Slashdot Mirror

← Back to Stories (view on slashdot.org)

StartCom Will Stop Issuing Certificates, Revoking Them All in 2020 (startcomca.com)

Posted by EditorDavid on from the un-cert-ainty dept.

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

42 comments

  1. Really? by nospam007 · · Score: 4, Funny

    So Startcom will rename to Stopcom? Cute.

  2. Re:BeauHD is a Russian Plant! by Anonymous Coward · · Score: 0

    Where did you see this?

  3. Re:BeauHD is a Russian Plant! by DontBeAMoran · · Score: 4, Funny

    I'm pretty sure nospam007 read that in Woosh Magazine.

    --
    #DeleteFacebook
  4. I thought most browser companies wanted "freedom" by Anonymous Coward · · Score: 0, Interesting

    Seems like selectively invalidating CAs based upon arbitrary criteria is the complete opposite of this. What's next, actively refusing to honor Symantec Class 3 certs because foxnews has one?

  5. Poop on it by For+a+Free+Internet · · Score: -1

    The Internit needs more poop. I know where we can get more poop. Inquire with Jerry, he lives in the blue house next to the liquor store.

    --
    UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
  6. Re:I thought most browser companies wanted "freedo by OrangeTide · · Score: 0

    instead of buying one cert from one authority, perhaps they want us to buy a cert from every authority. profits!

    --
    “Common sense is not so common.” — Voltaire
  7. Re: I thought most browser companies wanted "freed by Anonymous Coward · · Score: 4, Informative

    https://arstechnica.com/information-technology/2017/07/google-drops-the-boom-on-wosign-startcom-certs-for-good/

    This doesn't seem like an agenda. Its more like if i write a bunch of bad checks, people will stop accepting my checks because i have broken the trust in my credit worthiness.
    Back dating security certs and failing to follow the rules the cert companies have to follow to maintain trust seems like a good reason to stop trusting them.

  8. Great! by Anonymous Coward · · Score: 0

    This is wonderful!
    Of course, I expect them to rebrand and be back in business doing the same thing, and making money off of it again within a year. As long as there are shady people wanting certificates, there will be shady companies willing to supply them.

    1. Re:Great! by Anonymous Coward · · Score: 0

      Shady people don't need these muppets, they just use Let's Encrypt nowadays.

    2. Re:Great! by Opportunist · · Score: 1

      It's not Let's Encrypt or's fault in particular or certificates' fault in general if people expect more from certificates than they can deliver. All a certificate does is to say that you are indeed connected to www.bankofamerika.com. That you mistake it for your bank and enter your login credentials is your problem.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Great! by thegarbz · · Score: 1

      Shady people don't need these muppets, they just use Let's Encrypt nowadays.

      Shady people do need these muppets. Let's Encrypt only provides DV certificates which in general do fuck all for proving who the shady person is behind a computer. All they do is identify the computer as being who they claim their are in their domain.

      Startcom managed to break even this, issuing DV certificates for domains not proven to be in control of the computer. Not to mention they happily issued known weak certificates and had numerous exploitable bugs in their website that allowed you to automatically get certificates issued for other domains.

      So yes, shady people have been dealt a blow. If you're worried about shady people obtaining DV certificates in the first place then my friend you should read up on what these certificates actually do and protect you against, because you wildly over estimated the safety they provide.

    4. Re:Great! by Anonymous Coward · · Score: -1

      It's not Let's Encrypt or's fault in particular or certificates' fault in general if people expect more from certificates than they can deliver. All a certificate does is to say that you are indeed connected to www.bankofamerika.com. That you mistake it for your bank and enter your login credentials is your problem.

      That's also the reason why unilaterally breaking CA trusts is not something that should be done by the browser makers. (Granted that example is obviously a phishing site, but that's not the point here.)

      Certs are just for signing data. You can't use them for trust without some external verification. Most may not do it, hell even the most tech savvy don't do it for every cert they come across, but that point is irrelevant. Breaking the trust means the verification must be done again from scratch. So preserving it is something that is the responsibility of the end user. You could just as easily verify each one and watch for any changes, but the easier method would be to do external verification, then sign the verified cert with your own, and tell the applications you use to trust your cert. Any changes would then throw a warning, and the site would have an easily unrecognized issuer. But that's just one example, the ultimate goal is to tell the user what site you're connected to in a way that gives them evidence for determining trust.

