Good thing they found some in Montana. Not that it’ll be online for a while.

I think the market is going to struggle with this for a while yet, in the mist of this brewing trade war.

If approved, it will affect all Safari certificates, which follows a similar push by Google, that plans to reduce the max-validity period on Chrome for these digital trust files down to 90 days.

Max lifespans of certs have been gradually decreasing over the years in an ongoing effort to boost internet security. Prior to 2011, they could last up to about eight years. As of 2020, it’s about 13 months.

Apple’s proposal would shorten the max certificate lifespan to 200 days after September 2025, then down to 100 days a year later and 45 days after April 2027. The ballot measure also reduces domain control validation (DCV), phasing that down to 10 days after September 2027.

And while it’s generally agreed that shorter lifespans improve internet security overall — longer certificate terms mean criminals have more time to exploit vulnerabilities and old website certificates — the burden of managing these expired certs will fall squarely on the shoulders of systems administrators.

Over the past couple of days, these unsung heroes who keep the internet up and running flocked to Reddit to bemoan their soon-to-be increasing workload. As one noted, while the proposal “may not pass the CABF ballot, but then Google or Apple will just make it policy anyway…”

…

However, as another sysadmin pointed out, automation isn’t always the answer. “I’ve got network appliances that require SSL certs and can’t be automated,” they wrote. “Some of them work with systems that only support public CAs.”

Another added: “This is somewhat nightmarish. I have about 20 appliance like services that have no support for automation. Almost everything in my environment is automated to the extent that is practical. SSL renewal is the lone achilles heel that I have to deal with once every 365 days.”

Until next year, anyway.

I don’t think this requires an act of congress. I think you might see more consumer advocation on the part of FTC (although it doesn’t currently regulate online broadcast), or potentially the CFPB.

Admittedly it’s more likely to see the EU do some regulations, but it all depends on the election.

While I agree, I have a hard time seeing how people will stop using it until the field changes. Maybe in 10 years it will the the MySpace of the sitcom era, but right now it’s still growing. That growth is giving it carte blanche to manipulate the users as it sees fit. Regulation might impact it, but it’s still a bit of a Goliath.

• Compared to 2023, YouTube’s user base has grown by 20 million this year, representing a 0.74% increase. From Global media insights

Also the active user base is 2.7 billion people in 2024 from the same source above.

The alternatives are out there, but just not in the same league.

Yt-DLP and it’s variation (Seal, YTDLnis, etc.), newpipe and it’s variation (Tubular, Newpipe Sponsorblock, etc) already allow you to do this without having to get manual.

Economists at JP Morgan, the largest US bank by assets, published a research paper on de-dollarization in 2023.

In reference to the global economy as a whole, they concluded that, “while marginal de-dollarization is expected, rapid de-dollarization is not on the cards”.

However, they argued that, “Instead, partial de-dollarization — in which the renminbi assumes some of the current functions of the dollar among non-aligned countries and China’s trading partners — is more plausible, especially against a backdrop of strategic competition”.

The JP Morgan economists added, “This could over time give rise to regionalism, creating distinct economic and financial spheres of influence in which different currencies and markets assume central roles”.

This seems inline with the Chinese leadership game of influence, as well as the clown show that the US has become. Even with the interest still there from the US standpoint two decades of GWT, the lack of prioritize spending on following our so called values, the very high debt to GDP ratio we are running, the lack of real legislative ability, plus other challenges, all make the fundamentals seem less fundamental. Although China very much has it’s own issues such as an excess of manufacturing, a housing bubble, and a very steep demographic bubble. So their fundamentals are seemingly similar in question, but they have a marked ability to pivot quickly and do seem to be using their status as the 2nd largest economic to garner the same level of influence.

Whether either has staying power of economics and global influence for the next 50 years is a very interesting question.

I certainly don’t count the US out yet, but even if the election settles things down, there is some real work to do which has little to do with the current hotly discussed policy topics. I’d be curious about your opinions?

A brief technical summary from iMAP reveals what happens when users attempt to access sites using Cloudflare and Google DNS.

• On Maxis, DNS queries to Google Public DNS (8.8.8.8) servers are being automatically redirected to Maxis ISP DNS Servers;

**

• On Time, DNS queries to both Google Public DNS (8.8.8.8) and Cloudflare Public DNS (1.1.1.1) are being automatically redirected to Time ISP DNS servers.

“Instead of the intended Google and Cloudflare servers, users are being served results from ISP DNS servers. In addition to MCMC blocked websites, other addresses returned from ISP DNS servers can also differ from those returned by Google and Cloudflare,” iMAP warns.

…

"Users that are affected, can configure their browser settings to enable DNS over HTTPS to secure their DNS lookups by using direct encrypted connection to private or public trusted DNS servers. This will also bypass transparent DNS proxy interference and provide warning of interference,” iMAP concludes.

Essentially Malaysia law required ISP to drop DNS entries for some sites, local users started using public DNS. ISP started redirecting public DNS requests, and local users started using DNS over HTTPS.

