I don't know. It seems like if CloudFlare can legally slow down traffic of any arbitrary individual they don't like, legally, we've already lost the battle. They just haven't figured out how to properly monetize that ability yet.
I found this fake antifa manual circulating among US civil war / confederate history buffs in the days before Charlottesville. They are livid and eating up the red meat of each new outrage.
Someone went to a lot of work making that, and they fully understand right-wing paranoid fantasies. This is too much effort for so many pages of such poor satire. It's not designed to convert/convince but to incite latent fear and hate. If that isn't the Kremlin thumbing its nose at us, then it is someone who wants us to think it is Kremlin. The manual was posted to imgur about a week after Trump signed new sanctions.
We also see evidence of Russian incitement in the troll factory activity on twitter that is more easily linked to their networks.
The most useful idiots are Roger Stone, Alex Jones, Paul Joseph Watson and Mike Cernovich, who are all pushing the idea of a new civil war. We don't need help hating each other, but we are getting it. (Donald Trump is more than a useful idiot. Since he has the full briefings, we have to consider him overtly complicit in the campaign to incite political violence.)
We need to rewrite the rules for Poe's law. The Charlottesville corollary is that satire of fundamentalism provides cover for propaganda and false flag action. The most dangerous weapon in information warfare is one that we never see as a weapon.
Given that the antifa manual is a parody of leftist fundamentalism, it says something about the dangerous political divide that a segment of people can't tell the difference any more.
The network we built to survive nuclear war has been weaponized against us and DARPA is giving out grants now to study how its child turned into a killer.
Russia is trying to incite civil war and very few people see how. Their end game is not a glorious Trump presidency but a demoralized and ineffectual United States that no longer intrudes in their sphere of influence.
We're a nation of useful idiots now. Our partisan hatred makes us more willing believers in the alleged atrocities of our enemies. Credulity is vulnerability. Patriotism now requires skepticism of atrocities by political opponents and criticism of real misbehavior by our allies that feeds weaponized narratives.
When the crime is committed on the basis of victim's group identity, the other members of the group have reason to fear being targeted for the same reason and there are more victims. More victims = more punishment.
These laws are intended in part to prevent civil unrest (in the form of race riots) that can occur when one community perceives they are being targeted and law enforcement is not adequately protecting them. They (understandably) may take law into their own hands through mob violence and then we're in for full scale civil unrest (because mob justice is rarely so.... "just" and is more likely to create the same kind of racial hostility in return.
The motive matters because when that motive is animus towards a large group of people, the consequences of group-level retaliation are bad for all of society.
You want to have a license now to get the gear and get the experience / make the connections without being hassled by the FCC. After the fall you only need the gear, experience and connections.
It's probably too late for a new network in Libya.
Sooner or later the US government will weaken and fall as the economy tanks. I expect hyperinflation brought on by mid-east instability wreaking havoc on oil prices.
I recommend everyone get setup with amateur radio license and gear ASAP.
Solar panels or other off-grid power source will be worth major bonus points.
Earlier today Al Gore led an online Town Hall meeting with students about Math and Science called Connect a Million Minds. He came right out and blamed Britney Spears for the decline in U.S. STEM leadership.
This was a great idea in that he looked to the kids for the actual answers. The Vokel forum technology just didn't hold up well (which seemed to have about 1000 users at peak, and being sponsored by Time-Warner I figured would work better).
P.S. Speaking of crappy forum tech, why is it that Google Chrome just shits itself trying to post here at/.? Annoying enough I'm gonna just stop.
I picked up a new Samsung netbook recently and installed the Ubuntu Netbook Edition. I've been less than thrilled with it.
First- Windows 7 Starter sucks too. I'm not going back to it, and am not happy with either of them. My main complaint about Windows 7 Starter is the notion I have to pay Microsoft to use an external monitor or set my desktop background. I expect those to come in the stripped down OS and I'm absolutely unwilling to give MS one more cent. In fact, their policy on Windows 7 means my next game console will be a PS3 instead of an Xbox (and I'm tempted by Kinect, have owned several Xboxes and enjoyed them).
