> And don't tell me that rotting in jail would simply be a waste of this man's talents. His wife probably had talent and potential, but we'll never know for sure since she's dead.
You suggest we throw away his talent and potential because we already lost someone else's talent and potential? That makes no sense at all.
> If you can write the same program in language X in 1000 LOC and language Y takes 2000, then you will be finished with language X program much sooner and have fewer bugs.
> Which means that really, now, it's a UI and software problem to solve. The HW is ready. Isn't that always the case?
I guess it is, then again, in most situations there is little point in writing software that needs nonexistant hardware, so it is only natural that the hardware is ready before the software is.
Probably not his 30 GB of music, he could stuff that on an external HD. But he'll probably need his operating system, audio projects, and a game or two. Also, it's nice to have enough space to be able to defragment, and a few free GB should you unexpectedly need them.
> Age, wisdom, experience, intelligence and honor are not mutually interchangeable -- not even two at a time. The list of good attributes is likely much longer than five. Need a living example of the truth of this -- John McCain.
What does age have to do with anything? Any retard can get old. With age comes experience (not necessarily true, but we assume most old people didn't spend their lives doing nothing but eating and sleeping and have therefore acquired at least some experience), but that one is already in your list, so there is no reason to list age unless you thing there is some other benificial quality that can be derived therefrom. Could you explain what that quality is?
> Most violence in GTA is trivial in comparison but instills that VIOLENCE HAS REWARDS. That is a very significant difference.
But it's true, right? IF you are willing to hurt/kill people and IF you don't get caught (by either the police or others like yourself), then a life of crime and violence can make you a very rich man, and it's stupid to deny that. You don't need to play GTA to realize this truth, just watch the news. Read the papers.
GTA doesn't teach people that violence has rewards, everyone past the age of 10 knows that. GTA just lets you enjoy the violence without the consequences.
> You seem to be claiming that you understand this highly technical jargon (implying that you're a highly educated individual). However, you fail at basic spelling. You even fail to correctly spell a technical word that you should be familiar with ("pseudorapidity").
I assume he is also familiar with the words 'clear' and 'pieces'. Since he also missspells these words, he is probably either dyslexic or drunk, neither of which is reason to believe that he is not a highly educated individual (indeed, if he is so drunk that his spelling is as bad as it is, while still understanding the technobabble, he must be very intelligent indeed).
> when i criticized it and said it will hurt a lot of small businesses and communities, some people came up with darwinian shit like 'if they are not able to afford a $100 buck a year ssl, they dont deserve to be on the internet anyway'.
I hear startssl can get you a cert for free.
> and look now, even the biggest can be affected by this overzealous, self righteous implementation in ff3, not only small businesses and communities who are 'so easily forfeitable'. > i wonder what those people have to say now.
They say: failing to renew your certificate on time is stupid, and has nothing to do with ff3. Don't kill the messenger.
Damn! Posted in HTML format while I'm used to plain text. This is what my post should have looked like:
> Sure, that's what they claim. However, since cells are actually "analog" how do you simulate them in a digital environment? So you give each important characteristic 256 discrete values? 512? How many is "enough"?
Suppose we use 32 bits for each important characteristic, giving us 4294967296 different values.
> Even small rounding errors can have huge impacts on overall results. So, they might be able to perform a simulation of 22 million neurons and 11 billion synapses, but these are just an approximation.
Since tens of thousands of neurons die each day without causing my brain to stop functioning (or even function noticably different compared to last month), I think those small rounding errors would be completely irrelevant. The brain is obviously able to cope with small errors.
> Sure, that's what they claim. However, since cells are actually "analog" how do you simulate them in a digital environment? So you give each important characteristic 256 discrete values? 512? How many is "enough"?
Suppose we use 32 bits for each important characteristic, giving us 4294967296 different values.
> Even small rounding errors can have huge impacts on overall results. So, they might be able to perform a simulation of 22 million neurons and 11 billion synapses, but these are just an approximation.
Since tens of thousands of neurons die each day without causing my brain to stop functioning (or even function noticably different compared to last month), I think those small rounding errors would be completely irrelevant. The brain is obviously able to cope with small errors.
> If you accept unencrypted pages, you can be MitM'ed.
Aye, but you know this can happen, and act accordingly. When you use HTTPS you assume this cannot happen. With self-signed certificates, this assumption may be wrong.
> So why are browsers telling people to not consider alternatives, and only use unencrypted or CA-signed connections?
