1029600+ entries in 0.796s
nefario: usagi: I didn't ask
that, I asked how it was?
usagi: we can get skim milk, whole milk, nut milk, soy milk, chocolate milk, banana milk, malted milk, strawberry milk,
the list goes on
exahash: @smickles, yeah,
that could work, not sure what you're using it for, or how smart your users are
nefario: usagi: hows
the milk where you are
usagi: everybody's looking forward
to
the weekend.
smickles: do you
thik it could work if i signed a cert and said, hey, import
this
to
trust me
exahash: nefario, are
there a lot of undocumented/unadvertised api commands?
nefario: but im not rolling it out and going
to bed
nefario: but am
too
tired
to roll
them out
nefario: Ive finally got
the updates for GLBSE done
smickles: also, i like
the idea of being able
to get both parts of ssl without having
to appeal
to an authority like a fucking slave
nefario: to get rid of
those fucking warning messages
exahash: didn't know you could get more
than just a
trial one for free
rg: just go
to startssl.com
rg: and
that you own
the domain
rg: cause
they can still verify your identity
smickles: if
they veryify my clearsigned cert fingerprint, and
the cert's fingerprint
the browser is asking
them
to sign is not
the same as
that,
they know it's fake
smickles: exahash: i
think you are correct
there, i just want
to present
the informantion where by a user could
trust
the self-signed cert and know it was
the correct on and not some kind of attacker
smickles: if
there are free ssl certs, what's
the point of CAs?
exahash: I
think chrome remembers
till its restarted
exahash: then
they can accept
the cert, and at least firefox will remember it
smickles: that way a user could compare
the cert's fingerprint
smickles: would
that be
the best solution without actually using a CA?
smickles: i can clearsign
the data
that
the user would see in such a viewing
smickles: when you accept a self-signed cert,
the browser gives you
the chance
to view
the cert right?
smickles: ok, i
think i have
the best solution in mind,
exahash: there may be a way
to add
to
the default certs in some browsers, but I'm not aware of it
exahash: the ssl ca's pay
the browser makers
to include
their certs
nefario: smickles:
the ssl business ensures
thats not going
to be
the case
smickles: oh my,
that's
the second
time i've hilighted
that one by accident
smickles: ssl is bonk
then,
there should be a way for a user
to accept a self-signed cert and confidently know
that it is
the correct key-pair because
they have a signed file wich points out
that it is/isn't
the proper key-pair being used
nefario: I'll have
to look into
this
Obsi: but
the asks are available for 0.1
Obsi: Yeah I'd say
that's
the best price for any asset
exahash: google 'buy ssl certificate' and look at
the prices in
the ads
nefario: Obsi: ja,
thats
the best price available for
the asset
exahash: if you want
that
to happen automatically, you have
to pay for one signed by a cert
their browser already
trusts
BTC-Mining: It happened before, issuers
that issued a master certificate
that were eventually leaked and could pretend
to be any of
their client's website afterward.
exahash: you could
tell
them
to inspect
the cert and go verify
that its fingerprint matches one you publish
BTC-Mining: Result? People only see
the "trusted" when you use certificates from another party which might just end up giving main certificates which can overide all
their customer's SSL certificates.
smickles: exahash: yeah, i'm saying i should be able
to gpg clearsign something
that assures it is
the correct key-pair
smickles: exahash:
that's what i'm
talking about, but how would
the user know it's
the correct key-pair
nefario: smickles: you understand
the concept of chain of
trust right?
exahash: people have
to click a few extra buttons
to accept it
BTC-Mining: No, browser only recognize a few issuers because
they're stupid
smickles: is
there really no way
to make my own
that people would
trust
to use on my site because it's signed by me?
nefario: which is where
the form is
taken from
smickles: then what sort of data does verisign provide
to
the browser?
nefario: BTC-Mining:
there is for
the API
smickles: I haven't looked into ssl all
that much, but is it possible
to use a self-signed cert and in place of a 'trusted
third party' such as verisign, couldn't i sign something with my gpg identity
that would provide
the same info
the
trusted
third party would?
nefario: because of
the request limit
BTC-Mining: nefario, why do I often have
to reload
the page for
the buy/sell form
to show up?
smickles: (actually, probably many people who frequent here could answer
this)
exahash: most americans
take payment systems for granted.
they're not aware of how
things differ internationally
area: Indeed, it was apparently a news story
today
that
Tom Cruise went
to get a curry and couldn't pay with AmEx
area: You can get AmEx in
the UK, but a surprisingly large number of places don't
take it
Azelphur: not like I'mma be paying interest on it or anything since I'll be paying it off at
the end of every month
Azelphur: then go for
the 3% cashback again
Azelphur: but yea I don't really care
too much, I'll use
this
thing for a year for general shopping / online purchases
to build up a score
rg: sometimes
they invite you
to get a real amex
Azelphur: I have
to do
that anyway since I have a debit card
rg: you shoulda got
the amex prepaid
rg: and
they let you spend it
rg: you gotta give
them your money
rg: and
then i remembered
they're mine
Azelphur: figured I should get one since I buy shit online all
the
time it'd be good
to have
the fraud protections
that come from having a CC
Azelphur: my credit check is real assy
though, it doesn't show
the bills I pay, it says all my bank balances are 0, and apparently being 22 is a point against me getting a card \o/
Azelphur: I have
to wait like 2-3 months before applying again not
to damage my rating
though \o/
exahash: you use
them carefully for a while
to get your rating,
then go for a "real" card
exahash: not sure about
the UK, but here store cards are easier
to get
Azelphur: a secured capital one card
to build my rating up \o/
Azelphur: rg:
the uk equiv of capital one is capital one,
that's what I got recommended
to
try next haha
rg: or if
they have
that,
they offer some really awful credit cards
rg: like
the UK equiv of Capital One
Azelphur: funny enough I actually pay bills,
they just don't show up on my credit check
rg: Azelphur: you'll have
to get a shitty credit card
to start
exahash: check out creditboards.com -
there are loads of
tricks, you just have
to have
the
time
Azelphur: I also have no credit score (never
taken out credit before)
Azelphur: exahash: I wasn't particularly expecting
to get it baring in mind I'm unemployed and wanted a rewards card lol
Azelphur: mircea_popescu: I don't have a gf or a landlord,
the studies must be
true!
mircea_popescu: and i
think
there was a study
that most likely reason for gfs dumping blokes
rg: making you less likely
to get another card
rg: counts as a hard query on your credit report
too
Azelphur: got rejected for a credit card
today \m/
rg: it was just
t show
the other monkeys i was serious
rg: i punched a monkey in
the face. he didn't even do anything wrong