Ubuntu issues in the first two months of use:
* right click just stopped working. I have to click and hold left click to access those functions. I didn't mess with anything related to X, and kept things as default as possible. spent a fair bit of time googling without luck.
* nm-applet network manager just stopped working. all interfaces show "disabled" when I resume after suspending. then nm-applet disappears completely. I'm forced to use my crackberry browser to find a solution since I'm on the road. It was painful.
* update manager locks up all the time.
* Many applications put dialog controls out of sight on this tiny monitor. I can't directly fault Ubuntu for third-party apps, but it still seems like the OS ought to detect this condition and offer me some kind of workaround.
That's not all, but those are the biggest complaints that have me looking for an alternative.
It's *a* creation story in the Theravadan tradition. I'd defer back to my statement that there may have been an adoption of local myths in certain places.
It's like saying that something particular to Greek Orthodox Christianity is representative of all Christians. All Christian traditions I know of believe in the Genesis story (at least as allegorical if not literal truth), and so it can be considered canonical.
But I don't think you'd find Mahayana or Zen Buddhists professing the Vasettha story as theirs.
Still, to the OP's point, it would be a good one to include in a book on Creationism, as long as it is not being portrayed as *the* Buddhist creation story.
BTW, the current Dalai Lama is a great supporter of science:
“If science proves some belief of Buddhism wrong, then Buddhism will have to change. In my view, science and Buddhism share a search for the truth and for understanding reality. By learning from science about aspects of reality where its understanding may be more advanced, I believe that Buddhism enriches its own worldview.”
As long as they also include every other creation story. There should be text from scientology, islam, hinduism, buddhism, and thousands of other creation myths from all over the world, in a separate book called "Creationism".
AFAIK, Buddhism has no creation myth of its own. In some particular cultures it may have adopted the prevailing local myths as metaphors, much like the local gods and goddesses were adopted as representative of aspects of the human psyche.
Theologists debate whether Buddhism can even be considered a religion because there is no belief in god. It slides in when you widen the scope to include a "belief in salvation" which in the case of Buddhists, is enlightenment and nirvana (non-existence).
For my part, I've realized that after a lot of years camping and having to squat over a hole I dig, that at some point my knees simply won't let me do that any more. I've come to believe that maybe people die younger in parts of the world that lack sit down toilets and remember this quote by Charles Bukowski:
Sex is interesting, but it's not totally important. I mean it's not even as important (physically) as excretion. A man can go seventy years without a piece of ass, but he can die in a week without a bowel movement. - Charles Bukowski
Well, not the hostages part. But we lost a T1 circuit at a client site when burglars attempted to break into the Credit Union next door. Being wholly unclear of the purpose of an alarm circuit, they cut all the copper going into the business park. That didn't work out so great for them, since it cause an alarm that the police responded to.
That happens occasionally. My preferred solution (if they don't have a VPS) is to point their PHP app to forums.foo.com while leaving their.NET at www.foo.com (or vice versa).
So yes, I'd rather maintain two separate logins on two separate servers than install PHP on a windows server.
I'm sure it runs fine, I just don't want to deal with patching third-party apps on Windows. If there's a php vuln, it will be covered in an update with my linux package manager. If there's a.NET vuln, it will be covered (eventually) in a Windows Update.
It's all about scalability and consistency in the big picture.
Do they use Linux only? I only want Linux hosting, and mixed providers are always trying to push you over into Windows hosting because they're being incentivized to do so. I've been around and don't need to hear that pitch again.
Eh, that may be true in some cases. My employer provides hosting on linux and windows because some of our customers (who are also buying our bandwidth at their offices and want a single point of billing/support for all their Internet services) are developing.NET apps and want the native platform.
