I have a lifetime Pastebin account that I hadn't used for some years. Last year I enrolled in a "linux administration" class and tried to use that pastebin (famous for sharing code) to share some code/configurations with other students. When I tried to paste my homework I kept getting a Cloudflare error page. I don't even remember what I was pasting, but it was normal linux stuff. I contacted pastebin support - of course I got ghosted.

I am sharing this in relation to the WAF comments and how much the companies implementing WAF care about your case.

Is "Avatar" in the public domain now? I guess they just told a computer to simulate water, and no real creative work was done by humans?

The first thing i can think of is this: https://www.5snb.club/posts/2023/do-not-stab/

I never had Alexa and imagine I go now and buy one device, the first thing I can expect from it is to record me? Because I never opted out?

As of now, such stricter certificate requirements only apply to publicly trusted CAs that ship with the browser. Custom-added CAs are not subject to these requirements—this applies to all major browsers.

I haven't tested Firefox's implementation yet, but I expect your private CA to continue working as expected since it is manually added.

Private CAs can:

* Issue longer certificates, even 500 years if you want. Public CAs are limited to 1 year I think, or 2? I think it was 1..

* Can use weaker algorithms or older standards if they want.

* Not subject to browser revocation policies - no need for OCSP/CRL etc.

* More things that I do not know?

Public CAs are currently limited to 398 days (effectively 13 months).

For anybody wondering: The weird amount of time is because with a commercial CA it needs to be possible to "carry" some validity during renewal. If I need a $10 Doodad and they're valid for exactly one calendar year, if I renew the Doodad on Monday instead of the following Sunday because I know I'll forget at the weekend, I am losing almost 20¢ of value. People get disproportionately passionate about stuff like this. So, the CAs credited your remaining time on the previous certificate - if you renewed with them, if you had six weeks to go but renewed a 3 year cert early you'd get issued a 3 years + 6 weeks cert.

As the maximum expiry shrank (to improve agility and encourage automation) the slack for granting such extra periods shrank too, withh "3 years" it was actually 39 months, maybe a bit more depending on how you squint, now it's exactly 398 days because Apple said so.

Imagine Kim Jong-un goes to a few police stations in North Korea. It might not work on the first try, but eventually, he manages to trick one officer into believing that Trump threatened him on Facebook. Now, the police of a given country can legally request Apple to provide all information from Trump’s iCloud for an "investigation" into threats of violence— even if they are completely fabricated.

I was late to reply but this question is good. Here's the answer why I do not trust my country and trust foreign countries. No offense please, it is just my thoughts and personal opinion after years if being treated well by my own government.

Imagine this: You are a US citizen, and during COVID your kid gets a rash on their ass. You take a photo and send it to the doctor via some google service. Then google flags it, reports you to the police, and now you're in "the game", even though you did nothing wrong and were a responsible parent.

Same thing but if you had used a chinese service like Tencent (i do not know what they have as apps), nobody would care what medical images you're sending. So, who’s actually the bigger risk to your privacy and security?

And this is only the basic use case. Now imagine you're a drug dealer and you want to host your blog post explaining what experiments you did in your basement with different compounds. I guess north korean hosting companies will be your best bet.

And also I am pretty sure the opposite direction works as well, if you want to say that your president looks like a certain animated character, better use some US or EU company that have no business interests in your country.

More than a decade ago I wanted to revenge my brother (something childish) and at that time he played online games. As packet loss would be too obvious and the games usually require low bandwidth the most viable fun option was to add some latency. You won't see this option in your usual router.

  tc qdisc add dev eth0 root netem delay 250ms

This article brings way more questions than it answers like:

1. Starlink has more than 20K customers, can I get Starlink at home?

2. A) What if I live somewhere remote and the nearest cable is 20 miles from home?

   B) If Verizon has cable but I want Xfinity, should they be forced to dig 20 miles to my home?  

   C) I am waiting more than 14 days for this 20-mile cable to come to my home and I am running out of patience. How long can they stall this?  

3. Will there be a cap on how many customers can access the $15 plan per ISP? What if we all hate Verizon and make a hidden Facebook group where we all choose to go to Verizon for this cheap internet (for example)?

4. If someone is already locked into a long-term contract with a higher price, can they switch immediately to the $15 plan without penalty?

5. Will the $15 plan include unlimited data, or can ISPs impose data caps? So far in the article I saw only bandwidth requirements—no mention of data caps or latency.

6. What happens to customers if their ISP gets an exemption after initially offering the $15/$20 plan?

I am sure the lawmakers had good (PR) intentions here, and probably my questions are already answered, but this article is in pure Ars style.

I'm not even from the USA, I'm just curious how these things work.

Edit: Formatting and swapped ISP names in the examples

1. It has to be 20k in the state. And they might get an exception for dish cost, at least right now.

2. I don't see anything that affects who they offer service to, so no mandatory expansion.

3. No, because that's silly.

4. I don't see a mechanism for that.

5. It doesn't mention caps. I would expect latency problems to get punished as improper service.

6. Why would that happen? That seems like quite a small edge case.

It should be something similar to the copyright law. For example if some movie studio makes a movie and I pirate it and share it with 1000 people they claim that i must pay 1000x$50 because they put a price of $50 for the movie

i can give them proforma that i can give them my personal info for like 1B and then they can choose if they want it or not, but if they steal it, obviously they choose to get something with price tag of 1B and i want my money

like the BOM for iphone in china is $150 but if i steal it from a shop i am charged 2K not 150.

I can argue that they did not lose 2K but only $150 because that is the cost of materials but the court is taking the final price tag, not the materials cost.

Same should be with PI data. The price tag for giving out my real home address is that, take it or leave it. (Or steal it and they pay the price).

That should be the fair thing to do. Free economy, you may sell your data for $50, other for $200, some may ask for a million, etc. It is the seller who decide the price, not the buyer.

Otherwise we can go back to the movie piracy and I say: ok, i shared 1000 copyes, 0.01 cent each = here's ten bucks and have a nice day because I choose the price, not you.

And what about revoking the certificate of mozilla.org 30 times instead?

Their certificate will be automatically replaced 30 times and literally no one will notice or care?