HTTPS really does mean "secure" (it's the S), but it's not as easy as setting it and forgetting it.
HTTPS as currently deployed is only as secure as the least secure CA on the PLANET or most despotic regime harboring a state run CA in the WORLD.
That's before taking into account that encrypted and signed does not imply secure. That's dead wrong. The other end might be hacked, or it might be run by crooks, or monitored by agencies, or your computer might be hacked. Browsers saying it's "secure" lulls people into a false sense of security. It's like believing your property is secure because you put a lock on one door.
Prostate-Specific Antigen. According to Wikipedia, PSA is a member of the kallikrein-related peptidase family and is secreted by the epithelial cells of the prostate gland. PSA is produced for the ejaculate, where it liquefies semen in the seminal coagulum and allows sperm to swim freely.
Argh. Let me try this again, because < and > ate half of my other post.
If both sides are behind a NAT, HTTP wouldn't work either (without the serious reconfiguration they you mentioned), no?
HTTP uses a single connection (usually to remote port 80), and you only have to allow return traffic for the same socket.
With FTP, you have two connections, with the second not being determined until after the connection.
With active ftp: client port ANY -> server port 21 client sends "PORT <ipaddr>,<port X / 256>,<port X % 256>" client port X <- server port 20
Note the direction of the arrow - the server connects to the client. This never happens with HTTP. The client firewall thus has to allow the incoming connection from the server. If the server is behind a simple NAT, the port number is no longer 20, so the client cannot have a fixed rule saying "accept incoming from port 20 from the same hosts we have outgoing to port 21". The server needs to have a NAT firewall where port 20 is not translated to a different port, or the client has to have a firewall that parses packets containing PORT and opens rules based on that. The latter is dangerous, as the client can be tricked.
With passive ftp: client port ANY -> server port 21 client sends PASV server replies "227... (<ipaddr>,port X / 256>,port X % 256)" client port ANY -> server port X
Here, the remote server's firewall has to accept the second request. Unless the firewall can sniff the traffic and parse the 227 reply, the ftp server has to be set up with a pool of ports used for FTP only, and the firewall configured to open those ports to the same clients that are connected to port 21. This is not entirely safe - one ftp client connected can repeatedly try to connect to other ports in the same range, and may get in before another legitimate ftp user, and be able to get his transfers.
Normal consumer NAT routers that have a FTP rule normally only trigger opening incoming connections from port 20 for the same hosts you connect to port 21 on. That won't work if the ftp server is behind a fanned NAT, so the remote connection does not come from port 20. Passive FTP won't work either if the server is behind NAT, unless the FTP server and its firewall are configured by someone who really know what they're doing. Which means "almost never".
If both sides are behind a NAT, HTTP wouldn't work either (without the serious reconfiguration they you mentioned), no?
HTTP uses a single connection (usually to remote port 80), and you only have to allow return traffic for the same socket.
With FTP, you have two connections, with the second not being determined until after the connection.
With active ftp: client port ANY -> server port 21 client sends "PORT,," client port X server port 21 client sends PASV server replies "227... (,port X / 256>,port X % 256)" client port ANY -> server port X
Here, the remote server's firewall has to accept the second request. Unless the firewall can sniff the traffic and parse the 227 reply, the ftp server has to be set up with a pool of ports used for FTP only, and the firewall configured to open those ports to the same clients that are connected to port 21. This is not entirely safe - one ftp client connected can repeatedly try to connect to other ports in the same range, and may get in before another legitimate ftp user, and be able to get his transfers.
Normal consumer NAT routers that have a FTP rule normally only trigger opening incoming connections from port 20 for the same hosts you connect to port 21 on. That won't work if the ftp server is behind a fanned NAT, so the remote connection does not come from port 20. Passive FTP won't work either if the server is behind NAT, unless the FTP server and its firewall are configured by someone who really know what they're doing. Which means "almost never".
Don't underestimate the stupidity of people wearing uniform.
Yes, your subject is spot on. When there's a blue alert, crooks know that their odds of pulling off a heist went way up, because the fuzz will be busy rushing elsewhere. What a gift!
"Don't say 'fetus!' To you it's a science word, but to a politician that's a flag of liberalism. If you utter that word they'll see you as the enemy and cut your funding. Just call it a pre-born child and they'll treat you as one of their own."
I think we need a translation dictionary, not a list of words to avoid. Perhaps Google Translate could get a "Conservative" language option.
This is idiotic. If the passenger in my car is suddenly very sick, then speeding to the hospital makes sense as I decide that increasing his chances of survival is more important than the speeding fine. Why should I have to pay a higher fine to rush my passenger to the hospital if I'm rich?
