Gemeinschaft

Igorette
10 Monate her von StatusNet
I knew Pope Francis was part dinosaur, but I didn't know he was also a magician - https://i.imgur.com/RuLQkuA.gifv
Igorette
12 Monate her von StatusNet
I no longer think hydraulics are useless - https://i.imgur.com/tGSS4vM.gifv
Igorette
12 Monate her von StatusNet
"My school just got a ton of new iMacs...this is what they did with the boxes." - https://i.imgur.com/9jXHLRY.jpg
Igorette
1 Jahr her von StatusNet
Fly through a galaxy of Debian packages - https://bartle.doomicile.de/url/535058
Igorette
1 Jahr her von StatusNet
What goes around comes around https://i.imgur.com/lkhYkxn.gifv
Igorette
1 Jahr her von StatusNet
#wtf /r/wtf gone private¿¡
Igorette
1 Jahr her von StatusNet
Apple is revolutionizing the world again! - https://i.imgur.com/iq8D4ES.jpg
Igorette
1 Jahr her von StatusNet
"Jürgen Habermas hat schon 2008 gewarnt, das Internet bewirke eine Ausdifferenzierung von Teilöffentlichkeiten. Deren Anbindung an allgemeine Konfliktlinien sei defizitär, wodurch die gemeinsame demokratische Öffentlichkeit unterlaufen werde."
Igorette
1 Jahr her
"Jürgen Habermas hat schon 2008 gewarnt, das Internet bewirke eine Ausdifferenzierung von Teilöffentlichkeiten. Deren Anbindung an allgemeine Konfliktlinien sei defizitär, wodurch die gemeinsame demokratische Öffentlichkeit unterlaufen werde."
Igorette
2 Jahre her von StatusNet
A lazy person's guide to being lazy - https://i.imgur.com/lt7cbWc.jpg
Igorette
2 Jahre her von mustard
A lazy person's guide to being lazy - https://i.imgur.com/lt7cbWc.jpg
Igorette
2 Jahre her von StatusNet
Why a free automated certificate authority is not the solution
The answer is simple: It's a certificate authority.

The certificate authority system is inherently flawed, this was not only proven by the fact governments as well as criminals could take over broadly accepted certificate authorities in the past, or that these takeovers had to be patched by software updates of a myriad of browsers, operating systems and other software.

It is flawed because it has that huge attack vector, there are over over 50 organizations that are trusted by your browser http://ur1.ca/iu8qn and they gave out the privilege to issue certificates for any domain to hundreds of other organizations http://ur1.ca/iu8qo Remember this model is about trust. Do you trust all these or even the 50 root CAs? Did you verify they properly handle the power they've obtained? I did not, it's too much work.

Adding just yet another organization that can issue certificates for any domain only... http://ur1.ca/iu8qu
Igorette
2 Jahre her von pump.io
Why a free automated certificate authority is not the solution
The answer is simple: It's a certificate authority.

The certificate authority system is inherently flawed, this was not only proven by the fact governments as well as criminals could take over broadly accepted certificate authorities in the past, or that these takeovers had to be patched by software updates of a myriad of browsers, operating systems and other software.

It is flawed because it has that huge attack vector, there are over over 50 organizations that are trusted by your browser and they gave out the privilege to issue certificates for any domain to hundreds of other organizations. Remember this model is about trust. Do you trust all these or even the 50 root CAs? Did you verify they properly handle the power they've obtained? I did not, it's too much work.

Adding just yet another organization that can issue certificates for any domain only strengthens that model. It ensures future revenues for the companies providing you the nice little green icons in your browser, called "extended validation". I will leave looking up the prices for such a EV certificate and the estimate of how much real man work goes into that as an exercise for the reader.

There's hope though. For a few years now there's a new standard in the making, called "DNS-based Authentication of Named Entities", DANE for short. It's based on DNSSEC, an effort to prevent forged and not authoritative answers in the DNS system. In short DNSSEC guarantee's that the IP you're connecting to is controlled by the owner of the domain and DANE guarantees that there's no middle-man in your connection to the webserver listening on that IP.

DNSSEC reduces the number of entities you have to trust to effectively one, IANA. IANA does contract third parties to operate the root zone, currently this is VeriSign. Every signature can be chased to that single trusted party. To forge a domain you would need to compromise the root zones key, which is guarded by high standards, much higher than the ones of your average certificate authority. Also if you compromise at that level, you need to mirror the infrastructure of the whole top level domain your target domain is part of. This is feasible but also visible to monitoring systems. Attacking a top level domain infrastructure directly is also possible, the effect is greatly reduced though, only that single top level domain is compromised. You can't change the keys here either, as you would need to update the signatures in the root zone. And again an attack is more visible here.

