Harakuju Station had my fav jingles. One direction had this high energy song. The other way was, as my roommate described at the time, very "pinky punky." Every time I would ride NYC subways, I'd think, "Why is NYC unable to copy Japanese railway systems? What is so difficult about straight-up copying exactly what they did?" I'm sure it's more difficult than what I'm assuming, but there must be layers and layers and layers of bloat and red-tape in NYC.
Also, shout out to the Chuo line jingle. It crescendoes in such a way where you feel like you emerge elevated and renewed lol.
I grew up in Tokyo as a child and used the subway twice every day to commute to and from school. I randomly sampled a few of these and the memories and feelings it evoked are incredible. Amazing what a difference a small jingle can make to the psyche. Thank you for posting this.
I'm a bit surprised nobody has mentioned this yet, but glad that I for once have some additional context to offer.
These jingles are composed by Minoru Mukaiya. He's mostly famous for being the main keyboardist in Casiopea, a very famous Japanese fusion jazz band. He was the keyboardist until the band went on hiatus in 2006, 29 years in all. His style can clearly be heard in these jingles and he apparently has always had a thing for trains anyways as he went on later to start up a train simulator game company.
It's better to accept the risk so you get the integrity check of HTTPS.
The issue this warning is calling out is that someone who controls the certificate could modify the data, but that's just one person, so if we know it's a misconfiguration not fraud, it's better to click "accept the risk", get an integrity check, and ensure the files are not modified between the server and your client.
Look into the NSA's Quantum insert or China's Great Cannon to understand why these integrity checks are important.
> The issue this warning is calling out is that someone who controls the certificate could modify the data
No, the issue the warning is calling out is that the server your browser is communicating with can't prove that it's yamanote.style.
There's no way to determine whether this is misconfiguration or fraud (though you can apply logic and usually come to the conclusion that it's misconfiguration in this case).
Example attack:
1. I host a fraudulent site on GitHub Pages, so it gets served up with the *.github.com cert.
2. I intercept your request to yamanote.style (let's say you're on my network [let's say I'm China]) and send you my GitHub pages content, signed by GitHub with their *.github.com cert.
This would look just like what's happening to yamanote.style right now, except that I would be controlling the content of yamanote.style.
> it seems like a very bad idea to encourage people to override any encryption-related warnings in the browser.
I have no idea how you arrived at that conclusion.
I literally just explained, point by point, why going to the site without the integrity check is more dangerous and am providing additional citations[1,2].
Please immediately cease your disagreement, as it is actively dangerous and might confuse vulnerable people.
If you have specific feedback on why I am wrong (other than a toddlerlike desire to disagree) please feel free to reply below, after making sure to read the cited material provided and ensure you understand the concept of data integrity.
I think you're talking at cross purposes. The person you're responding to isn't saying that http:// is better than an invalid certificate. They're saying that encouraging people to ignore browser warnings is a bad idea.
Bypassing the warning by clicking "proceed anyway" and bypassing it by visiting the http endpoint are both dangerous, the former is simply less dangerous. A technical user can evaluate the risk, which many times are very low, but most users can't.
If your threat model includes the Great Cannon (which you cited), ignoring a browser warning is actively dangerous. So in fact it is you that's confusing vulnerable people.
To be clear, my definition "ignoring" a warning is just blindly clicking, not deciding to proceed after careful thought.
As for the Great Cannon and/or Quantum Insert, since packets can be routed in strange ways due to the speed of light making some routes you would not expect the quickest, I'd stand by my assertion that clicking through a warning to achieve integrity after examining it and seeing it is from Github, a place it is common to stand up a website then add a custom domain name, is reasonably secure especially on a technical discussion site like HN.
> can be routed in strange ways due to the speed of light making some routes
Correct, although the speed of light doesn't have anything to do with it (and the speed of the signal never reaches the theoretical speed of light, it's more like the speed of signals through a combination of copper, fiber, whatever else). It'd be the same if we were performing IP over Avian Carriers. The routing is at the mercy of all the IPS hardware and IXes between source and destination, which make their decisions of where to route your packets based on several factors (including possibly NSA/Chinese/whatever intervention)
> after examining it and seeing it is from Github, a place it is common to stand up a website then add a custom domain name, is reasonably secure
I mentioned this in a different reply, but I don't think this is the case. The government of China is just as capable of creating a GitHub Pages as anyone else.
Well if we think the site is a honeypot then I don't know what to tell you at a certain point you need to decide if you're gonna click an unknown link or not, and if you do, engage in harm reduction. I assume many people have used it with no issue if it's on the front page, hence my suggestion to view it with an integrity check.
This is also a dangerous assumption. If 95% of HN is outside of China, they'll have no issue with the website, but that validation is meaningless for the 5% behind the Great Firewall (percentages invented).
> Well if we think the site is a honeypot
That's not the logical assumption to make. A honeypot would have a valid certificate.
A broken certificate simply means either
a) the website you are visiting is misconfigured, or
b) a third party has intercepted your (possibly you, *personally*, and no-one else) communication with that website. You are not communicating with the website, you are communicating with the 3rd party. This might mean something as stupid as your ISP injecting ads into websites (a thing that happened before https was so prevalent), or it could mean a government-level actor with a more nefarious agenda.
Coincidence, I was reloading the BVE train simulator today. I am not train fan, but I like the ambiance add-on makers put in.
Installing those add-ons can require some efforts, as most of the times directions are in Japanese [1].
This is great. I did a few work trips to Tokyo, and always stayed at Shinagawa, so that tune is very familiar to me. And yeah, I did the sightseeing loop of the city as well!
The melody for Takadanobaba is the Astro Boy (Tetsuwan Atom) theme, which is due to Astro Boy's in-universe background that states he was built in 2003 at the Ministry of Science, located in Takadanobaba.
The current office of Tezuka Productions is also located in Takadanobaba.
When I visited Tokyo, I realized that the JR line went all around the city. So on my second day there, to get the lay of the land, I got on the JR and went around twice, "sightseeing" from the train car.
A group of drunk teenagers happened to get aboard and found it extremely hilarious that I was doing that.
I'd be surprised if they were drunk teenagers and more likely they were adults that looked young (this happens a lot with Americans/Europeans mistaking Japanese adults for non-adults).
Drunk teenagers on the train in Japan would draw a TON of attention. That's just not socially acceptable there. Good chance the police would be called on them as well.
Even drunk adults on trains is hugely frowned upon.
Ive seen my share of drunks....but aside from coomuters actively avoiding them...no cops ever got involved.
In my experience, its fairly common to see an avg salaryman drunk after work drinks. Usually the tell is a very red blush and borderline falling asleep or just acting drunk, but not loud.
That being said, i dont think i saw teenagers. Or groups of drunks.
Are you saying in cases of group of drunks people, cops got involved?
Ehh, I think that’s not correct at all?? Plenty of teenagers drink visibly in public here all the time. Normal bars, shops and restaurants never check IDs and drunk teenagers on the train are a common sight.
And as other comments have said, almost any train late at night will have drunk adults as a pretty significant percentage of the passengers.
I lived in Tokyo in the early 1990s and remember hearing "Seseragi", which seems like a holdout of an earlier generation of jingles. IIRC there used to be a number of different melodies that used that same bell/keyboard sound.
There is, if you click on a station, it starts to move to the next station automatically. Which station you click on next, determines if you’re doing the inner or outer loop, the site plays the correct melodies then as well as the in-train direction announcements.
Also, shout out to the Chuo line jingle. It crescendoes in such a way where you feel like you emerge elevated and renewed lol.