"man pages" are a decent enough way to distribute command and subroutine documentation.
What they do NOT provide is an overview; like things you might need to know to perform certain tasks. Once you know about "cp" for copying files, the "cp" man page is useful. And a good "SEE ALSO" section is essential.
Overall systems documentation for UNIX was traditionally not provided on-line; IBM actually had some pretty good task-oriented docs on-line in 1993, when I first ran into AIX. The big problem with that, though, was this hideous thing called InfoExplorer you had to use... and they didn't have proper man pages once you knew the basics of the task.
Today, the equivalent for Red Hat Enterprise Linux, for example, is a separate CD. It's not part of manpages or info.
"man -k keyword" or "whatis keyword" is the way we used to find stuff because the actual doco was somewhere else.
To the best of my knowledge, man pages originally were a supplement to the paper books. But they were much easier to update, so you'd never really want to read the paper reference manuals. (Guides and user manuals, yes.)
As for the info stuff... get over it, GNU, and give us complete nroff source. IBM tried a better-than-man documentation system, and it just doesn't work. Do UNIX the UNIX way; if we wanted something else, we'd buy something else.
Funny, neither are illegal where I'm from. Though apparently Bush has 77 days to pressure our government to amend the Copyright Act so that they both will be. I'm sure the media companies will be happy to take up any slack in that.
You mean Linux didn't work at all until you updated 100 packages?
I've left running Linux servers, though not on the Big Bad Internet, without updates for years. Our production CVS server is RHEL 3 update 1, without any further patches. Except for the kernel one that fixes the sudden loss of entropy....
Ah, who am I kidding. My Fedora Core 4 box on the BBI hasn't been updated in ages, either. And it ran fine right off the DVD, no patches were needed to make it work with the hardware.
Yup. And your cell phone in GTA IV is a GSM phone: just before it rings, you get that distortion on the vehicle radio.
You also get a burst of distortion when you leave the tunnel, as the phone re-syncs to the network. (Which is weird, because both the Holland and Lincoln tunnels have lossy transmission line-based cell repeaters in them. They even have regular radio repeated into the tunnel--but they'll interrupt regular broadcasts for tunnel information.) (And now I don't remember if the GTA IV phone works in the tunnel, which would make it even more weird.)
Contact your telephone company and ask for "disconnect on hang-up" on your line. If they don't know what that is, ask for "the thing you need when you get a dial-on-demand burglar alarm."
Phone systems in North America traditionally require both parties to hang up to terminate the circuit. With disconnect on hang-up, you can kill the circuit from your end by hanging up for at most 10 seconds.
This is increasingly the default. But it should be available everywhere these days; I think the last mechanical switch is finally gone.
When the PowerPC CPU was first introduced, everyone was going to play on the new platform. IBM AIX was trivial, of course, because the PowerPC is based on the POWER CPU. But there was Windows NT 3.51, Mac OS of course, and this thing from Sun called Solaris.
Sun decided to stay with their own chips and then branched out to Intel x86 and AMD64, Microsoft eventually went back to an all-Intel code base (dropping Alpha support as well). The real killer for those boxes? IBM's port of OS/2 failed. Failed hard. ('Cause they did a top-down port: GUI first.) The PowerPC survived only in Macs, RS/6000s, and a bazillion embedded devices.
This time, though, I think the Series z machines will stick around, even without an OS/2 port. Gotta give Sun credit for trying the IBM thing again.
Don't forget about OS/2, a joint development between Microsoft and IBM. In the settlement when they stopped working together on it, IBM retained rights to market OS/2 versions 1 and 2, and Microsoft got the higher numbers.
There is, at least was, OS/2 code in Windows NT 3.1. The low-level Win32 APIs are the OS/2 Control Program APIs with the 'Dos' prefix ground off and the calling convention changed (Win32 returns a value and has a GetLastError() function, OS/2 returns the error, and the result is put in a pass-by-reference argument.) But other than the calling convention difference, the semantics of all the routines are identical.
Windows NT could even run 16-bit non-graphical OS/2 programs (like, OS/2 1.2 programs).
So there's another reason for NT starting off at "3"; it was a merge of the OS/2 architecture Microsoft with the Windows GUI system. Well, with the hardware abstraction that Microsoft wanted in the first place, while IBM thought tying the thing to the 80286 CPU was a pretty good idea. (PC Company inside IBM was... special.) I was told that disagreement (on abstraction) is the key issue that led to the failure of the OS/2 agreement and the resulting break-up of the code.
