that showed some very UNdamning things that the pilots did, like NOT firing when children/innocents were in the line of fire.
If I don't stab you on Monday, and I don't stab you on Tuesday, then I stab you on Wednesday, what does it matter what I did on Monday and Tuesday? I still fucking stabbed you.
That depends on why you stabbed me on Wednesday. And if the accusation against you is that you stab everyone in sight whether it's justifiable or not, then the fact that you didn't stab me when you saw me on Monday or Tuesday may be very important.
And these soldiers still fucking shot at people trying to remove a wounded journalist from the field. Frankly I think you would have to be some kind of idiot to believe they weren't ordered to do so. Didn't shoot kids, didn't shoot kids, shot journalist. Oh, but I didn't shoot the kids, so it's OK.
The soldiers had no way of knowing he was a journalist. He was with a group of men carrying AKs and at least one RPG near an area where there was recent fighting between ground forces and insurgents. The reasonable conclusion is that all of the armed men are insurgents, and that he's one one them.
I'll answer: The solution is for passengers to recognize that hijackers are trying to kill them, and to respond appropriately. Of course, that solution was implemented shortly after the first plane struck the first tower on 9/11.
The strengthened cockpit doors are nice, too, but the attitude change of the passengers has already made turning an airliner into a missile unworkable. All that's left for terrorists is to blow up the plane itself, which has a very limited terror payoff and even pre-9/11 security makes it a somewhat difficult target. You could kill a lot more people by setting off a bomb in a crowded shopping mall, and there's no security whatsoever there.
Boats have been doing this for about 100 centuries. They can travel against headwinds.
However, for anyone (Google) to invest good money in this technology marketing gimmick seems to be a bit nutty. Why are they wasting this money in this gimmick where there are real energy-related science and engineering problems that can be pursued?
An old aphorism comes to mind here: Better to be silent and thought a fool, than to speak and remove all doubt.
Between multiple restaurants and their appetizers and desserts, grocery stores, and milk delivery subscriptions, most households are paying for food at least three times over, often paying the same provider multiple times per month. It's time for a universal food plan, [Cnet columnist Molly] Wood declares: 'I want to pay once for food, I want that food to be unlimited, and I want to be able to eat it at any location I choose.' Still, she has hopes that the-times-they-will-be-a-changin': 'It's only a matter of time before regulators catch wind of just how many times we're being charged for the exact same thing.'
I was able to carry my firearm wherever I wanted without fear of breaking some poorly documented state or local law.
According to the Brady Campaign, our firearms laws are perfect -- the first state to score a perfect 0! We still have some work to do, but we do indeed have it good. Even open carry is quite well accepted (if not common).
Where I live I'm not allowed to legally draw a gun unless the situation is such that I can legally shoot it, i.e: I'm afraid for my life.
It's a little unclear where I live (Utah). If drawing is construed as a threat, it could potentially be prosecuted as aggravated assault, but in practice people only seem to be charged for that if they actually point the gun.
The legislature attempted to clarify things a little this last session by specifying that drawing in order to prevent another's use of unlawful force (*any* unlawful force, not just deadly force) is not a crime under the "threatening with a dangerous weapon" statute. Now, it would seem to me that if the legislature chose to specifically exempt that action from being a misdemeanor crime in that case, they didn't intend for it to be prosecuted as a felony (aggravated assault). So I think you'd have a good defense in Utah if you drew in order to stop the use of unlawful force -- but you might have to argue it in court, and you might even lose.
I'm talking to a couple of state legislators about proposing a bill for next year that would update the statute that describes justifiable use of force to clarify that a threat of deadly force is justifiable to prevent unlawful force.
In contrast, as you said, police seem to need very little justification for drawing. I can't find any statutory basis for that, but it's reality. I think they also get more leeway with pointing as well -- though in fact in Utah they are justified in using deadly force to stop a fleeing felon, while citizens are not, so they actually do have a little more statutory leeway in that case.
There isn't a lot of drawback for a cop pointing his gun at you. (Filling out some paperwork)
Umm, I don't know about your state, but my state doesn't give cops the right to point guns at people without some sort of justification for doing so.
Per the law, you're correct. In practice, police get a lot of leeway. They do need "some sort of justification", but it's a heck of a lot less (in practice) than what you or I need to point our guns at someone.