      Sadly, we've seen multiple attacks on this. Google being the biggest offender, namely their constant changes to what their browser will accept as "secure", unilateral revocation of trust, hiding information about what cert vouched for the server in the developer's console, to the extreme breaking of CA trust stores in Chrome OS and now Android 7.

      Chrome OS doesn't allow certs to be installed system-wide. They claim this is a "security measure" for their users, but as any Google Admin will tell you, they don't give a crap once the user is logged in. After that point, the OS will happily allow you to install a man-in-the-middle wildcard CA cert without complaint. You can intercept anything you want at that point. The only thing they don't let you see is the OS login and update data being sent from Google's own servers. So, the OS updates can't be checked, but your bank account login is fair game? Nice trust model.

      Android is even worse, as now the apps can choose to ignore CA certs installed by the device owner, and even ignore the system CA store. Rendering any form of trust completely dependent on the app's own willingness to allow the user to alter it's own CA store on an individual app level. That makes it so much more complex and difficult to implement trust, that the end result is the end user's trust is deemed irrelevant by the app. (Or it would be for the vast majority of Android users once they get upgraded to Android 7.) Not a good thing. That doesn't even begin to deal with the apps that won't implement support for changing their CA stores. For those, the only way to alter them will be a with a rooted device, of which Google seems to consider "untrustworthy" themselves and advices apps accordingly. So much for end-user trust being an issue.

      Now that may seem like a rant against Google, (it partially is), but it's not insignificant because of Google's reach. They have the most widely deployed browser on earth right now, Android makes up half of the smartphone market, and their Chrome OS devices are really penetrating the education markets. This means there is a good chance that at some point you will be dealing with their "trust" model, directly or indirectly, and that means your trust not only with them, but others as well, can be impacted by Google's decisions. A decision they have no business mandating. It's one thing to hand out a list of what you say should be considered "trustworthy", It's another thing entirely to hand out that list while stating it's the only trust you can have.

      Of course the real blame lies not with Google, (their decision to abuse this is their fault, but the

    5. Re:Great! by Anonymous Coward · · Score: 0

      Sheesh man, if you going to post a 1000 word essay...

      1. Get to the point
      2. Don't post anonymously, if you expect to be taken seriously (yeah I get irony)
      3. Get to the point!

    6. Re:Great! by Opportunist · · Score: 1

      Forget better education. Nice idea and I'd like it, but education isn't something you can enforce. The one to be educated has to demand it. And that's not forthcoming. You identified correctly that most users want something that "just works" and don't want to be bothered with the details of how and why. That is basically what happens here.

      If you, as the user, can manipulate the certificate chain and storage, it also means that any attacker gaining access to it can easily manipulate it. And, and this is the really bad part here, without the Average Joe Randomuser having any chance to notice this. Not because the option to check it is hidden in some obscure place or not available altogether, but because he wouldn't even know how and where to look.

      Yes, in a perfect world AJR would go and learn how to do it so he can keep himself safe. But this is unfortunately the reality where Joe doesn't give a shit, but is very vocal once (not if) his bank account is emptied by a bogus app using a forged certificate it slipped into his cert store.

      I'd rather have Joe be silent than him giving our lawmakers a cheap excuse to bless us with even more ridiculous and privacy eliminating laws.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Why I can't stand SSL "security-theater" by Anonymous Coward · · Score: -1

    See subject: It's either always getting BROKEN (forcing devs who use libs like OpenSSL to reissue apps & libs for it + change the call parms from the reissued SSL libs too) or this happens (screwups, intentional OR not, are always going on with the issuers).

    *... & Google is FORCING THIS down user's throats? Follow the money & know why!

    (In a nutshell - this SSL shit keeps getting broken (just like program certs from Comodo & others in 'code-signing') or goes shitty in 1 way, shape, or form...)

    They ought to rephrase the acronym for it as "SuperslowShittyLibs" instead!

    APK

    P.S.=> To top it all off, the crap SLOWS YOU DOWN - & they want YOUR MONIES for this busted slow shit? WTF!... apk

  10. Re: I thought most browser companies wanted "free by Anonymous Coward · · Score: 0, Interesting

    Are there any actual standards that have been violated, or is this a "we don't like this so have a good day" thing? It's ridiculous to make a decision that impacts the world if no actual standards or legal requirements were violated.

  11. Backup your bs w/ proof OrangeTide by Anonymous Coward · · Score: -1

    Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on YOU 'for YEARS' as you said - you can't.

