And where is the problem with that? People have no idea what security is and how all pieces of it are implemented, however they are told by banks (for example) that they must have the 'https' connection (or the secure icon) and if it's not there, then they shouldn't use it. So if you are setting a MITM attack for every connection for a bank, then you are drawing all the attention to the compromised system where you set it up.
How can you possibly detect when a CA authorized certificate is replaced with a self-signed certificate? You can't ask bank.com's webserver because you don't have a secure way of communicating with it before making that determination.
- if this is your first connection to the bank, then there is nothing you can do, correct! You can't know what the certificate is for the bank until you get one.
So you should be presented with a PLAIN TEXT connection to the bank if this is your first connection and if you are willing to go through a PLAIN TEXT connection to your bank, then that's up to you and if that's the MITM attack then too bad, you didn't care to check what the connection to your bank is and that it doesn't use a CA signed certificate (as if that matters if you don't care to check what the hell you are doing connecting to your bank without understanding you need to look for a 'secure' connection icon, which is what all banks tell you to do).
Business becomes government when the mob gives government unauthorised power that goes beyond the law, it's the lack of rule of law that turns SOME businesses into your government, because with the rule of law, with the Constitution actually being upheld the government has no power that it can steal and sell to those businesses.
Those businesses (like banks) cannot expect any type of moral hazard (so called 'insurance') to be provided to them, they cannot expect to be bailed out, they cannot expect government to give them monopoly powers, they cannot expect to have any type of preferential treatment, be it in taxes or regulations or any money, subsidies, etc.
You turn certain businesses into your masters when you turn individuals into slaves of the collective by destroying the rule of law by voting for government officials that promise to break the Constitution by giving you something that they must first steal from somebody else. The moment you vote for a politician that promises to raise taxes on certain people and to subsidise your spending is the moment you destroy the rule of law and you give the power to certain businesses to go through that gigantic hole that you poked in the wall that prevents the government from destroying the law in the first place.
This is in everything, from Standard Oil being destroyed by the government because certain people couldn't compete in the free market and they bought government support, and people didn't prevent that destruction of private property from taking place (because of the real bad type of greed, the kind of greed that one person feels when he looks at another's success and wants to destroy that success or steal some of it). From income taxes (that originally were 'only for the top 1-2%' and maximum that was stolen was only 7% of income), and the federal reserve printing money so that gov't could buy more weapons and rations and other war supplies, all while creating inflation. To various welfare programs, gov't jobs programs, gov't "insurance" of any kind, be it FDIC or Medicare or EI or housing and loan 'insurance'. Be it gov't subsidised schools or gov't subsidised food (snap) and any type of dep't that deals with business, not with interstate transactions to increase competition, but with regulating business so that money can flow from business to politicians and their offices, etc.etc.
No, businesses are not your government until you make some of them your government by destroying the actual lawful Constitutional government.
If they do perform mitm attacks, using an untrusted self-signed certificate is equivalent to using a CA-signed certificate in terms of what the govt can see.
- that's not the point, the point is that without encryption all of the communications are plain text and since they are all recorded they can be looked at later date.
Since today CAs are a BARRIER TO ENTRY for many of the people to bother to switch to encrypted communications, this prevents a large number of communications from being encrypted.
It is even worse if a CA is used to generate the key pairs, then it's not only the MITM attack that is problematic, then gov't can use that to decrypt your stored communications. So AFAIC CAs are a problem in a number of ways: they prevent too many people from encrypting the traffic and they can cooperate with the government, they are a chocking point.
untrusted self-signed cert is no better than using a CA-signed cert.
- for the cases when gov't did not implement MITM attack and wants to look at your PAST communications I completely disagree.
A self-signed certificate without MITM attack prevents gov't from looking at your past. CA that generates your keys is the biggest breach of security there is and browsers acting as if self-signed certificates are a virus coupled with CAs is a huge barrier to entry for a large number of people that prevents them from implementing self signed certificates.
2. Mallory, an adversary, performs a mitm attack on Alice's connection. She replaces the CA-signed certificate with a self-signed certificate, allowing her to view all of Alice's traffic to bank.com. With the current browser UIs, the browser would show Alice the self-signed certificate warning. Alice should see it, known she's under attack, and decide not to proceed. With your proposed UI, the browser would show NO WARNING. Unless Alice knows that bank.com should display the HTTPS icon and notices that it isn't, she will proceed and Mallory will be able to view all of Alice's traffic.
- NONSENSE.
Nonsense, complete and utter nonsense.