The pirate wars continue in their arms races.

So don’t bring your submarines into the area. Brilliant!

I did a quick search and they don’t make it easy. Peter Lowe’s ad and tracking server blocklist is the only one I found. EasyList doesn’t seem to have a donation link, nor Dan Pollock at someonewhocares.org. Also worth noting that UBO doesn’t take donations. You could always subscribe to AdGuard, but that’s mixed.

Alternative link non paywalled

https://archive.ph/vY4le

If this request worked, it meant that I could use an “encryptedValue” parameter in the API that didn’t have to have a matching account ID.

I sent the request and saw the exact same HTTP response as above! This confirmed that we didn’t need any extra parameters, we could just query any hardware device arbitrarily by just knowing the MAC address (something that we could retrieve by querying a customer by name, fetching their account UUID, then fetching all of their connected devices via their UUID). We now had essentially a full kill chain.

I formed the following HTTP request to update my own device MAC addresses SSID as a proof of concept to update my own hardware:

…

Did it work? It had only given me a blank 200 OK response. I tried re-sending the HTTP request, but the request timed out. My network was offline. The update request must’ve reset my device.

About 5 minutes later, my network rebooted. The SSID name had been updated to “Curry”. I could write and read from anyone’s device using this exploit.

This demonstrated that the API calls to update the device configuration worked. This meant that an attacker could’ve accessed this API to overwrite configuration settings, access the router, and execute commands on the device. At this point, we had a similar set of permissions as the ISP tech support and could’ve used this access to exploit any of the millions of Cox devices that were accessible through these APIs.

Blows me a away that an unauthenticated API with sensitive controls and data was publicly facing. Corporations these days want all your data but wonder why some customers are worry about how it is protected, it let alone if it’s being sold. Why should I allow you to control my hardware when you can’t protect yourself.

Seconded

Jellyfin is great. Worth the time and effort to get it setup. Infuse is worth the money as an AppleTv frontend too.

You will definitely need toimprove your lan speed though. I’drecommende getting off WiFi for as much of the media as you can. If not that, put in triband WiFi connection and wire them in if possible. Mesh will work, but bring your speed down.

What are a few? Any good lists?

Dumb question for the Lemmy lawyers, if enough redditors joined could a class action lawsuit be filed to be paid for their content… Or is that so outside of the TOS that it’s not worth considering?

Deezer for one. Doesn’t have quite the same amount of music, but I don’t seem to have the issue with travel considering I am literally away for half the year.

Many others though.

https://www.lifewire.com/best-alternatives-to-spotify-5217870

Anyone have the unwalled content?

The Red Sea Conflict Is Scrambling Shipping. Europe Is Bearing the Brunt. Europe is again on the front line of the latest geopolitical tensions, a development that threatens to widen the economic gap between it and the U.S. By Paul Hannon and William Boston Jan. 18, 2024 11:00 pm ET

Ships traveling through the Red Sea carry about 40% of the goods traded between Europe and Asia. PHOTO: LUKE DRAY/GETTY IMAGES For the second time in three years, a conflict in Europe’s unruly neighborhood is threatening to weaken an already struggling economy while a more robust U.S. is watching from a safer distance. This time, attacks by Houthi rebels in Yemen targeting cargo ships in the Red Sea have persuaded more carriers to opt for the safer but longer and more expensive journey around Africa via the Cape of Good Hope. Those detours are raising freight costs and leading retailers to worry about running out of stock. Some factories have suspended work in the absence of needed parts. Should the threat persist, economists think the decline inflation Europe enjoyed last year could slow down, pushing back a potential cut in key interest rates. “This is clearly one of the major downside risks to growth, and upside risks to inflation,” said Ana Boata, chief economist at insurer Allianz Trade. “We could talk about a recessionary risk.” Re-Route Shipping companies with vessels idling in or near the Suez Canal are considering taking a detour around Africa. The Cape of Good Hope route is considerably longer and burns more fuel, making it less popular than the Suez Canal option.

Major world shipping routes Suez route Cape of Good Hope route Other Example: Singapore-Rotterdam, Netherlands Rotterdam Med. Sea Suez Canal Atlantic Ocean Singapore Indian Ocean Cape of Good Hope Distance Round-trip voyage Suez route 8,301 naut. miles 34 days 11,758 43 Cape route Sources: Jean-Paul Rodrigue, Hofstra University (global routes); Bimco (distance, voyage) The latest geopolitical flare-up could cement a growing asymmetry between Europe and the U.S. As a large energy producer, the U.S. has emerged arguably stronger from the crisis sparked by the Ukraine war. And while some of its imports transit via the Suez Canal, their share is comparatively small, and the Pacific offers an alternative route for cargo out of Asia. For now, the interruptions to supply chains are on a modest scale compared with the more widespread blockages seen in 2020 and 2021, and their economic impact is likely to be proportionately smaller. Businesses have also learned lessons from interruptions during the Covid-19 pandemic, and have larger inventories than they did then. IKEA boss Jesper Brodin said the Red Sea conflict has lengthened its shipping routes by about 10 days or longer though its customers aren’t affected. “The huge difference at the moment is that we have recuperated after the pandemic,” he said at the World Economic Forum in Davos, Switzerland. “So that means our stocks in our warehouse are in good shape.”

