Iran is blocking internet for months, US ...bans creation of secure connections - that'll show 'em!

Russian quasi-government structures are spending quadrillion of rubles on a TSPU (censorship system) to spy on Russian residents, US ...helps them by making snooping on what is currently encrypted traffic possible by banning accessible encryption!

Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.

The terms of service update to clarify what we have always done, comply with relevant law, has not changed the situation for either country.

> Let's Encrypt certificates continue to be available in both Iran and Russia, just not for the Iranian and Russian governments.

According to https://news.ycombinator.com/item?id=48457280 it affects all people ordinarily resident in those territories, not just their governments:

> You are not a person or entity that is:

> (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions;

> [other 'or' conditions]

Sanctions compliance is unfortunately fairly complex.

Let's Encrypt can issue certificates for non-government entities in Iran and Russia due to statutory exemptions protecting personal communications, alongside specific Office of Foreign Assets Control (OFAC) authorizations designed to promote Internet freedom and human rights.

We will look into whether we can make things more easily understandable in the subscriber agreement.

> You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions

Seems to be pretty clear that it would include non-government entities in sanctioned countries.

I wonder what "ordinarily resident" means legally. Like has a permanent address there, even if they don't live there physically..?

Yes. If you are, for example, even a US citizen, permanently living in Crimea, you are still subject to limitations, imposed by sanctions.

I'm not sure if you're talking generally about sanctions or specifically about Let's Encrypt, but to avoid any doubt: citizens of Crimea are free to use Let's Encrypt. We do not, however, serve government entities in occupied Crimea.

you should update the documents to reflect this stance.

"You are not a person or entity that is: (a) located in, organized under the laws of, or ordinarily resident in any country or territory that is the target of comprehensive U.S. sanctions; "

this says nothing (edit: specific) about government (edit: only), and is applicable to normal people in those areas.

A government falls under "entity". So it's about normal people AND governments (and other entities).

Still needs updating if it's supposed to only apply to governments, though.

[Iranian here] Completely agreed. Reminds me of how US banned citizens and businesses in Iran from using cloud infrastructure like AWS or digital ocean, leading to people and businesses moving to the government-sponsored local cloud services, and that made it super easy for the government to block internet access whenever they want without essential services like banking, ecommerce, online taxi booking, food delivery etc being disrupted.

TSPU isn't for spying, it's for censorship enforcement and everything else that makes the experience of using the internet here miserable without a VPN. It's SORM that's for spying. And Roskomnadzor is very much part of the government.

You could look at it equally as the USA saving those citizens because if the authoritarian discover they are using LE they could suffer imprisonment

wait until you find out about Facebook!

I do not see the contradiction: it is a keyboard-only tool for dynamic GUIs, just like that website with JS.

> toxic "so smart I can't communicate" superstars

This is your framing, which is openly hostile to people, that you chose as your enemies. And that framing itself is a great demonstration of toxicity.

The whole narrative is just an attack on engineers, who do the job, coming from the side of the so-called "communicators".

Those new obfuscated links prevent old.reddit to work.

Is there a way for you to post proper direct links?

> Main post: https://old.reddit.com/r/unitedairlines/comments/1tse6mq/ua_...

> All the redditors on board: https://old.reddit.com/r/unitedairlines/comments/1tse6mq/ua_...

> A passenger with a hilariously illtimed username: https://old.reddit.com/r/unitedairlines/comments/1tse6mq/ua_...

You can modify your regex to only match when it's not a shortened url - then the short one will redirect to the real www.reddit.com address, before the redirect matches.

(Don't have the correct regex on hand right now, as I changed browsers and decided to use Old reddit redirect extension instead of scripting, but it worked in my previous browser)

My current regex looks like this:

  ^(\w*)://www.reddit.com/(?!r/[^/]*/s/|media|gallery|notifications|appeals)(.\*)

Mapping to

  $1://old.reddit.com/$2

You can click on any of the links and replace "www" in the url with "old", then you'll have things more or less like how it used to be.

to do that you have to open the link in new reddit first to expand it, then change it to old reddit. if you use a tool that automatically replaces www.reddit.com with old.reddit.com the shortened links break.

