Class-1 does not show the "Super secure secret key" icons with organization name because they are only email-verified, and you must used a personal name, but for small personal "hobby" websites they are still a lot better than a self signed certificate.
Class-2 certs are what supposedly need "verified", and show all the high security flags. In practice however this verification is typically lacking depending on which cert authority you go with.
As we all know, the chain of trust method currently in place has lots of problems, especially so with how self-signed certificates are handled in most web browsers. It is quite pitiful how a non-SSL website is shown as more secure than a self-signed certificate:/
They really need to change that, showing non-SSL as the bottom level, with self-signed certs one step above as "encrypted but not verified or authenticated with anyone", and then the class level certs above that. I suspect however this is due to pressure from the certificate authorities themselves, and since money is involved it will not be changed any time soon.
I'm still not sure. For something as complex as both of us, a single gene being able to toggle between humans and apes sounds a bit simple.
Well yea, that's because you didn't read the article, and are ignoring all the many other genes that have been changed in the last 1-6 million years after this one first gene was changed.
I seriously doubt any of the big zero-day sellers (or buyers for that matter) would be interested in an "exploit" where you use java script to change the *status bar* (Not address bar) to spoof what URL a link actually goes to.
Yes, that really is what this person considers an exploit, and he has never discovered nor shown he understands anything more complex than that:P
They do. The problem is that is a lot of waste, which does not scale well.
With 1000 nodes, triple redundancy means only ~333 nodes are producing results. In a couple years, we will be up to 10000 nodes, meaning over 6000 nodes are not producing results. In a few more years we will be up to 100,000 nodes, meaning 60,000 nodes are not producing results.
Those 60000 nodes are using a lot of resources (power, cooling, not to mention cost) and the issue is they need to develop and implement better methods to do this.
Hell, I've used the internet since that meant using Mosaic, and worked in IT for over 15 years, and I have not ever gone to a ".int" domain knowingly (though I've probably hit one or two through Google searches and didn't notice).
I've been using the Internet since before the "world wide web" even existed, and I recall attempting to register a personal domain under.int, as well as under.aq (Antarctica)
I really wish I had my mail spools from back then, because those two registrars (aka the guy in charge of the top level, back then) had the most polite, curious, and long winded emails telling me to basically fuck off;} But at least they replied, unlike those impolite.edu people:P
As a/20 holder, I can still show up on IRC under.arpa though!:D
They're duty is to give children the education their parents WANT - never the other way around.
Actually their duty is to provide children with the education that society wants, not the parents. This is why a basic level of education is required by law, because without it not only is that individual harmed, but more so because society is harmed. Any additional education beyond high school is not required (and in fact can be quite expensive to obtain!) This is also why society deemed it essential to even pay for this basic level of education, by using tax dollars to provide it.
Even home schooling is not exempt from this, although is a lot closer to it. Home schooling still requires a basic level of education that society wants, in addition to the education the parents may also want. If a home schooled child is not given that basic level of education, it is not much different from simply refusing to send your child to school at all. Society even removes children from parents who refuse to provide this basic level of education, deeming it causing harm to the child as well as society.
Releasing a bunch of new young adults into society who can not read, write, or do basic math for example would be a huge drain on society, would not be productive in any form, and would cost the rest of us more money to support them since they would be incapable of doing so themselves.
Seriously? You are suggesting we leave passwords laying around in plain text in batch files, and go back to telnet???
Your method is only better in one single way. There is no worrying that you are the 0.0001% that did it wrong and are vulnerable. With your way, you KNOW you are already exploited!
Would like to see someone get prosecuted over this.
I agree. I here by claim you have sold your vote to a corporation, which is a felony. I present the evidence of your crime as a picture of your voting results, and it is now up to you to prove you did not do so, despite the damning evidence that you did. Why else have a picture of your vote if not to sell it? Good luck proving a negative.
You'll be going to PMITA prison for many a decade for your crime of selling votes. I hope you're happy about your request to be prosecuted!
What? I'm using Java applications for several years, but I've never ever seen nor Ask Toolbar nor anything else "extra" in JRE security updates.
Then you may want to go back to all those vulnerable systems you deployed which clearly have NEVER had a Java update of any kind installed to them in the past 4 years...
Had he gone down to the local store and physically stolen the 10 DVDs, he would have gotten a $150 fine and banned from the one store (For a year or two, until it changed ownership)
It really sucks that the store owner would have been out the money they paid for those DVDs, and doesn't at all deserve that. But clearly when we go about not depriving anyone of anything the fines are in the multiple millions of dollars, yet depriving someone of property will be in the three digit range.
The publishers want to be able to charge Google to compensate them for ad revenue losses.
Two can play at that game. I want all French publishers to compensate ME for lost ad revenue too.