They aren't, they are simply erring on the side of security by displaying a warning message when you encounter a self-signed cert, since the average user will only encounter such a certificate when they are getting phished.
> What, you think the certificate authorities can't be conned into giving out invalid certificates?
Off course they can be. Still, they are AT LEAST as secure as a self-signed certificate, and probably more so (depends on the CA, YMMV) if they actually check who you are.
> You're refusing to consider alternatives. What if you want to prevent snooping, but either don't care about MITM (much more involved) or don't trust the CAs? Why are you excluding the middle options?
Self-signed certificates are fine and they do work for encryption when you assume that the man in the middle will limit his activities to snooping, but by automatically accepting them you give the user a false sense of security. It is not that I oppose self-signed certificates (indeed, I am thinking of setting up a server and when I do I will most certainly use a self-signed certificate for SSH), but I do oppose people who think the FF3 warning message is the root of all evil. When someone thinks of a way to transparantly encrypt all web-traffic I'll be celebrating with the rest of you, but auto-accepting self-signed certificates is, IMHO, not the way to go.
> The grandparent wasn't talking about authority-signed vs. self-signed certificates. The comparison is between self-signed https to unencrypted HTTP.
Yet authority-signed vs self-signed IS relevant when discussing self-signed HTTPS and unencrypted HTTP. Yes, I'll admit that self-signed HTTPS in more secure than HTTP. But that doesn't mean we should stop there and refuse to consider the alternatives. The alternative being authority-signed HTTPS, and it has the advantage of offfering more protection against MITM.
> Unencrypted HTTP is also vulnerable to MITM and other types of attacks, why doesn't firefox give me a big warning when I go to one of those sites?
HTTP, by default, is vulnerable to MITM. However in most situations this man is not scary. If the MITM discovers that I read slashdot, he can't use that fact to steal all my money (having said that he could probably access my email account using the password I use for/., which could be problematic). There is, in most situations, little to gain for the Middle-Man when one is browsing ordinary stuff. Also, you KNOW that HTTP has these vulnerabilites, and can take that into account when posting stuff about yourself on the net. Therefore there is no reason for FF to show a warning.
> A much better Firefox GUI would be to just show a different lock icon or color for sites with self-signed certificates.
At least the current warning message is clear. If you need a website that is invulnerable to MITM, use HTTPS with an authority-signed certificate. If you don't need protection against MITM, use HTTP. Using different locks and colours is just going to confuse people (it will certainly confuse me). Suppose I visit a website that uses a self-signed certificate which my browser automagically accepts with your different lock icon or colour. Then I get phished at some point in the future. The phishing site also uses a self-signed certificate, and since I don't memorize certificates (few people do), I assume it is genuine. Sure, the browser could store certificates and compare them with the one the site is offering, but this won't help if I use another browser/computer/reinstall/etc.
> Making me go through several steps to accept a certificate is a waste of my time.
You only need to add the certificate once for each browser you use. How many websites use self-signed certificates anyway?
> All it accomplishes is to teach users to ignore browser warnings so that when a real security issue comes up they will ignore it.
Again, how often do you encounter this warning? Normal users will encounter a self-signed certificate like, 5 times during their lifetime?
> The current firefox gui for this looks a lot like the warning for phishing sites.
I see no problem there, since the whole point of not silently accepting self-signed certificates is to protect the user against phishing.
> I wouldn't be surprised if users get used to the self-signed ssl warnings, and then stumble across a fishing site and click through because they thought it was just another certificate warning.
I repeat myself: how often does the average user encounter such a warning?
No they don't. Certificates are not just for encryption, they also identify a website as being 'the real thing'*. If you accept self-signed certificates you can be MITM'ed. Browsers like FF3 inform you that this could be happening. Most companies that require encryption for their website can easily afford a certificate.
* This doesn't really work in practice since some of the companies that issue certificates don't bother to check if the one who requests the certificate owns the website.
Science isn't about creating marketable stuff. Having said that, just take a moment to look around you and compare what you see with how the world was 50 years ago. Just because you don't 'see' technology advance in real-time doens't mean it isn't moving.
Slashdot Mirror
If you encrypt your email you don't really need to worry where you traffic goes.
Mister Anderson, what good is a pizza... when you are unable... to eat?
> And don't tell me that rotting in jail would simply be a waste of this man's talents. His wife probably had talent and potential, but we'll never know for sure since she's dead.
You suggest we throw away his talent and potential because we already lost someone else's talent and potential? That makes no sense at all.