For now!

> Those new obfuscated links prevent old.reddit to work.

Can't you just set the old theme in your profile? That's what I do.

I got permanently banned for the "Christianity is just worshipping a Jewish zombie who is his own father who will save you if you invite him into your head, symbolically drink his blood, and eat his flesh" copypasta, so not everyone can log in :)

I'm one ban away from a permaban thanks to the Navy Seal copypasta

only if you actually log in. not everyone does.

They work with old reddit redirect extension on firefox

> Sergei Korolev, the literal architect of the Soviet space program, was sent to the Gulag, where he lost his teeth to scurvy and survived a broken jaw

That's just a scary tale, that was created long after he died.

> Trofim Lysenko’s fraudulent agricultural theories were deemed "more communist."

Not exactly. His "fraudulent" theories delivered real value, and saved millions of people from starving. But he didn't belong to fancy scientific establishment (which traveled to conferences abroad while studying things with no impact to the people). He was a regular man, with experience working on land and with an aim for a practical results. He was not from "the club". So said establishment hated him and seized the first opportunity to attack him. Said establishment in all forms and shapes still hates him and other talented outsiders.

Discussion between Trofim Lysenko and his challengers actually public - you can read it yourself, not distorted conclusion-ready version presented by his haters.

I'm not saying you are wrong on all counts, but at least with those two examples you seem to just follow the usual narrative.

> overly-centralized nature of national resource and economic strategy and planning.

This is a common misconception. Supported by the Soviet Union government in the 80s.

The fact is, that the efforts to sabotage and disband central planning started as early as 1954.

In 1954 an executive order of 14 Oct 1954 reduced the amount of administrative personnel by 450 thousands.

The amount of metrics went down from 9 940 to 6 308 in 1954, to 3 081 in 1955, and to 1 780 in 1958.

Khrushchev moved most of the planning power from central planning institution to the regions and down to the factories and enterprises. What previously was strict targets from the center now became soft suggestions.

Imagine you are a CTO and your workforce is heavily reduces and the goals you set are considered to be a mere suggestions. Not a very efficient instrument indeed. But not because it is overly-centralized.

We have a lot of experience with heat shields from cosmic reentries now, though. This is probably doable.

> Hindenburg 2.0 waiting to happen

Fortunately there's no hydrogen in that plane.

On a side note, buttons icons on this page won't load without javascript. I cannot comprehend what would justify such decision.

Without justifying it, the reason is simple. They are using a front end framework (bootstrap) that many developers use/understand that also supports 99.9% of browsers.

Running a browser without javascript that you still want graphics to display (so not a screenreader or text-based-browser), is part of the .1% they are willing to disappoint.

Do I think it is overkill? Sure. Do I still use jQuery at work even though the vast majority of its once handy features are now baked into JS in the browser by default? Of course.

How do you jump straight from JS to screen reader or text based browser? What happened to HTML+CSS viewer? Isn't reading an RFC the perfect poster child for an activity that ought to consist of viewing a noninteractive document?

> What happened to HTML+CSS viewer?

S in https stands for "script". /s

It’ll be a run-on effect of whatever framework they are using, and they very justifiably don’t want to bother catering to you. Having JS disabled in 2026 and complaining about sites not behaving is simply a performative act.

2015: It's a SPA blog because my employer forced me to do it that way, I didn't want it.

2026: It's a SPA blog because I very justifiably don't want to bother catering to you. Having JS disabled in 2026 and complaining about sites not behaving is simply a performative act.

It’s basic self defense. Who runs around the web in 2026 allowing random JS? Might as well be licking seats on the subway.

> Who runs around the web in 2026 allowing random JS?

Within a rounding error, 100% of people on the internet.

It’s a lot higher pct when you count vpns with JS filtering, ad blockers, etc.

