Wikipedia:Reference desk/Archives/Computing/2018 May 7

= May 7 =

Certificate Authority censorship and surveillance
I learned that Comodo CA recently came up with a way to censor Sci-Hub, at least for more passive users, by expiring their TLS certificate. 

I'm not sure, but apparently you can bypass the censorship: "In Firefox, I think you can only by disabling the check (Preferences → Advanced → Certificates → Query OCSP ...). You probably don't want to keep that disabled, though."

The most relevant thing here though is that if all the sites people access now are https, then apparently the "security experts" have convinced us all not merely to be subject (with possible caveats) to a censorship authority, but in addition, to have every site we look at being checked against either the CA for the site, or in the case of Chrome, a "Google cache" (which was briefly out of date allowing people to access Sci-Hub via Google Chrome, but would also imply they get all the juicy data from every CA all for themselves).

Can people confirm or deny these things? Wnt (talk) 01:49, 7 May 2018 (UTC)
 * Once again, your question is very unclear. I regularly access sites by HTTP. Sometimes sites which have HTTPS but don't do much to encourage it (e.g. HSTS), sometimes sites which don't have HTTPS. When providing refs, I regularly provide those that are HTTP (I notice becauase I always change HTTPS to protocol independent URLs but don't do that for HTTP as it often means they don't work. I used to check but I gave up because a lot of the time HTTPS doesn't work. And even when it does, there's no guarantee it will work for everyone since some sites are misconfigured and e.g. have problems because of CDNs. Of course these issues could happen in any case, but I decided HTTPS sites which have problems when you try to access them via HTTP are rare. And in any case, now that wikipedia is HTTPS only, most people by far are going to access the links via HTTPS anyway and any of those that don't probably have a reason. And there's no real way I can know which sites I ended up on HTTPS will happen to have problems for others with HTTP and it's probably rare.) While there are plenty of encouragements to adopt HTTPS, ultimately no one is forcing anyone. Sci-Hub is free to not use HTTPS if they don't want to. Obviously this will enable easy MITM attacks and monitoring of their users by anyone who is able to get in the 'middle'. Any part of the internet infrastructure with central authorities are vunerable to legal takedowns and being shutdown for other reasons depending on the precise laws. This includes domain names, DNS, CAs, but of course also the servers themselves. (Stuff like Freenet attempts to come up with solutions for these problems, but with resulting high latency, slow speeds and something few people have interest in. Remember even Tor hidden services still use a central authority, a server and so are vunerable to takedowns as Silk Road 2.0 etc via Operation Onymous. The intention there is to make it difficult to work out where the central authority is so it can be shut down.)  If Sci-Hub does choose to use HTTPS, and their certificate is revoked due to a court order, then yes most browsers are going to make it difficult to access the site. Revocations are an important part of any web of trust infrastructure. Here, revocation is needed to deal with compromised CAs and certificate holders and mistakes by CAs. Even ignoring revocations, someone needs to get a certificate from some CA trusted by most browsers otherwise it's of limited use so problems are going to arise when a certificate expires or a new one is needed, for example due to a domain change, if no CA will issue one.  As for the surveillance stuff, well you could easily use just download the whole Certificate revocation list for each CA (or maybe a delta) everytime but that's data intensive. So for that and other reasons, Online Certificate Status Protocol has I think largely replaced retrieving and locally checking an entire CRL. However there are alternatives like OCSP stapling to help deal with privacy concerns and other issues caused by OCSP, and I'm not really sure what percentage of sites use it. The fact that all these exist and our articles themselves mention the various issues at least to a limited degree should tell you this isn't exactly news to anyone who deals with this sort of thing.  Nil Einne (talk) 03:30, 7 May 2018 (UTC)


 * Your use of the word "censoring" shows that you have formed an opinion about the situation and have no interest in what actually happened. The point of a certificate authority is that a third-party is required to validate a server's certificate. Comodo acts as a third-party, otherwise known as a certificate authority. Without a certificate authority, it is not possible to make sure the server is the server. It could be another server using a pretend certificate. So, you need to do a LOT of research into the purpose of certificate authorities. They are not censorship authorities. They are certificate authorities. Then, look at the case with sci-hub. When anyone gets a certificate from Comodo, they sign an agreement. Part of that is that the website will not break laws. Sci-hub broke a lot of laws. So, Comodo expired their certificate. They didn't "censor" the website. They said that they wouldn't be the certificate authority anymore. The sci-hub staff would have to get a certificate from some other authority. 209.149.113.5 (talk) 12:28, 7 May 2018 (UTC)


 * 209, your use of the words "you... have no interest" shows that you have formed an opinion. --69.159.62.113 (talk) 21:06, 7 May 2018 (UTC)

Color Balancing in GIMP
I'm pretty good using GIMP for most things, but there is one task that I'm not sure how to do. Suppose I have two images. These are two random images of President Trump: pic 1 pic 2 In the first image, his skin tone is pretty much average. In the second, he is very orange. Suppose that I wanted to make one image match the other so they both have the same tone - which I think is referred to as color balance. What tools in GIMP are used for that? I've played with all the color tools and nothing appears to work. I get very weird color combinations and nothing that looks normal. I'd be happy if there is an online tutorial for this task that I could just read through. 209.149.113.5 (talk) 13:00, 7 May 2018 (UTC)
 * The specific techical name of that tool would be the "levels," documented here in the manual, section 5.7, Levels.
 * As far as finding balance for the photograph in question, you can enable the Histogram Dialog to use the color histogram UI to provide some technical guidance; or you can let GIMP provide immediate preview visual feedback.
 * But if you're finding that these tools result in... unusual colors, take some advice from the official White House press room: the "orangery" and musky scent of today's White House brings colors never before seen, not even "...in 1835, [when] Jackson created an orangery in an old archives storage room that had been in use as a horse stable."
 * Nimur (talk) 14:16, 7 May 2018 (UTC)


 * Thanks. I played with levels and got something that looks similar. I'm looking for tutorials to try and make sense of what I was doing. 209.149.113.5 (talk) 17:20, 7 May 2018 (UTC)
 * You might be better off asking at https://www.gimp-forum.net/ --TrogWoolley (talk) 10:54, 8 May 2018 (UTC)


 * A good tool for what you want to do is this: . The tool works in two modes: "Make foreground gray", and "Convert foreground to background". You'll want to use the latter. Before you apply the tool, you'll need to set the foreground and background colors, e.g. by sampling suitable images. The tool will adjust the several color channels so that the foreground color will become the background color after adjustment. --98.115.135.105 (talk) 01:45, 12 May 2018 (UTC)

Search engine query
I am doing research on a topic where it would be amazingly helpful to find out the origin of a particular piece of text on the internet. Is there a search engine function - or a website - where I could find the first recorded use of a quote? I found a quote by an actor which I think is fake. The oldest quote site I found with the quote does not let the Wayback Machine archive it so I can't determine when the quote was added. Any advice or where to look next would be supremely helpful. Thank you! Bottlecapmicrophone (talk) 16:28, 7 May 2018 (UTC)
 * Okay, a slight update. I remembered Google has a feature where you can select the date you want to search. So I went back in time and found the quote on a site from 2005. I looked up the site - it has a .us domain - and the site was registered in 2015. Does that mean the information is incorrect? Am I doing something very wrong? Bottlecapmicrophone (talk) 16:55, 7 May 2018 (UTC)
 * I would see if, by luck, it is on the waybackmachine at that time. 209.149.113.5 (talk) 17:26, 7 May 2018 (UTC)