I posted a reply in the main thread explaining how technically illiterate this comment is, but the mods seem to have deleted it (I wonder why?...).
This isn't how TLS certs work at all. There is no such thing as the 'line of trust' you're describing. Changing a domain name for any site is also trivially simple. The only bit that can complicate things is if you have the change a bunch of links coded into your old site. Nothing to do with TLS certs at all.
The only thing that partiots.win having a TLS cert proves is that the cert was requested by whoever operates/own patriots.win. Anybody that had access to thedonald.win servers would have been able to set up this clone.
I doubt it's a honeypot because I doubt there's much value they could get out of operating it as one.
I think these are more reasonable questions to ask yourselves:
Who are the only people in the world with enough influence to prevent literally any form of civil unrest from taking place during the Biden transition?
Who are the only people in the world who could convince Trump supports to do nothing at all during the sham election?
Who are the only people in the world who could make Trump supporters content with sitting around for 4 years while he did essentially nothing at all to drain the swamp?
I would say the answer to all of those questions is TD mods, and I would say TD in the state it's been in for the past 4 years has been much more valuable to the swamp existing rather than not. Whether the mods are shills or not seems a bit academic to me (but they don't help their image with their lack of transparency, but then they don't seem to care about their image all that much). It seems obvious to me that the reason this site still exists is because the people with the power to take it down are happy not to (it's certainly not because of the mods business continuity prowess). This community is a bit of a disorganised mess, it doesn't represent any threat to the swamp, and I would say that it's actually rather effective at pacifying discontent amongst Trump supporters.
Ramirez! Save the republic!
I imagine a fair few readers here would be put off by is disparagement of religion, and I personally don’t agree with plenty of what he said. But I’ve always viewed his work as having a couple of different core ideas in relation to truth. The first is his assessment of the problems you run into when you attempt to determine what is true, especially relating to dogmatism and authority. The second is how he thinks a life should be lived in light of this.
His criticism of dogmatism, which he typically applied to the church, can be equally applied to modern science worship, social Marxism, “fact checking/misinformation”... and he made some very compelling arguments in his criticism. In regard to how a life should be lived, I think Kierkegaard made some much more compelling argument than Nietzsche did.
Nietzsche’s commentary on dogmatism and truth, and the arguments he put forward in this area are incredibly insightful.
I’m sure many of us would agree with this quote:
All things are subject to interpretation, whichever interpretation prevails at a given time is a function of power and not truth.
Nietzsche was a promoter of skepticism and independent thought, and saw the use of authority to control truth as being a despicable tyranny. If you read his work you’ll see most of his criticism in this area directed at organised religion, but that’s simply due to the fact that at the time he was writing, it was the church who abused dogmatism and authority to control the masses.
I think, philosophically speaking, his shortcomings were not understanding the role faith plays in a human life. And by faith I mean faith in the things you believe, not necessarily in religion. But his commentary on truth is very well founded.
Historically, the most robust approach has been to go with country code TLDs that have shown they don't easily bow to pressure.
.ch (Switzerland) and .li (Liechtenstein), which are both operated by the Swiss administrator Switch, has a reasonably good history of not bowing to external pressure to terminate or seize domains.
https://www.theguardian.com/media/2010/dec/04/wikileaks-site-swiss-host-switch
.me domains (Montenegro) are also very popular with piracy sites, and have proven quite resilient to seizure. The way the registry structure isn't as solid as .ch (there are US companies involved), but the administrator is highly motivated keep usage of .me as open as possible, as registration revenue represents around 2% of total Montenegrin exports.
Whatever you choose, you want to minimize the influence of US courts, and look for the good track records of resisting external pressure to shut down domains.
.pl is administered by a polish organisation called NASK, and they’re who would action any seizure. FWIW NASK is a member of CENTR (Council of European National Top Level Domain Registries), but I don’t know how much influence they’d have over NASKs administration.
Not very good choices.
.com is run by VeriSign, the company responsible for nearly all domain seizures.
.space is run out of Dubai, by a registrar that once had the US government issue ICANN GAC Early Warnings to every single one of its pending TLD applications.
.win is run by a registrar that was originally a spin off from Lockheed Martin, and is now owned by Golden Gate Capital (and you can guess where that’s based).
We haven’t had to deal with a seizure yet, but this doesn’t look like a very good strategy for preventing it.
