13throwaway's comments

I don't know of any ISPs that are currently MITMing HTTPS. That seems like something that would be big news and get a CA revoked. Do you have a source for that?

Download them all with wget:

wget -O - "http://pastebin.com/raw.php?i=fA7z2BPi" | wge -i -

The problem you run into with a decentralized site is you have to mirror massive amounts of data. I think this is what killed usenet. Also spam is hard to fight.

I wonder if a federated Reddit would work. Different subreddits could be hosted on different servers but the accounts could all be connected.

I have been thinking it would be cool to have a Reddit replacement ran by a non profit, similar to Wikipedia. Does anyone here have experience running something like that? I understand non profits are very complex to run.

App economics are much different from music economics.

From what I have observed, most people (the casual listener) will listen to the free streaming services (pandora, apple radio, etc). When people want to listen to a specific song they listen to it on youtube.

Here it is: https://en.wikipedia.org/wiki/Wikipedia:List_of_hoaxes_on_Wi...

"GitHub plays programmer" This is going to be great!

You can access those pages by removing the final slash.

The problem with allowing self-signed certificates has always been distinguishing if a site should be signed by a CA or not. Consider the follow situation:

Alice sends Bob a link: http://example.com

Bob trusts Alice and now knows that example.com is probably ment to be accessed over HTTP. Now for the next example:

Alice sends Bob a link: https://example.com

With the current implementation of browsers Bob knows that example.com should present a CA signed certificate. But what if example.com wants to encrypt their data, but for whatever reason uses a self-signed certificate? Some people say that Bob's browser should not display a "big scary" warning, but instead display a UI similar to when accessing a HTTP site. However, in this situation HTTPS has lost some meaning. I think http2 should work as follows:

http2:// - encrypted, not verified

https2:// - encrypted and verified

This way the protocol still conveys the same level of information.

However, if it were completely up to me, I would say ditch the CAs and use namecoin to verify certificates.

Using something like Namecoin https://en.wikipedia.org/wiki/Namecoin and storing the cert hashes in the blockchain would allow for decentralized verification.

In order to be an improvement over the CA model a new system would have to satisfy all 3 points of zooko's triangle. https://en.wikipedia.org/wiki/Zooko%27s_triangle

You could try piping it through ssh, I don't know how that would effect the speed though.

tar -cf - /u02/databases/mydb/data_file-1.dbf | pigz | ssh user@destination "pigz -d | tar xf - -C /"

Do you know why the new interstellar movie is on that domain? https://interstellar.withgoogle.com

It would be great to see namecoin become more popular. It would mean we could just use self signed certificates and store the fingerprint in the namecoin record.

Go to this page over a cellular connection. (Turn off your wifi) http://checkyourinfo.com/request Then look for a long number.

I just checked my AT&T phone and I have an X-Acr header too.

Here's a scary thought: How do we know every ISP isn't doing this, it would be undetectable if they only injected these on certain domains e.g. facebook, google. However I don't see how much more tracking ability that would grant over IP tracking.

From what I can tell it seems like room names are not unique. I think this is the reason for the "join by screenshot" feature.

I noticed iOS 8 has been doing this too via api.smoot.apple.com

How about the FBI? http://www.huffingtonpost.com/2014/09/25/james-comey-apple-e...

Can somebody give me some recommendations on how to do this with encryption? I am fine sshing into my server and putting in a password after reboot.