    (If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

    * See you there (somehow I don't think I will & you will continue to embarass yourself as you did starting garbage with me - I am going to let YOU finish YOURSELF boy)

    Additionally - CLASSIC & PRICELESS: I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POST under your 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

    APK

    P.S.=> This is the 8th time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk

  12. Selling Customer Details ??? by Anonymous Coward · · Score: 5, Informative
    The article does not quote all of the message sent to customers:

    Dear customer,

    As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

    The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

    StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years.

    StartCom would like to thank you for your support during this difficult time.

    StartCom is contacting some other CAs to provide you with the certificates needed. In case you dont want us to provide you an alternative, please, contact us at certmaster@startcomca.com

    Please let us know if you need any further assistance with the transition process. We deeply apologize for any inconveniences that this may cause.

    Best regards,

    StartCom Certification Authority

    I don't think their existing customers expect their details to be passed on to the CA's so they can offer their services. Sounds like another way for a dying business to monetise their remaining assets.

    1. Re:Selling Customer Details ??? by DeHackEd · · Score: 2

      Can confirm, I got the same thing. And I haven't used a startcom cert in several years now.

    2. Re:Selling Customer Details ??? by thegarbz · · Score: 2

      That's actually a great and very relevant observation that I glossed over during the submission. Thanks for pointing it out.

    3. Re:Selling Customer Details ??? by Anonymous Coward · · Score: 0

      Are the "other CAs" the dodgy mob who bought them out and put them in this mess (WoSign) ?

  13. Re: I thought most browser companies wanted "free by Anonymous Coward · · Score: 0

    Being a CA requires behaviour beyond reproach - such as acting above, beyond any possibility of suspicion.

    You are suggesting that the behaviour should be "adheres to some standard". Not good enough - the security landscape changes too fast - it has to be a standard such as "demonstrates commitment to ensuring the security and privacy of all". Reports are that they have not managed this standard of behaviour, ethos and culture.

    Writing a pile of rules merely guarantees they will adhere to that pile of rules. Nothing more. Not the spirit of the rules, that's for sure.

  14. Re:BeauHD is a Russian Plant! by Anonymous Coward · · Score: 0

    I'm pretty sure nospam007 read that in Woosh Magazine.

    I can't find that magazine. Did you spell it correctly?

  15. Concerning by Anonymous Coward · · Score: 1

    Is it just me who is concerned that browser makers now rule like kings over the internet? They now have the power to make or break any company in the world by putting pressure onto certificate authorities, and/or simply unrecognising whoever they want. If ever there was a case for government regulation this is surely it. Maybe startcom deserved to get smacked down, I have no idea. But it's the principle of the thing.

    1. Re:Concerning by TheCastro1689 · · Score: 1

      In theory a browser could easily stop supporting websites or script or whatever. Just like with Adobe and Java right?

  16. Backup your bs w/ proof OrangeTide by Anonymous Coward · · Score: -1

    Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on you 'for years' as you said - you can't.

    (If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

    * See you there (somehow I don't think I will & you will continue to embarass yourself as you did starting garbage with me - I am going to let YOU finish YOURSELF boy)

    Additionally - CLASSIC & PRICELESS: I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POSTthat was done under your REGISTERED 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

    SEE YOU TRIED "DOWNMOD HIDING" THIS TOO LAST TIME I POSTED IT https://slashdot.org/comments.pl?sid=11433711&cid=55669021/ - weak!

    APK

    P.S.=> This is the 10th time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk

  17. Re: I thought most browser companies wanted "free by Todd+Knarr · · Score: 2

    Yes, there are actual standards: https://cabforum.org/documents...

  18. Startcom was the Best until WoSign bought them by rriven · · Score: 4, Informative

    StartCom was the best option for multiple certificates. Their price model was vastly better and I wonder if they are having a hard time getting re-certified because the other CAs didn’t like their model.

    You paid for validation not per cert.
    Tier 1 was free and the certs were good for a year. Domain/Email control is all that was validated.
    Tier 2 was your name, and it was $50 a year, but your certs were valid for 2 years. This allowed you to have your name in your email cert and basic checks were performed for domain certs. You were also allowed one Code Cert.
    Tier 3 was more for Organizations or EV certs. Another $50 and the certs were good for 3 years. You could also have code cert with your organization name in it.

    $100 every 3 years could get you UNLIMITED Domain, Email, and two Code certs. One in your name and one in your organization name. The best deal if you ask me. I had 5 email certs and 10 domain certs for $25/year as I only needed to verify once two years.

    The problem started when they were bought by Wosign

    https://www.wosign.com/english...

