So we're worried about cops violating civil liberties by not getting a warrant, but we'd rather they go harass random (potentially innocent) civilians to do investigations?
Huh? They really don't. It's actually kind of unfortunate that browsers don't have uniform policies about what certificates they accept, but for obvious reasons each browser wants to make their own decision.
They do have uniform policies, those policies come from the aforementioned CA/Browser Forum, which has been issuing its Baseline Requirements for over a decade.
The fact that it's 2026 and the CAs are only now getting around to requiring any CA to take DNSSEC, which has in its current form been operational for well over a decade, makes you take DNSSEC more seriously?
LetsEncrypt has been checking for DNSSEC since they launched 10+ years ago.
The ACME standard recommends ACME-based CAs use DNSSEC for validation, section 11.2 [1]:
An ACME-based CA will often need to make DNS queries, e.g., to
validate control of DNS names. Because the security of such
validations ultimately depends on the authenticity of DNS data, every
possible precaution should be taken to secure DNS queries done by the
CA. Therefore, it is RECOMMENDED that ACME-based CAs make all DNS
queries via DNSSEC-validating stub or recursive resolvers. This
provides additional protection to domains that choose to make use of
DNSSEC.
An ACME-based CA must only use a resolver if it trusts the resolver
and every component of the network route by which it is accessed.
Therefore, it is RECOMMENDED that ACME-based CAs operate their own
DNSSEC-validating resolvers within their trusted network and use
these resolvers both for CAA record lookups and all record lookups in
furtherance of a challenge scheme (A, AAAA, TXT, etc.).
Yes, that's my understanding as well. You'll notice my top-level comment from a few hours ago says that as well.
(You edited your comment to include more detail about when LE started validating DNSSEC; all I know is that it's been many years that they've been doing it.)
Why dodge the question? Clearly they care today, and I live in today.
If we're doing to defer to industry, does only the opinion of website operators matter, or do browsers and CAs matter too? Browsers and CAs tend to be pretty important and staff big security teams too.
Barely 5% of the internet have DNSSEC signed zones and a big chunk of that are handled by CDN's that do the signing automagically for the domain owner as they also host SOA DNS. Mandating DNSSEC would require years of planning and warning those that have not yet set it up and in my opinion DNSSEC tooling should become a better first class citizen in all of the authoritative DNS daemons. as in there should be so many levels of error handling and validation that it would be next to impossible for anyone to break their zones.
So do we wait for all the stragglers? Wait for the top 500 or top 2500 to make it mandatory? Who takes financial responsibility for those that fell through the cracks?
No CA requires DNSSEC. Obviously they can't: almost nothing is signed. The only change "today" is that technically CAs are now required to honor DNSSEC, where they weren't before.
I think the fact they don't require it shows it's moribund. If cert providers (or google with their big stick of chrome) specified it is required to have DNSSEC to get a certificate, everyone would jump in line and set it up because there'd be no other choice.
I agree that not checking it all is an even worse signal. I'm just saying the fact that this is officially enforced only in 2026 is itself a bad signal. At any rate, the CAs you'd have worked with were enforcing DNSSEC this whole time.
I agree that it's relatively easy for CAs to validate DNSSEC. I think the fact that they weren't technically required to, despite the sole remaining use case for DNSSEC being to protect against misissuance, is a pretty strong indicator of how cooked DNSSEC is.
Is massive capital expenditure not also required to enforce the GPL? If some company steals your GPLed code and doesn't follow the license, you will have to sue them and somebody will have to pay the lawyers.
> Is massive capital expenditure not also required to enforce the GPL?
It's nowhere near the order of magnitude of the kind of spending they're sinking into LLM's. The FSF and other groups were reasonably successful at enforcing the GPL, operating on a budget 1000's of times smaller than that of AI companies.
Right but LLM companies are building frontier models with frontier talent while trying to sock up demand with a loss leader strategy, on top of an historic infrastructure build out.
Being able to coat efficiently run frontier models is i think, not a high priced endeavor for an org (compared to an individual).
IMO the proposition is little fishy, but its not totally without merit and imo deserves investigation. If we are all worried about our jobs, even via building custom for sale software, there is likely something there that may obviate the need at least for end user applications. Again, im deeply skeptical, but it is interesting.
> Being able to coat efficiently run frontier models is i think, not a high priced endeavor for an org
Running proprietary model would make you subject to whatever ToS the LLM companies choose on a particular day, and what you can produce with them, which circles back to the raison d'etre for the GPL and GNU.
Until all software copyright is dead and buried, there is no need for copyleft to change tack. Otherwise there rising tide may rise high enough to drown GPL, but not proprietary software.
Open source is easier to counterfeit/license-launder/re-implement using LLMs because source code is much lower-hanging fruit, and is understood by more people than closed-source assembly.
No, the real law is what's written by the Tampa/Florida legislature (or I guess you could say the "real real" law is judges' interpretations of what is written). While it may be inconvenient, if you are falsely issued a ticket while following the real law you can have the ticket thrown out.
I don't know for sure because I don't live in Tampa, but it is generally free (minus the opportunity cost of your time) for these types of tickets, no lawyer or other expense required.
How would you find a government entity? This is just moving money from one government budget to another.
The USPS is like this because of the persistent belief that it's not enough for government entities (think USPS, Amtrak, etc) to provide a good service for the citizens - they must also (try to) turn a profit.
