A good SSH: Check. Maybe the command line SSH client isn't quite as pretty, but it works in ever way as well.
If you use Nautilus (GNOME desktop file browser) or the KDE equivalent you can connect to remote servers graphically using SSH, WebDAV, whatever protocol you like if you find the command line not pretty enough. No need to open a terminal Nautilus->File->Connect to server->SSH
--Remote Desktop: Check. Not as slick as the Windows one, but doesn't lack for anything important.
Are you talking about Vino or Vncviewer or what? In what way is there slickness lacking?
example of where it doesn't is media production. The tools for Linux are sub par at best in my experience. In theory it might be possible to do what I need, but in practice I have never been able to figure out how and it is just too much effort. For Windows I just install Sony Vegas and go,
What do you do with Sony Vegas? I've never used it. Looking at it's bumf it looks like Audacity does a similar job. I hasten to add I don't do much besides basic chopping out segments of recordings for podcasts, fade-in/out at the edges of those segments and some adjustment of sound levels.
As far as the texteditors go I think they're one of the strongpoints of GNU/Linux. You might like JEdit
Not true anymore. There is one blob of FCC regulatory compliance stuff that used to be in userspace, but has moved out of it. Intel have been busy opening up all the details on all this stuff to hackers.
Yes, that's another good option. Similarly the nouveau project for reverse-engineering Nvidia's closed, proprietary, probably-infringing-patents hardware is coming along nicely. But... if buying new hardware then the chance for the market to reward an OPEN piece of hardware and simultaneously save on power is too good an opportunity to miss. Intel are really doing the right thing right now and it would be good to see the market confirm their strategy.
Only some. On the newer motherboards. See here. Make your life easier and more productive. Sell the crap hardware from proprietary companies that haven't seen the new market conditions before it's too late.
The kernel will always be a problem for closed-source software that stupidly relies on a stable ABI. The kernel intentionally stays flexible and changes rapidly in order to keep innovating. FL/OSS software has little problem rebuilding against it and staying innovative. That's why ATI and Nvidia will never be able to produce satisfactory drivers for Linux.
That's exactly why it makes most sense to go with fully open hardware supported by FL/OSS drivers unless you want to either stick with old kernel versions and not benefit from improved security and functionality, or else you have some hardcore gaming or 3D-modelling need.
The article is a long excuse explaining why AMD/ATI are unable to release decent GNU/Linux drivers. That's interesting enough as far as it goes: AMD/ATI and Nvidia both have crap closed, proprietary drivers which don't work well, make kernel updgrading difficult and are unauditable for security. So why bother with them? Further ATI have a history of dragging their ass and blocking the release of Free drivers,
Why bother with this crap? Just get an Intel GMA X3000 integrated motherboard and save time, power, money and hassle due to Intel "getting it" and releasing Open Source drivers and full specs. (You'll probably also be able to benefit from their free wireless drivers.
If you're into hardcore gaming then you're probably running a PS3 or an Xbox on the side anyway.
Re:One nice thing about Fedora7 is the buildtools
on
Fedora 7 Released
·
· Score: 1
There's something called the Common Debian Build System (or was a year or two ago) which doesn't seem to make it as easy and straightforward as the Fedora tools.
Re:One nice thing about Fedora7 is the buildtools
on
Fedora 7 Released
·
· Score: 2, Informative
Re:One nice thing about Fedora7 is the buildtools
on
Fedora 7 Released
·
· Score: 2, Informative
Even if you're not interested in using Koji locally for your own purposes and just want to find out what the status of your favorite package is you can look at it on Fedora's Koji server. Click a package name on the left and you can see what patches have been applied according to the cnangelog and whether the package is being rebuilt, or waiting on review or whatever. It's superb.
One nice thing about Fedora7 is the buildtools
on
Fedora 7 Released
·
· Score: 5, Informative
The complete build process is FL/OSS!
The tool for taking all the RPM packages and composing them into an installation tree is pungi. It's FL/OSS.
