Looks interesting, I might take a deeper look into using this.
One thing to note, on my mobile browser (Firefox Nightly) the site is a bit broken. The page has the wrong width so periods etc are off screen and for the code example blocks I can't scroll them to see the whole line.
The best we got up to was the year we found the admin password for the default image root user in some cached Skype logs. First we would SSH into random people's systems and use Applescript to type random things etc., bonus points if they currently were presenting something. We got bored of that pretty quick and resorted to just selling the ability to do stuff as an admin like installing things.
Earlier in middle school we figured out that the MacBooks the school issued had an IR receiver and the apple remote available at the time could trigger some Fullscreen tools by hitting a button on the remote and aiming at a victims computer, again mostly to disrupt teacher presentations.
Both bits of fun came to an end when some kid figured it out and ratted us out. When they figured out I was selling root access (installed CoD4 for a friend's little brother and changed the root password for them at extra cost, when they couldn't remember what they changed it to the went to the admin) all hell broke loose and they confiscated the laptops to re-image... no fun.
While having a Customer Service Rep tell you you're shit out of luck if you can't remember your master password may suck, it's pretty much the only way to actually be some semblance of safe.
The Mud-puddle test is to demonstrate that only you can access your services. If you can call and go "hey can I get back into my vault" so can anyone that convincingly can make the same call on your behalf.
I think VR has the same issue that smartphones had at the start of their cycle, the UI/UX is not designed to intuitively mesh with how users actually want to use the system. Even things like keyboard inputs are just not quite there yet, resorting to clunky index-finger typing at best and type-by-laser at worst.
I think we are moving towards a usable version of AR eventually (with tech still needing to catch up on weight/latency/tracking) but full VR is almost only useful for games.
As much as I'm not an Apple-enthusiast, the one thing they (used to) get right is the sort of UX where you almost don't even need to explain how to do things, they just intuitively make sense and you can just let intent directly flow. Given their current trends though I'm not convinced their alternative AR/VR UI will be that though.
I'm essentially waiting for glasses that go full VR when they need to, and otherwise just allow me to overlay a GUI on reality with minimal effort.
E.g. a video player following me around while I do normal stuff. Helpful, and importantly, optional popups overlayed on real objects to enhance my interactions, not completely replace them with a crude 3D facsimile.
Yes, AR+VR should converge into something similar to the differentiation between windowed- vs fullscreen-mode today: AR should be translucent, non-intrusive visuals overlaid atop your vision of meatspace, and when you need to sit down and fully immerse yourself into a game or movie, you would temporarily switch to VR, on the same device.
So until we have lightweight and powerful-enough glasses — not bulky headsets — everything else is just a public-funded prototype on the way to the real goal.
HN: Pretty sure their relationship with DigiCert predates LE, why change if the current relationship is functional.
Google: Browser Maintainer that runs entire TLDs, doesn't need a third party, it could just decide to trust itself and 60+% of the market follows.
Amazon: Runs a massive chunk of the internet, it's already MitM'd itself and most other things, doesn't really need a third party for Certs but still uses DigiCert which predates LE and they clearly have a working relationship.
Netflix: See Amazon, HN.
You: Barely exist to the infrastructure of the web as people experience it. Maybe you have a static site you don't care to protect from MitM (could add some malicious scripts or whatever but who cares). Maybe you're a tiny service that offers some 50 users something, their plaintext auth probably shouldn't be readable to just anyone along the network path, but they're not paying you for services so you might not wanna spend much money on that service. Use LE.
Also, if you think LE as a company has the ability to take sites with it if it goes down, you don't really understand Web PKI. At most likely within a year to 3 months you'd need to find a new place if their signatures expire. At worst someone could pretend to be you, but still not read that traffic protected by the old cert.
Why so salty about LE? Especially from a "seasoned" SysEng? Didn't it just make your job easier and safer for those with slightly less experience?
> Why so salty about LE? Especially from a "seasoned" SysEng? Didn't it just make your job easier and safer for those with slightly less experience?
