When the WebCrypto API will be incorporated into most browsers, wouldn't it be possible to develop a PGP version that runs completely in the browser? This way, it can run on mobile devices, and can be used with hosted webmail solutions.
- Implementing DKIM?
- Implementing SPF?
- Make sure the sender address doesn't bounce?
- Make sure you don't open thousands of connections to the receiving party for each recipient ? (in case of yahoo, hotmail, gmail,...)
- The contents of the e-mail is not considered spam? (provide unsubscibe link, no big images included, etc...)
Setting up a mass-mail infrastructure is not to be taken lightly. There are lots of reasons why you could be listed as a spammer. That's why most companies outsource their their mass-mailing to 3rd parties like MailJet, MailChimp, SendGrid...
Okay listen... Starting a business costs money... a lot of money. If you don't have the funds to overcome a year without income, you shouldn't be starting a business in the first place. If you are out of a job, I hope you saved money when you still had a job.
And read the second part of my sentence: involving investors. Maybe you can convince former businesspartners to invest in your company? Or maybe contact an ex-colleague who happens to be out of a job too?
You may not like the truth, but that doesn't change the fact that starting a business costs money. I considered the same thing when I was unemployed, and I almost started one too. But I took a look at the worst-case scenario (giving my current financial status at that time), and I realized that things could get very ugly if I didn't start making profit after the first 6 months. That's quite a short period, and given the economy at that time, I was not sure that would be the case. So, yeah, I know what you are going through. Ofcourse, if you already have an interested customer who's willing to spent his money on you for a year, than I guess you can take the risk.
You can also try to do some freelance consulting (team up with some big consulting companies if you have to). It allows you to make money, and gives you the freedom to start your company when your finances are looking better. Most IT freelancing jobs don't require a big investment (laptop+office suite software+some bookkeeping stuff). That's how Joel Spolsky of Fog Creek Software started his company, I believe... (do consulting to bring in the money, while working on his software product)
Simple: The Apple Store rejects applications that disable proper CA checking. It can only be disabled by private iOS API's if I'm not mistaken. Apps that use private API's are automatically rejected.
By making sure you already have enough money to start your own business. Create a business-plan, and take all those costs into account already. Make sure you have enough cash for your initial investments + cover your costs for the first year at least. Let an accountant check that business-plan too, to make sure it's actually feasable.
I run it on my own VPS, which has a dedicated fixed IP address. I'm not saying my set-up is perfect. But a signed certificate + validation of the entire CA chain already solves a lot of issues. And I don't SNI because I only have one hostname.
Look, we can discuss this as much as you want, but it doesn't change the fact that self-signed certs are simply "not-done" in a production-environment. As soon as I encounter an unsigned or expired certificate in a product, I just don't trust that product anymore. And I'm sure I'm not the only one...
Really? I had to verify by e-mail, sms, and phone for my cheap cert. If you can get a valid signed certificate for my domain at that price without my approval, please contact me. I'm eager to test this. But somehow I doubt that any cheap ssl registrar will issue a signed certificate without at least an email verification of the domain-holder himself. But feel free to prove me wrong.
Nevertheless a signed certificate protects you against 95% of all MTM attacks.
What do you define as rediculous amount of money? I pay 50 USD/year for a signed ssl certificate. My SSL setup scores an "A" on the SSLLab test.
With those prices today, I cannot find one argument in favor of a self-signed certificate. Especially not if you are using it in a commercial product. Get a cheap signed certificate and use the SSL framework on your platform in the way it is intended.
I do hope the example you mentioned occured somewhere in the nineties or so, when ssl certs were indeed still expensive.
I think the most important part is to figure what you want to achieve. Do you want to go to a management-postion because you really want to manage projects (or other people), or do you want it so you can call yourself an "achiever"? If it's the first, do what you need to do. If it's the second, you really need to evaluate your priorities in life. I work in IT for 10 years now, and I don't want to go to a management-postion ever, because I like the part of messing and playing with servers. If your passion lies in the technical domain, I doubt a promotion to management would make you happy.
