Readit Newsprognu commented on Free and Open Source Software–and Other Market Failures cacm.acm.org/practice/fre... · Posted by u/pseudolus
I don’t understand the point of this article or what the author is trying to say.
He's trying to rewrite history by having FLOSS start with Linux instead of with GNU.
prognu commented on Tons of dead sardines, mackerel wash ashore in northern Japan japantoday.com/category/n... · Posted by u/ulrischa
Hot water has less oxygen, the fish suffocated. This was on the Japanese news over a week ago, but without the "nobody knows why" part: it was blamed on unusually warm ocean temperatures.
prognu commented on Analysing the proposal to regulate the digital euro blog.xot.nl/2023/12/04/an... · Posted by u/bo0tzz
The article is focusing on the technical side, but the economics are also silly. The ECB says that the Digital Euro will be free of charge for consumers as a "public service". And that it will ensure low fees for merchants because of mandatory acceptance laws. But they also claim that the Digital Euro will be operated by commercial payment service providers. So who will be in the business of operating a public service where they only can charge low, capped fees from merchants? Obviously the existing high-fee payment service providers will not line up here to ruin their working business models. However, the model will work for one group: criminals, that basically run completely insecure low-quality payment services and that fail to provide good customer service or even steal customer's money at a large scale. That business model will work, because the Digital Euro is designed to be a liability of the central bank, even though the operation will be done by commercial operators. So they didn't just mess up the technology (as you would expect from big government), they also messed up the economics (which may surprise some, given that this is largely a central bank proposal).
prognu commented on Article 45 of eIDAS 2.0 will roll back web security by 12 years eff.org/deeplinks/2023/11... · Posted by u/agwa
eIDAS in fact forces browser vendors to do that, but there are two problems with what you're suggesting:
1. Good luck teaching 99% of people to be wary when they see the blue address bar. People generally do not understand address bars, which is a large part of why browsers removed the EV indicator.
2. There is a strong possibility that a future version of eIDAS will force businesses in the EU to get certificates from an eIDAS CA. At that point, people in the EU will be seeing the blue address bar constantly, and most of the time the certificate will in fact be legit.
Teaching users is of course the tricky part, and I'm not trying to excuse the insane draft regulation here. That said, eIDAS doesn't force browser vendors to visually distinguish Article 45-forced CA certificates from traditional CAB CA certificates, and I doubt they considered the possibility. So re-adding the distinction is a valid band-aid. Your second point can be addressed relatively easily by businesses getting multiple certificates. Then, the browser can show 'trusted' only if one of the certificates is not from a Article 45-forced CA.
prognu commented on Article 45 of eIDAS 2.0 will roll back web security by 12 years eff.org/deeplinks/2023/11... · Posted by u/agwa
The logical solution for browser vendors is to also roll back the URL bar by 10 years, where we had different indicators for extended validation, normal certificates and plaintext. I guess a blue EU-logo whenever Article-45 compliant CAs are used would make sense. Then we just have to teach people: blue is for "government snoop mode".
No electronic funds transfer without that transparency of origin, says the man in Washington.