    Then the shady things that got them revoked started happening and now they are closing shop. My same needs will cost close to a thousand dollars a year.

    --
    Dan
    1. Re:Startcom was the Best until WoSign bought them by jez9999 · · Score: 1

      Yeah. Fuck WoSign with a bargepole, they ruined everything. :-(

      --
      == Jez ==
      Do you miss Firefox? Try Pale Moon.
    2. Re:Startcom was the Best until WoSign bought them by nicolaiplum · · Score: 1

      It is far more likely that Startcom are having problems being accepted by browser manufacturers because:

      Wosign owns Startcom.
      Wosign is known to issue certificates outside the CA/Browser forum rules.
      Startcom has also been seen to issue certificates outside the CA/Browser forum rules since they were purchased by Wosign.
      Wosign still owns Startcom and therefore still controls Startcom.

      Startcom is still poisoned by Wosign and since Wosign won't separate from Startcom, Startcom cannot be trusted as a CA and they know it.

      Nothing to do with their business model, everything to do with who is in control of Startcom.

      --
      "For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
    3. Re:Startcom was the Best until WoSign bought them by TheRaven64 · · Score: 1

      I've moved to Let's Encrypt (which, with acme-client is a bit easier to use) for TLS certs for web servers, but I've not found an alternative for issuing trusted S/MIME certs. This was the most useful thing for StartCom: their S/MIME certs were trusted by all major mail clients, so if you signed your mail with them then you got tamper detection.

      --
      I am TheRaven on Soylent News
    4. Re:Startcom was the Best until WoSign bought them by thegarbz · · Score: 1

      The fact that the OP said the same needs will cost him $1000s means that he quite likely wasn't using DV certificates which is all that Lets Encrypt offers.

    5. Re:Startcom was the Best until WoSign bought them by thegarbz · · Score: 1

      This has nothing to do with their business model or any other CA's ... other than the one who bought them.
      Mozilla has a very detailed rundown of what the problems were with Startcom and Wosign. Both Startcom and their parent have multiple failings listed against them which breached their trust.

    6. Re:Startcom was the Best until WoSign bought them by thegarbz · · Score: 1

      Not quite. There were a few problems with Startcom themselves. But they were more along the lines of lack of disclosure and bugs in the certificate issuance process than major policy issues.

      Startcom deserved to get slapped on the face even without Wosign but without Wosign they'd probably still be in business.

  19. Re:BeauHD is a Russian Plant! by zurmikopa · · Score: 1

    Perhaps you are looking for http://whooshmagazine.com/

  20. Re: I thought most browser companies wanted "free by TheRaven64 · · Score: 3, Interesting

    I don't really have a problem with revoking StarCom's root cert, but it does feel a little bit like singling out the Chinese. Why is COMODO still trusted after they were shown to have terrible security, Symentec after they were handing out certs for google.com to random people and a number of other dubious practices, and the Turkish and Iranian CAs after they were caught signing anything their respective intelligence agencies asked them to? Most of these sound more severe than StartCom's lapses, yet I note that all four of these are still in the default-trusted set for Google, Mozilla, and so on. I'd love to see the standards enforced more vigorously, but uniformly.

    --
    I am TheRaven on Soylent News
  21. Re:BeauHD is a Russian Plant! by Anonymous Coward · · Score: 0

    Nope sorry, not helping, got a source in English?

  22. Backup your bs w/ proof OrangeTide by Anonymous Coward · · Score: -1

    Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on you 'for years' as you said in the post parent to mine in that link I just posted - you can't.

    (If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

    * Additionally - CLASSIC & PRICELESS:

    I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POST that was done under your REGISTERED 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

    SEE YOU DOWNMOD HID THIS 8x TIMES I POSTED IT TOO https://slashdot.org/comments.pl?sid=11430293&cid=55668641/ & https://slashdot.org/comments.pl?sid=11433711&cid=55669021/ + https://slashdot.org/comments.pl?sid=11432725&cid=55669055/ https://slashdot.org/comments.pl?sid=11432725&cid=55669519/ https://slashdot.org/comments.pl?sid=11430293&cid=55669493/ https://slashdot.org/comments.pl?sid=11432483&cid=55666417/ https://slashdot.org/comments.pl?sid=11433711&cid=55669449/ https://slashdot.org/comments.pl?sid=11434053&cid=55670435/ trying to hide it!

    APK

    P.S.=> This is the 21st time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk

  23. Re: I thought most browser companies wanted "free by guruevi · · Score: 3, Informative

    There are issues with Symantec and particular CA were revoked, a lot of them regional and not very newsworthy.

