diana_coman: | shrysr: sorted, it works now; there was a known issue caused by the version of php running on the server breaking silently some of wordpress functionality; I hadn't realised that the patch for it hadn't been applied, I've patched it now and updated your post with proper html tags to check everything is fine | [03:15] |
diana_coman: | let me know if it misbehaves again | [03:16] |
shrysr: | diana_coman: okz! | [09:25] |
shrysr: | diana_coman: got the permalink thingy enabled in nginx, and enabled https! https://s.ragavan.co/2019/07/implementing-https-lets-encrypt/ | [15:10] |
diana_coman: | heh, certificate authority, lolz | [17:05] |
diana_coman: | but the blog looks good :) | [17:05] |
shrysr: | diana_coman: why lolz! | [17:09] |
diana_coman: | what authority do those "certificate authorities" *actually* have? | [17:16] |
diana_coman: | anyways: why do you actually need to enable https? | [17:18] |
diana_coman: | as homework: what does "I need to demonstrate control over my domain" say about the entities involved? | [17:21] |
diana_coman: | shrysr: your documentation efforts are useful as exercises but do note that a *lot* of "web" is ...fluff, to put it mildly | [17:24] |
diana_coman: | shrysr: here, have a look at this thread in #trilema as it's pretty much related, see if you can follow it http://btcbase.org/log/2019-07-25#1924635 | [17:25] |
shrysr: | diana_coman: i did notice that your website does not have https. My first gripe was that it seems https is enabled by default in browsers, and so I had to keep correcting this to "http". By enabling https > i am basically encrypting the connection between the client (browser) and the server. isnt this a good thing ? | [17:30] |
diana_coman: | the question with defaults should always be: *who's* defaults are they? | [17:31] |
shrysr: | hmm firefox is using the system proxy settings. COmpany's ? | [17:33] |
diana_coman: | shrysr: the main trouble around all those "good things" is that they rarely are exactly what they claim (by now it's almost impossible for them to be, given the huge stack of chairs on which they rely) | [17:34] |
diana_coman: | so you know, to start with, why does firefox decide for you on *your* computer | [17:35] |
diana_coman: | shrysr: here's a bit: http://ossasepia.com/2017/12/07/introducing-eucrypt/#selection-105.113-105.411 | [17:36] |
shrysr: | they shouldnt. I would prefer they do not. I would have guessed - to make it easy for dumbasses to use without any fiddling / exploration whatsoever. | [17:36] |
diana_coman: | re difference between claiming "a good thing" and actually being able to deliver the substance of that | [17:37] |
diana_coman: | you are *always* better off in the dark, cold, painful truth than lulled by a "good" lie | [17:37] |
diana_coman: | for one thing, what exactly do you send to your readers that needs to be encrypted? what, is the content of your blog secret now? | [17:38] |
diana_coman: | and for the other thing, does https actually give you any guarantee of "security" ? (other than a "certificate" ofc, it's not even paper, so presumably you can even get 2 for 1 or some deal) | [17:39] |
diana_coman: | shrysr: yes, to make it easy for dumbasses to use indeed; the trouble is that the moment you make it easy for a lot of dumbasses to use something, that something will inevitably be dumbassed and quite quickly | [17:40] |
diana_coman: | that old thing is still true: *everything* has a cost; including "making it easy for dumbasses to" anything | [17:41] |
diana_coman: | shrysr: do you drive? | [17:42] |
shrysr: | ok. Nothing on my blog is secret. But doesnt HTTPS protect the client as well ?? | [17:42] |
shrysr: | diana_coman: yes i do | [17:42] |
diana_coman: | do you own a car? | [17:42] |
shrysr: | have to :D or walk. | [17:42] |
diana_coman: | heh; now the q is: do you actually know how it works and why ? when you bought it, did you actually get its *technical* manual too? | [17:43] |
shrysr: | well to some good extent yes. | [17:44] |
shrysr: | i got a user manual. not like a documentation o | [17:45] |
diana_coman: | myeah, you know why? "to make it easy for dumbasses to drive too"; last time I saw a detailed technical manual for a car (and therefore was able to literally take the car pretty much apart and put it back together again - with others ofc but possible in a day ffs - was back in the '90s) | [17:46] |
