Because there is a quadrillion trusted CAs in every device you might use. A good chunk of these CAs have been compromised at one point or another, and rogue certificates are sold in the dark market. Also any goverment can coerce a domiciled CA to issue certs for their needs.
All modern browsers require certificates to be published in the certificate transparency logs in order to be considered valid.
These are monitored, things do get noticed[0], and things like this can and have lead to CAs being distrusted.
It's not foolproof, and it's reactive rather than proactive... but in general, this is unlikely to be happening on major sites or at any significant scale.
I'd wholeheartedly recommend people taking some time and reading through the CA Compliance issues on Bugzilla. The entire CA program there, in my opinion, does a fantastic and largely thankless job of keeping this whole thing on the rails. It's one of the few things I can say I had _more_ trust in the more I looked into it.
China telecom regularly has BGP announcements that conflict with level3's ASNs.
Just as a hint in case you want to dig more into the topic, RIR data is publicly available, so you can verify yourself who the offenders are.
Also check out the Geedge leaked source code, which also implements TLS overrides and inspection on a country scale. A lot of countries are customers of Geedge's tech stack, especially in the Middle East.
Just sayin' it's more common than you're willing to acknowledge.
Well yes, CAs and the ICANN model of DNS are intertwined and fundamentally broken in multiple ways. However the system as a whole is largely "good enough" as can be seen from its broad success under highly adversarial conditions in the real world.
That's not really how security works. Either it's broken, or it's not. Security is only as good as the weakest link in the chain. Whether it's good enough or not... hard to say.
That sort of reasoning only applies to algorithms - those shatter the way glass does. Other stuff is more pliable. It's entirely possible to shoplift but there's a nonzero chance you'll get caught. Is the supermarket's security broken? There are many known attacks against it so I'd say that it is.
Notice my wording above - fundamentally broken in multiple ways - by which I mean that there are clear and articulable flaws with the model. Nonetheless it's clearly quite functional in practice.
I tried various solutions around this. CloudCLI (ex claudecodeui) looked promising, but very buggy (disconnects, UI overlapping text, etc). Tried Claude Remote Control as well, but also very buggy, websocket disconnecting, UI broken.
I ended up just running Claude code in a dtach+ttyd session. Still not the best, as xterm.js has tons of issues with long scrollbacks, but it's at least somewhat _usable_.
Hello Galanwe, CloudCLI author here. This is a fair criticism and something we are actively working on. The older versions had real issues with websocket stability and the chat ui. We shipped a pretty big refactor yesterday that should fix most the disconnects and page rendering issues. Would be worth another look if you have a few minutes.
If you hit anything else, feel free to reach out to me personally (email in my hn profile) or via the discord channel we have. Always useful hearing from people who actually tried it and ran want to make it better
So I did spend some time retrying it today, and while I can see some improvements, it is still not in a shape where I trust it enough to replace ttyd.
Some feedbacks:
- The UI is bloated with not-so-useful widgets which take a lot of space. On my S22 Ultra, arguably a screen on the larger side of the spectrum, around 60% of the screen real estate is used for non-chat purpose. If I start to enter text, that jumps to 90% of the screen for widgets, and can see barely a line or two of chat history while typing. Most of these widgets are options that you maybe change once in a while (thinking mode, model selection) but don't need to have all the time above the text input. Same for the "Processing / Stop generation" widget, it takes 20% of the screen.
- The login flow is broken. I have to login two times in a row for it to work. Also if anything goes wrong during login, there is no error message and you're just not logged, and end up trying to login through the shell tab, which is painful.
- I still have issues with answers appearing below the text input, effectively hiding the last lines of the answers. Much less than in the previous version, but it does still happen. Refreshing the page fixes it though, which is a win compared to before.
- Sometimes my last message appears at the very bottom of the chat as if I retyped it. Refreshing the page make it disappear.
- Unclear to me what the right hand side options do. I tried many of them and can't tell a difference.
Index funds and ETFs also have strict replication rules limiting the amount of non-physical replication in their legally binding prospectus...
The more physical a tracker is, the lower the tracking error, but also the more fees you have to pay. "Good" ETFs/IFs are often 98% physical. This makes for higher fees, but more safety for subscribers in case of large swings.
So it's not like they are _free_ to replicate however they see fit, the replication mechanism is part of the product.
It means holding the actual stocks in the underlying index, as opposed to synthetic replication, which aims to achieve returns matching the index via derivatives or other techniques.
It's physical in the sense that literal means not literal nowadays.
ETF and index arb traders use the term physical to describe securities that require full margin. Example: Sell stocks, buy index futures (and reverse) is the classic EFP equity trade. To be clear, futures are highly leveraged, thus do not require full margin.
This is all good and we'll on the IaC side,yes. But at the end of the day, buckets are also user facing resources, and nobody likes random directory / bucket names.
That's a contradiction, a bucket name being treated as a secret in IaC, while being a user facing resource. So no, they're not user facing resources.
If anyone wants them to be user facing resources, then treat them as such, and ensure they're secure, and don't store sensitive info on them. Otherwise, put a service infront of them, and have the user go through it.
The S3 protocol was meant to make the lives of programmers easier, not end users.
It would be nice if the other end of this could be addressed: a configurable policy to limit resolution of bucket names within an account namespace. Ideally, if someone doesn’t have permission to resolve a bucket name, they shouldn’t even be able to detect whether it exists.
I fail to see the link between private conversations/DM and E2EE.
To quote a comment I made some time ago:
- You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed.
- You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices.
- You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request.
E2EE only prevents naive middlemen from reading your messages.
Fundamentally actual E2EE is complicated problem. And probably not very user friendly. It is full of technical trade-offs. And mistakes are very common. Or they lead to situations that people do not want. Like if you lost your phone or it break how do you get history back... What if you also forgot password? Or it was stored in local manager...
It is phrase that sounds good. But actually doing it effectively in way that average user understand and can use system with it with minimal effort is very hard.
Well there are technical solutions for this: blind signatures.
I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.
Any veryfying entity just need to know the government public key and check it signed my key.
The ID check laws are about matching an identity to a user account.
If the identity check was blind it wouldn't actually be an identity check. It would be "this person has access to an adult identity".
If there is truly no logging or centralization, there is no limit on how many times a single ID could be used.
So all it takes is one of those adult blind signatures to be leaked online and all the kids use it to verify their accounts. It's a blind process, so there's no way to see if it's happening.
Even if there was a block list, you would get older siblings doing it for all of their younger siblings' friends because there is no consequence. Or kids stealing their parents' signature and using it for all of their friends.
> I’m trying [...] to save life and property from severe events at scale
Tell me you work in Silicon Valley without telling me you work in silicon Valley.
Sorry but I couldn't resist. There is something in US startup mentality where you can't just "create an app and make a living", you have to be on a grand mission to save the world. That may be normal out there, but for the rest of the world it just seems... Get back to earth man :-)
Sure, most of us are doing nothing to help people and are using grandiose language to describe reticulating splines. I don’t think that applies to good weather apps though, a lot of people do die because they are unaware of weather events. I would be very unsurprised to learn that any major weather app has directly saved lives. The U.S is a very… weatherful place.
reply