Conversation

Notices

Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:02:34 JST Machismo

Let's Encrypt T&C, 6 pages, 1 page of definitions

In conversation Sunday, 02-Jul-2023 14:02:34 JST from freespeechextremist.com permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:04:49 JST Machismo
  in reply to
  
  >You agree, that You will install Your Certificate only on servers that are accessible at the subjectAltName(s) listed in Your Certificate
  How the fuck are you gonna prove that
  
  In conversation Sunday, 02-Jul-2023 14:04:49 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:07:51 JST Machismo
  in reply to
  
  LE's ToS doesn't currently have anything about hate speech/discrimination/etc.
  
  Honestly, I'm surprised.
  
  In conversation Sunday, 02-Jul-2023 14:07:51 JST permalink
- Tyler (tyler@1611.social)'s status on Sunday, 02-Jul-2023 14:09:43 JST Tyler
  in reply to
  
  Thank God.
  
  In conversation Sunday, 02-Jul-2023 14:09:43 JST permalink
  
  Machismo likes this.
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:10:25 JST Machismo
  in reply to
  
  ACME returns a 201 CREATED when registering a new account. Sure, fine.
  It returns 200 OK instead if the account already exists.
  
  In conversation Sunday, 02-Jul-2023 14:10:25 JST permalink
- Nigbot (nice-nigger@nicecrew.digital)'s status on Sunday, 02-Jul-2023 14:10:27 JST Nigbot
  in reply to
  - Tyler
  dindu nuffin :animu_dance10:
  
  In conversation Sunday, 02-Jul-2023 14:10:27 JST permalink
- Tyler (tyler@1611.social)'s status on Sunday, 02-Jul-2023 14:10:27 JST Tyler
  in reply to
  - Nigbot
  Thanks Nigbot
  
  In conversation Sunday, 02-Jul-2023 14:10:27 JST permalink
  
  Machismo likes this.
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 02-Jul-2023 14:12:02 JST † top dog :pedomustdie:
  in reply to
  
  @Zerglingman >Let's Encrypt
  :pepe_gun:
  
  In conversation Sunday, 02-Jul-2023 14:12:02 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:13:57 JST Machismo
  in reply to
  - † top dog :pedomustdie:
  @dcc I have a list of ACME providers here, found in acme.sh (that I don't recall the origin of).
  Let's Encrypt, Buypass, Zero SSL, SSLCOM, Google.
  
  Of course, I automatically ignored the big jew, and of the others, only LE and ZSSL are willing to issue certs for free, the latter of which has substantial restrictions. I'm still probably going to use it for one of my domains, just as a tiny bit more insurance.
  
  In conversation Sunday, 02-Jul-2023 14:13:57 JST permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 02-Jul-2023 14:14:42 JST † top dog :pedomustdie:
  in reply to
  
  @Zerglingman yea it sucks lol, ssl certs suck
  
  In conversation Sunday, 02-Jul-2023 14:14:42 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:14:55 JST Machismo
  in reply to
  - † top dog :pedomustdie:
  @dcc Make self-sign + TOFU great again.
  
  In conversation Sunday, 02-Jul-2023 14:14:55 JST permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 02-Jul-2023 14:15:33 JST † top dog :pedomustdie:
  in reply to
  
  @Zerglingman WHY ARE SELF SIGN INVALID
  
  In conversation Sunday, 02-Jul-2023 14:15:33 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:16:14 JST Machismo
  in reply to
  - † top dog :pedomustdie:
  @dcc Because it doesn't really prove anything.
  But then you realise that LE doesn't really prove anything either lol, they've broken the whole system while sucking the jew cock, instead of actually breaking the system the right way.
  
  In conversation Sunday, 02-Jul-2023 14:16:14 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:17:06 JST Machismo
  in reply to
  - † top dog :pedomustdie:
  @dcc Also obligatory Orlitzky: http://michael.orlitzky.com/./articles/lets_not_encrypt.xhtml
  In conversation Sunday, 02-Jul-2023 14:17:06 JST permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Michael Orlitzky { Let's not Encrypt }
- Ringo (ringo@freeatlantis.com)'s status on Sunday, 02-Jul-2023 14:19:41 JST Ringo
  in reply to
  - † top dog :pedomustdie:
  @Zerglingman @dcc
  more or less.
  theres also a little known thing:
  sites that employ ssl can be intercepted in transit and changed UNIQUELY FOR THE VIEWER.
  you may not believe this, but it's a thing.
  think about dns resolvers, the infrastructure, network topology, and people who speak their minds, and who may 'be getting' different versions of a site......
  