The tool for taking source from CVS and turning it into packages is Koji and it's completely FL/OSS too
The tool for producing updated packages is bodhi and is FL/OSS
Be happy. The Fedora Project yet again has made major contributions to FL/OSS which can be enjoyed and improved by everyone. It means that Fedora is completely independent of Red Hat (apart from Red Hat's very generous donation of hardware and developers) and that anyone that wants to can easily produce a specialised "spin" of Fedora suited exactly to their own needs. That's one of the main innovations that Fedora is pursuing with the above: instead of being stuck dependent on the choices of a distributor you can benefit from the patched sources, even their packaging, yet diverge when needed. This should be the goal that every distribution follows, and the only thing that is similar in terms of flexibility is Gentoo, but that IMHO fails to provide an easy path for those that are happy with a distributor making the decisions for them.
I'll freely admit to being a Fedora and Red Hat fan, but I hope that the significance of the release of these build tools is not overlooked by people using other distributions.
Unless you think there is personal animosity between Mozilla people and CACert people, or you have conspiracy theories about backhanders from established CAs, then you must accept that our actions were motivated by the desire to provide a most secure browsing experience for our users.
I'm so far out of the loop that I have no idea about personal animosities or backhanders. You've got two minor bugfixes from me, so I have no knowledge of what really goes on or who's who. What I DO know is that Mozilla is not taking a lead in security:
1. The Mozilla Corp is rolling in money (so much so that according to the article it is looking for someone to manage spending it)
2. The details of your deals are secret
3. You see no problem with occupying a gatekeeper position for root certificate lists which operate on a binary model of trust
4. You have denied strenuously that the central criterion in your trust model is how much money there is to lose and now admitted it
5. You are glossing over the large problems exposed by for-profit certificates (Thawte/Verisign's most popularized breach occured AFTER they had obtained the Chartified Security Account Experts Who Sell US$250K Certs marque of approval
You know all this, I know all this. You've been dancing around like a madman trying to deny that what you're convinced by is money and that that's the reason that you trust Thawte/Verisign and not CAcert.
Even if CAcert (or anyone else) were to scoop up the $250,000 (perhaps in donations from the now lush with cash Mozilla Foundation) and meet that criterion for inclusion on the list, there would STILL BE A PROBLEM with having Thawte/Verisign there.
And you'd still be peddling the idea that certificates mean more than they do, and that free certs are less trustworthy. What you're engaged in is fabricating a set of Emperor's Clothes while scoffing at the other nudists.
So your model would be that we rank all CAs in order of evilness (in our eyes) and include only those that meet some lack-of-evilness benchmark that we set?
You mean like how much money they have?
How about ranking them in order of trust assigned to them by a reticulated network of other certificate users? Oh, wait, they wouldn't be paid for doing that so it can't be real in your eyes.
So what would a proven track record of trustworthiness look like? Are we back to demands for perfection?
All you can show is that a person was scrutinised by some other people and had certain government documents and used the proof of that scrutiny to register a domain. That's it. Any other implications of "proven trackrecords of trustworthiness" or "having some skin to lose" are only implications, mirages. The very fact that you're considering that certificates show "trustworthiness" as opposed to "a reasonably strong probability that lots of humans would have to be tricked to believe this identity" is disturbing.
So, for example, I don't complete disbelieve the identity of a site presenting a certificate just because it's a Thawte/Verisign certificate. I realize that/probably/ it's OK, but I might do a little more diligence if I'm exchanging interesting information with it. Under your model, and it's the model with which you are miseducating other net users I ought not to waste my time doing this because according to you BankX has a "proven trackrecord of trustworthiness" as verified by AIPCA.
Similarly, I ought not to trust the CAcert presenting site (even though the presenter went through between 4 to 5 scrutinies by separate assurers who have no personal gain in issuing the certificate.
Me: Ehh... so to repeat "what you trust is wealth and the threat of losing that wealth".
You (finally): If you want to characterise it that way. Why is this bad?
Because of the two effects that that has: 1) it makes it artificially hard to "get on the list" thus
But you still don't answer my key question: are you willing for CACert to be held to the same standard you are holding Verisign to? One mistake and you're out?
But that's not what I've suggested. You're operating on a very simplistic binary model of "trust". Mozilla's list of (you can trust these guys absolutely) certificates creates the wrong impression: especially when you make it hard for CAcert to get included in that list. Wow! CAcert must have done something worse than handing out Microsoft Class 3 developer certificates... and other bogus certificates that I and others can attest to personally.
So the question is, "what exactly are the standards to which Mozilla/Firefox are holding CAcert and Verisign which exclude on and include the other?" The answer it seems is that Thawte/Verisign got in early, have a proven track record (which you like to try and ignore) of untrustworthiness and after that you started a TWO YEAR LONG PROCESS of deciding what the standards were as soon as free cert groups appeared.
