Is it that people talk loudly on cellphones and therefore you notice, or is that that some people talk loudly on cellphones, but people who talk quietly on cellphones don't attract attention, so the only people on cellphones you notice are those that speak loudly?
I don't buy the "Cellphones make people rude and loud" claim. I don't get complaints, rude stares, or any other signs my use of my cellphone is causing annoyance but I see others subjected to that treatment when they really are loud and annoying. I have to assume that I, like probably 95% of the population, am simply invisible, because I don't speak loudly into my phone, I keep my conversations in public short, and my cellphone uses vibration to notify me of calls rather than a loud, annoying, ring.
I don't think either explanation really matches reality. Usenet started to seriously deteriorate to the point most people I knew who were regulars started to drop it around 1995-1998. At that time, while there were web forums, they were still in the teething stage and no replacement for Usenet. That, for me, is the time Usenet "died". It began to be re-invented as a binaries distribution network shortly thereafter.
Why did it die? Spam. Spammers began to make swathes of Usenet unreadable. After a few managable carpetbombs, the serious spammers first attacked in earnest the alt.sex hierarchy (it's an interesting fact that comes as a surprise to many that back in the early nineties, alt.sex contained some of the most respected newsgroups in Usenet. alt.sex.bondage, for example, was originally started after a prank revealed massive interest in such a group, and it became one of the more respected groups thereafter.) The groups became unusable within two years, with a few migrating to "safer" areas out of the alt.* hierarchy. After that the rest of Usenet started to get similarly hit.
A few attempts were made to protect Usenet, from serious attempts to hold ISPs to account for their users (which caused more damage than it helped, as the legitimate customers of those ISPs were cut off from Usenet too and as a result drifted away, reducing the S/N ratio even further) to attempts to introduce various forms of moderation that, ultimately, also caused more damage.
People just gave up. Even the spammers started to give up after a few years largely because it wasn't worth their time any more, but by that time Usenet was dead anyway.
What's dying today isn't Usenet, at least not the network in operation back from 1980. It's a binaries distribution system, the one that took over from the mid-nineties onwards.
And frankly, I don't know about you, but I don't care about that one.
They may be sending that signal when you're actually talking on the phone, but when the phone is idle (which is usually when people look at the bars) the phone isn't transmitting anything except the very occasional signal to say it's changed tower or still here. So there's nothing for the tower to base any diagnostic on.
Expect it all to be resolved in the forthcoming "WCWCSSWMCLEMDACTB Act (We Can't Win Civil Suits So We're Making Copyright Law Even More Draconian And Criminal To Boot)", where $2,000 out-of-court settlements will be replaced with mandatory prison sentences coupled with confiscation of your equipment and even more hefty fines.
And to those who complain it can't happen, because "the people" wouldn't stand for it, we've had the somewhat more unjust War on Drugs now for around 40 years, and criticizing that - which also involves mandatory prison sentences but this time for victimless crimes - gets you discredited as a pot-smoking lunatic in short order.
Unlike those who pressed the WoD, the music industry has a legitimate beef here. There's no good reason for everyone to be putting music online without the consent of those that made it. If the lawsuits fail, and especially if they fail because the music industry is not allowed to press them, then it's not hard to see how a sympathetic congress would pass laws raising the temperature.
Or these guys. I like the theme of this ad, the whole idea that Senators, Congressmen, corrupt telcos and abusive Executive Branches cannot get away with what they're doing because those that oppose them are not going to give up.
And, you know, that's fine. I don't think anybody has a problem with Apple doing that. It's honest, it doesn't depict Mac OS X as a separate product if Apple doesn't see it as that.
How do you create a successful phishing site where your identity is known? Getting a CA to authorize the SSL certificate for your phishing site is like breaking into people's houses, stealing their TVs, and leaving a calling card with your full name and address in its place.
The SSL certificate will identify YOU. It will create a chain of accountability that means people will associate citicardbank.com with you, rather than whatever fake credentials you used to create the domain. That's why we have CAs.
Do this, my socialist friend: go and read on the Slaughterhouse Cases
Socialism: A belief that rights such as freedom of speech belong to the people, rather than the State.
One assumes anyway, from the above. Given your identification as a libertarian and your approving belief in some legitimacy of state government, one assumes that the following definition also applies:
Libertarianism: A belief that rights such as freedom of speech belong to the State, which shall have the right to initiate force to suppress speech amongst the people.
