So many of us decry materialism. Here is a man who is willing to give up practically all of his material possessions and start over. This makes him a coward? I think it takes nuggets the size of Mars.
I think it is rather you who are a coward, who is terrified enough of change that you would go through years of agony just to maintain hold of your material possessions. The fact that he wants some money in exchange for the total value of his life's material achievement isn't strange. To simply throw that all away for free would be stupid, and it would give some other materialist a free and undeserved ride.
I don't know this guy (obviously) and can't judge his motivations. However, you are a judgmental ass.
I've always thought of code signing as a way to prevent malware from running on your phone, not some sort of DRM mechanism. Surely somebody can figure out how to install a new code certificate, so that we can all sign our own code? I don't see why this is such a big deal.
It's ridiculously easy if you are a government. You go to the browser makers. You threaten them with jail time under obscure laws until they agree to discreetly add your Evil Gov Cert to the cert of trusted root certs that come with these browsers. Anybody who doesn't cooperate is shot. You wait a few years for most people to upgrade to the new browsers, then you can begin to forge any certificate you want using your Evil Gov Cert.
This is perfect! Next time a teacher or other person in authority says I can't use Wikipedia because it is unreliable I just get the content from this site and I can say that it wasn't Wikipedia!
Crap like this is exactly WHY Wikipedia should not be cited formally as a reference. Even if Wikipedia could be trusted to be 100% correct (which it can't), how do you know you're not looking at some fake shit? Wikipedia is great for personal research. For formal citation, it's garbage. For one thing, the content can change. This is part of what makes it powerful, but it also makes it useless when cited on paper. You go to the URL and see something totally different from what the author was trying to cite.
WTF? I just did the same search as you, clicked on the SECOND hit, and get a site claiming to have the certs in ZIP files, but the site isn't even HTTPS. This is a total joke, and this is how we conduct security in our government? Any moron could install those certs, get some bullshit and not know it.
I mean, think about it. You go download Firefox. It comes with a set of root certificates. How do you know the Firefox download repository hasn't been hacked, and evil certificates inserted? The only reason you trust those certs is because you believe that the Firefox installation is trustable. But is it?
All it takes is a single evil cert. This cert (okay, the private key associated with the cert) is used to sign a bogus DoD cert. Now nothing can be trusted.
Anyone can read the cert using the CA's public key, which will decrypt the cert and then you're left with the DoD's public key and their identity
Unless my machine has been physically compromised and the CA's key replaced with an evil one. I am blown away that the DoD would not self-sign and ensure physically secure delivery, but instead rely on a CA
Also, you use cert and private key as if they mean the same thing.
By "cert" I was intending to refer to a PKCS12 data block which includes both the public and private key. Sloppy terminology, my bad.
Because the only way you can avoid a MITM attack is to know that the other side's certificate is genuine. The entire point of the certificate is to prevent a MITM attack. How's it work? Simplified, you have the cert of the party you are trying to communicate with, and they in turn have yours. You generate a piece of random data and sign it with your private key, then send this to the other side. They decrypt with your public key and verify that you are who you say you are. Then they re-encrypt the data with THEIR private key and send it back to you, proving that they were capable of decrypting the challenge. You decrypt it with their public key and again, validate that they are who they say they are. (This is not exactly how it happens but you get the point)
This makes a MITM attack impossible, because if both parties can PROVE that they possess the keys, they can use a key agreement protocol like Diffie Hellman under protection of RSA to exchange keys and even the MITM cannot interpose himself.
The point is, this process can only be secure if you can TRUST THE CERTIFICATES. This is why Certificate Authorities exist -- they have trusted certs which sign other certs, which sign other certs, etc. The reason you know you can trust the root certificate is because it is installed as part of the operating system off secure media.
So again, my question. If the DoD has a special cert, how do they get it to you securely? How do you know that you are not, instead, installing the certificate of some evil third party, enabling them to MITM you? The only answer I can think of is that the cert is physically delivered to you by people who you CAN IN TURN validate to be who they say they are. This is how the chain of trust gets established.
I bet the DoD cert is delivered on a secure medium, in a a locked briefcase, chained to the wrist of a scary looking fellow wearing black shades.
And how do you acquire these certificates in a secure manner? How do you know the cert you've installed is the real DoD cert? Is it delivered to you in person on a USB key by armed guards?
They all have at least one good point though: what do we do with the waste?