Because the threshold for breaking the law is lower if you're rich and the fines are the same.
Turn it around - why should a poor person be afraid of being stopped because the ticket for him would be devastating, while a rich person doesn't have the same concern, because the ticket would be negligible for him?
It should deter the rich person and the poor person just as much. When the fine is half a paycheck for one person and not even noticed for another, the determent is not the same.
Wealth shouldn't be a factor.
Exactly. Which is why the fines must hit everyone equally hard, not equal amounts, because then wealth is a factor.
The reason is that the phones are used for criminal activity: directing criminal empires, ordering bribes and assassinations, plotting jail breaks, the whole megilla.
So are hands and vocal chords. Communication is a human right, like breathing.
Faraday cages are probably the best option for the long term, frequency monitors or jammers will have to be constantly updated as new cellular bands come into use. Faraday cage will block everything as long as the holes in the mesh are small enough. Typical metal window screen should block most of it except super high frequencies which are going to have line of sight issues anyways. Take a look at the mesh on your typical microwave oven door. such a mesh would block all typical frequencies used today.
Well, see, the problem is that the UK prison system isn't entirely like the US one. Prisoners are allowed to spend far more time outside, for one thing. And solicitors are allowed to use their phones and laptops.
The examples listed are not necessarily bugs, even if they are named so when they're found out.
Never attribute to malice that which can be explained by stupidity. But then again, never attribute to stupidity that which can be explained by corporate greed.
I know that it may be a hard concept for many capitalists, but in some parts of the world, it would be preferable to not see dumped garbage bags on the street over getting paid handsomely when it occurs.
In the US, rich people can break laws with impunity because they can afford to pay the (for them) small fines. In most of Europe, the fine will be determined based on your wealth, so one man might get a $200 speeding ticket and another $20,000. That deters both of them, and the end result is that the number of people who speed goes down, not just the number of lower income people who speed. Or litter. Or any other regulations, including those that Google failed to obey.
Seriously, did you just relate non-corrupt with the European Union? I do agree they have to level a huge fine for a company like Google, but it's really interesting how they just hit all the huge tech companies that have.... MONEY!!
No, they hit the companies that have offices or customers in Europe. In general, smaller companies can ill afford to challenge the rules, and follow them. But there are plenty of examples of smaller companies being hit too, when they try to get around the laws.
Now, if Google were a German or French company, would the EU hound them as constantly? Quite doubtful.
Likely even more so. Aggregate data on individuals, for example, cannot be stored in databases in Europe without obtaining permission. Anyone would be entitled to have all their data removed from Google's databases, no matter where in the world they live. And worker's rights world-wide would be under regulation of where the company is headquartered. News it provides would have to hide the identity of any suspects not convicted. And much more, which is perfectly fine in the US, but not accepted in Europe. Google gets the kids glove treatment precisely because it's not a European company.
FTP? I still use gopher, you insensitive clod! (I actually do - some of the documentation I sometimes access is in a local gopherspace, and hasn't been ported to web yet. One day....)
FTP pretty much died as mainstream when NAT routers became ubiquitous. Switching from active (PORT) to passive (PASV) ftp on the client side only worked until the FTP servers themselves were also behind a NAT. NAT on both sides means "forget it", unless the server side has an admin who actually knows what he's doing, and controls both the firewall and the FTP server.
The final nail was the insecurity added because the newer generation of "admins" (and I use this term loosely) didn't understand the FTP protocol, or how to correctly open different ports in different directions, and added rules that also let in hackers. There's likely ten misconfigured FTP firewall rules for each correctly configured one.
But it's just easier to open another IE11 window than to fire up FF or Chrome.
Not, if like me, you're a Linux user (also at work), and firing up IE means firing up a VM (newer IE versions won't even work in Wine). Even when IE is running in a VM, it's easier to use a native browser.
Slashdot Mirror
That's before taking into account that encrypted and signed does not imply secure. That's dead wrong. The other end might be hacked, or it might be run by crooks, or monitored by agencies, or your computer might be hacked.
Browsers saying it's "secure" lulls people into a false sense of security. It's like believing your property is secure because you put a lock on one door.
Yeah, plus, I have no idea what PSA means.
Prostate-Specific Antigen.
According to Wikipedia, PSA is a member of the kallikrein-related peptidase family and is secreted by the epithelial cells of the prostate gland. PSA is produced for the ejaculate, where it liquefies semen in the seminal coagulum and allows sperm to swim freely.
