Actually, I heared if you can do your computing in a short time in parallel or a long time. Choose parallel it is usually more power efficient (this means: it is possible to turn off as many parts of a CPU as soon as possible and frequency scaling can be done when nothing is running).
A possible alternative is to use pgpool II, from the webpage:
- Automated failover. If one of the two PostgreSQL goes down, pgpool-II will automatically let remaining node take over and keep on providing database service to applications. - Query dispatching and load balancing. In streaming replication mode, applications need to carefully chose queries to be sent to standby node. Pgpool-II checks the query and automatically chose primary or standby node in sending queries. So applications need not to worry about it. - Online recovery. Recover failed node without stopping pgpool-II and PostgreSQL.
Obviously there are also commercial providers of PostgreSQL which have added their own features.
I've always had and still have "mixed feelings" about this.
There are 2 types of MitM attacks on SSL: - force a normal CA to create a certificate for a nation for a certain website on request, maybe even create a subCA so they can sign anything they like - a lot of nations have governmental organisations that have their own CA
If they use the last one, the one you probably meant, is detectable by a user (if properly instructed). gmail.com should obviously not be signed with a cert from CCNIC. If you really are a person which has something to hide from the government, you hopefully take the time to check (a few clicks).
I wouldn't be surprised if the US can force a CA to give them a subCA (with a name which doesn't stand out), is a lot harder to check.
The devices to handle the MitM attacks, which generate certs on the fly, already exist. There is even sslsniff for which the source code is available.
If you really don't want to be tracked, you need to: - disable javascript - disable cookies - disable the browsercache - remove all headers like Accept, User-Agent, Accept-Language, Accept-Encoding - disable all plugins (like flash) - use a different IP-address each time you connect to the same website
And if you've done all that, you'll be the only one who is doing that. Thus you can be tracked again;-)
I would think if your CA does not give you proper support. You might be better of switching CAs ? I'm surprised Microsoft doesn't give you support. I would expect them to do so if you open a ticket and pay them for it.
I guess you could also switch operating systems;-)
An other possibility is that you are getting infected with some malware, maybe ?
The biggest problem, at the moment DNSSEC does not work everywhere. There are many networks where the DNS-server does not support DNSSEC. There are DSL-routers and corporate firewalls that block large DNS-responses and DNSSEC-requests/-answers and "hotel-networks". Some operating systems like Windows XP don't have an API to request the signed DNS-responses.
However this convergence solution can use DNSSEC as a backend.
No application downloads the full CRL, with any CA on the default list has CRLs of 700MB or more.
However OCSP is used, but the default setting is to ignore OCSP if it can not be contacted. To prevent (D)DOS-attacks having a big impact as the OCSP obviously a single point of failure.
Obviously man-in-the-middle would drop the traffic to the OCSP.
The connection to the HTTPS site would take a little longer, but that is all.
Slashdot Mirror
I think you slashdot changed it's policy. You can't be logged in from different IP-addresses or browsers (haven't checked yet) at the same time.
Actually, I heared if you can do your computing in a short time in parallel or a long time. Choose parallel it is usually more power efficient (this means: it is possible to turn off as many parts of a CPU as soon as possible and frequency scaling can be done when nothing is running).
Linux Desktop might not be important, but Linux is big in the embedded world. And thus it is important.
Shouldn't this be really, really cool hardware instead if they are using liquid-helium and all that ?
After which the market collapses and a new financial crisis ensues.
The whole HFT thing is even more stupid, what is your point ?
ahh, ok.
And sorry for the terrible english above. I most have been really tired. :-(
The site does not redirect to the nl site in the US, just the Netherlands (where I am) or the whole of Europe I guess.
It is probably using a GeoIP or whatever database.
I'm kind of surprised that you mention parallel processing. In most tests I've seen PostgreSQL does add working with more cores than MySQL does.
A possible alternative is to use pgpool II, from the webpage:
- Automated failover. If one of the two PostgreSQL goes down, pgpool-II will automatically let remaining node take over and keep on providing database service to applications.
- Query dispatching and load balancing. In streaming replication mode, applications need to carefully chose queries to be sent to standby node. Pgpool-II checks the query and automatically chose primary or standby node in sending queries. So applications need not to worry about it.
- Online recovery. Recover failed node without stopping pgpool-II and PostgreSQL.
Obviously there are also commercial providers of PostgreSQL which have added their own features.
Speed is not important, latency is. And even more so are the current problems with buffers.
Here is a presentation on the subject:
http://www.youtube.com/watch?v=qbIozKVz73g
Here is the website which deals with the problem and is trying to fix any problems in Linux (drivers and TCP/IP stack):
http://www.bufferbloat.net/
Just an example, it can be used to get the cookies/login-information from all the customers.
I've always had and still have "mixed feelings" about this.
There are 2 types of MitM attacks on SSL:
- force a normal CA to create a certificate for a nation for a certain website on request, maybe even create a subCA so they can sign anything they like
- a lot of nations have governmental organisations that have their own CA
If they use the last one, the one you probably meant, is detectable by a user (if properly instructed). gmail.com should obviously not be signed with a cert from CCNIC. If you really are a person which has something to hide from the government, you hopefully take the time to check (a few clicks).
I wouldn't be surprised if the US can force a CA to give them a subCA (with a name which doesn't stand out), is a lot harder to check.
The devices to handle the MitM attacks, which generate certs on the fly, already exist. There is even sslsniff for which the source code is available.
The real problem is.
If you really don't want to be tracked, you need to:
- disable javascript
- disable cookies
- disable the browsercache
- remove all headers like Accept, User-Agent, Accept-Language, Accept-Encoding
- disable all plugins (like flash)
- use a different IP-address each time you connect to the same website
And if you've done all that, you'll be the only one who is doing that. Thus you can be tracked again ;-)
Good luck with that.
A number of countries have laws, so if it got known that a company is ignoring the Do Not Track, they will get fined.
A leak to wikileaks ? Or something, I don't know.
I would think if your CA does not give you proper support. You might be better of switching CAs ? I'm surprised Microsoft doesn't give you support. I would expect them to do so if you open a ticket and pay them for it.
I guess you could also switch operating systems ;-)
An other possibility is that you are getting infected with some malware, maybe ?
The privacy problem is solved by allowing notories to proxy the requests.
The biggest problem, at the moment DNSSEC does not work everywhere. There are many networks where the DNS-server does not support DNSSEC. There are DSL-routers and corporate firewalls that block large DNS-responses and DNSSEC-requests/-answers and "hotel-networks". Some operating systems like Windows XP don't have an API to request the signed DNS-responses.
However this convergence solution can use DNSSEC as a backend.
If you want to solve phishing and so on you use EV-certs (green bar). AFAIK you can't request them to be signed online, they manually check them.
No application downloads the full CRL, with any CA on the default list has CRLs of 700MB or more.
However OCSP is used, but the default setting is to ignore OCSP if it can not be contacted. To prevent (D)DOS-attacks having a big impact as the OCSP obviously a single point of failure.
Obviously man-in-the-middle would drop the traffic to the OCSP.
The connection to the HTTPS site would take a little longer, but that is all.
I guess you can also do the opposite, like check different blacklist databases.
If you think you need to hack a router to redirect traffic on the internet, then you are wrong.
As an example:
http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
This is a large version, it obviously happends frequently on a small scale.
There is a book on that subject called:
Code Reading: The Open Source Perspective: Open Source Perspective by Diomidis Spinellis
ISBN-10: 0201799405 | ISBN-13: 978-0201799408 | Publication Date: June 6, 2003
condoms and teachers that reminds me of:
http://xkcd.com/463/
I was thinking the same thing.