That said, if a police officer ever points his gun at me without the same level of justification that I need, I will push as hard as I can to get aggravated assault charges filed against him. Up to and including talking to some acquaintances in the state legislature and the state Attorney General (who I know personally). Even still, I'll probably fail, but the officer and department are going to sweat. And that's even before I get around to filing a civil suit.
Sorry to troll, but what exactly is a "strict superset"? A superset is a set that contains another set, in this case Objective-C contains C; all of it. If it didn't contain all of C, then it wouldn't be a superset at all. So what makes a superset strict?
A simple analogy:
"Strict superset" is to "superset" as ">" is to ">=".
Technically, yes. That's what it means in a math class or a logic class. But that's not what "strict" means in this context.
What it means here is that Objective-C is a superset, in the sense that any legal and correct C program is a legal and correct Objective-C program that does the same thing. So the "strict" adjective is technically redundant. The reason it isn't redundant in practice is because other languages (notably C++) are close enough to being supersets of C that they're called supersets of C, even though there are some C programs that are not valid in those languages, or that are valid but work differently.
So, basically, the situation is that "superset" in this context has been abused a little bit, applied to languages that are almost but not quite supersets. So for Objective-C we say it's a strict superset to mean that it actually is a superset.
Were the meaning what you suggested, the "strict" adjective would be unnecessary, because the only language that is a superset of C but not a strict superset (I'm using the terms correctly here, not loosely as they have been misapplied to C++, etc.) is C itself.
Of course, for any of the above to make sense, you also have to specify which version of C you're referring to, and you have to pick one that Objective-C actually is a superset of.
That makes me thing that some activist on a school board got an ID requirement passed. One day and that gets checked off the "to do" list. Done. Now we can get back to teaching actual science.
If your guess is accurate, that's actually not a bad way to address the issue. Not only does it make the activist happy, it gives the science teacher an opportunity to briefly introduce the notion of "irreducible complexity", explain mechanisms by which such complexity arose (including Intelligent Design) and address the question of falsifiability and how ID isn't falsifiable. In other words, address the "sciency" part of ID head-on, in a neutral, scientific manner.
Science purists might be offended at this sort of political sop to religious sensibilities, but honestly it's probably a really good idea to formally introduce students to these ideas in a fact-based discussion *before* they come across them somewhere else in an emotionally-charged screed. In a sense, science teachers could take the opportunity to inoculate students against ID, by teaching it to them.
For my site, the domain in blue is good enough for me. Not receiving any Invalid Certificate popups when I switch between computers is great. All of these certificate signers are still technically regulated, so if one's signing key gets out into the wild, the browsers will simply remove it.
I'm a professional computer security consultant who's been a software engineer for 20 years... and I had no idea what the difference between blue and green in the browser address bar was. I see color in the address bar, and I see the lock icon in the status bar... I assume that I'm talking to a secured sight who's been vetted to some degree.
Obviously, my assumption is even less warranted than I had thought. So you have to have a "legitimate e-mail address" and you have to conform the information on the domain -- which can be a random PO box. Whoop-te-doo. That level of verification would make it hard for me to get a cert in the name of, say, Bank of America, but if I cared to work at it for a bit I could almost certainly get a cert in a small organization's name.
Your example just proves how badly broken the SSL security model already is -- and it has been driven to this low, low level precisely because guys like you have a need for cheap/free certificates because you can't financially justify a proper certificate and and you can't use self-signed, but want some degree of security.
I don't see how disabling the "browser puking" on self-signed certs is better than this either.
Then you need to re-read my previous post. I explained it very clearly.
Keep in mind that UNLIKE the situation with your site, with a silently-accepted self-signed cert there would be no browser clues (other than the little 10-point lowercase 's' in the address bar, which only the tech-savvy would have any knowledge of) to fool the user into thinking that any verification has been done.
If there are only a handful of allowed signing registries, it's still better than not. Assuming they don't give out the private signing keys. It's not easy to get into the Authoritative Certificate servers in the big browsers...
First, there aren't only a handful of allowed signers. There are dozens. Check the "Authorities" in your browser. The copy of Firefox I'm using right now has 82. I added maybe 10 of those.