Whether this is really greatly reducing the attack vector is debatable, what it objectively reduces is the damage you can make. Remember to compromise the current system on a whole you just need one of the hundreds of little certificate authorities.

You can activate DANE validation today through an excellent browser extension provided by the Czech domain registry. After you have installed it you can see that all my sites already deploy it, it's certainly possible.

I can understand if companies that benefit from the current system embark in such a "free" registry. I can understand if the EFF supports such a system as a short term measure, they don't directly influence any of the major software systems that would need to be adapted.

What makes me angry is that Mozilla is spending a lot of money to support it, while completely neglecting DANE support. There's no real progress for years now. They support the old broken system while they really could change something. If a major browser vendor like Mozilla shipped DANE support, across all its products, it would boost adoption of it a lot.

#mozilla #ssl #dns #dnssec #dane #letsencrypt

via Jonne Haß - link
Igorette
2 Jahre her von StatusNet
Sign language for "Abortion" - https://i.imgur.com/0uMowBF.gif
Igorette
2 Jahre her von mustard
Sign language for "Abortion" - https://i.imgur.com/0uMowBF.gif
Igorette
2 Jahre her von StatusNet
Top 10 All-Time submissions for /r/ImaginaryHorrors. - http://imgur.com/a/6Qbo4
Igorette
2 Jahre her von StatusNet
Todays cat weirdness thread in reddit - http://www.reddit.com/r/gifs/comments/2jsloo/_/
Igorette
2 Jahre her von mustard
Todays cat weirdness thread in reddit - http://www.reddit.com/r/gifs/comments/2jsloo/_/
Igorette
2 Jahre her von StatusNet
New ttrss-android version seems a little unstable
Igorette
2 Jahre her von AndStatus
New ttrss-android version seems a little unstable
Igorette
3 Jahre her von mustard
This birthday card made me say "what the fuck?" - http://i.imgur.com/XW0U4Q3.jpg
Igorette
3 Jahre her von mustard
And have an A1 day, bitch.
Igorette
3 Jahre her von mustard
Henry Farrell for Democracy Journal: The Tech Intellectuals - http://www.democracyjournal.org/30/the-tech-intellectuals.php?page=all
Igorette
3 Jahre her von mustard
Auto-Brewery Syndrome: Apparently, You Can Make Beer In Your Gut : The Salt : NPR - http://www.npr.org/blogs/thesalt/2013/09/17/223345977/auto-brewery-syndrome-apparently-you-can-make-beer-in-your-gut
Igorette
3 Jahre her von mustard
Amish Community Not Anti-Technology, Just More Thoughtful : All Tech Considered : NPR - http://www.npr.org/blogs/alltechconsidered/2013/09/02/217287028/amish-community-not-anti-technology-just-more-thoughful
Igorette
3 Jahre her von mustard
Also a good BOFH excuse generator
Jargon Generator - http://shinytoylabs.com/jargon/#
Igorette
3 Jahre her von mustard
Kabarettist Georg Schramm über Politik: „Mein Zorn ist echt“ - taz.de - http://www.taz.de/Kabarettist-Georg-Schramm-ueber-Politik/!122002/
Igorette
3 Jahre her von mustard
"What platform do you use to run your infrastructure?"
"I use cocaine"
https://github.com/cocaine/cocaine-core
Igorette
3 Jahre her von mustard
Tweet von @acarvin : Whenever you hear it's a "pro-Morsi vs. anti-Morsi" dialectic, remember this venn diagram. #egypt opegypt.wordpress.com/2013/08/02/mainstream-media-likes-simple-labels/
Igorette
3 Jahre her

Hyperboria


Hyperboria is a global decentralized network of "nodes" running cjdns software. The goal of Hyperboria is to provide an alternative to the internet with the principles of security, scalability and decentralization at the core. Anyone can participate in the network by locating a peer that is already connected.
Igorette
3 Jahre her
Oversight: Thank you for volunteering, citizen.
Igorette
3 Jahre her von mustard
Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages | Ars Technica - http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
Igorette
3 Jahre her von mustard
What’s stopping us from eating insects? | Anthropology in Practice, Scientific American Blog Network - http://blogs.scientificamerican.com/anthropology-in-practice/2013/07/24/whats-stopping-us-from-eating-insects/
Igorette
3 Jahre her von mustard
Very funny....
Forgotten Employee - https://sites.google.com/site/forgottenemployee/
Igor Ette
3 Jahre her

˜"Heroic effort at great personal cost"€™: Edward Snowden nominated for Nobel Peace Prize


A Swedish sociology professor has nominated Edward Snowden for the Nobel Peace Prize. He says the NSA whistleblower could help "save the prize from the disrepute incurred by the hasty and ill-conceived decision"€ to give the 2009 award to Barack Obama.