Chobbes @ Chobbes @lemmy.world

Posts

0

Comments

465

Joined

2 yr. ago

This is not true. Browsers will happily use http even if https is available, and without other mitigations like HSTS or DANE there is no way for your browser to even know that a site supports https. Many websites will forcibly redirect you to https, but this is the server telling you “hey connect with https instead”. A man-in-the-middle can simply not tell you to use https. Browsers have started marking http sites as insecure and will warn you about sending passwords, however.

AES-256 should be quantum safe and elliptic curve cryptography is not.

Most academic deadlines are "anywhere on earth" in my experience.

Yeah, especially before Let's Encrypt recently it was a complete disaster. Definitely will be better support for ECH soon.

HTTPS is pretty much ubiquitous these days. It's mostly an issue on a few smaller websites and blogs that people haven't cared enough about to bother getting a cert for... But even that is rapidly going away. Even if a website has HTTPS, it's not entirely uncommon for some resources to be loaded over regular HTTP, and sometimes websites don't properly redirect you to the HTTPS version, making it possible to end up on the unencrypted version by accident.

HTTPS is great, and Let's Encrypt has been such a godsend for it... That said it's not perfect, and also has some limitations on its own, and not every website implements all of the mitigations that help HTTPS do its job, so HTTPS adoption is a bit of a mixed bag. A big issue is that when you try to secure a previously insecure protocol this often makes downgrade attacks possible. For instance, if you just type "lemmy.world" into your web browser, and if somebody is able to intercept those packets, they could just reply "hey, I'm the lemmy.world, I don't do HTTPS, let's talk unencrypted" and your browser would have no idea that it should be talking HTTPS instead of HTTP. One way to avoid this problem is just by explicitly telling your browser to use HTTPS by going to "https://lemmy.world", which tells it to talk over HTTPS, and in that case the man-in-the-middle wouldn't be able to tell you to use HTTP instead and won't be able to provide a valid certificate for lemmy.world (hopefully, anyway :P). This is also what HSTS is used for... It's a header that the webserver sends to your browser saying "only talk to me with HTTPS", so once you've visited a site your browser will remember that it should only use HTTPS with it in the future. This only applies to websites which you've visited before, though... To improve the protections a little bit there's HSTS preload lists (basically your browser can have a list of HTTPS websites baked into it, so it knows when to only use HTTPS before you even do), https://hstspreload.org/... Or we could just solve this problem with DNSSEC and DANE, which allows you to look up the TLS certificates that should be used for the domain in DNS.

That's probably more of a rant than you wanted 😅... But basically, HTTPS adoption is really good these days in the sense that most websites will have a TLS certificate available (probably from Let's Encrypt!), and will speak HTTPS. But, there's still areas where we can improve internet security. I'm not sure how the adoption of HSTS is going, but I think it's pretty low. DNSSEC adoption is abysmal and we should probably fix that.

Let's Encrypt was a godsend. Getting a TLS certificate before sucked.

Of course :).

AM transmitters / receivers are far easier to construct than FM ones, though. If I was in an emergency situation where I couldn't communicate with anybody I think I might be able to at least make an AM receiver, even if there aren't very many components around... But I would need a reference to have any clue how to approach an FM one, and you'd definitely need more components available. Frequency modulation is quite a bit more complicated. If you want to transmit, CW is probably your best hope?

Realistically, though, almost anybody in an emergency situation is doomed if the only thing that would save them is building any kind of radio. It's not a skill set that most people have... Which I guess is why you might advocate for everybody's phones to be able to act as FM receivers in case that's the best way to get an emergency broadcast, because then they would have a device that's capable of it on hand. You're probably better off if you have a dedicated emergency radio, especially if you might lose power for an extended period of time, though.

It's not necessarily clear cut for one being more reliable than the other. FM broadcasts are analog and more likely to be subject to interference (interference will directly impact what you hear, but not as badly as with AM radio) and as the signal falls off it will be harder to hear. Digital radio will be perfectly clear as long as you get a signal, but may become distorted or just cut out if the signal is weak and there are too many errors in the data being received. There will be error correction for digital radio signals, but eventually you won't be able to receive reliably enough that it will fail. If I had to guess, assuming all of the equipment is working, digital is probably going to be more reliable than analog radio in more conditions and over a longer distance, and it probably needs less bandwidth in general because you could compress the stream.

Still compiling qtwebkit? :)

There's a lot to love about Gentoo. I miss it dearly, but I've been using NixOS lately and have been very happy with it too. It's just quite a lot easier to maintain and the model for packages makes it a lot easier to set up binary caches and stuff... Still, there's something very cozy about our dear portage :).

TBF most of that compilation time was probably just gcc lol.

C++ is technically a completely different programming language to C, but they share a lot of similarities because C++ is sort of derived from C (and now they've both evolved somewhat separately). The main addition at the start was OOP being baked in to C++. A typical C program is often a valid C++ program as well, but there are some subtle differences in a few areas that can cause problems. C++ has a lot of features compared to C, a more complex type system, a big templating system for compile-time computation, and focuses a lot on adding low/no cost abstractions to make writing programs easier without incurring a high cost at run-time... That said many people do still prefer C, often for its simplicity in comparison.

Maybe the price of the transceivers would go down, at least, lol. I have a general license and I just mess around with a Baofeng for the most part because I cannot justify buying a better radio. Tempted to get a QCX-mini or Pixie kit for a project... Unfortunately the like... $1000+ transceivers are just way out of budget for me, and I'm not sure I'd get enough use out of it to warrant the expense.

It probably also picks up the NOAA frequencies for weather forecasts and will have a standby feature for severe weather alerts. Emergency weather radios are pretty cool, and good to have on hand.

Configuring and building the Linux kernel is actually pretty nice and easy. The main thing that’s frustrating in my experience is just if you need to add a kernel module for a new device or something. It’s not really a big deal, just like “oh, I need to enable the drivers for this”.

Definitely. It’d be nice if there was more reporting when a provider drops your messages.

Hell yeah :). I've heard people have had problems with Linode's IP blocks with MS... I'm glad to hear that Linode was actually able to help you resolve the problem. The biggest problem seems to be that you just might not realize if your e-mails are being dropped. Not sure if MS will notify you via DMARC if your IP block has been blacklisted, from the sounds of things they probably don't and just silently drop things, so I guess you have to monitor the blacklists yourself?

The ISS’s propulsion is just for small orbital adjustments, right?

Dusk is actually amazing and already has such a perfect atmosphere that the graphics just melt away. This feels so wrong to me, but I guess it might work better for some people.

Pedantic question! Does the ISS count as a spaceship? I feel like something that travels in an orbit is kind of the equivalent of something stationary on a planet… so it feels like more of a, uh, station, than a ship to me. It’s a good answer, though!