Me:And so now you come full circle to contradicting yourself and accepting that what you trust is wealth and the threat of losing that wealth.
You:No - what I trust is having some skin in the game. [snip] If, for example, the CACert crew were willing to put up a $1,000,000 bond against fraudulent issue (which all the EV cert-issuing CAs are doing) then that would be some skin in the game.
Ehh... so to repeat "what you trust is wealth and the threat of losing that wealth".
As for EV, more snake oil, but this time it has been demonstrated to be so before it's widespread. Firefox adoption of that is another indication that you've given up on serious security.
So you can prove that, through its long and varied life under various project leaders, the CACert root key has never been leaked, compromised, or given to someone who now has a grudge against the project?
And you can prove that about Thawte/Verisign? No, all you can prove is that they paid a lot of money to some a group of self-declared accountants with expertise in security -- and that the high-standards enforced by these people led to at least one public instance of a severe social-engineering attack. (And just as an exercise for you, try and get a cert out of Thawte/Verisign with bogus credentials. It's doable, believe me.
Actually no, I'm arguing that the standards that you claim to apply have only one criterion which CAcert fails to meet: money
No. The standard is a passed audit - i.e. a 3rd party assessment of competence. Yes, this costs money, because it takes time. It would always cost someone money. If we did it ourselves, it would cost us money instead of the prospective CA. The only alternative is taking anyone's word for it when they say "I'm competent". Not, perhaps, the best security decision.
An audit which is of very doubtful value given all the evidence about certificate authorities whom you accept as having passed such audits.
If Thawte gave away certificates for free tomorrow (and, in fact, several CAs in the store give away certain types of certificate for free) then they would still be in the store, and CACert would not. If CACert decided to start charging $100 per cert tomorrow, they would still be out. It's not about how much the CA charges for the certs.
Not directly no, but indirectly it is. CAcert can't raise the money for the audit because they don't charge money.
...and has absolutely nothing to lose if they issue a duff cert. The entire CACert team can walk away tomorrow, saying "Hey, we tried. Never mind. Beer, anyone? Shame about Firefox's reputation for security, eh?".
And so now you come full circle to contradicting yourself and accepting that what you trust is wealth and the threat of losing that wealth.
That's not something which inspires confidence.
And the practices of the major certificate issuers does? You've just taken an awful lot of responsibility on your shoulders.
The Mozilla Foundation has only one credible course left open to it: sponsor your own certificate authority, preferably by creating a massive WoT. Otherwise this is just a sham. Which we both know it is really.
Don't get the idea that I speak for CAcert. I'm just someone that wants to use free SSL certificates and am pissed off that every time I go to use them I have to explain to clients about how to import the CAcert root and try to explain why Mozilla/Firefox doesn't see fit to include this perfectly good certificate.
Actually no, it's you who are arguing that different standards should be applied to those who don't have money.
Actually no, I'm arguing that the standards that you claim to apply have only one criterion which CAcert fails to meet: money
I'm also arguing that the other standards that you claim to apply are pretty bloody low anyway as evidenced by the fact that Thawte/Verisign have a rich history of bungling and issuing certificates which they shouldn't have.
Are you arguing that the web would become a more secure place if those certificates were removed? Teaching users to ignore security warning popups on 50% of secure websites doesn't seem to me like a good way to improve security.
Teaching users that certificates issued for money (Thawte) meet a higher standard (good enough to be in Firefox root cert store) than certificates issued for free (CAcert) seems like a WORSE way to me. It may not have been Mozilla's intent, but that's what you've done. You've helped to foster the impression that a company that has an incentive to issue as many certificates in as little time as possible (because it's paid per cert) is a safer bet than an organisation that issues certificates for free. Congratulations, you've just added your own confusion to the wonderful world of security.
Well said. Pie-in-the-sky free market conditions don't apply here (if they apply anywhere), and the saddening thing is that Intel (whom I would have bought a laptop from in order precisely to get their integrated X3000 graphics because it's the best Open Source driver for 3D currently) are screwing up an important experiment.
What they should have done was to sit down with OLPC and offer to compete for XOv2: there are significant reasons to go with them, not the least being the open drivers (note that the Broadcom wireless chip in the XO which does the interesting mesh networking is NOT supported by Free/Open drivers and Broadcom have a terrible history of GPL violations and being closed source).