So, quite often the Windows is there simply to appease the customers who want it. We just as often go the other way. When customers ask us to install PHP on their windows host, we point them to the linux servers instead (as I have a rule about keeping technologies on their native platforms whenever possible).
She points out that not only are the human cells in our body outnumbered 10 to 1, but if we count DNA, the human DNA is outnumbered 100 to 1 (I suspect on account of mtDNA though she doesn't say that).
The market will not come up a solution for this, because it is the market that is doing it.
An interesting analogy here.... a couple nights ago I was driving on I-25 in Denver and noticed that there has been a proliferation of ultra-bright LED signs. These are clearly distractions at night (to the point of being almost blinding if you look directly at them).
So I resolved to punish the two businesses that I don't do business with to begin with, by remembering their names in case I should happen to find myself in their market. The first one I've identified is Coyote Motorsports. The other is a mattress company, but I'm not completely certain now that it is who I think it is, so I'll wait till I see it again to confirm.
Likewise I'll never buy insurance from GEICO because their airplane banner advertisements have become a noise nuisance over my apartment every weekend all summer long (circling over about every half hour or more all day long).
Wrong. You can setup an https port on any port you like. The 'https' just tells it to use the Secure HTTP protocol as opposed to the HTTP protocol. It'll still honor and work with ports other than 443. Just specify the port in the URL.
Yes, that is the entire purpose of the SRV concept. I am aware of how to configure apache and run SSL on alternate ports.
I stand by the belief that HTTPS virtual hosting on a single IP address is not a viable option for hosting providers, because there is no way to communicate alternate port numbers to every possible user on the Internet who might want to connect to it.
I get regular client requests asking me to map www.foo.com to 1.2.3.4:444
Then I have to explain to them why that doesn't work, and we go down the sales process of selling them a better firewall that can have more than one IP address assigned to it. Because the clients are unwilling to tell their clients "Our secure website is www.foo.com:444". And honestly, I can't blame them. I wouldn't accept that for my website.
what's stopping people from hosting http and https on the same ip?
Nothing. It is done all the time. The problem is hosting multiple https sites with different SSL certificates on the same IP.
Though in my experience at least 75% or more of that SSL is used to encrypt credit cards or other sensitive financial information, at which point security concerns should really dictate a dedicated platform anyway. With virtualization's rise there is a greater tendency in that direction now even when SSL isn't used.
Overall that means I'm seeing our shared web hosting products being split up, and consuming more IPs over time.
You're *deploying* behind NAT? Just get enough IPs to run your sites and stop being a cheapskate.
I administer roughly 32k IPs in about 40 aggregates that we advertise via BGP. I have customers who occasionally come to me with this kind of scenario, yes. Often that's an upgrade from a SOHO firewall to pfsense, since most of the SOHO stuff can't handle more than one IP (note: I'm pointing out now how we benefit financially by selling more services with the existing HTTPS limitations, even as I'm arguing they are wasteful of the larger shared IPv4 resources).
As a service provider, I dislike having to provision a unique IP for each SSL website we host, because it is wasteful (though, again, profitable too). It could have been done with SRV records, but that wasn't an option until Feb 2000.
I'm a year older than the Internet. Hopefully we'll get to IPv6 before I hit retirement. I'm not holding my breath.
How would it allow named virtual hosts? The only thing you have at the network layer is the IP address that the message was sent to, that's why HTTPS virtual hosts is difficult to implement.
When a client makes an initial HTTPS request, there is a high likelihood that they want to submit confidential information. Therefore the browser and server perform an SSL handshake so that the initial client's first GET/POST/WHATEVER is encrypted.
Virtual hosting requires looking at the client-supplied host header value in that GET/POST. In order to return the right SSL certificate we need that host header value to determine which site's cert to serve. But we can't get at that host header value until the SSL negotiation has completed. So virtual hosting for HTTPS on a single IP is simply not possible at present due to this catch-22.
