Rendered at 22:56:46 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
jauco 6 hours ago [-]
It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
In any case, for awhile, the date you picked depended on who you were writing to. And then also the relative standing. If he was of much lower standing you might force your own calendar on them.
Also, I think with the previous calendar it was always a bit debatable what year december belonged to. I can’t quite remember the details.
Georgelemental 2 hours ago [-]
We still have this sort of thing today. In the occupied West Bank, Israeli settlers change to daylight savings time on a different day than the Palestinians
masklinn 3 hours ago [-]
> It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
There was some of that indeed, depending on the centralization of the country e.g. Spain and France adopted the gregorian calendar wholesale because the king decreed it, but in less centralised countries like the Dutch Republic or Switzerland it happened by region (the seven catholic cantons switched to the gregorian calendar in 1584, the protestant canton only switched over piece by piece during the 18th century, and Schiers and Grüsch were the last remnants of Julian calendar in the entirety of western europe, only adopting the gregorian calendar in 1812).
... and then there's Sweden, which started on a plan to gradually approach the Gregorian calendar by skipping leap years over 40 years, except they immediately forgot to skip the second and third so concluded the plan was stupid, then instead of switching to gregorian they reverted to julian, before finally switching to gregorian 40 years after that.
Julian date is sometimes used to synchronize timing for encrypted radio systems. My understanding is that early radio systems adapted it because it was used by astronomers. Astronomers used it because it didn't skip any days which would cause issues tracking long term astronomical cycles.
Sharlin 5 hours ago [-]
> Astronomers used it
And still use, in fact!
cdot2 5 hours ago [-]
I deal with those radio systems occasionally and I've always wanted to find or modify a digital watch to display the Julian date. It feels like that would be such a simple firmware change to something like a g-shock.
jaywcarman 10 minutes ago [-]
Check out the Sensor Watch project[1]! It's "An ARM Cortex M0+ board swap for the classic Casio F-91W wristwatch" that allows you to write custom firmware.
I wonder how Paradox handles this stuff in their games like Europa Universalis. Have they ever made a "the pope wants you to switch calendar systems" event which changes the actual in-game date?
recursivecaveat 6 hours ago [-]
Sounds like they just ignore any calendar weirdness. I don't envy anyone the task of trying to properly program this. You basically have to decide for everything time related in the simulation whether it is tied to the calendar or the physical passage of time. Sometimes you would have to split variables, like characters are legally older, but no closer to old age. Bonus points if your solution allows characters to get into conflict with each other about stuff like when a treaty ends or whether their loans are due 15 days sooner.
Macha 6 hours ago [-]
EU3 and EU4 at least had no leap years. I assume 1, 2 and 5 are the same.
Checking the wiki, eu5 has an advance (guess these are like the nation ideas in eu4?) for Julian calendar which gives you +10% to orthodox or miaphysite nations. I doubt it has any effect in the calendar system in the games UI.
cyost 4 hours ago [-]
Some notes:
Paradox's Clausewitz game engine seems to handle "negative" years very poorly, so stuff like historical Roman emperors in Crusader Kings have some oddities. It's probably also why Imperator: Rome uses ab urbe condita dating (aside from immersion).
The Elder Kings 2 mod actually has custom date handling (it's actually a custom date localisation system) to enable transitioning to the 3rd era on founding the Empire of Tamriel.
bsimpson 4 hours ago [-]
It's wild to think about how different things were in pre-modern times.
There are no computers, sensors, watches, or spaceships. There are also no TV-style distractions, and a lot more people are growing food. When would you notice that the longest day of the year is a few days away from what the books say it's supposed to be?
For that matter, the printing press was only a century old. How well-known was it that particular days are meant to be the longest or shortest of the year?
turtletontine 4 hours ago [-]
In an agrarian economy people are definitely much MORE attuned to the cycles of the seasons. If your town always starts planting crop X two weeks before the solstice, and the harvest festival is the week after the equinox, you’re going to keep track of these things.
bombcar 4 hours ago [-]
If I recall correctly - it was surprisingly well known (in fact it was a common way to make fun of "lettered" people because they'd claim dates that were obviously silly; everyone knew when the solstice was).
Some of the earliest things we have a sun-based calendar trackers, which need not be more complicated than a stick and a rock (meaning millions more have not survived).
7 hours ago [-]
tomtomtom777 6 hours ago [-]
Please use HTTPS.
I use HTTPS only. I don't think HTTP is acceptable for anyone let alone a technical blog post. It takes a few minutes, and it prevents me and all your visitors from getting all kinds of MITM injections.
Thanks.
Fwirt 6 hours ago [-]
It also prevents all kinds of clients who (for various reasons) can't implement SSL from visiting your website. I'm sure this is a "small web" blog, whose author wants to be visited by e.g. a Commodore 64, an OS 9 iMac, or somebody who just wants to telnet in. If the sensitivity of the information on this page was critical or you were going to be submitting information then by all means yes, SSL is important, but if you're going to be reading a personal blog about calendars then http is probably fine. Of course the ideal solution is offering both and letting the client choose.
voidfunc 6 hours ago [-]
MITM attack on a read-only text webpage... okay.
