1. Create a private certificate authority (CA) for your caching proxy. (If you're technical enough to operate a substantial proxy, you're probably technical enough to learn to use OpenSSL.) 2. Distribute this CA's root certificate to the users of your proxy to add to the trusted certificate store in each browser on each operating system on each device that each user uses. 3. For each website that a user of your proxy visits, automatically issue a certificate signed by your proxy's CA, and use that to man-in-the-middle the connections.
Its about having the freedom to maintain your own cache.
The metered link will still get hit once for each user who exercises the freedom to maintain his or her own cache.
Why should I waste metered-bandwith to re-download the same content that I may have already previously downloaded last month, week, or 3 minutes ago?
You wouldn't, because a properly architected website would set an Expires: header in the far future when the URL is a permanent link (one including the document's revision ID). This causes the client not to make another HTTPS request for the same URL so long as the response is not evicted from the client's cache. And even if a website deliberately misuses HTTP/HTTPS cache control to force reloading of advertisement and interest-tracking scripts, you still wouldn't, because you have done Alt+F > Save Page As... to save a local copy as a file on the file system of a computer that you own. Then you can either view that file using the file: scheme or serve the local copy with a URL that you control.
Add your organization (home) certificate signer to your root CA store.
I was under the impression that smartphone and smartphone-derived tablet operating systems made it difficult and/or annoying to add a root CA. How would you get the CA's root certificate onto a device in the first place if it can't read a flash drive? In addition, which graphical frontend to OpenSSL would less-technical users be using to operate this root CA, such as to issue a certificate before uploading it to the router or printer?
It costs more than $0 for the fully qualified domain name, and I imagine that most people who put an appliance with a web-based administration interface on a home LAN don't already own a domain.
Or to put it another way: What is the fully qualified domain name of your router? Your printer?
If you have a web site that has only public data and a very wide audience, then you want people downstream to be able to share downloading using proxy caches
How can users of these caches be certain that these caches are not tampering with the documents that they store and retrieve?
Why do I need to use HTTPS on a website I create that is totally public, offers not login/forums, and takes no payments. Maybe a site dedicated to building Control Line airplanes?
Two reasons: So that the ISP can't modify the page in transit to include advertisements or other unwanted elements, which Comcast has been caught doing. Also so that the ISP can't use the URL paths that their subscribers visit to build interest profiles on their subscribers. With HTTPS, the man in the middle sees only the hostname (e.g. "tech.slashdot.org", not the path ("/comments.pl?sid=12295934&cid=56872990").
If you don't have the time to go to letsencrypt.org, get a free cert, and tell Apache to use it, you shouldn't be running that server.
As for public servers, I agree.
As for servers accessible only within a home LAN, it's a bit more complicated. Let's Encrypt won't issue certificates for IP addresses within IP address blocks reserved for private internets (10/8, 172.16/12, or 192.168/16) or for DNS names within private TLDs (such as.local or.internal). Nor will any other CA that follows the CAB Forum's Baseline Requirements. A fully-qualified domain name is required, and a lot of householders with home networking appliances haven't already bought a domain name within which to assign names for devices on the home LAN. DynDNS? They ended free service years ago.
LetsCrypt is an easy method to get a cert and use it.
Unless you're trying to obtain a certificate for the administration interface of an internal device on your home LAN, such as a router, printer, or NAS. Then you have to not only use Let's Encrypt but also buy a domain. If you try to use Let's Encrypt with a free subdomain owned by a dynamic DNS provider, you're likely to hit the weekly rate limit for the registered domain under which your subdomain was issued. Or have the major dynamic DNS providers completed the Public Suffix List add process for all their subdomains yet?
It is not yours! If they want to say only left hand red heads native born to West New Zealand born between 1970 and 1973 can have their content then that is their choice. Not yours!
How does it "promote the Progress of Science and useful Arts" to allow a owner of a U.S. copyright to discriminate like that, particularly in the context of "equal protection of the laws" later in the same Constitution?
Google doesn't have its own towers, but it does operate an MVNO on Sprint and T-Mobile called Project Fi. Service with unmetered data is $720 per year, and that's without renting any games. For that price, you could buy a New Nintendo 2DS and a dozen games.
It's pretty much perfect for a video library with 99% sequential access, putting it on an SSD doesn't really add any value at all.
Except for convenience to carry around. Many smaller laptops don't have enough internal space for both an NVMe SSD and a SATA HDD. So you'd need a SATA SSD and some sort of external enclosure for your HDD.
By the way, it's a stretch to call an 11" machine a laptop. Notebook at best.
Except that an 11.6" laptop running Windows or X11/Linux is designed to work well offline, as opposed to a Chromebook that is intended to be tethered to Wi-Fi or used with a subscription to a cellular ISP. I'm waiting for general availability of Crostini, a forthcoming feature of Chrome OS to let it run GNU without first being put in self-destruct mode, before buying my own Chromebook.
Nowhere on earth has the latency or the bandwidth for this.