With the idea of SRV records for port values, virtual hosting for HTTPS becomes possible. I simply map each new site's certificate to a new port number. When the client makes a connection, we already know in advance what certificate they are looking for because only one is bound to each specific port.
Under the current schema, we need a discrete IP address per SSL certificate in order to avoid this problem, but with SRV's, we can use a port number to hold the same mapping, without requiring the client to put in:port (which would work today for virtual HTTPS hosting if we could get everyone in the world to somehow know in advance what port number they want).
I suppose a variant of this is possible today. Imagine I have a storefront at foo.com. A client enters store and puts stuff in their cart. They never enter my store by typing HTTPS in their browser. My site could hardcode the link to https://www.foo.com:444/ inside the "Checkout" link, and I could have many other SSL hosts all sharing the same IP in that manner. I can understand why web hosts and their clients wouldn't really like this idea. But the SRV method would be elegant enough to be adopted, IMHO.
Just because a capability exists doesn't mean it must be used. I put up ad-hoc testing servers every day. I address them by IP address, and optionally, port. Giving me the flexibility to use SRV records for port information like SIP does would be a very nice thing for deployment. It wouldn't change how I actually test in the slightest. I'd still go to http://192.168.1.2:81/ for testing, and then later if this ad-hoc server needs to go live and I have a single NAT IP with port 80 already spoken for, I'd be able to easily host multiple web servers without requiring the end-users to type in the:port on every URL.
I don't expect to see this changed, but it is still a nice idea that could conserve a large amount of IP addresses currently wasted on SSL website hosting.
Slashdot Mirror
I don't know. It seems like if CloudFlare can legally slow down traffic of any arbitrary individual they don't like, legally, we've already lost the battle. They just haven't figured out how to properly monetize that ability yet.
I found this fake antifa manual circulating among US civil war / confederate history buffs in the days before Charlottesville. They are livid and eating up the red meat of each new outrage.
http://imgur.com/gallery/BcZOg?
Someone went to a lot of work making that, and they fully understand right-wing paranoid fantasies. This is too much effort for so many pages of such poor satire. It's not designed to convert/convince but to incite latent fear and hate. If that isn't the Kremlin thumbing its nose at us, then it is someone who wants us to think it is Kremlin. The manual was posted to imgur about a week after Trump signed new sanctions.
We also see evidence of Russian incitement in the troll factory activity on twitter that is more easily linked to their networks.
https://www.dailykos.com/stori...
The most useful idiots are Roger Stone, Alex Jones, Paul Joseph Watson and Mike Cernovich, who are all pushing the idea of a new civil war. We don't need help hating each other, but we are getting it. (Donald Trump is more than a useful idiot. Since he has the full briefings, we have to consider him overtly complicit in the campaign to incite political violence.)
We need to rewrite the rules for Poe's law. The Charlottesville corollary is that satire of fundamentalism provides cover for propaganda and false flag action. The most dangerous weapon in information warfare is one that we never see as a weapon.
Given that the antifa manual is a parody of leftist fundamentalism, it says something about the dangerous political divide that a segment of people can't tell the difference any more.
The network we built to survive nuclear war has been weaponized against us and DARPA is giving out grants now to study how its child turned into a killer.
https://www.bloomberg.com/news...
Russia is trying to incite civil war and very few people see how. Their end game is not a glorious Trump presidency but a demoralized and ineffectual United States that no longer intrudes in their sphere of influence.
We're a nation of useful idiots now. Our partisan hatred makes us more willing believers in the alleged atrocities of our enemies. Credulity is vulnerability. Patriotism now requires skepticism of atrocities by political opponents and criticism of real misbehavior by our allies that feeds weaponized narratives.
When the crime is committed on the basis of victim's group identity, the other members of the group have reason to fear being targeted for the same reason and there are more victims. More victims = more punishment.
These laws are intended in part to prevent civil unrest (in the form of race riots) that can occur when one community perceives they are being targeted and law enforcement is not adequately protecting them. They (understandably) may take law into their own hands through mob violence and then we're in for full scale civil unrest (because mob justice is rarely so.... "just" and is more likely to create the same kind of racial hostility in return.
