The design by Intel was supposed to be something at least Intel could check if Intel built the CPU's correctly, so they could have an extra layer of certainty.
But a white hack hacker came up with a way to produce the RNG/CPU in such a way to fool the inspection methods.
Thus Intel can't as easily check if what they are producing is actually correct.
Google, Microsoft and Facebook also built their own servers, they aren't selling them.
These are servers built for specific (set of) tasks.
I would rather see them join the open compute project (where you already have some of the designs from companies like Facebook and Microsoft): http://www.opencompute.org/
Obviously, they could do both. But selling open source hardware that would be weird for Apple, I think ?
Anyway, other companies do sell hardware from opencompute designs.
I understand your point now. But that's a lot of trouble to go through and it would take a lot of requests to identify a single user. There are much easier and more stealthier ways to do that.
Obviously at first visit the CA-system still applies, so the certificate was/were issued based on some verification process. So that is a form of out-of-band communication channel. It's the most used channel on the Internet right now. This is just an improvement.
What a lot of attackers want to prevent is detection and with this system in place, the risk of detection also becomes much higher.
Anyway, you can also get your site added to the lists that are included in browsers. Chrome and Firefox use that too (obviously in case something breaks it's much harder to change them): https://src.chromium.org/viewv...
I agree DANE/TLSA is a great solution. But it will take time to before most (if not all) networks at least don't break DNSSEC.
Andrew was forced to do it, because nobody else in the world had the same problem. Australia is just that bad.
Here is an old talk from him: "So the core of rsync is this algorithm that I call the rsync algorithm. And it solves this problem, the remote update problem. Now the remote update problem is basically: you have two computers connected by a very high latency, very low bandwidth link... a typical Internet link, at least if you're in Australia. So, a piece of wet string, a really pathetic link... and you've got two files."
- HTTP/2 using HTTPS is faster than HTTP/1.x without HTTPS and it's getting easier to deploy it. For example by using the H2O webserver ( https://h2o.examp1e.net/ ) as a proxy, it comes with built in SSL/TLS library for easier deployment and support for replicating sessions.
HTTPS itself is becoming easier to deploy and manage:
- HTTPS doesn't need a dedicated IP-address any more (older browsers/operating systems had problems with the HTTPS equivalent of 'virtual hosts'): https://en.wikipedia.org/wiki/...
- certificates are available for free with an automatic request and renewal system. So no more messing around, you can automate it. -> with Let's encrypt Beta: https://letsencrypt.org/ and for example with acmetool: https://hlandau.github.io/acme....
There are finally ways to fight the silly CA-system, not completely, but things are improving.
For regular visitors on a site you can add headers which will prevent an other CA issuing a rogue certificate for your site. https://developer.mozilla.org/...
They are probably using deep packet inspection and some configuration recipe provided by the manufacturer. It will probably take them a couple of years to figure out they can block on the SNI.
1. energy costs are different in different regions, I think what he means is: he is in a region where energy isn't cheap enough 2. some people still mine it when at a slight loss, because they expect the price to go up
Slashdot Mirror
Pretty sure they can do it:
http://blog.trailofbits.com/20...
"Same thing with illegal immigrants. Trump never said 'All illegal immigrants are murderers, rapists and drug dealers'. "
He said: some are good people.
Some in my book means: not many.
So basically he said: they are almost all bad people.
If I remember correctly:
The design by Intel was supposed to be something at least Intel could check if Intel built the CPU's correctly, so they could have an extra layer of certainty.
But a white hack hacker came up with a way to produce the RNG/CPU in such a way to fool the inspection methods.
Thus Intel can't as easily check if what they are producing is actually correct.
I doubt it.
Google, Microsoft and Facebook also built their own servers, they aren't selling them.
These are servers built for specific (set of) tasks.
I would rather see them join the open compute project (where you already have some of the designs from companies like Facebook and Microsoft):
http://www.opencompute.org/
Obviously, they could do both. But selling open source hardware that would be weird for Apple, I think ?
Anyway, other companies do sell hardware from opencompute designs.
