• 3 Posts
  • 48 Comments
Joined 1 year ago
cake
Cake day: June 7th, 2023

help-circle







  • canni@lemmy.onetoAntiwork@lemmy.worldFry cooks
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    My man, this is not an argument for or against capitalism.

    If two skills are of relatively close societal value, and one is harder to do, learn and master, that craft deserves more respect.

    This is not a reflection of any individual.



  • canni@lemmy.onetoAntiwork@lemmy.worldFry cooks
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Except some skills are much harder to learn and some skills are much more valuable to society than others. I would argue the hard to learn, more valuable to society ones are “better”. I don’t think the people performing them are better or worse, but it’s fair to elevate and celebrate certain jobs over others.



  • So you gave up online dating a decade ago? The Internet has come a long way since then.

    I don’t know what you’re looking for, but I would urge you to give it another try if you’re not finding what you want. It’s not magic, but it will simply put you in front of a lot more people than you would otherwise see. If your perfect match is a 1 in 1000 you’ve got way better odds running into them online than via random chance IRL.







  • If I understand the question, the traffic in your local intranet will basically always be encrypted with your root cert. So client -> proxy with your cert, then normal internet encryption from proxy -> internet.

    For the apps, it depends on the app, but you can usually insert your cert into their store, it might just be different than the systems store. This could be hard to do on an non-rooted iPhone, idk. My experience is with Linux desktops. For example, in chromium based apps, there is a database in ~/.pki/nssdb that you can insert your cert into. Again, this is something I do at work where we have a very tightly controlled network and application stack. I would not recommend a MiTM proxy for your home environment, it will only cause headaches.


  • I think it’s important to understand how a typical SSL certificate is generated. Basically, there are a handful of companies that we have all agreeded to trust. When you download Chrome it comes with a set of trusted root certificates, so does your OS, etc. So when Amazon wants to create an SSL for amazon.com, the only way they can do that is by contacting one of those handful of trusted companies and getting them to issue a certificate that’s says Amazon.com. When you go to the site, you see a trusted party generated the cert and your browser is happy.

    When you create a new root certificate and install it on your computer, you become one of those companies. So now, you can intercept traffic, decrypt it, read it, reissue a certificate for amazon.com (the same way Amazon would have gotten one from the third parties), reencrypt it, and pass it along to the client. Because the client trusts you it’s still a valid certificate. But if you inspect the certificate on the client side the root signer will no longer be GoDaddy or whatever, it will be you.