I didn't address that scenario in my previous comment, it doesn't mean that it is how I would address it (not give a warning when a CA authorised certificate is replaced with a self signed certificate)!
You are reaching for too many straws, I feel you do have a dog in this fight. If the https://bank.com/ site with a CA authorised certificate switches from CA authorised certificate to a self signed one I don't have a problem with a big warning, in fact there should ALWAYS be a warning when a CA authorised certificate is replaced!
AFAIC ALL CA AUTHORISED CERTIFICATES ARE MITM ATTACKS. But I do not care about MITM attacks for the purposes of pushing more people to encrypted traffic, I only care that browsers do not treat self-signed certificates as if they are worse than PLAIN TEXT communications, which they are not! They are only a problem for CA's bottom line and for NSA spying.
An https://bank.com/ switching from one CA authorised certificate to another IS a MITM attack for all I know.
An https://bank.com/ switching from CA authorised certificate to a self-signed one is ALSO a MITM attack.
No, NSA spy, I do not have a problem with COMPANIES collecting my information UNLESS it ends up in government hands.
Understand? I have a high intolerance for government, but I don't have a problem with companies that are trying to make a buck by trying to find what products to advertise to me specifically.
I do have a problem with governments and with thugs that work for them and with rare exceptions (Snowden) governments have thugs working for them. I don't need to figure out every way that I am being endangered by the government thugs collecting my information today, I only need to know that they are doing it to be against it on principle in every single case. Jews didn't have a problem with Germany until they did. In USSR you weren't the enemy of the State until you became one. Same can be said about most places on this planet, you are not a target until you are, and that's just political stuff, never mind the fact that thugs work for governments and thugs will sell my or anybody's information for personal profit and you don't actually have any legal recourse there at all unlike in case of businesses.
Governments are the enemy, businesses are not. Businesses work to earn our attention and money, governments use violence and brutal force, murder and various 'legal' means to subjugate people's rights. So fuck you and fuck all governments, hopefully we are going to move beyond the belief of a need of central government in the next few decades just like we are going to move beyond the belief of a need to have government controlling our money.
I saw your post, I understand what encryptions is, what certificates are, what self signing is, I develop with it and use it all the time. Again, unless you are working for CAs and have a dog in this fight or you are NSA, you wouldn't want people to use self signed certificates, that's true. Otherwise it is a nonsensical irrational position to state that self signed certificates EVEN when are not deployed manually, when the fingerprint is not checked by the end client are worse in any way than plain text given the fact that governments are recording everything for assessment and for looking at it when time comes later.
When time comes later, the information may still be recovered if the government is really really interested in finding out what it was that you wrote there, however it's going to be much more difficult than if it was plain text, there is nothing to recover with plain text, it's out in the open.
Saying that self signed certificates are worse than plain text is either propaganda for some ulterior motive or it is an irrational position, because the end user does NOT even have to be AWARE that a self signed certificate is used!
In fact if the browser doesn't even tell the user that there is a self signed certificate, then to the user it looks like a plain text connection and maybe that's how browsers really should treat self signed certificates that are not manually authorised by the user.
Do not even bother telling the user that a self signed certificate is used, whatever. Treat it EXACTLY like a plain text connection, so that the user is not even aware that there is a self signed certificate UNLESS he goes into the properties of the page and specifically checks for that.
But doing what the browsers are doing today is in fact completely counter productive and it's done to scare people away from websites that use self signing certificates and this just may be profitable for CAs and excellent for the government spies, but it's terrible for the users.
It is worse. Using an encrypted connection with a self signed certificate is worse than plain text in terms of security. With HTTP a man-in-the-middle can see everything you send. With HTTPS using a self-signed certificate a mitm can substitute their certificate for yours and see everything you send.
- nonsense and it is dangerous nonsense given the facts that we now are aware of about the governments recording all communications to look at a LATER DATE.
If somebody, especially government is specifically targeting you for MITM attack, no CA will stop them, worse, AFAIC CAs are are highly suspect, CAs are a perfect target for government 3LAs to create an easy way to penetrate security.
In fact there cannot be 'secure' icon on a browser if a CA is used! The only way to have highest order of security that we can achieve right now is to install self signed certificates where we know the fingerprint and to prevent CAs from authorising anything at all on our computers.
Again, given what we know about government snooping on people making it ANY more difficult for users to have encrypted communications to any server is only helping government secret police to go back in time and retrieve and search through any communications that are happening on the Internet.
Plain text is the worst possible way to transfer data that should be secured and AFAIC at this point all communications need to be secured, there shouldn't be ANY plain text communications on the Internet, plain text communications is the worst possible thing that is happening right now given what the governments are doing.
