villainy , to Opensource in Sectigo’s Wrongful Revocation of RustDesk’s EV Certificate: A Concerning Precedent for the Software Security Ecosystem

Code signing usually requires an extended validation (EV) cert or some other type with more in depth verification.

https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-certificates-for-anything-other-than-ssl-tls-for-websites

Let’s Encrypt certificates are standard Domain Validation certificates, so you can use them for any server that uses a domain name, like web servers, mail servers, FTP servers, and many more.

Email encryption and code signing require a different type of certificate that Let’s Encrypt does not issue.

@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
singletona , to News in ICE has arrested scores of migrants in the U.S. who have no criminal records

THIS SURPRISE ANYONE?!

It was never about 'criminals.' It was about creating an 'other' underclass that can't fight back, and persecuting them to draw attention and focus away from the real problems.

pixelmeow , to cats in Pixel in a hat
@pixelmeow@lemmy.world avatar

I don’t recommend this book for an intro to RAH, because about halfway through stuff starts happening that makes no sense without reading some other books first. Methuselah’s Children and Time Enough For Love, at least. The first is a great intro to RAH, the second is a bit heavy but can be done— as one of his later books it gets into some controversial ideas he liked to write about.

To see what you’re getting into, https://en.wikipedia.org/wiki/Future_History_(Heinlein) and https://www.heinleinsociety.org/faq-frequently-asked-questions-about-robert-a-heinlein-his-works/#Does-the-Future-History-and-the-World-as-Myth-relate-together

Feel free to ask over in https://lemmy.world/c/the_heinlein_society if you like any more info!

moonpiedumplings , (edited ) to Emulation in DuckStation Creator Considers Shutting Down Emulator Amid License Change

Some of these license are very clear about what is commericial

The license chosen in this article is the Creative Commons license, which is not a code license, but instead one intended for art. On their own page, they acknowledge the difficulty with categorizing commercial vs non-commercial usecases:

In CC’s experience, it is usually relatively easy to determine whether a use is permitted, and known conflicts are relatively few considering the popularity of the NC licenses. However, there will always be uses that are challenging to categorize as commercial or noncommercial. CC cannot advise you on what is and is not commercial use. If you are unsure, you should either contact the rights holder for clarification, or search for works that permit commercial uses.

What’s wild is the banshees here rarely acknowledge how AGPL works similar to these now adding restrictions instead of laying out what you can do, but daddy OSI approved it so it must be good.

  1. "You must share source code of this service with your users" is not really an actual restriction on who can use the software and who can use it.

  2. Fuck the OSI. They've done more harm to free software than any other organization. In the recent controversy with redis and SSPL, they refused to acknowledge the actual problem of the SSPL license, that it was unusable due to requiring all "software used to deploy this software" being open source. Does that mean that people who deploy software on Windows have to cough up the source code for Windows? What about Intel Management Engine, the proprietary bit of code in every single Intel CPU. Redis moved to a dual license with that a proprietary license. An unusable license... and a proprietary license = proprietary software. But instead, the OSI whined that the problems with the SSPL was that it would "restrict usage" because people have to share more source code. The OSI, and open source, have always been corporate entities that unsurp free software. Just look at their sponsors page and see who supports them: Amazon, Google, Intel, Microsoft...

The goal is often to help workers & the commons—say you as an individual are free to use it for, or others for places where folks have equal pay or say, or less than 10 seats. To say that since a software license says Amazon can’t use this but you can means it’s all proprietary means you are either Amazon or a goober to think these are equivalent. Something something baby out with the water fallacy

You are moving the goalposts. I argued against a license that restricts derivatives and commercial use. You are now defending licenses that target specific entities and seek to remain open to workers and the commons. A license that restricts derivatives is not this.

To be blunt, I would be okay with a license that specifically restricts retroarch devs from making derivatives, and I would find it funny af. I think that was what the Duckstation dev was going for with the noncommercial and no derivatives (since retroarch maintains forks of software in order to add it as cores), but I'm frustrated at what is essentially a shift to a proprietary license instead.

Although such a hypothetical license that targets the retroarch developers would not be approved by the OSI or the Free Software institutions, I don't really care. Racists don't get rights.

@OH3CUF@mastodon.radio avatar OH3CUF , to random

WTF @librewolf - you had only one job and you are failing in it.

"No telemetry" -> first thing Librewolf does is connect to Mozilla telemetry services.

Found out this by having @littlesnitch installed.

image/png

TheWorldRolledMe ,
BrikoX , to random in Librewolf constantly connected to Google owned IP address
@BrikoX@lemmy.zip avatar

I think it’s related to the push notifications.

You can check by disabling them.

  • Type in about:config in the address bar, press Enter
  • Search for the preference dom.push.enabled and double-click it to set it to false.

librewolf.net/docs/faq/-librewolf-make-any-o…

TCB13 , (edited ) to Selfhosted in Up-to-date OpenSSL guide or tool for creating a certificate authority and self-signing TLS certificates?
@TCB13@lemmy.world avatar

Does someone know a tool that creates a Certificate Authority and signs certificates with that CA? (…) just a tool that spits out the certificates and I manage them that way, instead of a whole service for managing certs.

Yes, written in go, very small and portable: github.com/FiloSottile/mkcert.

Just be aware of the risks involved with running your own CA.

You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.

Why not Let’s Encrypt?

that’s fair but if your only concern is about “I do not want any public CA to know the domains and subdomains I use” you get around that.

Let’s Encrypt now allows for wildcard so you can probably do something like *.network.example.org and have an SSL certificate that will cover any subdomain under network.example.org (eg. host1.network.example.org). Or even better, get a wildcard like *.example.org and you’ll be done for everything.

I’m just suggesting this alternative because it would make your life way easier and potentially more secure without actually revealing internal subdomains to the CA.

Another option is to just issue certificates without a CA and accept them one at the time on each device. This won’t expose you to a possibly stolen CA PK and you’ll get notified if previously the accepted certificate of some host changes.


<span style="color:#323232;">openssl req -x509 -nodes -newkey rsa:2048 
</span><span style="color:#323232;">-subj "/CN=$DOMAIN_BASE/O=$ORG_NAME/OU=$ORG_UNIT_NAME/C=$COUNTRY" 
</span><span style="color:#323232;">-keyout $DOMAIN_BASE.key -out $DOMAIN_BASE.crt -days $OPT_days "${ALT_NAMES[@]}"
</span>
wwwgem , to Open Source in Floorp Browser: One of the best fork of firefox in customization
@wwwgem@lemmy.ml avatar

There’s a hype around floorp right now. Certainly because it’s new and it offers a high level of aesthetic customization.

Unfortunately it doesn’t work for me because:

  1. it takes up too much RAM compared to others. Even though people don’t really care about that on modern machine it goes against my philosophy.
  2. I’ve been tweaking Firefox for a long time to get the highest privacy possible but it was extremely painful and I don’t want to redo that with floorp.
  3. my system look is extremely minimalist and I remove any visual effects in apps I use which would go against the point of floorp.

These are some reasons why I went with librewolf since it was released in 2020. It’s efficient, well maintained, kept up to date with the latest Firefox version, and most importantly to me: deeply respectful of your privacy. Their privacy approach is very well explained in the FAQ It passed all the EFF tests better than any browser I’ve tested after hours of tweaks.

This is only my personal experience and preference. Per the Floorp developer himself privacy is not given the utmost care and users should prefer librewolf in that regard. If you want to use normal privacy and excellent Firefox derivatives, with no doubts, floorp will fit your needs.