Second, it's even worse if some of them are free. Why? Because obviously doing thorough vetting of applicants can't be done for free. It takes time and effort on someone's part, and for the security of the system we want it to be a substantial amount of time and effort. That means that certificates SHOULD cost hundreds of dollars. The fact that a cert costs hundreds of dollars doesn't guarantee that the issuer is doing that level of work, but a free cert is pretty much guaranteed not to provide that level of due diligence.
In addition, the cost itself provides a barrier for certain types of malicious use. Some forms of phishing get shut down fast enough that the phisher can only be sure to make a couple grand at most before being stopped. If the phisher has to shell out $500 even to set up the attacks, that seriously cuts into his profit margin.
A security system is only as strong as the weakest link. And the more authorities there are, the greater the odds that one of them will be easily exploitable. And competition among them drives the price down (to zero, apparently), with a corresponding reduction in due diligence.
This isn't to say the system is fatally flawed. Indeed, it seems to work relatively well, so far. But to keep it working well we should be pushing for fewer authorities, with higher standards and more thorough vetting of applicants. This is why allowing self-signed certs to have some utility is such a good idea. It allows all of the sites that can't justify the cost or satisfy the requirements of a proper authority-signed cert to have a modicum of security, which removes most of the motivation to drive CA cost, and therefore due diligence, to zero.
Because if the latter happens in a significant way, the whole system becomes worthless.
All of this makes me glad
on
Lost Ends
·
· Score: 1
So, basically, your argument boils down to the idea that you're more likely to notice the 's' in the address bar than the lock in the status bar? I think most users -- especially non-technical users who are unlikely to realize the 's' means anything at all! -- are more likely to notice the lock.
In any case, this problem can be solved by making the browser's indicator of a secure site more prominent. Someone suggested turning the whole address bar green, which would be a good way to do it.
Security, like everything else, isn't binary, so browsers classifying connections into two classes, "secure" and "insecure" is itself, in some ways, idiocy.
Absolutely true.
Your new definition of "secure connection" is still not secure from any adversary who controls or has otherwise subverted an organization trusted to issue certificates.
Not my definition, really. It's the one we've been using for about 15 years now for web security. Not a very good one, but it has proven effective most of the time.
I wonder if corporations will start to become so competitive that they will be tempted to abuse their cert-issuing powers to MITM. A possible scenario with less risk to such a corporation would be to use a criminal third party which they have allowed to subvert their CA's security.
An even more likely scenario, I think, is an employee of a CA subverting the security for criminal gain.
Actually, one has to wonder whether organized crime hasn't already subverted some CA somewhere, no?
Indeed. And it's flat guaranteed that various governments have done it.
No one should place too much trust in the certificate issuance systems. In practice, though, they seem to be good enough to keep my on-line banking password from being abused, and I wouldn't want to undermine that system. Not until we come up with something better.
There are sites that allow you to get free SIGNED SSL certificates. I got a StartCom Certificate a number of months back, and people no longer get browser errors on my site. Sure, it's a little bit of a hassle, but in the long term it's worth it.
Unfortunately, the easier it is to obtain a signed certificate, the less value such validation offers.
A certificate provided in-band that isn't signed by a trusted entity from whom you have received a certificate by reliable means out-of-band with the immediate communication doesn't provide authentication, and encryption without authentication is meaningless.
"Meaningless" is too strong. Certainly a site with a self-signed certificate provides no assurance of security, which is why browsers should not present such sites as secure. But that doesn't make the encryption entirely useless. Opportunistic encryption is very valuable at protecting against casual snooping. Also, server key history has been proven by SSH to be a very useful -- if weaker -- mechanism for deterring MITM attacks.
Honestly, having received the same certificate from my bank every day for a year gives me more confidence that it's the correct key than a signature from Verisign.
Certainly, if the browser receives a self-signed certificate from a formerly-secure site, it should complain loudly. Also, browsers should make the secured status of sites very obvious, and sites with self-signed certs are not secure.
that showed some very UNdamning things that the pilots did, like NOT firing when children/innocents were in the line of fire.
If I don't stab you on Monday, and I don't stab you on Tuesday, then I stab you on Wednesday, what does it matter what I did on Monday and Tuesday? I still fucking stabbed you.
