tal
@tal@lemmy.today
- Comment on The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. 1 day ago:
Fina CA, for its part, said in a short email that the certificates were “issued for internal testing of the certificate issuance process in the production environment. An error occurred during the issuance of the test certificates due to incorrect entry of IP addresses. As part of the standard procedure, the certificates were published on Certificate Transparency log servers.”
Fina CA, for its part, said in a short email that the certificates were “issued for internal testing of the certificate issuance process in the production environment. An error occurred during the issuance of the test certificates due to incorrect entry of IP addresses. As part of the standard procedure, the certificates were published on Certificate Transparency log servers.”
So does that mean Fina did nothing wrong?
No. Fina never had Cloudflare’s permission to issue certificates for an IP it controls. Consent of the owning party is a cardinal rule that Fina didn’t follow.
What are TLS certificates? How do they work?
In short, these certificates are the only thing ensuring that gmail.com, bankofamerica.com, or any other website is controlled by the entity claiming ownership. By now, many Internet users know they should only trust a website when its real domain name appears correctly in the address bar and is accompanied by the HTTPS label.
considers
Hmm. Maybe the certificate validation process should be changed to require that two CAs sign off on the root of a chain, to eliminate a single point of failure. Or maybe software should require that just for certain security-sensitive identities, and there be a decision to designate certain TLDs or IP ranges or whatever as requiring an additional root. That obviously doesn’t magically resolve all potential certificate issues, but it does mean that a single error can’t create the potential to open the floodgates like this.
- Comment on Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn 2 days ago:
I mean, true. But I kind of feel like once you’ve got malware on your system, there are an awful lot of unpleasant things that it could manage to do. Would rather focus more on earlier lines of defense.
Once it’s installed, Stealerium is designed to steal a wide variety of data and send it to the hacker via services like Telegram, Discord, or the SMTP protocol in some variants of the spyware, all of which is relatively standard in infostealers. The researchers were more surprised to see the automated sextortion feature, which monitors browser URLs for a list of pornography-related terms such as “sex” and “porn," which can be customized by the hacker and trigger simultaneous image captures from the user’s webcam and browser. Proofpoint notes that it hasn’t identified any specific victims of that sextortion function, but suggests that the existence of the feature means it has likely been used.
The “try and sextort” thing might be novel, but if the malware is on the system, it’s probably already swiping all the other data it can anyway.
It sounds like in this case, the aim is to try to get people to invoke executables by presenting them as ordinary data files:
In the hacking campaigns Proofpoint analyzed, cybercriminals attempted to trick users into downloading and installing Stealerium as an attachment or a web link, luring victims with typical bait like a fake payment or invoice. The emails targeted victims inside companies in the hospitality industry, as well as in education and finance, though Proofpoint notes that users outside of companies were also likely targeted but wouldn’t be seen by its monitoring tools.
Like, I kind of feel that maybe a better fix is to distinguish, at a UI level, between “safe” opening and “unsafe” opening of something. Maybe “safe” opening opens content in a process running in a container without broader access to the host or something like that, and maybe it’s the default. That’s what mobile OSes do all the time. Web browsers don’t — shouldn’t — just do unsafe things on the host just because someone viewed something in a browser — they have a restricted environment.
In a world that worked like that, you need to actively go out of your way to run something off the Internet outside of a containerized environment.
- Comment on Under-16s to be banned from buying high-caffeine energy drinks including Monster 2 days ago:
Hmm. That’s a good point. I wonder if there’s trouble lurking there.
The government proposals will make it illegal to sell high-caffeine energy drinks containing more than 150mg of caffeine per litre to anyone under 16 in England.
Aight, so that’s their red line.
www.healthline.com/…/how-much-caffeine-in-coffee
A 12-ounce (oz) cup of brewed coffee may contain 113 to 247 milligrams (mg)Trusted Source of caffeine, whereas a smaller 8-ounce cup can contain about 95 to 200 mg.
Hmm. A liter is 2.8 times larger than a 12 fluid ounce cup, so that’d be 318 mg/L to 696 mg/L.