That waste is dangerous precisely because it still contains enormous amounts of energy. We need to look at ways to extract more of it before deciding it's "garbage" and dumping it somewhere.
And at least there are possibilities. I could ask the same question about coal and oil power: what do we do with the 5-10 or so petagrams of CO2 emitted annually by fossil fuel burning? Right now it's just going straight into the atmosphere.
They are not "Russian characters." The writing system is called Cyrillic. Maybe Wikipedia's page on languages written using the Cyrillic alphabet will help alleviate your ignorance.
Speaking of learning "geography and languages," huh?
You probably are also not special in having selective memory and/or reinforcement bias, which would lead you to recall that particular success, or others like it, and forget or disconsider failures. And we/. readers are also not specially prepared to estimate how many TV Viewers had the exact same reaction as you, except they erred the pictured location and then decided *not* to write about it (selection bias).
My ability to recall terrain is interesting enough to me that I pay attention when I try to do it and take pride in it as a personal skill. If you actually spend a lot of time in wild terrain, you will realize that this isn't just a spiffy ability but a survival skill.
Also, I think it's far more likely that humans as a species possess this skill for evolutionary reasons, rather than just being an effect of selective memory. While that is a real phenomenon, I don't believe it's the case here.
Would you know simply by looking at the photos without the sign that this was not say the grand canyon?
Quite possibly. Although in this case, the answer was given away in the URL and so claiming "I would have known" is not really a credible claim. (I've been to Waimea Canyon recently.) I do a LOT of hiking and backpacking, and I tend to study the areas I am traveling through very closely. I surprised myself the other day when a blurry photograph of a trail was shown on the evening news and I identified the location before they could say what it was. All the photo contained was a trail meandering through a wooded area with a particular set of vegetation. I said out loud, "That looks like the Wildwood trail a few miles north of Germantown Road." And of course, it was. And that wasn't an isolated event.
I don't think I'm special for being able to do this. It's just paying attention to detail, like the particular ratio of the populations of certain kinds of plants, what kind of moss is growing on the trees, the quality and appearance of the trail surface, how the trail slopes. These things stick permanently in my brain.
If a human can do it, I'm not really surprised that a computer can, although of course the accuracy is going to be much lower.
People really need to stop being offended so easily.
I'm not offended by the jokes. I'm bothered by the disingenuous EXCUSE for the jokes. It's true that people use humor to deal with emotional pain. But claiming that you're experiencing serious emotional pain at the loss of someone you probably didn't even recognize until being told, is simply dishonest. That's all.
I've had some bad experiences in the past when revealing my company on Slashdot. There should be enough information in my post for you to find it with some wise Googling. I wish I could tell you more than that.
I called in a drunk driver once and was HEAVILY involved for the next 6 hours. If you think calling in a gun-wielding driver is going to end with "Thanks for telling us, have a nice day," you've obviously never tried doing it before.
I don't understand this obsession of ram usage, and this is from someone with a laptop with 512MB's, and primary computer of 844MB (as reported by the OS, but 1GB in the official specs). But, I want my RAM to be used (if it's going to make performance better). That's why I have it.
The product I make displays documents of tens of thousands of pages with color content at 600 DPI, flips pages practically instantly, and uses less than 20 megabytes of RAM while doing so.
And we should give a crap because?
If they were that worried about it (it's a bunch of stupid marketing spin) why would they have made it accessible AT ALL?
Oh yeah -- in addition, please don't trot out that tired old "We make jokes to deal with the pain of loss" garbage. Last year when a close friend of mine died, we joked at his wake, with his mother no less, about the choice of beer at the event -- Dead Guy Ale. THAT is joking to cope with loss. Most people here didn't know this guy. Your jokes aren't a coping mechanism, they're just the symptom of being an ass. Of course, if your jokes are funny and not disrepectful, bring 'em on.
I don't mean things should be swept from time to time. Obviously "jshmoe" should eventually go away -- but keep your finger off the trigger until you've figured out what's going on, that's all.
Slashdot Mirror
So many of us decry materialism. Here is a man who is willing to give up practically all of his material possessions and start over. This makes him a coward? I think it takes nuggets the size of Mars.
I think it is rather you who are a coward, who is terrified enough of change that you would go through years of agony just to maintain hold of your material possessions. The fact that he wants some money in exchange for the total value of his life's material achievement isn't strange. To simply throw that all away for free would be stupid, and it would give some other materialist a free and undeserved ride.