More annoying is the slightly shiny/shaded text that is supposed to highlight something. Who chose this style palette?
Aesthetikx 6 hours ago [-]
Haha this is my blog -- its pretty new. I agree it's readability is less than ideal -- going to change it at some point. HTTPS as well probably at some point. Its been an experiment for me doing everything by hand. The entire blog is a large single Rakefile using Markaby :)
lentil_soup 5 hours ago [-]
for what is worth, I actually liked the shaded links, they made me smile :)
zzo38computer 5 hours ago [-]
Even just disabling CSS makes it readable. For HTTPS, I think that (like someone else mentioned) it should be made optional (at least for read-only access to public files) rather than mandatory.
himata4113 5 hours ago [-]
check out certbot + install certbot renew into crontab. Get the python3 variant the "native" package is outdated and removed from newer systems.
foobiekr 4 hours ago [-]
It’s html. Which is code that your browser executes.
Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection.
This position is foolish. It’s not a major ask to enable https.
pavon 31 minutes ago [-]
For a random blog you have never visited before and have no reason to trust. It could attempt to do all the malicious things that you are worried a man in the middle would do.
themafia 3 hours ago [-]
The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks.
You cannot browse to sites under any regime and execute code while expecting security to exist.
pc86 4 hours ago [-]
Man I really hope this doesn't get autoflagged because people need to see that this is an opinion people actually have, and what the (justified) reaction to it is.
HTTPS on a blog does nothing. It doesn't protect you from anything. I guarantee you're not getting "all kinds of MITM injections" on this block of text. The only reasonable desire I can think of for "HTTPS everywhere" is hiding the content from your ISP but a) they still see the URL so they can get the content if they want it, and b) if you're so worried about that, use a VPN which coincidentally is even better because it will also hide the URL, and most importantly c) it puts the onus on you, the person who wants the thing, instead of hundreds or thousands or tens of thousands of text-only website owners who rightly couldn't care less about HTTPS.
foobiekr 4 hours ago [-]
>I guarantee you're not getting "all kinds of MITM injections" on this block of text
You actually can’t guarantee anything of the sort. BGP hijacks are real.
rnhmjoj 3 hours ago [-]
> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
pc86 2 hours ago [-]
Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.
rnhmjoj 2 hours ago [-]
No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted.
Routing only shows the server IP address, which isn’t very useful if it is AWS or Azure or CloudFlare or some other CDN.
himata4113 6 hours ago [-]
I think you would have a better argument if you said something like: "I don't want my ISP knowing about the content I read" or something along those lines. MITM for a text download is like saying we have to have https for dns (yes DoH exists now), but the point still stands. You aren't sending any sensitive data to the website, MITM is unlikely.
brewmarche 5 hours ago [-]
Without HTTPS someone could alter the content, spread false information, inject ads, malware, and other stuff, redirect to some other site, …
(This is a general remark, but it goes for a blog post like this as well.)
himata4113 5 hours ago [-]
It's still a weak argument since it's extremely rare in practice that's why I suggested blaming the ISP instead since ISP's are the ones that have historically tampered with http content.
foobiekr 4 hours ago [-]
Attacks in general are all rare in practice in the grand scheme of the internet. So?
himata4113 2 hours ago [-]
Yes, that's why you present a better argument, that's the entire conversation.
Joker_vD 5 hours ago [-]
The site owners could do all of that even with HTTPS, and no-one would revoke their certs. Just saying.
And the best Windows malware is actually digitally signed.
OkayPhysicist 4 hours ago [-]
Without HTTPS, every link in the chain between me and your website is a potential attack vector. Maybe I trust my ISP, but do I trust my buddy's cheapo router? What about the shadowy cabal that offers airport wifi?
With static webpages, the concern isn't someone snooping in on what I'm reading. It's someone injecting content, probably malware, into the page. Let's say I have a zero-click exploit for Chrome. What can I do with it? If I just stick it on a page I control, best I can hope for is spamming it all over the web and hoping someone clicks on it. Probably not a lot of impact before it gets patched. If instead, I can wait until some router firmware gets pwned, or an ISP, I can do a mass attack where I make all the vulnerable routers inject my exploit into all non-HTTPS web requests. Much greater exposure.
butlike 3 hours ago [-]
Just as a reminder, this was standard before SSL/TLS. Every webpage was http-only.
hamdingers 5 hours ago [-]
Surprised this is downvoted. Chrome forces me to click through a warning to even visit HTTP sites nowadays.
stronglikedan 3 hours ago [-]
It only does that for me if there's an HTTPS option available but it's expired or not configured correctly. Chrome let me right into this site without that warning.
hamdingers 3 hours ago [-]
Turns out the warning I get is due to the Chrome setting "Always use secure connections"
Yup, very secure. Then every single IT department installs a cert on the machines to MITM everything.
hamdingers 4 hours ago [-]
I have no idea what you're trying to say, there's no IT department managing my laptop and none of the IT departments I've worked in or with "MITM everything." Do you want to try again?
pc86 4 hours ago [-]
On the flip side, every company I've ever worked for has installed trusted company certs on their computers and do MITM everything.
