If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
Google, what a pal!
https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ |
Ads |
#2
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 2018-10-09, anon wrote:
Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ The security certificate provider Symantec proved to be highly insecure and incompetent, and you blame Google for removing them from its list of trusted security certificate providers? Your committment to security is noted. |
#3
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
It happens that William Unruh formulated :
On 2018-10-09, anon wrote: Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ The security certificate provider Symantec proved to be highly insecure and incompetent, and you blame Google for removing them from its list of trusted security certificate providers? Your committment to security is noted. Google is also culpable. But I am happy to see that I have offended a Google employee. |
#4
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 09/10/2018 18.35, anon wrote:
It happens that William Unruh formulated : On 2018-10-09, anon wrote: * Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ The security certificate provider Symantec proved to be highly insecure and incompetent, and you blame Google for removing them from its list of trusted security certificate providers? Your committment to security is noted. *Google is also culpable.* But I am happy to see that I have offended a Google employee. In what exactly is google culpable about this certificate issue? -- Cheers, Carlos. |
#5
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 9/10/18 15:41, anon wrote:
*Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ You do realize that Symantec was just allowing third parties to issue certificates without the required overview? In essence, that just breaks all the trust in the whole CA system (which has always been broken to begin with, but, okay). I'm not a fan of google, but here they actually do the right thing for once. |
#6
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/09/2018 07:41 AM, anon wrote:
*Google, what a pal! I've heard that Firefox, Internet Explorer, and I think Safari, are also dropping Symmantec's root CA. This is not just Google being evil. -- Grant. . . . unix || die |
#7
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 2018-10-09, Carlos E.R. wrote:
On 09/10/2018 18.35, anon wrote: It happens that William Unruh formulated : On 2018-10-09, anon wrote: Â* Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ The security certificate provider Symantec proved to be highly insecure and incompetent, and you blame Google for removing them from its list of trusted security certificate providers? Your committment to security is noted. Â*Google is also culpable.Â* But I am happy to see that I have offended a Google employee. In what exactly is google culpable about this certificate issue? And who is this Google employee you have offended? |
#8
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/9/18 10:40 PM, Grant Taylor wrote:
On 10/09/2018 07:41 AM, anon wrote: Â*Â*Google, what a pal! I've heard that Firefox, Internet Explorer, and I think Safari, are also dropping Symmantec's root CA. Yes, Mozilla will also drop support for Symantec root CA certificates as indicated in the following blog post: https://blog.mozilla.org/security/20...-certificates/ This is not just Google being evil. The evil party is Symantec and no one else and if you won't be able to access a site, then you know the one running the site don't care about your privacy. -- //Aho |
#9
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/09/2018 03:17 PM, J.O. Aho wrote:
… you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed. I wish I had known!!!" after browsers drop support for the Symantec CA. -- Grant. . . . unix || die |
#10
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
In article
William Unruh wrote: On 2018-10-09, Carlos E.R. wrote: On 09/10/2018 18.35, anon wrote: It happens that William Unruh formulated : On 2018-10-09, anon wrote:  Google, what a pal! https://techcrunch.com/2018/10/08/chrome-hundreds-of-sites-to-break/ The security certificate provider Symantec proved to be highly insecure and incompetent, and you blame Google for removing them from its list of trusted security certificate providers? Your committment to security is noted.  Google is also culpable. But I am happy to see that I have offended a Google employee. In what exactly is google culpable about this certificate issue? And who is this Google employee you have offended? The evil voices in his head? |
#11
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/18 12:18 AM, Grant Taylor wrote:
On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. If you manage to miss this for a such long time, you don't really care about anything, you just have a certificate as everyone else has it or there is a regulation that mandates you to have one without really knowing why. IMHO it's the same as not caring. -- //Aho |
#12
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 06.45, J.O. Aho wrote:
On 10/10/18 12:18 AM, Grant Taylor wrote: On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. And you assume that they read those? Why? Me, I found out this week. If you manage to miss this for a such long time, you don't really care about anything, you just have a certificate as everyone else has it or there is a regulation that mandates you to have one without really knowing why. IMHO it's the same as not caring. No, I do not agree. -- Cheers, Carlos. |
#13
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"Grant Taylor" wrote
