Nobody wants to watch (even short) videos to see if they are intresting, when they could read a text and judge it by skipping over it before reading in detail.
Release them. If you do it often enough, the scandals about naked pictures will be nonexistant, as too many people had the pictures "leaked". Now good luck getting your money, if your threats are useless.
Of course, they fixed it. Should they have left it open?
> In my opinion, the way the Perl ‘community’, exemplified by people like you two ad hominem at once. First "the perl community", as if it were a homogenous mass, then "people like you".
> It's irritating, but as a Perl hacker with quite some experience I can deal with that. I do not doubt this. And i guess you can take the "STOP USING PERL" with a grain of salt. But it's like other programming languages, there are some paradigma, which make it hard to make mistakes and others, which make it hard to avoid common pitfalls.
btw. that he's not a beginner to perl or a real hater is clear, as he has so much experience with the internal fuckups. you don't know this, if you're only tested it and thought too many cryptic characters. He must have been a power user.
Just listen to the guy. Don't take him too serious, it's a rant and he presents it in a funny way. He has a point, which is proven via a bugzilla hack. But this doesn't really mean "stop using perl". Okay, maybe it does...;-)
Logged in to icq.com to change my icq password and suddenly it reported a compromised account (i guess because it never saw the ip before) and required me to add a mobile number to the account. If i were an attacker, i now not only had the old password (and can change it to a new one), but would even have added my number as recovery option. So i guess security isn't the issue here, they want to collect phone numbers. And without adding it, i can login with a client, but sending a message returns, that the account is locked.
Thankfully it was only an old account i never used much and not my primary one.
even with the official tool it's easy without touching your webserver. letsencrypt certonly --webroot --webroot-path/var/www/ -d yourdomain and then point your webserver to/etc/letsencrypt/live/yourdomain/fullchain.pem
you may even generate your own csr, which allows you to keep the key instead of generating a new one for each certificate. If you see a point in keeping the key (maybe when your use HPKP?) Probably there is some cmdline option to keep the first key generated as well. would need to look it up.
If you really want to make self signed default, as encrypted but not signed is better than nothing, you do not need certs for the default case. Just encrypt and use certs when you need to certify something (like an identity or a domain ownership for the ip owner).
its optional for access recovery (revocing certs when you lost your access key) and notification mails about certs about to expire (to see if your automatic renewal failed).
Perl is proven to be fundamentally broken. Here are two very entertaining videos about how to exploit weird array casting, hashes and so on. I really think every perl programmer should have seen it.
SMS is only to spy on you. A dataset with phone number is worth ten times of a dataset without, because companies can link it with datasets from other companies. Do you know analytics.twitter.com? Go look what your audience looks like. You can see, if people are interested in buying automobiles, etc. Stuff people never twittered? Why? Because twitter cooperates with ad companies, which return your interests when twitter gives them your phone number. And they aggregate from many different services, which have your number. True 2FA without any side effects is google authenticator (which is a offline solution, even if the name doesn't sound like it). You can have it on your pc, phone or even smartwatch. OTP-Codes are just generated based on a secret start code and the current time.
Fix one search term and the people will bring up another problematic one. Failing to see, that the algorithm is neutral to its input and every fix involves humans changing the correct output of the algorithm (which does not judge if the input is correct) to something else.
Remember how people hat algorithmic or even human moderated timelines? They want to see the facts, the posts as they are posted.
For an (image) search it's the same. People do not want to see results moderated (by human or computer) to remove non policial correct stuff. When google finds these kinds of results, then because they were somewhere on the web associated with these keywords. Changing what the search term finds would be lowering the quality of the search, as its function is to find images, which belong to these keywords.
So you may make the mistake and think google image search is a encylopedia. But it isn't, its a mirror of the reality on the web, when it's working as intended. And when high profile sites publish content in such a way, it's found in such a way.
Slashdot Mirror
Nobody wants to watch (even short) videos to see if they are intresting, when they could read a text and judge it by skipping over it before reading in detail.
what have the romans ever done for us?
Release them. If you do it often enough, the scandals about naked pictures will be nonexistant, as too many people had the pictures "leaked". Now good luck getting your money, if your threats are useless.
It was file sharing, which is commonly used for breaking the copyright of musicians.
Of course, they fixed it. Should they have left it open?