Instead of taking this positive route Intel seem to be wrecking the OLPC project.
Think of the chil^H^H^H^H young people, you monster.
The Classmate PC runs Microsoft Windows XP Embedded Version 2002, with Service Pack 2. There's very little installed other than drivers for the hardware and the basic Windows Accessories applications. Interestingly, the full suite of Windows desktop games were present - it seems that Intel is keen for children in the developing world to play solitaire when they're bored, just like the rest of us.http://www.trustedreviews.com/notebooks/review/200 6/09/28/Intel-Classmate-PC-EXCLUSIVE/p2
CAcert were blocked for IIRC 2 years while they waited for Mozilla to draw up guidelines about which root certificates would be included. They included and still include root certificates from Thawte/Verisign (which have been proven to have a lower standard than CAcert (no Web of Trust model) which led to them issuing Class3 developer certificates for Microsoft to an outside party.
Mozilla included those garbage certificates and then spent 2 years drawing up the ladder. CAcert will NOT be included until they can meet the requirements of the Certified Institute of Public Accounts which will cost them US$250,000 for an audit.
It is true that CAcert needs to get their act together too and is doing that (in terms of their board structure), but there's no question that different standards were applied to them, they were delayed for a shockingly long time, and one of the necessary criteria is US$250,000.
To me that's different standards being applied, with Mozilla leaning strongly in favour of those that have money.
As for "trusting implicitly", no one should trust any certificates implicitly and CAcert's WoT offers a superior model to agreeing to trust a certificate issued by Verisign/Thawte (who will take any crappy old photocopy of a driver's ID and fling out a certificate as long as you give them US$25).
When you compare the reason that the free SSL certificate providers like CAcert have been kept out of Mozilla's root certificate list (because CAcert can't pay up $250,000 for a bullshit audit from some US accountancy organisation which proves that CAcert won't mismanage funds), and now we have Mozilla doing secret deals with Google (and who knows, they could do them with Microsoft in the future). Mozilla is moving rapidly into the EvilNonOpenCompany territory... but at least the code is all GPLed.
I forgot to add, that Montessori doesn't necessarily focus on science per se, it just tries to provide equipment that is to some extent designed and tested with the idea of making it easy for the child to develop the innate abilities that they're exploring at whatever developmental stage they're at. It's great. Having seen it in action for a few years I'd really recommend it. I do repeat my caution about Froebel and "London Montessori" as being of an inferior type compared to AMI Montessori though.
Slashdot Mirror
If you use Nautilus (GNOME desktop file browser) or the KDE equivalent you can connect to remote servers graphically using SSH, WebDAV, whatever protocol you like if you find the command line not pretty enough. No need to open a terminal Nautilus->File->Connect to server->SSH
--Remote Desktop: Check. Not as slick as the Windows one, but doesn't lack for anything important.
Are you talking about Vino or Vncviewer or what? In what way is there slickness lacking?
example of where it doesn't is media production. The tools for Linux are sub par at best in my experience. In theory it might be possible to do what I need, but in practice I have never been able to figure out how and it is just too much effort. For Windows I just install Sony Vegas and go,
What do you do with Sony Vegas? I've never used it. Looking at it's bumf it looks like Audacity does a similar job. I hasten to add I don't do much besides basic chopping out segments of recordings for podcasts, fade-in/out at the edges of those segments and some adjustment of sound levels.
As far as the texteditors go I think they're one of the strongpoints of GNU/Linux. You might like JEdit
There's a better fork of Nvu called Kompozer. It's essentially a bug-fix release while the original author of Nvu recodes Nvu in XUL or something.
That's interesting. Thanks for the link. Is there some productive way to pressure Intel and help them make the final step?
Not true anymore. There is one blob of FCC regulatory compliance stuff that used to be in userspace, but has moved out of it. Intel have been busy opening up all the details on all this stuff to hackers.
Yes, that's another good option. Similarly the nouveau project for reverse-engineering Nvidia's closed, proprietary, probably-infringing-patents hardware is coming along nicely. But ... if buying new hardware then the chance for the market to reward an OPEN piece of hardware and simultaneously save on power is too good an opportunity to miss. Intel are really doing the right thing right now and it would be good to see the market confirm their strategy.
