He’s doubling down on his ridiculous video with a nice new video.
He seems completely oblivious to how his video came across? I don’t get it.
I didn’t see anyone with an emotional investment in https, i saw a lot of people saying his video was bad, ill-researched, and his suggestions dangerous.
Interestingly this video has “sources”, I imagine as a jab at people calling out his https video was being poorly resourced and lacking sources.
Kinda sad, I don’t get it?
Also interestingly, I watched the new video as he said people were religious over specific pieces of code and technology “specific computer technology as infallible religion”, and he would give examples of ‘specific’ chunks of code, etc., and… 2 examples? https and mac.
Considering that https came around because of missing security in http, and that https has gone through several changes over the years (protocol changes, hash changes, etc.), it isn’t even a good example for his tech as a religion video, i would suggest it debunks it.
This sometimes happens. LibreSSL for example doesnt necessarily fix this. the issue off memory is the usual, a lack of funding and realisation by the wider community that there are “uncool” technologies that need funding (gpg another example).
It can be really easy to say that your concerns it took one thing to realise another, but if you take a step to think about that premis, its pretty much holds true for almost everything. Its not a bad things, its just sometimes how nature works.
On the good side, that thing did happen, and changes to how OpenSSL runs and its funding occurred.
I’ve no idea of the state of LibreSSL unfortunately.
Not quite. My premise is based on the notion that OpenSSL had help, but they rejected and actively drove off the help that they had in favor of poor decisions like keeping, but not maintaining code for extremely old encryption standards.
As I recall, the thought that SSL just wasn’t a sexy project to work on was debunked during the whole Heartbleed mess. I’ll see if I can dig up some references to this.
This showed up on my YouTube suggestions, had an idea what it was about and just skipped it. He has been driving me away from his content for a while. The fact that he deals with criticism with pictures really bothers me, makes it look like he is a child and has nothing to back up his ideas. I’m just an average user but the idea of certificates not expiring seems very wrong to me.
I think I should go read the comments, just might learn something.
lol, I wish people in the “community” would be honest about System76. I was looking into them last year and the reports of the build quality were highly meh. That and I’ve personally had reps dodge questions on reddit where they would answer tons of banal questions in the thread, and skip mine. So I’m not a fan. I don’t fully understand the “Linux laptop” market either but at least be honest.
I like Lunduke. I like the fact that he’s a Linux user who gets out in front of people and says hey, this thing kinda sucks. We all know it sucks, and it doesn’t have to be a sacrilegious statement. There are flaws in this thing, let’s fix them.
But that doesn’t seem like what he’s doing here. It seems like he made a bollocks statement, people have told him it’s bollocks, but he’s using the calm way he does the Linux Sucks talks to go “shh. I’m right. Shhhhh.”
if you want to post a controversial opinion, do it. Do it, say what you have to say, and then like Ryan Shrout did with the Adored debacle, move the hell on. But don’t come back like a parent talking to a child.
so much to say but i dont know how to say it with out sounding like a tin foil hatter an being looked at like a loony. some aspects of his concerns have a grounded reason some are just a little wild. but on a whole i dont trust any encryption that any arm of the government’s have had there hands in. and with knowing about the security holes that have existed and never fixed that the government has used and is still using. i dont trust a remote organization to not have been compromised at some time and its servers cloned. so fake keys could be easy as 123. we dont know how deep the whole story goes or what is or is not safe. build the big picture not just the small piece of the whole.
I cannot really make much of this video tbh.
He’s just rambling, without pointing out to reputable evidence and sources.
So no real factual backup on what he is rambling about.
TBH most of the “muh privacy” discussions I’ve seen are white noise and I don’t mind that some people don the til foil. But I don’t think they should be surprised when the bus doesn’t stop to go back for their hats after they get knocked off by the progressively lowering bridge that is Real Life.
It’s a point worth brining up perhaps but one that needs to actually be looked at. What did they actually do? What did they actually implement? And what was it originally for?
The NSA aren’t necessarily just a spy agency, many government departments are split up into different components just like a company. They made selinux and that’s a trusted component of a modern Linux system.
The fault for me is he didn’t look into it at all. He slapped NSA beside SHA and said… can’t trust it…
I understand the spirit of what you’re saying because I can sympathize, but if there were vulnerabilities with the encryption it would have been found by now.
Totally agree if the NSA put backdoors into there open source be secure efforts it would have been shot down and burned with fire already. The code is there to check.
While the other side of the NSA sword is spy / hack and pwn. That is another devil but not lumped into the same pot as open source.
Government like women has many goals. It is not a clear path to win.
Basicly HTTPS is a tool.
But we should have more of those tools from different vendors.
It’s fool to place all eggs in a same basket. one hammer can destroy the whole lot. When it is already flawed. (example fake certs)
I would like to see Linux foundation/foss to have their own without nsa or gov manipulating the recipe. HTTPF?
