They're revoking a certificate roughly every hour, their CRL is 1.9MB in size and from looking at the serial numbers it seems that lots of certificates are pretty close to each other, which means that a significant percentage of issued certs is getting revoked.
This would indicate that their loose verification is being severely exploited by the bad guys.
Now are you completely sure that when you add this CA to your store, you also configure the CRL handling properly? For how often do you schedule download of the CRL? Do you really think it's a good idea to download a 1.9MB CRL every 1 hour (there's no OCSP service for their certs, it seems, at least there's no OCSP URL on their CA certs)?
I suspect that you didn't give a thought to this, as well as the majority of people who install CAcert root certificates in their browser, not suspecting what can of worms from security perspective do they open. They probably don't even know what a CRL is for, not to mention checking the CRL handling settings in their browser after they install CAcert's root x.509.
Hartley points to examples like proprietary drivers, the popularity of Skype among Linux users (in preference to the open source Ekiga), and the use of Wine.
Hey, don't blame Linux users for that Wine stuff! The use of Wine is a tradition that dates back to ancient China 9000 B.C.!
I agree that its overuse causes some problems tho.
It would be interesting to know, how much extra length the oceanic floor cables get in order to account for plate tectonics (more specifically for divergent boundaries, like the Mid-Atlantic Ridge or East Pacific Rise?
Of course, the typical speed of plate movement being no more than 10 cm / year, I expect an answer to be in the order of thousands of years...
So your home user checking his email, running a web browser, etc is not going to benefit much from having all that compute power. (Gamers are obviously not included in this)
You've excluded gamers as if this had been some nearly extinct exotic species. Don't they contribute the most to PC hardware market growth and progress?
How are they going to cope with excessive heat and power consumption? How are they going to dissipate heat from a thousand cores?
When the processing power growth was fed by shrinking transistors, the heat stayed at manageable level (well, it gradually increased with packing more and more elements on die, but the function wasn't linear). Smaller circuits yielded less heat, despite being much more of them.
Now we're packing more and more chips into one package instead and shrinkage of transistors has significantly slowed down. So how are they going to pack those thousand cores into a small number of CPUs and manage power and heat output?
... Apple uses only the finest hardware components, dew picked and flown from Iraq, cleansed in finest quality spring water, lightly soldered, and then sealed in a smooth case designed by the most emo-like of emo designers.
... Apple uses only the finest hardware components, dew picked and flown from Iraq, cleansed in finest quality spring water, lightly soldered, and then sealed in a smooth case designed by the most emo-like of emo designers.
If this is a non-profit project then why not opening the source code? This would at least create some chances of some outsiders stepping up to port it to other systems. Why the source code has to be kept closed? Does it contain someone's trade secrets?
You completely omitted the Commodore Amiga and Atari ST, which were technologically-wise running circles around the ones you mentioned. They lacked proper business perspective, though, and the (anti-?)competitive climate being created by Microsoft became a nail to their coffins.
be forgiven for thinking it's a convenient excuse for Atari to attack negative reviews of the only game they're releasing in 2008 that has any chance of making them some money
Major electronic equipment manufacturers are pursuing a way to eliminate tin whiskers.
However, tim whiskers' current location is unknown. Recently he's been known to have been hiding from justice among the Taliban guerillas near the Pakistani border.
To say that plant biomass alone accounts for a healthy ecosystem and that increased carbon levels confers from magical "nutrients" to plants is far-fetched at best.
Well, you obviously base your argument on false presumption that a criminal has immediate access to you and the notebook at the same time, same place.
However, if this is not true (e.g. they stole the notebook first and hidden somewhere, then discovered the need for the fingerprint and got to you - the owner), they are very likely to cut off your finger whether you're willing to cooperate or not. It's simply so much easier to move around the city with a cut off finger than with a kidnapped person (or corpse thereof).
So you got your threat modeling wrong.
The password, however, is much more transportable. When you reveal it they can even call another one of them that sits with the notebook somewhere and test whether you've lied, so they can leave you alone earlier.