Never really did understand why some so-called Libertarians actually believe in draconian, fascistic, governments. It seems a contradiction. Saying "Oh, it's only State governments we believe should have the right to execute people for believing in the wrong God" doesn't seem to make it any better to me. Either you believe in personal liberty, or you're a statist.
Kind of hard for Apple to do this given they don't have any OEMs.
It's like two countries. One has a whole set of unjust laws: jailtime for non-churchgoers, jailtime for criticizing the government, jailtime for having an Internet connection, and another country that just keeps everyone in jail, all the time.
The people in the second country wouldn't be able to claim moral superiority over the first by arguing that, yes, everyone is in prison at the moment, but at least they don't jail people for not going to Church.
At this point Apple's lack of serious control over the market, and the fact the iPhone is more hype than substance, means that Apple trying to control their customers isn't anything like as important as when Microsoft does it, or did it. One hopes we'll be at a point soon, with Ubuntu being what it is, where enough people switch to either Mac OS X or GNU/Linux to mean it no longer matters much when Microsoft does it either.
Are you kidding? Everyone knows about that, if only because of Airplane 2:
Controller #3: Get me Steve McCroskey!
Controller #2: Are you kidding? Ever since Reagan fired the air traffic controllers, he's been completely senile!
Controller #3: Yeah, but what about McCroskey?
Controller #2: About the same as Reagan.
People were also saying that in the 1950s, when TV started to make headway into the home.
And, surprisingly enough, theaters did nearly die. Despite massive technical improvements, from the introduction of widescreen to experiments with 3D, cinema audiences started to trail off, until George Lucas and Steven Spielberg turned the tide in the 1970s with Star Wars and Jaws. Until High Concept came on the scene, theaters started to find the only way to survive was to cater to niches, showing cheap imported movies to diehard audiences. Lucas, in particular, forced the industry to accept it had to adopt greater standards, forcing cinemas to improve their sound and projection systems, and making more expensive but far more watchable films aimed at larger audiences.
The reason why VHS and DVD didn't kill cinema is because Hollywood did a lot of work to make sure neither would do so. Cinemas get the films at least six months before the VHS and DVD release. The major publicity for the films is given then, with the DVDs and tapes given more modest amounts of promotion. The quality of both, while "as good as the technology allows", is not enough to reproduce the cinematic experience (except, perhaps, aurally in the case of DVD. And, actually, DVD looks pretty superb on a modern flatscreen TV too, but that's a recent development.)
Hollywood continues to keep the delay between cinematic and home video release, which is why Blu-ray still has that stupid region encoding system. But if truth be told, I think everyone recognizes that the HD formats - including the 720p downloads (at least, when they're given decent soundtracks) - are good enough to get us back to a situation where home video/TV systems compete with cinemas. But unlike the 1950s, where TV - a free entertainment medium not under their control - actively competed with the industry, we're now looking at a situation where Hollywood profits regardless of whether the revenue comes from cinema releases, disc sales, or download fees. This means cinemas are no longer under the protection they once were.
Oh sure, there's still some incentive for Hollywood to keep the cinema system running, not least the fact that they can double-dip with a large number of viewers, who'll watch it at the cinema and then spend the money on the DVD or download version. But they're no longer married to the system. If disc sales or online downloads end up making more revenues than the Box Office, goodbye the latter.
Well, you can do all that with a minimal crew and robots. This article is written under the presumption we want to colonize other planets, not just pillage their resources, hence the talk of floating cities (Empire Strikes Back parallels notwithstanding, the latter wasn't a documentary...)
If you're looking at places to situate people, then Venus is in the running if only because of the gravity. Of course, Saturn also has a gravity similar to Earth - I'd imagine the radiation from Saturn rules out any chance of making floating cities there viable though.
Vietnam was a disaster because it was a civil war that the US treated as a conventional war between nations. While the US was under the impression it was somehow preventing the takeover of the country from a foreign force, it was instead fighting against the country's citizenry, attempting to subjugate an unwilling populace. Beyond a straightforward occupation, there is no way to "win" in this scenario, and an occupation isn't acceptable by any metric.
