I read the chat, and a few things stand out that AI should handle better, regardless of context. If a word like suicide is mentioned, it should immediately drop any roleplay or other activities. It's similar to how, in India, mentioning 'bomb' in an airport or plane leads to being questioned by authorities.
Also, it's alarming how easily a 14-year-old can access a gun.
Yes, Namecheap remains my second choice.
Cloudflare's interface is so clean, and its transparent pricing ensures you never have to second guess costs or worry about being overcharged, especially useful when managing many domains.
While I enjoy Google relaunching EV certs under another name to avoid it was just wrong about claiming they were useless and a bad idea... the cost is the point.
One of the biggest things people just don't get is that anything cheap and automatic is easily exploitable at scale, and things expensive and manual are much harder to exploit, and generally speaking not worth the cost.
The reason people got the idea the lock icon in the browser meant a site was legitimate is because malicious sites rarely ever paid for a certificate. Now that certificates are free, of course, all phishing sites use Let's Encrypt.
EV and VMC certs are not generally speaking exploited simply because it isn't worth the cost to do so.
Now that certificates are free, of course, all phishing sites use Let's Encrypt.
Evaluating a website's legitimacy using SSL should not have been initiated by browser vendors. The messaging was wrong for the non-tech folks.
They do not have anything to do with the site is fake/fraud/malicious. It was just the data-in-transit is safe or not.
That's not my point: My point is that it became a real world tendency because it was pretty accurate: The malicious websites weren't paying for certificates.
If even some legitimate businesses balk at the cost of a VMC, your average scammer isn't going to drop that kind of money to get one either, especially since that cost is per-attempt and the approval is somewhat manual and likely involves humans seeing that it is wrong. But Bank of America will and hence the BoA logo on your email is pretty effective proof of legitimacy.
Of course I understood your larger point on barriers to entry for a malicious actor.
If a thing like BIMI is not widespread, would it even help an average non-tech Joe who won’t even understand the reason behind that checkmark on a logo?
It certainly can. Most people interact with the same organizations time and time again, so any visual indicator something is different can be useful. If you're used to seeing a bank logo on every email from your bank... and then you get an email without that logo... it's just one more visual indicator something is off, and it's more obvious than say... looking at the full email address behind the display name.
BIMI (and EV certs) should not be considered "for all organizations", but probably something worthwhile for organizations that transact in a lot of money and a lot of personal data.
I would argue that would make it worse. I don't think any given site or user needs a personal verified email icon. A big part of the goal here is to highlight legitimate trust. Real people don't need a cryptographic proof, what they want to see is "This is really from the official company Microsoft which you've heard of" and something M1cros0ft registered in a tax haven can't technically request to participate in.
This is what I feel us tech people have missed about what the old school lock icon used to at least sort of (inaccurately) express when HTTPS was rare and what EV intended to express (although the qualification criteria needs work there).
Not everyone should be eligible for an EV cert, not everyone should be eligible for BIMI/VMC. Some sort of scale and legitimacy and manual approval (think the old school Verified checkmark before Elon bought Twitter) that not everyone qualifies for.
Bill Gates has been a long-time fan of Sal Khan. In fact, I first learned about Sal Khan over a decade ago when online publications reported that Bill Gates was using Sal's videos to teach his kids.
> VeriSign had sued ICANN, accusing the regulatory group that oversees the Internet's technical infrastructure of overstepping its contractual authority and dragging its feet on allowing VeriSign to offer new services such as a wait-list service and internationalized domain names. In the lawsuit, VeriSign claimed that ICANN stepped outside its charter by delaying the introduction of new VeriSign services, including its Site Finder service, which redirects requests for nonexistent Web addresses, and its ConsoliDate service, which manages multiple domains. VeriSign claimed that ICANN cost the company money because of its tactics
Would love to see what others have to say on this but I suspect Apple replacement batteries are inferior compared to the one that comes with the new phone.
4 years of usage and battery max capacity was around 76%. I replaced my iPhone X battery last year.
The new one I got is at 86% already and it is not even 12 months. (No usage pattern change. I replaced it from an Apple Store.)
I wonder if that can be accounted for by the fact that the software of today is more taxing than it was four years ago. You're probably using more battery charge every day today than you were four years ago to do the same things. That increases wear on the battery and will reduce its lifetime.
It’s a subtle yet poignant reminder that our inclination, as tech-savvy individuals, is often to envision sophisticated technical exploits when considering hacking scenarios. However, the stark reality is that, in the vast majority of cases, both individuals and organizations fall prey to breaches not through intricate code manipulation, but rather via the art of social engineering. (beating the sh*t out of someone can be thought as an extreme form of social eng.)
This comic underscores the importance of understanding and mitigating the very human vulnerabilities that persist at the heart of cybersecurity.
