Nougat
- 0 Posts
- 30 Comments
LetsEncrypt is legit. A downside is that the certs expire after 90 days. However, that also carries an upside in that it limits the damage in case a certificate is compromised. There are procedures by which you can automatically renew/request (I forget whether they allow renewing an existing cert or require a brand new one) LE certs and apply them to your application, but that can be fiddly to configure.
If you’re not comfortable with configuring automatic certificate cycling, a long-term paid cert would be more appropriate.
Other benefits:
- Multiple subscription profiles, so you can organize your subscribed channels into groups. “I want to watch stuff about cars and motorcycles - I choose ‘Motoring.’”
- SponsorBlock
- No stupid recommendations to drag you into despair, hate watching, and misinformation.
- Ability to never show shorts.
Downside:
- Max 1080
Since my reports do nothing here (I am not browsing from beehaw directly), we should see what those moderators have to say about it.
@kalanggam@beehaw.org @alyaza@beehaw.org @remington@beehaw.org @JuBe@beehaw.org @knokelmaat@beehaw.org @Gaywallet@beehaw.org @TheRtRevKaiser@beehaw.org @JCPhoenix@beehaw.org @circularfish@beehaw.org
Video title is:
LIVE: Kamala Harris introduces Tim Walz as VP pick at Philadelphia rally
One might more appropriately edit the title to read something like:
Tim Walz references “the couch” meme at Philadelphia rally
But OP saw fit to “ALL CAPS COUCH-F****R!” it.
These guidelines will be enforced on a know-it-when-I-see-it basis.
I saw it. I know it. The title of this post is inappropriately editorialized.
Couple of positives:
Having the current VP take over the nomination at this point is “continuity of leadership.” It’s a much smaller change than bringing in someone with less name recognition, or from a “lower” political position.
Having a woman of color take the nomination would make the race between Harris and Trump much ideologically clearer. It would also dare the right to show its true colors about it. Remember that we got Trump essentially as a “Well, if you can elect a black guy, we can elect a racist lunatic!” Having a woman of color running as the Democratic nominee is going to make people pick sides even harder than they are already, and it’s the “oh god, not Trump” people who really need to be motivated to pick their side.
And you know that Biden’s endorsement of Harris had to have come after discussions with congressional Democrats and other party leaders to make sure most everyone gets in line behind Harris, and doesn’t act like a bunch of backyard chickens going every direction. I expect (hope?) this endorsement to be followed by many others.
I’ll throw some more detail, still working from the “your computer” side.
Your computer is almost certainly configured with a couple of DNS server IP addresses, belonging either to your ISP, or to some publicly available DNS server. When you’re going to www.hotmail[.]com, your computer just asks a DNS server that it is configured to ask - it doesn’t go to a root server (although it could, every computer is configured with root server IPs).
But even before that, your computer first looks to its HOSTS file. That’s a local file that contains manually configured matches between DNS hostnames and IP addresses. Under normal circumstances, this HOSTS file would be empty, but it’s there. Side note: DNS (Domain Name System) is what replaced HOSTS files. Prior to DNS, a university network (for example) would distribute a hosts file for everyone to put on their computer, and that was it.
Okay, www.hotmail[.]com isn’t in my hosts file, what next? Not a DNS server yet - next your computer will look to its local cache. You visited www.hotmail[.]com a couple hours ago, you haven’t rebooted yet, computer looks in its local cache and uses whatever it finds there.
Not in the local cache? Now your computer asks the DNS server its configured to ask for everything. That DNS server has its own cache, so if anyone has asked it for www.hotmail[.]com recently, it already has it, and returns an answer to your query.
If that DNS server doesn’t have the entry cached, it may be configured with forwarders. This essentially means “If I, a DNS server, don’t have a listing in my own cache, I will always pass the query to my forwarder instead of going to a root server.” There may be multiple layers of this kind of behavior, maybe the next DNS server even knows who’s authoritative for hotmail[.]com, and says “go ask them.”
The last word, though, is always the root servers. Root DNS servers are authoritative for ‘.’ and they contain lists of TLDs and the DNS servers authoritative for those.
Another thing to be aware of is that if a computer doesn’t have an IP address for a particular hostname (and it is not configured with a DNS server to ask for everything), it only returns “go ask this other DNS server” to the computer making the query, and then that computer goes and makes the full query to that DNS server.