I’m particularly certain that banning him from public office can only be done if he has been convicted. It’s not explicitly stated in the constitution, but no Supreme Court would ever agree that congress has the power to prevent a person from running for office with a simple majority.
Whether a vote to ban him requires a simple majority (after a potential conviction) is constitutionally incredibly dubious.
Whether a trial can held after he has left office is even more dubious.
Whether the presidency is even included in this portion of the constitution is also incredibly dubious.
The whole thing is such a farce that I struggle to take it as being any sort of serious threat. But trying to ban him from public office does seem like their motive here.
This is correct. If the senate convicts him, they can legally ban him from ever holding office again. Isn’t this the obvious reason that they’re doing this?
Services like that can be an ok solution for distributed object/file storage. They have a few serious drawbacks though.
For starters, the networks themselves tend to be very fragile. This is partly because all applications in this category are still rather immature development-wise, and partly because these networks need to be very widely adopted to work properly. There are no services like this that are widely adopted enough to actually provide the resiliency they’re aiming for.
More importantly, these type of services are not fit for the purpose of providing the persistence layer to a web app. You can’t just put a front-end in front of this sort of object storage. You need an intermediate web server to retrieve, decrypt and serve the data. This would cause at least two problems. Each document (every post, and every comment on td.win, or parler for instance) would need to be independently stored as its own object on the network. It basically wouldn’t be possible to rely on any sort of consistency in a system like this, and it would be monumentally slow. Furthermore, even if you go to all the effort of getting something like this to be almost functional, you haven’t actually removed the need to have a hosted web server as a point of failure. So you’ve basically done all of that for nothing.
A couple more issues you’ll run into are that in order to get resiliency out of these services, you need to massively over provision for redundancy. Which ends up being very expensive. These services also tend to compensate the storage providers based on storage rather than storage and bandwidth, so you’ll run into issues of host nodes ditching you if you’re a high bandwidth service. Especially if you’re being DDoS’d, which these services don’t really provide a mechanism for dealing with.
They have limited uses in simple forms of content distribution or backup, but for a full web application like td.win, which needs a functional database backend, these services don’t work, and won’t any time soon.
Depends on your threat model.
If it’s possible to find service providers that you can trust to host you (whether they’re providing colo/VPS/“cloud”... doesn’t really matter), then you’re much better off making your infrastructure as portable as possible. That way if one service provider decides to unexpectedly censor you, then you can just pick up and move.
If you want to build a service that is actually resistant to censorship, then you need to build a properly distributed or decentralized system. That’s a much more complex type of system to design (there’s really only a handful of such systems in the world).
Building a multi-cloud service brings all of the challenges of building a distributed system, but without actually achieving much resistance to censorship. At the end of the day, you’re going to need to end up being hosted by a service provider willing to give you service. So you’re much better off just looking for those service providers to begin with.
The rather niche usecase where multicloud (almost) makes sense is if you want to protect against a major service outage at one cloud provider. But even then, it’s a tremendous amount of effort for very little return. You could do “multicloud” by building a service in AWS that you could restore to Azure in say 30-90 minutes if you wanted to. That would be significantly less complicated, but it’s not the sort of active-active configuration that most people think of when they hear that term.
Maximizing portability makes sense in any case, because vendor lock-in is always going to be a risk, whether you’re concerned about censorship or not.
Multi-cloud is mostly just a meme. Especially if you’re trying to run an active-active multicloud environment. You can try it, but it will always suck, and never work properly.
If you want to be service provider agnostic, run everything in your own kube and host your own CI/CD tooling. You won’t have real-time RTOs, but you’ll be able to get yourself up and running basically anywhere pretty quickly if you have to.
Also, the single biggest lock-in feature for AWS is IAM, and most people never even think about it. So be careful with how you use that if you want to be able to move smoothly.
Edit: and if you’re going to run your own kube, use Knative. Makes it so much easier.
I don’t think a deviation from frog boiling is necessarily a sign of anything deeper. Trump couldn’t be slowly banned from Twitter. He would always have to go from being not banned to being banned. To me it seems like all they’re doing is using a “crisis” to rip the bandaid off. Especially now that they know they won’t face any legislative repercussions.
The fact the “crisis” only exists in the headlines of the newspapers, and in the deluded pr releases these companies are making doesn’t matter. Almost every headline around the world says Trump had been banned to prevent him “inciting further violence”. It’s just the finishing move from these big media companies.
They don’t care about how many people support Trump, or conservatism, or liberalism, or socialism today... Their goal is simply to have a generation of people grow up with this level of control of speech and ideas being normal.
