• 0 Posts
  • 148 Comments
Joined 8 个月前
cake
Cake day: 2024年4月13日

help-circle


  • Considering “the Linux system” is literally anything you throw on top of the kernel called Linux, it can be a development environment or anything you want it to be.

    Yeah I thought about the same thing when posting, if anything it would have to be the the combination of tools available on Linux. Like GNU binutils, GCC, GNU emacs, GDB, Git. But that’s how I remember him saying it. Either my memory is wrong, or he just wasn’t that precise in his language.

    But I think part of the appeal of an IDE is how all the parts integrate (the “I” in “IDE”) so a bunch of packages thrown together might not provide the same cohesive feeling.

    I agree, it may not be what you want if you’re looking for an IDE.

    But, like me back then, if you’re new to the Linux ecosystem, it’s good to hear at least once that you don’t strictly need to look for an IDE. And that you can instead use disparate CLI tools together, to make for an experience that some people end up preferring.


  • I really like Kate as an advanced editor with syntax highlighting, auto-completion, plugin support. I would then use the Terminal pane at the bottom to run my code during development.

    However, if you want a full IDE with included dependency management, test runner, and debugger it’s probably not enough.

    One of my professors said you don’t need an IDE, the Linux system already is a development environment. Not sure that I fully agree with that, especially thinking of things like Android Studio that include the virtual machine smartphone, but it’s still an approach thing that is worth trying out.


  • I mean, if someone tries to “man in the middle”, or maskerade as my website, the trusted stuff will not add any security.

    As long as they can obtain a certificate signed by a trusted signer for your name, you are correct. And you are touching on a real issue here. The number of trusted signers in the browser stores is large, and if only one can be tricked or compromised, then the MitM can generate a certificate your browser would trust just as well as your own original one.

    If someone hacks my site […]

    then it’s over anyway, yes. The signature on the certificate only validates your TLS key as being one that was properly assigned to the holder of your domain name. Once the endpoint is compromised, TLS doesn’t matter anymore.

    if the browsers weren’t locked down

    Actually maybe they aren’t as locked down as you think. To my knowledge you can add your own signing key certificates to your local installation of Firefox, Chrome and the Windows cert storage. In fact there are companies who do this a lot. They Man-in-the-Middle all their employees, with a proxy that does security scanning. For this reason they will deploy their signing keys internally. So the browsers still work. You can use these mechanisms for yourself if you like.

    Example documentation: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox


  • A certificate fundamentally only does the following, it binds a name and a public key together and attaches a signature to that binding.

    Anyone can make a certificate binding any key to any name and put their own signature on it, they just can’t fake others people’s signatures. This is also what you do if you self sign a certificate. If you then install the public key of your signing key in your webbrowser you can connect to your own services using your TLS key and your browser will check that the server presents the certificate with a matchign signature proving that it is using the right TLS key.

    You can also bind your TLS key to www.wikipedia.org and sign it. However nobody else knows your signing key, and thus nobody would trust the certificate you signed. Which is a good thing, because otherwise it would be easy for you to impersonate Wikipedia’s website.

    The value of trusted certificates lies in the established trust between the signers (CAs) and the software developers who make browsers etc. The signers will only sign certificates to bind names and TLS keys for the people who actually own the name, and not for third parties.

    The validation of ownership is the thing that varies a lot. The simple way is just checking for control of the web server currently reachable under a name, or checking for control of the DNS entries for a name, but the more complicated validations check business records etc.

    So when you’re asking do they protect better, it’s kind of difficult to say.

    • If you can validate the signature yourself, say you have control of the browser and the server, then your own signature is fine, and a trusted one wouldn’t be any better.
    • But if you want third parties, that don’t know you, to be able to verify that their TLS session is established to a person who actually owns the domain, rather than a man in the middle, then the only practical solution today is using that established trust system.
    • If you are asking about the encryption strength of the TLS session itself, then that’s completely independent of the certificate issue, because again the certificate only binds a name to a key with a signature. You can bind an old short key, whose private key has been leaked before to a name, or you can bind a modern long key that is freshly generated to the same name. You can used either key in a good or a bad cryptographic setup. You can use deprecated SSL 3.0 or modern TLS 1.3. Those choices don’t depend on who signs the certificate.

    I hope that helps, sorry for writing so much







  • In general English usage I think you may be right.

    In the world of “The Witcher” (which is translated from Polish) there are both male and female mages with inborn abilities. Sometimes they are called sorcerers and sorceresses, sometimes they are called mages, sometimes they are called something related to their specialisation of magic, and sometimes wise women who do magic but didn’t go to the academy are called witches.

    Witchers, however, are not mages. They are made from ordinary humans and are gene manipulated and highly trained to be monster hunters. They have some witcher powers that are related to runes, and they make potions that have side effects only they can survive thanks to their manipulated bodies. Witchers at birth do not have special potential. Though a lot of little witcher trainees die, so you could argue they are artificially selected in that way.

    Ciri is kind of neither of those, but she has special abilities related to space and time manipulation. In the new trailer it seems she drinks a witcher potion, but from what we know she never underwent the manipulation that witchers did.


  • The direction of your change doesn’t matter, the GPL license under which the program was already given out is not revocable.

    If all copyright holders agree you can grant a different license in addition to the first one, or you can stop offering one license and start offering another one, all the new changes that were never offered under the first one will then only be publicly available under the new license.

    But anyone who received the code at a specific time with a GPL license can keep it, modify it, distribute it onwards with the same license and so on, no matter what new terms the copyright holders begin to offer to other people later.