> If you can write the same program in language X in 1000 LOC and language Y takes 2000, then you will be finished with language X program much sooner and have fewer bugs.
Clearly you have never seen perl.
Don't be so sure of that, I hear they come out at night.
> The treaty is not constitutional in either country.
Correct me if I'm wrong but I thought the UK didn't have a constitution?
> Which means that really, now, it's a UI and software problem to solve. The HW is ready. Isn't that always the case?
I guess it is, then again, in most situations there is little point in writing software that needs nonexistant hardware, so it is only natural that the hardware is ready before the software is.
Probably not his 30 GB of music, he could stuff that on an external HD. But he'll probably need his operating system, audio projects, and a game or two. Also, it's nice to have enough space to be able to defragment, and a few free GB should you unexpectedly need them.
> Age, wisdom, experience, intelligence and honor are not mutually interchangeable -- not even two at a time. The list of good attributes is likely much longer than five. Need a living example of the truth of this -- John McCain.
What does age have to do with anything? Any retard can get old. With age comes experience (not necessarily true, but we assume most old people didn't spend their lives doing nothing but eating and sleeping and have therefore acquired at least some experience), but that one is already in your list, so there is no reason to list age unless you thing there is some other benificial quality that can be derived therefrom. Could you explain what that quality is?
> Most violence in GTA is trivial in comparison but instills that VIOLENCE HAS REWARDS. That is a very significant difference.
But it's true, right? IF you are willing to hurt/kill people and IF you don't get caught (by either the police or others like yourself), then a life of crime and violence can make you a very rich man, and it's stupid to deny that. You don't need to play GTA to realize this truth, just watch the news. Read the papers.
GTA doesn't teach people that violence has rewards, everyone past the age of 10 knows that. GTA just lets you enjoy the violence without the consequences.
> You seem to be claiming that you understand this highly technical jargon (implying that you're a highly educated individual). However, you fail at basic spelling. You even fail to correctly spell a technical word that you should be familiar with ("pseudorapidity").
I assume he is also familiar with the words 'clear' and 'pieces'. Since he also missspells these words, he is probably either dyslexic or drunk, neither of which is reason to believe that he is not a highly educated individual (indeed, if he is so drunk that his spelling is as bad as it is, while still understanding the technobabble, he must be very intelligent indeed).
> when i criticized it and said it will hurt a lot of small businesses and communities, some people came up with darwinian shit like 'if they are not able to afford a $100 buck a year ssl, they dont deserve to be on the internet anyway'.
I hear startssl can get you a cert for free.
> and look now, even the biggest can be affected by this overzealous, self righteous implementation in ff3, not only small businesses and communities who are 'so easily forfeitable'.
> i wonder what those people have to say now.
They say: failing to renew your certificate on time is stupid, and has nothing to do with ff3. Don't kill the messenger.
Mine is imaginary.
> I think that's gay.
Set them straight!
Damn! Posted in HTML format while I'm used to plain text. This is what my post should have looked like:
> Sure, that's what they claim. However, since cells are actually "analog" how do you simulate them in a digital environment? So you give each important characteristic 256 discrete values? 512? How many is "enough"?
Suppose we use 32 bits for each important characteristic, giving us 4294967296 different values.
> Even small rounding errors can have huge impacts on overall results. So, they might be able to perform a simulation of 22 million neurons and 11 billion synapses, but these are just an approximation.
Since tens of thousands of neurons die each day without causing my brain to stop functioning (or even function noticably different compared to last month), I think those small rounding errors would be completely irrelevant. The brain is obviously able to cope with small errors.
> Sure, that's what they claim. However, since cells are actually "analog" how do you simulate them in a digital environment? So you give each important characteristic 256 discrete values? 512? How many is "enough"? Suppose we use 32 bits for each important characteristic, giving us 4294967296 different values. > Even small rounding errors can have huge impacts on overall results. So, they might be able to perform a simulation of 22 million neurons and 11 billion synapses, but these are just an approximation. Since tens of thousands of neurons die each day without causing my brain to stop functioning (or even function noticably different compared to last month), I think those small rounding errors would be completely irrelevant. The brain is obviously able to cope with small errors.
> or allowed yourself to starve rather then injure some other plant / animal
> So it's entirely natural to feel superior and value your own over other species.
> My cat clearly thinks she is a higher form of life than me.
I am.
Sincerely,
your cat.
My dog laughs at your cities and books. Humans, special? He asks: how many humans can scratch their armpits with their feet?
> If you accept unencrypted pages, you can be MitM'ed.