Once again, I completely, 100% disagree with your idea that self signed certificates are in any way worse than plain text, that's pure nonsense and dangerous given our times.
You can't see any reason to distrust self-signed certificates?
- I trust them much more than I trust governments and certificate authorities. I trust that using an encrypted connection with self signed certificate is NOT WORSE than using plain text and I don't trust that the browser behaviour regarding self signed certificates is without suspect, without a bias.
IF your argument had any merit, THEN browsers could at least use the self signed certificate and NOT show the 'secure' icon, show whatever you like, don't break browsing experience for users. Don't say that the connection is perfectly secure, but don't make it look like the user is about to access a virus infected site or something to that effect, that's where my mistrust of benevolent browser behaviour comes from.
Funny story, a few years back when I wrote this, I added in the functions to encrypt and decrypt text in browser input elements with a predetermined password. At the time when I was working on it, FF was some much older version and to my surprise when I was debugging the code, I realised that I could use Javascript to read input characters from password fields in my code from ANY page. That was unfortunate (I think they fixed that by now). But of-course today if you use something like gmail or hotmail, they can capture keystrokes and document change events and send them back to the servers individually, so at this point if you are going to use something like leetkey for encryption, you have to use the function (that is provided in my addon at least) to open a new browser window or tab with a text area where you can type something and encrypt it first and then cut and paste into your email window's text area.
Maybe you should try and find solutions and make do with less? Maybe you should propose moving to GNU/Linux desktop instead of buying more Windows licenses? How about refilling toner cartridges rather than always buying new ones? Find a company to do that for you, it'll be cheaper than buying new cartridges.
This is an unconstitutional power that the USA federal government usurped from the people, it doesn't actually matter how they grab most of it, however what does matter is that they do and it looks like it's not going to stop until the system crashes and there is no more money to run it.
Encrypt your communications, encrypt everything you can. Use self signed certificates, by the way, avoid Certificate Authorities, AFAIC they only make it easier to create a MITM attack, not harder. They can confirm to your device that a certificate is valid even if it is not the certificate that you want to use. Of-course if you use CAs do not let them generate your keys for you.
At this point the behaviour of browsers to treat self-signed certificates as worse than plain text should be suspect to everybody, there is no rational explanation to that sort of attitude except: we don't want you to use certificates that authorities can't revoke and replace.
You are correct from so many different perspectives. For example you can simply look at thermodynamics laws to understand why all available space will eventually be uniformly occupied, the same principle applies to any resource, the more resource is available to more it will be used, so the more technical capabilities government has to spy on you the more it will spy on you REGARDLESS of whether it should be done at all or not.
Well, obviously pressure cookers are weapons of mass destruction, NSA is there to protect you....
by the way, Zimmerman's lawyer needs to force NSA director to testify and demand phone call recording to put a nail in this trial's coffin (never mind that the 'star witness' in the case is a huge liar, lying about age, ability to read and write, but the entire coached phone conversation that she is pushing is obviously fake).
One realises these kinds of things when one has to go over code that uses various equivalents of 'goto' statement that are present in every type of computer language and so it is abused. One cringes when seeing things like 60 page long methods / functions, where logic is controlled with a number of local state variables and control switches are implemented as exceptions that are thrown from random places in code, multiple nested try/catch scopes are used to check for the types of exceptions, combinations of exceptions are used to represent transition from one logic state to another and all of this also relies on various database and asynchronous method calls to pull in data for decision making about when exceptions are thrown.
When this sort of thing is analysed and re-implemented with simple control flows, calls to meaningfully named methods, simple if, switch conditions and loops, all of a sudden 60 page code can be condensed down to maybe 15 pages. That's when one learns to appreciate the beauty of real simplicity, not simplicity for the sake of simplicity, but simplicity in the sense of structural approach to solving a problem.
The world is not filled with enough cheap and plentiful products that everybody can enjoy, even if some people think that it is. Even once everybody can enjoy the most basic things, it's not like everybody has his or her own yacht or submarine or spaceship and it would be nice eventually to achieve that as well and that will require almost immeasurably more than what we can offer today with our current levels of productivity.
Basically jobs are not limited to anything at all, there are limitless possibilities for doing things that haven't been done yet and whenever you think "we have invented and done everything that there is" you will be proven wrong every single time.
But it only works if you pay premium for special large clown shoes, without those the thing tips over all the time (and that's how it got that clown nose, kept hitting the darn thing against the pavement).