- Comment on UK politicians must stop stoking division, says policing chief 3 days ago:
Easier to get people to engage with ragebait.
The Guardian isn’t innocent here, either.
- Comment on Polanski apologises over claim he can increase women’s breast sizes with his mind 3 days ago:
Might be a damning photo of him awkwardly eating a bacon sandwich or something still hiding out there on some camera.
- Comment on I refuse to by a new mouse 3 days ago:
corsair.com/…/scimitar-pro-rgb-optical-moba-mmo-g…
OP didn’t expand on it, and his photos didn’t show it, but this mouse apparently has a bunch of thumb buttons, which is a legitimately-rare feature (though it’s not the only mouse out there to have a bunch).
- Comment on Under-16s to be banned from buying high-caffeine energy drinks including Monster 3 days ago:
perkcoffee.co/sg/countries-consume-coffee/
The UK appears to be nowhere near the top of countries on per-capita coffee consumption, at less than a third Finland’s rate.
However, it does appear to be very high on prevalence of cocaine consumption:
- Comment on ‘Escape From Tarkov’ Coming To Steam In the Coming Weeks 5 days ago:
facebook.com/groups/…/1842637456471565/
Sounds like PvE works, but not PvP.
This guy claims that he got it working in PvP, at least at one point:
old.reddit.com/r/linux_gaming/…/tarkov_on_linux/
Ran fine for me with Proton Easy Anti-Cheat when added to Steam. This was a few patches ago now though. Whenever Streets came out.
- Comment on Water Boil Advisory 5 days ago:
Must be nice to have your problem. During COVID-19, my county health department kept sending area alarms with emergency messages during COVID-19, most of which contained no actual useful information about change of status and were just reminding people to social-distance.
- Comment on ‘Escape From Tarkov’ Coming To Steam In the Coming Weeks 5 days ago:
kagis
I haven’t played it, but it sounds like it doesn’t have a replay system, which apparently has exacerbated finding cheaters.
- Comment on Is Miss England's AI round dangerous or progressive? 5 days ago:
en.wikipedia.org/wiki/False_dilemma
Is Miss England’s AI round dangerous or progressive?
A false dilemma, also referred to as false dichotomy or false binary, is an informal fallacy based on a premise that erroneously limits what options are available. The source of the fallacy lies not in an invalid form of inference but in a false premise
- Comment on Does a "SuperTuxKart Remastered" or similar exist? 6 days ago:
Looking at their dev guidelines page, they don’t have any texture resolution limit other than “don’t use very large textures on very small objects”, so I doubt that the project has any really hard caps.
supertuxkart.net/Texture_Guidelines#texture-detai…
Do not use large textures for small objects—this wastes video RAM.
If the game supports it or could support it, might be possible to have a separate high-resolution-texture package.
- Comment on Does a "SuperTuxKart Remastered" or similar exist? 6 days ago:
I doubt it, seeing as it looks like it’s still being actively developed. I’d expect anyone who wanted to have higher resolution textures or whatever to just add an option for that to the main game.
- Comment on Stephen Miller: Secretary Kennedy one of the world's foremost experts on public health. He is working hard to restore the credibility of the CDC as a scientific organization 1 week ago:
Stephen Miller is not known for exactly being the soul of veracity.
salon.com/…/stephen-millers-web-of-lies-the-trump…
And that was from back in 2017.
Trump just has a number of people working for him who are, like himself, willing to tell very substantial untruths.
- Comment on Over 450 Diablo developers at Blizzard have unionized 1 week ago:
Well, someone in this thread linked to the Diabolic 4 credits, and those list what they do.
- Comment on WhatsApp will help you become a better LLM: Writing Help AI feature, will rewrite your words to help you form a better sentences. 1 week ago:
- Comment on WhatsApp will help you become a better LLM: Writing Help AI feature, will rewrite your words to help you form a better sentences. 1 week ago:
WhatsApp will help you become a better LLM: Writing Help AI feature, will rewrite your words to help you form a better sentences.
Assuming that the post title isn’t a joke, possibly whoever wrote the title.