Sure. Run Windows and play those games on it, but that's irrelevant to a discussion of Linux drivers.
Only some. On the newer motherboards. See here. Make your life easier and more productive. Sell the crap hardware from proprietary companies that haven't seen the new market conditions before it's too late.
The kernel will always be a problem for closed-source software that stupidly relies on a stable ABI. The kernel intentionally stays flexible and changes rapidly in order to keep innovating. FL/OSS software has little problem rebuilding against it and staying innovative. That's why ATI and Nvidia will never be able to produce satisfactory drivers for Linux.
That's exactly why it makes most sense to go with fully open hardware supported by FL/OSS drivers unless you want to either stick with old kernel versions and not benefit from improved security and functionality, or else you have some hardcore gaming or 3D-modelling need.
The article is a long excuse explaining why AMD/ATI are unable to release decent GNU/Linux drivers. That's interesting enough as far as it goes: AMD/ATI and Nvidia both have crap closed, proprietary drivers which don't work well, make kernel updgrading difficult and are unauditable for security. So why bother with them? Further ATI have a history of dragging their ass and blocking the release of Free drivers,
Why bother with this crap? Just get an Intel GMA X3000 integrated motherboard and save time, power, money and hassle due to Intel "getting it" and releasing Open Source drivers and full specs. (You'll probably also be able to benefit from their free wireless drivers.
If you're into hardcore gaming then you're probably running a PS3 or an Xbox on the side anyway.
There's something called the Common Debian Build System (or was a year or two ago) which doesn't seem to make it as easy and straightforward as the Fedora tools.
That would be here
Even if you're not interested in using Koji locally for your own purposes and just want to find out what the status of your favorite package is you can look at it on Fedora's Koji server. Click a package name on the left and you can see what patches have been applied according to the cnangelog and whether the package is being rebuilt, or waiting on review or whatever. It's superb.
The complete build process is FL/OSS!
The tool for taking all the RPM packages and composing them into an installation tree is pungi. It's FL/OSS.
The tool for taking source from CVS and turning it into packages is Koji and it's completely FL/OSS too
The tool for producing updated packages is bodhi and is FL/OSS
Be happy. The Fedora Project yet again has made major contributions to FL/OSS which can be enjoyed and improved by everyone. It means that Fedora is completely independent of Red Hat (apart from Red Hat's very generous donation of hardware and developers) and that anyone that wants to can easily produce a specialised "spin" of Fedora suited exactly to their own needs. That's one of the main innovations that Fedora is pursuing with the above: instead of being stuck dependent on the choices of a distributor you can benefit from the patched sources, even their packaging, yet diverge when needed. This should be the goal that every distribution follows, and the only thing that is similar in terms of flexibility is Gentoo, but that IMHO fails to provide an easy path for those that are happy with a distributor making the decisions for them.
I'll freely admit to being a Fedora and Red Hat fan, but I hope that the significance of the release of these build tools is not overlooked by people using other distributions.
Unless you think there is personal animosity between Mozilla people and CACert people, or you have conspiracy theories about backhanders from established CAs, then you must accept that our actions were motivated by the desire to provide a most secure browsing experience for our users.
I'm so far out of the loop that I have no idea about personal animosities or backhanders. You've got two minor bugfixes from me, so I have no knowledge of what really goes on or who's who. What I DO know is that Mozilla is not taking a lead in security:
You know all this, I know all this. You've been dancing around like a madman trying to deny that what you're convinced by is money and that that's the reason that you trust Thawte/Verisign and not CAcert.
Even if CAcert (or anyone else) were to scoop up the $250,000 (perhaps in donations from the now lush with cash Mozilla Foundation) and meet that criterion for inclusion on the list, there would STILL BE A PROBLEM with having Thawte/Verisign there.
And you'd still be peddling the idea that certificates mean more than they do, and that free certs are less trustworthy. What you're engaged in is fabricating a set of Emperor's Clothes while scoffing at the other nudists.
So your model would be that we rank all CAs in order of evilness (in our eyes) and include only those that meet some lack-of-evilness benchmark that we set?
You mean like how much money they have?
How about ranking them in order of trust assigned to them by a reticulated network of other certificate users? Oh, wait, they wouldn't be paid for doing that so it can't be real in your eyes.
So what would a proven track record of trustworthiness look like? Are we back to demands for perfection?