Did the politicians screw up? Sure. But the Military would have done no better left to its own devices either. It would not have "occupied" Vietnam, it would have simply turned up the force used against the Vietcong. There would have been more blood shed, the people of Vietnam would have become even more resolute against both the South and the US, and "victory" would have been further away than ever. I put the word "Victory" in quotes because there was never any chance of a victory as the US defined it. It saw Vietnam strictly as a situation where the country needed to be saved from a foreign power to prevent other countries from falling from the same foreign power. But there was no foreign power, even if the Vietcong - AFTER the US involved itself - had some material support from Red nations. The reality was the entire thing was a tilting at windmills thing, the US being Don Quixote, but with higher stakes and horrific results. You can't win a war where victory is technically impossible.
I wasn't sure who Admiral Rickover was, so I did a little research and found this YouTube video which gives quite a bit of information on how he was able to avoid giving up control over his part of the Navy. Hope this helps people who were as baffled as I was reading the above.
Last time I did it (a few years ago), we were asked (in addition to the other documents) to fax a signed statement from an officer of the company confirming we were authorized to act on behalf of our employer.
BTW, anyone here want to post an explanation for why I was modbombed to hell for posting a correct statement? Are any of these moderators people who actually get full blown valid CA-signed SSL certificates, or did they get some cheap thing that IE and Firefox doesn't treat as a full certificate and think "Oh, that was easy, even though it's not actually what we're talking about here I'm going to mod down a statement about how it takes a certain amount of documentation to get an SSL certificate"?
If you buy them "ALL THE TIME" and never have to present any identification information, then I can only assume you have a standing arrangement with a CA and have already registered your details with them. If you really go to arbitrary CAs you've never done business with before, and are asked for no proof you are who you say you are, then I'd like to know who those CAs are. They probably need to have their authorities revoked.
Your experience neither matches my own, nor those of the people I asked who also have gone through the process in the past.
That's exactly what I said it is, so saying "No" as if what I said was wrong is inappropriate.
CACert only proves you have control over a domain. Like I said, you can register a domain such as "citicardbank.com" using throwaway information (because domain name registration is easy to do anonymously), then get a CACert certificate registered for citicardbank.com, and go right ahead and phish without anyone ever finding out it was you.
This is entirely different to the CAs whose authorities are recognized in the default installs of IE and Firefox. You have to prove more than simply owning the domain, you have to prove you are who you say you are. I've been through the process, it's a PITA, involving the production of legal documents and other proof.
The point here is to allow users to trust HTTPS sites knowing that if someone's trying to use one to scam them, they can be identified. CACert fails in providing that trust. It's almost useless as a CA and its use shouldn't be recommended.
Have you ever applied for an SSL certificate? It's a PITA, because you do have to provide the issuer with a load of documentation (usually comprising of some legal documents such as your employer's charter et al, plus evidence you do, actually, work for them) to confirm you're who you say you are.
DNA evidence, FWIW, doesn't work because generally SSL certs are issued to corporate entities, not people, and it'd be hard to prove you're the holder of that DNA anyway...
"One entire point?" It's one *use* of SSL, but certainly not the only one.
Indeed, hence the words "One entire point" rather than "All entire points" or even "The entire point".
However, yes, authentication is a key part of SSL. It's so behind-the-scenes it's often hard to notice that people use it all the time. You click on the HTTPS link to "citibank.com", and up comes the padlock and login for Citibank. You know, at this point, it's the real deal. Most people aren't sure why it works, they just know it generally does.
First of all, that's not in any way, shape, or form, a counterpoint.
Are you using different top level domains for all your systems? Because if you're not, you should be able to make do with a wildcard SSL certificate, which generally runs to a few hundred dollars per year, not $1,000. Just saying.
In any case, your particular set of circumstances means you have control over who would need the self-signed certificates. In particular, you can legitimately create a CA of your own and import it's certificate into the web browsers of your users, because that CA (you) is accountable to you and your users.
This is very different from someone outside of the organization trying to get "secure access" to your systems, not knowing for sure that they really are connecting to you (and not a typosquatter.)
All CACert does is verify that you have control of the domain name you're trying to get a certificate for before issuing a certificate. That means that you can, with CACert, register something like "citicardbank.com" using throwaway fake information, put up a phishing website, get a certificate for it, and look perfectly legitimate to anyone you phish, without any of your victims ever being able to find out who you were. It doesn't, of course, have to be phishing. It could be "discountjewelryandelectonics.com", with you raking in the "orders" and running away with the cash, again with nobody able to find out who you are.
