Not knowing exactly where a damn pizza is at every moment in time is not a first world problem, but worrying about handing a corporation the contents of your cellphone to do with the information anything they please is?
I somehow can't really find the logic in your priorities.
Forget better education. Nice idea and I'd like it, but education isn't something you can enforce. The one to be educated has to demand it. And that's not forthcoming. You identified correctly that most users want something that "just works" and don't want to be bothered with the details of how and why. That is basically what happens here.
If you, as the user, can manipulate the certificate chain and storage, it also means that any attacker gaining access to it can easily manipulate it. And, and this is the really bad part here, without the Average Joe Randomuser having any chance to notice this. Not because the option to check it is hidden in some obscure place or not available altogether, but because he wouldn't even know how and where to look.
Yes, in a perfect world AJR would go and learn how to do it so he can keep himself safe. But this is unfortunately the reality where Joe doesn't give a shit, but is very vocal once (not if) his bank account is emptied by a bogus app using a forged certificate it slipped into his cert store.
I'd rather have Joe be silent than him giving our lawmakers a cheap excuse to bless us with even more ridiculous and privacy eliminating laws.
Have you seen what corporations do in developing countries to get cheap resources and labour? They literally trample all over them, knowing well that the kids they use to get rare minerals and metals won't be able to buy their products, so who gives a shit about them?
Corporations use the intelligence of those they pay for this. And they can do anything without remorse or troubles with their consciousness because everyone in a corporation has someone to point to to shift the blame for any atrocity they "have to" commit.
Your boss laying you off after you told him you just bought a house and have a sick wife and two kids can point to his superior telling him that he has to cut personnel by 10%. His superior will do the same and point upwards. The CEO can point to the shareholder value and if it sinks, investment firms will sell shares and he'll have to let even more people go. Investment bankers can point to the people entrusting them with money they want revenue for, so they can have a nest egg for retirement.
Which points back at you, you, who handed some investment banker money to get some revenue out of it.
It's not Let's Encrypt or's fault in particular or certificates' fault in general if people expect more from certificates than they can deliver. All a certificate does is to say that you are indeed connected to www.bankofamerika.com. That you mistake it for your bank and enter your login credentials is your problem.
OMG! They lied about my pizza status, they say it's being "en route" but it has arrived already! Now they say it's in quality control but the pizza man is ringing at my doorbell already.
Be honest: Do you really care beyond whether it's here in 30 minutes or earlier?
We're not talking about a corporation abusing a monopoly position to deliver a crappy product to inflated prices. Well, that happens too, but that's not the complaint here. The complaint is about a "tracking" app that CANNOT track anything because anything it could track is completely arbitrary. Please tell me how you would track the status of a fucking PIZZA?
We are talking about a "service" that adds exactly zero value to a product but makes the user feel like he's in some sort of "control" over the process. Only to now realize that he controls exactly fuck all. What changes? Nothing. He had no control before, he didn't gain any with the app and he didn't lose any with the app not working.
If anything, we have another corporation that thought they MUST have some sort of app because that's cool today, and I'm pretty sure they thought long and hard just WHAT that app could do, and they obviously came up empty handed because this has to be the pinnacle of ridiculous, superfluous apps.
I'd rather question what kind of information the app sends to its master.
The restaurant workers have to enter the "status" manually (how else would it get updated?) and don't give half a shit about that OCD control freak app, so whoever walks by the terminal on his way to and from the pizza oven clicks a few orders at random that "deserve" an update.
Simply kill what your market research said isn't buying your product anyway. Or go a step further and just kill everyone who cannot prove they bought your product, your sales will instantly skyrocket. Also kill everyone who complains.
Unlike the average Hollywood celebrity this celebrity is a celebrity for his brains, not his boobs, his looks or his ability to be a circus clown jumping through hoops for the entertainment of the masses.
What freedom are you losing?
But you're right, it would be devastating to destroy the economy when we will have to buy a new planet.
I think Apple would sue, after all they're the courageous ones and knowing Apple, they at least tried to patent courage.
If they do an accurate measurement instead of just taking your word, yes, yes they do.
Not knowing exactly where a damn pizza is at every moment in time is not a first world problem, but worrying about handing a corporation the contents of your cellphone to do with the information anything they please is?
I somehow can't really find the logic in your priorities.
Forget better education. Nice idea and I'd like it, but education isn't something you can enforce. The one to be educated has to demand it. And that's not forthcoming. You identified correctly that most users want something that "just works" and don't want to be bothered with the details of how and why. That is basically what happens here.