The motive matters because when that motive is animus towards a large group of people, the consequences of group-level retaliation are bad for all of society.
Triggering apoptosis in infected cells ftw
You want to have a license now to get the gear and get the experience / make the connections without being hassled by the FCC. After the fall you only need the gear, experience and connections.
It's probably too late for a new network in Libya.
Sooner or later the US government will weaken and fall as the economy tanks. I expect hyperinflation brought on by mid-east instability wreaking havoc on oil prices.
I recommend everyone get setup with amateur radio license and gear ASAP.
Solar panels or other off-grid power source will be worth major bonus points.
Once again, the DoJ is found to be involved in shady dealings involving software to track and correlate people.
http://www.wired.com/wired/archive/1.01/inslaw.html
Earlier today Al Gore led an online Town Hall meeting with students about Math and Science called Connect a Million Minds. He came right out and blamed Britney Spears for the decline in U.S. STEM leadership.
This was a great idea in that he looked to the kids for the actual answers. The Vokel forum technology just didn't hold up well (which seemed to have about 1000 users at peak, and being sponsored by Time-Warner I figured would work better).
P.S. Speaking of crappy forum tech, why is it that Google Chrome just shits itself trying to post here at /.? Annoying enough I'm gonna just stop.
I picked up a new Samsung netbook recently and installed the Ubuntu Netbook Edition. I've been less than thrilled with it.
First- Windows 7 Starter sucks too. I'm not going back to it, and am not happy with either of them. My main complaint about Windows 7 Starter is the notion I have to pay Microsoft to use an external monitor or set my desktop background. I expect those to come in the stripped down OS and I'm absolutely unwilling to give MS one more cent. In fact, their policy on Windows 7 means my next game console will be a PS3 instead of an Xbox (and I'm tempted by Kinect, have owned several Xboxes and enjoyed them).
Ubuntu issues in the first two months of use:
* right click just stopped working. I have to click and hold left click to access those functions. I didn't mess with anything related to X, and kept things as default as possible. spent a fair bit of time googling without luck.
* nm-applet network manager just stopped working. all interfaces show "disabled" when I resume after suspending. then nm-applet disappears completely. I'm forced to use my crackberry browser to find a solution since I'm on the road. It was painful.
* update manager locks up all the time.
* Many applications put dialog controls out of sight on this tiny monitor. I can't directly fault Ubuntu for third-party apps, but it still seems like the OS ought to detect this condition and offer me some kind of workaround.
That's not all, but those are the biggest complaints that have me looking for an alternative.
It's *a* creation story in the Theravadan tradition. I'd defer back to my statement that there may have been an adoption of local myths in certain places.
It's like saying that something particular to Greek Orthodox Christianity is representative of all Christians. All Christian traditions I know of believe in the Genesis story (at least as allegorical if not literal truth), and so it can be considered canonical.
But I don't think you'd find Mahayana or Zen Buddhists professing the Vasettha story as theirs.
Still, to the OP's point, it would be a good one to include in a book on Creationism, as long as it is not being portrayed as *the* Buddhist creation story.
BTW, the current Dalai Lama is a great supporter of science:
“If science proves some belief of Buddhism wrong, then Buddhism will have to change. In my view, science and Buddhism share a search for the truth and for understanding reality. By learning from science about aspects of reality where its understanding may be more advanced, I believe that Buddhism enriches its own worldview.”
As long as they also include every other creation story. There should be text from scientology, islam, hinduism, buddhism, and thousands of other creation myths from all over the world, in a separate book called "Creationism".
AFAIK, Buddhism has no creation myth of its own. In some particular cultures it may have adopted the prevailing local myths as metaphors, much like the local gods and goddesses were adopted as representative of aspects of the human psyche.
