Are they requiring DNSSEC in order to acquire the certificate? That would be a better indicator to me that it's not security theater=security

Barely 5% of the internet have DNSSEC signed zones and a big chunk of that are handled by CDN's that do the signing automagically for the domain owner as they also host SOA DNS. Mandating DNSSEC would require years of planning and warning those that have not yet set it up and in my opinion DNSSEC tooling should become a better first class citizen in all of the authoritative DNS daemons. as in there should be so many levels of error handling and validation that it would be next to impossible for anyone to break their zones.

So do we wait for all the stragglers? Wait for the top 500 or top 2500 to make it mandatory? Who takes financial responsibility for those that fell through the cracks?

No CA requires DNSSEC. Obviously they can't: almost nothing is signed. The only change "today" is that technically CAs are now required to honor DNSSEC, where they weren't before.

I think the fact they don't require it shows it's moribund. If cert providers (or google with their big stick of chrome) specified it is required to have DNSSEC to get a certificate, everyone would jump in line and set it up because there'd be no other choice.

I agree that not checking it all is an even worse signal. I'm just saying the fact that this is officially enforced only in 2026 is itself a bad signal. At any rate, the CAs you'd have worked with were enforcing DNSSEC this whole time.

Which is really unfortunate, since it's pretty easy to do.

I agree that it's relatively easy for CAs to validate DNSSEC. I think the fact that they weren't technically required to, despite the sole remaining use case for DNSSEC being to protect against misissuance, is a pretty strong indicator of how cooked DNSSEC is.

I know for a fact that GSB contains non-malicious sites in its dataset.

It is possible for sure. what's your point? spamhaus does too with IPs, abuse.ch does too, every enterprise firewall's reputation list does too. that's the whole point of reputation, if it was reliable 100% it wouldn't be "reputation".

You claimed they all are malicious sites or they wouldn’t be included but that’s factually incorrect

I assumed a human review is always in place, if not then you're right and I was wrong.

I hate subscriptions as much as the next person but how would you pay for continued development of software? Do you say a person can continue to run version X forever but if they want a new version they pay for it?

> Do you say a person can continue to run version X forever but if they want a new version they pay for it?

I'm not particularly interested in sustaining the financial growth of software companies. I did that for years and I'm done.

But, what you suggest is literally what the software industry did for decades before subscriptions became the norm.

It's LLMs all the way down

I think that's a naïve idea if you think punishing a company will have any affect on the situation.

Punish Musk; charge him with one count of producing CSAM per generated CSAM image. Charge him with one count of sexual harassment per nonconsensually generated and shared image.

Do this in state court, so it is not pardonable.

He is hosting a rape room.

He has the power to stop it, but does not.

It will tangibly lead to less CSAM on the internet, so yeah it will have an affect.

Obviously we can't just - poof - make people not child molesters or not murderers. But that doesn't mean we should sit on our asses and do nothing.

The problem is wordpress does require a database server by default.

And reality is most blogs could be better served by a static web host platform with lower maintenance and less security risks.

Then the reality is that the blog should be migrated to fully static contents. You have generators, many of them (f.ex. Zola), where you write Markdown files, run a command and run `rsync` to your host.

Unfortunately your silly rule is something that exists (not for interior decorators of course) but for countless other trade jobs (barber, plumber, etc). Whether that's good or bad I can't say

It does exist! https://occupationallicensing.com/occupation/interior-design...

Yes, it has gotten that bad.

>Whether that's good or bad I can't say

I personally see it as good. Why wouldn't I want someone I trust with my hair or pipes to not have something to vouch for them?

It's only a downside if you see cost as the most important thing about all else. The clear consequence is that a trained barber/plumber will require higher compensation to make up for the training, and due to less supply since not everyone will be able to get a license.

It's unambiguously good, and that's coming from the perspective of someone who is routinely frustrated by regulations around residential plumbing and electrical work. It would be utterly insane to remove minimum credential and testing requirements from trades where fucking up results in catastrophic damage to a structure, fires, etc.

What about old school Chris Crawford's book "The Art of Computer Game Design"?

From US sales, Audi can't give away their electric cars. Is it any different in Berlin or are you referring to gas/diesel Audis?

The VW group sells 13 different vehicles built on the MEB platform. The id.4 alone sells comparably to the Tesla Y, but if you consider all 13 the same car they are far and away the best selling car in Europe.

Considering all 13 the same might be a stretch, but if you just take the 6 that are the same size as the id.4 you still end up with the same result.

In 10-20-30 years, which one do you think you'll be able to maintain - obscure VW ID.4.324.7-cz or Tesla Model Y?

The VW, obviously. With most parts shared across 13 models and all models static for at least a year and usually longer. Plus VW has a good history of parts availability.

Tesla on the other hand is famous for both making minor changes to their vehicles pretty much continuously and a bad history of parts availability.

1M cars over 13 models mean you’ll have no parts at all. 10M identical cars means there’s massive third party supply. Parts are already cheaper than Toyota’s.

Teslas very much aren't identical over models. Remember this? https://www.extremetech.com/cars/314871-tesla-model-y-owners...

Moot point over a bracket when car has over 30k total parts.

A typical car sells tens of thousands per year and has no problem with parts availability. 1M cars is even easier.

Rivian and Lucid sells like 15k per quarter and is on verge of bankruptcy.

I have hosted the models (mostly regression and random forest) WV use to predict missing part availability at their dealership in 2018-2020 (considering sales in the area, average fabrication/delivery time, likeliness of the part having to be replaced, probably others).

I guarantee you that even if I don't like their car, their dealership will very likely have the part you need around the time you need it. It's not the only car-adjacent company that does something like this (Valeo for sure does it too, i worked with them also), but I'm pretty sure it's the only one who has an internal data scientist team working on it.

Is this a trick question? I know the Tesla software locks as much as possible to prevent third party repairs.

Huh? All cars are software locked.

With Tesla at least you can pay $5 per day to use their tools (and you NEED their tools because they are up to date with cars firmware).

I'm sure once cars are EOL'd Tesla will release final version of diagnostics, like they did with Roadster - https://github.com/teslamotors/roadster

All? My 1927 Ford doesn't seem to understand bluetooth

... What makes you think a VW ID.4 is obscure? I think it's usually the best-selling electric car in Europe. You see way more of those with recent (last few years) registrations in Dublin than Teslas.

Less than 1M units total sold worldwide or about 10x less.

Gas/diesel mostly.

You are correct that is the expected order of operations