This is true, but "Not Needing HTTPS" =/= "Secure". Firefox will still be correct in identifying the connection as not being secure.
But HTTPS does not imply secure either. It's lulling users into a false sense of and understanding of security.
Argh. Let me try this again, because < and > ate half of my other post.
If both sides are behind a NAT, HTTP wouldn't work either (without the serious reconfiguration they you mentioned), no?
HTTP uses a single connection (usually to remote port 80), and you only have to allow return traffic for the same socket.
With FTP, you have two connections, with the second not being determined until after the connection.
With active ftp:
client port ANY -> server port 21
client sends "PORT <ipaddr>,<port X / 256>,<port X % 256>"
client port X <- server port 20
Note the direction of the arrow - the server connects to the client. This never happens with HTTP.
The client firewall thus has to allow the incoming connection from the server. If the server is behind a simple NAT, the port number is no longer 20, so the client cannot have a fixed rule saying "accept incoming from port 20 from the same hosts we have outgoing to port 21". The server needs to have a NAT firewall where port 20 is not translated to a different port, or the client has to have a firewall that parses packets containing PORT and opens rules based on that. The latter is dangerous, as the client can be tricked.
With passive ftp: ... (<ipaddr>,port X / 256>,port X % 256)"
client port ANY -> server port 21
client sends PASV
server replies "227
client port ANY -> server port X
Here, the remote server's firewall has to accept the second request. Unless the firewall can sniff the traffic and parse the 227 reply, the ftp server has to be set up with a pool of ports used for FTP only, and the firewall configured to open those ports to the same clients that are connected to port 21. This is not entirely safe - one ftp client connected can repeatedly try to connect to other ports in the same range, and may get in before another legitimate ftp user, and be able to get his transfers.
Normal consumer NAT routers that have a FTP rule normally only trigger opening incoming connections from port 20 for the same hosts you connect to port 21 on. That won't work if the ftp server is behind a fanned NAT, so the remote connection does not come from port 20.
Passive FTP won't work either if the server is behind NAT, unless the FTP server and its firewall are configured by someone who really know what they're doing. Which means "almost never".
If both sides are behind a NAT, HTTP wouldn't work either (without the serious reconfiguration they you mentioned), no?
HTTP uses a single connection (usually to remote port 80), and you only have to allow return traffic for the same socket.
With FTP, you have two connections, with the second not being determined until after the connection.
With active ftp: ,," ... (,port X / 256>,port X % 256)"
client port ANY -> server port 21
client sends "PORT
client port X server port 21
client sends PASV
server replies "227
client port ANY -> server port X
Here, the remote server's firewall has to accept the second request. Unless the firewall can sniff the traffic and parse the 227 reply, the ftp server has to be set up with a pool of ports used for FTP only, and the firewall configured to open those ports to the same clients that are connected to port 21. This is not entirely safe - one ftp client connected can repeatedly try to connect to other ports in the same range, and may get in before another legitimate ftp user, and be able to get his transfers.
Normal consumer NAT routers that have a FTP rule normally only trigger opening incoming connections from port 20 for the same hosts you connect to port 21 on. That won't work if the ftp server is behind a fanned NAT, so the remote connection does not come from port 20.
Passive FTP won't work either if the server is behind NAT, unless the FTP server and its firewall are configured by someone who really know what they're doing. Which means "almost never".
Don't underestimate the stupidity of people wearing uniform.
Yes, your subject is spot on. When there's a blue alert, crooks know that their odds of pulling off a heist went way up, because the fuzz will be busy rushing elsewhere. What a gift!
are football shirts a thing there?
Not nearly as much as in association football. One reason is that American football shirts are designed to be worn over massive shoulder pads.
"Don't say 'fetus!' To you it's a science word, but to a politician that's a flag of liberalism. If you utter that word they'll see you as the enemy and cut your funding. Just call it a pre-born child and they'll treat you as one of their own."
I think we need a translation dictionary, not a list of words to avoid.
Perhaps Google Translate could get a "Conservative" language option.
There's a difference between 'shouldn't' and 'can not'... being advised to avoid certain terms is not enforcing a ban on those same terms.
When a wish comes from the top, it is near indistinguishable from an order. "Won't someone rid me of this meddlesome priest?"
Perhaps it might be that she already answered the fucking question and didn't feel the need to re-answer the same question phrased differently.
Whether they are banned does not answer the question of whether they have been banned. That's two very different questions.
You can still find words like "fetus" on the web site
Yeah, but I doubt we'll see a request for funding for science based research on transgender fetuses.
Us old techies use signal anyway.