Particularly in the handheld market.
Notice that the headline says "Xbox and PlayStation", not "Nintendo". Sony isn't making games for the PlayStation Vita anymore, and Microsoft never made a handheld in the first place because it's not social enough. Let's say Google did make a handheld to replace the PlayStation Vita, perhaps an Android phone with buttons like the Xperia Play, and it operated by streaming. Which cellular ISP in Google's home country (the United States of America) would offer an affordable plan that competes with handheld use of the Nintendo 3DS and Nintendo Switch systems?
buying a GNU/Linux laptop sight unseen in the limited set of form factors offered by System76 and other GNU/Linux specialists
Yes. Buy from System76 or Dell will allow you to buy computers with Ubuntu pre-installed. My employer does this to save money.
I don't see how it saves money. System76 laptops tend to be almost as expensive as Apple, and there's no 11.6" option (hence "limited set of form factors"). Nor can I try the keyboard or screen before buying (hence "sight unseen").
Don't use windows, so ms products are easily avoidable.
Is there a good way to buy a PC without Windows other than A. buying a Mac, B. buying a GNU/Linux laptop sight unseen in the limited set of form factors offered by System76 and other GNU/Linux specialists, or C. building a desktop instead of a laptop and being stuck at home or at the office while you use it? I broke down and bought a Dell laptop with a Windows license and wiped and Linuxed it, but that's still buying a Windows license.
I want the big number in the advertisement to be the total, not just one line item. This way I can quickly compare one carrier's total to another carrier's total.
I use an external mouse with this laptop when at my desk. When it's on my lap, such as when I'm riding the bus or waiting on a bench for someone, there really isn't room or a good angle.
Your Net Marketshare link with Firefox at 9.92% is narrowed to desktop as opposed to mobile. If you likewise narrow StatCounter to desktop, Firefox is at 11.55% (source). The negligible (0.3%) mobile usage share of Firefox for Android (source: StatCounter) is probably dragging down the overall numbers.
Slashdot Mirror
Let's Encrypt deliberately does not integrate with mDNS.
Try this:
1. Create a private certificate authority (CA) for your caching proxy. (If you're technical enough to operate a substantial proxy, you're probably technical enough to learn to use OpenSSL.)
2. Distribute this CA's root certificate to the users of your proxy to add to the trusted certificate store in each browser on each operating system on each device that each user uses.
3. For each website that a user of your proxy visits, automatically issue a certificate signed by your proxy's CA, and use that to man-in-the-middle the connections.
Its about having the freedom to maintain your own cache.
The metered link will still get hit once for each user who exercises the freedom to maintain his or her own cache.
Why should I waste metered-bandwith to re-download the same content that I may have already previously downloaded last month, week, or 3 minutes ago?
You wouldn't, because a properly architected website would set an Expires: header in the far future when the URL is a permanent link (one including the document's revision ID). This causes the client not to make another HTTPS request for the same URL so long as the response is not evicted from the client's cache. And even if a website deliberately misuses HTTP/HTTPS cache control to force reloading of advertisement and interest-tracking scripts, you still wouldn't, because you have done Alt+F > Save Page As... to save a local copy as a file on the file system of a computer that you own. Then you can either view that file using the file: scheme or serve the local copy with a URL that you control.
Add your organization (home) certificate signer to your root CA store.
I was under the impression that smartphone and smartphone-derived tablet operating systems made it difficult and/or annoying to add a root CA. How would you get the CA's root certificate onto a device in the first place if it can't read a flash drive? In addition, which graphical frontend to OpenSSL would less-technical users be using to operate this root CA, such as to issue a certificate before uploading it to the router or printer?
It costs more than $0 for the fully qualified domain name, and I imagine that most people who put an appliance with a web-based administration interface on a home LAN don't already own a domain.
Or to put it another way: What is the fully qualified domain name of your router? Your printer?
If you have a web site that has only public data and a very wide audience, then you want people downstream to be able to share downloading using proxy caches
How can users of these caches be certain that these caches are not tampering with the documents that they store and retrieve?
Without a cert, how can your subscribers be certain that their ISP isn't tampering with the connection? Comcast has been caught injecting advertisement display scripts.
Why do I need to use HTTPS on a website I create that is totally public, offers not login/forums, and takes no payments. Maybe a site dedicated to building Control Line airplanes?
Two reasons: So that the ISP can't modify the page in transit to include advertisements or other unwanted elements, which Comcast has been caught doing. Also so that the ISP can't use the URL paths that their subscribers visit to build interest profiles on their subscribers. With HTTPS, the man in the middle sees only the hostname (e.g. "tech.slashdot.org", not the path ("/comments.pl?sid=12295934&cid=56872990").
I sort of forget that Google exists at all.
Last I checked, Microsoft didn't operate a video hosting service comparable to Google's YouTube. So what video hosting might a Google-free family use?
If you don't have the time to go to letsencrypt.org, get a free cert, and tell Apache to use it, you shouldn't be running that server.
As for public servers, I agree.
