Average users are too uneducated to know what https in the URL means.
Unless the browser clearly tells them that the connection is secure or insecure, they have no clue.
Case in point: I've had clients worry over expired certs, but never about sensitive data going over http instead of https. Why? Because the former generates warnings.
A cert signed by a CA is only as secure as the verification procedures of the least stringent CA your browser accepts certs from. In other words you're missing the point: The GP claims that many of the low cost providers hardly make any checks and so are easy to fool.
Encryption can not make the situation worse than no encryption. What CAN make the situation worse is if the user is presented with information that misrepresents the level of security.
It would be good if encryption was the default because it would mean a man in the middle attack would be necessary to snoop on traffic, instead of the situation today where a network that happens to be unsecure enough to allow an attacker to get at copies of packets is sufficient.
But if you actually read through what you responded to once more you might notice that he believe people will still pay for trust.
It's down to how this distinction is presented. If encryption is the default, then cncryption without trust should probably be presented to the user no different than no encryption is today.
Doesn't remotely change the point, though. There's no way I'd pay and go through the hassle just to get a cert issued by someone else to verify that I'm genuinely connecting to my own router when self signing achieve exactly the same thing.
Not to mention that Intel has been at it long enough that a huge chunk of their patents would have expired or be about to expire. There might be engineering challenges in avoiding them while getting the performance required, but it's certainly not impossible to manufacture x86 compatible CPU's without any patent licenses from Intel or AMD.
RTFA. The article makes the point that the researches hope that future research on the behavior of bees can be used to improve on crime solving techniques. That's why bees are relevant.
I'll be setting up Myth soon, but I'm not sure I'll even bother setting up a recording backend. It'll be mainly to rip and play my DVD collection. Myth will have a future even without recording from TV.
I made the conclusion that it was shit the moment I saw the first trailers. The animation just annoys me - no story line could have saved it for me with that animation style. I'm pretty, shall we say, "flexible" about the quality I'll tolerate and still go see a movie, but this is just too far. MAYBE I'll watch it when it shows up on one of the movie channels I subscribe to, but I'm not sure I can be bothered even with that.
Gee... If it's a random black-hat site, then either your machine has a trojan on it or the MERCHANT redirected you to a black-hat site (besides, the Verified by Visa page should not be at Visa but at your bank - the entire point of these systems is that the authentication is pushed to the issuing bank). Also, if your bank requires your main account password, change banks - most banks I've dealt with when handling card processing use a separate password that's just for verified by visa, and that's usually set when signing up for it.
And just wait, Amex will eventually get it too. Amex is already far more expensive than Visa/Mastercard for merchants, and the main benefit for merchants with these programs is that they're not liable for chargebacks anymore. Which means that unless Amex does it too they'll far more expensive for merchants
There's NOTHING in the Verified by Visa system that requires banks or card processors to use Javascript. If they do, that's up to their implementation of it. All it requires is HTTP redirects. In fact, there's no technical reason why they could even just return links for you to click on (but of course that would be annoying as hell)
Verified by Visa is a GLOBAL program. The only difference is how far they've gotten in pushing it through.
And the consumer never pays when a credit card is fraudulently charged. However, for transactions not using Verified by Visa or equivalents it's no the bank but the MERCHANT that pays - this is true globally (I've used a Danish card processor for processing payments before, and it's exactly the same in Denmark as everywhere else), but an administration fee and by having to return the charged amount. For transactions using Verified by Visa it's the card issuing bank that pays.
This is a major reason why it's being pushed through: It places the exact mechanism for authenticating the cards in the hands of the bank that issued them, and so in theory at least makes large scale theft of card details harder (nothing is stopping the bank from requiring two-factor authentication or whatever other mechanism they want, for example).
At the same time it removes a major problem for merchants: Dealing with chargebacks is damn expensive.
You don't need a non-compete to prevent that concern. All you need is a separate agreement that you cover the training costs under the provision that they stay for at least X amount of time, and that if they leave prior to that they will need to refund the training costs.
In fact, you'd want to cycle through private keys reasonably regularly to prevent having to reissue a large number of passports in the case one of the private keys gets compromised or suspected compromised. And once you switch private keys there shouldn't be any reason to keep the old one around - it'd be a lot safer not to.
