Is there a way to rsync this or any other possibility to mirror it programmatically (via cron)?
It is very surprising to see how "low" their fundraising goal is set compared to wikipedia and how much value they generate from this budget for the internet.
Other question: what exactly does the loudspeaker icon? Should there be any action triggered (that does not work in my browser)? What happens when you click the highlighted icon?
How big will the blockchain become? I have not read much about Ethereum and not a deep understanding of every technical aspect regarding blockchains, however I understand that most applications just are not practical with endlessly growing blockchains. Does Ethereum a solution for that?
They are calling this the 'scalability problem' and are researching it as well. I think the general idea is to divide the blockchain into shards with some links in between.
>Mobile first is a basic requirement in developing countries.
When you say "mobile first is a basic requirement" you're thinking about a specific context of software intended for the general population of people in those countries.
However, with projects like HospitalRun, the general population is not the audience, Hospital staff and administrators are, and even in developing countries they still primarily use laptops and tablets at the Hospital.
They should have made fake ads about getting a free iphone with calling this number, that would be much more effective.
It would be interesting to see the resulting numbers - how many people are already afraid to call that number? Are YOU afraid of calling that number?
That is a nice real life demonstration of where that ill-minded techno-dictatorship will lead us.
Unfortunately there is no way back, as the USA ANGST to fight these nazis is too strong, especially in Silicon Valley, where too many chicken-hearted apple shiners (nice word!) are hiding instead of standing up. It is shocking to see how established that culture of ANGST is already established in the USA.
So be prepared for a long war and many death friends - this is always the only long-lasting result when you let paranoid and aggressive Neandertalers lead your society. Look at Germany after WW II to see the future of USA if you do not stand up now against that bigbrotherism.
Yes, it is up to you to change it. Follow the few brave we have seen and change your government to obey the people, not the other way around. Do it now and the world will be very thankful and start to love USA again! Amen :)
The point doesn't seem to be getting a lot of people to call the number. The point seems to be getting a lot of people thinking about the consequences of calling the number.
Your US citizenship will chase you abroad, make you file more crap than and get you more closely watched by the US than can even be done illegally domestically, all while preventing you from using banks and blocking you from standard investments both in the US and abroad.
Gone are the friendly (in retrospect) days of "if you don't like us you should leave."
From other nations with sketchy governments, you can claim asylum status where you land. For US citizens, you will be assumed to be crazy if you request status. You may as well be as no US citizen is able to prove their own prosecution. If the FOIA keeps any teeth it is still ~30 years after death that a FOI request will show anyone was politically targeted by the executive branch like Martin Luther King.
Enjoy your GDP, but try to stop spending it all in one place.
Once you leave you are on a very small list and you no longer have any legal protections from perpetual US surveillance and potential harassment. Will you eventually be bulk added to some no trade or no fly list? A life is 20 presidents, each with a need to look tough and place blame on scapegoats like those anti-patriots abroad.
Further, that process requires a legal proceeding with the US to investigate you for potential liabilities that is now paid for by you.
The idea of citizenship is not representative of anyone's rights in the US, which is made all the clearer by the new renunciation terms. The US could switch to the british term subject since every US person is at a minimum a subject of investigation. :)
It's a single anecdote and while quite possible that time has affected his memory the fact that he considers our situation even remotely comparable to that under the Stasi - whose history we, as victors, have written up as deplorable and criminal - can at the very least be cause for some concern and curiosity both about our perceived state of freedom and the effect of propaganda.
Nazis? While your sentiment can be respected, comparing the US to a national-socialist political party that manufactured and entire industry of exterminating so-called inferior races is hyperbole to the extreme. Now if you had said Stasi..
It sounds, but US fascism is not really tied to a political party. It's the system.
Being controlled by the right-wing military-industry complex. Being tied to a single political party would make this system way too unstable. It would have be gone within the next 8 years.
The business plot people (the US nazi revolution which was never executed) found that out, watching and controlling Roosevelt in his villa and went along with that insight.
Not only is nazi a shortening of National Socialism but it is also easy to understand when you look at how much focus there was on common effort compared to individual freedoms.