Given the general security principle, espoused by most web browser makers, of "Trust nobody unless it's a secure connection, and even then be careful", it makes no sense for Mozilla, Opera, or Microsoft to encourage the use of unaccountable certificates. CACert is fundamentally a bad idea, at least with the current implementation of most web browsers. The only way to make it acceptable is for the user to be warned every time they visit a new website with a certificate signed by a accountability-free CA.
And given it's the warnings the submitter is whining about, well, what's the point?
One entire point of SSL is to ensure that the user can trust the site they're connecting to. If I register citicardbank.com, my inability to get an SSL certificate for it without being traced by my phishing victims severely undermines my ability to rip people off.
The only way to get what you're asking for is to get a secondary protocol, somewhere between HTTP and HTTPS, that would provide privacy for the communication link but wouldn't promote the notion that the end domain is what it says it is. Whether such a thing is a good idea is open to question, even if it is desirable.
If push comes to shove, the only problem with the present regime is that it's expensive. There's increasing amounts of competition in that space, so you should expect prices to come down over time. Wait..com domain names once cost more than what many SSL certs do today.
Yes, we need to fix the system, and as soon as possible. However, that doesn't preclude us from making decisions about who to vote for today on the basis of "I know enough about this candidate to know that, whether his heart's in the right place or not, he'd destroy the country, and I know enough about this other candidate to know that, while he's disappointed us recently and while no candidate is as big a candidate for change as they pretend to be, he'll at least keep the country limping along for the next 4-8 years."
Of course, if you believe the best way to fix the system is to destroy the country, then go right ahead, vote for the worst possible candidate. But getting the candidate in that will cause the most problems is what Nader thought he was doing, and eight years later the system is worse than ever, and the country has drifted to the right. Destroying a country to fix it is a dangerous game to play, it can get worse, and the history of countries that have faced economic ruin followed by a revolutionary response has generally been disastrous.
He doesn't support "illegal wiretapping", though he went back on his word to fillibuster attempts to let people who provided material support to the government's lawlessness off the hook, and he's supported an expansion of government powers that many of us disagree with. You're zero for two, you can't even get right the issue he really has reversed himself on.
Is it that people talk loudly on cellphones and therefore you notice, or is that that some people talk loudly on cellphones, but people who talk quietly on cellphones don't attract attention, so the only people on cellphones you notice are those that speak loudly?
I don't buy the "Cellphones make people rude and loud" claim. I don't get complaints, rude stares, or any other signs my use of my cellphone is causing annoyance but I see others subjected to that treatment when they really are loud and annoying. I have to assume that I, like probably 95% of the population, am simply invisible, because I don't speak loudly into my phone, I keep my conversations in public short, and my cellphone uses vibration to notify me of calls rather than a loud, annoying, ring.
I don't think either explanation really matches reality. Usenet started to seriously deteriorate to the point most people I knew who were regulars started to drop it around 1995-1998. At that time, while there were web forums, they were still in the teething stage and no replacement for Usenet. That, for me, is the time Usenet "died". It began to be re-invented as a binaries distribution network shortly thereafter.
Why did it die? Spam. Spammers began to make swathes of Usenet unreadable. After a few managable carpetbombs, the serious spammers first attacked in earnest the alt.sex hierarchy (it's an interesting fact that comes as a surprise to many that back in the early nineties, alt.sex contained some of the most respected newsgroups in Usenet. alt.sex.bondage, for example, was originally started after a prank revealed massive interest in such a group, and it became one of the more respected groups thereafter.) The groups became unusable within two years, with a few migrating to "safer" areas out of the alt.* hierarchy. After that the rest of Usenet started to get similarly hit.
A few attempts were made to protect Usenet, from serious attempts to hold ISPs to account for their users (which caused more damage than it helped, as the legitimate customers of those ISPs were cut off from Usenet too and as a result drifted away, reducing the S/N ratio even further) to attempts to introduce various forms of moderation that, ultimately, also caused more damage.
People just gave up. Even the spammers started to give up after a few years largely because it wasn't worth their time any more, but by that time Usenet was dead anyway.
What's dying today isn't Usenet, at least not the network in operation back from 1980. It's a binaries distribution system, the one that took over from the mid-nineties onwards.
And frankly, I don't know about you, but I don't care about that one.
