’t any, but you see the point.) In my opinion, asking a user to inspect a cert and make sure it only does what it says it does is high risk and prone to failure. If you inspect the cert I’ve provided with the right tools, you can asses what it does, though of course I could also misspell (perhaps with Unicode) some fields, or toss an inconspicuous but quite powerful dot in somewhere. Making the user enter the name of the site they trust it for would be much safer. We’ve tried to make things “easy”, but the end result is a system that’s actually incredibly difficult to use safely.
I don’t think my concerns are hypothetical. Not too long ago: https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html
We can point our fingers at OCSP in this case, but I think that’s in sufficiently close proximity to justify concerns about systemic fragility.
I did try LE back when they started, but was rejected because my email was “malformed” which isn’t the problem you think. It wasn’t because I had a plus in it. It’s because I don’t have an A record for my domain. I only need an MX record. So that’s two problems. One observed by lots of people, and a second (quite minor) one that I personally experienced. When people tell me to try it because “it just works” I’m skeptical because I’ve seen it not work. I’m picking on LE, but I have little reason to believe they are outliers in this regard.
-
I like to compare to the ssh model, which isn’t perfect either, but is often simpler and fails in more predictable ways. When I add a key to known_hosts
I think the problem starts here. Most people seem to be interested in transport encryption and not authenticity, i.e. they care more about not being spied upon than the fact if Bob really is Bob. I’d argue that’s why everybody just says yes to “add key to known_hosts” or “do you want to trust this cert”. But this my opinion as a layman.
What I like about the SSH model is that it comes with cert pinning built-in but then again, I normally have control over boxes I ssh in so I know when host keys changed, but I will never be in a position to know if it’s ok that the cert for e.g. Amazon changed. So what we would need is maybe something like OpenBSD key rotation where my current cert also knows about the next cert and my browser can check if a new cert is actually ok. Question remains how to built trust on your first visit and what about homoglyphs…
I sometimes feel like checking the authenticity of a given 3rd party entity on the internet is a lost cause.
-
I’d love it if the general public could be relied on to know the difference between transport encryption and authenticity.
For use-cases like “is this the real amazon.com, is this really my credit union”, authenticity continues to be important. I agree that it’s far less important for blogs, or for my own favorite transport-encryption example - not leaking your webmd history to MITMs.
-
-
Or give your insurance company evidence to deny a claim for preexisting conditions (fairly or not).
-
Absolutely but I think most people are more concerned about somebody spying on them than about running into an imposter / MITM thus they click away the error so they can get to the content. Funny enough I think this is a statement about how nice humanity actually is because we are not expecting that a stranger is going to rip us off at first sight.
-
I think that’s the hacker bubble; most non techies I know are much more frightened of having their credit cards stolen.
-
-
-
I don’t want to leave the impression that I think authenticity is unimportant. But I have grown the impression that our subconsciousness wants to believe imposters are nothing but a product of our fantasies and for good reasons, imagine a world in which we would constantly question the authenticity of the information provided. I doubt it would be a nice place to live in.
Thus I think a solution that involves user interaction is destined to fail. But I am starting to be way off-topic.
-
-
-
Making the user enter the name of the site they trust it for would be much safer. We’ve tried to make things “easy”, but the end result is a system that’s actually incredibly difficult to use safely.
I’m also not sure why user-specified and cert-specified would be mutually exclusive. Using the intersection of them would make perfect sense. This way, a root certs can claim it’s valid for anything, but I might want to trust it only for
*.blah.com.It is somewhat annoying that this sort of scoping is available in my adblocker, but not in my TLS trust model.
-
-
From what I understand, most CA’s today wont just cross sign a customer CA though. Doing so would in fact likely get them marked as untrusted in most browsers I imagine. Combined with (based on my readings) somewhat spotty support for name constraints, the best you can hope for today seems to be either flashing lights and klaxons (self signed cert warnings), or hoping for the best and installing/trusting the signing private CA (many corporations do this for internal uses).