  In conversation Sunday, 02-Jul-2023 14:19:41 JST permalink
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:20:00 JST Machismo
  in reply to
  - † top dog :pedomustdie:
  - Ringo
  @ringo @dcc Oh I know about this, Melbourne airport fucks with SSL in some weird way so that it can't even handshake correctly with FSE.
  
  In conversation Sunday, 02-Jul-2023 14:20:00 JST permalink
- teknomunk (teknomunk@apogee.polaris-1.work)'s status on Sunday, 02-Jul-2023 14:20:08 JST teknomunk
  in reply to
  - † top dog :pedomustdie:
  @Zerglingman @dcc
  
  > DANE + DNSSEC
  
  Which just results in you trading trust in the certificate authority for trust in the DNS system, and have it not function anywhere because nobody actually uses DANE, not even curl.
  
  :cryblood:
  
  In conversation Sunday, 02-Jul-2023 14:20:08 JST permalink
- 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Sunday, 02-Jul-2023 14:24:05 JST 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  in reply to
  - † top dog :pedomustdie:
  LE is amazing because you can always forget to renew the cert. It was a quick and dirty hack to solve the issue of "everything lacks SSL" post-Snowden.
  
  In conversation Sunday, 02-Jul-2023 14:24:05 JST permalink
  
  Machismo likes this.
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:27:20 JST Machismo
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  - † top dog :pedomustdie:
  @PhenomX6 @dcc This is why I am currently writing my own little ACME client, because 8000 lines of sh is frankly absurd, even for supporting however many systems it does (_time2str has comments noting BSD, linux, solaris and busybox). My client is about 10 lines so far and I'm halfway through account registration, so I'm expecting 50 lines, tops. Even if I did twice that many for 10 other systems, I'd still be well ahead of acme.sh?
  Not ahead of acmy-dns-tiny though, but it starts out by defining 4-5 functions inside one gigafunction that straight up tells pylint to not bitch about how big it is lol
  
  In conversation Sunday, 02-Jul-2023 14:27:20 JST permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 02-Jul-2023 14:28:32 JST † top dog :pedomustdie:
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  @Zerglingman @PhenomX6 how are you going to do authentication web root?
  
  In conversation Sunday, 02-Jul-2023 14:28:32 JST permalink
  
  Machismo likes this.
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:29:03 JST Machismo
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  - † top dog :pedomustdie:
  @dcc @PhenomX6 ?
  
  In conversation Sunday, 02-Jul-2023 14:29:03 JST permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 02-Jul-2023 14:30:05 JST † top dog :pedomustdie:
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  @Zerglingman @PhenomX6 to gain a cert you need to do authenticate your domain no?
  
  In conversation Sunday, 02-Jul-2023 14:30:05 JST permalink
  
  Machismo likes this.
- Machismo (zerglingman@freespeechextremist.com)'s status on Sunday, 02-Jul-2023 14:31:35 JST Machismo
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  - † top dog :pedomustdie:
  @dcc @PhenomX6 Yeah. Wildcard is dns so I'm just going to shove a line in my zone file (I need to write a regex to replace the old one) and reload named, then wait a bit before continuing. For some reason this isn't enough to also get the root domain, but that's trivial by comparison; just echo $blah > $blah2.
  
  In conversation Sunday, 02-Jul-2023 14:31:35 JST permalink
- 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸 (phenomx6@fedi.pawlicker.com)'s status on Sunday, 02-Jul-2023 14:32:13 JST 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  in reply to
  - 🌲Number 1 Pleroma Criminal on XBL 🇵🇱|🇺🇸
  - † top dog :pedomustdie:
  By quick and dirty hack, I mean back when you had to spend $$$ for a cert from DigiCert (formerly VeriSign). Look how much they cost for a cert, and even a cheaper CA is a few bucks a year.
  
  The idea of LE was to force everyone on the internet into using SSL and in particular newer versions of SSL/TLS. In particular, as much as normies seem to have forgotten the Snowden leaks (and it's very easy to write them off in their apathy to move off of centralized services), the #1 thing that did happen was the rise of HTTPS. That's the #1 difference before and after the leaks, and it definitely locked out a lot of old computer users and boomers still using the unencrypted web as well. In fact, if you look at old versions of IE (if you don't remember those days) or old shopping websites from the past, the mindset was that HTTPS was only for things like banking and online shopping.
  In conversation Sunday, 02-Jul-2023 14:32:13 JST permalink
  Attachments
  1. Untitled attachment
    https://fedi.pawlicker.com/media/ab0d8455-6f29-4144-8a35-c2dd9f6b0d0f/image.png
  Machismo likes this.

Public

Conversation

Notices

Feeds