diana_coman: | myeah, "user manual": push that button and it clucks, then this button and it blinks" "oh, but what happened to my car that now it seems to blink both left and right at the same time???" (not kidding, I had someone ask me *this* for real; because they... had no idea what half the stuff in there did or why) | [17:48] |
shrysr: | okay - i totally see what you mean. But what about the ACME protocols tests? Proof that the domain belongs to me? I dont remember using my public key anywhere. But i think a key was generated in the process. | [17:50] |
diana_coman: | back to the "protect the client" (note that there is still the assumption that https actually delivers on what is says though this is not true) - 1. what/how are you exactly protecting them? 2. why? 3. why would you even want to be read by someone who expects *you* to "protect" them without even knowing you, just like that because ...what? | [17:51] |
diana_coman: | re cars do realise that it's not just "I know what it does" - it literally makes you a *better driver* if you actually understand how the thing works! | [17:52] |
diana_coman: | unsurprisingly, but from what I saw at recent driving schools, it seems to have been "forgotten" | [17:53] |
diana_coman: | shrysr: you'll need to re-state the q re protocols, I don't get what you're asking there | [17:55] |
shrysr: | absolutely. I agree with you that it would make me a better driver. but is it practically possible to break down every single thing you own AND put it back... AND not suffer (a lot) meanwhile? I got my first motorbike in college... I wanted to modify it. After all - i was supposed to be an automotive design engineer. The whole point of getting the damn bike was to reach the college.. I ended up working | [17:58] |
shrysr: | diana_coman: https://www.ssllabs.com/ssltest/analyze.html?d=s.ragavan.co >> i was talking about this. | [17:59] |
diana_coman: | shrysr: well, you get to choose your sufferings :D | [17:59] |
shrysr: | diana_coman: and the tests in section 7 ? https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7 | [18:00] |
diana_coman: | right; what's with all that though? i.e.: what's your question? | [18:01] |
diana_coman: | understand that I couldn't care less if your website was certified by Justin Trudeau personally or whoever Big Inca wears a hat and gives certificates nowadays | [18:02] |
shrysr: | :)) | [18:03] |
diana_coman: | I'll read your website because you *are* in *my* WoT and if I think there's something wrong with it, I'll tell *you* because it's your website | [18:03] |
diana_coman: | hence your above homework re that sentence: if you *need* to prove you own the domain, first of all you are just submitting to that new master | [18:04] |
diana_coman: | and ofc, if they own you, it follows they own your domain too, doh. | [18:05] |
diana_coman: | basically that's the whole racket with certificates in general: you lend them authority over your domain in exchange for the shiny stamp that enables dumbasses that "evaluate" based on "does it have the shiny stamp?" to come and spam you, congrats. | [18:14] |
shrysr: | is still staring at the screen ..... | [18:14] |
diana_coman: | aha, thought of poking you a bit more; and yes, welcome to TMSR :) | [18:15] |
diana_coman: | (they can revoke your certificate too, you realise, right?) | [18:15] |
shrysr: | yes. I think there is a validity period for it. | [18:16] |
shrysr: | as well. | [18:16] |
diana_coman: | even assuming they care about the validity period at all when they decide you are not "a nice guy" or whatever "you don't think the right way" | [18:17] |
shrysr: | Ok > what if you trust me because I am in your WoT and then I give you false / misleading info. Can you sue me ? i presume you can sue the EFF or some 'authority' right? I mean sue, as in - isnt hte point of a government / authority etc (ideally) - to be held accountable? | [18:25] |
diana_coman: | take it easy, there's a lot there to get through | [18:26] |
shrysr: | lolz | [18:27] |
diana_coman: | basically in that 1 paragraph you have so many things messed up and mixed up that you can't start discussing it from here, there's a lot deeper you need to go to find some solid ground first | [18:27] |
diana_coman: | shrysr: did you do already a write-up re what you understand the WoT to be so far? | [18:29] |
diana_coman: | the next in line would be the concepts of authority and sovereignity I suppose | [18:31] |