After all, I put up a crappy news website with ads too, but all my readers seem to be going to the major publishers websites instead (stolen from me most likely).
These publishers are admitting they are at fault for my lack of ad revenue, and I am rightfully entitled to a share of all of their profits! I'm so glad to hear them admit they owe me billions upon billions of dollars. I'll be awaiting my check publishers!
Grandpa still has his tubes from his tv repair days. They are doubtlessly worth thousands. But, no one will pay fair value for them in bulk
When I happened to have a few hundred old tubes, I hand crafted a few chess sets out of them, most given away as gifts. As I recall not a single person I gifted them to failed to mention how I should be selling them and getting rich instead (ha!)
It at least might be an idea if you had some spare time kicking around for a new hobby, for you and/or for Grandpa!
Given the low cost of renting a virtual or physical host machine these days it seems there's little reason to bother with shared hosting
About the only reason I can see is if that is literally the only thing you need: A single small and simple website where every file is public.
If every last html and image file is available through the web-server, then it's not exactly a big security risk for others to directly access the files instead of getting them through the web server.
This only holds true if everything should be public of course. A single hidden URL or private section (or any form of restriction or control at all) would render this plan moot.
If you need any form of controls at all, or more than one simple website, a VPS really is a better and cheaper solution in the long term.
This excludes Debian, Ubuntu, Fedora, Gentoo, etc.
Wow, do they really exclude the base Debian distro? I can completely understand all the others (Except Gentoo*), as they do include non-free drivers and even software in the default install. (* I only exclude Gentoo due to my unfamiliarity, but not disagreeing.)
Debian does of course maintain three separate repositories. "Free" which is the base and default, which they assure is only software with free licenses. The other two, "Contrib" and "Non-Free" must be added in manually, and is where they put software with more restrictive licenses.
Is it the fact these repos can be added at all? Does Debian now include non-free drivers or kernel modules in the base I'm unaware of?
Obviously I don't mind running software that isn't 100% free, and do add in all three repos right after an install, so likely take such things for granted. But I always thought Debian went out of their way to keep the base install completely free, while at the same time giving you the freedom to choose the level of free-ness your particular install(s) are.
Compared to the distro mentioned in this story, which restricts your freedom to choose less free software such as Flash, Java, and likely others, I would say Debian is actually more free than the FSF's apparent standards.
So you just spent three sentences claiming yogurt will cure c.difficile, arguing the parents point is incorrect. Then your final sentence claims yogurt will NOT cure c.difficile, echoing exactly the parents point.
Your first three sentences also link in with the parent being wrong as you claim homeopathic remedies are somehow scientific and do work, since that was that posts entire point...
Also no one at all in this thread claimed yogurt was homeopathic, that was just something you made up (likely on purpose) to try and argue against it.
What _exactly_ are you trying to say again? (Other than everything, and contradicting everythings to boot?)
How can it be that "Human activity triggered an earthquake" when a quake "would likely have occurred at some point in the area" ?
Would a car example help?
Say you fill up your tank, and a full tank will get you roughly 150 miles of driving. It is a fact that your car will run out of fuel after roughly 150 miles of driving.
If I come along and siphon out most of your fuel, say to put into my car, then you will run out of fuel after driving only a few miles instead.
On the one hand, you are claiming it is OK that I stole your fuel, since you would have run out of fuel without my "help" anyways. The rest of us are claiming I can not use that as a legit excuse for stealing your fuel, since you would have been able to drive further had I not taken any fuel, despite the fact you will run out of fuel either way.
Because it's impossible for one to drive a friend or family member to the hospital, knowing said friend or family member was unable to drive themselves?
If your wife or mother or best friend was hit by a truck and taken to the ER, you would tell them to fuck off then because you refuse to be in an ER?
Perhaps someone he knew was in an accident and taken to the ER, and he was there waiting on them to get out.
Your assumptions are sicking, and you should be ashamed of accusing someone of suck bullshit without knowing a single detail of the situation.
Slashdot Mirror
Free Class-1 SSL certificates are available from StartSSL
https://www.startssl.com/
Class-1 does not show the "Super secure secret key" icons with organization name because they are only email-verified, and you must used a personal name, but for small personal "hobby" websites they are still a lot better than a self signed certificate.
Class-2 certs are what supposedly need "verified", and show all the high security flags.
In practice however this verification is typically lacking depending on which cert authority you go with.
As we all know, the chain of trust method currently in place has lots of problems, especially so with how self-signed certificates are handled in most web browsers. :/
It is quite pitiful how a non-SSL website is shown as more secure than a self-signed certificate
They really need to change that, showing non-SSL as the bottom level, with self-signed certs one step above as "encrypted but not verified or authenticated with anyone", and then the class level certs above that. I suspect however this is due to pressure from the certificate authorities themselves, and since money is involved it will not be changed any time soon.