Speak for yourself, youngster. "write" is my preferred way of sending messages, and "talk" if more than one line is needed. oo
That depends on the country. Some are less barbaric than others.
Only two notes are needed for a chord, and some people can do that with their vocal cords.
This is idiotic. If the passenger in my car is suddenly very sick, then speeding to the hospital makes sense as I decide that increasing his chances of survival is more important than the speeding fine. Why should I have to pay a higher fine to rush my passenger to the hospital if I'm rich?
Because the threshold for breaking the law is lower if you're rich and the fines are the same.
Turn it around - why should a poor person be afraid of being stopped because the ticket for him would be devastating, while a rich person doesn't have the same concern, because the ticket would be negligible for him?
It should deter the rich person and the poor person just as much. When the fine is half a paycheck for one person and not even noticed for another, the determent is not the same.
Wealth shouldn't be a factor.
Exactly. Which is why the fines must hit everyone equally hard, not equal amounts, because then wealth is a factor.
The reason is that the phones are used for criminal activity: directing criminal empires, ordering bribes and assassinations, plotting jail breaks, the whole megilla.
So are hands and vocal chords.
Communication is a human right, like breathing.
Faraday cages are probably the best option for the long term, frequency monitors or jammers will have to be constantly updated as new cellular bands come into use. Faraday cage will block everything as long as the holes in the mesh are small enough. Typical metal window screen should block most of it except super high frequencies which are going to have line of sight issues anyways. Take a look at the mesh on your typical microwave oven door. such a mesh would block all typical frequencies used today.
Well, see, the problem is that the UK prison system isn't entirely like the US one. Prisoners are allowed to spend far more time outside, for one thing.
And solicitors are allowed to use their phones and laptops.
Well, he could be referring to the Great Charter of 1297, the fourth and latest amendment to the Magna Carta...
The examples listed are not necessarily bugs, even if they are named so when they're found out.
Never attribute to malice that which can be explained by stupidity. But then again, never attribute to stupidity that which can be explained by corporate greed.
I know that it may be a hard concept for many capitalists, but in some parts of the world, it would be preferable to not see dumped garbage bags on the street over getting paid handsomely when it occurs.
In the US, rich people can break laws with impunity because they can afford to pay the (for them) small fines. In most of Europe, the fine will be determined based on your wealth, so one man might get a $200 speeding ticket and another $20,000. That deters both of them, and the end result is that the number of people who speed goes down, not just the number of lower income people who speed. Or litter. Or any other regulations, including those that Google failed to obey.
Google is free to not do business in the EU, or other places where they don't want to abide by the laws and regulations.
Fines in Europe are generally based on the income of the fined, and this is no secret.
Seriously, did you just relate non-corrupt with the European Union? I do agree they have to level a huge fine for a company like Google, but it's really interesting how they just hit all the huge tech companies that have.... MONEY!!
No, they hit the companies that have offices or customers in Europe.
In general, smaller companies can ill afford to challenge the rules, and follow them. But there are plenty of examples of smaller companies being hit too, when they try to get around the laws.
Now, if Google were a German or French company, would the EU hound them as constantly? Quite doubtful.
Likely even more so. Aggregate data on individuals, for example, cannot be stored in databases in Europe without obtaining permission. Anyone would be entitled to have all their data removed from Google's databases, no matter where in the world they live. And worker's rights world-wide would be under regulation of where the company is headquartered. News it provides would have to hide the identity of any suspects not convicted. And much more, which is perfectly fine in the US, but not accepted in Europe.
Google gets the kids glove treatment precisely because it's not a European company.
FTP? I still use gopher, you insensitive clod!
(I actually do - some of the documentation I sometimes access is in a local gopherspace, and hasn't been ported to web yet. One day....)
FTP pretty much died as mainstream when NAT routers became ubiquitous. Switching from active (PORT) to passive (PASV) ftp on the client side only worked until the FTP servers themselves were also behind a NAT. NAT on both sides means "forget it", unless the server side has an admin who actually knows what he's doing, and controls both the firewall and the FTP server.
The final nail was the insecurity added because the newer generation of "admins" (and I use this term loosely) didn't understand the FTP protocol, or how to correctly open different ports in different directions, and added rules that also let in hackers. There's likely ten misconfigured FTP firewall rules for each correctly configured one.
But it's just easier to open another IE11 window than to fire up FF or Chrome.
Not, if like me, you're a Linux user (also at work), and firing up IE means firing up a VM (newer IE versions won't even work in Wine). Even when IE is running in a VM, it's easier to use a native browser.