'Yes, a license for a normal octocore setup costs more than your home, but...' or 'After going through the 2 hour cost calculation matrix, the resulting price seemed a tad steep, but'
but, but... but you don't realise, look at the title of TFA, it says: Finally, a true cloud database.
Do you understand that? They finally have managed to install their database on an actual freaking CLOUD! How cool is that? I imagine it's pretty cool, maybe -50 Centigrade or so.
Well, I moved a medium sized retailer (13 stores) to a Linux based solution as well, including the move to LibreOffice in the last 3 years, so it's not just the desktop that I consider to be ready.
Trust me on this: I don't want to see Windows 7 or Vista either, in fact for a number of years now I am happy enough with GNU/Linux based desktop (even though some think it's not ready or whatever).
What I think is that everybody should take accounting courses, whether they are engineers, humanities, whatever, they should all learn something real about the business world around them and the fastest way to start is to take some accounting. It also can help the uninitiated to start thinking about their own household management, money management and not make crudest, worst types of financial mistakes that would haunt them for decades later on.
You're never going to get government out of all of the things that marriage gives benefits to.
- why not? USA federal government wasn't in any of these just a century ago.
Rights are given by the government.
- wrong, rights are imposed upon government by only giving government the authority to deal with certain restrained situations (in theory of-course, not in practice, not after the mob declares that its entitlements to subsidies that impose obligations upon minority of productive people are more important than individual rights of every person).
A right is a default LIMIT on government power against an individual, a right is only a meaningful concept in the context of an individual interacting with a government.
An individual has all the rights and government has authority to deny an individual some of these rights under certain conditions. The government only exists with the consent of the governed (until the collective gives the government enough leeway to subjugate and subvert the Constitution and destroy the chains that bind the hands of the politicians).
OTOH between 2 individuals or an individual and a business (which is also an individual, until the government sticks its nose into that business) there is no concept of 'rights', there is only a concept of "don't do to others what you don't want to be done to you", and so that's what the criminal code is basically all about, not any 'right' but just a reflective response to an act that we do not want to be repeated onto us. The reason why a 'right' is different is because with a government (especially a 'democratic' one) there is nobody to actually take revenge against, there is nothing you can do to punish government in case it does to you what it shouldn't, so all we can do is demand that government cannot do onto us those things a priori.
The guy was an absolutely ruthless businessman, he would set up competitive auctions between shipping companies (which was the point of why he bought land for his refinery operations close to rail road and with access to water ways, so he could pit rail and boat shipping companies against each other). He hired people and trained them personally in the art of selling his product at the best price (for him). He set part of his profits aside to self-ensure against fires and thefts, etc., he cut entire parts of 'normal' (for the time) business procedures out and reimplemented them himself, he was vertically integrating at every business opportunity. He called the bluff of his first business partner and bid on the entire business against him (he was about 26 at the time, having worked since age of 16, from nothing he already managed to save a considerable small fortune, and threw together about 80K and bought the entire business), that was due to his partner wanting to get out, as the partner didn't realise how profitable the business can be. You can say he was Larry Ellison of the day, except he was much better at it, would you say that Larry Ellison is 'magnanimous' today?
In any case, throwing words like that around shows complete lack of understanding of how business operates, why decisions are made and what it means to be most productive and thus most profitable.
Rockefeller wasn't "magnanimous" when it concerned his business. He was charitable otherwise, but never in business.
However saying that the company would 'abuse' it's position sometime down the road and so it must be broken apart, that's ridiculous. Here we have a company that is excellent at providing best quality kerosene (and later other oil byproducts) at the lowest prices consistently by investing in better and more efficient processes and technologies all the time, but because LATER it could abuse its dominant role of the most efficient oil refiner and deliverer it should be broken up? That's cutting your nose to spite your face, it immediately retarded the development in the industry that put competitive downward pressure on prices and prices have not been lower since, they have only gone up.
However in an actual free market, there is no unshakable dominant position for ANY business if a government is not involved. It takes a government to solidify and cement status of a business as a monopoly. AT&T is one perfect case of such government created monopoly, which was created by government destroyed 3000 private competitors, which for many decades provided uncompetitive, unimaginative product line that nobody was allowed to compete against and once that was over the competition exploded and number of products expanded dramatically (from different types of phones to answering machines, to different, better service quality, to lower prices, to mobile devices, etc.)
Slashdot Mirror
And where is the problem with that? People have no idea what security is and how all pieces of it are implemented, however they are told by banks (for example) that they must have the 'https' connection (or the secure icon) and if it's not there, then they shouldn't use it. So if you are setting a MITM attack for every connection for a bank, then you are drawing all the attention to the compromised system where you set it up.