All you can show is that a person was scrutinised by some other people and had certain government documents and used the proof of that scrutiny to register a domain. That's it. Any other implications of "proven trackrecords of trustworthiness" or "having some skin to lose" are only implications, mirages. The very fact that you're considering that certificates show "trustworthiness" as opposed to "a reasonably strong probability that lots of humans would have to be tricked to believe this identity" is disturbing.
So, for example, I don't complete disbelieve the identity of a site presenting a certificate just because it's a Thawte/Verisign certificate. I realize that /probably/ it's OK, but I might do a little more diligence if I'm exchanging interesting information with it. Under your model, and it's the model with which you are miseducating other net users I ought not to waste my time doing this because according to you BankX has a "proven trackrecord of trustworthiness" as verified by AIPCA.
Similarly, I ought not to trust the CAcert presenting site (even though the presenter went through between 4 to 5 scrutinies by separate assurers who have no personal gain in issuing the certificate.
Me: Ehh... so to repeat "what you trust is wealth and the threat of losing that wealth".
You (finally): If you want to characterise it that way. Why is this bad?
Because of the two effects that that has: 1) it makes it artificially hard to "get on the list" thus
But you still don't answer my key question: are you willing for CACert to be held to the same standard you are holding Verisign to? One mistake and you're out?
But that's not what I've suggested. You're operating on a very simplistic binary model of "trust". Mozilla's list of (you can trust these guys absolutely) certificates creates the wrong impression: especially when you make it hard for CAcert to get included in that list. Wow! CAcert must have done something worse than handing out Microsoft Class 3 developer certificates ... and other bogus certificates that I and others can attest to personally.
So the question is, "what exactly are the standards to which Mozilla/Firefox are holding CAcert and Verisign which exclude on and include the other?" The answer it seems is that Thawte/Verisign got in early, have a proven track record (which you like to try and ignore) of untrustworthiness and after that you started a TWO YEAR LONG PROCESS of deciding what the standards were as soon as free cert groups appeared.
Me:And so now you come full circle to contradicting yourself and accepting that what you trust is wealth and the threat of losing that wealth.
You:No - what I trust is having some skin in the game. [snip] If, for example, the CACert crew were willing to put up a $1,000,000 bond against fraudulent issue (which all the EV cert-issuing CAs are doing) then that would be some skin in the game.
Ehh... so to repeat "what you trust is wealth and the threat of losing that wealth".
As for EV, more snake oil, but this time it has been demonstrated to be so before it's widespread. Firefox adoption of that is another indication that you've given up on serious security.
So you can prove that, through its long and varied life under various project leaders, the CACert root key has never been leaked, compromised, or given to someone who now has a grudge against the project?
And you can prove that about Thawte/Verisign? No, all you can prove is that they paid a lot of money to some a group of self-declared accountants with expertise in security -- and that the high-standards enforced by these people led to at least one public instance of a severe social-engineering attack. (And just as an exercise for you, try and get a cert out of Thawte/Verisign with bogus credentials. It's doable, believe me.
Actually no, I'm arguing that the standards that you claim to apply have only one criterion which CAcert fails to meet: money No. The standard is a passed audit - i.e. a 3rd party assessment of competence. Yes, this costs money, because it takes time. It would always cost someone money. If we did it ourselves, it would cost us money instead of the prospective CA. The only alternative is taking anyone's word for it when they say "I'm competent". Not, perhaps, the best security decision.
An audit which is of very doubtful value given all the evidence about certificate authorities whom you accept as having passed such audits.
If Thawte gave away certificates for free tomorrow (and, in fact, several CAs in the store give away certain types of certificate for free) then they would still be in the store, and CACert would not. If CACert decided to start charging $100 per cert tomorrow, they would still be out. It's not about how much the CA charges for the certs.
Not directly no, but indirectly it is. CAcert can't raise the money for the audit because they don't charge money.
And so now you come full circle to contradicting yourself and accepting that what you trust is wealth and the threat of losing that wealth.
That's not something which inspires confidence.
And the practices of the major certificate issuers does? You've just taken an awful lot of responsibility on your shoulders.
The Mozilla Foundation has only one credible course left open to it: sponsor your own certificate authority, preferably by creating a massive WoT. Otherwise this is just a sham. Which we both know it is really.
Your only distinguishing measure of competence at this stage is $US250,000.