If we as a society considered it acceptable for the USPS to spend money to ensure everyone in the US had mail access without selling out to corporations to turn a profit, they wouldn't need to have products like EDDM blasting spam to entire zip codes.
The whole governmental agencies should be profit seeking businesses needs to died ignobly in a ditch. The reason we pay taxes is so that we don't have to handle the logistics of running the thing we pay for.
If you want to adopt this in your project, you can add a linter that explicitly bans innerHTML (and then go fix the issues it finds). Obviously Mozilla cannot magically fix the code of every website on the web but the tools exist for _your_ website.
Not them but the formatting screams LLM to me. Random "bolding" (rendered on this website as blue text) of phrases, the heading layout, the lists at the end (bullet point followed by bolded text), common repeats of LLM-isms like "A. Not B". None of these alone prove it but combined they provide strong evidence.
While I wouldn't go so far as to say the post is entirely made up (it's possible the underlying story is true) - I would say that it's very likely that OP used an LLM to edit/write the post.
I'm not an MD or expert in this field enough to know if OP is right or wrong, but I think it's fairly reasonable to be irritated people are claiming software has a health benefit based on vibes/feels.
I thought we as a society had moved on from superstition to evidence-based medicine, but in this very post there are plenty of replies countering OP's scientific analysis and data with anecdotes (which is disappointing regardless of if TFA is correct or incorrect).
Is it superstition to deduce that I get gassy after eating beans? I need a scientific study to tell me this? Same for if a screen hurts my eyes (not long term, like truly my eyes hurt) when using bright white colors at night.
Yes, actually, if someone has direct scientific evidence contrary to the claim (I doubt such evidence exists for your first example as to the best of my knowledge the relationship between beans and gastrointestinal changes is well understood).
Your eyes could hurt for a variety of reasons - brightness, too long screen time, being dry for external reasons, etc. Most humans are poor at identifying the cause of one-off events: you may think it's because you turned on a blue-light filter, but it actually could be because you used your phone for an hour less.
That's why we have science to actually isolate variables and prove (or at least gather strong evidence for) things about the world, and why doctors don't (or at least shouldn't) make health-related recommendations based on vibes.
It's pretty clear, even on monitor, night and day difference at a push of a button. I'm not arguing if this helps you sleep better but it is pretty arrogant of you to tell me I can't figure out from my own experience if something is comfortable or not.
It’s about the equivalent of someone claiming my saying I find woollen clothing directly touching my skin to be irritating / itchy requires double blind randomised controlled studies to determine whether this is true at the population level.
There are eight billion of us, we can’t all be different, there must be at least some categories we can’t be sorted in to, maybe those who find woollen clothing itchy and those who don’t, and those who find blue-light reduction more comfortable and those who don’t.
One of my pet theories is that this hyper fixation on The Ultimate Truth via The Scientific Method is what happens when a society mints PhDs at an absurd rate. We went up with a lot of people who learn more and more about less and less, and a set of people who idolise those people and their output.
If your eyes routinely hurt when doing something, and then they stop routinely hurting after you make a change, that's pretty good reason to believe that there's a causal effect there.
Sometimes the causality is clear enough that you don't need sophisticated science to figure it out. Did you know that the only randomized controlled trial on the effectiveness of parachutes at preventing injury and death when jumping out of an airplane found that there is no effect? Given that, do you believe there really is no effect?
To be fair, I should have said something like "claiming software has a health benefit based on vibes/feels". I personally prefer the look of night/dark mode (or whatever you call it) in apps and the browser, but I'm not going to claim it makes me healthier or improves my sleep or whatever.
If you just like how something looks, that's fine, but there's a difference between "I like how X looks" (subjective opinion) than "X helps me sleep better" (difficult to prove but objectively true or false).
Edit: Changed this in my original message as it seems multiple people got confused by my prior poor wording.
> you can feel your eye muscles release tension when you go from light to dark mode
For those like me, i'd like to add, this is not universally true. For some, dark mode will provide a significant reduction in comfort and increase in your fatigue and other symptoms.
Quite a few years back now, I started having significant problems with my eyesight that for the longest time I failed to match up to the switch to significant dark mode usage.
Turns out for many (though perhaps not all) with astigmatism, dark mode can induce issues that will wipe any potential positive impacts normal people experience. In my case, it gave me horrific blurryness/double vision that I thought was my eyes developing some new problem.
I'd tell the eye doctors "it seems to start fine then get worse as the day goes on!"
No, in fact what was actually happening, was in the afternoon my machines were scheduled to start shifting to dark mode. At which point the issues would start and my eyes would feel "heavy." It would fatigue my eyes so heavily that even not looking at displays would be affected.
I can not believe it took so long to connect the two, but I never even considered dark mode because it was so heavily pushed (along with reductions in brightness) as the answer to general monitor usage fatigue that I never remotely considered it may do the opposite, which to be fair, is on me.
Point is...if you have astigmatism, verify for yourself before rolling over to the full commit. Hopefully you are fine, but if not, you'll know why.
End of the day, dark mode would've been totally ignored if there wasn't a perceivable benefit, placebo or not. People want to make everything difficult, I guess.
A phrase like I'm more trained in science is an appeal to authority, which is pretty suspicious, as is not trusting your own observations. How do you trust the data you collect?
feel in this case is a muscle contraction not psychological as you're suggesting
Sandpit should be a personal (often local, if possible) dev environment. The reason people get mad about dev being broken for long periods of time is that they cannot use dev to test their changes if your code (that they depend on) is broken in dev for long periods of time.
reply