You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world.
I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way. If such unauthorized keys were being used broadly, someone would notice that the public key certificates received by end users are not the same ones being served by the sites.
Yes, we know they exploited the widely-known vulnerabilities in SSLv2 and v3. The recently-published NSA hacking tools contained no new capabilities, though. There's no evidence that they can exploit properly-configured TLS.
Why would these people assume a foreign president has their best interests at heart again?
Why would you think they would assume anything of the sort. You have a VP of an Indian company, talking to his investors and other people in the Indian IT industry, warning them that Trump's changes may negatively impact their industry. There's no indication of any assumption that Trump should be watching out for them, just a warning that Trump's actions may damage them.
The headline is incorrect. This Indian VP dude is afraid it will hurt HIS industry, not THE industry.
He's speaking to his investors. To him and to them, his industry IS the industry. Why would he be talking about some other industry, of interest only to other people elsewhere in the world?
Also except for the fact that ISP can see your destination AND the url request... Yep they can not see it at all.
No. The ISP, etc., can see the hostname in the DNS request and they can see the IP address of the server you connect to, but that's all. The first messages exchanged with the server establish the encrypted channel and then the GET (or similar) request that specifies everything after the hostname in the URL is inside the secure channel. They cannot see the URL.
Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely. The only thin exception to this is if they can inject their own CA certificates in the TLS trust stores. That enables a man in the middle attack. Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale, since it essentially requires taking away the ability to install arbitrary software on the end-user machine.
any decent overlord is using SSL inspection (seemlessly via compromised root certs)
Cite?
There have been occasional instances of compromised root certs, which have fairly quickly been removed from default trust stores, but I see no evidence of ongoing vulnerability -- excepting when the overlord controls the trust store. That is common in corporate scenarios but not really possible without removing admin rights from users' computers, which is hard for any nation other than North Korea to do.
Actually airships are not fragile at all but super resilient.
Perhaps for very small values of "resilient". An A-10 would take any airship out with a 0.5 second burst
That would poke a line of holes through one set of ballonets. Depending on the design of the ballonets, it may or or may not destroy the ones it hits. They may just start leaking, perhaps even fairly slowly for their size. A modern airship designed for combat (assuming such a thing made sense, in a world of missile combat) could even have automatic self-patching features to stop the leaks, and would definitely carry supplies of compressed gas to replace losses.
Show me an airship that will withstand even the smallest current-issue missile.
Yeah, 1000 pounds of high explosive will do a number on pretty much anything short of a reinforced bunker.
However, most of our transport and cargo vehicles would be quickly destroyed in combat, so I'm not sure what that has to do with anything.
Well how many open source programs have been properly audited? I can name one: Truecrypt. It had a much smaller code base and still took nearly 2 years to audit.
And I guarantee you that exploitable bugs remain in Truecrypt. Audits are great, fuzzing is great, good security development practices are great... but secure software is devilishly hard to build. Projects, open or closed, should do all of the above, and they should all encourage researchers to regularly analyze their work, because all of that reduces the number of security vulnerabilities, making the ones that remain ever more subtle and hard to find. But bugs *will* remain.
I then tried Konqueror because I thought my noscript on FF might be the issue. That failed, so I tried Chrome and it worked.
The Gmail team (like all Google web properties, actually) runs automated regression tests on every change, on all major browsers and some minor ones, but I doubt they test with noscript. I'm surprised if Gmail works on *any* browser with Javascript disabled, and I'll bet it doesn't work very well.
It may not be a cospiracy, but the sheer dominance of Chrome is starting to lead to an IE6 style lock-in.
It's possible, but it seems hard to believe that 60% market share is enough to allow that sort of complacency on the part of web site developers. I suppose it's possible that some sites have a much higher percentage of users on Chrome, and perhaps most of the rest are using Safari, so they don't test on Firefox.
Giving every reporter at a newspaper free speech does not require giving it to the company that pays him or publishes his words.
But you said that employees must speak only on their own dime. They can't use the corporations' bank to do it with, and the reporter is clearly and unequivocally using the corporation's financial and other resources to speak.
I agree with you. Supporting some freeloaders is just an unavoidable side effect of helping people who really need it, at scale. A more complete explication of my view: https://slashdot.org/comments....
The average density of the sun is 1410 kg/m^3 and the outer layers are much less dense than that. The density of iron is 7870 kg/m^3. So I don't think so.
But the iron is porous. Didn't you see his pictures? And apparently solid at high temperature, and strong enough to avoid crushing the pores closed. Maybe it's iron from Krypton.
