Touche.. actually a good point, but actually those are two different situations.
With one, I'm accessing a website and trusting that the certificate is signed by someone I trust; so the trust in my browser certificates (which include certificates from hundreds of certificate authorities all over the world, any one of which could be compromised, robbed, or controlled by an adversarial person or even government) is extended to the site that I'm visiting. To say this is weak sauce rather understates how bad this actually is. (To paraphrase Churchill, this is the worst possible design, except for all the rest.)
With the other, I'm logging into a server for the first time (and I could simply deploy the same trusted host key to all my ssh servers via an autoscaling configuration or whatever). I think it's debatable if TOFU is worse or better than your (granted clever) metaphor.
(to those who'd recommend userify, yes - great for the client login issue and definitely increases security, but to parent's point, TOFU is still needed unless you want to distribute host pubkeys)
Pairing is absolutely necessary for bidirectional authentication, where each party must verify the identity of the other end.
To visit this site, there is no pairing, because the site does not know who I am.
In order to verify the identity of the HN site, I must trust that the maintainers of the installation packages of the browsers that I use (Firefox, Vivaldi, Chromium) have ensured that the built-in certificates have reached me through a secure path. This actually requires much more trust than when someone answers "yes" to the SSH unknown host message.
If I use certificates for accessing e.g. the network of my employer, then my work computer must be paired with some corporate server, i.e. a unique certificate has been generated for myself and it has been copied to some certificate authority server for signing and then to my computer, and also a certificate of the local certificate authority has been copied to my personal computer.
While pairing is unavoidable for bidirectional authentication, it is not necessarily direct between the end points. Both end points must have been paired with at least one other computer but they need not have been paired between themselves previously if there exists some path through secure connections that have been originally created by pairing.
When certificates are used, usually the pairings are not done directly between end points, but each computer must be paired with the server hosting the certificate authority.
The term "pairing" is not used frequently, but it should have been preferred, because frequently the users do not understand which are the exact actions on which the security of their communications depend, which leads to various exploits. The critical security actions are those that perform the pairing.
"Pairing" of 2 systems, e.g. A and B, means that some information must be transmitted through a secure channel from A to B and some other information must be transmitted through a secure channel from B to A. An alternative pairing method is to generate both pieces of information on one of the 2 systems and transmit both of them through a secure channel to the other. The information exchange channels must already be secure, because before pairing authentication is impossible.
The pairing between a PC and the server hosting the certificate authority can be done in various ways, depending on where the PC certificate is generated. If the certificate is generated at the certificate authority than both it and the root certificate must be copied through a secure channel to the PC. If the certificate is generated on the PC, it must be sent through a secure channel to the CA for signing, then it must be sent back also through a secure channel.
In practice, administrators are not always careful enough for the channels through which certificates are copied to be really secure. For instance they may be copied through network links that are not yet authenticated, which is equivalent with the TOFU method optionally used by SSH.
This passionate apologia of nihilism is not consistent with not caring what other people do or want. If "virtue signalling" elicits such reaction, perhaps it's actually working. Besides, voting with your wallet, an actual tangible action, is not virtue signalling.
If you ever visit Bonaire let me know and I can show you the abundance of life we are stewarding on my land.
It's mostly setting healthy boundaries on what we perceive we can affect. I don't buy American food (except Cocoa Rice Crispies), functionally it's a boycott. Is that the reasoning? No, it just tastes like crap.
> I truly don't understand where ya'll draw the line.
> I truly don't care what other people do or want, I just look to ensure I can live the life I desire while respecting that which others want or impose.
This is nihilism. If you have any beliefs, you don't seem to feel it important or necessary to exercise them. You acquiesce without even being challenged.
> Another example is AI. I despise it, and honestly think it's evil. Yet I'm using it to secure financial stability in a way that does not require AI to sustain.
This is also nihilism. You claim to have a belief, but do not exercise it. In your own example, your beliefs are meaningless; you are ultimately lead to whatever action is the most likely to lead to material comfort.
The only people who thrive in a dictatorship are its enforcers. And by the way a dictatorship needs quite a lot of them. That's how, decades after its fall, you get voices saying it wasn't all that bad, there were some nice things actually, or we should do it again.
And also your neighbors absolutely will sell you out.
I agree. A foreign powered civil war is worse than that.
Thriving in a dictatorship, even not as an enforcer, is possible. It's a worse life in general but still a life you can live.