I don't know this guy (obviously) and can't judge his motivations. However, you are a judgmental ass.
I've always thought of code signing as a way to prevent malware from running on your phone, not some sort of DRM mechanism. Surely somebody can figure out how to install a new code certificate, so that we can all sign our own code? I don't see why this is such a big deal.
I know. Not sure why I got riled up by an AC anyway.
Anybody who doesn't see the potential for serious problems when identifying their place of employment on Slashdot hasn't done it before :(
You'd hope that after 300 or so years of chemistry we'd understand how to recognize water...
It's ridiculously easy if you are a government. You go to the browser makers. You threaten them with jail time under obscure laws until they agree to discreetly add your Evil Gov Cert to the cert of trusted root certs that come with these browsers. Anybody who doesn't cooperate is shot. You wait a few years for most people to upgrade to the new browsers, then you can begin to forge any certificate you want using your Evil Gov Cert.
This is perfect! Next time a teacher or other person in authority says I can't use Wikipedia because it is unreliable I just get the content from this site and I can say that it wasn't Wikipedia!
Crap like this is exactly WHY Wikipedia should not be cited formally as a reference. Even if Wikipedia could be trusted to be 100% correct (which it can't), how do you know you're not looking at some fake shit? Wikipedia is great for personal research. For formal citation, it's garbage. For one thing, the content can change. This is part of what makes it powerful, but it also makes it useless when cited on paper. You go to the URL and see something totally different from what the author was trying to cite.
WTF? I just did the same search as you, clicked on the SECOND hit, and get a site claiming to have the certs in ZIP files, but the site isn't even HTTPS. This is a total joke, and this is how we conduct security in our government? Any moron could install those certs, get some bullshit and not know it.
I mean, think about it. You go download Firefox. It comes with a set of root certificates. How do you know the Firefox download repository hasn't been hacked, and evil certificates inserted? The only reason you trust those certs is because you believe that the Firefox installation is trustable. But is it?
All it takes is a single evil cert. This cert (okay, the private key associated with the cert) is used to sign a bogus DoD cert. Now nothing can be trusted.
Anyone can read the cert using the CA's public key, which will decrypt the cert and then you're left with the DoD's public key and their identity
Unless my machine has been physically compromised and the CA's key replaced with an evil one. I am blown away that the DoD would not self-sign and ensure physically secure delivery, but instead rely on a CA
Also, you use cert and private key as if they mean the same thing.
By "cert" I was intending to refer to a PKCS12 data block which includes both the public and private key. Sloppy terminology, my bad.
Because the only way you can avoid a MITM attack is to know that the other side's certificate is genuine. The entire point of the certificate is to prevent a MITM attack. How's it work? Simplified, you have the cert of the party you are trying to communicate with, and they in turn have yours. You generate a piece of random data and sign it with your private key, then send this to the other side. They decrypt with your public key and verify that you are who you say you are. Then they re-encrypt the data with THEIR private key and send it back to you, proving that they were capable of decrypting the challenge. You decrypt it with their public key and again, validate that they are who they say they are. (This is not exactly how it happens but you get the point)
This makes a MITM attack impossible, because if both parties can PROVE that they possess the keys, they can use a key agreement protocol like Diffie Hellman under protection of RSA to exchange keys and even the MITM cannot interpose himself.
The point is, this process can only be secure if you can TRUST THE CERTIFICATES. This is why Certificate Authorities exist -- they have trusted certs which sign other certs, which sign other certs, etc. The reason you know you can trust the root certificate is because it is installed as part of the operating system off secure media.
So again, my question. If the DoD has a special cert, how do they get it to you securely? How do you know that you are not, instead, installing the certificate of some evil third party, enabling them to MITM you? The only answer I can think of is that the cert is physically delivered to you by people who you CAN IN TURN validate to be who they say they are. This is how the chain of trust gets established.
I bet the DoD cert is delivered on a secure medium, in a a locked briefcase, chained to the wrist of a scary looking fellow wearing black shades.
And how do you acquire these certificates in a secure manner? How do you know the cert you've installed is the real DoD cert? Is it delivered to you in person on a USB key by armed guards?
I looked up "Cyrillic" in the dictionary. Apparently, Cyrillic is the word for "Russian characters."
Apparently, your dictionary sucks.
