----------------------
当人与人之间的信任崩塌后, 最后只能靠计算机重新构建信任网络.
----------------------

不知道什么时候开始, 大多数人下意识认为 HTTPS 就等于 "可信", 可能是浏览器的那个上锁的图标, 也可能是各种软件里面喜欢用 "可信" 等同于 "加密", 不过那时也不会有人愿意解释也不会有人听为什么 SSL 证书只能做到加密. 到了 HTTPS 在攻击, 防御和渗透中成为常客, 普通用户也经常被 HTTPS 网站钓鱼攻击的时刻, 越来越多人意识到即使 "信任" HTTPS 代表的加密应该被理解为对中心化 CA 机构的信任, 但这种责任转嫁很显然这些证书机构也不想承担, 毕竟他们也在审计这块大费周章也没有改变什么, 这样只会让 SSL 证书的价格越来越高, 诞生越来越高等级的证书, 比如 OV 和 EV 证书, 那么这些 OV 和 EV 证书就能代表 "可信" 吗? 对用户来说, 信任一家商业公司都已经变得越来越困难, 更不用说要在 OV 和 EV 证书里还要信任 n+1 的机构数量.

即使说过 SSL 证书不代表信任只代表传输加密, 宣传工作也进行了很多年, Google 也决定在 Chrome 里把那把用户首先看到的锁换成别的或是藏在二级页面. 但没有什么效果, 因为对 HTTPS 的信任危机已经演变成了对中心化的信任危机, 证书不仅要依赖中心化机构签发, 还要被操作系统 "默认" 信任. 于是连带着对域名系统的不信任的 DNSSEC 后, 对 SSL 证书不信任的 DANE 也出现了. 它们俩代表着人们发现问题并提出解决办法的行动力, 但太早期了, 先进的理念还要被市场验证, 这可能要花很长时间. #note

via CXPLAY's Memos

有的人还没睡，有的人刚刚醒。 #吐槽

"你真恶心" #沙雕

Worldcoin: a solution in search of its problem
#article #read

Citation Needed

Worldcoin: a solution in search of its problem

Worldcoin doesn't seem to know what problem it's trying to solve, but they want to scan your eyeballs anyway.

Musk Buys AI.com From OpenAI
#article #read

Analytics India Magazine

Analytics India Magazine | Analytics India Magazine

India's Leading AI & Data Science Media Platform. Get the latest news, research, and analysis on artificial intelligence, machine learning, and data science.

Thomas Pike’s other blog
#article #read

Thomas Pike’s other blog

What happened to Vivaldi Social? | Thomas Pike’s other blog

A deep dive into the events of Saturday 8 July 2023, when user accounts started disappearing from the Vivaldi Social Mastodon instance.

Popularized in England, These Wavy Walls Actually Use Fewer Bricks Than a Straight Wall
#article #read

Twisted Sifter

Popularized in England, These Wavy Walls Actually Use Fewer Bricks Than a Straight Wall

Lawnmowers detest them

Fruit Walls: Urban Farming in the 1600s
#article #read

LOW←TECH MAGAZINE

Fruit Walls: Urban Farming in the 1600s

From the sixteenth to the twentieth century, urban farmers grew Mediterranean fruits and vegetables as far north as England and the Netherlands, using only renewable energy.

Cloudflare 的透明度报告更新停在了 2022 年上半年, 意味着里面针对是否履行了执法要求的 "透明度报告" —— 金丝雀安全声明(Warrant canary)也停在了这个时间点. 透明度报告缺席整整一年共两个周期.

虽然在透明度报告主页写着一个 "从未做过" 的最后更新就在近期, 但这种形式对比应该以正式的书面形式发布的透明度报告来说就像在 "过家家".

● Cloudflare Transparency Report | Cloudflare
● ref: CloudFlare’s last Warrant Canary was published over a year ago | Hacker News

#news #edgecomputing #Cloudflare

via CXPLAY's Memos

Lynx - 又一个链接缩短器

Vue 和 JavaScript 写的链接缩短器, 302 跳转实现. 使用 MongoDB 数据库. 支持 Umami 联合分析, 提供 ShareX 自定义路径支持, 支持批量导入导出.

