The Avocado Tree is Fruiting
A couple of years back a random sprout appeared in the yard. It looked like a volunteer avocado and grew bizarrely fast. After a few years, it is about 15′ tall and this year it fruited for the first time. It really is an avocado tree.
The CA System is Intractably Broken
I’m dealing with the hassle of setting up certs for a new site over the last few days. It means using startcom’s certs because they’re pretty good (only one security breach) and they have a decently low-hassle free certificate that won’t trigger BS warnings in browsers marketing fake cert mafia placebo security products to unwitting users. (And the CTO answers email within minutes well past midnight.)
And in the middle of this, news of another breach to the CA system was announced on the heels of Lenovo’s SuperFish SSL crack, this time a class break that resulted in a Chinese company being able to generate the equivalent of a lawful intercept cert and provided it to a private company. Official lawful intercept certificates are a globally used tool to silently crack SSL so official governments can monitor SSL encrypted traffic in compliance with national laws like the US’s CALEA.
(aww, someone liked this: https://news.ycombinator.com/item?id=5858538)
But this time, it went to a private company and they were using it to intercept and crack Google traffic, and Google found out. The absurdity is to presume that this is an infrequent event. Such breaches (and a “breach” isn’t a lawful intercept tool, which are in constant and widespread use globally, but such a tool in the “wrong” hands) happen regularly. There’s no data on the ratio of discovered breaches to undiscovered breaches, of course. While it is possible that they are always found, seemingly accidental discoveries suggest far wider misuse than generally acknowledged.
The cert mafia should be abolished. Certificate authorities work for authoritarian environments in which a single entity is trusted by fiat as in a dictatorship or a company. The public should trust public opinion and a tool like Perspectives would end these problems as well as significantly lower the barrier to a fully encrypted web as those of us trying to protect our traffic wouldn’t need to choose between forking over cash to the cert mafia for fake security or making our users jump through scary security messages and complex work-arounds.
Category: FreeBSD • Privacy • Security • Technology
- Mobotix Notifier in Python – get desktop messages from your cameras 2023 June 06
- Get a desktop alert when Thunderbird gets constipated 2023 May 29
- The end of a comic era 2023 May 14
- WordPress forward and back navigation I find pleasing 2023 May 07
- عيد مبارك 2023 April 22
- Technology: maximizing individual radius of lethality. 2023 February 05
- Sidebar featured images only on single post pages 2023 January 24
- LastPass: The Cloud is Public and Ephemeral 2023 January 05
- Some gnuplot and datamash adventures 2022 December 29
- Smol bash script for finding oversize media files 2022 September 02
- Post History