- Comment on Kemi Badenoch: I’d go further than Farage and deport women and children 1 week ago:
Let’s see if Kemi Badenoch or Nigel Farage will win this bidding war, folks!
- Comment on CrankBoy - the original Game Boy game emulator for the Playdate console (my article) 1 week ago:
My guess is that most people in the market for a Steam Deck aren’t getting either this or a Deck.
- Comment on When something still uses micro USB in 2025 1 week ago:
- Comment on UK's third-largest steelworks collapses into government control 2 weeks ago:
Well, could be.
I think that it’s fair to say that the UK probably wants to maintain reliable access to steel.
But there are multiple routes for that, hedging against any risk costs something, and it’s not possible to hedge against everything. Have to pick what risks to deal with.
Another possibility is that the UK “friendshores” – like, okay, say that the UK decides that, I don’t know, some set of specific countries having capacity is sufficient, that any scenario where they’re trying to cut the UK off (or someone else is able to cut transport to them off a la the Battle of the Atlantic) probably has larger problems for the UK than just steel access. I suspect that if you go looking, you could find all kinds of supply chains that aren’t purely British domestic that would be important — hard to do everything domestically. Could even sign some sort of treaty obligating the UK to have some guaranteed amount of access with said countries (though that might also entail some sort of commitments on the British side to provide things themselves).
Or it could be possible to maintain a strategic reserve of steel long enough to last out a period of shortage, until other counters could be employed.
Or it could be that the UK does want domestic capacity, but feels that the existing British capacity outside of this facility is adequate for national security.
Or it could be that the UK feels that in an emergency, they or someone else could adequately ramp up production.
Or it could be that the UK would like to provide some form of protectionism, but doesn’t want to use tariffs (e.g. they use government procurement to ensure a certain amount of sustained domestic demand).
Or it could be that the UK feels that they can deter parties from cutting them off. Like, okay, maybe one could imagine a scenario where steel to the UK were cut off, or at least reduced…but then that party would suffer consequences of their own, lose access to things that the UK provides or can otherwise deny, that might also be critical to that other party.
kagis
I have no familiarity with the situation, so I can’t comment on it, but this document from last month by the current government seems to detail a variety of measures regarding support for the British steel industry:
- Comment on UK's third-largest steelworks collapses into government control 2 weeks ago:
China’s been producing a very great deal of it in past years.
en.wikipedia.org/…/List_of_countries_by_steel_pro…
The biggest steel producing country is currently China, which accounted for 54% of world steel production in 2023.
Historically, the UK had access to coal and was an early starter on a lot of industrialization stuff. Today, other countries have industrialized too.
From the Wikipedia page:
Entity 2024 million metric tons production 1967 million metric tons production World 1,881.4 497.2 China 1,005.1 14.0 UK 4.0 24.3 - Comment on Angela Rayner hit with legal challenge over datacentre on green belt land 2 weeks ago:
Other locals complained datacentres were…noisy
Unless they’re walking inside the datacenter, I wouldn’t expect much by the way of noise.
In March, the technology secretary, Peter Kyle, attacked the “archaic planning processes” holding up the construction of technology infrastructure and complained that “the datacentres we need to power our digital economy get blocked because they ruin the view from the M25”.
While I agree that planning has been too much of a roadblock to development in many places, not just in the UK, I don’t think that it’s specific to building out tech infrastructure. I’d say that it’s an even more-substantial barrier in limiting housing construction.
www.centreforcities.org/housing/
The UK’s chronic housing shortage is one of the biggest economic and social challenges the country faces. The Government is aiming to build 1.5 million homes over the Parliament in England, but barely 200,000 were built in 2023-24.
England’s housing crisis is so severe as the planning system is especially restrictive. While other countries have rules-based zoning systems, England has a discretionary planning system where every decision is made case-by case. In most zoning systems proposals that follow the rule are accepted, while under discretion even projects that have been approved by planners can be rejected by councils.
The housing crisis varies substantially across the UK, with the worst shortages in the most economically successful cities and towns where employment opportunities draw in large numbers of people. These are caused by how our planning system disconnects the local supply of housing from local demand.
- Comment on Pandering to conservative Americans 2 weeks ago:
Could be that the packaging was redesigned.