diana_coman: | note that it's not that I trust you because you are in my WoT, that's not how it works | [18:32] |
shrysr: | not a write up yet. All i think I understand now is that you/or a member in the WOT would endorse me as a person you 'actually' know. Use your private key to sign my public key. The more ppl do so - the higher the chances that I am who I say I am ? | [18:36] |
diana_coman: | not quite, it's not just a version of "certificates" | [18:37] |
diana_coman: | for one thing, the WoT is personal | [18:37] |
diana_coman: | for the other, it's always *weighted* | [18:37] |
diana_coman: | i.e. "he's in my WoT" is a shortcut really and I suppose confusing for a newcomer | [18:38] |
diana_coman: | technically, anyone connected to me (even if indirectly ) is "in my WoT", sure | [18:38] |
diana_coman: | think of it this way: all the people you know in real life are directly in your "meat WoT" | [18:39] |
diana_coman: | does this mean you now *trust* them all? | [18:39] |
diana_coman: | and then think of those you don't directly know but can indirectly get to know via your friends or relatives - those 2nd layer are also "in your WoT" of sorts | [18:40] |
diana_coman: | and again: do you trust all those? ofc not | [18:40] |
diana_coman: | the WoT is to a large extent precisely making visible and accessible this sort of people-network | [18:41] |
diana_coman: | i.e. people I know and what I think of them; | [18:41] |
diana_coman: | now what I think of them matters for me, sure, but it's not something directly cumulative like that "if 10 people know shrysr then he is shrysr" what nonsense | [18:42] |
diana_coman: | the point is: if diana_coman says shrysr actually has a working head on his shoulders, then *this* sentence will get in turn different valuations from different people | [18:44] |
diana_coman: | those who have diana_coman in their wot as "that bitch" will say "that shrysr is bad" | [18:44] |
diana_coman: | those who don't have diana_coman in their wot at all, can't really say anything meaningful, it's all a sort of ???? anyway | [18:45] |
diana_coman: | shrysr: questions? | [18:45] |
shrysr: | wait >>> they can have you as 'that bitch' in their WOT or in their head ? | [18:46] |
diana_coman: | in their wot, what | [18:46] |
diana_coman: | remember, it's weigthed; weights are numbers, sure but their *meaning* is assigned by each user | [18:46] |
diana_coman: | the WoT is *not* automated nor possible to automate, no | [18:47] |
diana_coman: | no more than you could (or want to) automate human relationships: the WoT is simply the (necessarily incomplete) representation of relationships | [18:48] |
shrysr: | sorry - my connection is so bad today... I havent setup mosh yet. its taking ages to type with the lag and hindering my response. literally reconnecting between sentences. | [18:49] |
diana_coman: | sucks | [18:49] |
shrysr: | yes... todays been the worst actually. and the convo is so damn interesting. | [18:50] |
shrysr: | LIFE | [18:50] |
diana_coman: | if you explore the WoT you'll find for instance negative ratings too | [18:50] |
shrysr: | yes i saw those | [18:50] |
diana_coman: | realise that you can't meaningfully "add" ratings | [18:51] |
diana_coman: | as in : you have a 2 and a 1 and so your total is 3 | [18:51] |
diana_coman: | that's a bit like saying shrysr's mum loves him and his boss finds him ok so overall he's a good guy to trust with my house keys | [18:52] |
shrysr: | and its(WOT) is NOT like that right ? | [18:52] |
diana_coman: | it stands for Web of Trust | [18:53] |
diana_coman: | so English rules kind of say WoT but this really doesn't matter, lolz | [18:53] |
diana_coman: | will not give certificate of correct and proper writing of WoT anyway | [18:54] |
shrysr: | GLad ! but with my lag... i am glad to be able to type something! lol. ok > so how is WoT different from Linked in? | [18:55] |
diana_coman: | ahahaha | [18:55] |
diana_coman: | I think that's an excellent homework for you: how is the WoT different from Linked In? | [18:56] |
diana_coman: | looking forward to read your output on that:D | [18:56] |
shrysr: | :D I am so sure you are. | [18:56] |
shrysr: | i wil do it... it is intriguing. | [18:57] |
diana_coman: | good for you :) | [18:57] |
diana_coman: | will bbl | [18:58] |
shrysr: | diana_coman: it struck me that... I was in desperate search of something, and found you.. and then swallowed the red pill. LOL. | [20:17] |
Comments feed: RSS 2.0