How can you possibly detect when a CA authorized certificate is replaced with a self-signed certificate? You can't ask bank.com's webserver because you don't have a secure way of communicating with it before making that determination.
- if this is your first connection to the bank, then there is nothing you can do, correct! You can't know what the certificate is for the bank until you get one.
So you should be presented with a PLAIN TEXT connection to the bank if this is your first connection and if you are willing to go through a PLAIN TEXT connection to your bank, then that's up to you and if that's the MITM attack then too bad, you didn't care to check what the connection to your bank is and that it doesn't use a CA signed certificate (as if that matters if you don't care to check what the hell you are doing connecting to your bank without understanding you need to look for a 'secure' connection icon, which is what all banks tell you to do).
Business becomes government when the mob gives government unauthorised power that goes beyond the law, it's the lack of rule of law that turns SOME businesses into your government, because with the rule of law, with the Constitution actually being upheld the government has no power that it can steal and sell to those businesses.
Those businesses (like banks) cannot expect any type of moral hazard (so called 'insurance') to be provided to them, they cannot expect to be bailed out, they cannot expect government to give them monopoly powers, they cannot expect to have any type of preferential treatment, be it in taxes or regulations or any money, subsidies, etc.
You turn certain businesses into your masters when you turn individuals into slaves of the collective by destroying the rule of law by voting for government officials that promise to break the Constitution by giving you something that they must first steal from somebody else. The moment you vote for a politician that promises to raise taxes on certain people and to subsidise your spending is the moment you destroy the rule of law and you give the power to certain businesses to go through that gigantic hole that you poked in the wall that prevents the government from destroying the law in the first place.
This is in everything, from Standard Oil being destroyed by the government because certain people couldn't compete in the free market and they bought government support, and people didn't prevent that destruction of private property from taking place (because of the real bad type of greed, the kind of greed that one person feels when he looks at another's success and wants to destroy that success or steal some of it). From income taxes (that originally were 'only for the top 1-2%' and maximum that was stolen was only 7% of income), and the federal reserve printing money so that gov't could buy more weapons and rations and other war supplies, all while creating inflation. To various welfare programs, gov't jobs programs, gov't "insurance" of any kind, be it FDIC or Medicare or EI or housing and loan 'insurance'. Be it gov't subsidised schools or gov't subsidised food (snap) and any type of dep't that deals with business, not with interstate transactions to increase competition, but with regulating business so that money can flow from business to politicians and their offices, etc.etc.
No, businesses are not your government until you make some of them your government by destroying the actual lawful Constitutional government.
If they do perform mitm attacks, using an untrusted self-signed certificate is equivalent to using a CA-signed certificate in terms of what the govt can see.
- that's not the point, the point is that without encryption all of the communications are plain text and since they are all recorded they can be looked at later date.
Since today CAs are a BARRIER TO ENTRY for many of the people to bother to switch to encrypted communications, this prevents a large number of communications from being encrypted.
It is even worse if a CA is used to generate the key pairs, then it's not only the MITM attack that is problematic, then gov't can use that to decrypt your stored communications. So AFAIC CAs are a problem in a number of ways: they prevent too many people from encrypting the traffic and they can cooperate with the government, they are a chocking point.
untrusted self-signed cert is no better than using a CA-signed cert.
- for the cases when gov't did not implement MITM attack and wants to look at your PAST communications I completely disagree.
A self-signed certificate without MITM attack prevents gov't from looking at your past. CA that generates your keys is the biggest breach of security there is and browsers acting as if self-signed certificates are a virus coupled with CAs is a huge barrier to entry for a large number of people that prevents them from implementing self signed certificates.
2. Mallory, an adversary, performs a mitm attack on Alice's connection. She replaces the CA-signed certificate with a self-signed certificate, allowing her to view all of Alice's traffic to bank.com.
With the current browser UIs, the browser would show Alice the self-signed certificate warning. Alice should see it, known she's under attack, and decide not to proceed.
With your proposed UI, the browser would show NO WARNING. Unless Alice knows that bank.com should display the HTTPS icon and notices that it isn't, she will proceed and Mallory will be able to view all of Alice's traffic.
- NONSENSE.
Nonsense, complete and utter nonsense.
I didn't address that scenario in my previous comment, it doesn't mean that it is how I would address it (not give a warning when a CA authorised certificate is replaced with a self signed certificate)!