They may be sending that signal when you're actually talking on the phone, but when the phone is idle (which is usually when people look at the bars) the phone isn't transmitting anything except the very occasional signal to say it's changed tower or still here. So there's nothing for the tower to base any diagnostic on.
Expect it all to be resolved in the forthcoming "WCWCSSWMCLEMDACTB Act (We Can't Win Civil Suits So We're Making Copyright Law Even More Draconian And Criminal To Boot)", where $2,000 out-of-court settlements will be replaced with mandatory prison sentences coupled with confiscation of your equipment and even more hefty fines.
And to those who complain it can't happen, because "the people" wouldn't stand for it, we've had the somewhat more unjust War on Drugs now for around 40 years, and criticizing that - which also involves mandatory prison sentences but this time for victimless crimes - gets you discredited as a pot-smoking lunatic in short order.
Unlike those who pressed the WoD, the music industry has a legitimate beef here. There's no good reason for everyone to be putting music online without the consent of those that made it. If the lawsuits fail, and especially if they fail because the music industry is not allowed to press them, then it's not hard to see how a sympathetic congress would pass laws raising the temperature.
Or these guys. I like the theme of this ad, the whole idea that Senators, Congressmen, corrupt telcos and abusive Executive Branches cannot get away with what they're doing because those that oppose them are not going to give up.
And, you know, that's fine. I don't think anybody has a problem with Apple doing that. It's honest, it doesn't depict Mac OS X as a separate product if Apple doesn't see it as that.
They should have realized something was up when the guy started writing his own filesystem...
How do you create a successful phishing site where your identity is known? Getting a CA to authorize the SSL certificate for your phishing site is like breaking into people's houses, stealing their TVs, and leaving a calling card with your full name and address in its place.
The SSL certificate will identify YOU. It will create a chain of accountability that means people will associate citicardbank.com with you, rather than whatever fake credentials you used to create the domain. That's why we have CAs.
Socialism: A belief that rights such as freedom of speech belong to the people, rather than the State.
One assumes anyway, from the above. Given your identification as a libertarian and your approving belief in some legitimacy of state government, one assumes that the following definition also applies:
Libertarianism: A belief that rights such as freedom of speech belong to the State, which shall have the right to initiate force to suppress speech amongst the people.
Never really did understand why some so-called Libertarians actually believe in draconian, fascistic, governments. It seems a contradiction. Saying "Oh, it's only State governments we believe should have the right to execute people for believing in the wrong God" doesn't seem to make it any better to me. Either you believe in personal liberty, or you're a statist.
Kind of hard for Apple to do this given they don't have any OEMs.
It's like two countries. One has a whole set of unjust laws: jailtime for non-churchgoers, jailtime for criticizing the government, jailtime for having an Internet connection, and another country that just keeps everyone in jail, all the time.
The people in the second country wouldn't be able to claim moral superiority over the first by arguing that, yes, everyone is in prison at the moment, but at least they don't jail people for not going to Church.
At this point Apple's lack of serious control over the market, and the fact the iPhone is more hype than substance, means that Apple trying to control their customers isn't anything like as important as when Microsoft does it, or did it. One hopes we'll be at a point soon, with Ubuntu being what it is, where enough people switch to either Mac OS X or GNU/Linux to mean it no longer matters much when Microsoft does it either.
Are you kidding? Everyone knows about that, if only because of Airplane 2:
Controller #3: Get me Steve McCroskey!
Controller #2: Are you kidding? Ever since Reagan fired the air traffic controllers, he's been completely senile!
Controller #3: Yeah, but what about McCroskey?
Controller #2: About the same as Reagan.
People were also saying that in the 1950s, when TV started to make headway into the home.
And, surprisingly enough, theaters did nearly die. Despite massive technical improvements, from the introduction of widescreen to experiments with 3D, cinema audiences started to trail off, until George Lucas and Steven Spielberg turned the tide in the 1970s with Star Wars and Jaws. Until High Concept came on the scene, theaters started to find the only way to survive was to cater to niches, showing cheap imported movies to diehard audiences. Lucas, in particular, forced the industry to accept it had to adopt greater standards, forcing cinemas to improve their sound and projection systems, and making more expensive but far more watchable films aimed at larger audiences.