I'm still not sure. For something as complex as both of us, a single gene being able to toggle between humans and apes sounds a bit simple.
Well yea, that's because you didn't read the article, and are ignoring all the many other genes that have been changed in the last 1-6 million years after this one first gene was changed.
I seriously doubt any of the big zero-day sellers (or buyers for that matter) would be interested in an "exploit" where you use java script to change the *status bar* (Not address bar) to spoof what URL a link actually goes to.
Yes, that really is what this person considers an exploit, and he has never discovered nor shown he understands anything more complex than that :P
They do. The problem is that is a lot of waste, which does not scale well.
With 1000 nodes, triple redundancy means only ~333 nodes are producing results.
In a couple years, we will be up to 10000 nodes, meaning over 6000 nodes are not producing results.
In a few more years we will be up to 100,000 nodes, meaning 60,000 nodes are not producing results.
Those 60000 nodes are using a lot of resources (power, cooling, not to mention cost) and the issue is they need to develop and implement better methods to do this.
Pre-warning: this post is pointless
Hell, I've used the internet since that meant using Mosaic, and worked in IT for over 15 years, and I have not ever gone to a ".int" domain knowingly (though I've probably hit one or two through Google searches and didn't notice).
I've been using the Internet since before the "world wide web" even existed, and I recall attempting to register a personal domain under .int, as well as under .aq (Antarctica)
I really wish I had my mail spools from back then, because those two registrars (aka the guy in charge of the top level, back then) had the most polite, curious, and long winded emails telling me to basically fuck off ;} .edu people :P
But at least they replied, unlike those impolite
As a /20 holder, I can still show up on IRC under .arpa though! :D
Very good post by the way!
I just wanted to point out one minor correction:
They're duty is to give children the education their parents WANT - never the other way around.
Actually their duty is to provide children with the education that society wants, not the parents.
This is why a basic level of education is required by law, because without it not only is that individual harmed, but more so because society is harmed. Any additional education beyond high school is not required (and in fact can be quite expensive to obtain!)
This is also why society deemed it essential to even pay for this basic level of education, by using tax dollars to provide it.
Even home schooling is not exempt from this, although is a lot closer to it.
Home schooling still requires a basic level of education that society wants, in addition to the education the parents may also want.
If a home schooled child is not given that basic level of education, it is not much different from simply refusing to send your child to school at all. Society even removes children from parents who refuse to provide this basic level of education, deeming it causing harm to the child as well as society.
Releasing a bunch of new young adults into society who can not read, write, or do basic math for example would be a huge drain on society, would not be productive in any form, and would cost the rest of us more money to support them since they would be incapable of doing so themselves.
Hey, since we're making stability/usability jokes...
1993 called... they want their OS back.
I keep trying to call 1993 back, but for some reason my phone keeps rebooting...
Seriously? You are suggesting we leave passwords laying around in plain text in batch files, and go back to telnet???
Your method is only better in one single way. There is no worrying that you are the 0.0001% that did it wrong and are vulnerable. With your way, you KNOW you are already exploited!
I can't wait for the next world of warcraft update, when their system mistakenly flags millions of users as pirates for using bittorrent!
Actually tcl.tk is already the primary domain for active tcl.
I reference wiki.tcl.tk and their online man pages there frequently.
Nobody markets guns to kids, you asshole.
http://www.google.com/search?hl=en&site=&source=hp&q=toy+gun
About 26,900,000 results (0.41 seconds)
Would like to see someone get prosecuted over this.
I agree. I here by claim you have sold your vote to a corporation, which is a felony.
I present the evidence of your crime as a picture of your voting results, and it is now up to you to prove you did not do so, despite the damning evidence that you did. Why else have a picture of your vote if not to sell it? Good luck proving a negative.
You'll be going to PMITA prison for many a decade for your crime of selling votes. I hope you're happy about your request to be prosecuted!
What? I'm using Java applications for several years, but I've never ever seen nor Ask Toolbar nor anything else "extra" in JRE security updates.
Then you may want to go back to all those vulnerable systems you deployed which clearly have NEVER had a Java update of any kind installed to them in the past 4 years...
In this case the problem actually was BitTorrent.
Had he gone down to the local store and physically stolen the 10 DVDs, he would have gotten a $150 fine and banned from the one store (For a year or two, until it changed ownership)
It really sucks that the store owner would have been out the money they paid for those DVDs, and doesn't at all deserve that.
But clearly when we go about not depriving anyone of anything the fines are in the multiple millions of dollars, yet depriving someone of property will be in the three digit range.
The publishers want to be able to charge Google to compensate them for ad revenue losses.
