I'd really like to see that research.

Drugs that are a strong indictor of underlying psychological issues like Heroin, maybe. But for weed that's just far fetched, especially compared to alcohol.

You seem to be affiliated to that clearly slopped service. Your rate of comments seems to be low enough to make it plausible that you're not just shilling, but could you at least disclose your relationship to that product whenever you mention it?

> it gets really tiring reading this kind of side-tracked comment thread in like.. every post.

If someone is of the opinion that something constitutes low quality, then a high volume of such writing is no reason to stop criticizing it, but on the contrary a reason to oppose its normalization.

No, it can not. Bash lets you open TCP sockets.

What you are doing here is trying to speak HTTP yourself, which is fine for testing and debugging, and hella cool for fun to do by hand, but you will shoot yourself in the foot if you try to use this pseudo http client unattended in reality. This toy code does not parse HTTP properly and will break.

You could of course write a full http/1.1 client in bash, you can even do a full http server in pure bash: https://github.com/bahamas10/bash-web-server

For less insane, non-bash shells there is always nc which is usually probably the wiser choice.

I hate ClosedAI as much as the next guy, but this is an extremely illiberal take. It's not the kitchen knife manufacturer's fault that people are using their product for murder, it's not my fault that people are doing crimes over the Tor relay I run.

The Tobacco industry is evil because it misleads the public about its product being poisonous and bribes politicians through widespread corruption. Tobacco is also different because it is not a neutral tool that can be used for good and bad, but poisonous and will harm you no matter how you use it.

Comments URL: https://news.ycombinator.com/item?id=48492973

Points: 4

# Comments: 0

Setting the issuance method to something actually secure – unlike http-01 – with CAA or even just pinning your LE account does prevent this. It's just that almost no one does that.

The whole model of certificate issuance relying on http challenges is pretty baffling insecure. We do it this way for adoption, http challenges are easy. Flawed https protecting against most attacks is better than plain http. But still. The whole PKI system is a crude, crippled historically grown mess.

The only one who can check for maliciously published certs is the entity authorized to request them. I think most companies are happy when they manage to have valid, not expired certs and do not care too much about making sure there are not too many of them.

You are right that if the state would start issuing malicious certs en mass that would be found out quickly. But I think very targeted selected operations against entities where they know the entity is unlikely to surveil for unauthorized certs are very much possible.

I'm not arguing for going into conspiratorial thinking and claiming CAs are all compromised and issuing malicious certs all the time. But I do think that it is feasible for states to use CAs under their direct or indirect control to run targeted attacks. I think that is a plausible, serious risk that we do not care enough about and that we should do something about. There is a multitude of precedence starting from LavaBit over the wiretapping of jabber.ru^1, ANOM^2 to CryptoAG^3 that supports this conclusion.

[1]https://notes.valdikss.org.ru/jabber.ru-mitm/ [2]https://en.wikipedia.org/wiki/Operation_Trojan_Shield [3]https://en.wikipedia.org/wiki/Crypto_AG

Looking at LavaBit^1 I really would not be so comfortable. The world and especially the US has not gotten more free since then.

[1]https://en.wikipedia.org/wiki/Lavabit

Comments URL: https://news.ycombinator.com/item?id=48409637

Points: 3

# Comments: 0

If you are in any way harassing people by shouting through the plane for example, I agree. But the SSID of a WiFi network isn't that. No one is forced to continually read the list of available hotspots over and over again. There is nothing special about the fact that it's on a plane here.

Just call the police and say you have a bomb planted on flight XYZ and want 100000$ or you'll detonate it.