The reason why VHS and DVD didn't kill cinema is because Hollywood did a lot of work to make sure neither would do so. Cinemas get the films at least six months before the VHS and DVD release. The major publicity for the films is given then, with the DVDs and tapes given more modest amounts of promotion. The quality of both, while "as good as the technology allows", is not enough to reproduce the cinematic experience (except, perhaps, aurally in the case of DVD. And, actually, DVD looks pretty superb on a modern flatscreen TV too, but that's a recent development.)
Hollywood continues to keep the delay between cinematic and home video release, which is why Blu-ray still has that stupid region encoding system. But if truth be told, I think everyone recognizes that the HD formats - including the 720p downloads (at least, when they're given decent soundtracks) - are good enough to get us back to a situation where home video/TV systems compete with cinemas. But unlike the 1950s, where TV - a free entertainment medium not under their control - actively competed with the industry, we're now looking at a situation where Hollywood profits regardless of whether the revenue comes from cinema releases, disc sales, or download fees. This means cinemas are no longer under the protection they once were.
Oh sure, there's still some incentive for Hollywood to keep the cinema system running, not least the fact that they can double-dip with a large number of viewers, who'll watch it at the cinema and then spend the money on the DVD or download version. But they're no longer married to the system. If disc sales or online downloads end up making more revenues than the Box Office, goodbye the latter.
Well, you can do all that with a minimal crew and robots. This article is written under the presumption we want to colonize other planets, not just pillage their resources, hence the talk of floating cities (Empire Strikes Back parallels notwithstanding, the latter wasn't a documentary...)
If you're looking at places to situate people, then Venus is in the running if only because of the gravity. Of course, Saturn also has a gravity similar to Earth - I'd imagine the radiation from Saturn rules out any chance of making floating cities there viable though.
Vietnam was a disaster because it was a civil war that the US treated as a conventional war between nations. While the US was under the impression it was somehow preventing the takeover of the country from a foreign force, it was instead fighting against the country's citizenry, attempting to subjugate an unwilling populace. Beyond a straightforward occupation, there is no way to "win" in this scenario, and an occupation isn't acceptable by any metric.
Did the politicians screw up? Sure. But the Military would have done no better left to its own devices either. It would not have "occupied" Vietnam, it would have simply turned up the force used against the Vietcong. There would have been more blood shed, the people of Vietnam would have become even more resolute against both the South and the US, and "victory" would have been further away than ever. I put the word "Victory" in quotes because there was never any chance of a victory as the US defined it. It saw Vietnam strictly as a situation where the country needed to be saved from a foreign power to prevent other countries from falling from the same foreign power. But there was no foreign power, even if the Vietcong - AFTER the US involved itself - had some material support from Red nations. The reality was the entire thing was a tilting at windmills thing, the US being Don Quixote, but with higher stakes and horrific results. You can't win a war where victory is technically impossible.
I wasn't sure who Admiral Rickover was, so I did a little research and found this YouTube video which gives quite a bit of information on how he was able to avoid giving up control over his part of the Navy. Hope this helps people who were as baffled as I was reading the above.
Last time I did it (a few years ago), we were asked (in addition to the other documents) to fax a signed statement from an officer of the company confirming we were authorized to act on behalf of our employer.
BTW, anyone here want to post an explanation for why I was modbombed to hell for posting a correct statement? Are any of these moderators people who actually get full blown valid CA-signed SSL certificates, or did they get some cheap thing that IE and Firefox doesn't treat as a full certificate and think "Oh, that was easy, even though it's not actually what we're talking about here I'm going to mod down a statement about how it takes a certain amount of documentation to get an SSL certificate"?
If you buy them "ALL THE TIME" and never have to present any identification information, then I can only assume you have a standing arrangement with a CA and have already registered your details with them. If you really go to arbitrary CAs you've never done business with before, and are asked for no proof you are who you say you are, then I'd like to know who those CAs are. They probably need to have their authorities revoked.
Your experience neither matches my own, nor those of the people I asked who also have gone through the process in the past.
That's exactly what I said it is, so saying "No" as if what I said was wrong is inappropriate.
CACert only proves you have control over a domain. Like I said, you can register a domain such as "citicardbank.com" using throwaway information (because domain name registration is easy to do anonymously), then get a CACert certificate registered for citicardbank.com, and go right ahead and phish without anyone ever finding out it was you.
This is entirely different to the CAs whose authorities are recognized in the default installs of IE and Firefox. You have to prove more than simply owning the domain, you have to prove you are who you say you are. I've been through the process, it's a PITA, involving the production of legal documents and other proof.
