- iso1631I have no opinion on Chrome skins and forks as they are still chromium
- There's only two alternatives, safari and chrome-based browsers. Safari isn't cross platform either
- Wikimedia stats from last year put it at 15% of desktop browsers, ahead of Safari and Edge.
- Clinton and Obama seem very different results to Reagan/BushI and BushII
Odd that.
- > How about the rich say that 50% of the economy should pay their fair share?
Someone with $1b of assets gets far more value from a modern stable western society than someone with $10k of assets
- To be in the top .1% you need a wealth of about $60m, certainly nothing to be worried about, it gives you a very nice standard of living.
But it's a lot nearer to someone at the 90%ile wealth of about $2m than the kind of power that those with $1b, let alone centi-billionaires, have. You're talking top level entertainers (actors, sportmen etc)
- Raising money through taxing wealth is far easier than raising money through taxing income when nobody has jobs.
- 1% of Americans would be over 3 million people, not a couple hundred.
- It's crazy how in 1992 the US federal deficit was 4% of GDP
During Clintons term this turned around to being a 2.3% surplus in 2000. Just 25 years ago the US was spending less than it was taking in tax.
The Bush came in and that surplus became a 3.3% deficit by 2003, and then the GFC crashed it to 9.8%.
While Obama was in, it crawled back from 9.8% deficit to 3.1% by 2016 - same value as before the GFC
Since then it's gone back to 6% of GDP
- Adverts should be banned, full stop.
- The sports gambling craze in the uk started after I managed to almost entirely exclude adverts from my life -- the main adverts I see are on the escalators on the tube and tend to be for shows. Even then I try to avoid the tube and walk instead.
I have been in pubs with sky sports on occasionally, and it just looks like wall-to-wall.
When I was a lad the local football team was sponsored by an international company with a large local factory. Manchester United were sponsored by a TV company. People did gambling, it tended to be old men in grubby bookies and fruit machines, middle-aged ladies doing social events like bingo, the grand national, and then along came Mystic Meg saying how someone with hair may be lucky tonight for their £1 weekly stake.
We managed to ban smoking adverts from things like snooker, but the replacement is just as bad, in a different way
- HS2 also includes major stations - a 6 platform one almost entirely underground in west london, a multi-platform extension in central london, a new station in central birmingham, a new 4 platform outside of Birmingham
- advertising ruins everything, users don't want to change to other services, news at 11.
- IP level blocks will work fine for that
- There's no (current) plans to drop below 45 day certificates with an expected renewal with 2 weeks to go.
I agree if cert lifetimes drop towards week long then it becomes problematic. A sensible thing at that point is to ensure you can issue certificates from different CAs on different underlying stacks, in the same way you use multiple DNS servers
- If you generate the root CA sure. However name constraints aren't well supported.
A far better option would be to allow me, the user, to do this in the user agent. I can import my mitm cert and today I can trust it for "abc123.com" and point that to something I want to access in that manner for some reason, but tomorrow simply toggle that trust off.
If I find that I want to use a specific website and want to do something with the traffic, then I could point that DNS to my middle-box and turn that on in my browser. With name constraints I'd have to regenerate the root certificate with the new domain, and then re-import it.
the entire concept of the name constraints puts the power into the CA issuing person rather than the user.
- It's also normally deployed by companies who want this level of access anyway
If you don't then you're simply open to encrypted comms over your deep inspection TLS breaking box anyway
- A process with kernel level permissions can patch into userspace process an intercept calls. For example https://github.com/SebastienWae/sslsnoop
- So deploy end point security, which sits in the kernel and can thus access the unencrypted communication