That depends on why you stabbed me on Wednesday. And if the accusation against you is that you stab everyone in sight whether it's justifiable or not, then the fact that you didn't stab me when you saw me on Monday or Tuesday may be very important.
And these soldiers still fucking shot at people trying to remove a wounded journalist from the field. Frankly I think you would have to be some kind of idiot to believe they weren't ordered to do so. Didn't shoot kids, didn't shoot kids, shot journalist. Oh, but I didn't shoot the kids, so it's OK.
The soldiers had no way of knowing he was a journalist. He was with a group of men carrying AKs and at least one RPG near an area where there was recent fighting between ground forces and insurgents. The reasonable conclusion is that all of the armed men are insurgents, and that he's one one them.
What's the solution, you ask?
I'll answer: The solution is for passengers to recognize that hijackers are trying to kill them, and to respond appropriately. Of course, that solution was implemented shortly after the first plane struck the first tower on 9/11.
The strengthened cockpit doors are nice, too, but the attitude change of the passengers has already made turning an airliner into a missile unworkable. All that's left for terrorists is to blow up the plane itself, which has a very limited terror payoff and even pre-9/11 security makes it a somewhat difficult target. You could kill a lot more people by setting off a bomb in a crowded shopping mall, and there's no security whatsoever there.
Boats have been doing this for about 100 centuries. They can travel against headwinds.
However, for anyone (Google) to invest good money in this technology marketing gimmick seems to be a bit nutty. Why are they wasting this money in this gimmick where there are real energy-related science and engineering problems that can be pursued?
An old aphorism comes to mind here: Better to be silent and thought a fool, than to speak and remove all doubt.
Between multiple restaurants and their appetizers and desserts, grocery stores, and milk delivery subscriptions, most households are paying for food at least three times over, often paying the same provider multiple times per month. It's time for a universal food plan, [Cnet columnist Molly] Wood declares: 'I want to pay once for food, I want that food to be unlimited, and I want to be able to eat it at any location I choose.' Still, she has hopes that the-times-they-will-be-a-changin': 'It's only a matter of time before regulators catch wind of just how many times we're being charged for the exact same thing.'
I was able to carry my firearm wherever I wanted without fear of breaking some poorly documented state or local law.
According to the Brady Campaign, our firearms laws are perfect -- the first state to score a perfect 0! We still have some work to do, but we do indeed have it good. Even open carry is quite well accepted (if not common).
Where I live I'm not allowed to legally draw a gun unless the situation is such that I can legally shoot it, i.e: I'm afraid for my life.
It's a little unclear where I live (Utah). If drawing is construed as a threat, it could potentially be prosecuted as aggravated assault, but in practice people only seem to be charged for that if they actually point the gun.
The legislature attempted to clarify things a little this last session by specifying that drawing in order to prevent another's use of unlawful force (*any* unlawful force, not just deadly force) is not a crime under the "threatening with a dangerous weapon" statute. Now, it would seem to me that if the legislature chose to specifically exempt that action from being a misdemeanor crime in that case, they didn't intend for it to be prosecuted as a felony (aggravated assault). So I think you'd have a good defense in Utah if you drew in order to stop the use of unlawful force -- but you might have to argue it in court, and you might even lose.
I'm talking to a couple of state legislators about proposing a bill for next year that would update the statute that describes justifiable use of force to clarify that a threat of deadly force is justifiable to prevent unlawful force.
In contrast, as you said, police seem to need very little justification for drawing. I can't find any statutory basis for that, but it's reality. I think they also get more leeway with pointing as well -- though in fact in Utah they are justified in using deadly force to stop a fleeing felon, while citizens are not, so they actually do have a little more statutory leeway in that case.
There isn't a lot of drawback for a cop pointing his gun at you. (Filling out some paperwork)
Umm, I don't know about your state, but my state doesn't give cops the right to point guns at people without some sort of justification for doing so.
Per the law, you're correct. In practice, police get a lot of leeway. They do need "some sort of justification", but it's a heck of a lot less (in practice) than what you or I need to point our guns at someone.
That said, if a police officer ever points his gun at me without the same level of justification that I need, I will push as hard as I can to get aggravated assault charges filed against him. Up to and including talking to some acquaintances in the state legislature and the state Attorney General (who I know personally). Even still, I'll probably fail, but the officer and department are going to sweat. And that's even before I get around to filing a civil suit.