The point here is to allow users to trust HTTPS sites knowing that if someone's trying to use one to scam them, they can be identified. CACert fails in providing that trust. It's almost useless as a CA and its use shouldn't be recommended.
Have you ever applied for an SSL certificate? It's a PITA, because you do have to provide the issuer with a load of documentation (usually comprising of some legal documents such as your employer's charter et al, plus evidence you do, actually, work for them) to confirm you're who you say you are.
DNA evidence, FWIW, doesn't work because generally SSL certs are issued to corporate entities, not people, and it'd be hard to prove you're the holder of that DNA anyway...
Indeed, hence the words "One entire point" rather than "All entire points" or even "The entire point".
However, yes, authentication is a key part of SSL. It's so behind-the-scenes it's often hard to notice that people use it all the time. You click on the HTTPS link to "citibank.com", and up comes the padlock and login for Citibank. You know, at this point, it's the real deal. Most people aren't sure why it works, they just know it generally does.
I'd imagine you're one of them.
First of all, that's not in any way, shape, or form, a counterpoint.
Are you using different top level domains for all your systems? Because if you're not, you should be able to make do with a wildcard SSL certificate, which generally runs to a few hundred dollars per year, not $1,000. Just saying.
In any case, your particular set of circumstances means you have control over who would need the self-signed certificates. In particular, you can legitimately create a CA of your own and import it's certificate into the web browsers of your users, because that CA (you) is accountable to you and your users.
This is very different from someone outside of the organization trying to get "secure access" to your systems, not knowing for sure that they really are connecting to you (and not a typosquatter.)
All CACert does is verify that you have control of the domain name you're trying to get a certificate for before issuing a certificate. That means that you can, with CACert, register something like "citicardbank.com" using throwaway fake information, put up a phishing website, get a certificate for it, and look perfectly legitimate to anyone you phish, without any of your victims ever being able to find out who you were. It doesn't, of course, have to be phishing. It could be "discountjewelryandelectonics.com", with you raking in the "orders" and running away with the cash, again with nobody able to find out who you are.
Given the general security principle, espoused by most web browser makers, of "Trust nobody unless it's a secure connection, and even then be careful", it makes no sense for Mozilla, Opera, or Microsoft to encourage the use of unaccountable certificates. CACert is fundamentally a bad idea, at least with the current implementation of most web browsers. The only way to make it acceptable is for the user to be warned every time they visit a new website with a certificate signed by a accountability-free CA.
And given it's the warnings the submitter is whining about, well, what's the point?
One entire point of SSL is to ensure that the user can trust the site they're connecting to. If I register citicardbank.com, my inability to get an SSL certificate for it without being traced by my phishing victims severely undermines my ability to rip people off.
The only way to get what you're asking for is to get a secondary protocol, somewhere between HTTP and HTTPS, that would provide privacy for the communication link but wouldn't promote the notion that the end domain is what it says it is. Whether such a thing is a good idea is open to question, even if it is desirable.
If push comes to shove, the only problem with the present regime is that it's expensive. There's increasing amounts of competition in that space, so you should expect prices to come down over time. Wait. .com domain names once cost more than what many SSL certs do today.
Yes, we need to fix the system, and as soon as possible. However, that doesn't preclude us from making decisions about who to vote for today on the basis of "I know enough about this candidate to know that, whether his heart's in the right place or not, he'd destroy the country, and I know enough about this other candidate to know that, while he's disappointed us recently and while no candidate is as big a candidate for change as they pretend to be, he'll at least keep the country limping along for the next 4-8 years."
Of course, if you believe the best way to fix the system is to destroy the country, then go right ahead, vote for the worst possible candidate. But getting the candidate in that will cause the most problems is what Nader thought he was doing, and eight years later the system is worse than ever, and the country has drifted to the right. Destroying a country to fix it is a dangerous game to play, it can get worse, and the history of countries that have faced economic ruin followed by a revolutionary response has generally been disastrous.
Obama doesn't support the war in Iraq.
He doesn't support "illegal wiretapping", though he went back on his word to fillibuster attempts to let people who provided material support to the government's lawlessness off the hook, and he's supported an expansion of government powers that many of us disagree with. You're zero for two, you can't even get right the issue he really has reversed himself on.