There's a missing part here, and that's validating your ACME account ownership.
I think most users depend on automation that creates their accounts, so they never have to deal with it. But now, you need to propagate some credential to validate your account ownership to the ACME provider. I would have liked to see some conversation about that in this announcement.
I'm not familiar with Let's Encrypt's authentication model. If they don't have token creation that can be limited by target domain, but I expect you'll need to create separate accounts for each of your target domains, or else anything with that secret can create a cert for any domain your account controls.
> There's a missing part here, and that's validating your ACME account ownership.
Why? ACME accounts have credentials so that the ACME client can authenticate against the certificate issuer, and ACME providers require the placement of a DNS record or a .well-known HTTP endpoint to verify that the account is authorized to act upon the demands of whoever owns the domain.
If either your ACME credentials leak out or, even worse, someone manages to place DNS records or hijack your .well-known endpoint, you got far bigger problems at hand than someone being able to mis-issue SSL certificates under your domain name.
> Why? ACME accounts have credentials so that the ACME client can authenticate against the certificate issuer, and ACME providers require the placement of a DNS record or a .well-known HTTP endpoint to verify that the account is authorized to act upon the demands of whoever owns the domain.
This is the previous models. In this case, DNS-Persist-01, the record is permanent and never changes. So to prove that your request is valid, they need to authenticate in some other manner. Otherwise, once you create that persistent record, anybody could request a cert for your domain.
> Someone would have noticed if all the phones on their network started streaming audio whenever a conversation happened.
You don't have to stream the audio. You can transcribe it locally. And it doesn't have to be 100% accurate. As for user identify, people have mentioned it on their phones which almost always have a one-to-one relationship between user and phone, and their smart devices, which are designed to do this sort of distinguishing.
Transcribing locally isn't free though, it should result in a noticeable increase in battery usage. Inspecting the processes running on the phone would show something using considerable CPU. After transcribing the data would still need to be sent somewhere, which could be seen by inspecting network traffic.
If this really is something that is happening, I am just very surprised that there is no hard evidence of it.
With their assumptions, you can log the entire globe for $1.6 billion/day (= $0.02/hr * 16 awake hours * 5 billion unique smartphone users). This is the upper end.
When I came to this idea on my own, I called it "translation at the edge." But for me it was more that just centralizing data validation, it also was about giving you access to all the tools your programming language has for manipulating data.
My main example was working with a co-worker whose application used a number of timestamps. They were passing them around as strings and parsing and doing math with them at the point of usage. But, by parsing the inputs into the language's timestamp representation, their internal interfaces were much cleaner and their purpose was much more obvious since that math could be exposed at the invocation and not the function logic, and thus necessarily, through complex function names.
I think your summary of act 4 is uncharitable. Every book of Sanderson's I've read has been about showing unexpected ways the rules could be combined, not surprise new rules.
I know they admit it. I'm just pointing it out, since many of the comments here seem to be taking it as truth.
And they don't provide any evidence. Not a single piece. Merely claiming it's a "solid guess" doesn't make it solid. It's based on nothing. Tracking pixels are extremely common, so there's nothing to suggest it's tied specifically to this. As opposed to, like I said, a buggy bounce detector.
My coach has a max timeline of 6 months so you are forced to swim on your own. I felt like I had the hang of it after about 4 months so stopped about then.
(sorry for delayed reply; I don't think HN notifies you of replies?)
Like the nth character in the current buffer? I believe vim has that built-in: `<n>go`. I think `<n><space>` will do it relative to your current position.
Mine was my senior design project as well. My group got assigned to a competition to wirelessly harness energy in the GHz range. The competition used a ratio of energy to size (power / (longest edge * mass)) to rate the entries and so we decided to focus on the denominator making ours as small as possible.
We finished design and production in the first month using off the shelf parts. That left just presentations as our work for the rest of the semester. The professors kept telling us to design large complicated antennas but we double checked that a small denominator against the minimum power requirement was a solid strategy and stuck it out. At the end of the semester, our final presentation and demonstration had them applauding our decision to focus on the size over energy.
I took our tiny little thing to the competition and we hit middle of the pack against larger and much more complicated designs, some of which couldn't even support themselves (but the supports didnt calculate into your size). And most of the competitors were graduate teams. We probably would've done even better if the banana clips we had to use weren't part of the size calculations; they were significantly bigger than the rest of our contraption.
I think most users depend on automation that creates their accounts, so they never have to deal with it. But now, you need to propagate some credential to validate your account ownership to the ACME provider. I would have liked to see some conversation about that in this announcement.
I'm not familiar with Let's Encrypt's authentication model. If they don't have token creation that can be limited by target domain, but I expect you'll need to create separate accounts for each of your target domains, or else anything with that secret can create a cert for any domain your account controls.
reply