If you, as the user, can manipulate the certificate chain and storage, it also means that any attacker gaining access to it can easily manipulate it. And, and this is the really bad part here, without the Average Joe Randomuser having any chance to notice this. Not because the option to check it is hidden in some obscure place or not available altogether, but because he wouldn't even know how and where to look.
Yes, in a perfect world AJR would go and learn how to do it so he can keep himself safe. But this is unfortunately the reality where Joe doesn't give a shit, but is very vocal once (not if) his bank account is emptied by a bogus app using a forged certificate it slipped into his cert store.
I'd rather have Joe be silent than him giving our lawmakers a cheap excuse to bless us with even more ridiculous and privacy eliminating laws.
I'm full of myself and have an ego that needs its own zip code, ok, but even I can't hold a candle to either of them.
Cartoonish?
Have you seen what corporations do in developing countries to get cheap resources and labour? They literally trample all over them, knowing well that the kids they use to get rare minerals and metals won't be able to buy their products, so who gives a shit about them?
Corporations use the intelligence of those they pay for this. And they can do anything without remorse or troubles with their consciousness because everyone in a corporation has someone to point to to shift the blame for any atrocity they "have to" commit.
Your boss laying you off after you told him you just bought a house and have a sick wife and two kids can point to his superior telling him that he has to cut personnel by 10%. His superior will do the same and point upwards. The CEO can point to the shareholder value and if it sinks, investment firms will sell shares and he'll have to let even more people go. Investment bankers can point to the people entrusting them with money they want revenue for, so they can have a nest egg for retirement.
Which points back at you, you, who handed some investment banker money to get some revenue out of it.
You just eliminated your own job.
It is a great tool in a corporate setup. It's worse than useless in a private one.
After that, I was just treated like the party buzzkill.
That's what you get if you insist to be the security guy at the marketing meeting.
It's not Let's Encrypt or's fault in particular or certificates' fault in general if people expect more from certificates than they can deliver. All a certificate does is to say that you are indeed connected to www.bankofamerika.com. That you mistake it for your bank and enter your login credentials is your problem.
OMG! They lied about my pizza status, they say it's being "en route" but it has arrived already! Now they say it's in quality control but the pizza man is ringing at my doorbell already.
Be honest: Do you really care beyond whether it's here in 30 minutes or earlier?
We're not talking about a corporation abusing a monopoly position to deliver a crappy product to inflated prices. Well, that happens too, but that's not the complaint here. The complaint is about a "tracking" app that CANNOT track anything because anything it could track is completely arbitrary. Please tell me how you would track the status of a fucking PIZZA?
We are talking about a "service" that adds exactly zero value to a product but makes the user feel like he's in some sort of "control" over the process. Only to now realize that he controls exactly fuck all. What changes? Nothing. He had no control before, he didn't gain any with the app and he didn't lose any with the app not working.
If anything, we have another corporation that thought they MUST have some sort of app because that's cool today, and I'm pretty sure they thought long and hard just WHAT that app could do, and they obviously came up empty handed because this has to be the pinnacle of ridiculous, superfluous apps.
I'd rather question what kind of information the app sends to its master.
The restaurant workers have to enter the "status" manually (how else would it get updated?) and don't give half a shit about that OCD control freak app, so whoever walks by the terminal on his way to and from the pizza oven clicks a few orders at random that "deserve" an update.
The much more spectacular one would have been "MBA student that can analyze data found".
What's that got to do with anything? It's neither his father nor his descendants (if he has any?) talking, it's him talking. Or ... you know.
How is this different from Einstein's hair? Or Stephen Pinker's hair? Or Sapolsky's hair?
Or rms' toenails?
That's what private trackers are for. To keep the pests out.
Simply kill what your market research said isn't buying your product anyway. Or go a step further and just kill everyone who cannot prove they bought your product, your sales will instantly skyrocket. Also kill everyone who complains.
Use Bittorrent and avoid all the hassle.
I did. The Supreme Court replied it has no jurisdiction in my corner of the planet and I should go ask someone who cares.
Can you name one corporation that would not kill a billion people for a 0.1% increase in its profits if it knew it could get away with it?
Unlike the average Hollywood celebrity this celebrity is a celebrity for his brains, not his boobs, his looks or his ability to be a circus clown jumping through hoops for the entertainment of the masses.
We already have this. We call this a corporation.
Ah, around the corner from hell, explains the temperature.