You are reaching for too many straws, I feel you do have a dog in this fight. If the https://bank.com/ site with a CA authorised certificate switches from CA authorised certificate to a self signed one I don't have a problem with a big warning, in fact there should ALWAYS be a warning when a CA authorised certificate is replaced!
AFAIC ALL CA AUTHORISED CERTIFICATES ARE MITM ATTACKS. But I do not care about MITM attacks for the purposes of pushing more people to encrypted traffic, I only care that browsers do not treat self-signed certificates as if they are worse than PLAIN TEXT communications, which they are not! They are only a problem for CA's bottom line and for NSA spying.
An https://bank.com/ switching from one CA authorised certificate to another IS a MITM attack for all I know.
An https://bank.com/ switching from CA authorised certificate to a self-signed one is ALSO a MITM attack.
An https://bank.com/ switching to http://bank.com/ is ALSO a MITM attack.
No, NSA spy, I do not have a problem with COMPANIES collecting my information UNLESS it ends up in government hands.
Understand? I have a high intolerance for government, but I don't have a problem with companies that are trying to make a buck by trying to find what products to advertise to me specifically.
I do have a problem with governments and with thugs that work for them and with rare exceptions (Snowden) governments have thugs working for them. I don't need to figure out every way that I am being endangered by the government thugs collecting my information today, I only need to know that they are doing it to be against it on principle in every single case. Jews didn't have a problem with Germany until they did. In USSR you weren't the enemy of the State until you became one. Same can be said about most places on this planet, you are not a target until you are, and that's just political stuff, never mind the fact that thugs work for governments and thugs will sell my or anybody's information for personal profit and you don't actually have any legal recourse there at all unlike in case of businesses.
Governments are the enemy, businesses are not. Businesses work to earn our attention and money, governments use violence and brutal force, murder and various 'legal' means to subjugate people's rights. So fuck you and fuck all governments, hopefully we are going to move beyond the belief of a need of central government in the next few decades just like we are going to move beyond the belief of a need to have government controlling our money.
I saw your post, I understand what encryptions is, what certificates are, what self signing is, I develop with it and use it all the time. Again, unless you are working for CAs and have a dog in this fight or you are NSA, you wouldn't want people to use self signed certificates, that's true. Otherwise it is a nonsensical irrational position to state that self signed certificates EVEN when are not deployed manually, when the fingerprint is not checked by the end client are worse in any way than plain text given the fact that governments are recording everything for assessment and for looking at it when time comes later.
When time comes later, the information may still be recovered if the government is really really interested in finding out what it was that you wrote there, however it's going to be much more difficult than if it was plain text, there is nothing to recover with plain text, it's out in the open.
Saying that self signed certificates are worse than plain text is either propaganda for some ulterior motive or it is an irrational position, because the end user does NOT even have to be AWARE that a self signed certificate is used!
In fact if the browser doesn't even tell the user that there is a self signed certificate, then to the user it looks like a plain text connection and maybe that's how browsers really should treat self signed certificates that are not manually authorised by the user.
Do not even bother telling the user that a self signed certificate is used, whatever. Treat it EXACTLY like a plain text connection, so that the user is not even aware that there is a self signed certificate UNLESS he goes into the properties of the page and specifically checks for that.
But doing what the browsers are doing today is in fact completely counter productive and it's done to scare people away from websites that use self signing certificates and this just may be profitable for CAs and excellent for the government spies, but it's terrible for the users.
It is worse. Using an encrypted connection with a self signed certificate is worse than plain text in terms of security. With HTTP a man-in-the-middle can see everything you send. With HTTPS using a self-signed certificate a mitm can substitute their certificate for yours and see everything you send.
- nonsense and it is dangerous nonsense given the facts that we now are aware of about the governments recording all communications to look at a LATER DATE.
If somebody, especially government is specifically targeting you for MITM attack, no CA will stop them, worse, AFAIC CAs are are highly suspect, CAs are a perfect target for government 3LAs to create an easy way to penetrate security.
In fact there cannot be 'secure' icon on a browser if a CA is used! The only way to have highest order of security that we can achieve right now is to install self signed certificates where we know the fingerprint and to prevent CAs from authorising anything at all on our computers.
Again, given what we know about government snooping on people making it ANY more difficult for users to have encrypted communications to any server is only helping government secret police to go back in time and retrieve and search through any communications that are happening on the Internet.
Plain text is the worst possible way to transfer data that should be secured and AFAIC at this point all communications need to be secured, there shouldn't be ANY plain text communications on the Internet, plain text communications is the worst possible thing that is happening right now given what the governments are doing.