Just think about it for a few days: what do you really want to do 8 hours a day? Figure that out, and adjust your career-plans to this goal.
I'm 33 and I joined a so-called "Open University" this year. The courses are tailored for self-study and you get online coaching from a teacher. It will take quite a few years before I get my master-degree, but since I can study at my own pace, I can do the exam when I feel I'm ready.
I combine this with a fulltime job. It's not really for the degree I joined, but to learn new interesting stuff (like AI and crypto-stuff).
I'm sure there are similar Open University programs in your country too.
I decided to go for an network admin job, and gave up on a carreer as a programmer. The reason? Programming has become the most boring task at hand these days. It's all about business-programming these days, were 99% of the work is about updating records in a SQL database.
The business-programmer of today is on the same "coolness-level" as an accountant... No wonder kids have no interest in programming anymore.
When I started programming, there was still some fun involved: talking to IO ports, messing with VCPI,DPMI, and other protected-mode stuff.
Maybe, in the DirectX/OpenGL or embedded hardware world, there is still some programming-fun left...
I don't agree. The exploit was in Linode's admin panel. Even if the user had spent 3000$ on a security consultant to secure his VPS, it still would have been bypassed.
Good point. And if the aliens use digital communication (maybe with a bit of encryption and DRM on top of it:p), it will only show up as noise after analog conversion.
If, on the other hand, Sony is planning to write a Busybox replacement from scratch -- what's wrong with that? Are companies not entitled to write code? How is that "violating licenses with impunity"?
If rewriting from scratch is gpl license violation, it means MicroSoft was right about the "viral" nature of the GPL.
Slashdot Mirror
When the WebCrypto API will be incorporated into most browsers, wouldn't it be possible to develop a PGP version that runs completely in the browser? This way, it can run on mobile devices, and can be used with hosted webmail solutions.
That's because some countries DO learn from their mistakes in the past?
Even Atlantis had a subway with concentric circles, according to Indiana Jones & The Fate of Atlantis.
If it worked for them, it can sure work for New York.
Citrix ShareFile?
In most companies, doing all this will just get you fired...
- Implementing DKIM?
- Implementing SPF?
- Make sure the sender address doesn't bounce?
- Make sure you don't open thousands of connections to the receiving party for each recipient ? (in case of yahoo, hotmail, gmail,
- The contents of the e-mail is not considered spam? (provide unsubscibe link, no big images included, etc...)
Setting up a mass-mail infrastructure is not to be taken lightly. There are lots of reasons why you could be listed as a spammer. That's why most companies outsource their their mass-mailing to 3rd parties like MailJet, MailChimp, SendGrid...
Okay listen... Starting a business costs money... a lot of money. If you don't have the funds to overcome a year without income, you shouldn't be starting a business in the first place. If you are out of a job, I hope you saved money when you still had a job.
And read the second part of my sentence: involving investors. Maybe you can convince former businesspartners to invest in your company? Or maybe contact an ex-colleague who happens to be out of a job too?
You may not like the truth, but that doesn't change the fact that starting a business costs money. I considered the same thing when I was unemployed, and I almost started one too. But I took a look at the worst-case scenario (giving my current financial status at that time), and I realized that things could get very ugly if I didn't start making profit after the first 6 months. That's quite a short period, and given the economy at that time, I was not sure that would be the case. So, yeah, I know what you are going through. Ofcourse, if you already have an interested customer who's willing to spent his money on you for a year, than I guess you can take the risk.
You can also try to do some freelance consulting (team up with some big consulting companies if you have to). It allows you to make money, and gives you the freedom to start your company when your finances are looking better. Most IT freelancing jobs don't require a big investment (laptop+office suite software+some bookkeeping stuff). That's how Joel Spolsky of Fog Creek Software started his company, I believe... (do consulting to bring in the money, while working on his software product)
That should not be interpreted as a negative, but as a positive
I see what you did there...
By saving a lot of money for a few years before you start your business and/or involving investors...
Simple: The Apple Store rejects applications that disable proper CA checking. It can only be disabled by private iOS API's if I'm not mistaken. Apps that use private API's are automatically rejected.
