Actually, no. That simplification is not fundamental at all, and often incorrect.

How much are you willing to trade for a dose medication to save your life? Are you willing to trade more than you are able to trade? How much are you willing to trade that same dose of medication when you have no use for it?
How about food that you cannot eat because you are full? How about the food that a starving minor is willing to trade sexual favors for?

This got dark really fast, yet you said that it is simple and fundamental. Is it your intention to defend the sexual exploitation of impoverished minors, or would you say that it is (at least) a little more complex and/or less fundamental?

Yes. Those 13 people vote on-chain. They are not offering on-chain voting rights to anyone. They are asking for donations with the (off-chain) promise of a refund and (off-chain) community-vote on their compensation (after the purchase).

This is what they say on the website. I didn't bother looking at the smart contract because they do not even claim to do what you are saying...

It seems you are still not understanding it. This DAO does not work like you say. It doesn't work like you say technically, and it also doesn't work like you say legally.

Technically it works like this: You give the money. The 13 people vote on what happens.
Legally it works like this: You give the money. If the 13 people do not buy the constitution, you can sue for the refund they promised.

That is it. Nothing more. The explanation by the GP is a cynical way to express this technical and legal reality. But your explanation does not fit the technical or legal reality at all.

Or, perhaps, the GP is simply more informed than you are? Legally, those 13 people in charge of the funds will be seen as the UBO (ultimate beneficial owner) by probably all courts in the western world.

The DAO website makes it clear that the intended goal is a donation to buy the document. So, as long as these 13 people actually buy it, I don't see how anyone else will legally have a say about what happens next. If they don't buy it and also don't issue the promised refund, then you might have a case getting some of your money back. Otherwise it will just be 13 people collectively owning a historic document and (with the money left over) can pay themselves a nice compensation for their efforts in raising the donations.

Their website even says so: They intend (not promise) to submit a proposal regarding their compensation after the purchase is completed. They say "we believe that it establishes a precedence of mutual trust between the core team and the backers". GP apparently does not believe that "mutual trust", but clearly understands that this is the reality of the ConstitutionDAO.

It saddens me more that even people writing well-meaning explanations (albeit a bit unsympathetic to the other poster), don't take the time to check their facts. DST is in fact, not observed by the majority of the world. Neither a majority of countries, nor a majority of people.

Your point that DST needs to be taken into account is totally correct, and important for tech-minded people to know. It is important to not leave the minority that uses DST without well-functioning computers, even though it might be harder to implement DST. Please, don't use falsehoods when making a point.

P.S.: It's hard to say what city the other poster was referring to, but complicated timezone borders do exist. The Hopi Reservation is an enclave within the Navajo Nation with a different timezone. Another example is Phenix City, Alabama. This city is part of the Columbus, Georgia Metropolitan Area. Understandably, most inhabitants use the Georgia timezone for convenience.

Yes.

And, yes.

The downsides of using plain http in these situations is really much worse than the energy bill for it.

• 1. Governments and ISPs have been known to hijack http connections to inject tracking scripts.
• 2. If all foreign websites (and all browsers) require interception-proof connections then China will most likely start allowing interception-proof connections again.
• 3. A rando at the coffee bar can watch your WiFi traffic for a couple minutes and know exactly what is on your mind down, including the news articles and comics that you just saw. Very useful information for social engineering.

• Most sites can save the energy required for TLS by doing 1 evening of performance optimizations on the most wasteful part of codebase. I simply see no way that using https is worse than using http, in practice.

Are you saying that the wp-config.php file was hacked? Lisandro was talking about the source code, but I don't know the specifics of the hack. I thought that the wp-config.php is normally tagged with an additional security label (SELinux / AppArmor / etc.), but maybe Parler didn't do that either?

I agree that you are right that wordpress websites are commonly hacked, and that it is common for wordpress sites to use insecure authentication practices. That still doesn't mean it is a common industry practice, which is what I was thinking about. The infrastructure that I maintain doesn't use passwords between nodes, and doesn't even use persistently stored private keys (it does use transient private keys), so there definitely are alternatives even if it is relatively uncommon to do it the way we do it.

Storing a password in plaintext or with symmetric encryption is not a very important difference by the way, symmetric encryption adds a bit of extra security but if you are able to access the persistent storage layer (filesystem), then you can probably also access the encryption key.

- Many databases support SO_PEERCRED.
- IP-based authorization is commonly used.
- Fancy solutions are also possible. PKI and WOT come to mind.

Besides, this was about storing the password in the source code. That is not common at all, not even for systems that use password auth.