-
-
Is this truly what the world has come to?
Productivoty gains by writing Dockerfiles, config and shell scripts, when any sane framework and/or standard library gives you the tools to mock things.
Like why would a local developer want redis?
Leave the hall.
-
-
-
This is exactly where docker helps.
-
-
Not at all. You can run a different district. Everything is duplicated and you only have the exact versions specified.
-
I’m sorry, I mentioned libraries but this is not what I really had in mind. (I also assume that autocorrect changed “distro” to “district” in your reply). I’m concerned about platform-specific issues like path lengths, characters allowed in file names, kernel APIs, low-level system stuff (e.g. OOM killer).
If the problem statement is: developers (and production) use different environments then the solution would be to make them use the same environment. I use VMs to achieve that and my impression is that virtualized environments are closer to “identical” than containers.
-
characters allowed in file names
Funny you should mention that. I ran into exactly this sort of a problem last week, where Docker, (which uses the host’s FS) couldn’t differentiate between files that differ only by case on MacOS’s case-insensitive-by-default filesystem. As a result, the state of my system running on Docker was significantly different from that on an Ubuntu machine, even with everything else (libraries, etc.) being the exact same.
That being said, I still find Docker very useful for quickly spinning up an instance of something on my Mac. But in the future, I’ll think more carefully about where the abstraction ends and the host starts mattering.
-
-
-
-
-
-
-
-
Simply put: if environments don’t match, mistakes get made.
I’ve seen it time and time again - to give some examples: local dev using a mocked out in memory cache, prod using memcached/redis; or local dev using SQLite and prod using Postgres. Mistakes get made due to overlooking the differences between implementations.
No mock is as perfect as the real thing and it’s much nicer finding issues in development than at deploy time.
-
-
local dev using SQLite and prod using Postgres
I was in a similar situation (but with MySQL instead of Postgres). We were getting failure in production that we couldn’t reproduce in development. It seemed as if the program was trying to insert data into a column of the wrong type. This is how I learnt that SQLite does dynamic typing which is code for “we don’t care about column types”.
-
-
-
redis is not only a good replacement of memcached, it is a great pub/sub server, a leaderboard and has a geoip api. I need redis in development because I use redis to implement features that use the apis that redis provide.
On the other side, even if am not a huge fan of docker, docker is useful in many cases. For example I use Void Linux and OpenBSD as my desktop operating systems. In one of our client we store data in riak. riak is not available in Void Linux, neither in OpenBSD. Thanks to docker I can easily run riak in docker.
-
-
Shady Characters: The Secret Life of Punctuation, Symbols, and Other Typographical Marks.
It is quite a revelation to me how a lot of the typographical marks we use in programming (mostly as metacharacters) originated. For example, the ampersand (&) can be traced back all the way to an abbreviation of “et” in a shorthard notation used by the secretary of Cicero.
This book lays out the history of several such characters in an engaging and enjoyable way. Also, it has very well-done typography itself. Would recommend.
I started researching the GitHub APIs that would be relevant to implement something like this a few months ago, but I’m really hesitant to sink a lot of investment into GitHub and its accompanying monopoly in my free time.
I’ve moved a bunch of my personal projects over to GitLab, but they’ve been doing stupid stuff like refusing to render static repository content without whitelisting Javascript, or telling my my two-week-old browser is unsupported because it’s outdated, so … not a lot of motivation to invest in that ecosystem either.
This. I noticed the mandatory JS for rendering nonsense too. I really want to like GitLab, and have tried multiple times to use them as my main, but to me the UX is just inferior to GitHub. The UI is sluggish and feels very bloated.
It’s been a while since I’ve given up on GitLab for the time being, and have been self-hosting Gitea. Now Gitea uses JS too, but also works quite well without it. And it’s nowhere near as slow as GitLab.
