First, an anecdote: to track sleep problems I have, I bought a cheapest smartband, a Huawei one. It has almost no controls on its own, and it's UI needs a dumbphone (Google or Apple infested) via Bluetooth. Because $REASONS¹ I happen to carry two phones, one of them such a dumbphone, with no IP network connection 99.999% of the time. Setting up the smartband requires a "Huawei account" (but works correctly without network later on). Such an account needs a password. Alas, Huawei has weird requirements (like, banning spaces and non-alnum chars) so none of my usual password schemes work. Pissed off, calling them Nazis would be inappropriate so I instead chosen the password to be "1989tiananmen". Account creation timed off. I tried multiple times, over a few days, both from the phone and from website, on different browsers/OSes/machines/ networks (I did not suspect a low-level interruption). Finally, choosing a different password worked.
So, hmm, how come a https connection gets intercepted by the Great Firewall? No hacking by the govt is involved here... On Thu, Dec 03, 2020 at 01:38:47PM -0800, Rick Moen wrote: > Quoting Arnt Karlsen (a...@iaksess.no): > > > ..meanwhile, I too lean towards Ian's contrarianism: > > http://michael.orlitzky.com/articles/lets_not_encrypt.xhtml > > I couldn't possibly agree more. Let's Encrypt is a Potemkin Village > approach to the SSL cert problem; it's pretend security that pretends as > if a broken and unreliable CA infrastructure weren't that. The CA cartel model is indeed broken, with its "any of thousands CAs can sign anything" scheme. But then, Let's Encrypt at least killed their protection racket. Sure, the mode can be subverted by any of the CAs. But it's governments that can order CAs to do anything, not ordinary crooks. Imagine that you tried and failed to find any door that would taken a skilled lockpicker more than three seconds to open. Would you leave the entrance to your flat wide open without a door at all? That's what you're suggesting. That the door has known security issues doesn't mean it can't still stop causal attackers. CA-model SSL still protects us from script kiddies. So like a common door, it's still a good thing to have. Meow! [1]. Gemini PDA is an awesome micro-laptop, but it's unable to connect to phone networks unless you reformat to a dumbphone OS. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Certified airhead; got the CT scan to prove that! ⠈⠳⣄⠀⠀⠀⠀ _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng