public key infrastructure – Certificate Pinning Best Practice or Alternative

You have a couple of options on what to pin. Depending on which one you chose offers you different trade-offs. Here are some typical pins:

Pin the certificate itself

Yes, you will need to change it when the certificate expires. Most secure but quickly causes availability issues if users don’t update often enough.

Pin the public key of the certificate

This allows you to keep the pin unchanged as long as your public key stays the same. You use the same public-key with a new certificate. While it is theoretically a bit less secure, I would put it on the same security level as the previous. If you lose the private key, both setups need app updates.

Pin an intermediate certificate

Here you have two choices again, pin the cert itself or the public key. These certificates have more extended validity periods considerably. You expose yourself a bit more, as the CA can create new certificates that your app would trust.

Pin the root certificate

Again, two options: cert or public key pin. This binds you to a CA, which still increases security; an attacker can’t just use any trusted root to fool your app. While this is the least secure of the options, I think it is still a lot better than not pinning at all.

One thing to consider is always to have multiple pins! If you pin your certificate, make sure to have at least two and pin both, so you can immediately jump to the other if you lose one. If you pin something else on the trust chain, be sure to pin all of the CA’s possible certificates.

In general, I would go for pinning the CA’s root certificate’s public key. This balances security and maintenance. Consider your threat model and chose accordingly.

You can find a bit more information about this at OWASP’s Certificate and Public Key Pinning

trains – What is an easy alternative to flying to Athens from London?

The Man in Seat 61 has a detailed exploration of train routes from London to Athens, some including ferries.

Note that the state of basically all forms of transportation are in an indefinite state of flux due to the pandemic. It’s impossible to say firmly whether cruise ferries from Italy to Greece will be running in December, and if they run, it’s impossible to say on what schedule. This makes planning difficult, as small changes to the schedule of one segment can break the entire journey.

A trip like this before a cruise is also risky, as there are so many opportunities for your journey to be interrupted, which could cause you to miss your cruise. If you’re relying on, say, four trains and a cruise ferry (plus various local transit systems) to get you to port on time, a problem with any one of those could ruin your trip or at least require significant scrambling to find alternate transportation.

None of these methods really count as easy: all will require at least a couple days of travel and a number of changes. Option one, with trains to Italy, an overnight ferry to Patras, and a bus/train trip to Athens was at least doable in normal times, though I would personally want to pad my time in Athens significantly before a cruise before trying it. Flying is probably the most practical option in terms of travel time and certainty.

typography – Convert Text to PNG – (NexusFont alternative)

I need an alternative for NexusFont, or some soft that convert Text to PNG.

Custom folder with a list of fonts for PNG image – background transparent.

Unfortunately, NexusFont does not allow me to use background transparent and watermark the font that was used.


Adsense Alternative CPC CPM Ad Network

Welcome to! The Ad network that handles over 1,000,000 daily
traffic, with the fastest daily payments on the market, provides a
comfortable area for Popup/Banner traffic monetization, for all countries with
the highest possible CPM/CPC rates and rate of filling 100%,
We are the new fastest growing advertising network, with the easiest
payment methods on the market.
For publishers, just create your account, add yours and put the adzone
popup on your website and this, without waiting for approval of your
website, we work with all types of sites, whether adults or more …

What do we offer?

Higher CPMs – We work with exclusive advertisers and direct campaigns
with high rates and global coverage;
Safe and clean ads – All ads are continuously moderated by our team,
using internal and third-party tools;
Fast payments – We have 2 payment methods Paypal and;
– Paypal – The minimum withdrawal amount for this method is currently $
50, and payments are made in 30 days, usually on the 5th and 6th of each
– – The minimum withdrawal amount for this method is
currently $ 2 to $ 10 per day.
Personal support – Our customer support is ready to assist you 24 hours
a day, 7 days a week with any questions.

Adsnou Publisher

Increase your revenue with Adsnou, with our advanced pop-up/banner. Our ads are 100% clean and tested by our fraud detection system.

Advertiser Adsnou

With just a minimum of $ 5, you can start receiving traffic and
promoting your product online easily with our self-service platform.


Is there an alternative to identify a lightning node without their IP or onion address?

In the country where I live, only dynamic IPs are assigned to most customers unless you are willing to pay a lot more for a business service.
I guess not everyone in the world can get a static IP without paying a lot extra or doing something like running a VPS.
Also, a node operator with a static IP address doesn’t have total control of the IP assigned to them.

I learned that lightning uses the IP or onion address of the node to identify it, so if a node changes their IP – I guess – it assumes the node is not online anymore. Which, I understand, is a problem if you open a channel with a node.

So, my question is: is there an alternative method, implemented or not, to identify a lightning node without knowing their IP or onion address?

c# – Alternative To Generic Methods where Type is known at runtime

I’ve written a class that synchronizes a table between two databases using Dapper. The public and private Methods in the class are generic and the generic parameter is the POCO class that is being synchronized.

var Sync = new syncClass(localConn, remoteConn);
await Sync.SyncTable<myTablePoco1>();

I feel a little back story will help:

For simplicity sake, I want to wrap all of the synchronization inside a serializable transaction(pushing and pulling), so that if anything goes wrong, I can rollback.

Next, I want to synchronize multiple tables and trying to come up with an appropriate way manage the multiple tables. The consumer could write multiple lines:

await Sync.StartTransaction();
await Sync.SyncTable<myTablePoco1>();
await Sync.SyncTable<myTablePoco10>();
await Sync.Complete();

I was trying to find a way to encapulate all of the table syncing like so:

await Sync.SyncAllTables();
Public async Task SyncAllTables()
   foreach (var pocoClass in TableList)
      Sync.SyncTable<pocoClass>(); <-- compiler does not like this

I have started to re-write all the generic methods to something with a signature like this:
public async Task SyncTable(Type tableEntity)

At some point down the line of converting I run into this scenario :
private async Task<Ienumerable<?>> FindRecordsToSync(Type tableEntity) <--cannot return a generic type How to handle this

Do I need to use Dynamic types? Is that a code smell? I’m a little stuck and looking for some direction on how to accomplish this.

I’ve looked into reflection as an option to invoke a generic method, but would prefer a non-reflection way.

software recommendation – Is there an alternative client for Homebrew?

As far as I know, there exist no other implementations of HomeBrew than the standard one.

I doubt that the main cause of any wait times is due to the fact that it is programmed in Ruby. Such a program does not “magically” become faster just by being implemented in C. It is of course fully possible for other implementations to be faster, however one could also fear that for example an implementation in C would be more prone to security bugs.