Even then, they're using disallow lists. If you go on a random web page with novel JS, then that'll still be run.

The only people working of allow lists are the people running NoScript and the like, and those truly aren't running random JS. But those people are a rounding error compared to the greater internet.

If you trust your browser it's fine, and if you don't then both CSS and SVG are significantly more risky.

This isn't true at all.

Anything SVG does maliciously, it does by containing JavaScript, so SVG's worst case is a subset of JS's.

Remind me again what the ratio of browser sandbox escapes coupled with full RCE is between JS, CSS, and SVG?

> then both CSS and SVG are significantly more risky.

how???

>and they very justifiably don’t want to bother catering to you

Considering they are one of the very few sites and VPNs that allow sign up without JS your claim is verifiably false. They also collaborate with and develop there own tor browser fork which has the highest rate of non JS user.

What "buttons icons"? When I set the "javascript.enabled" preference in Firefox 151 to "false" and reload the page for RFC 5737, I get a "Javascript disabled? Blah blah blah blah." complaint near the top of the page. I do not get

* the useless-to-me "document history" bar graph at the top

* the automatic switch to Dark Mode(TM) that I don't care about

* functional pull down menus at the very tippy top of the page that are entirely unrelated to RFCs that I give zero shits about

The "without javascript" version of the page seems to me to be otherwise identical. Amusingly, the "Email authors", "IPR", & etc buttons switch to the pages they reference notably faster with Javascript disabled.

What broken things were you seeing that I haven't mentioned? Were you using Chrom(e|ium)? Safari?

> I set the "javascript.enabled" preference in Firefox 151 to "false" and reload the page

Do it the other way around - disable javascript first, clear cache/open incognito (maybe close/open browser after that just for good measure), then go to the page.

If you load it with javascript first - buttons icons stay loaded after you disable it.

The only thing that I don't do in Firefox's "Private Browsing" mode is play a handful of stupid little in-browser games that save progress in a cookie or whatever. I even have Firefox set up to open in "Private Browsing" by default. Here's what I did just now:

1) Quit Firefox

2) Opened Firefox

3) Visited 'about:config'

4) Set 'javascript.enabled' to 'false'

5) Quit Firefox

6) Opened Firefox

7) Re-visited 'about:config' and verified that 'javascript.enabled' is still set to 'false'

8) Visited <https://datatracker.ietf.org/doc/rfc5737/>

It's still exactly like I reported it was. The "Manage browsing data" thing accessed through Firefox's regular settings dialog doesn't indicate that there is any data saved by any ietf.org subdomain, and when I watch the Network pane, a ctrl+shift+f5 reload of the RFC5737 page indicates that the page loads everything from an ietf.org subdomain... so the saved resources from one of the like eight domains in that list aren't relevant.

Fascinating.

I use NoScript, not 'javascript.enabled' setting.

I checked more closely and here is what appears to be missing:

  Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.ietf.org/dt/12.65.2/ietf/bootstrap-icons.5b9cac4e.woff. (Reason: CORS request did not succeed). Status code: (null).

Bootstrap icons.

  Block javascript - icons won't load.
  Allow javascript - icons load.
  Block javascript again - icons load, unless tab is closed and then opened again.

This behavior has been observed previously.

I tried to selectively block css to see how it's tied to javascript.

  Block javascript, block css from static.ietf.org - icons won't load, page layout is broken.
  Allow javascript, block css from static.ietf.org - the icons won't load, layout is fine.

Evidently, with javascript blocked, layout css loads fine, but bootstrap icons only able to load when javascript is not blocked.

'javascript.enabled' setting seem to has no effect on icons. However, unlike NoScript, it does not provide any domain separation/granularity.

Yeah, one side is using phones, the other - signal detection system to launch drone strikes[1].

[1] https://calebhearth.com/dont-get-distracted

If you don't care about privacy, consent and other ethical implications.

Why? You can (and should) ask for consent, and you already need to trust your app (assuming Teams etc) for calls/messages. You can also run transcription models locally