If I were a Mormon, I'd already be planning my ad campaign for the 2020 election season....
FYI, Mormons who practice polygamy are excommunicated, and that wouldn't change if the practice were legalized.
A simple analogy:
"Strict superset" is to "superset" as ">" is to ">=".
Technically, yes. That's what it means in a math class or a logic class. But that's not what "strict" means in this context.
What it means here is that Objective-C is a superset, in the sense that any legal and correct C program is a legal and correct Objective-C program that does the same thing. So the "strict" adjective is technically redundant. The reason it isn't redundant in practice is because other languages (notably C++) are close enough to being supersets of C that they're called supersets of C, even though there are some C programs that are not valid in those languages, or that are valid but work differently.
So, basically, the situation is that "superset" in this context has been abused a little bit, applied to languages that are almost but not quite supersets. So for Objective-C we say it's a strict superset to mean that it actually is a superset.
Were the meaning what you suggested, the "strict" adjective would be unnecessary, because the only language that is a superset of C but not a strict superset (I'm using the terms correctly here, not loosely as they have been misapplied to C++, etc.) is C itself.
Of course, for any of the above to make sense, you also have to specify which version of C you're referring to, and you have to pick one that Objective-C actually is a superset of.
Last I checked, this was a government by the People for the People
You need to check again.
That makes me thing that some activist on a school board got an ID requirement passed. One day and that gets checked off the "to do" list. Done. Now we can get back to teaching actual science.
If your guess is accurate, that's actually not a bad way to address the issue. Not only does it make the activist happy, it gives the science teacher an opportunity to briefly introduce the notion of "irreducible complexity", explain mechanisms by which such complexity arose (including Intelligent Design) and address the question of falsifiability and how ID isn't falsifiable. In other words, address the "sciency" part of ID head-on, in a neutral, scientific manner.
Science purists might be offended at this sort of political sop to religious sensibilities, but honestly it's probably a really good idea to formally introduce students to these ideas in a fact-based discussion *before* they come across them somewhere else in an emotionally-charged screed. In a sense, science teachers could take the opportunity to inoculate students against ID, by teaching it to them.
You should learn about TAGS (ctags/etags).
No, because the two "masters" exchange blows with each other when the system is properly run and the entities are properly isolated.
That is the theory.
The government is the balance to a corporate system, and both together provide fairness. Get with it, man.
Because getting flogged by two masters is fairer than getting flogged by one.
With the wide-screen TFTs everywhere these days a bookmark sidebar has become a must-have for me. I cannot stand bookmark pull-down menus.
You must be one of those... <shudder>... full-screen people. Dude... windowing environments were invented for a reason!
For my site, the domain in blue is good enough for me. Not receiving any Invalid Certificate popups when I switch between computers is great. All of these certificate signers are still technically regulated, so if one's signing key gets out into the wild, the browsers will simply remove it.
I'm a professional computer security consultant who's been a software engineer for 20 years... and I had no idea what the difference between blue and green in the browser address bar was. I see color in the address bar, and I see the lock icon in the status bar... I assume that I'm talking to a secured sight who's been vetted to some degree.
Obviously, my assumption is even less warranted than I had thought. So you have to have a "legitimate e-mail address" and you have to conform the information on the domain -- which can be a random PO box. Whoop-te-doo. That level of verification would make it hard for me to get a cert in the name of, say, Bank of America, but if I cared to work at it for a bit I could almost certainly get a cert in a small organization's name.
Your example just proves how badly broken the SSL security model already is -- and it has been driven to this low, low level precisely because guys like you have a need for cheap/free certificates because you can't financially justify a proper certificate and and you can't use self-signed, but want some degree of security.
I don't see how disabling the "browser puking" on self-signed certs is better than this either.
Then you need to re-read my previous post. I explained it very clearly.
Keep in mind that UNLIKE the situation with your site, with a silently-accepted self-signed cert there would be no browser clues (other than the little 10-point lowercase 's' in the address bar, which only the tech-savvy would have any knowledge of) to fool the user into thinking that any verification has been done.
How so?
If there are only a handful of allowed signing registries, it's still better than not. Assuming they don't give out the private signing keys. It's not easy to get into the Authoritative Certificate servers in the big browsers...
