I wasn't trying to provide a solution, I'm explaining why that sort of thing is challenging at an interview.
Also, the implementation follows from the technique chosen to play.
If you're testing for basic coding and array manipulation skills then this isn't very good, because figuring out how to play the game well has little to do with array manipulation. I wouldn't be surprised if people got stuck pondering the technique having assumed it's what you're interested in.
The obvious approach I guess is to shoot at random until you get a hit, storing the results in a table. Then you try the 4 squares next to the one you hit to deduce the direction. The algorithm could be improved by knowing what are the possible ships and which are left, excluding large ships that wouldn't fit in a given position.
Problem though is that your declaration doesn't allow for a "sunk" result, which makes things less efficient than they could be. Also it creates problems with ships in a "T" formation.
But, saying the above is easy, properly figuring out how to store the data, keep the accounting of the ships and so on requires some thinking, which is rather difficult to do on an interview where you don't want to make the interviewer wait while you ponder the best way to do it.
First, the idea of it is to replace CAs with... a CA. It does exactly what any other CA does, except it implements a different policy. Instead of "we certify that bobsmith.com belongs to somebody named Bob Smith", or "the person who requested this cert proved they control http://bobsmith.com/", it's "we certify that this cert looks the same from everywhere".
It is just as hackable as any other CA, though I guess it does have the slight advantage of the attacker to modify their servers and keep the intrusion active, instead of breaking in, making a few certs, removing traces and disappearing.
If you use it in addition to the current system it's just a CA more. If you only use that you're using an unique CA provider, which is just like only trusting Verisign. It's got less points of failure, but if it does fail you don't have anything else to fallback on.
Also imagine somebody takes the code and runs their own. And then we're back to the current system of multiple CAs, the compromise any of which can break the entire system.
Implementation-wise it seems to have downsides. For instance it requires a connection to their servers, which is trivially blocked, while SSL works fine with having just a connection to the server you're connecting to.
It also requires active scanning, which means that you can't renew a cert transparently: either there is a time window during which a different cert goes unnoticed, or the modification immediately triggers a security warning. The later means that any cert change requires you to accept that your users will see your site as untrustworthy until the system is happy with the new cert.
Not at all. My idea has absolutely nothing to do with what this project.
My idea requires: Certificates to support multiple CA signatures, and for a browser to require multiple valid CA signatures on a cert. Other than that it fits perfectly well in the current scheme. You'd still get your cert signed by companies like Verisign and Thawte, and their certs would still come by default with the browser.
That would be possible under a system like that, but I think the current system of trusted by default CAs ought to remain. 99% of people simply aren't going to take time to understand how a PGP style works. I'd know, I explaned PGP to several people and it takes a quite long time to do properly.
Besides, just what does your brother in law trusting a CA means? He thinks they're really professional? They are cheap and have nice customer service? But none of that has anything to do with their security and internal practices. Unless it's say, his company's CA and he personally knows that his company's security is well managed, it's pretty much impossible for a normal person to have a meaningful trust in a CA like that.
First, my idea is that it'd need to happen with 3 of them, which makes it more difficult than with just one.
Second, by requiring multiple signatures and adding a safety margin, any CA's signature becomes expendable. Right now gmail.com is signed by Thawte. Which browser vendor would dare pull Thawte's cert? Very few probably. Now what if gmail.com was signed by Thawte and 4 other providers? Then you could remove Thawte's cert, and nobody would notice anything, because it's still signed by >= 3 valid CAs.
The idea of that is to put more pressure on CAs and make it so that there simply can't be such a thing as a CA that's too big and important to be removed from the trusted CAs list.
But that's not very useful, because compromising one CA gets you back to the same situation again.
It's just lucky that the compromise is public this time, they don't have to be. The attacker could make the cert then spring the trap at a convenient time. By the time somebody figures it out, the damage will be done already.
So I've seen quite a few people wanting a switch to self-signed certs (who IMO mostly don't understand what making that secure actually involves), and an idea to check certs from different network paths (which doesn't work if your only path is compromised, and how do you secure the communication to the service that does the check for you?).