Solaris 10 reports, via uname, that it is SunOS 5.10. But Solaris 2.6 was SunOS 5.6; they just stopped talking about the "2." part.
Their compiler, which has been through a number of naming conventions, is currently Sun Studio 12. But when you file bugs, they want to know the version of the compiler... which is actually 5.9... at least for C and C++, F95 is 8.3. Yay!
IBM didn't want to play that game, so their Java 6 for AIX packages actually start with 6, there's no "1.".
If I see a version-greater-than-one of something, I'll take a look at the change list and see how quickly new features get added, or bugs get resolved.
So if I see a high version number and no history, I see a scam.
I don't go for scams. I prefer to report them to the local authorities.
Ummmm... I work in a company that has used up a significant chunk of 10/8. There's issues with the allocation to be sure, but if you need more than 254 hosts, it's your best bet.
In fact, RFC 1918 suggests use of 10/8 in any situation where your routers support the necessary subnetting to do this sort of thing. Using the Class C for a LAN is a throwback to class-based routing (that is, when the address class implied the netmask). I haven't seen a stack where that was necessary since MacTCP... and even then, if you could do the hex-to-decimal conversions, you could work out how to set things up.
I know of no reasonable explanation for loopback being 127/8, though. Other than Legacy Poirposes or Hysterical Raisins.
Windows NT shipped as Windows NT with versions 3.1, 3.5, 3.51, and 4.0. Windows 2000 would actually say "Windows NT (Version 5.0.xxxx)" in response to the VER command. Windows XP, prior to Service Pack 1, would also say "Windows NT (Version 5.1.xxxx)". XP's VER command now says it's XP, but we know what's really in there.
One could argue that Windows NT 2.0 was sold as OS/2; the low-level APIs are very similar in semantics, though the names and calling convention are different between OS/2 and NT. And, of course, they pulled the OS/2 GUI and file manager and put the Windows ones on it. This argument is helped by the fact that "OS/2 Warp 3" is versioned as "2.3", and "OS/2 Warp 4" is "2.4". Microsoft got the V3-and-up rights, and IBM kept the V1-and-V2 rights in the OS/2 break-up.
(For a time, NT even included enough stuff to run 16-bit OS/2 programs. *shudder* Maybe it still does, I'm happy to say I haven't seen a 16-bit OS/2 program in 12 years.)
I tried buying Mandrake to run on a 486 firewall/router I was making. (Before the Linksys Revolution....)
It said "CPU required: 486 or higher" on the box. It said "Boot floppy + CDROM inside". Which was important, 'cause I didn't have a running Windows, Linux or DOS PC to make a boot floppy with. (Burning ISOs was easy. Floppies... not so much.)
It CONTAINED only a CD-ROM which needed a Pentium or better.
The store gave me my money back and I bought a stuffed penguin and a magazine with TurboLinux included instead. Got enough stuff going on the Amiga to make the boot floppy.
Haven't bought a distro ever since. Donated to one, yes, but actually bought? No. Find out if it works first, give money later.
pobox.com's "MailStore" has outbound secure SMTP relay, IMAP and POP3 access, as well as webmail. Plus their excellent anti-spam stuff.
I've never used that, but I've been using their forwarding service since 1999. Originally to my ISP's mail account, and later to a SMTP server on my home LAN. (From which I run my own secure IMAP and webmail service.)
It's not free. I think that's a feature. I don't want to be a "product" sold to advertisers, I want to be a customer.
That's why the GPL isn't an end-user license. It's not about RECEIVING a copy. It's about DISTRIBUTING a copy.
You're right. You can't get GPL software illegally. Someone who GIVES it to you can be in violation, and you cannot distribute it (because the license violation would still exist). But the problem isn't that you received it, the problem is that you were given it.
The whole warranty thing isn't a license issue and should be treated separately. Emacs does this: M-x describe-no-warranty vs. M-x describe-copying.
Windows-based and Windows-mimicing GUI tarball wrappers (or "installers" as some call them) seem to think the only kind of license you could have is an end-user license. Apple's has provision for a README file, so you can present a file to be viewed but which doesn't have "accept" and "reject" choices. Just "yeah, whatever". That's all you need, because the end-user is always permitted to run GPL and MPL software.
