Re: Progress ?
I wouldn't go as far as to say that this was "the one thing" that killed America, but this is a particularly big bit of straw on its camel back.
250 publicly visible posts • joined 14 Jun 2022
They are massively restricting what the permissions element looks like for exactly this reason - though there are people arguing that pretty much any control over styling will open up abuse possibilities. One recent concern on the spec was that devs could control how thick the border was - and could make it thick enough that you couldn't read any text in the button.
I guess all those posts I saw on BlueSky asking people to call their reps over this didn't amount to much.
(Not a US citizen myself.)
Actually, that's another thing. What happens if a non-US citizen invokes this law? How would the service provider even know that they have no right to invoke that?
For revocation checks to be worth the electricity they consume, they *have* to hard-fail. But then the revocation servers become a single point of failure for *the entire internet*, not to mention a goldmine of private data: "IP address 198232 wants to know if the certificate for adultFun.com" is pretty telling, after all.
We tried "stapling" for a while, where the website basically had to prove that their cert wasn't revoked when they sent the web response, but that didn't really work either. See https://scotthelme.co.uk/revocation-is-broken/ for more details.
The reason cert lifetimes have been getting shorter and shorter has nothing to do with money - the push for shorter lifetimes comes mostly from LetsEncrypt, which offers them for free.
The actual reason is that revoking a certificate that has been compromised (letting bad actors impersonate the victim website) is really, really hard. It soft fails - so if the bad actor can block your revocation check, the browser assumes your cert is valid!
Shorter lifetimes limits the damage that a compromised cert can do.
It matters quite a lot, actually. Haitians get deported to Haiti. Colombians get deported to Colombia. That's what deportation is - kicking you out of your "guest" country and returning them to their "real" country.
It's also why you can't deport American citizens, as Trump has promised to do.
John Oliver did a piece on this, but basically: no. Bite mark analysis is extremely unreliable and very often suffers from both false positives and false negatives. It's allowed as evidence in court because it's only up to the judge if evidence is admissible or not, not actual forensic scientists.
Or in other words: bite mark analysis is as reliable as "psychic witnesses" (which some judges *also* allow).
On the one hand, this is a transparent attempt to get all jobs run by heterosexual white men, and anyone who thinks otherwise is kidding themselves.
On the other than, the fact that this was apparently only enforced previously by other EOs is appalling. Is Congress *incapable* of passing laws????