Huh, I have the opposite experience, I love Zulip's UX. The fact that everything is a thread in a channel means I can quickly skip the threads I don't want, and I don't have to mark things as read in an all-or-nothing fashion. Slack doesn't let you do this, if you read a channel, it's now read, and you can't say "actually, keep this thread unread for later".
I understand that part but it makes it really difficult to peruse when joining a large instance. I have little to no idea what I'm even looking for, which actions are going to cause side effects others can see, etc.
Public key infrastructure without CAs isn’t a thing as far as I can see, I’m willing to be proven wrong, but I thought the I in PKI was all about the CA system.
We have PGP, but that's not PKI, thats peer-based public key cryptography.
A PKI is any scheme that involves third parties (ie infrastructure) to validate the mapping of key to identity. The US DoD runs a massive PKI. Web of trust (incl. PGP) is debatably a form of PKI. DID is a PKI specification. You can set up an internal PKI for use with ssh. The list goes on.
I don't know what's going on in this thread. Of course PKI needs some root of trust. That root HAS to be predefined. What do people think all the browsers are doing?
Lineage is signed, sure. It needs to be blessed with that root for it to work on that device.
They're assuming PKI is built on a fixed set of root CAs. That's not the case, as others have pointed out - only for major browsers. Subtle nuance, but their shitty, arrogant tone made me not want to elaborate.
"Subtle nuance" he says, after I've spent multiple comments explaining that bootloaders reject unsigned and untrusted-signed code identically, whilst he and others insist there's some meaningful technical distinction (which none of you have articulated).
Then you admit you actually understood this the entire time, but my tone put you off elaborating.
So you watched this thread pile on someone for being technically correct, said nothing of substance, and now reveal you knew they were right all along but simply chose not to contribute because you didn't like how they said it.
That's not you taking the high road, mate. That's you admitting you prioritised posturing over clarity, then got smug about it.
Brilliant contribution. Really moved the discourse forward there.
This is fascinating, I had no idea it worked this way. I just always sort of assumed people happened upon random places that eventually make the news, not that there's a backlog of places to explore.
The backlog has actually gotten really bad in the last decade because of all the LIDAR surveys. There are many large settlements in the jungles of Central and South America that have been discovered in recent years that are both more expensive to study because they're so inaccessible and much larger so they're difficult to keep secret.
I have no idea about any of that but like I wasn't thinking of github until you mentioned it and this comment I upvoted because was informative and relevant to the discussion and I don't know about R.E but curious to try and this kind of activity just seems like the sort of things people who are interested in software, learning and aware of security do... like to find bugs or malware or something... FOSS or not - actually "especially if not FOSS" you'd kinda like people to scan their binaries at <big tech corp> and have that knowledge indigenous wouldn't you? while thinking of code security etc, anyway
I concur. I was completely ignorant of the entire patent troll "business model" until dealing with some corp patent stuff in 2003.
My immediate visceral reaction then is same as it is some 20 years later: "Fuck these assholes, they add zero value to society and shouldn't be allowed to exist."
They want a business of some sort, not AGPL I'd assume. It doesn't look nefarious, just misguided. However a license switch will cause another hellstorm so I suppose they're in a tough spot.
Not only that, but the OP created that account solely to hype their own product lol. There’s another bot downthread doing the same thing. Minimally it feels like dang should not let new accounts post for 30 days or something without permission.
That might reduce botting for about 30 days, people will just tee up an endless supply of parked ids that will then spin up to post after the lockout expires.
reply