So here's an alternative idea: Require multiple CAs.
Instead of doing it the "extended validation" way which is more money for not a whole lot more service from the same provider, it'd be much better to have multiple CA signatures on a single cert.
Compromising multiple CAs in the same timeframe to create a cert would be considerably harder than creating one. More importantly, it'd make revoking large CAs much easier.
Let's say that the new norm is to have a site's cert is signed by 5 different CAs, and that the minimum acceptable amount is 3 signatures.
Then, if Verisign gets compromised there's no problem with pulling their cert: you're down to 4 valid signatures on your certificate, which is still fine. That should put considerably more pressure on CAs to perform better.
Even Verisign wouldn't be able to trust that their security problems would be let go due to their popularity, as even the largest CAs would be completely expendable without the end users needing to care much. The site would just go with a different 5th CA to return back to the full strength.
How do you authenticate the authentication server?
If I got it right, this system needs to contact some server that says "I cerfity this cert as valid, because the fingerprint was the same from the 50 different network paths we checked it". Ok.
But, that message has to be transferred securely as well, otherwise Mallory just spoofs that server, and you've got no security. And you can't do the checks yourself because you don't have 50 servers around the world you can use for testing.
If you delete all the other CAs when Alice goes to gmail, ebay, amazon etc she will get the self signed experience.
Which means that she can't really trust any of them, and should just not use them. Since we're talking about a company she'd solve that problem by using her own company's mail server instead of gmail.
If you don't delete the other CAs, it just takes the pwning of one of them to MITM Alice.
Yep, but without them the pwning is pretty much guaranteed if anybody at all is trying. Just how do you plan to verify the security of the gmail.com SSL cert from Iran?
For something like a bank, I guess the bank could give you a fingerprint when you open the account (maybe print it on the credit card), or have it etched on the building or something. But for gmail? Just who are you going to call at Google to ask about what the fingerprint is, and how would you know it's Google who you reached?
So are you really proposing that users delete all CAs except for one CA? Which CA or CAs should they keep? None = self signed.
For the scenario I'm describing, their own company's internal one, which isn't any of those your browser includes.
If you delete all other CAs you're in effect making Alice have the "self-signed" cert experience. You're ending up with something that's very like a pure "self-signed" environment
Nope. There is a very, very crucial difference: With a CA, Alice delegates security to Bob. Without a CA, manually checking fingerprints, security squarely depends on Alice and requires a number of inconvenient operations to really make it be secure.
Like I said, the CA also allows reducing the importance of timing and scales much better.
And I found that convenience is a very crucial aspect to things like security and backups. If staying secure means you have to reach some guy in another country at 3AM, or if making backups requires a list of magic incantations to be performed before hand, eventually you'll say "screw it" and ignore the whole thing.
(the yoyodyne CA might as well be self-signed). In which case you should now realize that with the current browsers the real-world CA system is not more secure than self-signed;).
The CA is self-signed of course, as all CAs are if you look at the certs. The chain has to start somewhere, or you have an "turtles all the way down" sort of problem.
Because everyone is going "OH NOES SELF-SIGNED IS INSECURE!" when the truth is there's no real difference in practice.
There is plenty, you just haven't tried it.
Except the CA method just makes more people feel good (albeit usually for $$$).
What $$$? Bob can generate the CA cert entirely for free, with the tools that come with OpenSSL for instance. It's still a CA based scheme though. For internal usage like Alice's, there's absolutely no need to pay any cert authority, you just run your own.
Manage what? A good setup doesn't need to be messed with.
I haven't really touched it since I put the current version in place somewhere around 3 years ago, and back then I don't think it took about a day to set up the entire server, most of which goes on waiting for things to install. Actual configuration time is maybe an hour. I "apt-get upgrade" once in a while to keep up with the patches and that's about it.
Also over the long run it probably saved me time, because if I have problems with network access I have everything locally anyway, so stuff still gets done.
Here you have another profile: Around your age, single, also very tech literate.