> In my opinion, the way the Perl ‘community’, exemplified by people like you
two ad hominem at once. First "the perl community", as if it were a homogenous mass, then "people like you".
> It's irritating, but as a Perl hacker with quite some experience I can deal with that.
I do not doubt this. And i guess you can take the "STOP USING PERL" with a grain of salt.
But it's like other programming languages, there are some paradigma, which make it hard to make mistakes and others, which make it hard to avoid common pitfalls.
> people like this
You're doing it again.
Programmer not getting laid?
Sounds believable.
Back?
btw. that he's not a beginner to perl or a real hater is clear, as he has so much experience with the internal fuckups. you don't know this, if you're only tested it and thought too many cryptic characters. He must have been a power user.
Let me guess, you're a fan of perl?
Just listen to the guy. Don't take him too serious, it's a rant and he presents it in a funny way. He has a point, which is proven via a bugzilla hack. But this doesn't really mean "stop using perl". Okay, maybe it does ... ;-)
And a comment by Larry Wall would be interesting.
Logged in to icq.com to change my icq password and suddenly it reported a compromised account (i guess because it never saw the ip before) and required me to add a mobile number to the account. If i were an attacker, i now not only had the old password (and can change it to a new one), but would even have added my number as recovery option. So i guess security isn't the issue here, they want to collect phone numbers.
And without adding it, i can login with a client, but sending a message returns, that the account is locked.
Thankfully it was only an old account i never used much and not my primary one.
nothing happened, which couldn't happen for other CAs as well.
even with the official tool it's easy without touching your webserver. /var/www/ -d yourdomain /etc/letsencrypt/live/yourdomain/fullchain.pem
letsencrypt certonly --webroot --webroot-path
and then point your webserver to
you may even generate your own csr, which allows you to keep the key instead of generating a new one for each certificate. If you see a point in keeping the key (maybe when your use HPKP?)
Probably there is some cmdline option to keep the first key generated as well. would need to look it up.
What about users, which only use the website?
IF you're hacked, you want to minimize the damage.
> Having such a short expiration period weakens security
This is bullshit. Google uses very short lived certificates for many of its services.
google.com right now (seen from here):
begin: 06/01/2016
end: 08/24/2016
If you really want to make self signed default, as encrypted but not signed is better than nothing, you do not need certs for the default case. Just encrypt and use certs when you need to certify something (like an identity or a domain ownership for the ip owner).
its optional for access recovery (revocing certs when you lost your access key) and notification mails about certs about to expire (to see if your automatic renewal failed).
Perl is proven to be fundamentally broken. Here are two very entertaining videos about how to exploit weird array casting, hashes and so on.
I really think every perl programmer should have seen it.
https://media.ccc.de/v/31c3_-_...
https://media.ccc.de/v/32c3-71...
What do you say about this criticism and the exploited flaws?
SMS is only to spy on you. A dataset with phone number is worth ten times of a dataset without, because companies can link it with datasets from other companies.
Do you know analytics.twitter.com? Go look what your audience looks like. You can see, if people are interested in buying automobiles, etc. Stuff people never twittered? Why? Because twitter cooperates with ad companies, which return your interests when twitter gives them your phone number. And they aggregate from many different services, which have your number.
True 2FA without any side effects is google authenticator (which is a offline solution, even if the name doesn't sound like it). You can have it on your pc, phone or even smartwatch. OTP-Codes are just generated based on a secret start code and the current time.
You're buying the wrong devices.
And the correction assumes it as well.
Fix one search term and the people will bring up another problematic one. Failing to see, that the algorithm is neutral to its input and every fix involves humans changing the correct output of the algorithm (which does not judge if the input is correct) to something else.
Remember how people hat algorithmic or even human moderated timelines? They want to see the facts, the posts as they are posted.
For an (image) search it's the same. People do not want to see results moderated (by human or computer) to remove non policial correct stuff. When google finds these kinds of results, then because they were somewhere on the web associated with these keywords. Changing what the search term finds would be lowering the quality of the search, as its function is to find images, which belong to these keywords.
So you may make the mistake and think google image search is a encylopedia. But it isn't, its a mirror of the reality on the web, when it's working as intended. And when high profile sites publish content in such a way, it's found in such a way.
Look at the shape of the $ and you'll figure it out.
So, YOU are getting the data? Or MS?
My PC has a 30 GB SSD for my system drive and only 20 GB are used with a lot of programs installed.