- Comment on Stop children using VPNs to watch porn, ministers told 2 weeks ago:
Nah, those are individual states.
- Comment on Stop children using VPNs to watch porn, ministers told 2 weeks ago:
I expect Dame Rachel will be subsequently calling for age verification on VPSes and servers when she’s made aware that anyone might just set up their own VPN server on any of those.
- Comment on Nissan announces 2026 Leaf pricing, starting at $29,990 2 weeks ago:
There are cheaper electric vehicles, but they aren’t really car analogs.
There are electric motorcycles and scooters, but they won’t provide protection from weather.
motoxtasy.com/top-best-street-legal-electric-moto…
There are low-speed, street-legal vehicles known in the EU as Quadricycles and the US as an NEV, but you’re talking about 25 mph, so not suitable for faster than low-speed roads.
- Comment on Stop children using VPNs to watch porn, ministers told 2 weeks ago:
“This tells us how much of the problem is about the design of platforms, algorithms and recommendation systems that put harmful content in front of children who never sought it out,” the commissioner said, calling for the report to act as a “line in the sand”.
From the report text:
Content warning
This report is not intended to be read by children.
This report makes frequent reference to sexual harassment and sexual violence. This includes descriptions of pornographic content, language and discussion of sexual abuse.By the commissioner’s standard, the commission’s report itself should probably be behind an age-gated access method or at least not indexed by Google.
- Comment on Has cancel culture gone too far? 2 weeks ago:
Cain was asked BY A GOD to kill (sacrifice) the thing he loved the most, he did it.
You’re trippin’. You’ve gotten every detail wrong. It would be hard to be more wrong. Killing ≠ sacrificing. It never specifically mentions being asked, much less for what they “loved most”. It’s not just “people down here blaming Cain”, Cain lied about murdering his brother and God cursed him. If God viewed Cain murdering Abel as a sacrifice, why would he curse him?
He’s probably thinking of Abraham trying to sacrifice his son on Yahweh’s orders, a couple chapters later.
Some time later God tested Abraham. He said to him, “Abraham!”
“Here I am,” he replied.
Then God said, “Take your son, your only son, whom you love—Isaac—and go to the region of Moriah. Sacrifice him there as a burnt offering on a mountain I will show you.”
Early the next morning Abraham got up and loaded his donkey. He took with him two of his servants and his son Isaac. When he had cut enough wood for the burnt offering, he set out for the place God had told him about. On the third day Abraham looked up and saw the place in the distance. He said to his servants, “Stay here with the donkey while I and the boy go over there. We will worship and then we will come back to you.”
Abraham took the wood for the burnt offering and placed it on his son Isaac, and he himself carried the fire and the knife. As the two of them went on together, Isaac spoke up and said to his father Abraham, “Father?”
“Yes, my son?” Abraham replied.
“The fire and wood are here,” Isaac said, “but where is the lamb for the burnt offering?”
Abraham answered, “God himself will provide the lamb for the burnt offering, my son.” And the two of them went on together.
When they reached the place God had told him about, Abraham built an altar there and arranged the wood on it. He bound his son Isaac and laid him on the altar, on top of the wood. Then he reached out his hand and took the knife to slay his son. But the angel of the Lord called out to him from heaven, “Abraham! Abraham!”
“Here I am,” he replied.
“Do not lay a hand on the boy,” he said. “Do not do anything to him. Now I know that you fear God, because you have not withheld from me your son, your only son.”
- Comment on How can England possibly be running out of water? 2 weeks ago:
UK households use more water, mostly on showering and bathing, than other comparable European countries, at about 150 litres a day per capita. For France the average is 128, Germany 122 and Spain 120 (although in Italy its 243 litres a day).
Meh. I’m sure that we use more than that in the US.
kagis
www.epa.gov/…/understanding-your-water-bill
The average American uses around 82 gallons per day per person in the household.
So 310 liters, over double the British average.
www.arizonafuture.org/…/water-use/
It looks like people in Phoenix, Arizona average something like 150 gallons/day for residential stuff, almost twice that again, and they live in a desert.