If they only use one key per country, they're idiots. Imagine the problem of revoking a compromised key in that case: You'd need to reissue every damn passport. You'd want a system that allows a large number of keys to be used relatively easily.
Bah, humbug. European taxes aren't much higher than in many US states. I'd pay almost exactly as much in California as I do in the UK for example (I've done the math - was considering a move). Except in California I'd need to spend additional money on private health insurance etc..
Most European countries have implented EU directives to enforce telecoms competition by allowing some form of "local loop unbundling". What that means in the UK as an example (since it's one I know well) is that BT, which was the incumbent telco and thus owned the last mile, has been forced into separating it's line maintenance and local exchange maintenance from it's retail arm.
Consumer still have to pay a basic line rental for the physical connection that covers BTs costs for them, but ANYONE that is willing to fulfill certain minimum criteria can sell services to any of these customers and choose between two options: a) placing equipment in the local exchange for a fee intended to cover cost + a profit margin that is restricted (i.e. BT can't make more than X% profit on it - don't know what X is), b) paying BT for "backhaul" services via BT's network to a specific exchange point.
This achieves most of the effect of owning your own last mile, while at the same time it is far less hassle for consumers and it allows the competition to compete on what type of services they offer. BT's maximum DSL product is 8Mbps, for example, while some of their competition offers 24Mbps.
The only thing missing is a mechanism for requiring BT to offer fibre upgrades (currently they have a vested interest in NOT doing it, since they lag so far behind the competition in what they offer already). One way might be to use compulsory purchase orders (UK version of eminent domain) to threaten to take away the exchanges if they don't step up, and then award maintenance / development contracts to whoever presents the best plans. After all this infrastructure was built with taxpayer money to start with.
Which is why, regardless of who you support, voting for the Lib Dem's is the only decent thing to do. They're the only ones of the three large parties that wants to change the electoral system to proportional voting, which would be a far more democratic solution than the current system.
I'm personally far to the left of the Lib Dem's, but that cause alone is reason enough to support them until that change has gone through.
It's not that they can't, but that they don't currently do it, and I find it quite unlikely that they will, since they moment they do that they have no way of ensuring that what they generate bears any resemblance to what will be generated on the next retrieval. True, they can't guarantee that with HTML either, but the chances are much higher in genera.
And of course there's no way to force people, but thanks to the power of Google sites made that way has a far lower chance of ending up in search results.
Slashdot Mirror
Unless the browser clearly tells them that the connection is secure or insecure, they have no clue.
Case in point: I've had clients worry over expired certs, but never about sensitive data going over http instead of https. Why? Because the former generates warnings.
A cert signed by a CA is only as secure as the verification procedures of the least stringent CA your browser accepts certs from. In other words you're missing the point: The GP claims that many of the low cost providers hardly make any checks and so are easy to fool.
It would be good if encryption was the default because it would mean a man in the middle attack would be necessary to snoop on traffic, instead of the situation today where a network that happens to be unsecure enough to allow an attacker to get at copies of packets is sufficient.
But if you actually read through what you responded to once more you might notice that he believe people will still pay for trust.
It's down to how this distinction is presented. If encryption is the default, then cncryption without trust should probably be presented to the user no different than no encryption is today.
Actually that's a very good point. How many users EVER type in a https address or otherwise ensure "secure" part is actually on the right domain?
Doesn't remotely change the point, though. There's no way I'd pay and go through the hassle just to get a cert issued by someone else to verify that I'm genuinely connecting to my own router when self signing achieve exactly the same thing.
Uhm. The big deal IS the distance.
Not to mention that Intel has been at it long enough that a huge chunk of their patents would have expired or be about to expire. There might be engineering challenges in avoiding them while getting the performance required, but it's certainly not impossible to manufacture x86 compatible CPU's without any patent licenses from Intel or AMD.
RTFA. The article makes the point that the researches hope that future research on the behavior of bees can be used to improve on crime solving techniques. That's why bees are relevant.
I'll be setting up Myth soon, but I'm not sure I'll even bother setting up a recording backend. It'll be mainly to rip and play my DVD collection. Myth will have a future even without recording from TV.