Theologists debate whether Buddhism can even be considered a religion because there is no belief in god. It slides in when you widen the scope to include a "belief in salvation" which in the case of Buddhists, is enlightenment and nirvana (non-existence).
Some people believe that toilets don't allow for complete elimination and are the source of a lot of colon cancer.
For my part, I've realized that after a lot of years camping and having to squat over a hole I dig, that at some point my knees simply won't let me do that any more. I've come to believe that maybe people die younger in parts of the world that lack sit down toilets and remember this quote by Charles Bukowski:
Sex is interesting, but it's not totally important. I mean it's not even as important (physically) as excretion. A man can go seventy years without a piece of ass, but he can die in a week without a bowel movement.
- Charles Bukowski
If you want to save the world, you have to make it more profitable to save it than destroy it.
Here's my obligatory plug for The Rocky Mountain Institute which is focused on the business case for sustainability in recognition of this truth.
Well, not the hostages part. But we lost a T1 circuit at a client site when burglars attempted to break into the Credit Union next door. Being wholly unclear of the purpose of an alarm circuit, they cut all the copper going into the business park. That didn't work out so great for them, since it cause an alarm that the police responded to.
That happens occasionally. My preferred solution (if they don't have a VPS) is to point their PHP app to forums.foo.com while leaving their .NET at www.foo.com (or vice versa).
So yes, I'd rather maintain two separate logins on two separate servers than install PHP on a windows server.
I'm sure it runs fine, I just don't want to deal with patching third-party apps on Windows. If there's a php vuln, it will be covered in an update with my linux package manager. If there's a .NET vuln, it will be covered (eventually) in a Windows Update.
It's all about scalability and consistency in the big picture.
Do they use Linux only? I only want Linux hosting, and mixed providers are always trying to push you over into Windows hosting because they're being incentivized to do so. I've been around and don't need to hear that pitch again.
Eh, that may be true in some cases. My employer provides hosting on linux and windows because some of our customers (who are also buying our bandwidth at their offices and want a single point of billing/support for all their Internet services) are developing .NET apps and want the native platform.
So, quite often the Windows is there simply to appease the customers who want it. We just as often go the other way. When customers ask us to install PHP on their windows host, we point them to the linux servers instead (as I have a rule about keeping technologies on their native platforms whenever possible).
Back in the 80s I recall reading an article in OMNI that debunked many of the popular sci-fi myths. Among the notable points:
* Invisibility implies blindness since your retinas wouldn't absorb any light.
* Time travel without space travel would suck too, since you'd most likely re-materialize in empty space.
* Giant insects will collapse under the own weight.
This is a good place to recommend Bonnie Bassler's talk at TED.
She points out that not only are the human cells in our body outnumbered 10 to 1, but if we count DNA, the human DNA is outnumbered 100 to 1 (I suspect on account of mtDNA though she doesn't say that).
The market will not come up a solution for this, because it is the market that is doing it.
An interesting analogy here.... a couple nights ago I was driving on I-25 in Denver and noticed that there has been a proliferation of ultra-bright LED signs. These are clearly distractions at night (to the point of being almost blinding if you look directly at them).
So I resolved to punish the two businesses that I don't do business with to begin with, by remembering their names in case I should happen to find myself in their market. The first one I've identified is Coyote Motorsports. The other is a mattress company, but I'm not completely certain now that it is who I think it is, so I'll wait till I see it again to confirm.
Likewise I'll never buy insurance from GEICO because their airplane banner advertisements have become a noise nuisance over my apartment every weekend all summer long (circling over about every half hour or more all day long).
Wrong. You can setup an https port on any port you like. The 'https' just tells it to use the Secure HTTP protocol as opposed to the HTTP protocol. It'll still honor and work with ports other than 443. Just specify the port in the URL.
Yes, that is the entire purpose of the SRV concept. I am aware of how to configure apache and run SSL on alternate ports.
I stand by the belief that HTTPS virtual hosting on a single IP address is not a viable option for hosting providers, because there is no way to communicate alternate port numbers to every possible user on the Internet who might want to connect to it.