Joker_vD 3 hours ago [-]
Yep. You apparently need HTTPS for intranet resources too, or you can't develop/use web-apps in Chrome, and since no self-respecting CA would certify your localhost, internal homegrown CA it is, baby — and given the web runs on the lovely model "any CA can attest any website; okay, maybe CAA is not a bad idea"...
NoahZuniga 2 hours ago [-]
Even with CAA records, any CA can still create a cert for any website. So if you're worried about an untrustworthy CA, then this won't help you.
It could make it less likely for a CA with buggy code to accidentally issue a cert for your domain.
In any case, for awhile, the date you picked depended on who you were writing to. And then also the relative standing. If he was of much lower standing you might force your own calendar on them.
Also, I think with the previous calendar it was always a bit debatable what year december belonged to. I can’t quite remember the details.
There was some of that indeed, depending on the centralization of the country e.g. Spain and France adopted the gregorian calendar wholesale because the king decreed it, but in less centralised countries like the Dutch Republic or Switzerland it happened by region (the seven catholic cantons switched to the gregorian calendar in 1584, the protestant canton only switched over piece by piece during the 18th century, and Schiers and Grüsch were the last remnants of Julian calendar in the entirety of western europe, only adopting the gregorian calendar in 1812).
... and then there's Sweden, which started on a plan to gradually approach the Gregorian calendar by skipping leap years over 40 years, except they immediately forgot to skip the second and third so concluded the plan was stupid, then instead of switching to gregorian they reverted to julian, before finally switching to gregorian 40 years after that.
And still use, in fact!
[1]: https://www.sensorwatch.net/
Checking the wiki, eu5 has an advance (guess these are like the nation ideas in eu4?) for Julian calendar which gives you +10% to orthodox or miaphysite nations. I doubt it has any effect in the calendar system in the games UI.
Paradox's Clausewitz game engine seems to handle "negative" years very poorly, so stuff like historical Roman emperors in Crusader Kings have some oddities. It's probably also why Imperator: Rome uses ab urbe condita dating (aside from immersion).
The Elder Kings 2 mod actually has custom date handling (it's actually a custom date localisation system) to enable transitioning to the 3rd era on founding the Empire of Tamriel.
There are no computers, sensors, watches, or spaceships. There are also no TV-style distractions, and a lot more people are growing food. When would you notice that the longest day of the year is a few days away from what the books say it's supposed to be?
For that matter, the printing press was only a century old. How well-known was it that particular days are meant to be the longest or shortest of the year?
Some of the earliest things we have a sun-based calendar trackers, which need not be more complicated than a stick and a rock (meaning millions more have not survived).
I use HTTPS only. I don't think HTTP is acceptable for anyone let alone a technical blog post. It takes a few minutes, and it prevents me and all your visitors from getting all kinds of MITM injections.
Thanks.
More annoying is the slightly shiny/shaded text that is supposed to highlight something. Who chose this style palette?
Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection.
This position is foolish. It’s not a major ask to enable https.
You cannot browse to sites under any regime and execute code while expecting security to exist.
HTTPS on a blog does nothing. It doesn't protect you from anything. I guarantee you're not getting "all kinds of MITM injections" on this block of text. The only reasonable desire I can think of for "HTTPS everywhere" is hiding the content from your ISP but a) they still see the URL so they can get the content if they want it, and b) if you're so worried about that, use a VPN which coincidentally is even better because it will also hide the URL, and most importantly c) it puts the onus on you, the person who wants the thing, instead of hundreds or thousands or tens of thousands of text-only website owners who rightly couldn't care less about HTTPS.
You actually can’t guarantee anything of the sort. BGP hijacks are real.
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...
(This is a general remark, but it goes for a blog post like this as well.)
And the best Windows malware is actually digitally signed.
With static webpages, the concern isn't someone snooping in on what I'm reading. It's someone injecting content, probably malware, into the page. Let's say I have a zero-click exploit for Chrome. What can I do with it? If I just stick it on a page I control, best I can hope for is spamming it all over the web and hoping someone clicks on it. Probably not a lot of impact before it gets patched. If instead, I can wait until some router firmware gets pwned, or an ISP, I can do a mass attack where I make all the vulnerable routers inject my exploit into all non-HTTPS web requests. Much greater exposure.
I don't remember turning it on but it's probable that I did, it's not a default yet but will be come October: https://blog.google/security/https-by-defau/
It could make it less likely for a CA with buggy code to accidentally issue a cert for your domain.