Well, GitLab for all its faults doesn’t hijack my Emacs key bindings to do idiotic shit like “bold this thing in markdown” (which was already only two keystrokes to begin with; why are you adding a shortcut for something I never do on ctrl-b that I use all the time?) so I wouldn’t say GitLab has quite sunk to that level yet.
Interesting. That’s a fair point; though GitHub’s editor isn’t the first to do that. I hadn’t noticed it with GitHub mainly because I use Vimium in Firefox, Evil in Emacs, and bspwm; so I rarely use Emacs-style bindings but I agree that could be frustrating.
Does exwm’s simulation keys work around the issue, or does GitHub’s in-browser binding take precedence?
EDIT: There’s also
xkeysnail, though it does require running as root.EDIT2: It seems like running
xkeysnailas root may not be necessary if the user has access to input devices. On Arch (or any distro withsystemd >= 215) that can be achieved by adding the user to theinputgroup (see here and here).EDIT3: The Emacs-keybinding extension may be another option, though apparently it only works in macOS. There’s also shortkeys but I haven’t tried either one.
If you’re editing text, Ctrl-B for bold (or Ctrl-F if you’re in Germany) should be expected. Editing text means Word keybindings, not Emacs bindings.
This also means Ctrl-I for italic (or Ctrl-K in Germany) and Ctrl-U for underlined (this one is actually the same).
I strongly disagree, at least on a Macintosh, where all native text entry widgetsobey the Emacs keybindings. Web garbage that arrogates system functionality to itself, hijacking my chosen platform experience for a poor copy of some other system is noxious, and broken.
I just tried in the macOS Notes app and ctrl+b makes the text bold. The Pages app does the same, ctrl+b makes the text bold. These are two native text entry applications developed and provided by Apple themselves.
No, you are pressing cmd. Control is reserved for motion.
That’s the problem of your system then – the browser explicitly exposes Ctrl, Alt, Meta. If your keyboard does not offer these, either your browser, OS, or keyboard has to map between these and the actual keys.
Users on all other systems (aka 99.5% of users) expect Ctrl-B (or Ctrl-F) to create bold text.
No, users on Macs expect their modifier keys to respect platform convention – Emacs keybindings for movement,
cmdfor meta. To assume otherwise is disrespectful.So what do you suggest? Breaking keybindings for all windows and linux users instead?
No, use the proper keybindings for the platform that the user is using.
So how do you suggest to do that without using heuristics on the useragent?
I’d be interested in your implementation of a JS function that returns the correct set of modifiers and keys to use for the bold shortcut. And which works reliably.
Currently, the browser doesn’t expose this, so everyone gets the most commonly used solution.
????
What I want to know is how you’re commenting from 1997. Just hang tight, in a couple years two nerds are gonna found a company called Google and make it a lot easier to find information on the internet.
Using the proper modifier depending on platform? The browser should expose “application-level modifier” say, for bold, and that would be ^B on X11/Windows and Super-B for Mac.
The browser isn’t exposing this, though. The best chance is sniffing the user agent and then using heuristics on that, but that breaks easily as well.
100 - 99.5 != 12.8, your assumption is off by a factor of 25.
You’re right. Lord I’m an idiot.
Ctrl+bon my Mac goes back a character in both macOS Notes and Pages, as it does everywhere else.Cmd+bbolds text (as also it does everywhere else).In general, Macs don’t use the Ctrl key as a modifier too often (although you can change that if you want). They usually leave the
readlinekeybindings free for text fields. This seems to be by designThose of us who use emacs to edit text expect editing text to imply emacs keybindings.
Some of us expect them everywhere, even.
If it was a rich text WYSIWYG entry, I’d be 100% agreed with you. (I would also be annoyed, but for different reasons.)
But this is a markdown input box. The entire point of markdown is to support formatted text which is entered as plain text.
It’d be great if we had a language server protocol extension for code review + a gerrit backend. I started taking a look at this a few months ago (I work mostly in Gerrit now) but didn’t have the bandwidth for actually prototyping it. It seems like an obviously good idea, though having to use git hampers some of the possibilities.