Host my own email and Jabber server, docs are in OpenOffice. No syncing of any kind. Own a smartphone but want absolutely nothing to do with any kind of integration with a provider like Google or Yahoo, I'll host my own, thanks. File storage? RAID, and Mercurial. Maps? Nokia maps on the phone, with the map files downloaded beforehand for any country I might travel to.
I just don't find either Google nor Yahoo desirable. Web UIs still suck when compared to a proper desktop client. Needing a network connection to get things done is inconvenient. Having some third party hold my critical data isn't really my thing, especially when they're doing it for free and I have no real recourse if anything goes wrong. I always operate with the assumption that I may not have a network connection ocassionally, so I avoid needing one for anything.
Alice works at Yoyodyne, Inc. She has to make a business trip to Iran/China/your favourite not very trustable country.
Bob the Yoyodyne sysadmin generates a CA cert, gives it to Alice with a fingerprint.
Alice flies to Iran and uses Bob's CA cert to validate the cert on yoyodyne.com. Cert expires? No problem, Bob can make a new one and Alice will be able to trust it.
Company starts a new project that requires a second cert? No problem either, Bob signs the cert with the CA key and Alice can trust it.
Company starts a partnership with Acme? Bob generates a S/MIME certificate, attaches Acme's cert, signs the whole thing with his S/MIME cert, and Alice can trust the result.
Server gets compromised? Bob revokes the certificate and OCSP quickly makes it so that everybody finds out as fast as possible.
By just setting up the CA before hand a whole lot of problems is avoided. Alice doesn't need to wake Bob up at 3 AM to ask what's the fingerprint for the new cert. Bob can create new certs without having to do complex coordination with hundreds of workers around the world. People don't need to spend time slowly spelling out fingerprints over a noisy phone connection.
The CA system itself is secure, scalable and sound, what is not sound is that instead of having one CA the user really trusts they have a hundred certs from who knows where. But there's no reason why the user can't wipe the browser's cert list and use only their company's CA, or use a plugin like you mention.
The fingerprint system by comparison doesn't scale. People go on vacation, live in different timezones, have difficulty understanding what's this fingerprint stuff and how to check it... if you try to check fingerprints manually for 500 employees it'll be complete madness and most of those will get fed up, say "screw it" and just click OK on whatever cert comes up. And as a result you'll be much less secure.
That assumes a mostly secure system where an attacker managed to sneak in for a short time.
That assumption doesn't apply in places like Iran, where such shenanigans may well be organized by the government itself and happen at ISP level, for every single internet user in the country. Then all the network paths you have go through the attacker.
Sure, their transparent proxy might not be catching fingerprints in IMs today, but if that gets popular enough you can be sure it eventually will be upgraded to do that.
CAs are generally safer because browser vendors require passing an audit to be included. And like in this case, they will remove the certs for CAs that fail to perform properly.
If you were using self-signed certs in Iran, all they'd need to do is to do MITM at the ISP level, and you'd never, ever notice without an alternative non-Iran-controlled connection. They could simply take the site's cert, generate a new one on the fly with the same data, present it to you, and make sure to use the same cert the next time you access.
With a CA you at least have some protection so long the CAs aren't compromised. In fact in such a situation, a CA outside of the control of your enemies might be your best bet of remaining secure. Self-signed certs are entirely hopeless though.
If you're using SSH that way, you're donig it horribly wrong.
SSH's security comes from you verifying the key. In a CA system you delegate that responsibility to somebody else, but with SSH that responsibility falls squarely on you, and the security of the system depends on you doing the checking properly.
When using SSH correctly what you do is to obtain the system's fingerprint by yourself, or from whoever allows you access to their server over a secure channel, connect, and verify that it matches. Only then can you be sure everything is secure.
To be really, really sure that no MITM is going on with SSH you have to obtain over a channel that doesn't allow it to happen, such as from the local console. Learning fingerprints from email or IM conversations isn't guaranteed to be safe.
Ignoring the fingerprint and hoping that you weren't a victim of MITM the first time you tried connect is very, very wrong. There are plenty scenarios where that is trivial to exploit, such as with a malicious open wifi network.