If I had mod points I would give you all of them because I did not know about this obscure tax code which explicitly targets "the technical services industry" and cuts off any hope of large growth for computer-related contractors.
For those who don't want to read the legalese and would like a less-biased view of what the regulation says, it basically says that the IRS is looser in its determination of employment status (contractor vs employee) for technical services workers. The terms of a contract which might cause the IRS to determine that an individual is actually an employee if that individual is a ditch digger may allow him to be considered a contractor if he's a programmer or similar.
I'm not certain that this "targets from an era before the government allowed millions of Americans to lose their jobs to cheaper offshore labor", or "cuts off any hope of large growth for computer-related contractors", particularly since the contract programmers I know could easily get regular jobs if they wanted, but prefer the higher income and greater flexibility achieved with independent status.
All irrelevant to the topic of free speech of course. It's already the case that the law disallows free speech as a defense against prosecution for false advertising, etc., regardless of whether the "person" making the claim is an individual or a multi-national conglomerate. So while your point is interesting on its own, and food for thought about how to enable more evenhanded enforcement of false advertising rules, it's a red herring.
Would you care to take a stab at the actual questions I asked above, about how to disentangle the free speech rights of employees/shareholders from the free speech rights of the corporation they make up?
Facebook are one of a number of companies that have a habit of using exotic international tax vehicles to move profits from countries where corporation taxes are reasonable to countries where they are super-low.
Yeah, the existing system has some broken rules, and FB takes advantage of those rules. So what? Not taking advantage of them would be dumb, since all the competition is. That doesn't mean Zuckerberg can't call for better rules.
Note that in this case, the most sensible fix to the rules would be eliminating corporate income tax on foreign earnings (or, better yet, eliminate corporate income tax entirely), and instead making a series of changes to tax laws to increase the burden on wealthy owners of capital. Increase capital gains taxes, add some higher income tax brackets, add taxes on luxury items, remove deductions used primarily by the wealthy, etc.
However, all of that really is completely separate from whether UBI is a good idea. UBI could theoretically be implemented in a way that is fully revenue neutral, just replacing all of the existing means-tested welfare systems. Everyone not currently receiving welfare benefits would see their taxes go up by roughly the same amount as the UBI check they begin to receive, leaving their situation unchanged. It's not quite that simple, of course, but a well-designed UBI should not affect the majority of wage earners significantly.
How are you going to afford all that dope on only basic income
Grow it in a window box.
I'm not sure what most people picture when they think of UBI, but if it's going to replace existing "social safety net" programmes, then life on UBI alone means living like life on existing social safety net programmes. Aka, you'll survive, but it won't be a pretty life.
True. Just be aware that some people will make that choice. Perhaps including the GP.
Keep in mind that there will always be some people -- a small percentage -- who are content to scrape by on whatever scraps fall their way, contributing nothing. They'll work the system as best they can. The only way any welfare system can avoid paying such people is by employing hordes of social workers to take a detailed look at every recipient's life and by giving those social workers the power to say "yes" or "no" based on their considered judgment of need and ability, not on well-defined rules, since no set of rules can ever be comprehensive and flawless. But that way lies rampant abuse by the social workers.
I have seen a private, church-based, welfare system that does this effectively, but only because of a particular set of social pressures. I'm sure lots of other small-scale welfare systems, using voluntariiy-donated money managed by individuals with a personal stake in the integrity and effectiveness of the system can work well, but they don't scale.
Helping people at scale requires infrastructure and rules, and will always be exploited to produce perverse outcomes in particular cases, including to support the small percentage of people who are happy to do nothing at all. I think we just have to accept that as part of the price of helping those who deserve help.
Given that any and every system will be abused, one of the reasons I like UBI is because it seems like the least abuse-prone system possible. The only way to abuse it is to fake the existence of a person. That sort of abuse will undoubtedly happen, but it's clear, unambiguous fraud, and it's relatively easy to catch.
Slashdot Mirror
You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world.
I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way. If such unauthorized keys were being used broadly, someone would notice that the public key certificates received by end users are not the same ones being served by the sites.
Yes, we know they exploited the widely-known vulnerabilities in SSLv2 and v3. The recently-published NSA hacking tools contained no new capabilities, though. There's no evidence that they can exploit properly-configured TLS.
Why would these people assume a foreign president has their best interests at heart again?
Why would you think they would assume anything of the sort. You have a VP of an Indian company, talking to his investors and other people in the Indian IT industry, warning them that Trump's changes may negatively impact their industry. There's no indication of any assumption that Trump should be watching out for them, just a warning that Trump's actions may damage them.