By making sure you already have enough money to start your own business. Create a business-plan, and take all those costs into account already. Make sure you have enough cash for your initial investments + cover your costs for the first year at least. Let an accountant check that business-plan too, to make sure it's actually feasable.
Most ISV's don't do this...
Most ISV's fail because they don't do this...!!
And I don't see the problem with that if the developer needs the money to feed his family.
Also, you can buy wildcard certificates for your domain if you use multiple subdomains. Still safer than self-signed certs
I run it on my own VPS, which has a dedicated fixed IP address. I'm not saying my set-up is perfect. But a signed certificate + validation of the entire CA chain already solves a lot of issues.
And I don't SNI because I only have one hostname.
Look, we can discuss this as much as you want, but it doesn't change the fact that self-signed certs are simply "not-done" in a production-environment. As soon as I encounter an unsigned or expired certificate in a product, I just don't trust that product anymore. And I'm sure I'm not the only one...
Really? I had to verify by e-mail, sms, and phone for my cheap cert. If you can get a valid signed certificate for my domain at that price without my approval, please contact me. I'm eager to test this. But somehow I doubt that any cheap ssl registrar will issue a signed certificate without at least an email verification of the domain-holder himself. But feel free to prove me wrong.
Nevertheless a signed certificate protects you against 95% of all MTM attacks.
What do you define as rediculous amount of money? I pay 50 USD/year for a signed ssl certificate. My SSL setup scores an "A" on the SSLLab test.
With those prices today, I cannot find one argument in favor of a self-signed certificate. Especially not if you are using it in a commercial product. Get a cheap signed certificate and use the SSL framework on your platform in the way it is intended.
I do hope the example you mentioned occured somewhere in the nineties or so, when ssl certs were indeed still expensive.
"The Art of Happiness" by the Dalai Lama.
I think the most important part is to figure what you want to achieve. Do you want to go to a management-postion because you really want to manage projects (or other people), or do you want it so you can call yourself an "achiever"? If it's the first, do what you need to do. If it's the second, you really need to evaluate your priorities in life. I work in IT for 10 years now, and I don't want to go to a management-postion ever, because I like the part of messing and playing with servers. If your passion lies in the technical domain, I doubt a promotion to management would make you happy.
Just think about it for a few days: what do you really want to do 8 hours a day? Figure that out, and adjust your career-plans to this goal.
I'm 33 and I joined a so-called "Open University" this year. The courses are tailored for self-study and you get online coaching from a teacher. It will take quite a few years before I get my master-degree, but since I can study at my own pace, I can do the exam when I feel I'm ready.
I combine this with a fulltime job. It's not really for the degree I joined, but to learn new interesting stuff (like AI and crypto-stuff).
I'm sure there are similar Open University programs in your country too.
Meh... they'll probably use ZFS :-)
I decided to go for an network admin job, and gave up on a carreer as a programmer. The reason? Programming has become the most boring task at hand these days. It's all about business-programming these days, were 99% of the work is about updating records in a SQL database.
The business-programmer of today is on the same "coolness-level" as an accountant... No wonder kids have no interest in programming anymore.
When I started programming, there was still some fun involved: talking to IO ports, messing with VCPI,DPMI, and other protected-mode stuff.
Maybe, in the DirectX/OpenGL or embedded hardware world, there is still some programming-fun left...
I don't agree. The exploit was in Linode's admin panel. Even if the user had spent 3000$ on a security consultant to secure his VPS, it still would have been bypassed.
Good point. And if the aliens use digital communication (maybe with a bit of encryption and DRM on top of it :p), it will only show up as noise after analog conversion.
Europe wants the WWW and AES encryption back...
And if Google was doing this to MS, the slashdot-crowd would applaud it.... Thank god for double standards...
Nevertheless, I don't see anything unusual here. Company X attacks his competitor Company Y... seems like business as usual...
If, on the other hand, Sony is planning to write a Busybox replacement from scratch -- what's wrong with that? Are companies not entitled to write code? How is that "violating licenses with impunity"?
If rewriting from scratch is gpl license violation, it means MicroSoft was right about the "viral" nature of the GPL.