● GitHub: https://github.com/Lynx-Shortener/Lynx
● Demo: https://demo.getlynx.dev/
● 文档: https://docs.getlynx.dev/

#software #web #opensource #短链接

via CXPLAY's Memos

Twitter 开始统一把缩略图的图片格式设置为 WebP 了, 开源节流还在继续. #吐槽

不登陆小米账号就常驻通知，真有你的 MIUI。#吐槽

几个用 rsslay 创建中文资讯账户, 直接从客户端时间线阅读这些订阅内容.
需要在客户端添加 wss://rsslay.nostr.moe 中继为只读才能看到.

● Solidot: npub1mwz0dmq9fev8c6hsvfj6zwzrk8kjzalpfjwspn54jf5mjej2p48qps2qgj
● 蓝点网: npub1yx53sqsmfn3khx37alp2xvn94plx6d6gexkalnsjmnl74nv7x2ssm2av4j
● 少数派: npub1flsccfq94uwgxacqyarjw9vhq947luzhe9klahe96edltg669v6ss23636

#nostr #rss

via CXPLAY's Memos

GitHub

GitHub - piraces/rsslay: A Nostr relay that creates profiles from RSS or Atom feeds and emits items as Nostr events

A Nostr relay that creates profiles from RSS or Atom feeds and emits items as Nostr events - piraces/rsslay

一个 @vercel/og 的自定义实现:

● GitHub: yehezkielgunawan/vercel-og
● Demo: og-v2.yehezgun.com/

Vercel 用了 Edge Runtime 重新构建了 og-image. 所以已经不是用 "Node.js Runtime" 了. 虽然原本的 og-image 还能用. 但由于项目归档无人维护, Node.js 14 过时, 无头 Chromium 的体积变得越来越大, 服务端渲染开销大在内的各种原因, 这些原本传统的办法也都成了边缘计算的 Legacy 选择, 于是有了基于 V8 引擎的 Edge Runtime. 他的全称是 Next.js Edge Runtime.

----------------------

Cloudflare Page 也在两年前开始从静态转向全栈, 从最开始自己的 Worker, 到最后去年宣布支持 Next.js Edge Runtime. 现在他还是用 Page 这个名字, 但输出 "Page" 的方式已经变得不再单一. ~~正所谓, 手段不再单一, 目的也会变得不再单纯.~~

#opensource #software #web #edgefunction #edgecomputing

via CXPLAY's Memos

GitHub

GitHub - yehezkielgunawan/vercel-og

Contribute to yehezkielgunawan/vercel-og development by creating an account on GitHub.

Unpacking Google’s new “dangerous” Web-Environment-Integrity specification
#article #read

Vivaldi Browser

Unpacking Google’s new “dangerous” Web-Environment-Integrity specification

Why Vivaldi browser thinks Google’s new proposal, the Web-Environment-Integrity spec, is a major threat to the open web and should be pushed back.

How “It works in my machine” turns “It works in my container”?
#article #read

Apple already shipped attestation on the web, and we barely noticed
#article #read

Httptoolkit

Apple already shipped attestation on the web, and we barely noticed

There's been a lot of concern recently about the Web Environment Integrity proposal, developed by a selection of authors from Google, and apparently being...

How Signal Walks the Line Between Anarchism and Pragmatism
#article #read

WIRED

How Signal Walks the Line Between Anarchism and Pragmatism

The privacy-focused messaging app arose from a fringe culture that emphasized individual autonomy and skepticism of authority. As it tries to go mainstream, can it escape its roots?

刚才打开微信才看到，感谢支持🥰。1000...0650 #鸣谢

CXPLAY World

有点难以想象, nostr 用于实现转发动态的提议 NIP-18 居然不包含任何上下文(甚至不指向被转发的目标动态). 社区里的一些人似乎还很喜欢用人品来评价作品. https://github.com/nostr-protocol/nips/pull/140 我对此的看法发表在同一个 issue 串上: https://github.com/nostr-protocol/nips/pull/140#issuecomment-1534191629 --- 今天, 我在探索 nostr 的时候不可避免地遇到了相同的问题:…

才发现 Mozilla.Social 五月四日公开了候补名单🤣那个时候我还在和 Nostr 搏斗.
> Mozilla Social Private Beta Launch

候补名单: mzl.la/mozsocial

#吐槽 #社交媒体

The Mozilla Blog

Related Articles

The internet isn’t just about browsers. Browsers are a critical part of the human experience on the internet and will always be core to our work at Mozil