You can buy a wildcard for *. browser.ovi.com, which was the point of my comment. They're suppressing hostname checking on their own domain, not on the internet. RTFA.
Nokia also seems to have allowed MTM attacks using its own cert - the Nokia proxy is returning a nokia cert, which is trusted by the OS. Plus they're suppressing hostname checks on Nokia certs as well. You'd think they would have just sprung for a wildcard cert.
You can't discount this stuff just because you don't believe it's possible that one man and his team could have dug all this stuff up. Motivated individuals can do quite a lot, if they have lots and lots of time, money, and focus. Apparently he has all three.
A lot of stuff here could cause problems for Belize, but really, the big problem for McAfee is he's now a bona-fide target. Before, he was just some pain in the ass. Now he's probably become a target of opportunity. Depending on how this plays in Belize, he might even be upgraded to active removal.
It must be fun working for him...until the hammer comes down.
"So no, airships will always be tourist attractions. No one wants to pay more money to transport things less quickly."
If it's faster than a container, slower than air freight, and has a price to match, there will be a market for it.
Realistically speaking, though, they don't seem to lift very well. I'm looking at the O-1 airship: 177 feet long, cargo weight of 3290 lbs. That's pretty lame. The soviet V6 was 344ft and could to 20k lbs...which is less than 1/3 the maximum weight of a 20-foot container.
However, as a large semi-stationary platform it would be ideal. I'm not sure how happy I'd be having an airship permanently anchored over my city, though from what I understand you get used to it.
You're responsible for your own security. You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.
This sort of metaphor, while poetic, is counterproductive.
Who knew that global warming/climate change was caused by Boston? That fossil fuel argument was just a smokescreen for what really causes climate change: Boston Baked Beans!
If you look at T-Mobile's financials, they're doing horribly with consumers. On the embedded side they're growing like crazy.
Embedded is perfect for 2G/EDGE: low data usage, occasional connections, reliability. T-Mo could become -the- provider for embedded monitoring and make a fortune.
It's not sexy, but it's profitable. The should buy Orbcomm and go end-to-end.
If you look at the numbers, there are quite a few counties in Ohio and FL that haven't come in yet. FL is probably good for Obama, but OH is really still a question mark right now.
Building cool hardware is great. Selling cool hardware is totally different.
If someone wants to buy you at a point before you sell, do it. The summary says you'll compete with EMC or NetApp. You won't. You're able to do what you're doing because you have time to think about the product. Someone else in the field can look at what you're doing and figure it out quickly. Someone like the people at backblaze.
Can you offer 24x7 support? How is your manageability and maintenance? Recovery? How are you going to make the thing? Those are basic questions. Are you going to sell direct or via channels? blah blah blah.
OTOH, if you get eaten by facebook you get to help them design and build their systems, which is great if that's what you want to do. The thing is, your story is what's getting you the PR, not your product. Leverage off that PR as much as you can, since it's all you've got right now.
The answer is generally yes, you pay sales tax on shipping & handling. Check your local state's department of revenue, though in general if a state can charge a tax it will.
Specifically, since the US mail used to be part of the government, there were special rules as to when the government could and could not look at your mail.
Those rules was broadened and adapted to "email" by that ruling.
Shouldn't the EFF argue that a cloud service is the equivalent of a bank's safe deposit box? Someone else holds your property on your behalf. For SDBs, the government needs a warrant...just like if your stuff was in the cloud.
For little boxes that deal with DNS, time, etc - put them in amazon. They're critical servers, but don't really need to be at your site. Put the primaries outside, and slaves on the inside. That way if you have an outage you can always repoint DNS to somewhere else...something you can't do if your primary DNS is on a dead network.
And another thing: why don't browsers show you the problem on the screen? They just have a "show certificate" button, and they let you figure out what the heck is wrong. Most people won't have any idea why a given certificate didn't pass validation. Here's a short list that browser makers can use:
1. The server name doesn't match the name on the certificate (common). Insecurity risk: low. Action: Highlight the hostname in the URL and the hostname on the destination server. User Suggestion: contact the server administrator about the problem and continue on.
2. The issuer of the certificate is unknown to me (the browser). Insecurity risk: high on a public website, low on an internal site. Action: Highlight the issuer and the website that you were trying to connec tto User suggestion: if you recognize the issuer as someone you know (like your company) and you're connecting to the company's website, continue. If not, do not continue and disconnect your computer from the network.
3. The domain name on the certificate doesn't match the one I tried to connect to (unusual). Insecurity risk: high Action: highlight the domain name on the certificate, the domain name you tried to connect to, and the issuer. User suggestion: the website i'm trying to connect to appears to be a totally different site than I was expecting. This may mean that someone is trying to intercept your data. We recommend that you stop all activity and disconnect your computer.
4. The certificate is valid, but it's expired (common). Insecurity risk: low Action: highlight the expiration date of the cert, and show that everything else is good. Risk: low, if everything else is valid User suggestion: It appears the security certification of the website is expired. Everything else looks OK, and the risk of interception is low. Continue?
One of the reasons this problem exists is there are no guidelines as to exactly how to present this problem to the user.
The user can't do anything about the problem - but they have to be told that their transaction (whatever it is) has failed or cannot be completed.
