Conversation

Notices

1. Embed this notice
   CrunkLord420 (crunklord420@clubcyberia.co)'s status on Tuesday, 14-Apr-2026 12:04:39 JST CrunkLord420
   WOW IM SO COOL AND QUIRKY FOR NOT FUCKING SETTING UP AN SSL CERTIFICATE
   
   >INSERT LIST OF RETARDED REASONS WHY IT'S OKAY TO NOT ENCRYPT CONNECTIONS YOUR OUT OF PURE LAZINESS REFORMATTING AS BEING "NOT A BIG DEAL"
   • Embed this notice
     CrunkLord420 (crunklord420@clubcyberia.co)'s status on Wednesday, 15-Apr-2026 05:04:12 JST CrunkLord420

     in reply to

     • twl
     @twl I didn't even watch the video, didn't even click. This is only the 10th time I've seen someone blog this exact thing. It's like a 15 year old meme at this point and it's always been retarded. It's even more retarded than ever. "yeah bro thanks for opening up a mitm attack opportunity, very cool".
   • Embed this notice
     twl (twl@pleroma.8777.ch)'s status on Wednesday, 15-Apr-2026 05:04:13 JST twl

     in reply to

     • twl
     @crunklord420 ok I actually watched the video and it's even more performative than I thought, he brings up good points about root CAs being handed out like they're nothing and how unsecure ACME is, and says the one time he installed https "software" it didn't work and he gave up. He then rolls his own https server with bogus rsa keys to trick acme into giving him a cert that can be hacked for less than $100 in compute, as well as not caring about session management which makes it trivial to steal other people's sessions because, he's... lazy? I found his "httpv" (v for vulnerable) project very funny but if it wasn't made under the guise that this was to stick it to google who puts up scary messages on his unencrypted site that he's too lazy to change, and calls things like updating server software as "shaming tactics by max security purists", I wouldn't have thought of it as stupid and pretentious. Also he compares the forceful authentication requirements of modern websites to ICE agents and immigration offices which is so funny and topical. I liked and subscribed.
   • Embed this notice
     twl (twl@pleroma.8777.ch)'s status on Wednesday, 15-Apr-2026 05:04:14 JST twl

     in reply to
     @crunklord420 it's completely performative and if you are really going that route you might as well drop the domain name too, then host it on a darknet or some mesh radio to be truly free from the centralized Internet (if that's even a part of the argument)
   • Embed this notice
     CrunkLord420 (crunklord420@clubcyberia.co)'s status on Wednesday, 15-Apr-2026 05:07:50 JST CrunkLord420

     in reply to

     • twl
     @twl sounds like he should make a gemini blog like everyone else with nothing to say.
   • Embed this notice
     twl (twl@pleroma.8777.ch)'s status on Wednesday, 15-Apr-2026 05:07:51 JST twl

     in reply to
     @crunklord420 the funny part is that I don't think his website is worth visiting, and whoever visits it are not afraid of any chrome warnings about ssl certs, his point of "doing the bare minimum to keep my site accessible" has no net value if no normgroids are actually clicking on it and don't have to freak out at a scary browser warning