chuso.net

So let me put it clear from the first line: trusting invalid certificates is wrong.

And now I will explain why it’s wrong and why there are few excuses for it.

We are talking here about certificates for SSL encryption, which serves basically two purposes:

• Privacy — data is transferred encrypted and can only be decrypted by the intended recipient and not a third party wiretapping the line.
• Authentication — making sure the receiving end that will be able to decrypt the data is who they claim to be and data is not diverted to a different receiver by a third party with access to manipulating our transfers.

Invalid certificates obviously defeat the second purpose of verifying the other end’s identity:

Let's start with a bit of history.

Casim.ir is a URL shortener developed by Nicolas Hoizey in PHP eleven years ago (stylized by then as Cas.im/ir) with the intention of creating a light and simple URL shortener.

About seven years ago, I installed it to create my own private URL shortener at chu.so and some other open and public ones with some modifications on Nicolas's project.

Shortly after, I started contributing to the project with improvements and bugfixes and almost instantly Nicolas gave me direct write permission.

Precedent 1

Two years ago, I went to Poland to visit a friend who was there for his Erasmus program and there he met a Slovenian girl. English level in Poland is quite low and, in addition, we were in Bielsko-Biała, which is not exactly the capital, so we managed to get understood primarily via the Slovenian girl and the similarities that apparently exist between Polish and Slovenian languages.

One day, we were waiting for the bus to go to Auschwitz and it was quite rainy, so we went into a bar in the deepest Poland that had one of those machines that you put coins so you can choose which song you want to hear. We pay the price and chose Black Betty by Ram Jam and Africa by Toto. And nothing happened, no music was played at all. And trying to complain to the owners of the bar was impossible because, of course, they speak no English at all. So we let it be and just waited until it stopped raining.

It is unusual to see a computer engineer defending users. Even more if the engineer is a system administrator. It is known that the relationship between system administrators and users is tense. But when somebody tries to fool me, I get even more tense.
Let's go over the facts.

The registrar

I'm updating the administrative contact of some domain names registered with a well-known Spanish registrar. The company listed as the administrative contact no longer exists and now the domain names belong to another company, so I have to update all the data, but that's another story. Now I will transfer the domain to another registrar, so I only need to change the e-mail address to get the auth code to transfer the domain name to another registrar. I will correct the rest of the contact details at the new registrar.
I leave all data as is and just change the e-mail address, then I submit the form and it does nothing. It does not send the data, shows no message, no action, nothing. I try with different browsers and the result is always the same. Since I know a little bit about this, I go to the browser error console and this is what I found there:

It's something that I ever asked myself and recently I have somebody asked it to me again: what free (as in free beer or as in free speech) video editors are there?
A video editor is a very complex piece of software to develop, so there are not many free solutions, the few ones that we can find are not very good and the ones you have to pay for are quite expensive.
There are other types of complex software developments like web browsers and office suites, but a video editor can be even more complex and in addtion it has very specific and small user group, so they will have less ability to attract volunteer developers. Everyone use a web browser, but too few people use a video editor. It is difficult to entice a developer to devote their free time to a project so complex and with so little reception as a video editor and those who do it, won't expend the same effort. A web browser and an office suite have a much larger user base and therefore may attract a larger number of volunteer programmers willing to develop a free version. So there are very good browsers (Firefox, Chromium) and office suites (LibreOffice) and sometimes the free version may even exceed commercial version and although part of their development is done by volunteers as a hobby it also gets support and funding from major corporations and foundations such as Google, Mozilla, Oracle, Apple and Apache. Actually, none of the success stories mentioned departed from scratch but it originated in a commercial project freeing its source: Firefox comes from Netscape, LibreOffice from StarOffice and Chromium ... well, Chromium story is a little different as it has always been free software (KHTML), although it would have been impossible to exists without the contributions of Apple and Google to its WebKit engine through its commercial projects Safari and Chrome, respectively. So to have a free video editor that can compete with commercial versions, we will have to wait for Apple releasing Final Cut source code as free (don't expect for that right now).
In addition , those who have already worked with video editing have proven that it is a resource-intensive task (processor, memory and hard drive), so a video editor has to be efficient and well planned, adding more complexity to the project.
For all this, the few free solutions that are can't compete with commercial software: cut video pieces and put them somewhere else, add some simple effects and little else. As my video editing needs are very basic, with LiVES I have more than enough. Another solution is VLMC from VideoLan people who often do things pretty well (VLC Media Player), but the last time I tried VLMC was still in a very early stage of development and very limited, it was little more than a sketch. I don't know how VLMC have evolved since then, but I would not have much hope now.
An often recommended option in forums is Cinelerra, but my experience with it was disastrous because its instability made it unusable: every time I tried to do something it either hanged or closed, it was impossible to do anything.
But overall, my experience with video editing free software goes back some years, so it may have changed, hopefully well.

I envied Firefox extension for MLDonkey which allows you to add elinks and torrents to MLDonkey from the browser with a single click, even if MLDonkey is running in other PC. It's a luxury I want to have in Opera, is quite easy.

It should be even easier using -remote openURL() Opera parameter, but I got problems doing it this way (it seems to ignore %U parameter), so I finally did it this way:

Do you remember? The infamous case of Sony slipping us a rootkit with some of their audio CDs that includes the issue that hides files and registry entries beginning with $sys$, even with registry editors and some antivirus, giving the work done to virii, trojans and other malware. The scandal was immediate and the story spread widely, this is why now sounds so surprising that Sony tried the same again, this time with its USB memory sticks. It was discovered by F-Secure and heard by McAfee that showed its perplexity about Sony hitting the same stone twice and shows us that this time is even easier: it even isn't needed the user to install Sony's rootkit in order to take its advantages to virii scene, since this time the way they hide the rootkit (of course, at the API layer, so antivirus can't reach it) is with an executable file that blocks access to the directory it's executed from. Proved by a video that executing it in %windir% blocks access to the entire directory getting a useless Windows (if you'll forgive the repetition).

Update: Opera 9.50 seems to solve this problem. Check your version and update if needed.

After a serious vulnerability had been discovered in Acrobat Reader for PDF, one of the leading products from Adobe now becoming a standard, which affected all browsers now the online video format they are also trying to introduce as a standard doesn't work with some browsers. You can check that Flash plugin for Linux (it seems that also affects Windows) doesn't play FLV video with Opera (you can also find cases with Firefox or Konqueror). You can find many reports of many users with this problem, I also had my fight with it. Finally, Gentoo Bugzilla gave me the answer:

Opera has just announced through its desktop team the releasing of a new developing version for betatesting that includes a tool that makes reports about browser usage and configuration and without private information to send it anonymously to the company to improve the browser. Someone named this Opera 'Spyware', though it's a feature not present in official releases, which can be deactivated, you can read reports before sending it and the browser warns you about this the first time it's run.