Trump cuts funding to FOSS projects
thelibre.news
            • Zerush@lemmy.ml
              11·
              9 days ago

              Don’t confuse TOR with security, you can get exposed to use the Onion without an additional encrytion layer or VPN. TOR cannot encrypt the traffic between an exit relay and the destination server.

              • Sizing2673@lemmy.world
                4·
                9 days ago

                Sure, like any security it operates in layers

                Totally disagree that Tor does not address security. The loophole you mention is indeed well known, but again it’s an exploit like anything

                And like any security thing, you stack a few layers to get the real world security

                • Zerush@lemmy.ml
                  41·
                  9 days ago

                  The TOR network is certainly pretty secure, but it’s always advisible to use it in the Onion not without an additional layer, at least with a good VPN. Anyway I think that the future is in a descentralized web (I2P, Hyphanet, Snowflake, Shadowsocks and similar), the normal Internet is to heavy controlled by big companies and govs.

      • Kazumara@discuss.tchncs.de
        3·
        9 days ago

        One theory is that Tor was opened to the public by the United States Naval Research Laboratory only to create a crowd of users for their agents to hide in. You need a large enough anonymity set for these sorts of technologies to work.

    • gomp@lemmy.ml
      3·
      10 days ago

      Well, at least the one he used for thruth is safe (mastodon IIRC?)

  • Lør@sopuli.xyzEnglish
    503·
    10 days ago

    Elections have consequences. I am no longer on speaking terms w/ trump voters.

      • green@feddit.nlEnglish
        7·
        9 days ago

        The appropriate sequence of events would be:

        Trump starts tariffs > People switch to FOSS > Trump cuts funding to FOSS

        This really isn’t double-speak and, if anything, clearly shows the hostility of the admin. They are just incompetent, short-sighted, and overall an enemy of the people.

        • buddascrayon@lemmy.world
          102·
          10 days ago

          Let me spell it out for you. Trump has removed our cyber defenses and now he’s defunding FOSS projects like Tor and Let’s Encrypt!…

          Now Trump wouldn’t know a FOSS project from a hole in the ground but do you know who does? What world leader who has an entire cyber attack force on his payroll and wants to remove any barriers in finding dissidents who are probably using Tor to coordinate and hide from them?

          Do the math. If the government funding of these projects is allowed to be removed it’s gonna be a whole new ballgame on the internet and the only ones to reap the benefits are the dictators.

  • vfreire85@lemmy.ml
    211·
    9 days ago

    the guy is literally a political front for techbros, it’s not like he would do something else.

    • Phoenixz@lemmy.ca
      7·
      9 days ago

      Tech bros are only interested in getting the results from open source. They want the free software from their slaves, they aren’t interested in paying anything.

      Tech companies, for a while, added a bit to open source as it was in their own self interest, but they still shut out everything that wasn’t them, they still make the internet in the horrible stonewalled garden that it is today. No account? Half the internet isn’t accessible to you anymore

      Fuck all the big tech and social media companies

  • shortwavesurfer@lemmy.zip
    152·
    10 days ago

    As far as Let’s Encrypt goes, the easy way to solve that is self-signed SSL certificates and Tofu. Just make it stupid obvious if an SSL certificate changes on a site that you go to. Like, turn your browser into a giant red screen that says that the security of the website has changed and may be broken obvious. Maybe you could have search engines also index SSL certificates so you could see if Google and Bing and DuckDuckGo and whoever else all say that this website has the same SSL certificate that it has had for X amount of time and if the search engines start showing different results you get suspicious.

    Edit: Using self-signed certificates and tofu fits better with the decentralized ethos of the original web anyway since you’re not relying on some third-party authority to tell you what’s safe and what’s not.

    • WhyJiffie@sh.itjust.worksEnglish
      3·
      9 days ago

      i don’t think this is a good idea. govs could just set up a big reverse proxy for lots of sites to serve them with their own certs, and you wouldn’t know

      • shortwavesurfer@lemmy.zip
        2·
        9 days ago

        Seems like no change from right now, because currently the certificate authorities are centralized entities, which could be pressured by governments to add their own certificates.

    • Petter1@lemm.ee
      2·
      8 days ago

      How about a Blockchain or Directed Acyclic Graph (DAG) out of SSL certs 🤔

      I think that would finally be a use case for that tech, lol

        • Petter1@lemm.ee
          1·
          8 days ago

          If you issue a certificate, you proof ownership via * challenge–response test that is validated by each node. If x% (like eg. 70%) of nodes agree that the test is passed, the block counts as validated and can be placed onto the chain. (Each node places the block on their chain and the hash must be same as hash of chain of majority of nodes)

  • PunkiBas@lemm.ee
    111·
    10 days ago

    This is terrible news, anyone know of alternatives to let’s encrypt?

  • AwkwardBroccolli@lemmy.ml
    715·
    10 days ago

    The solution to this is simple. A change to the MIT license to bar .gov projects to use the open source projects.

    • JTskulk@lemmy.worldEnglish
      171·
      10 days ago

      These are FOSS projects, not open source. They’d no longer be FOSS and that would be bad. Freedom 0 is important.

      • AwkwardBroccolli@lemmy.ml
        67·
        10 days ago

        Its possible to add free for all except US govt and that does not stop it from being free for the rest of the world.

        • JTskulk@lemmy.worldEnglish
          11·
          9 days ago

          That stops it from being Free, which is freedom 0. From GNU.org:

          A program is free software if the program’s users have the four essential freedoms:

          1. The freedom to run the program as you wish, for any purpose (freedom 0).
          2. The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
          3. The freedom to redistribute copies so you can help others (freedom 2).
          4. The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

          A program is free software if it gives users adequately all of these freedoms. Otherwise, it is nonfree. While we can distinguish various nonfree distribution schemes in terms of how far they fall short of being free, we consider them all equally unethical.

          What you’re talking about is changing Free software to be non-Free. No thanks.

  • ReakDuck@lemmy.ml
    212·
    9 days ago

    Well, tbh. If its my last time being president, I would also burn everything to show how the country sucks an is irrepairable.