Video download link | md5sum 58023098d2c54163340ddba23fed9bf5 Sites and Capsules Can Trust Themselves Creative Commons Attribution-No Derivative Works 4.0



Summary: "Trust" is a word that lost its meaning in the era of "TPM" and fancier names for 'Palladium'; we need to reject this idea that computers need to check with Microsoft if the operating system is trusted (not just Windows!), check with Gulag/Chrome if a Web site is trusted, and whether it's OK to run some application/s on one's own computer (as if Jim Zemlin et al get to decide what is trusted)

LAST night we wrote about the growing popularity of self-signing Gemini capsules. Over time more and more of them reject the CA model, which was mostly reinforced by monopolistic corporations and their 'pyramid scheme', grabbing "trust" off Web sites while selling those sites abundant (but suddenly artificially scarce or expensive) "certificates" several times per year. Of course Mozilla (with Firefox) helped those monopolistic corporations -- with them being financial masters of Mozilla -- just like it had embraced DRM (EME), in effect participating in the attack on the open Web and harming disabled (e.g. blind) people in the process. So much for Inclusion and/or Diversity...

"Apparently the 'disease' of CA conglemerates has already spread to GNU (wget) and Curl (Microsoft GitHub; it really ought not be there)."The above video explains that many people are installing and setting up Gemini servers this month^*, based on yesterday's statistics, and certificates (for TLS) remain one of the technical barriers. Having privacy through TSL/SSL is excellent, but outsourcing this whole system to nasty corporations (using Linux Foundation as their front) is not OK. This paves the way for censorship of sites (at browser level), censorship of operating systems (at boot time), and censorship of software (in vivo).

Apparently the 'disease' of CA conglemerates has already spread to GNU (wget) and Curl (Microsoft GitHub; it really ought not be there). "It would be worth checking the various TLS libraries and modules to see if they accept self-signed certificates," an associate told me this morning, as "wget and curl don't, at least by default. "If I recall correctly wget does not accept them at all, the only choice with them is to ignore them if wget has to be used." Quick checks can confirm^**. YMMV (e.g. derivative distributions). ⬆ ____ ^* As I point out in the video, loads of people seems to be installing Gemini this month and here's the latest bump:



^** Recent versions:

curl: (60) SSL certificate problem: unable to get local issuer certificate
wget: ERROR: The certificate of example.ddns.net is not trusted.
ERROR: The certificate of example.ddns.net doesn't have a known issuer.