Yes, but how do you know whether the first self-signed cert you got is a good one?
With SSH CAs are not needed because somebody else is acting as the CA, either yourself when you're accessing your own system, or whoever is giving you access to theirs. And SSH is only really secure if you actually bother to compare fingerprints.
So why the hate for OnLive, where the equivalent service for movies and TV shows, Netflix, gets tons o' love?
Netflix doesn't seem to be in danger of moving all movie watching online. You can still go buy the movie. OnLive though seems like a very possible future: games that will never be available in any other form than through OnLive.
In the future, it seems, you never own anything. You only rent and passively consume it, and aren't allowed to touch anything the maker doesn't want you to. When they decide you've played enough, they cut off access.
Nope, I don't like it, and don't plan to contribute a cent to such a thing.
Do you live in a happy little world with talking fluffy bunnies by any chance ?
No, but it should have some.
The world of business is there to make money and that's it, if you can negotiate a deal where your products and services get priority over someone elses then you take it and run to the bank!
Yeah, you're only saying that because nobody properly screwed you over yet.
I used to sell systems to a US sponsored outfit that recorded telephone calls in the old East Germany from West Germany.. what's the issue ?
It's absolutely disgusting and you should be ashamed of yourself?
Honestly and truely is there anyone who actually cares if someone you don't know, have never met, never will meet, who'se in a country that you can't find on a map and will never go to, has been "spied" upon ?
On a personal level, probably not, on a general level, hell yes. There's got to be something else to life than blind pursuit of money. Otherwise we'll all find any quality of life fly out of the window soon enough.
Find something worthwhile to fight for rather than trying to promote how much better free software is over paid software.. personally I detest most "free" software as a large percentage is unfinished crap and I'd rather buy from a company I can hold accountable if I have problems
Ah, but how does that mesh with your philosophy? Why would I have any reason to care about what some guy I have never met, will never met, in a country I don't know, thinks I should be doing?
BTW, I don't think you've ever tried to hold any such company accountable for anything. Hint: you're way too much of a small fry for them to bother with anything for your sake. Now sign a contract for a couple million, then they'll pay attention.
A domesticated skunk might not be exactly the same thing as the wild version, but it's pretty darn close. And if the wild ones go extinct, it should be quite easy to recreate the wild population starting from the domesticated one. Cats and dogs are managing that just fine without any extra help, even.
Er, no. Cats and tigers are very distantly related. Cats were domesticated at their current size, nobody was breeding tigers down to a manageable shape.
Slashdot Mirror
I wasn't trying to provide a solution, I'm explaining why that sort of thing is challenging at an interview.
Also, the implementation follows from the technique chosen to play.
If you're testing for basic coding and array manipulation skills then this isn't very good, because figuring out how to play the game well has little to do with array manipulation. I wouldn't be surprised if people got stuck pondering the technique having assumed it's what you're interested in.
That seems fairly challenging for an interview.
The obvious approach I guess is to shoot at random until you get a hit, storing the results in a table. Then you try the 4 squares next to the one you hit to deduce the direction. The algorithm could be improved by knowing what are the possible ships and which are left, excluding large ships that wouldn't fit in a given position.
Problem though is that your declaration doesn't allow for a "sunk" result, which makes things less efficient than they could be. Also it creates problems with ships in a "T" formation.
But, saying the above is easy, properly figuring out how to store the data, keep the accounting of the ships and so on requires some thinking, which is rather difficult to do on an interview where you don't want to make the interviewer wait while you ponder the best way to do it.
I found this, which mirrors my idea.
I also looked at Perspectives.
IMO, it's quite silly.
First, the idea of it is to replace CAs with... a CA. It does exactly what any other CA does, except it implements a different policy. Instead of "we certify that bobsmith.com belongs to somebody named Bob Smith", or "the person who requested this cert proved they control http://bobsmith.com/", it's "we certify that this cert looks the same from everywhere".
It is just as hackable as any other CA, though I guess it does have the slight advantage of the attacker to modify their servers and keep the intrusion active, instead of breaking in, making a few certs, removing traces and disappearing.