Because it's required, I don't know the companies, I can't trust the companies. I just not happy that four companies run the worlds SSL. There should be another technology that caters to such without having to put all the keys in one basket.
> Didn't it just make your job easier and safer for those with slightly less experience?
No. It makes it harder, because your not teaching someone anyone thing you tell them "click here, click that, done"
> Why so salty about LE? Especially from a "seasoned" SysEng? Didn't it just make your job easier and safer for those with slightly less experience?
Because it's required, I don't know the companies, I can't trust the companies. I just not happy that four companies run the worlds SSL. There should be another technology that caters to such without having to put all the keys in one basket.
Honestly, I hate the idea of having a middle man, but having tried and researched extensively how to make something like a direct tunnel between two clients over the internet it just doesn't always work.
NAT is a godsend for IPv4 exhaustion, but it's also fundamentally crippled the ability for people to host things or make things available directly from their homes.
Hole-punching is an inexact process due to the variety of different NAT types, some of which (e.g. Carrier-grade) simply do not allow that sort of connection. So there must be a middle man that accepts packets on their publicly available port and passes it on to another established connection. TURN/STUN (et. al.) exist but are archaic and do the same thing but with less accountability.
I hate it too but until we have IPv6 by default with user controlled firewalls hosting something in your garage without a business line is not feasible. Hell I have a 5$ a month VPS purely so it can act as the middle man to the servers in my home. At least then I only need to trust myself as the middle man.
Their middle man in the data plane handles encrypted packets so that's not the problem here.
The problem is their control plane that controls the encryption keys. A malicious admin inside TS (or a hack) could grant itself membership in any of their customer's networks. (Or at least this is the worry I read from GP)
That's definitely a concern, but I feel this can be mitigated by running your own network on top of theirs. Anyone in my home is part of my network, doesn't mean they're in the wg network too.
Aside from that, it's definitely a problem that they could include themselves in any customer network, but the accountability still stands. If someone got in without your screw-up, at least you know who to point the finger at once the dust settles.
I'd argue it should be treated as a base to overlay your network on top of. Although admittedly I say that as someone that doesn't use their services for similar reasons.
> If someone got in without your screw-up, at least you know who to point the finger at once the dust settles.
How do you know you didn't screw up? There are so many vulnerabilities in the gazillion or random stuff you run every day on your laptop. I'd argue it's more likely that something like that was breached than Tailscaled was breached or rogue.
I admit, although not medically prescribed or supervised, doing mushrooms has been one of the most rewarding experiences of my life.
Although I still have persistent nightmares it changed my understanding of other people and their perspectives to the point my anxiety in a lot of situations has vanished.
I don't think people should go nuts with them but I do think it's a good idea for some people with anxiety to find a clean pleasant care-free place to try them. Even if it just allows them to spend a few hours immersing themselves in completely different thought patterns and potentially gain something from them.
I've had this discussion with people before, the best answer I've come up with is this:
Nihilism is less the idea that all things are irrelevant or immaterial but rather that there is no universal valuation to things. What we do may not affect a universal scale observer or tautologically "matter" in some sense but there exists some scale or model under which things have some valuation.
The trick then becomes rather than conform to some agreed scale or model of the universe for the moral or value derivative we instead turn to what we have decided is valuable.
If I am cold is irrelevant to the universe, but it is relevant to me, and as such being cold may only last a short time and can be survived but it still matters to me.
Equally there is no universal sense of being moral, there is however my sense of being moral and as such some actions can be good not by being derived from some universal morals but instead by my own definitions. "Being kind to a stranger" is moral to me in line with my definitions, but "not eating fish on Fridays" has no moral definition within my moral declaration so I can eat fish on Fridays without being immoral.
Nihilism isn't an end, it's the start to a personal conversation on values that are specific to you and become meaningful to you by your understanding of their worth. Once you have defined your values independent of some larger prescriptive whole you have a system you actually understand and can defend the merits of, a much stronger core for reasoning about morality and the goodness of your actions.
One thing to note, on my mobile browser (Firefox Nightly) the site is a bit broken. The page has the wrong width so periods etc are off screen and for the code example blocks I can't scroll them to see the whole line.