Aye, but you know this can happen, and act accordingly. When you use HTTPS you assume this cannot happen. With self-signed certificates, this assumption may be wrong.
> All websites require encryption.
No they don't.
> So why are browsers telling people to not consider alternatives, and only use unencrypted or CA-signed connections?
They aren't, they are simply erring on the side of security by displaying a warning message when you encounter a self-signed cert, since the average user will only encounter such a certificate when they are getting phished.
> What, you think the certificate authorities can't be conned into giving out invalid certificates?
Off course they can be. Still, they are AT LEAST as secure as a self-signed certificate, and probably more so (depends on the CA, YMMV) if they actually check who you are.
> You're refusing to consider alternatives. What if you want to prevent snooping, but either don't care about MITM (much more involved) or don't trust the CAs? Why are you excluding the middle options?
Self-signed certificates are fine and they do work for encryption when you assume that the man in the middle will limit his activities to snooping, but by automatically accepting them you give the user a false sense of security. It is not that I oppose self-signed certificates (indeed, I am thinking of setting up a server and when I do I will most certainly use a self-signed certificate for SSH), but I do oppose people who think the FF3 warning message is the root of all evil. When someone thinks of a way to transparantly encrypt all web-traffic I'll be celebrating with the rest of you, but auto-accepting self-signed certificates is, IMHO, not the way to go.
> The grandparent wasn't talking about authority-signed vs. self-signed certificates. The comparison is between self-signed https to unencrypted HTTP.
Yet authority-signed vs self-signed IS relevant when discussing self-signed HTTPS and unencrypted HTTP. Yes, I'll admit that self-signed HTTPS in more secure than HTTP. But that doesn't mean we should stop there and refuse to consider the alternatives. The alternative being authority-signed HTTPS, and it has the advantage of offfering more protection against MITM.
> Unencrypted HTTP is also vulnerable to MITM and other types of attacks, why doesn't firefox give me a big warning when I go to one of those sites?
HTTP, by default, is vulnerable to MITM. However in most situations this man is not scary. If the MITM discovers that I read slashdot, he can't use that fact to steal all my money (having said that he could probably access my email account using the password I use for /., which could be problematic). There is, in most situations, little to gain for the Middle-Man when one is browsing ordinary stuff. Also, you KNOW that HTTP has these vulnerabilites, and can take that into account when posting stuff about yourself on the net. Therefore there is no reason for FF to show a warning.
> A much better Firefox GUI would be to just show a different lock icon or color for sites with self-signed certificates.
At least the current warning message is clear. If you need a website that is invulnerable to MITM, use HTTPS with an authority-signed certificate. If you don't need protection against MITM, use HTTP. Using different locks and colours is just going to confuse people (it will certainly confuse me). Suppose I visit a website that uses a self-signed certificate which my browser automagically accepts with your different lock icon or colour. Then I get phished at some point in the future. The phishing site also uses a self-signed certificate, and since I don't memorize certificates (few people do), I assume it is genuine. Sure, the browser could store certificates and compare them with the one the site is offering, but this won't help if I use another browser/computer/reinstall/etc.
> Making me go through several steps to accept a certificate is a waste of my time.
You only need to add the certificate once for each browser you use. How many websites use self-signed certificates anyway?
> All it accomplishes is to teach users to ignore browser warnings so that when a real security issue comes up they will ignore it.
Again, how often do you encounter this warning? Normal users will encounter a self-signed certificate like, 5 times during their lifetime?
> The current firefox gui for this looks a lot like the warning for phishing sites.
I see no problem there, since the whole point of not silently accepting self-signed certificates is to protect the user against phishing.
> I wouldn't be surprised if users get used to the self-signed ssl warnings, and then stumble across a fishing site and click through because they thought it was just another certificate warning.
I repeat myself: how often does the average user encounter such a warning?
No they don't. Certificates are not just for encryption, they also identify a website as being 'the real thing'*. If you accept self-signed certificates you can be MITM'ed. Browsers like FF3 inform you that this could be happening. Most companies that require encryption for their website can easily afford a certificate.
* This doesn't really work in practice since some of the companies that issue certificates don't bother to check if the one who requests the certificate owns the website.
He'll be smiling either way.
If only they used recycling, by burning the methane they produced, then they might be able to live using LARGE areas instead.
This cow runs on methane and grass!
Science isn't about creating marketable stuff. Having said that, just take a moment to look around you and compare what you see with how the world was 50 years ago. Just because you don't 'see' technology advance in real-time doens't mean it isn't moving.