If you use it in addition to the current system it's just a CA more. If you only use that you're using an unique CA provider, which is just like only trusting Verisign. It's got less points of failure, but if it does fail you don't have anything else to fallback on.
Also imagine somebody takes the code and runs their own. And then we're back to the current system of multiple CAs, the compromise any of which can break the entire system.
Implementation-wise it seems to have downsides. For instance it requires a connection to their servers, which is trivially blocked, while SSL works fine with having just a connection to the server you're connecting to.
It also requires active scanning, which means that you can't renew a cert transparently: either there is a time window during which a different cert goes unnoticed, or the modification immediately triggers a security warning. The later means that any cert change requires you to accept that your users will see your site as untrustworthy until the system is happy with the new cert.
Not at all. My idea has absolutely nothing to do with what this project.
My idea requires: Certificates to support multiple CA signatures, and for a browser to require multiple valid CA signatures on a cert. Other than that it fits perfectly well in the current scheme. You'd still get your cert signed by companies like Verisign and Thawte, and their certs would still come by default with the browser.
That would be possible under a system like that, but I think the current system of trusted by default CAs ought to remain. 99% of people simply aren't going to take time to understand how a PGP style works. I'd know, I explaned PGP to several people and it takes a quite long time to do properly.
Besides, just what does your brother in law trusting a CA means? He thinks they're really professional? They are cheap and have nice customer service? But none of that has anything to do with their security and internal practices. Unless it's say, his company's CA and he personally knows that his company's security is well managed, it's pretty much impossible for a normal person to have a meaningful trust in a CA like that.
First, my idea is that it'd need to happen with 3 of them, which makes it more difficult than with just one.
Second, by requiring multiple signatures and adding a safety margin, any CA's signature becomes expendable. Right now gmail.com is signed by Thawte. Which browser vendor would dare pull Thawte's cert? Very few probably. Now what if gmail.com was signed by Thawte and 4 other providers? Then you could remove Thawte's cert, and nobody would notice anything, because it's still signed by >= 3 valid CAs.
The idea of that is to put more pressure on CAs and make it so that there simply can't be such a thing as a CA that's too big and important to be removed from the trusted CAs list.
How are you so sure of that? What would prevent it?
They're in between you and those 50, they can spoof everything they like.
But that's not very useful, because compromising one CA gets you back to the same situation again.
It's just lucky that the compromise is public this time, they don't have to be. The attacker could make the cert then spring the trap at a convenient time. By the time somebody figures it out, the damage will be done already.
That's not very useful if your ISP is doing the MITM, which is very much a reality in many places right now.
For instance, there have been several articles here on ISPs injecting content into the websites they serve.
So I've seen quite a few people wanting a switch to self-signed certs (who IMO mostly don't understand what making that secure actually involves), and an idea to check certs from different network paths (which doesn't work if your only path is compromised, and how do you secure the communication to the service that does the check for you?).
So here's an alternative idea: Require multiple CAs.
Instead of doing it the "extended validation" way which is more money for not a whole lot more service from the same provider, it'd be much better to have multiple CA signatures on a single cert.
Compromising multiple CAs in the same timeframe to create a cert would be considerably harder than creating one. More importantly, it'd make revoking large CAs much easier.
Let's say that the new norm is to have a site's cert is signed by 5 different CAs, and that the minimum acceptable amount is 3 signatures.
Then, if Verisign gets compromised there's no problem with pulling their cert: you're down to 4 valid signatures on your certificate, which is still fine. That should put considerably more pressure on CAs to perform better.
Even Verisign wouldn't be able to trust that their security problems would be let go due to their popularity, as even the largest CAs would be completely expendable without the end users needing to care much. The site would just go with a different 5th CA to return back to the full strength.
How do you authenticate the authentication server?
If I got it right, this system needs to contact some server that says "I cerfity this cert as valid, because the fingerprint was the same from the 50 different network paths we checked it". Ok.
