>Btw. The https communication comparison does not hold, there is always a third party that can read what you say. E2E chats are effectively communication where evidence is instantly destroyed.
If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?
This isn't correct with 3rd party CA's with modern TLS either.
TLSv1.2 has Perfect Forward Secrecy with DHE and ECDHE key exchanges and in TLSv1.3 PFS is mandatory. A compromised root CA or even leaf certificate these days protects you from a man-in-the-middle and not a whole lot else - the certificate private key is never used for session key derivation and the keys themselves are ephemeral and never sent over the wire so even intercepting the key exchange doesn't allow decryption of the stream.
Even if you don't have Forward Secrecy, like you decided to use RSA KEX which is a terrible non-default idea even in 2015 let alone today (this feature isn't even present in TLS 1.3 deliberately, lobbying to keep doing this failed), your private key is still needed so a third party CA can't imitate you.
The CAs have never been supposed to know your private key. For a long time now it's straight up forbidden on pain of removal from trust stores for the CAs to learn somebody else's private keys.
For the example of Let's Encrypt your client probably picks a private key and stores it where your web server can use it, but it never sends this key to anybody else. In fact if you care you can even have the key chosen by the web server and literally never send that key to the Let's Encrypt client at all, the client picks up a "Certificate Signing Request" and it goes OK, I see you want a certificate for some key you know but I don't, that's cool I will go ask Let's Encrypt to issue a certificate for that and let you know.
There's societal memory of monarchies and kings that held a lot of power that still impacts things to this day, sometimes unconsciously and sometimes consciously.
The NSA is an American body, and Trump is the subject of a personality cult far in excess of any European monarch. Authoritarianism is a personality trait independent of political structures.
I think deprecation in intra-company code is a completely different beast. You either have a business case for the code or not. And if something is deprecated and a downstream project needs it, it should probably have the budget to support it (or code around the deprecation).
In many ways, the decision is easier because it should be based on a business use case or budget reason.
The business case is the easy part, the quagmire is in getting the different teams to agree who should support the business case, why it's more important than the business cases they wanted to spend cycles on instead, and how much of the pie supporting it takes on the budget side. Less so when the place is small enough everyone knows everyone's name, more so when it's large enough they really don't care what your business case is much even though it'd be 10x easier to support from their side instead of another.
Oh. But that is a solved problem. The users of the library just copy the code from before the deprecation and then stick it in their codebase not to be maintained anymore. Problem solved. /s
O365 and other Microsoft products are a massive, massive drain on valuable foreign exchange for third world countries like mine. If it were up to me, I would outlaw paying Microsoft for anything in my country.
CBP actually made me give them my facebook password when entering on a J1 visa in 2017, so I'm surprised to hear so much talk about this. Is it more that the practice of checking social media is more widespread now?
If one didn’t have an account with meta they just wouldn’t get the visa then or how does it work?
Does the government have any direct link to meta re what accounts people actually have. I’m surprised people aren’t up in arms about this, I guess it affects mostly visitors and immigrants but the fact that the government needs to see your activity on a private company’s web app is wild to me.
I don't think you want to try that argument with immigration officials, although it might just keep your incorrect answer from being straight up fraud or willful misrepresentation.
Knowing that, it's crystal clear HN falls strictly within that definition of "social media", although it might not be as clear if you don't know what that particular site is.
Googling 'site:gov "justpaste.it"' also brings endless results of government documents mentioning the site in the context of terrorism.
I somewhat doubt US immigration authorities thwarted any would-be terrorists by asking for their justpaste.it username, but what do I know, perhaps this was an important breakthrough in the global war on terror.
You'd be surprised at the number of people who willingly give up their social media accounts, only for immigration officials to find comments in support of terror attacks in the Middle East.
It's pretty easy to think it's harmless if you live in a country where that viewpoint is not uncommon.
That's not surprising at all, but I think the people who could get caught by the justpaste.it thing are not the same people casually praising Hamas on Instagram.
If you're putting terrorism related content on justpaste.it, you're probably pretty deep into the whole thing.
It can be an easy charge of “lying to the government on an official form” when they discover you have a user account somewhere that you didn’t disclose, even if they can’t get anything else to stick.
Yep, there isn't exactly a shortage of hydrogen, carbon or energy in the world. Currently we get all three from the same place, but there are other approaches
Perhaps the aims of these dark patterns were not to benefit Microsoft overall, but perhaps an individual or a team? For example, produce good numbers for particular KPIs at the expense of unmeasured or unmeasurable aspects.
Notice they're only doing this after the game is ensloppified (they make their money from merch and movies now, not from game sales) and after the game code suffers from so much inner-platform effect that modding it directly isn't as useful any more.
The inner platform effect is when, in an effort to make it so people don't have to use the original programming language because programming is complicated, you create a worse programming language and make people use that. In Minecraft, it's data and resource packs. The Java code isn't just a function on the block that renders it, any more - there's a bunch of indirection through resource packs, and they've gone abstraction hell with that too, adding unnecessary abstractions in the way of the actual abstraction they want.
Their model seems to be to keep Java Edition reasonably pure and close to the original spirit (with most of the original developers working on that), but do all the minebux exploitation on Bedrock, where a big majority of the children players are. The main evil thing they've done to Java players is the account migration, but even that was sort of understandable given how questionable Mojang's original account system was.
Can you elaborate on this? This seems like a strange way of saying, "it's easier to mod little things with data/resource packs" - and mods are still absolutely necessary, as data/resource packs can't do everything. But they're great for, say, adding tags to random items (something I do regularly) or - the most obvious usecase - texture packs
Previously if you wanted to create a simple block type you would write something like this (very roughly and excusing HN not supporting code formatting):
public class MyBlock extends Block {public Icon getTexture() {return 0;} public String getTextureAtlasPath() {return "/mymod.png";}}
Later it was
public class MyBlock extends Block {Icon icon; public void registerIcons(IconRegistry r) {icon = r.register("mymod:myblock");} public Icon getTexture() {return icon;}}
You need a little bit more code and you have to know that "mymod:myblock" really means "/assets/mymod/icons/blocks/myblock.png" but it's not too bad. (Why not specify the actual path?)
But now it takes the Java class, plus about 5 different JSON files that are magically linked based on strings like the above (interpreted differently in each context), and if you want to simply set the icon in a few lines of code like before, you can't because all the code is specialized for handling JSON files. https://docs.minecraftforge.net/en/1.12.x/models/files/
You could argue it's better because it handles more block shapes, but the story for shapes isn't much better - you used to be able to write if(thingAboutItem) renderCertainWay(); but now you can write {"when":{"certain_condition":"true"}, "apply":{"model":"certain_model"}} and there's a whole bunch of code to write to map "certain_condition" to the condition you want, and woe betide you if your model isn't a bunch of textured axis-aligned cuboids. https://docs.minecraftforge.net/en/1.12.x/models/using/https://docs.minecraftforge.net/en/1.12.x/models/advanced/ex...
Modding with data packs is harder than modding with Java used to be, and modding with Java now is also harder than modding with Java used to be, because of data packs.
I don't really think this would be the end of the world, would it? Much of the content they've added over the past few years has been of questionable merit, at least to me. Surely at some point they'll run out of ideas that can reasonably fit inside vanilla Minecraft?
(But no, I don't think they're going to stop JE development. I'd bet it's still the far more popular version, and they probably still make plenty of money from sales)
If I use a third party CA this is correct. But what third party can read communications over HTTPS between a client and a server I control with a self signed SSL cert?
reply