Do you seriously consider treating people with respect to "kiss ass" and make people feel superior? If so I really don't want to know you.
I made the conclusion that it was shit the moment I saw the first trailers. The animation just annoys me - no story line could have saved it for me with that animation style. I'm pretty, shall we say, "flexible" about the quality I'll tolerate and still go see a movie, but this is just too far. MAYBE I'll watch it when it shows up on one of the movie channels I subscribe to, but I'm not sure I can be bothered even with that.
And just wait, Amex will eventually get it too. Amex is already far more expensive than Visa/Mastercard for merchants, and the main benefit for merchants with these programs is that they're not liable for chargebacks anymore. Which means that unless Amex does it too they'll far more expensive for merchants
There's NOTHING in the Verified by Visa system that requires banks or card processors to use Javascript. If they do, that's up to their implementation of it. All it requires is HTTP redirects. In fact, there's no technical reason why they could even just return links for you to click on (but of course that would be annoying as hell)
And the consumer never pays when a credit card is fraudulently charged. However, for transactions not using Verified by Visa or equivalents it's no the bank but the MERCHANT that pays - this is true globally (I've used a Danish card processor for processing payments before, and it's exactly the same in Denmark as everywhere else), but an administration fee and by having to return the charged amount. For transactions using Verified by Visa it's the card issuing bank that pays.
This is a major reason why it's being pushed through: It places the exact mechanism for authenticating the cards in the hands of the bank that issued them, and so in theory at least makes large scale theft of card details harder (nothing is stopping the bank from requiring two-factor authentication or whatever other mechanism they want, for example).
At the same time it removes a major problem for merchants: Dealing with chargebacks is damn expensive.
You don't need a non-compete to prevent that concern. All you need is a separate agreement that you cover the training costs under the provision that they stay for at least X amount of time, and that if they leave prior to that they will need to refund the training costs.
In fact, you'd want to cycle through private keys reasonably regularly to prevent having to reissue a large number of passports in the case one of the private keys gets compromised or suspected compromised. And once you switch private keys there shouldn't be any reason to keep the old one around - it'd be a lot safer not to.
If they only use one key per country, they're idiots. Imagine the problem of revoking a compromised key in that case: You'd need to reissue every damn passport. You'd want a system that allows a large number of keys to be used relatively easily.
Bah, humbug. European taxes aren't much higher than in many US states. I'd pay almost exactly as much in California as I do in the UK for example (I've done the math - was considering a move). Except in California I'd need to spend additional money on private health insurance etc..
Consumer still have to pay a basic line rental for the physical connection that covers BTs costs for them, but ANYONE that is willing to fulfill certain minimum criteria can sell services to any of these customers and choose between two options: a) placing equipment in the local exchange for a fee intended to cover cost + a profit margin that is restricted (i.e. BT can't make more than X% profit on it - don't know what X is), b) paying BT for "backhaul" services via BT's network to a specific exchange point.
This achieves most of the effect of owning your own last mile, while at the same time it is far less hassle for consumers and it allows the competition to compete on what type of services they offer. BT's maximum DSL product is 8Mbps, for example, while some of their competition offers 24Mbps.
The only thing missing is a mechanism for requiring BT to offer fibre upgrades (currently they have a vested interest in NOT doing it, since they lag so far behind the competition in what they offer already). One way might be to use compulsory purchase orders (UK version of eminent domain) to threaten to take away the exchanges if they don't step up, and then award maintenance / development contracts to whoever presents the best plans. After all this infrastructure was built with taxpayer money to start with.
Transmit wirelessly to someone not participating in the demonstration. I don't get why that isn't done more often.
You have tons. They're just not very good. But then that's not very different form the early days.
I'm personally far to the left of the Lib Dem's, but that cause alone is reason enough to support them until that change has gone through.
And of course there's no way to force people, but thanks to the power of Google sites made that way has a far lower chance of ending up in search results.
That's assuming your server-side is written in Java, which is a pretty big damn if when it comes to web applications.
RTFA. The article claims this process sequesters twice as much CO2 as is released during the production of lime.