If you're willing to drive a commandline, you can use mkisofs to make an ISO out of that VIDEO_TS folder. Er, and install cdrtools either yourself, through fink, or through the other open-source repository thing that isn't fink but I don't use 'cause I already learned fink by the time it came around.
Pretty sure that's all that's needed. Now you can burn with cdrecord or DiskUtility.
I'm NOT sure about getting usable dual-layer ISOs out of this. You'd lose the layer break location from the original, which was lost when MTR ripped the disc. That's part of why DVDDecrypter uses that meta-file in addition to the ISO file; since an ISO file is actually a headerless file containing exactly the data to go on the DVD. There's no control information, like layer break. (And that meta-file also keeps track of which files to use to make the ISO when splitting the rip into smaller chunks.)
DVDPlayer is happy with the resulting ISO (as mounted by DiskUtility), though I must say, DVD playback over 64 colour VNC is really, really funny.
Well, one wheeze to save space is still in use on the PSTN today. Instead of compressing the sound, you just seriously limit the quality. So, 8 kHz sampling, way below the Nyquist rate for human audio, and 8-bit [mu]Law samples--which is kind of like floating-point, but not really--mean you only need 64 kbps.
Which sounded comparable to the analog phone system of the time... or even better, if your line went to a selector bank that was behind on its maintenance.
And the first digital music I heard was done exactly the same way--reduce quality to reduce the data. 8 bit samples, uncompressed, I don't know if the samples were linear or not, it's been a while. Sampling was around 20 kHz, so a bit better than the phone system. We soldered up a primitive DAC that plugged in to the Commodore PET "user port" (which had a 8-wire bidirectional parallel port, in addition to the serial I/O used by the modems), and wired up an amplifier.
To tie it back to Apple, the song was 30 seconds of Eleanor Rigby... if you had a SuperPET, you could bank-switch more time in, but we just had a 4032 to play with....
Boy did it sound bad. But you could tell what it was supposed to be.
I'll second the bitch to set up. Especially since I decided to use Kerberos5 instead of 4, and the getting started doco all still uses the krb4 included with AFS for its explanations.
I really should turn what I've done so far into a HOWTO some time....
Will the Mozilla people come by and upgrade all our Red Hat Enterprise Linux machines from 4 to 5 for us, too? Oh, and my Fedora Core 4 machine?
Here's a hint: don't require the latest operating system for something as universally useful as a WEB BROWSER.
Or at least do an "old and busted GUI" sort of build that doesn't use the bazillion things that come in when you use that blasted pango or cairo library.
And while we're at it, don't destroy my ~/.mozilla/firefox directory. Make a new one if you've got a new format, and import the old stuff. Don't wipe it out.
It's not like I can switch to Opera. Their latest stuff won't run on my Linux machines.
And it's easy enough to make an x509 signing cert and do it properly in your basement. Well, living room. Then get your users to load your signing cert into their key DB or browser.
That's still a self-signed certificate. But it's NOT the certificate presented to the _browser_ by the _web server_; you have to get it some other way. (Or, at least, get the fingerprint some other way so you can verify the CA cert before loading it.)
I'd like to see the browser keep track of the certificate given by websites in the past, whether they're self-signed or authority-signed.
Especially, I want to know if:
- The server changes its certificate; keep track of expiry dates of the last one accepted so you can include "because the certificate was near expiry" kind of advice.
- The server changes its certificate signing authority [chain].
Not that either case is necessarily _wrong_, but when you combine those $10 certificate providers with, oh let's say DNS poisoning, having the browser automatically a different signing authority for a trusted website is BAD.
Slashdot Mirror
"man pages" are a decent enough way to distribute command and subroutine documentation.
What they do NOT provide is an overview; like things you might need to know to perform certain tasks. Once you know about "cp" for copying files, the "cp" man page is useful. And a good "SEE ALSO" section is essential.
Overall systems documentation for UNIX was traditionally not provided on-line; IBM actually had some pretty good task-oriented docs on-line in 1993, when I first ran into AIX. The big problem with that, though, was this hideous thing called InfoExplorer you had to use... and they didn't have proper man pages once you knew the basics of the task.
Today, the equivalent for Red Hat Enterprise Linux, for example, is a separate CD. It's not part of manpages or info.
"man -k keyword" or "whatis keyword" is the way we used to find stuff because the actual doco was somewhere else.
To the best of my knowledge, man pages originally were a supplement to the paper books. But they were much easier to update, so you'd never really want to read the paper reference manuals. (Guides and user manuals, yes.)