The headline is incorrect. This Indian VP dude is afraid it will hurt HIS industry, not THE industry.
He's speaking to his investors. To him and to them, his industry IS the industry. Why would he be talking about some other industry, of interest only to other people elsewhere in the world?
Also except for the fact that ISP can see your destination AND the url request... Yep they can not see it at all.
No. The ISP, etc., can see the hostname in the DNS request and they can see the IP address of the server you connect to, but that's all. The first messages exchanged with the server establish the encrypted channel and then the GET (or similar) request that specifies everything after the hostname in the URL is inside the secure channel. They cannot see the URL.
Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely. The only thin exception to this is if they can inject their own CA certificates in the TLS trust stores. That enables a man in the middle attack. Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale, since it essentially requires taking away the ability to install arbitrary software on the end-user machine.
any decent overlord is using SSL inspection (seemlessly via compromised root certs)
Cite?
There have been occasional instances of compromised root certs, which have fairly quickly been removed from default trust stores, but I see no evidence of ongoing vulnerability -- excepting when the overlord controls the trust store. That is common in corporate scenarios but not really possible without removing admin rights from users' computers, which is hard for any nation other than North Korea to do.
Dude, an A-10 gun run on an airship would practically turn it into confetti
A couple dozen one-inch holes does not make "confetti" of a 500-foot airship.
Actually airships are not fragile at all but super resilient.
Perhaps for very small values of "resilient". An A-10 would take any airship out with a 0.5 second burst
That would poke a line of holes through one set of ballonets. Depending on the design of the ballonets, it may or or may not destroy the ones it hits. They may just start leaking, perhaps even fairly slowly for their size. A modern airship designed for combat (assuming such a thing made sense, in a world of missile combat) could even have automatic self-patching features to stop the leaks, and would definitely carry supplies of compressed gas to replace losses.
Show me an airship that will withstand even the smallest current-issue missile.
Yeah, 1000 pounds of high explosive will do a number on pretty much anything short of a reinforced bunker.
However, most of our transport and cargo vehicles would be quickly destroyed in combat, so I'm not sure what that has to do with anything.
Well how many open source programs have been properly audited? I can name one: Truecrypt. It had a much smaller code base and still took nearly 2 years to audit.
And I guarantee you that exploitable bugs remain in Truecrypt. Audits are great, fuzzing is great, good security development practices are great... but secure software is devilishly hard to build. Projects, open or closed, should do all of the above, and they should all encourage researchers to regularly analyze their work, because all of that reduces the number of security vulnerabilities, making the ones that remain ever more subtle and hard to find. But bugs *will* remain.
They don't exploit it either. People living outside of the system, beging in the streets, have nothing to do with the system.
You're not talking about the same people I am.
Google Knows everything about everyone. Where you go, what you spend money on and everything else.
If that's true, Google should stop showing me ads for things I already bought.
I then tried Konqueror because I thought my noscript on FF might be the issue. That failed, so I tried Chrome and it worked.
The Gmail team (like all Google web properties, actually) runs automated regression tests on every change, on all major browsers and some minor ones, but I doubt they test with noscript. I'm surprised if Gmail works on *any* browser with Javascript disabled, and I'll bet it doesn't work very well.
It may not be a cospiracy, but the sheer dominance of Chrome is starting to lead to an IE6 style lock-in.
It's possible, but it seems hard to believe that 60% market share is enough to allow that sort of complacency on the part of web site developers. I suppose it's possible that some sites have a much higher percentage of users on Chrome, and perhaps most of the rest are using Safari, so they don't test on Firefox.
Giving every reporter at a newspaper free speech does not require giving it to the company that pays him or publishes his words.
But you said that employees must speak only on their own dime. They can't use the corporations' bank to do it with, and the reporter is clearly and unequivocally using the corporation's financial and other resources to speak.
I agree with you. Supporting some freeloaders is just an unavoidable side effect of helping people who really need it, at scale. A more complete explication of my view: https://slashdot.org/comments....
Okay, so say "exploit" the system, then.
Nuh uh! It has a solid iron surface just below the photosphere. http://www.thesurfaceofthesun....
The average density of the sun is 1410 kg/m^3 and the outer layers are much less dense than that. The density of iron is 7870 kg/m^3. So I don't think so.
But the iron is porous. Didn't you see his pictures? And apparently solid at high temperature, and strong enough to avoid crushing the pores closed. Maybe it's iron from Krypton.
It isn't going to touch the Sun; it won't get anywhere near the surface...
The sun is a ball of gas. It does not have a "surface" in any meaningful sense.