As for servers accessible only within a home LAN, it's a bit more complicated. Let's Encrypt won't issue certificates for IP addresses within IP address blocks reserved for private internets (10/8, 172.16/12, or 192.168/16) or for DNS names within private TLDs (such as .local or .internal). Nor will any other CA that follows the CAB Forum's Baseline Requirements. A fully-qualified domain name is required, and a lot of householders with home networking appliances haven't already bought a domain name within which to assign names for devices on the home LAN. DynDNS? They ended free service years ago.
LetsCrypt is an easy method to get a cert and use it.
Unless you're trying to obtain a certificate for the administration interface of an internal device on your home LAN, such as a router, printer, or NAS. Then you have to not only use Let's Encrypt but also buy a domain. If you try to use Let's Encrypt with a free subdomain owned by a dynamic DNS provider, you're likely to hit the weekly rate limit for the registered domain under which your subdomain was issued. Or have the major dynamic DNS providers completed the Public Suffix List add process for all their subdomains yet?
It is not yours! If they want to say only left hand red heads native born to West New Zealand born between 1970 and 1973 can have their content then that is their choice. Not yours!
How does it "promote the Progress of Science and useful Arts" to allow a owner of a U.S. copyright to discriminate like that, particularly in the context of "equal protection of the laws" later in the same Constitution?
Google doesn't have its own towers, but it does operate an MVNO on Sprint and T-Mobile called Project Fi. Service with unmetered data is $720 per year, and that's without renting any games. For that price, you could buy a New Nintendo 2DS and a dozen games.
They're a convenience slot - you use it to take the card from your camera and copying the photos off it, then putting the card back on it.
I don't see the "convenience" in the operating system holding some file open and thereby not letting the user unmount the card.
It's pretty much perfect for a video library with 99% sequential access, putting it on an SSD doesn't really add any value at all.
Except for convenience to carry around. Many smaller laptops don't have enough internal space for both an NVMe SSD and a SATA HDD. So you'd need a SATA SSD and some sort of external enclosure for your HDD.
By the way, it's a stretch to call an 11" machine a laptop. Notebook at best.
Except that an 11.6" laptop running Windows or X11/Linux is designed to work well offline, as opposed to a Chromebook that is intended to be tethered to Wi-Fi or used with a subscription to a cellular ISP. I'm waiting for general availability of Crostini, a forthcoming feature of Chrome OS to let it run GNU without first being put in self-destruct mode, before buying my own Chromebook.
Hey, remember all those Google hardware initiatives that were runaway smash hits?
There used to be Nexus (affordable phones running stock Android with an unlockable bootloader), but that was it.
Nowhere on earth has the latency or the bandwidth for this.
Particularly in the handheld market.
Notice that the headline says "Xbox and PlayStation", not "Nintendo". Sony isn't making games for the PlayStation Vita anymore, and Microsoft never made a handheld in the first place because it's not social enough. Let's say Google did make a handheld to replace the PlayStation Vita, perhaps an Android phone with buttons like the Xperia Play, and it operated by streaming. Which cellular ISP in Google's home country (the United States of America) would offer an affordable plan that competes with handheld use of the Nintendo 3DS and Nintendo Switch systems?
a Dell laptop with a Windows license and wiped and Linuxed it, but that's still buying a Windows license.
Buy one with Windows pre-installed, then overwrite it with Linux, BSD, etc.
That's still buying a Windows license. PC makers can and do require returning the entire PC in order to qualify for a refund on the Windows license.
buying a GNU/Linux laptop sight unseen in the limited set of form factors offered by System76 and other GNU/Linux specialists
Yes. Buy from System76 or Dell will allow you to buy computers with Ubuntu pre-installed. My employer does this to save money.
I don't see how it saves money. System76 laptops tend to be almost as expensive as Apple, and there's no 11.6" option (hence "limited set of form factors"). Nor can I try the keyboard or screen before buying (hence "sight unseen").
Don't use windows, so ms products are easily avoidable.
Is there a good way to buy a PC without Windows other than A. buying a Mac, B. buying a GNU/Linux laptop sight unseen in the limited set of form factors offered by System76 and other GNU/Linux specialists, or C. building a desktop instead of a laptop and being stuck at home or at the office while you use it? I broke down and bought a Dell laptop with a Windows license and wiped and Linuxed it, but that's still buying a Windows license.
I want the big number in the advertisement to be the total, not just one line item. This way I can quickly compare one carrier's total to another carrier's total.
I use an external mouse with this laptop when at my desk. When it's on my lap, such as when I'm riding the bus or waiting on a bench for someone, there really isn't room or a good angle.
Your Net Marketshare link with Firefox at 9.92% is narrowed to desktop as opposed to mobile. If you likewise narrow StatCounter to desktop, Firefox is at 11.55% (source). The negligible (0.3%) mobile usage share of Firefox for Android (source: StatCounter) is probably dragging down the overall numbers.
Many laptops' trackpads lack a middle button or emulation thereof.