Generally speaking, the only life that truly sucks in a dictatorship is if you become an enemy of the state. That doesn't generally apply to all citizens because, if it did, a dicatorship would quickly end in revolt. That is the theory behind strong sanctions. It's believed that if you starve a nation eventually the citizens revolt. The problem is it takes little resources to keep people happy, ultimately.
Are we still talking about massive companies with power to arbitrarily decide how billions of people use the personal computers they bought? Who's doing the feeling? Why would we presume all of their conduct to be moral?
After an album ends Spotify keeps playing some related music. It's expected to include some tracks that are new to you. Then suddenly you notice "artists" you've never heard of with empty descriptions and "albums" from 2025 only.
Rejecting the system, everyone in it, and everyone that's willing to interact with it, is not a way to get good outcomes. No don't "just take it" but encouraging one of the good opinions of the vice president is fine.
I disagree, some systems are so bad they need to be rejected outright. As a European, I find asking for the help of Vance and Musk as hostile, even if the person asking is in the right.
He is not asking Vance for help as an individual but the position he has for the country the company is headquartered in. What would you expect? They cant go and ask a random country for help on a complicated geopolitical issue. You are supposed (maybe required) to contact officials from your country and relevant agencies and institutions.
I'm not the biggest fan of the US Administration currently either but if a company asks them for help, they're doing what you're supposed to do, and they shouldn't be labeled as bad or sharing the view of the current administration.
I don't see how a representative of the executive and an oligarch of one country have any say in the legal matters of another. You either comply with the laws of the country you operate in, or you get out, it has nothing to do with the president of the country your HQ is in.
At the very least don't complain about it publicly. Using diplomatic channels I think things like this can quietly go away.
But if you make it an issue in the public court of opinion people usually support their own democratically elected government compared to the increasingly hostile foreign regime.
There are legal avenues in any jurisdiction to contest decisions that you believe are unfair. Running to the (vice-)president and your oligarch friends is just weak and makes you look like the bully.
Hm, I'm trying to keep an open mind here so help me:
Why exactly would that be weak? Given the resources and connections it needs, wouldn't it be actually very strong? Also, I'm from EU, and nobody in their right mind sees Italy as the victim. The politics in Italy gave gone insane and they are a huge example of a fuck up as a whole country. Also the EU, is trying to push censorship law and most companies in EU are fight with everyone they've got to not let them pass and organize petitions and what not.
Also are you all people supporting this law and the fine or do people, for some weird reason, have started to hate Cloudflare and letting their emotions cloud their judgement? Lets forget Cloudflare for a moment and imagine just another company... Would you still agree entirely on this laws contents and the procedures and fines issued? Lets please all focus on the important topic here. Companies come and go, but destructive laws keep us suffering for decades on end, maybe forever.
It's weak because people who are connected to power don't need to have a meltdown on a public forum and beg for help.
I have no feelings about either Cloudflare or Italy. I doubt I've thought about Cloudflare for more than 5 seconds at a time before this. I also am not informed enough about this particular issue, some types of censorship are good, others are bad.
That's all besides the point though, the point is that a multi-billion dollar corporation is demonising (as in, actually posting AI slop of Italians as demons) legitimate European authorities and publically asking a bully government to coerce a smaller country into submission.
You are right. But there is a point here that international harmonization and compromise is a solution here. Which is not exactly a strength of an America First policy.
Wishing a national identity and sovereignty did not exist just for your convenience is what this thread is about.
> I wish I could speak Russian in Ukraine without restrictions
There weren't meaningful restrictions. A large number of Ukrainians still speak Russian a lot. Instead this sounds like "forcing" a number of people to speak to you in a particular language in order for you to not feel "restricted".
I was forced to speak Ukranian at school. Is this not a meaningful restriction to you?
> Instead this sounds like "forcing" a number of people to speak to you in a particular language in order for you to not feel "restricted".
Unlike Ukranian government, I never forced anyone to speak any particular language. In fact, what happens when one person prefers to speak Ukrainian, and the other person prefers to speak Russian, is they just do, and they both understand each other just fine.
100%. I saw some vids from Ukrainian frontlines where people say speaking Russian is a problem because in fast situations it's more difficult to identify if you're enemy. This means even there some people speak Russian
It's just about education in schools and official use. And it's crazy to blame a country for requiring using its home language at schools
reply