The default goal of any person or group who has power is to increase their power. You can see it in your office, when the wrong type of person gets promoted to be a manager, and they just start micromanaging everybody. You can see it in the government when every single year they regulate our lives more and more. You can see it in these media companies, where every strategic decisions they make is designed to give them more control over the flow of information, and the ability of people to express themselves.
They’ve already gotten away with it. It doesn’t matter how much we despise it. The only thing that matters is whether they can get away with it long enough for enough people to grow up with this being completely normal. Because every day we will just become an ever shrinking, ever aging group of people that the youth doesn’t understand.
America was the last hurdle for this, because Americans are the only people who distrust authority enough to still have some skepticism left.
This isn’t true at all, business continuity for this site would be almost impossible to implement in this way. There are so many points of failure.
For starters, td.win needs DDoS protection, and there’s only a few companies in the world capable of providing it.
Companies like Google and Apple also control whether td.win’s TLS certificate works at all. Heck, they even control whether web browsers will allow this page to load.
ISPs control whether users are allowed to access it at all.
If the admins want to set up all their own infrastructure, that’ll require a lot of money. I’d bet they’d find people willing to pay it, but guess who controls whether you’re allowed to take payments?
There’s also only a few companies that make the hardware required. So what are you gonna do if they don’t sell it to you?
If you’ve ever heard the quote “If you want to make an apple pie from scratch, you must first create the universe”, well if you want to create td.win from scratch you must first create your own internet, banking system, and the entire hardware stack from top to bottom.
There’s so much misunderstanding here that is going to be a bit of a struggle to unpack all of it.
For starters, certificate pinning is the process of associating a particular TLS certificate (or collection of certificates) with a particular domain name. Any CA (essentially the companies that provide TLS certificates) can issue a certificate for any domain, and your browser will check these things when it loads the web page:
That the certificate was issued by a trusted CA (your operating system and browsers have a list of CAs that they trust)
That the domain name of the web page matches a domain name listed in the certificate.
Certificate pinning implements one additional check. Instead of just trusting any valid certificate from any CA, certificate pinning says only trust this list of particular certificates.
So it’s completely irrelevant to this discussion for two reasons.
This is a new site, running under a new domain. Whatever config was operating on thedonald.win is completely irrelevant to how this site is configured. There is no way thedonald.win admins could have configured their site that would have prevented somebody from registering patriots.win, and hosting a clone there.
Certificate pinning is configured in client side code. When you navigate to a website, your web browser sends a request to a server, and asks to download all of the code and content it needs to load the web page. If you want to implement certificate pinning on a website like this, you would write that code with some checks in it that confirmed whether the correct certificates are being used by the web server. Whoever is hosting patriots.win would have total control over what that code did.
Aside from having no relevance at all to this discussion, certificate pinning is also being deprecated just about everybody who previously supported. The reason being, as astute readers may have already gathered, it’s almost completely useless.
Secondly, there is no such thing as a token in the TLS protocol. The TLS certificate on patriots.win has absolutely no relationship whatsoever to the TLS certificate on thedonald.win.
Also, when you browse to patriots.win, the patriots.win web server has total control over what cookies you use. No cookies issued by thedonald.win will ever be used by your browser when you’re on this site. They have no relevance at all. Cookies also have nothing to do with TLS, they’re just little bits of information that the web server told your browser to remember.
Anybody who either had the source code for thedonald.win or went to the (rather trivial) effort of manually recreating it, could set up as many web servers as they want, register as many different domains as they want, issue TLS certificates for each one, and you could browse from on to another ad infinitum without ever having your browser produce any sort of error.
The fact that auth still works suggests the operators of patriots.win might have been the same people as the operators of thedonald.win (this also completely unrelated to TLS certificates). In any case the fact that auth still works means one of the following things must be true.
Whoever is currently in control of authentication.win has willingly integrated their sso service with patriots.win
Whoever is currently in control of authentication.win has nothing to do with patriots.win, but could choose to break patriots.win auth if they wanted to.
Whoever is currently in control of authentication.win has such a terrible codebase that they actually can’t prevent patriots.win from using their sso without also breaking it for all the .win sites.
The only thing TLS verifies is that the domain name and web server are controlled by the same people. That’s it. That’s all it does. The fact that patriots.win has a TLS certificate has no relevance at all to the topic of whether the patriots.win admins are the same people as thedonald.win admins.