First, there aren't only a handful of allowed signers. There are dozens. Check the "Authorities" in your browser. The copy of Firefox I'm using right now has 82. I added maybe 10 of those.
Second, it's even worse if some of them are free. Why? Because obviously doing thorough vetting of applicants can't be done for free. It takes time and effort on someone's part, and for the security of the system we want it to be a substantial amount of time and effort. That means that certificates SHOULD cost hundreds of dollars. The fact that a cert costs hundreds of dollars doesn't guarantee that the issuer is doing that level of work, but a free cert is pretty much guaranteed not to provide that level of due diligence.
In addition, the cost itself provides a barrier for certain types of malicious use. Some forms of phishing get shut down fast enough that the phisher can only be sure to make a couple grand at most before being stopped. If the phisher has to shell out $500 even to set up the attacks, that seriously cuts into his profit margin.
A security system is only as strong as the weakest link. And the more authorities there are, the greater the odds that one of them will be easily exploitable. And competition among them drives the price down (to zero, apparently), with a corresponding reduction in due diligence.
This isn't to say the system is fatally flawed. Indeed, it seems to work relatively well, so far. But to keep it working well we should be pushing for fewer authorities, with higher standards and more thorough vetting of applicants. This is why allowing self-signed certs to have some utility is such a good idea. It allows all of the sites that can't justify the cost or satisfy the requirements of a proper authority-signed cert to have a modicum of security, which removes most of the motivation to drive CA cost, and therefore due diligence, to zero.
Because if the latter happens in a significant way, the whole system becomes worthless.
... that I never watched a single episode.
So, basically, your argument boils down to the idea that you're more likely to notice the 's' in the address bar than the lock in the status bar? I think most users -- especially non-technical users who are unlikely to realize the 's' means anything at all! -- are more likely to notice the lock.
In any case, this problem can be solved by making the browser's indicator of a secure site more prominent. Someone suggested turning the whole address bar green, which would be a good way to do it.
Booms work when done properly.
Security, like everything else, isn't binary, so browsers classifying connections into two classes, "secure" and "insecure" is itself, in some ways, idiocy.
Absolutely true.
Your new definition of "secure connection" is still not secure from any adversary who controls or has otherwise subverted an organization trusted to issue certificates.
Not my definition, really. It's the one we've been using for about 15 years now for web security. Not a very good one, but it has proven effective most of the time.
I wonder if corporations will start to become so competitive that they will be tempted to abuse their cert-issuing powers to MITM. A possible scenario with less risk to such a corporation would be to use a criminal third party which they have allowed to subvert their CA's security.
An even more likely scenario, I think, is an employee of a CA subverting the security for criminal gain.
Actually, one has to wonder whether organized crime hasn't already subverted some CA somewhere, no?
Indeed. And it's flat guaranteed that various governments have done it.
No one should place too much trust in the certificate issuance systems. In practice, though, they seem to be good enough to keep my on-line banking password from being abused, and I wouldn't want to undermine that system. Not until we come up with something better.
There are sites that allow you to get free SIGNED SSL certificates. I got a StartCom Certificate a number of months back, and people no longer get browser errors on my site. Sure, it's a little bit of a hassle, but in the long term it's worth it.
Unfortunately, the easier it is to obtain a signed certificate, the less value such validation offers.
A certificate provided in-band that isn't signed by a trusted entity from whom you have received a certificate by reliable means out-of-band with the immediate communication doesn't provide authentication, and encryption without authentication is meaningless.
"Meaningless" is too strong. Certainly a site with a self-signed certificate provides no assurance of security, which is why browsers should not present such sites as secure. But that doesn't make the encryption entirely useless. Opportunistic encryption is very valuable at protecting against casual snooping. Also, server key history has been proven by SSH to be a very useful -- if weaker -- mechanism for deterring MITM attacks.
Honestly, having received the same certificate from my bank every day for a year gives me more confidence that it's the correct key than a signature from Verisign.
Certainly, if the browser receives a self-signed certificate from a formerly-secure site, it should complain loudly. Also, browsers should make the secured status of sites very obvious, and sites with self-signed certs are not secure.
How's the browser meant to know the difference?
The difference between what and what?