Once again, I completely, 100% disagree with your idea that self signed certificates are in any way worse than plain text, that's pure nonsense and dangerous given our times.
You can't see any reason to distrust self-signed certificates?
- I trust them much more than I trust governments and certificate authorities. I trust that using an encrypted connection with self signed certificate is NOT WORSE than using plain text and I don't trust that the browser behaviour regarding self signed certificates is without suspect, without a bias.
IF your argument had any merit, THEN browsers could at least use the self signed certificate and NOT show the 'secure' icon, show whatever you like, don't break browsing experience for users. Don't say that the connection is perfectly secure, but don't make it look like the user is about to access a virus infected site or something to that effect, that's where my mistrust of benevolent browser behaviour comes from.
Funny story, a few years back when I wrote this, I added in the functions to encrypt and decrypt text in browser input elements with a predetermined password. At the time when I was working on it, FF was some much older version and to my surprise when I was debugging the code, I realised that I could use Javascript to read input characters from password fields in my code from ANY page. That was unfortunate (I think they fixed that by now). But of-course today if you use something like gmail or hotmail, they can capture keystrokes and document change events and send them back to the servers individually, so at this point if you are going to use something like leetkey for encryption, you have to use the function (that is provided in my addon at least) to open a new browser window or tab with a text area where you can type something and encrypt it first and then cut and paste into your email window's text area.
%!@ahfhhh78aehnn2! ! *
Maybe you should try and find solutions and make do with less? Maybe you should propose moving to GNU/Linux desktop instead of buying more Windows licenses? How about refilling toner cartridges rather than always buying new ones? Find a company to do that for you, it'll be cheaper than buying new cartridges.
Find ways to work around budget cuts.
This is an unconstitutional power that the USA federal government usurped from the people, it doesn't actually matter how they grab most of it, however what does matter is that they do and it looks like it's not going to stop until the system crashes and there is no more money to run it.
Encrypt your communications, encrypt everything you can. Use self signed certificates, by the way, avoid Certificate Authorities, AFAIC they only make it easier to create a MITM attack, not harder. They can confirm to your device that a certificate is valid even if it is not the certificate that you want to use. Of-course if you use CAs do not let them generate your keys for you.
At this point the behaviour of browsers to treat self-signed certificates as worse than plain text should be suspect to everybody, there is no rational explanation to that sort of attitude except: we don't want you to use certificates that authorities can't revoke and replace.
You are correct from so many different perspectives. For example you can simply look at thermodynamics laws to understand why all available space will eventually be uniformly occupied, the same principle applies to any resource, the more resource is available to more it will be used, so the more technical capabilities government has to spy on you the more it will spy on you REGARDLESS of whether it should be done at all or not.
Worse than that, I misread her name as Evil Nemeth, that's how I rationalised her being a guy while thinking that the name was somewhat odd.
Well, obviously pressure cookers are weapons of mass destruction, NSA is there to protect you....
by the way, Zimmerman's lawyer needs to force NSA director to testify and demand phone call recording to put a nail in this trial's coffin (never mind that the 'star witness' in the case is a huge liar, lying about age, ability to read and write, but the entire coached phone conversation that she is pushing is obviously fake).
Come on, NSA, produce the records.
One realises these kinds of things when one has to go over code that uses various equivalents of 'goto' statement that are present in every type of computer language and so it is abused. One cringes when seeing things like 60 page long methods / functions, where logic is controlled with a number of local state variables and control switches are implemented as exceptions that are thrown from random places in code, multiple nested try/catch scopes are used to check for the types of exceptions, combinations of exceptions are used to represent transition from one logic state to another and all of this also relies on various database and asynchronous method calls to pull in data for decision making about when exceptions are thrown.
When this sort of thing is analysed and re-implemented with simple control flows, calls to meaningfully named methods, simple if, switch conditions and loops, all of a sudden 60 page code can be condensed down to maybe 15 pages. That's when one learns to appreciate the beauty of real simplicity, not simplicity for the sake of simplicity, but simplicity in the sense of structural approach to solving a problem.
Are you kidding me? Government?
The world is not filled with enough cheap and plentiful products that everybody can enjoy, even if some people think that it is. Even once everybody can enjoy the most basic things, it's not like everybody has his or her own yacht or submarine or spaceship and it would be nice eventually to achieve that as well and that will require almost immeasurably more than what we can offer today with our current levels of productivity.
Basically jobs are not limited to anything at all, there are limitless possibilities for doing things that haven't been done yet and whenever you think "we have invented and done everything that there is" you will be proven wrong every single time.
Bravo, if you hadn't have written that comment I would have.
