Loved reading his columns back in print magazine days. Found him again changing Leo Laporte's phones language to something other than English. Loved that. Found No Agenda from there. Was quite surprised to hear this news last week. Hope he heals up quickly. I wouldn't be surprised if he back in front of the mic in 3-4 weeks.
I remember first watching back when he was on cable via hacked DirecTV cards. Fascinating back in the day. When it went to the podcast/vid, I started losing interest when it became a smart phone centric, then came the two inadvertent D pics live on air. Never watched a segment since. Great run though, congrats.
I spent 15 years helping to build something great, only to be subjected to abusive gaslighting the last 3-5 years. When I quit, I was called irrational and emotional. Same year, 15 people followed my exodus.
I should have left years earlier, but money was good, and change was hard to think about. Fluffy handcuffs.
2 years later, Org still survives. Best guess is they are in rebuilding stage. No love lost.
I applaud the Let's Encrypt founders, past and current team for solving the automation problem that's plagued the SSL/TLS industry.
The yang to that ying is a lack trust. I have zero trust in a site owner using LE certs. Domain vetting only means control of the domain ... everything inside that beautifully encrypted traffic can be insightful, helpful or script kiddies scamming the vulnerable. If one finds the scam, LE shrugs, "not our problem bruh. We just issue certs to those who control the domain."
They single handedly reduced the price of entry for douchebag asshats ability to pretend someone they are not and harm a non-technical populace.
I think history proved fairly convincingly that people would still get scammed with the old system. Given that, I'll take encrypted traffic almost universally across the internet and scams still being a thing over mostly unencrypted traffic any day.
I wish this statement to be true "... scams still being a thing over mostly unencrypted traffic any day." Sadly this falls in a similar category of domain validation.
TLS or SSL never meant that kind of safety in the first place. Even before LE, there was no guarantee that HTTPS means it's not a scam, and the PKI system has never been meant to guarantee that anyway! Let's Encrypt didn't change anything here, and they're doing exactly what they or any other CA is supposed to do.
Hard to take your article seriously with statements such as "...Levels 1 and 2 of the FIPS140-2 certification are just a marketing gimmick".
Even harder to believe Jakob took the time to respond.
>That is not a big deal, considering that Levels 1 and 2 of the FIPS140-2 certification are just a marketing gimmick for most electronic devices.
They have a point here: technically, the iPhone is FIPS140-1/2 compliant. By itself, that doesn't mean that the device is secure. It does show two important requirements for security.
FIPS isn't trivial. There is a lot of shit crypto on the market, establishing FIPS is not banal. Regardless of FIPS, if not utilized properly, it protects nothing. If utilized correctly, it protects what it needs to. Discounting it show lack of understanding.
They state they believe the device fulfils these requirements, it just isn't certified. And for many customers, it doesn't matter if it actually has the piece of paper to prove it or not.