Don't get the idea that I speak for CAcert. I'm just someone that wants to use free SSL certificates and am pissed off that every time I go to use them I have to explain to clients about how to import the CAcert root and try to explain why Mozilla/Firefox doesn't see fit to include this perfectly good certificate.
Actually no, it's you who are arguing that different standards should be applied to those who don't have money.
Actually no, I'm arguing that the standards that you claim to apply have only one criterion which CAcert fails to meet: money
I'm also arguing that the other standards that you claim to apply are pretty bloody low anyway as evidenced by the fact that Thawte/Verisign have a rich history of bungling and issuing certificates which they shouldn't have.
Are you arguing that the web would become a more secure place if those certificates were removed? Teaching users to ignore security warning popups on 50% of secure websites doesn't seem to me like a good way to improve security.
Teaching users that certificates issued for money (Thawte) meet a higher standard (good enough to be in Firefox root cert store) than certificates issued for free (CAcert) seems like a WORSE way to me. It may not have been Mozilla's intent, but that's what you've done. You've helped to foster the impression that a company that has an incentive to issue as many certificates in as little time as possible (because it's paid per cert) is a safer bet than an organisation that issues certificates for free. Congratulations, you've just added your own confusion to the wonderful world of security.
Well said. Pie-in-the-sky free market conditions don't apply here (if they apply anywhere), and the saddening thing is that Intel (whom I would have bought a laptop from in order precisely to get their integrated X3000 graphics because it's the best Open Source driver for 3D currently) are screwing up an important experiment.
What they should have done was to sit down with OLPC and offer to compete for XOv2: there are significant reasons to go with them, not the least being the open drivers (note that the Broadcom wireless chip in the XO which does the interesting mesh networking is NOT supported by Free/Open drivers and Broadcom have a terrible history of GPL violations and being closed source).
Instead of taking this positive route Intel seem to be wrecking the OLPC project.
Think of the chil^H^H^H^H young people, you monster.0 6/09/28/Intel-Classmate-PC-EXCLUSIVE/p2
The Classmate PC runs Microsoft Windows XP Embedded Version 2002, with Service Pack 2. There's very little installed other than drivers for the hardware and the basic Windows Accessories applications. Interestingly, the full suite of Windows desktop games were present - it seems that Intel is keen for children in the developing world to play solitaire when they're bored, just like the rest of us. http://www.trustedreviews.com/notebooks/review/20
CAcert were blocked for IIRC 2 years while they waited for Mozilla to draw up guidelines about which root certificates would be included. They included and still include root certificates from Thawte/Verisign (which have been proven to have a lower standard than CAcert (no Web of Trust model) which led to them issuing Class3 developer certificates for Microsoft to an outside party. Mozilla included those garbage certificates and then spent 2 years drawing up the ladder. CAcert will NOT be included until they can meet the requirements of the Certified Institute of Public Accounts which will cost them US$250,000 for an audit. It is true that CAcert needs to get their act together too and is doing that (in terms of their board structure), but there's no question that different standards were applied to them, they were delayed for a shockingly long time, and one of the necessary criteria is US$250,000. To me that's different standards being applied, with Mozilla leaning strongly in favour of those that have money. As for "trusting implicitly", no one should trust any certificates implicitly and CAcert's WoT offers a superior model to agreeing to trust a certificate issued by Verisign/Thawte (who will take any crappy old photocopy of a driver's ID and fling out a certificate as long as you give them US$25).
When you compare the reason that the free SSL certificate providers like CAcert have been kept out of Mozilla's root certificate list (because CAcert can't pay up $250,000 for a bullshit audit from some US accountancy organisation which proves that CAcert won't mismanage funds), and now we have Mozilla doing secret deals with Google (and who knows, they could do them with Microsoft in the future). Mozilla is moving rapidly into the EvilNonOpenCompany territory... but at least the code is all GPLed.
No, I forgot to log in the first time ;)
I forgot to add, that Montessori doesn't necessarily focus on science per se, it just tries to provide equipment that is to some extent designed and tested with the idea of making it easy for the child to develop the innate abilities that they're exploring at whatever developmental stage they're at. It's great. Having seen it in action for a few years I'd really recommend it. I do repeat my caution about Froebel and "London Montessori" as being of an inferior type compared to AMI Montessori though.
So, it would be reasonable to assume that any development branch stuff including current CVS snapshot would be inadmissible.