But it only works if you pay premium for special large clown shoes, without those the thing tips over all the time (and that's how it got that clown nose, kept hitting the darn thing against the pavement).
'Yes, a license for a normal octocore setup costs more than your home, but...'
or 'After going through the 2 hour cost calculation matrix, the resulting price seemed a tad steep, but'
but, but... but you don't realise, look at the title of TFA, it says: Finally, a true cloud database.
Do you understand that? They finally have managed to install their database on an actual freaking CLOUD! How cool is that? I imagine it's pretty cool, maybe -50 Centigrade or so.
Well, I moved a medium sized retailer (13 stores) to a Linux based solution as well, including the move to LibreOffice in the last 3 years, so it's not just the desktop that I consider to be ready.
Trust me on this: I don't want to see Windows 7 or Vista either, in fact for a number of years now I am happy enough with GNU/Linux based desktop (even though some think it's not ready or whatever).
What I think is that everybody should take accounting courses, whether they are engineers, humanities, whatever, they should all learn something real about the business world around them and the fastest way to start is to take some accounting. It also can help the uninitiated to start thinking about their own household management, money management and not make crudest, worst types of financial mistakes that would haunt them for decades later on.
You're never going to get government out of all of the things that marriage gives benefits to.
- why not? USA federal government wasn't in any of these just a century ago.
Rights are given by the government.
- wrong, rights are imposed upon government by only giving government the authority to deal with certain restrained situations (in theory of-course, not in practice, not after the mob declares that its entitlements to subsidies that impose obligations upon minority of productive people are more important than individual rights of every person).
A right is a default LIMIT on government power against an individual, a right is only a meaningful concept in the context of an individual interacting with a government.
An individual has all the rights and government has authority to deny an individual some of these rights under certain conditions. The government only exists with the consent of the governed (until the collective gives the government enough leeway to subjugate and subvert the Constitution and destroy the chains that bind the hands of the politicians).
OTOH between 2 individuals or an individual and a business (which is also an individual, until the government sticks its nose into that business) there is no concept of 'rights', there is only a concept of "don't do to others what you don't want to be done to you", and so that's what the criminal code is basically all about, not any 'right' but just a reflective response to an act that we do not want to be repeated onto us. The reason why a 'right' is different is because with a government (especially a 'democratic' one) there is nobody to actually take revenge against, there is nothing you can do to punish government in case it does to you what it shouldn't, so all we can do is demand that government cannot do onto us those things a priori.
magnanimous? Are you for real?
The guy was an absolutely ruthless businessman, he would set up competitive auctions between shipping companies (which was the point of why he bought land for his refinery operations close to rail road and with access to water ways, so he could pit rail and boat shipping companies against each other). He hired people and trained them personally in the art of selling his product at the best price (for him). He set part of his profits aside to self-ensure against fires and thefts, etc., he cut entire parts of 'normal' (for the time) business procedures out and reimplemented them himself, he was vertically integrating at every business opportunity. He called the bluff of his first business partner and bid on the entire business against him (he was about 26 at the time, having worked since age of 16, from nothing he already managed to save a considerable small fortune, and threw together about 80K and bought the entire business), that was due to his partner wanting to get out, as the partner didn't realise how profitable the business can be. You can say he was Larry Ellison of the day, except he was much better at it, would you say that Larry Ellison is 'magnanimous' today?
In any case, throwing words like that around shows complete lack of understanding of how business operates, why decisions are made and what it means to be most productive and thus most profitable.
Rockefeller wasn't "magnanimous" when it concerned his business. He was charitable otherwise, but never in business.
However saying that the company would 'abuse' it's position sometime down the road and so it must be broken apart, that's ridiculous. Here we have a company that is excellent at providing best quality kerosene (and later other oil byproducts) at the lowest prices consistently by investing in better and more efficient processes and technologies all the time, but because LATER it could abuse its dominant role of the most efficient oil refiner and deliverer it should be broken up? That's cutting your nose to spite your face, it immediately retarded the development in the industry that put competitive downward pressure on prices and prices have not been lower since, they have only gone up.
However in an actual free market, there is no unshakable dominant position for ANY business if a government is not involved. It takes a government to solidify and cement status of a business as a monopoly. AT&T is one perfect case of such government created monopoly, which was created by government destroyed 3000 private competitors, which for many decades provided uncompetitive, unimaginative product line that nobody was allowed to compete against and once that was over the competition exploded and number of products expanded dramatically (from different types of phones to answering machines, to different, better service quality, to lower prices, to mobile devices, etc.)