I should note the above method would also work with SSL, be creative, it only has to be a legitimate cert with a root chain.
Well, the CN field on the legitimate cert would have to match the DNS FQDN name that the client looked up the server address with. Unless your POP3 client doesn't verify that x.509 CN matches the DNS FQDN, which would make its SSL support pointless. Even MS Outlook does that properly.
Seems like phase change RAM would have much more desirable properties (high write performance, much higher amount of writes a single memory cell can take before it's damaged) for discussed uses.
I don't really care too much about the proprietary-ness of Java. Since I'm not a Linux zealot, I just care that it does what I want it to do.
The problem is, there's a cause-effect relation between the two that you don't seem to comprehend.
With proprietary technology, the chances are much greater that at some point you'll discover that the technology doesn't do what you'd want to.
A practical example: suppose you have a new 64 bit workstation with a fresh, new, 64 bit operating system on it and most of the software is 64 bit too. So you've been browsing pages with your 64 bit browser for a couple of weeks now, and you stumble upon a page that features a Java applet and requires it to work properly.
If Sun's Java had been released on a liberal license a couple of years ago, now we would probably have full support for a much larger set of architectures, including AMD64. Maybe PowerPC and others as well - the community would pick this up and work on porting according to general populace's needs.
Instead we have a large populace of angry users who wait 3 years (and will probably wait another one) for support of a quite popular hardware platform because the control has been in the hands of a single entity - Sun.
The same problem is with all the other technologies - and you are likely to be burned by this problem in the future if VmWare decides that you have to upgrade to something new or that your little interoperability problems mean nothing to them.
And it's you who will have to answer to your customers/bosses on your own for the limitations artificially imposed by a vendor, for the problems that are beyond your control. Unless you really don't care and don't take responsibility for results of your work, but then you should qualify for the position at the bottom of the IT food chain - like a helpdesk/support job...
Slashdot Mirror
They're revoking a certificate roughly every hour, their CRL is 1.9MB in size and from looking at the serial numbers it seems that lots of certificates are pretty close to each other, which means that a significant percentage of issued certs is getting revoked.
This would indicate that their loose verification is being severely exploited by the bad guys.
Now are you completely sure that when you add this CA to your store, you also configure the CRL handling properly? For how often do you schedule download of the CRL? Do you really think it's a good idea to download a 1.9MB CRL every 1 hour (there's no OCSP service for their certs, it seems, at least there's no OCSP URL on their CA certs)?
I suspect that you didn't give a thought to this, as well as the majority of people who install CAcert root certificates in their browser, not suspecting what can of worms from security perspective do they open. They probably don't even know what a CRL is for, not to mention checking the CRL handling settings in their browser after they install CAcert's root x.509.
Hey, don't blame Linux users for that Wine stuff! The use of Wine is a tradition that dates back to ancient China 9000 B.C.!
I agree that its overuse causes some problems tho.
Man, that's the second time I have to clean my monitor's screen this month!
...CUDOS goes to them.
Put knot yore trust inn spel chequers!
It would be interesting to know, how much extra length the oceanic floor cables get in order to account for plate tectonics (more specifically for divergent boundaries, like the Mid-Atlantic Ridge or East Pacific Rise?
Of course, the typical speed of plate movement being no more than 10 cm / year, I expect an answer to be in the order of thousands of years...
You've excluded gamers as if this had been some nearly extinct exotic species. Don't they contribute the most to PC hardware market growth and progress?
How are they going to cope with excessive heat and power consumption? How are they going to dissipate heat from a thousand cores?
When the processing power growth was fed by shrinking transistors, the heat stayed at manageable level (well, it gradually increased with packing more and more elements on die, but the function wasn't linear). Smaller circuits yielded less heat, despite being much more of them.
Now we're packing more and more chips into one package instead and shrinkage of transistors has significantly slowed down. So how are they going to pack those thousand cores into a small number of CPUs and manage power and heat output?
... Apple uses only the finest hardware components, dew picked and flown from Iraq, cleansed in finest quality spring water, lightly soldered, and then sealed in a smooth case designed by the most emo-like of emo designers.