Nuh uh! It has a solid iron surface just below the photosphere. http://www.thesurfaceofthesun....
(I can't figure out if that guy is serious or has constructed an elaborate hoax. I'm leaning towards the former.)
They're trying to drive the death knell into the 1099 contract circuit
The way I read it, IRS 1706 does the opposite. It makes it easier for contractors to stay contractors and not be considered employees.
If I had mod points I would give you all of them because I did not know about this obscure tax code which explicitly targets "the technical services industry" and cuts off any hope of large growth for computer-related contractors.
For those who don't want to read the legalese and would like a less-biased view of what the regulation says, it basically says that the IRS is looser in its determination of employment status (contractor vs employee) for technical services workers. The terms of a contract which might cause the IRS to determine that an individual is actually an employee if that individual is a ditch digger may allow him to be considered a contractor if he's a programmer or similar.
I'm not certain that this "targets from an era before the government allowed millions of Americans to lose their jobs to cheaper offshore labor", or "cuts off any hope of large growth for computer-related contractors", particularly since the contract programmers I know could easily get regular jobs if they wanted, but prefer the higher income and greater flexibility achieved with independent status.
Easy - they can speak, saying whatever they want, on their own dime. They can't use the corporations' bank to do it with.
So, what about the reporter? Did you read my questions?
Which is why transportation should go electric, sure. It's the far more practical emission-free option.
Interesting examples, thanks.
All irrelevant to the topic of free speech of course. It's already the case that the law disallows free speech as a defense against prosecution for false advertising, etc., regardless of whether the "person" making the claim is an individual or a multi-national conglomerate. So while your point is interesting on its own, and food for thought about how to enable more evenhanded enforcement of false advertising rules, it's a red herring.
Would you care to take a stab at the actual questions I asked above, about how to disentangle the free speech rights of employees/shareholders from the free speech rights of the corporation they make up?
Facebook are one of a number of companies that have a habit of using exotic international tax vehicles to move profits from countries where corporation taxes are reasonable to countries where they are super-low.
Yeah, the existing system has some broken rules, and FB takes advantage of those rules. So what? Not taking advantage of them would be dumb, since all the competition is. That doesn't mean Zuckerberg can't call for better rules.
Note that in this case, the most sensible fix to the rules would be eliminating corporate income tax on foreign earnings (or, better yet, eliminate corporate income tax entirely), and instead making a series of changes to tax laws to increase the burden on wealthy owners of capital. Increase capital gains taxes, add some higher income tax brackets, add taxes on luxury items, remove deductions used primarily by the wealthy, etc.
However, all of that really is completely separate from whether UBI is a good idea. UBI could theoretically be implemented in a way that is fully revenue neutral, just replacing all of the existing means-tested welfare systems. Everyone not currently receiving welfare benefits would see their taxes go up by roughly the same amount as the UBI check they begin to receive, leaving their situation unchanged. It's not quite that simple, of course, but a well-designed UBI should not affect the majority of wage earners significantly.
How are you going to afford all that dope on only basic income
Grow it in a window box.
I'm not sure what most people picture when they think of UBI, but if it's going to replace existing "social safety net" programmes, then life on UBI alone means living like life on existing social safety net programmes. Aka, you'll survive, but it won't be a pretty life.
True. Just be aware that some people will make that choice. Perhaps including the GP.
Keep in mind that there will always be some people -- a small percentage -- who are content to scrape by on whatever scraps fall their way, contributing nothing. They'll work the system as best they can. The only way any welfare system can avoid paying such people is by employing hordes of social workers to take a detailed look at every recipient's life and by giving those social workers the power to say "yes" or "no" based on their considered judgment of need and ability, not on well-defined rules, since no set of rules can ever be comprehensive and flawless. But that way lies rampant abuse by the social workers.
I have seen a private, church-based, welfare system that does this effectively, but only because of a particular set of social pressures. I'm sure lots of other small-scale welfare systems, using voluntariiy-donated money managed by individuals with a personal stake in the integrity and effectiveness of the system can work well, but they don't scale.
Helping people at scale requires infrastructure and rules, and will always be exploited to produce perverse outcomes in particular cases, including to support the small percentage of people who are happy to do nothing at all. I think we just have to accept that as part of the price of helping those who deserve help.
Given that any and every system will be abused, one of the reasons I like UBI is because it seems like the least abuse-prone system possible. The only way to abuse it is to fake the existence of a person. That sort of abuse will undoubtedly happen, but it's clear, unambiguous fraud, and it's relatively easy to catch.