Interesting to compare with the sentencing of Ross Ulbricht who is serving a double life sentence plus 40 years without parole.

Certain phone models such as Samsung Galaxy Note 9 and more are end of life and cannot receive security patches. However the hardware is working just fine.
  But Samsung never opened up it to be maintained by a third party. As an example with the SM-960U1 in particular never released the "OEM Unlock" feature which is required for lineageos (which continues to get security patches) to be installed. And as such it is impossible to patch these anymore.

I'm hoping this bill addresses that in such a way and it isn't like pulling teeth to get them to allow third party code to run.

One critical information that doesn't seem to be highlighted in the in the summary is that the depositors agreed to allow celsius to invest the crypto on their behalf in exchange for a high yield interest rate. This promise was contingent upon the solvency of celsius.

Always read the fine print.

High yield != no risk.

This scenario isn't unique to crypto.

You don't like the idea of a constrained CA because I posted a policy that didn't do in depth documentation? Agreed the documentation for the policy.inf file that you can apply to a cert doesn't exist. But the policy does work. Sorry but I'm not going to post a massive tutorial on the nuances of cross signing CAs which is a fairly common practice on slashdot.

Instead you have suggested an alternative idea (which isn't a bad idea either). However what you have suggested does not exist in any technical manner across any system.

Complaining about the current system... yes it does have it flaws.

Name constrained CAs have been around for a very long time and are supported in most implementations and implemented regularly even though the common armchair tech may not be aware of them.

And sendmail.cf is definitely more complex than a name constrained CA in my opinion.

I use name constrained CAs all the time when trusting third party corporate CAs.

All we need to do is recognize that Russia owns .ru and .su. Then cross-sign the Russian CA.

Why is everyone keep on thinking going down the path of a unconstrained CA? Here is a sample policy .inf file one could use. The downfall is not every implementation supports constrained CAs, but it is pretty widely support nevertheless and this would definitely spur on a more wide acceptance of this practice.

Here is a sample policy.inf that would implement that:

[Version]
$Signature="$Windows NT$"

[NameConstraintsExtension]
Include = NameConstraintsPermitted
Exclude = NameConstraintsExcluded
Critical = True

[NameConstraintsExcluded]
[NameConstraintsPermitted]
DNS=.ru
DNS=.su
email=.ru
email=.su
URL=.ru
URL=.su

[RequestAttributes]
CertificateTemplate = CrossCA ;[PolicyStatementExtension]

; list of user defined policies ;Policies = LimitedUsePolicy ;CRITICAL = FALSE ;[LimitedUsePolicy] ;OID = 1.3.6.1.4.1.311.21.47 ;Notice = "Limited Trust CA for .ru and .su"

[BasicConstraintsExtension]
; Subject Type is not supported always set to CA
; maximum subordinate CA path length
PathLength = 3

As at the following link: https://signal.org/blog/help-i...

Act as a proxy
If you want to help by running a proxy, to get started you only need the following:

A server with ports 80 and 443 available.
A domain name (or subdomain) that points to the server’s IP address.
The proxy is extremely lightweight. An inexpensive and tiny VPS can easily handle hundreds of concurrent users. Here’s how to make it work:

SSH into the server.
Install Docker, Docker Compose, and git:
sudo apt update && sudo apt install docker docker-compose git
Clone the Signal TLS Proxy repository:
git clone https://github.com/signalapp/S...
Enter the repo directory:
cd Signal-TLS-Proxy
Run the helper script that configures and provisions a TLS certificate from Let’s Encrypt:
sudo ./init-certificate.sh
You will be prompted to enter the domain or subdomain that is pointing to this server’s IP address.
Use Docker Compose to launch the proxy:
sudo docker-compose up --detach
Your proxy is now running! You can share your proxy with friends and family using this URL format: https://signal.tube/#

The latest beta release of the Android app is registered to handle links from signal.tube. The app can automatically configure proxy support when you tap on a link from any other app. This step happens before any web request is made, so even if a censor tries to block that domain it won’t accomplish anything.

You can also manually configure proxy information in your Signal Settings too.

XMR uses ed25519; one of my favorite crypto schemes.

What is your definition of scaling solution?

Mimblewimble? (yes it is compatible with that), atomic swaps, yes. The cryptography with atomic swaps works just fine with other algos as long as the non-private swap is started first.

On chain scaling? sure it takes more kB to transact. But Privacy costs....

Depends upon the blockchain implementation.

See XMR.

Monero is 100% anonymous.

That is what I thought... but then I got simjacked and my 2fa TOTP codes were bypassed because of google account recovery was set to my phone.

Signal + keybase

I still have 900MHz pre 802.11 pcmcia wifi cards made by Zoom. They didn't even have a infrastructure mode. I also have some original 802.11 cards too.

The range was great, and they were so easy to connect without all of this security overhead.

If you have google advanced protection (as you should); you cannot execute this as even with append only scope it is denied.

Sample error message:

Request Details
access_type=offline
o2v=1
response_type=code
redirect_uri=https://www.facebook.com/dtp/
state=XXXXXXXXXXXXXXX
prompt=consent
client_id=XXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com
scope=https://www.googleapis.com/auth/photoslibrary.appendonly

Our moon could be a crucial he3 supply for powering a new generation of craft.