It is also important to make sure that the DNS server(s) your computer is configured to use are themselves trustworthy. “Dan’s Totally Not Sketchy I Promise Public DNS Server” could very easily be configured to believe it is authoritative for the hotmail[.]com domain, and hand you whatever IP address it is configured to hand out from its own “Totally Authoritative I Promise” zone file.
And I forgot about TTL (Time To Live). TTL is measured in milliseconds, and generally speaking, only gets as short as fifteen minutes. If a cached record is older than the TTL, then the DNS server (or your local cache) will discard it and go ask for a fresh one. This does not apply to hosts file entries, or to static entries in an authoritative DNS zone file; those never expire.
Yes, that’s true, but more generally speaking, an external attacker would need to first gain access. The governments who control their national TLDs already have that access. Could the UK do the same thing with the co.uk TLD? They could, but the UK government seems more trustworthy on that point than does the Russian government.
OP asked specifically about the “safety” of .ru sites. I answered that question in that context.
Something which has not been mentioned yet - Russia controls DNS resolution for any .ru site, and here’s how that works:
When you browse, say, www.yandex[.]ru, your computer needs to know the IP address of a server that hosts that site. Let’s say you are not using an ISP or public DNS server to get your name resolution from DNS hostname to IP address. (All of the following is essentially still what happens, just with a less complicated explanation.)
First, your computer contains a list of root DNS servers. Every DNS query starts with a root server, and those root servers are associated with the often-excluded ‘.’ at the end, like “www.yandex[.]ru**.**” - that trailing dot at the end always exists, we just don’t type it.
The root server says, “Here’s a DNS server which is authoritative for the .ru top-level domain, go ask them.”
Then your computer asks the .ru DNS server where to find www.yandex[.]ru, and the .ru DNS server says “Here’s the server that is authoritative for the “yandex” subdomain under .ru, go ask them where their “www” host is.”
Then your computer asks the yandex[.]ru DNS server where to find www.yandex[.]ru, then that DNS server says “Here’s the IP address that goes with that hostname,” and your computer asks the server at that IP for the website.
Again, Russia controls DNS resolution for anything at .ru. All they would need to do for any subdomain beneath .ru is provide their own authoritative DNS server for yandex[.]ru - or for any other whatever[.]ru DNS name. They could then redirect all browsing traffic to anything under .ru to anything they wanted.
Those FBI takedown pages? This is exactly how that is done. The FBI doesn’t reconfigure a server at the “correct” IP; they redirect DNS for the subdomain to their own IP and own web server in order to display the takedown page. That operation is performed within legal limits, but from a technical perspective, such an operation could just as easily happen outside of legal limits, especially when the party trusted to properly respond to DNS queries is Russia.
tl;dr: Russia can very easily redirect any traffic to any .ru site to anywhere they want.
The letter warned that if the outlet and its reporters “continue their reckless campaign of defamation, President Trump will evaluate all legal remedies.”
The only legal remedy they’re suggesting here is a defamation/libel suit. If Trump is asserting that ProPublica’s reporting on these oh so coincidental payments is false, then he will have to prove its falsehood. Furthermore, he will have to prove that ProPublica acted with actual malice.
- “Generally, to prove defamation, you must show that a false statement was made, about you, to third parties, and which caused you damage.”
- “To win a libel suit, a public figure must prove the publisher of the false statements acted with actual malice. Actual malice means that the publisher knew that the statements were false or acted with reckless disregard for whether they were true or false. This is much harder to prove than negligence.”
You’re out of your element, Donny.
I’m glad other people are noticing the propagandist nature of the people you’re talking about.
For specificity’s sake, we’re talking about the people who drumbeat on “genocide,” lay the entirety of the blame for that at Biden’s feet, and push not voting for Biden as the “solution.” They also so very carefully leave out important details like how congressional Republicans are putting forward legislation that would disallow Biden from pausing arms shipments to Israel (which Biden has said he’d veto).
And the propagandists aren’t here in this thread because that doesn’t work in this context. That being the context of reality where another Trump presidency would so very obviously be exponentially worse, not just for Palestinians, but for all manner of people in multiple places around the world, including the United States.
I am 100% in favor of criticizing the US’ relationship with Israel, especially considering Israel’s present actions against civilians. I would also like to maintain a US government that allows such criticism.
C:\> They could steal your personal data without you knowing. </Access is denied.