Two can play at that game. I want all French publishers to compensate ME for lost ad revenue too.
After all, I put up a crappy news website with ads too, but all my readers seem to be going to the major publishers websites instead (stolen from me most likely).
These publishers are admitting they are at fault for my lack of ad revenue, and I am rightfully entitled to a share of all of their profits! I'm so glad to hear them admit they owe me billions upon billions of dollars.
I'll be awaiting my check publishers!
Grandpa still has his tubes from his tv repair days. They are doubtlessly worth thousands. But, no one will pay fair value for them in bulk
When I happened to have a few hundred old tubes, I hand crafted a few chess sets out of them, most given away as gifts.
As I recall not a single person I gifted them to failed to mention how I should be selling them and getting rich instead (ha!)
It at least might be an idea if you had some spare time kicking around for a new hobby, for you and/or for Grandpa!
Given the low cost of renting a virtual or physical host machine these days it seems there's little reason to bother with shared hosting
About the only reason I can see is if that is literally the only thing you need: A single small and simple website where every file is public.
If every last html and image file is available through the web-server, then it's not exactly a big security risk for others to directly access the files instead of getting them through the web server.
This only holds true if everything should be public of course.
A single hidden URL or private section (or any form of restriction or control at all) would render this plan moot.
If you need any form of controls at all, or more than one simple website, a VPS really is a better and cheaper solution in the long term.
This excludes Debian, Ubuntu, Fedora, Gentoo, etc.
Wow, do they really exclude the base Debian distro?
I can completely understand all the others (Except Gentoo*), as they do include non-free drivers and even software in the default install.
(* I only exclude Gentoo due to my unfamiliarity, but not disagreeing.)
Debian does of course maintain three separate repositories.
"Free" which is the base and default, which they assure is only software with free licenses.
The other two, "Contrib" and "Non-Free" must be added in manually, and is where they put software with more restrictive licenses.
Is it the fact these repos can be added at all?
Does Debian now include non-free drivers or kernel modules in the base I'm unaware of?
Obviously I don't mind running software that isn't 100% free, and do add in all three repos right after an install, so likely take such things for granted. But I always thought Debian went out of their way to keep the base install completely free, while at the same time giving you the freedom to choose the level of free-ness your particular install(s) are.
Compared to the distro mentioned in this story, which restricts your freedom to choose less free software such as Flash, Java, and likely others, I would say Debian is actually more free than the FSF's apparent standards.
What is so wrong with saying that I own half of Facebook? Whatever happened to a right to free speech?!
The same thing that's wrong with me using photoshopped pictures of you and that three year old child as evidence in a court case.
Oh wait, that is exactly what you are arguing should be allowed isn't it?
So you just spent three sentences claiming yogurt will cure c.difficile, arguing the parents point is incorrect.
Then your final sentence claims yogurt will NOT cure c.difficile, echoing exactly the parents point.
Your first three sentences also link in with the parent being wrong as you claim homeopathic remedies are somehow scientific and do work, since that was that posts entire point...
Also no one at all in this thread claimed yogurt was homeopathic, that was just something you made up (likely on purpose) to try and argue against it.
What _exactly_ are you trying to say again? (Other than everything, and contradicting everythings to boot?)
Hey, I have an idea: why not just force everyone to fly naked!
Wanting to fly while naked is also just as illegal as wanting to fly while not naked.
Both will gain you disorderly conduct charges.
http://www.huffingtonpost.com/2012/05/03/naked-man-protests-tsa-at-portland-airport_n_1433830.html
First one, then the other.
And here I was wondering exactly how they fit the whale into the network operation center!
How can it be that "Human activity triggered an earthquake" when a quake "would likely have occurred at some point in the area" ?
Would a car example help?
Say you fill up your tank, and a full tank will get you roughly 150 miles of driving.
It is a fact that your car will run out of fuel after roughly 150 miles of driving.
If I come along and siphon out most of your fuel, say to put into my car, then you will run out of fuel after driving only a few miles instead.
On the one hand, you are claiming it is OK that I stole your fuel, since you would have run out of fuel without my "help" anyways.
The rest of us are claiming I can not use that as a legit excuse for stealing your fuel, since you would have been able to drive further had I not taken any fuel, despite the fact you will run out of fuel either way.
Because it's impossible for one to drive a friend or family member to the hospital, knowing said friend or family member was unable to drive themselves?
If your wife or mother or best friend was hit by a truck and taken to the ER, you would tell them to fuck off then because you refuse to be in an ER?
Perhaps someone he knew was in an accident and taken to the ER, and he was there waiting on them to get out.
Your assumptions are sicking, and you should be ashamed of accusing someone of suck bullshit without knowing a single detail of the situation.