I get regular client requests asking me to map www.foo.com to 1.2.3.4:444
Then I have to explain to them why that doesn't work, and we go down the sales process of selling them a better firewall that can have more than one IP address assigned to it. Because the clients are unwilling to tell their clients "Our secure website is www.foo.com:444". And honestly, I can't blame them. I wouldn't accept that for my website.
what's stopping people from hosting http and https on the same ip?
Nothing. It is done all the time. The problem is hosting multiple https sites with different SSL certificates on the same IP.
Though in my experience at least 75% or more of that SSL is used to encrypt credit cards or other sensitive financial information, at which point security concerns should really dictate a dedicated platform anyway. With virtualization's rise there is a greater tendency in that direction now even when SSL isn't used.
Overall that means I'm seeing our shared web hosting products being split up, and consuming more IPs over time.
You're *deploying* behind NAT? Just get enough IPs to run your sites and stop being a cheapskate.
I administer roughly 32k IPs in about 40 aggregates that we advertise via BGP. I have customers who occasionally come to me with this kind of scenario, yes. Often that's an upgrade from a SOHO firewall to pfsense, since most of the SOHO stuff can't handle more than one IP (note: I'm pointing out now how we benefit financially by selling more services with the existing HTTPS limitations, even as I'm arguing they are wasteful of the larger shared IPv4 resources).
As a service provider, I dislike having to provision a unique IP for each SSL website we host, because it is wasteful (though, again, profitable too). It could have been done with SRV records, but that wasn't an option until Feb 2000.
I'm a year older than the Internet. Hopefully we'll get to IPv6 before I hit retirement. I'm not holding my breath.
How would it allow named virtual hosts? The only thing you have at the network layer is the IP address that the message was sent to, that's why HTTPS virtual hosts is difficult to implement.
When a client makes an initial HTTPS request, there is a high likelihood that they want to submit confidential information. Therefore the browser and server perform an SSL handshake so that the initial client's first GET/POST/WHATEVER is encrypted.
Virtual hosting requires looking at the client-supplied host header value in that GET/POST. In order to return the right SSL certificate we need that host header value to determine which site's cert to serve. But we can't get at that host header value until the SSL negotiation has completed. So virtual hosting for HTTPS on a single IP is simply not possible at present due to this catch-22.
With the idea of SRV records for port values, virtual hosting for HTTPS becomes possible. I simply map each new site's certificate to a new port number. When the client makes a connection, we already know in advance what certificate they are looking for because only one is bound to each specific port.
Under the current schema, we need a discrete IP address per SSL certificate in order to avoid this problem, but with SRV's, we can use a port number to hold the same mapping, without requiring the client to put in :port (which would work today for virtual HTTPS hosting if we could get everyone in the world to somehow know in advance what port number they want).
I suppose a variant of this is possible today. Imagine I have a storefront at foo.com. A client enters store and puts stuff in their cart. They never enter my store by typing HTTPS in their browser. My site could hardcode the link to https://www.foo.com:444/ inside the "Checkout" link, and I could have many other SSL hosts all sharing the same IP in that manner. I can understand why web hosts and their clients wouldn't really like this idea. But the SRV method would be elegant enough to be adopted, IMHO.
Not sure why your post is modded insightful.
Just because a capability exists doesn't mean it must be used. I put up ad-hoc testing servers every day. I address them by IP address, and optionally, port. Giving me the flexibility to use SRV records for port information like SIP does would be a very nice thing for deployment. It wouldn't change how I actually test in the slightest. I'd still go to http://192.168.1.2:81/ for testing, and then later if this ad-hoc server needs to go live and I have a single NAT IP with port 80 already spoken for, I'd be able to easily host multiple web servers without requiring the end-users to type in the :port on every URL.
I don't expect to see this changed, but it is still a nice idea that could conserve a large amount of IP addresses currently wasted on SSL website hosting.