• 2 Posts
  • 53 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle


  • If approved, it will affect all Safari certificates, which follows a similar push by Google, that plans to reduce the max-validity period on Chrome for these digital trust files down to 90 days.

    Max lifespans of certs have been gradually decreasing over the years in an ongoing effort to boost internet security. Prior to 2011, they could last up to about eight years. As of 2020, it’s about 13 months.

    Apple’s proposal would shorten the max certificate lifespan to 200 days after September 2025, then down to 100 days a year later and 45 days after April 2027. The ballot measure also reduces domain control validation (DCV), phasing that down to 10 days after September 2027.

    And while it’s generally agreed that shorter lifespans improve internet security overall — longer certificate terms mean criminals have more time to exploit vulnerabilities and old website certificates — the burden of managing these expired certs will fall squarely on the shoulders of systems administrators.

    Over the past couple of days, these unsung heroes who keep the internet up and running flocked to Reddit to bemoan their soon-to-be increasing workload. As one noted, while the proposal “may not pass the CABF ballot, but then Google or Apple will just make it policy anyway…”

    However, as another sysadmin pointed out, automation isn’t always the answer. “I’ve got network appliances that require SSL certs and can’t be automated,” they wrote. “Some of them work with systems that only support public CAs.”

    Another added: “This is somewhat nightmarish. I have about 20 appliance like services that have no support for automation. Almost everything in my environment is automated to the extent that is practical. SSL renewal is the lone achilles heel that I have to deal with once every 365 days.”

    Until next year, anyway.











  • While I agree, I have a hard time seeing how people will stop using it until the field changes. Maybe in 10 years it will the the MySpace of the sitcom era, but right now it’s still growing. That growth is giving it carte blanche to manipulate the users as it sees fit. Regulation might impact it, but it’s still a bit of a Goliath.

    • Compared to 2023, YouTube’s user base has grown by 20 million this year, representing a 0.74% increase. From Global media insights

    Also the active user base is 2.7 billion people in 2024 from the same source above.

    The alternatives are out there, but just not in the same league.



  • True, but worth reading their about page and privacy page. Not saying it’ll stay this way, but the way they are running is something that makes more sense then being sold as a product to Google. And you aren’t getting much of an incognito these days with all the fingerprinting they are doing.

    I will admit kagi search isn’t the highest performer, but it’s viable. DDG, Start page, etc. Might give you more privacy, or not (hard to tell with DDG these days), but it might be worth trying a different model for a while.

    I miss the days when the internet was truly free, but in lieu of that we have to have something better. Kagi is a start.


  • That’s an interesting example, I’ll have to look it out and see if the context bears it out. I say that as although yes he might have only gotten 43%, the question is how many registered voters didn’t vote and how many eligible but unregistered voters there were.

    Vermont has a fairly high voter turnout, but looking at Vermont’s Secretary of State 2016 had a voter turnout of 63% of Voting Age Population from census population. So that 185k of 505k thousands people who didn’t vote.

    Also if I have the right numbers from Vermont’ SOS, that’s 43% of the state total 63% who voted.

    I’ve read other demographic breakdowns on those who don’t vote which is worth looking into, but it’s hard for me to see someone say that there isn’t a mass when we have this huge population of American citizen who don’t vote. Something between 35-45% of the US just doesn’t. That’s a huge swath of disenfranchised people.



  • A brief technical summary from iMAP reveals what happens when users attempt to access sites using Cloudflare and Google DNS.

    • On Maxis, DNS queries to Google Public DNS (8.8.8.8) servers are being automatically redirected to Maxis ISP DNS Servers;

    **

    • On Time, DNS queries to both Google Public DNS (8.8.8.8) and Cloudflare Public DNS (1.1.1.1) are being automatically redirected to Time ISP DNS servers.

    “Instead of the intended Google and Cloudflare servers, users are being served results from ISP DNS servers. In addition to MCMC blocked websites, other addresses returned from ISP DNS servers can also differ from those returned by Google and Cloudflare,” iMAP warns.

    "Users that are affected, can configure their browser settings to enable DNS over HTTPS to secure their DNS lookups by using direct encrypted connection to private or public trusted DNS servers. This will also bypass transparent DNS proxy interference and provide warning of interference,” iMAP concludes.

    Essentially Malaysia law required ISP to drop DNS entries for some sites, local users started using public DNS. ISP started redirecting public DNS requests, and local users started using DNS over HTTPS.

    The pirate wars continue in their arms races.