But, that message has to be transferred securely as well, otherwise Mallory just spoofs that server, and you've got no security. And you can't do the checks yourself because you don't have 50 servers around the world you can use for testing.
Which means that she can't really trust any of them, and should just not use them. Since we're talking about a company she'd solve that problem by using her own company's mail server instead of gmail.
Yep, but without them the pwning is pretty much guaranteed if anybody at all is trying. Just how do you plan to verify the security of the gmail.com SSL cert from Iran?
For something like a bank, I guess the bank could give you a fingerprint when you open the account (maybe print it on the credit card), or have it etched on the building or something. But for gmail? Just who are you going to call at Google to ask about what the fingerprint is, and how would you know it's Google who you reached?
For the scenario I'm describing, their own company's internal one, which isn't any of those your browser includes.
Nope. There is a very, very crucial difference: With a CA, Alice delegates security to Bob. Without a CA, manually checking fingerprints, security squarely depends on Alice and requires a number of inconvenient operations to really make it be secure.
Like I said, the CA also allows reducing the importance of timing and scales much better.
And I found that convenience is a very crucial aspect to things like security and backups. If staying secure means you have to reach some guy in another country at 3AM, or if making backups requires a list of magic
incantations to be performed before hand, eventually you'll say "screw it" and ignore the whole thing.
The CA is self-signed of course, as all CAs are if you look at the certs. The chain has to start somewhere, or you have an "turtles all the way down" sort of problem.
There is plenty, you just haven't tried it.
What $$$? Bob can generate the CA cert entirely for free, with the tools that come with OpenSSL for instance. It's still a CA based scheme though. For internal usage like Alice's, there's absolutely no need to pay any cert authority, you just run your own.
Manage what? A good setup doesn't need to be messed with.
I haven't really touched it since I put the current version in place somewhere around 3 years ago, and back then I don't think it took about a day to set up the entire server, most of which goes on waiting for things to install. Actual configuration time is maybe an hour. I "apt-get upgrade" once in a while to keep up with the patches and that's about it.
Also over the long run it probably saved me time, because if I have problems with network access I have everything locally anyway, so stuff still gets done.
Here you have another profile: Around your age, single, also very tech literate.
Host my own email and Jabber server, docs are in OpenOffice. No syncing of any kind. Own a smartphone but want absolutely nothing to do with any kind of integration with a provider like Google or Yahoo, I'll host my own, thanks. File storage? RAID, and Mercurial. Maps? Nokia maps on the phone, with the map files downloaded beforehand for any country I might travel to.
I just don't find either Google nor Yahoo desirable. Web UIs still suck when compared to a proper desktop client. Needing a network connection to get things done is inconvenient. Having some third party hold my critical data isn't really my thing, especially when they're doing it for free and I have no real recourse if anything goes wrong. I always operate with the assumption that I may not have a network connection ocassionally, so I avoid needing one for anything.
The secure way of doing things with a CA:
Alice works at Yoyodyne, Inc. She has to make a business trip to Iran/China/your favourite not very trustable country.
Bob the Yoyodyne sysadmin generates a CA cert, gives it to Alice with a fingerprint.
Alice flies to Iran and uses Bob's CA cert to validate the cert on yoyodyne.com. Cert expires? No problem, Bob can make a new one and Alice will be able to trust it.
Company starts a new project that requires a second cert? No problem either, Bob signs the cert with the CA key and Alice can trust it.
Company starts a partnership with Acme? Bob generates a S/MIME certificate, attaches Acme's cert, signs the whole thing with his S/MIME cert, and Alice can trust the result.
Server gets compromised? Bob revokes the certificate and OCSP quickly makes it so that everybody finds out as fast as possible.
By just setting up the CA before hand a whole lot of problems is avoided. Alice doesn't need to wake Bob up at 3 AM to ask what's the fingerprint for the new cert. Bob can create new certs without having to do complex coordination with hundreds of workers around the world. People don't need to spend time slowly spelling out fingerprints over a noisy phone connection.