IMO calling nazis right wing is just a very effectibe play to frame liberals and conservatives as closer to Nazis.
The summary paragraph of the cloudfare post demonstrates an important propaganda technique - build an artificial similarity to something that actually does not compare very well with to irritate the reader and to attach the properties of your product / thing you are advertising to something completely different:
"Whereas HTTPS encrypts traffic so nobody on the wire can snoop on your Internet activities, DNSSEC merely signs responses so that forgeries are detectable."
We should notice that cloudflare will not be helpful in building real privacy for the internet. And never forget it.
What would be a better way to produce such a scorecard?
Is there already any collection of common criteria established by computer scientists and accepted by experts and / or any kind of standardization of requirements for secure software that was produced by leading security capacities that allows to extract data for a compact visual comparison like the eff scoreboard?
Would you like to provide or show me a link or any material that compares "the security" of products and offers an understandable and "industry-accepted" categorization?
Isn't it a bit strange that a small organization of non computer scientists produce something that was painfully missing for at least 50 years? Isn't it clear that a first approach to such a thing must fail and that this can only be a prototype for a process that should be adopted and worked out by people who understand what they are doing?
Isn't it a bit strange, that there is no such thing as that scoreboard produced by an international group of universities and industry experts, with a transparent documentation of the review process and plenty of room for discussion of different paradigms?
The eff scoreboard demonstrates painfully the obvious omissions of multiple generations of security experts who failed to establish a clear definition of what security exactly means, how to discuss it and how to find an acceptable approach to establish a thing that would allow to be named "review" in the scientific meaning of the word.
It is totally clear that Apple and Microsoft have very different ideas about security than OpenBSD developers, but it would still be of great value to have a space where people could follow that discussions and compare the results of different approaches and solutions to security related problems.
The eff scoreboard carries the embryo idea of a global crypto discussion, review, comparison and knowledge site that could also serve as a great resource for non-crypto people and students to learn a lot about that field. The highly valued information you and other experts are dropping here and there in HN threads and/or on various mailing lists should be visible in a place that collects all that stuff and allows for open discussion of these things in the public, so people can learn to decide what security means for them.
There is not. Software security is a new field, cryptographic software security is an even newer field, and mainstream cryptographic messaging software is newer still.
The problem with this flawed list is that it in effect makes endorsements. It's better to have no criteria at all than a set that makes dangerously broken endorsements.
The headline is wrong and not very clever for such a project.
The project was able to get a CA to sign their keys, this is what happened. Using the word "trust" is simply wrong and might be interpreted as a too simple kind of propaganda after we learned a lot about the untrustable nature of a hierarchical certification infrastructure.
Another, even bigger trust-breaking elephant in the room is the fact that this project is USA based - as long as US government and agencies are insisting on practices we know from authoritarian and anti-democratic states like e.g. China or Saudi-Arabia there is no way any US based project can use the word "trust" for their product description - it might be recognized as a simple lie by informed people.
Questions to the project leaders:
* you must obey US laws and therefore offer MITM access to every Let's-Encrypt "trusted" network stream - why aren't you educating your users about this serious limitation of your product?
* why don't you rebase your project to a country where a government policy exists that is allowing companies to build trustable security based products?
There is no U.S. law that compels us to "offer MITM access to every Let's Encrypt trusted network stream".
TLS sessions are negotiated between TLS clients and servers. Their confidentiality is guaranteed by that negotiation and the certificate authority, if any, doesn't have the server's private key and can't read the server's TLS sessions.
What CAs have the power to do is misissue certificates. Using a CA's services generally does not increase your exposure to misissuance attacks by that CA. If Let's Encrypt misissues certificates, it could misissue them for sites that are not and never have been Let's Encrypt users, just as any other CA can issue certificates for any public Internet service.
As I've said elsewhere, Let's Encrypt wants to use, and encourage others to use, technologies that limit our power to do the wrong thing, including HPKP and Certificate Transparency. We want more limits on our power and other CAs' power, not fewer, that lead to misissuance events getting caught and attacks on TLS users failing.