As for the info stuff... get over it, GNU, and give us complete nroff source. IBM tried a better-than-man documentation system, and it just doesn't work. Do UNIX the UNIX way; if we wanted something else, we'd buy something else.
Funny, neither are illegal where I'm from. Though apparently Bush has 77 days to pressure our government to amend the Copyright Act so that they both will be. I'm sure the media companies will be happy to take up any slack in that.
Canada is a haven for piracy, donchaknow.
You mean Linux didn't work at all until you updated 100 packages?
I've left running Linux servers, though not on the Big Bad Internet, without updates for years. Our production CVS server is RHEL 3 update 1, without any further patches. Except for the kernel one that fixes the sudden loss of entropy....
Ah, who am I kidding. My Fedora Core 4 box on the BBI hasn't been updated in ages, either. And it ran fine right off the DVD, no patches were needed to make it work with the hardware.
You should be able to re-compile WINE on a PowerPC-based system and then have it run programs written for Windows NT 3.51 PowerPC Edition.
Since WINE Is Not an Emulator, it's an implementation of the Win32 ABI, it's probably not what you're after....
Yup. And your cell phone in GTA IV is a GSM phone: just before it rings, you get that distortion on the vehicle radio.
You also get a burst of distortion when you leave the tunnel, as the phone re-syncs to the network. (Which is weird, because both the Holland and Lincoln tunnels have lossy transmission line-based cell repeaters in them. They even have regular radio repeated into the tunnel--but they'll interrupt regular broadcasts for tunnel information.) (And now I don't remember if the GTA IV phone works in the tunnel, which would make it even more weird.)
Contact your telephone company and ask for "disconnect on hang-up" on your line. If they don't know what that is, ask for "the thing you need when you get a dial-on-demand burglar alarm."
Phone systems in North America traditionally require both parties to hang up to terminate the circuit. With disconnect on hang-up, you can kill the circuit from your end by hanging up for at most 10 seconds.
This is increasingly the default. But it should be available everywhere these days; I think the last mechanical switch is finally gone.
When the PowerPC CPU was first introduced, everyone was going to play on the new platform. IBM AIX was trivial, of course, because the PowerPC is based on the POWER CPU. But there was Windows NT 3.51, Mac OS of course, and this thing from Sun called Solaris.
Sun decided to stay with their own chips and then branched out to Intel x86 and AMD64, Microsoft eventually went back to an all-Intel code base (dropping Alpha support as well). The real killer for those boxes? IBM's port of OS/2 failed. Failed hard. ('Cause they did a top-down port: GUI first.) The PowerPC survived only in Macs, RS/6000s, and a bazillion embedded devices.
This time, though, I think the Series z machines will stick around, even without an OS/2 port. Gotta give Sun credit for trying the IBM thing again.
Don't forget about OS/2, a joint development between Microsoft and IBM. In the settlement when they stopped working together on it, IBM retained rights to market OS/2 versions 1 and 2, and Microsoft got the higher numbers.
There is, at least was, OS/2 code in Windows NT 3.1. The low-level Win32 APIs are the OS/2 Control Program APIs with the 'Dos' prefix ground off and the calling convention changed (Win32 returns a value and has a GetLastError() function, OS/2 returns the error, and the result is put in a pass-by-reference argument.) But other than the calling convention difference, the semantics of all the routines are identical.
Windows NT could even run 16-bit non-graphical OS/2 programs (like, OS/2 1.2 programs).
So there's another reason for NT starting off at "3"; it was a merge of the OS/2 architecture Microsoft with the Windows GUI system. Well, with the hardware abstraction that Microsoft wanted in the first place, while IBM thought tying the thing to the 80286 CPU was a pretty good idea. (PC Company inside IBM was... special.) I was told that disagreement (on abstraction) is the key issue that led to the failure of the OS/2 agreement and the resulting break-up of the code.
Sun loves doing that.
Solaris 10 reports, via uname, that it is SunOS 5.10. But Solaris 2.6 was SunOS 5.6; they just stopped talking about the "2." part.
Their compiler, which has been through a number of naming conventions, is currently Sun Studio 12. But when you file bugs, they want to know the version of the compiler... which is actually 5.9... at least for C and C++, F95 is 8.3. Yay!
IBM didn't want to play that game, so their Java 6 for AIX packages actually start with 6, there's no "1.".