Discount retailer Pepco said conflict in the Red Sea has had a limited effect on product availability, but could hurt supply in the coming months if it continues. The discount retailer—which houses Poundland in the U.K. and Dealz and Pepco in continental Europe—said Thursday that Houthi attacks on vessels were leading to higher spot freight rates and delays to container lead times. But coming in the wake of a global pandemic and the largest European war in eight decades, the escalation of the conflict that began with an attack on Israel by Hamas in early October is a reminder that the outlook for the global economy is increasingly shaped by developments beyond the reach of economic policymakers. Ships traveling through the Red Sea carry about 40% of the goods that are traded between Europe and Asia. The Houthis initially claimed to target Israeli ships or those bound for its ports but in practice, their attacks have been indiscriminate. That has prompted more operators to divert their traffic around the Cape of Good Hope.

Jesper Brodin said the Red Sea conflict has lengthened IKEA’s shipping routes by about 10 days or longer. PHOTO: DENIS BALIBOUSE/REUTERS Last week, Tesla said delays in delivery of components caused by the rerouting of ships would force it to suspend production at its only large factory in Europe, the GigaBerlin plant outside Berlin. Volvo Cars, the Chinese-Swedish automaker, said gearboxes needed to build conventional combustion vehicles at a plant in Belgium were delayed, forcing the company to halt production for three days. Volkswagen, Europe’s largest carmaker by sales, said its plants hadn’t been affected, but that it continued to monitor the situation in close contact with its suppliers. VW said it was rerouting shipments, which was causing some delay. Oxford Economics estimates that a ship traveling at 16.5 knots from Taiwan to the Netherlands via the Red Sea and the Suez Canal takes about 25½ days to complete the journey. But this rises to about 34 days if the journey is diverted around the Cape. Extra traveling time reduces the annual capacity of each ship, and can have a knock-on effect on freight costs on other routes, including those between Asia and the U.S. According to the Freightos Baltic Index, the average cost of transporting goods in a container across the globe doubled between Dec. 22 and Jan. 12.
Those times could lengthen even further if diverted ships have to wait to take on additional fuel to complete their unplanned journeys at overstretched African ports, of which South Africa’s Durban is the largest. “We haven’t seen tremendous congestion in Durban,” said Ami Daniel, CEO of shipping consulting firm Windward.

Attacks by Houthi rebels in Yemen have disrupted global shipping. PHOTO: YAHYA ARHAB/SHUTTERSTOCK For Europe, the impact of the crisis would largely depend on the extent and duration of the disruption. Economists at Allianz Trade calculate that a doubling of freight costs sustained for more than three months could push the eurozone’s inflation rate up by three-quarters of a percentage point and reduce economic growth by almost a percentage point. With the eurozone’s economy already weakened, that could push it into contraction during 2024. Paolo Gentiloni, the European Union’s top economic official, told reporters on Monday that the situation in the Red Sea “should be monitored very closely” because it could cause energy prices and inflation to rebound. There are several reasons why the crisis’s impact on Europe’s economy might be less severe than previous episodes of surging freight costs. For one, businesses have been through a number of supply-chain disruptions over recent years and believe they are better prepared. “We are affected by the crisis,” said Matthias Zink, CEO of Schaeffler Automotive Technologies. “But it’s under control. Maybe the explanation is that we have a lot of experience now in this resilience or in the reaction to these crises.” Stellantis, the French-American-Italian maker of Fiat, Peugeot and Jeep, said it was compensating for delays in rerouted ships “by using some limited airfreight solutions,” adding that the delays had “almost no impact on manufacturing to date.” Patrick Lepperhoff, a consultant with Inverto, a unit of BCG, said past crises had made companies better prepared for sudden shocks. Many companies invested in IT to gain better visibility on their supply chains and got closer to their main suppliers, he added. In addition to greater preparedness, the economic environment is also different from during the pandemic—a global event affecting supply chains around the world. The current crisis is local, leaving suppliers with more alternatives and many businesses now hold bigger inventories than they did before the pandemic struck. In Europe, weak consumer demand has padded this cushion. “The Red Sea is not as dangerous to global trade as the events were a few years ago,” said Lepperhoff.

Looks like industry got what they wanted.

I think they dodged that as well… https://arstechnica.com/?p=1989111

“Android users’ hopes that Apple’s iMessage would be forced to open up in the European Union have been dashed. Bloomberg reports that iMessage won’t qualify for the EU’s new “Digital Markets Act,” allowing Apple to keep iMessage exclusive to Apple users. …”