    The mailing lists of the individual browsers capture some of the drama but most CA actually try to fix the issues, StartCom just made things worse as they went along.

    They sold themselves to another CA and started signing and backdating certificates, then when people made a complaint of that all they did was spin off the company to a shell company simply to disassociate them from the name but the same company and people were still in charge.

    Then they got hacked and when heartbleed came along it was proven that they had someoneâ(TM)s certificates stolen, they refused to retract the certificate until their customer paid them to retract it.

    StartComs business model was to profit of customers that found themselves in a bind. It backfired on them.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  24. Backup your bs w/ proof OrangeTide by Anonymous Coward · · Score: -1

    Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on you 'for years' as you said in the post parent to mine in that link I just posted - you can't.

    (If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

    * Additionally - CLASSIC & PRICELESS:

    I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POST that was done under your REGISTERED 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

    SEE YOU DOWNMOD HID THIS 9x TIMES I POSTED IT TOO https://slashdot.org/comments.pl?sid=11430293&cid=55668641/ & https://slashdot.org/comments.pl?sid=11433711&cid=55669021/ + https://slashdot.org/comments.pl?sid=11432725&cid=55669055/ https://slashdot.org/comments.pl?sid=11432725&cid=55669519/ https://slashdot.org/comments.pl?sid=11430293&cid=55669493/ https://slashdot.org/comments.pl?sid=11432483&cid=55666417/ https://slashdot.org/comments.pl?sid=11433711&cid=55669449/ https://slashdot.org/comments.pl?sid=11434053&cid=55670435/ https://slashdot.org/comments.pl?sid=11433711&cid=55671621/ trying to hide it!

    APK

    P.S.=> This is the 22nd time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk

  25. Why I can't stand SSL "security-theater" by Anonymous Coward · · Score: 0

    See subject: It's either always getting BROKEN (forcing devs who use libs like OpenSSL to reissue apps & libs for it + change the call parms from the reissued SSL libs too) or this happens (screwups, intentional OR not, are always going on with the issuers).

    *... & Google is FORCING THIS down user's throats? Follow the money & know why!

    (In a nutshell - this SSL shit keeps getting broken (just like program certs from Comodo & others in 'code-signing') or goes shitty in 1 way, shape, or form...)

    They ought to rephrase the acronym for it as "SuperslowShittyLibs" instead!

    APK

    P.S.=> To top it all off, the crap SLOWS YOU DOWN - & they want YOUR MONIES for this busted slow shit? WTF!... apk

  26. Backup your bs w/ proof OrangeTide by Anonymous Coward · · Score: 0

    Backup your bs w/ proof OrangeTide https://it.slashdot.org/comments.pl?sid=11425437&cid=55663429/ provide proof of me picking on you 'for years' as you said in the post parent to mine in that link I just posted - you can't.

    (If I had issues w/ you I'd have bookmarked it & I never have before YOU came in calling me a "git" (fool) starting hassles!)

    * Additionally - CLASSIC & PRICELESS:

    I also CAUGHT YOU posting UNIDENTIFIABLE AC vs. using your registered 'lusername' yet you point to YOUR POST that was done under your REGISTERED 'lusrname' claiming it too (YOU = FLATOUT-BUSTED -> https://slashdot.org/comments.pl?sid=11432439&cid=55667787/ )

    SEE YOU DOWNMOD HID THIS 10x TIMES I POSTED IT TOO https://slashdot.org/comments.pl?sid=11430293&cid=55668641/ & https://slashdot.org/comments.pl?sid=11433711&cid=55669021/ + https://slashdot.org/comments.pl?sid=11432725&cid=55669055/ https://slashdot.org/comments.pl?sid=11432725&cid=55669519/ https://slashdot.org/comments.pl?sid=11430293&cid=55669493/ https://slashdot.org/comments.pl?sid=11432483&cid=55666417/ https://slashdot.org/comments.pl?sid=11433711&cid=55669449/ https://slashdot.org/comments.pl?sid=11434053&cid=55670435/ https://slashdot.org/comments.pl?sid=11433711&cid=55671621/ https://slashdot.org/comments.pl?sid=11433711&cid=55672301/ trying to hide it!

    APK

    P.S.=> This is the 24th time you've done a "Run, Forrest: RUN!!!" vs. it OrangeTide - why's that? I caught you lying?? Cat got your tongue??? Yes, obviously - pitiful... apk