If I see a version-greater-than-one of something, I'll take a look at the change list and see how quickly new features get added, or bugs get resolved.
So if I see a high version number and no history, I see a scam.
I don't go for scams. I prefer to report them to the local authorities.
Ummmm... I work in a company that has used up a significant chunk of 10/8. There's issues with the allocation to be sure, but if you need more than 254 hosts, it's your best bet.
In fact, RFC 1918 suggests use of 10/8 in any situation where your routers support the necessary subnetting to do this sort of thing. Using the Class C for a LAN is a throwback to class-based routing (that is, when the address class implied the netmask). I haven't seen a stack where that was necessary since MacTCP... and even then, if you could do the hex-to-decimal conversions, you could work out how to set things up.
I know of no reasonable explanation for loopback being 127/8, though. Other than Legacy Poirposes or Hysterical Raisins.
CIDR takes care of it from the technology side.
It doesn't mean that allocations were suddenly changed. It meant that IBM now owns 9/8 instead of Network 9.
That's the human side. Technology can't fix that [in acceptable ways].
Well, at least they finally shut up the people complaining about "only one mouse button."
Now there's ZERO! Hahahhaahahaa!
You're confusing "worth" with "cost". It _costs_ $79. Obviously it wasn't worth it, so he didn't buy it.
Windows NT shipped as Windows NT with versions 3.1, 3.5, 3.51, and 4.0. Windows 2000 would actually say "Windows NT (Version 5.0.xxxx)" in response to the VER command. Windows XP, prior to Service Pack 1, would also say "Windows NT (Version 5.1.xxxx)". XP's VER command now says it's XP, but we know what's really in there.
One could argue that Windows NT 2.0 was sold as OS/2; the low-level APIs are very similar in semantics, though the names and calling convention are different between OS/2 and NT. And, of course, they pulled the OS/2 GUI and file manager and put the Windows ones on it. This argument is helped by the fact that "OS/2 Warp 3" is versioned as "2.3", and "OS/2 Warp 4" is "2.4". Microsoft got the V3-and-up rights, and IBM kept the V1-and-V2 rights in the OS/2 break-up.
(For a time, NT even included enough stuff to run 16-bit OS/2 programs. *shudder* Maybe it still does, I'm happy to say I haven't seen a 16-bit OS/2 program in 12 years.)
I tried buying Mandrake to run on a 486 firewall/router I was making. (Before the Linksys Revolution....)
It said "CPU required: 486 or higher" on the box. It said "Boot floppy + CDROM inside". Which was important, 'cause I didn't have a running Windows, Linux or DOS PC to make a boot floppy with. (Burning ISOs was easy. Floppies... not so much.)
It CONTAINED only a CD-ROM which needed a Pentium or better.
The store gave me my money back and I bought a stuffed penguin and a magazine with TurboLinux included instead. Got enough stuff going on the Amiga to make the boot floppy.
Haven't bought a distro ever since. Donated to one, yes, but actually bought? No. Find out if it works first, give money later.
pobox.com's "MailStore" has outbound secure SMTP relay, IMAP and POP3 access, as well as webmail. Plus their excellent anti-spam stuff.
I've never used that, but I've been using their forwarding service since 1999. Originally to my ISP's mail account, and later to a SMTP server on my home LAN. (From which I run my own secure IMAP and webmail service.)
It's not free. I think that's a feature. I don't want to be a "product" sold to advertisers, I want to be a customer.
That's why the GPL isn't an end-user license. It's not about RECEIVING a copy. It's about DISTRIBUTING a copy.
You're right. You can't get GPL software illegally. Someone who GIVES it to you can be in violation, and you cannot distribute it (because the license violation would still exist). But the problem isn't that you received it, the problem is that you were given it.
The whole warranty thing isn't a license issue and should be treated separately. Emacs does this: M-x describe-no-warranty vs. M-x describe-copying.
Windows-based and Windows-mimicing GUI tarball wrappers (or "installers" as some call them) seem to think the only kind of license you could have is an end-user license. Apple's has provision for a README file, so you can present a file to be viewed but which doesn't have "accept" and "reject" choices. Just "yeah, whatever". That's all you need, because the end-user is always permitted to run GPL and MPL software.
And now let's look at all the nits over here....
If you're willing to drive a commandline, you can use mkisofs to make an ISO out of that VIDEO_TS folder. Er, and install cdrtools either yourself, through fink, or through the other open-source repository thing that isn't fink but I don't use 'cause I already learned fink by the time it came around.