The CA system itself is secure, scalable and sound, what is not sound is that instead of having one CA the user really trusts they have a hundred certs from who knows where. But there's no reason why the user can't wipe the browser's cert list and use only their company's CA, or use a plugin like you mention.
The fingerprint system by comparison doesn't scale. People go on vacation, live in different timezones, have difficulty understanding what's this fingerprint stuff and how to check it... if you try to check fingerprints manually for 500 employees it'll be complete madness and most of those will get fed up, say "screw it" and just click OK on whatever cert comes up. And as a result you'll be much less secure.
That assumes a mostly secure system where an attacker managed to sneak in for a short time.
That assumption doesn't apply in places like Iran, where such shenanigans may well be organized by the government itself and happen at ISP level, for every single internet user in the country. Then all the network paths you have go through the attacker.
Sure, their transparent proxy might not be catching fingerprints in IMs today, but if that gets popular enough you can be sure it eventually will be upgraded to do that.
CAs are generally safer because browser vendors require passing an audit to be included. And like in this case, they will remove the certs for CAs that fail to perform properly.
If you were using self-signed certs in Iran, all they'd need to do is to do MITM at the ISP level, and you'd never, ever notice without an alternative non-Iran-controlled connection. They could simply take the site's cert, generate a new one on the fly with the same data, present it to you, and make sure to use the same cert the next time you access.
With a CA you at least have some protection so long the CAs aren't compromised. In fact in such a situation, a CA outside of the control of your enemies might be your best bet of remaining secure. Self-signed certs are entirely hopeless though.
If you're using SSH that way, you're donig it horribly wrong.
SSH's security comes from you verifying the key. In a CA system you delegate that responsibility to somebody else, but with SSH that responsibility falls squarely on you, and the security of the system depends on you doing the checking properly.
When using SSH correctly what you do is to obtain the system's fingerprint by yourself, or from whoever allows you access to their server over a secure channel, connect, and verify that it matches. Only then can you be sure everything is secure.
To be really, really sure that no MITM is going on with SSH you have to obtain over a channel that doesn't allow it to happen, such as from the local console. Learning fingerprints from email or IM conversations isn't guaranteed to be safe.
Ignoring the fingerprint and hoping that you weren't a victim of MITM the first time you tried connect is very, very wrong. There are plenty scenarios where that is trivial to exploit, such as with a malicious open wifi network.
Yes, but how do you know whether the first self-signed cert you got is a good one?
With SSH CAs are not needed because somebody else is acting as the CA, either yourself when you're accessing your own system, or whoever is giving you access to theirs. And SSH is only really secure if you actually bother to compare fingerprints.
Netflix doesn't seem to be in danger of moving all movie watching online. You can still go buy the movie. OnLive though seems like a very possible future: games that will never be available in any other form than through OnLive.
In the future, it seems, you never own anything. You only rent and passively consume it, and aren't allowed to touch anything the maker doesn't want you to. When they decide you've played enough, they cut off access.
Nope, I don't like it, and don't plan to contribute a cent to such a thing.
No, but it should have some.
Yeah, you're only saying that because nobody properly screwed you over yet.
It's absolutely disgusting and you should be ashamed of yourself?
On a personal level, probably not, on a general level, hell yes. There's got to be something else to life than blind pursuit of money. Otherwise we'll all find any quality of life fly out of the window soon enough.
Ah, but how does that mesh with your philosophy? Why would I have any reason to care about what some guy I have never met, will never met, in a country I don't know, thinks I should be doing?
BTW, I don't think you've ever tried to hold any such company accountable for anything. Hint: you're way too much of a small fry for them to bother with anything for your sake. Now sign a contract for a couple million, then they'll pay attention.
Hey, that's almost funny.
That's precisely the idea, yes.
A domesticated skunk might not be exactly the same thing as the wild version, but it's pretty darn close. And if the wild ones go extinct, it should be quite easy to recreate the wild population starting from the domesticated one. Cats and dogs are managing that just fine without any extra help, even.
Er, no. Cats and tigers are very distantly related. Cats were domesticated at their current size, nobody was breeding tigers down to a manageable shape.