tomfitz's comments

That's a neat visualisation.

n^2 = sum(1..n) - sum(1..n-1) = 2sum(1..n-1) + n

=> n^2 - n = 2sum(1..n-1) => n(n-1) = 2*sum(1..n-1) => sum(1..n-1) = n(n-1)/2

And you can rewrite that as... sum(1..n) = n(n+1)/2

https://www.haproxy.com/blog/dns-service-discovery-haproxy/ (which is a link on the OP) says TTL on SRV records "is ignored by HAProxy as HAProxy maintains its own expiry data which is defined in the configuration".

Is this true for A records too?

If so, neither haproxy nor nginx expire cached A records.

Nginx Plus does, and a few nginx plugins do, however.

https://github.com/airbnb/synapse is a process that polls DNS, and updates haproxy config accordingly and SIGHUPs haproxy I've used synapse to solve this issue, but it's a moving piece I'd rather not have involved.

The author has a few well written pieces. These two are hilarious: https://robertheaton.com/2014/10/25/tales-from-a-san-francis...

https://robertheaton.com/2014/07/14/getting-nothing-done-a-m...

Pressing "Erase browsing history" in the Android persistent notification bar seems to do this.

U2F keys are linked to the associated domain (e.g. google.com or dropbox.com), so your U2F would not present your google.com key to a U2F prompt on googlehax.com

This stops the proxy attack you describe getting a session key, but not getting your password. Of course, the password alone is insufficient.

Use TOTP as a fallback.

You might argue "well why bother with U2F, if you are going to set up TOTP anyway", to which I respond that using U2F is still a net win, because for the times you use U2F, you are safe from phishing attacks.

That in an emergency situation you have to use TOTP, and thus be vigilant that you aren't being phished, does not negate the benefits from having used U2F previously.

I can see that by enabling TOTP as a second-factor, it increases your attack surface. That is, you now have to care about whether your TOTP secret has been leaked. I consider this cost to be small, compared to the benefit of being able to fallback to TOTP. Others may decide this tradeoff isn't worth it.

I just tried deactivating, and upon logging in to Messenger (which works) it logged me into Messenger, but not FB.

Sweet!

https://en.wikipedia.org/wiki/Stellar_(payment_network) is a decentralized currency that already isn't the "ecological disaster" that Bitcoin is.

> First, pointing out that there are harms and she's aware of them, despite not addressing them, because she refuses to disclose her communications.

Though I'm skeptical of how much a 3m42s interview can be said to represent the entirety of her views, I'd say she alludes to the harms by referring to such access as "warranted". That is, authorisation is restricted [because of the costs of unrestricted access].

> Second, that the spying will be used asymmetrically - you, dear citizen, will have all your communications recorded, stored indefinitely, and subject to discovery when some prosecutor or large corporation decides to do away with you.

This law would apply to politicians too, right? If they're suspected of a crime, a warrant could be issued for their communication details.

> But try and find out which corporations are sponsoring which politicians, who owns them, and what kind of deals those politicians are making in your name, and you'll meet a stone wall of silence - just like in the TTIP negotiations.

As mentioned, if those are crimes I expect them to be investigated similarly.

> I don't think this is a stronger argument. In fact, I don't think this is an argument at all.

Sorry yes, my single sentence wasn't the entirety of the argument. I was referring to arguments that rely on the benefits of privacy, rather than defeating a strawman (my, as you say, literal reading of top-level comment).

This is the argument raised by security experts in http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAI... , which I'm not qualified to disagree with. It seems strong! Even if it were technically possible, I expect there's also a strong argument along the lines of asserting our right to privacy.

> I think GP's point is the warrant isn't needed.

GP?

> Whether [...] you are simply pointing out that those in authority have a default duty/right to an individual's private conversations

Certainly not. Whether they do ought to should be decided by society and its representatives via the legislature.

> She wants to institute pervasive spying (targeted spying can be achieved by individually planting hardware backdoors, or simply recording the suspect entering their password).

I can see targetted spying is possible today. It sounds like she wants targeted spying to be cheaper, and restricted by the judicial system.

> But pointing out the harms of pervasive spying is a weak argument, because she didn't deny (or even address) those harms?

The argument I replied to wasn't pointing out the harms of pervasive spying. Nor was your argument.

"If she wants law enforcement to be able to see other's metadata, she should expose her metadata" is weak. We needn't waste time with that.

There are stronger arguments, such as asserting our right to privacy, or perhaps that it isn't technically possible without critically compromising encryption for everybody.

I'm not sure of the relevance of this to jstanley's argument, nor my rebuttal.

Is the home secretary using that argument?

We ought to use strong arguments. This thread's arguments aren't strong.

Are you law enforcement with a warrant?

https://github.com/technomancy/better-defaults aims to be "a small number of better defaults for Emacs".

I use it, though I'm not a heavy emacs user.

Same in other parts of Europe, Australia, and New Zealand

I do this, which helps a lot. I still find myself mindlessly browsing during "downtime", however.