% ls -F MyDVD
AUDIO_TS/
VIDEO_TS/
% mkisofs -dvd-video -o MyDVD.iso MyDVD
Pretty sure that's all that's needed. Now you can burn with cdrecord or DiskUtility.
I'm NOT sure about getting usable dual-layer ISOs out of this. You'd lose the layer break location from the original, which was lost when MTR ripped the disc. That's part of why DVDDecrypter uses that meta-file in addition to the ISO file; since an ISO file is actually a headerless file containing exactly the data to go on the DVD. There's no control information, like layer break. (And that meta-file also keeps track of which files to use to make the ISO when splitting the rip into smaller chunks.)
DVDPlayer is happy with the resulting ISO (as mounted by DiskUtility), though I must say, DVD playback over 64 colour VNC is really, really funny.
Well, one wheeze to save space is still in use on the PSTN today. Instead of compressing the sound, you just seriously limit the quality. So, 8 kHz sampling, way below the Nyquist rate for human audio, and 8-bit [mu]Law samples--which is kind of like floating-point, but not really--mean you only need 64 kbps.
Which sounded comparable to the analog phone system of the time... or even better, if your line went to a selector bank that was behind on its maintenance.
And the first digital music I heard was done exactly the same way--reduce quality to reduce the data. 8 bit samples, uncompressed, I don't know if the samples were linear or not, it's been a while. Sampling was around 20 kHz, so a bit better than the phone system. We soldered up a primitive DAC that plugged in to the Commodore PET "user port" (which had a 8-wire bidirectional parallel port, in addition to the serial I/O used by the modems), and wired up an amplifier.
To tie it back to Apple, the song was 30 seconds of Eleanor Rigby... if you had a SuperPET, you could bank-switch more time in, but we just had a 4032 to play with....
Boy did it sound bad. But you could tell what it was supposed to be.
I'll second the bitch to set up. Especially since I decided to use Kerberos5 instead of 4, and the getting started doco all still uses the krb4 included with AFS for its explanations.
I really should turn what I've done so far into a HOWTO some time....
Oh goody.
Will the Mozilla people come by and upgrade all our Red Hat Enterprise Linux machines from 4 to 5 for us, too? Oh, and my Fedora Core 4 machine?
Here's a hint: don't require the latest operating system for something as universally useful as a WEB BROWSER.
Or at least do an "old and busted GUI" sort of build that doesn't use the bazillion things that come in when you use that blasted pango or cairo library.
And while we're at it, don't destroy my ~/.mozilla/firefox directory. Make a new one if you've got a new format, and import the old stuff. Don't wipe it out.
It's not like I can switch to Opera. Their latest stuff won't run on my Linux machines.
And it's easy enough to make an x509 signing cert and do it properly in your basement. Well, living room. Then get your users to load your signing cert into their key DB or browser.
That's still a self-signed certificate. But it's NOT the certificate presented to the _browser_ by the _web server_; you have to get it some other way. (Or, at least, get the fingerprint some other way so you can verify the CA cert before loading it.)
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 90
Ta-dah. cacert.pem is now a self-signed CA root key, and cakey.pem is the signing key for it. If you have to deal with Windows users:
openssl x509 -in cacert.pem -inform pem -out cacert.der -outform der
And sign:
openssl ca -cert cacert.pem -keyfile cakey.pem -out http.cert.pem -infiles http.req.pem
Feed cacert.pem, http.key.pem and http.cert.pem to Apache's SSLCertificateChainFile, SSLCertificateKeyFile and SSLCertificateFile, and Bob's my uncle.
I'd like to see the browser keep track of the certificate given by websites in the past, whether they're self-signed or authority-signed.
Especially, I want to know if:
- The server changes its certificate; keep track of expiry dates of the last one accepted so you can include "because the certificate was near expiry" kind of advice.
- The server changes its certificate signing authority [chain].
Not that either case is necessarily _wrong_, but when you combine those $10 certificate providers with, oh let's say DNS poisoning, having the browser automatically a different signing authority for a trusted website is BAD.
Canon has one too; but it only works with their serious-pro DSLRs, the EOS 1Ds Mark III and 1D Mark III currently.
So no proof against image tampering from such "low end" cameras as the EOS 5D.
I'll give Nikon a serious edge there, on having their set-up work with the D300, a sub-$2000 body....