Absolutely; I think calling the function xor would be more appropriate.

The best part is the website hxxps://www.honestachmed.dyndns.org/ is still up.

pardon the side question, what is this trend of rewriting http in hxxp ? a reflex from platforms that don't allow sharing urls ?

I do this to defang the url to prevent unintentional clicks or automatic previewing when working and reporting on security events. Sometimes the habit bleeds over.

ha, makes total sense :)

I might get into this habit too (and it's somehow funny how ~ergonomics can backfire)

Yeah, and http only :) It would be hilarious if it had invalid cert.

Thank you for pointing this out. I only got to catch the tail end, but it was really cool to watch.

You can re-watch it using the same URL if you want to see it from the beginning.

The other “half” of the issue is getting the os, browsers, and devices to support the standard as well. That’s a whole other can of worms.

Like gorkish wrote: No new standards or standard changes affecting any of those necessary. It's only a matter of will and culture on part of CAs.

Name constraints are an optional feature in the standards. A client can ignore the constraints and be completely standards compliant.

Should the CAs issue intermediate certs that are only secure if a client implements an optional feature?

And even if most web browsers support name constraints properly - who knows if that cheap network webcam does, or that old mail client, or that 20 year old retro PC game?

This isn’t strictly true.

If you want to uphold the name constraints in your CA cert, mark the field as critical. At that point clients that don’t understand them should fail validation of the CA cert.

So it may have limited use-cases today if you require full compat for all clients. For example internal controlled networks like discussed in the article.

Just like you presumably already wouldn't issue LE certs when you need to support clients with ancient CA bundles.

How do you think TLSv1.3 ever got rolled out?

Your phone?

I mean if its being hostile to your LAN then why not?

Let the hostile phones, TV's, sonos, toasters, etc live on the IOT network and your laptop, desktop, NAS and whatever else you value live on a your actual LAN.

36 participants on metabolic processes study seems like a small sample size

Not defending ridiculous claims based on small sample sets, but isn't this how it's supposed to work? You run some tests and notice a pattern and develop an hypothesis, and then continue to expand the test to see if it holds true? Then other groups perform the same tests to hopefully receive the same results so that we end up with known facts. Essentially, the definition of scientific method.

Yeah, but people aren't actually that interested in the scientific method here. Criticizing things is an easy way to appear smart, and that's the main point.

Empirical research has never been about some true/false binary; that's a myth perpetuated on HN. It has always been about strength of evidence, improving models, and opening paths for future research. I've seen people dismiss case studies by decrying that their n=1, for god's sake.

Nextcloud--if you're already using--it is awesome.