... Apple uses only the finest hardware components, dew picked and flown from Iraq, cleansed in finest quality spring water, lightly soldered, and then sealed in a smooth case designed by the most emo-like of emo designers.
If this is a non-profit project then why not opening the source code? This would at least create some chances of some outsiders stepping up to port it to other systems. Why the source code has to be kept closed? Does it contain someone's trade secrets?
It's African American Holes, you racist clod!
I've downloaded Java from Sun a couple of years ago and didn't have to pay a dime!
(ducks for cover)
.
.
.
.
.
.
.
.
.
.
I know, I know, free beer vs free speech, RMS etc.
Seriously, though, does anybody know of significant Java apps that use that javax.sound API which is the problem in OpenJDK?
Seems like this is the least frequently used (and least important) part of the J2SE API.
More specifically, electrons are leptons, which are a kind of fermions.
Quarks are the other type of fermions.
Moderated Offtopic? How on earth can a comment on an Atari game to a story on Atari game reviews be offtopic?
Surely I've forgotten to somehow find a way to bash Microsoft in order to be more Slashdotically-correct.
(BTW, in addition, notice my perfect grammar! It seems I'm inherently out of place over here...)
Oh, you're right. Time passes so quickly.
Windows 3.0 was released in 1990. Linus Torvalds started working on his kernel only in 1991. There was no Linux at that time you refer to.
You completely omitted the Commodore Amiga and Atari ST, which were technologically-wise running circles around the ones you mentioned. They lacked proper business perspective, though, and the (anti-?)competitive climate being created by Microsoft became a nail to their coffins.
This one looks quite nice too.
B-but CO2 has what the plants crave. Because it's got electrolytes!
Well, you obviously base your argument on false presumption that a criminal has immediate access to you and the notebook at the same time, same place.
However, if this is not true (e.g. they stole the notebook first and hidden somewhere, then discovered the need for the fingerprint and got to you - the owner), they are very likely to cut off your finger whether you're willing to cooperate or not. It's simply so much easier to move around the city with a cut off finger than with a kidnapped person (or corpse thereof).
So you got your threat modeling wrong.
The password, however, is much more transportable. When you reveal it they can even call another one of them that sits with the notebook somewhere and test whether you've lied, so they can leave you alone earlier.
Well, the CN field on the legitimate cert would have to match the DNS FQDN name that the client looked up the server address with. Unless your POP3 client doesn't verify that x.509 CN matches the DNS FQDN, which would make its SSL support pointless. Even MS Outlook does that properly.
Seems like phase change RAM would have much more desirable properties (high write performance, much higher amount of writes a single memory cell can take before it's damaged) for discussed uses.
The problem is, there's a cause-effect relation between the two that you don't seem to comprehend.
With proprietary technology, the chances are much greater that at some point you'll discover that the technology doesn't do what you'd want to.
A practical example: suppose you have a new 64 bit workstation with a fresh, new, 64 bit operating system on it and most of the software is 64 bit too. So you've been browsing pages with your 64 bit browser for a couple of weeks now, and you stumble upon a page that features a Java applet and requires it to work properly.
Now you have a real problem, since there's no Java browser plug-in for 64 bit architectures yet.
If Sun's Java had been released on a liberal license a couple of years ago, now we would probably have full support for a much larger set of architectures, including AMD64. Maybe PowerPC and others as well - the community would pick this up and work on porting according to general populace's needs.
Instead we have a large populace of angry users who wait 3 years (and will probably wait another one) for support of a quite popular hardware platform because the control has been in the hands of a single entity - Sun.
The same problem is with all the other technologies - and you are likely to be burned by this problem in the future if VmWare decides that you have to upgrade to something new or that your little interoperability problems mean nothing to them.
And it's you who will have to answer to your customers/bosses on your own for the limitations artificially imposed by a vendor, for the problems that are beyond your control. Unless you really don't care and don't take responsibility for results of your work, but then you should qualify for the position at the bottom of the IT food chain - like a helpdesk/support job...