They all have at least one good point though: what do we do with the waste?
That waste is dangerous precisely because it still contains enormous amounts of energy. We need to look at ways to extract more of it before deciding it's "garbage" and dumping it somewhere.
And at least there are possibilities. I could ask the same question about coal and oil power: what do we do with the 5-10 or so petagrams of CO2 emitted annually by fossil fuel burning? Right now it's just going straight into the atmosphere.
They are not "Russian characters." The writing system is called Cyrillic. Maybe Wikipedia's page on languages written using the Cyrillic alphabet will help alleviate your ignorance.
Speaking of learning "geography and languages," huh?
You probably are also not special in having selective memory and/or reinforcement bias, which would lead you to recall that particular success, or others like it, and forget or disconsider failures. And we /. readers are also not specially prepared to estimate how many TV Viewers had the exact same reaction as you, except they erred the pictured location and then decided *not* to write about it (selection bias).
My ability to recall terrain is interesting enough to me that I pay attention when I try to do it and take pride in it as a personal skill. If you actually spend a lot of time in wild terrain, you will realize that this isn't just a spiffy ability but a survival skill.
Also, I think it's far more likely that humans as a species possess this skill for evolutionary reasons, rather than just being an effect of selective memory. While that is a real phenomenon, I don't believe it's the case here.
Would you know simply by looking at the photos without the sign that this was not say the grand canyon?
Quite possibly. Although in this case, the answer was given away in the URL and so claiming "I would have known" is not really a credible claim. (I've been to Waimea Canyon recently.) I do a LOT of hiking and backpacking, and I tend to study the areas I am traveling through very closely. I surprised myself the other day when a blurry photograph of a trail was shown on the evening news and I identified the location before they could say what it was. All the photo contained was a trail meandering through a wooded area with a particular set of vegetation. I said out loud, "That looks like the Wildwood trail a few miles north of Germantown Road." And of course, it was. And that wasn't an isolated event.
I don't think I'm special for being able to do this. It's just paying attention to detail, like the particular ratio of the populations of certain kinds of plants, what kind of moss is growing on the trees, the quality and appearance of the trail surface, how the trail slopes. These things stick permanently in my brain.
If a human can do it, I'm not really surprised that a computer can, although of course the accuracy is going to be much lower.
People really need to stop being offended so easily.
I'm not offended by the jokes. I'm bothered by the disingenuous EXCUSE for the jokes. It's true that people use humor to deal with emotional pain. But claiming that you're experiencing serious emotional pain at the loss of someone you probably didn't even recognize until being told, is simply dishonest. That's all.
Ok friend, I'll just deal with the consequences. (You're a twerp.) http://www.swiftview.com/prod1.htm
I've had some bad experiences in the past when revealing my company on Slashdot. There should be enough information in my post for you to find it with some wise Googling. I wish I could tell you more than that.
I called in a drunk driver once and was HEAVILY involved for the next 6 hours. If you think calling in a gun-wielding driver is going to end with "Thanks for telling us, have a nice day," you've obviously never tried doing it before.
I don't understand this obsession of ram usage, and this is from someone with a laptop with 512MB's, and primary computer of 844MB (as reported by the OS, but 1GB in the official specs). But, I want my RAM to be used (if it's going to make performance better). That's why I have it.
The product I make displays documents of tens of thousands of pages with color content at 600 DPI, flips pages practically instantly, and uses less than 20 megabytes of RAM while doing so.
Crappy code is no excuse.
And we should give a crap because? If they were that worried about it (it's a bunch of stupid marketing spin) why would they have made it accessible AT ALL?
Oh yeah -- in addition, please don't trot out that tired old "We make jokes to deal with the pain of loss" garbage. Last year when a close friend of mine died, we joked at his wake, with his mother no less, about the choice of beer at the event -- Dead Guy Ale. THAT is joking to cope with loss. Most people here didn't know this guy. Your jokes aren't a coping mechanism, they're just the symptom of being an ass. Of course, if your jokes are funny and not disrepectful, bring 'em on.
I don't mean things should be swept from time to time. Obviously "jshmoe" should eventually go away -- but keep your finger off the trigger until you've figured out what's going on, that's all.
Actually, there's an even cooler tool that sorta works like that. Just type hostname every time you press the button that switches the console.
Of course -- this is IT. Why automate it and reduce the chances of mistakes when you can do it manually?