| . you know the one running the site don't care about your privacy. | | I disagree. | | Their competency level does not directly correlate / translate to them | not caring about your privacy. | That's true, but it doesn't change the fact that he's correct in general. Look at any website you normally visit. It's very likely there's at least code there for Google tracking, and probably code for Google ads. In most cases there are completely unnecessary fonts and scripts pulled in from elsewhere. And often there are tracker spyware beacons from the likes of scorecardresearch.com. You could say that those webmasters care about your privacy and just don't know any better, but that's really not tenable. Anyone who knows enough to paste in Google tracking code has a basic idea of what's going on. *They don't care about your privacy.* They'd probably start yapping about tinfoil hats if you even mentioned it to them. It's a simple case of smallmindedness. They can't be bothered to really think about what they're doing. They're just trying to make snazzy sites and get paid as much as possible. They can get paid more if they sell you out to Google. And like any smallminded person, they justify that in their own minds by thinking, "So what? Everyone's doing it." If anyone wants to make them think about what they're doing, they drown it out with, "TINFOIL HAT!" In the process, they play into corporate tracking by jumping on every halfwit javascript bandwagon that hobbles by. "71 dynamically loaded fonts that all look the same? What a great idea! How can I do that? Load Google slop remotely? Count me in! That is sooooo cooool!" Last night I visited a site I found in a Michael Pollan book: csp.org. Council on Spiritual Practices. They're some kind of clearing house for ideas about psychedelic drugs and religious experience. Sounded interesting. It's people who want to experience life more fully, deeply and joyfully. And they think there might be a correlation between what chemicals like psilocybin do and what advanced meditation techniques do. A bit of a 60s, consumer-goes- shopping-for-spirituality-on-sale rehash. But I was curious what they're up to. Ironically, their webpage was entirely broken. Entirely unnecessarily. And they don't care about your privacy. They pull in a 4.4 MB js file just to do basic things like load pages from an anchor tag. The internal links don't work without script! The script is coming from Cloudfront. They also have Google-Analytics code. So both Google and Amazon would be tracking me if I allowed script. The https might be stopping my ISP from reading the page I visit, but Google and Amazon are infesting the page unnecessarily! ....On the other hand, why are Chrome users talking about privacy? Worrying about https in Chrome, aside from sites where you give out a credit card number, is like alcoholics worrying about whether coffee might cause liver damage. Can you say "denial"? |
#14
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"Carlos E.R." wrote
| If you manage to miss this for a such long time, you don't really care | about anything, you just have a certificate as everyone else has it or | there is a regulation that mandates you to have one without really | knowing why. IMHO it's the same as not caring. | | No, I do not agree. | If you bought the certificate directly then why wouldn't you have looked into that? Personally I care about privacy but only regard https as a nice extra. My webhost handles that and I don't know where they're getting the certificate. But if you buy it yourself you should know what you're buying. And who doesn't know to avoid Symantec? They've got a shady history going all the way back to the 90s. A similar example would be Wordpress denizens. They use Wordpress for hosting because they don't know what they're doing. Then they use script gadgets that WP provides. Then they don't update them because they don't know it matters, so WP ends up being a slum of risky websites. Should they know what they're doing? Of course. Though WP is partially to blame. If they're going to enable people with no knowledge to create websites then they should also be handling things like updating gadget code when fixes are written. But I think in a lot of cases websites are being created mainly by graphic artists who are not tech-educated. They've just come up with tools to "get around that problem". With all the WYSIWYG tools available, people just don't need to know what they're doing. They're like microwave chefs. |
#15
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 15.28, Mayayana wrote:
"Carlos E.R." wrote | If you manage to miss this for a such long time, you don't really care | about anything, you just have a certificate as everyone else has it or | there is a regulation that mandates you to have one without really | knowing why. IMHO it's the same as not caring. | | No, I do not agree. | If you bought the certificate directly then why wouldn't you have looked into that? Personally I care about privacy but only regard https as a nice extra. My webhost handles that and I don't know where they're getting the certificate. But if you buy it yourself you should know what you're buying. And who doesn't know to avoid Symantec? I don't. They've got a shady history going all the way back to the 90s. News to me. O:-) I used PCtools back then and it was a wonderful tool. I think I also used an antivirus from them at some point. Later on I switched to Linux, so most Windows software companies are irrelevant to me. A similar example would be Wordpress denizens. They use Wordpress for hosting because they don't know what they're doing. Then they use script gadgets that WP provides. Then they don't update them because they don't know it matters, so WP ends up being a slum of risky websites. Should they know what they're doing? Of course. Though WP is partially to blame. If they're going to enable people with no knowledge to create websites then they should also be handling things like updating gadget code when fixes are written. Why should they know? If I'm a garage owner and they talk me into paying for a web site to announce my garage, it is very possible that I know nothing about computers beyond reading my email. I know people that own Windows computers with updates disabled for two or more years. Possibly the person that installed Windows disabled the updates because otherwise they would get phone calls everyday, LOL. So yes, what google or firefox do blocking those web sites with those certificates is the correct thing to do. But I think in a lot of cases websites are being created mainly by graphic artists who are not tech-educated. They've just come up with tools to "get around that problem". With all the WYSIWYG tools available, people just don't need to know what they're doing. They're like microwave chefs. Exactly. -- Cheers, Carlos. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|