I understand your point now. But that's a lot of trouble to go through and it would take a lot of requests to identify a single user. There are much easier and more stealthier ways to do that.
How are they cookies ? How does the server learn what the client/browser knows ?
The client/browser doesn't send what the it knows to the server and AFAIK there is no Javascript API or similar to check it from within the page.
Obviously at first visit the CA-system still applies, so the certificate was/were issued based on some verification process. So that is a form of out-of-band communication channel. It's the most used channel on the Internet right now. This is just an improvement.
What a lot of attackers want to prevent is detection and with this system in place, the risk of detection also becomes much higher.
Anyway, you can also get your site added to the lists that are included in browsers. Chrome and Firefox use that too (obviously in case something breaks it's much harder to change them): https://src.chromium.org/viewv...
I agree DANE/TLSA is a great solution. But it will take time to before most (if not all) networks at least don't break DNSSEC.
Andrew was forced to do it, because nobody else in the world had the same problem. Australia is just that bad.
Here is an old talk from him:
"So the core of rsync is this algorithm that I call the rsync algorithm. And it solves this problem, the remote update problem. Now the remote update problem is basically: you have two computers connected by a very high latency, very low bandwidth link... a typical Internet link, at least if you're in Australia. So, a piece of wet string, a really pathetic link... and you've got two files."
http://olstrans.sourceforge.ne...
If you prefer to hear him talk about rsync instead of reading, there are recordings of that talk as well. I'm sure you can search for it.
You know what is good about HTTPS these days:
- HTTP/2 using HTTPS is faster than HTTP/1.x without HTTPS and it's getting easier to deploy it. For example by using the H2O webserver ( https://h2o.examp1e.net/ ) as a proxy, it comes with built in SSL/TLS library for easier deployment and support for replicating sessions.
HTTPS itself is becoming easier to deploy and manage:
- HTTPS doesn't need a dedicated IP-address any more (older browsers/operating systems had problems with the HTTPS equivalent of 'virtual hosts'):
https://en.wikipedia.org/wiki/...
- certificates are available for free with an automatic request and renewal system. So no more messing around, you can automate it. -> with Let's encrypt Beta: https://letsencrypt.org/ and for example with acmetool: https://hlandau.github.io/acme....
There are finally ways to fight the silly CA-system, not completely, but things are improving.
For regular visitors on a site you can add headers which will prevent an other CA issuing a rogue certificate for your site.
https://developer.mozilla.org/...
If the US won't stop meddling in other countries business then I can keep blaming them for these kinds of things.
Yep, that was what I meant.
They are probably using deep packet inspection and some configuration recipe provided by the manufacturer. It will probably take them a couple of years to figure out they can block on the SNI.
Islam ? You mean funny way to spell: US of A.
Luckily I'm from Europe, I don't remember any problems with law here.
We'll have to see if cryptocurrencies will be different. Wouldn't be surprised if some laws will be applied at some point.
Judging by how Bitcoin is doing right now, maybe it will be other cryptocurrencies and not Bitcoin.
But definitely I see blockchain technology, even if only at the backend of the banking system.
That would have been a more clear question.
The banks will not be doing Bitcoin, they are staying as far away from that as possible.
They'll adopt blockchain technology all right, but I'm not so sure they'll adopt a new currency. Maybe some kind of coin only used between banks.
Storing money at an exchange, yeah, that seems like an awesome idea.... (mt gox)
1. energy costs are different in different regions, I think what he means is: he is in a region where energy isn't cheap enough
2. some people still mine it when at a slight loss, because they expect the price to go up
That is stupid, the Internet wouldn't be in such wide spread use if it was patented.
Dash seems like a pretty good implementation of coin-join, directly build into the coin.
I think it not only happens when they don't have money to spend, but also when they don't want to spend.
No just means you are early after the comment was posted, the moderators aren't magic. It's at 4 now.
Dash (an alt-coin/other cryptocurrency) also has an instant send built into it.
The Internet was associated with porn at first too, still it got used by everyone many years later.