I suspect that on a PC, most people have no idea what that "certificate problem" dialog box means. As far as they're concerned, it's a useless error that happened on the way to their online banking session.
On mobile, it's even worse. You're using SSL behind the scenes, and what can you say?
"I'm sorry, I was trying to log in and the server credentials are different than what I expected. I can't log you in."
This will make even less sense to an end user, and won't fit on the screen.
"It appears that someone is trying to intercept the data we're sending to our servers. Do you want to continue and expose your private data to an unknown person?"
That's probably more accurate.
"For some reason, we couldn't verify the security of your connection. Do you want to continue and expose your data to an unknown person?"
That's probably a good error message, but I'm sure others can come up with better ones.
If you're using a self-signed cert, install your root into your app. Why not? It'll at least allow you to not turn off host checking.
This may be more of a problem overseas, but I've been in hotels in the US that I've been to that have tried to MTM on SSL (ie: the cert is from some network device in the hotel, not my bank). It was very strange.
Who are you talking about, BackBlaze or the stores?
BackBlaze did what they should have done: solve the business problem at hand. Does anyone know anybody that wasn't able to buy a 3TB hard drive at retail due to BackBlaze's purchases?
Slashdot Mirror
You can buy a wildcard for *. browser.ovi.com, which was the point of my comment. They're suppressing hostname checking on their own domain, not on the internet. RTFA.
Nokia also seems to have allowed MTM attacks using its own cert - the Nokia proxy is returning a nokia cert, which is trusted by the OS. Plus they're suppressing hostname checks on Nokia certs as well. You'd think they would have just sprung for a wildcard cert.
You can't discount this stuff just because you don't believe it's possible that one man and his team could have dug all this stuff up. Motivated individuals can do quite a lot, if they have lots and lots of time, money, and focus. Apparently he has all three.
A lot of stuff here could cause problems for Belize, but really, the big problem for McAfee is he's now a bona-fide target. Before, he was just some pain in the ass. Now he's probably become a target of opportunity. Depending on how this plays in Belize, he might even be upgraded to active removal.
It must be fun working for him...until the hammer comes down.
Actually, unions are great at preserving public-sector jobs and extracting the absolute maximum amount of dollars from taxpayers in compensation.
Have you looked at the pension liabilities for your state lately? Soon they will exceed all other expenditures by far.
Yeah, basically.
"So no, airships will always be tourist attractions. No one wants to pay more money to transport things less quickly."
If it's faster than a container, slower than air freight, and has a price to match, there will be a market for it.
Realistically speaking, though, they don't seem to lift very well. I'm looking at the O-1 airship: 177 feet long, cargo weight of 3290 lbs. That's pretty lame. The soviet V6 was 344ft and could to 20k lbs...which is less than 1/3 the maximum weight of a 20-foot container.
However, as a large semi-stationary platform it would be ideal. I'm not sure how happy I'd be having an airship permanently anchored over my city, though from what I understand you get used to it.
You're responsible for your own security. You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.
This sort of metaphor, while poetic, is counterproductive.
First, she needs to read claude shannon's "a mathematical theory of communication"
http://cm.bell-labs.com/cm/ms/what/shannonday/shannon1948.pdf
Also, this class may help:
https://itunes.apple.com/us/itunes-u/principles-digital-communications/id341597796?mt=10
Who knew that global warming/climate change was caused by Boston? That fossil fuel argument was just a smokescreen for what really causes climate change: Boston Baked Beans!
If you look at T-Mobile's financials, they're doing horribly with consumers. On the embedded side they're growing like crazy.
Embedded is perfect for 2G/EDGE: low data usage, occasional connections, reliability. T-Mo could become -the- provider for embedded monitoring and make a fortune.
It's not sexy, but it's profitable. The should buy Orbcomm and go end-to-end.
If you look at the numbers, there are quite a few counties in Ohio and FL that haven't come in yet. FL is probably good for Obama, but OH is really still a question mark right now.
83% reporting
difference: 26k votes
http://www2.sos.state.oh.us/pls/enrpublic/f?p=212:41:535976335870203::NO::P41_REGION,P41_RACE_CODE:Statewide,PR
20:47 PDT
Building cool hardware is great. Selling cool hardware is totally different.
If someone wants to buy you at a point before you sell, do it. The summary says you'll compete with EMC or NetApp. You won't. You're able to do what you're doing because you have time to think about the product. Someone else in the field can look at what you're doing and figure it out quickly. Someone like the people at backblaze.
Can you offer 24x7 support? How is your manageability and maintenance? Recovery? How are you going to make the thing? Those are basic questions. Are you going to sell direct or via channels? blah blah blah.
OTOH, if you get eaten by facebook you get to help them design and build their systems, which is great if that's what you want to do. The thing is, your story is what's getting you the PR, not your product. Leverage off that PR as much as you can, since it's all you've got right now.
You don't spoof to get lower bills. You spoof so your neighbors get higher bills.
The answer is generally yes, you pay sales tax on shipping & handling. Check your local state's department of revenue, though in general if a state can charge a tax it will.
Specifically, since the US mail used to be part of the government, there were special rules as to when the government could and could not look at your mail.
Those rules was broadened and adapted to "email" by that ruling.
I think that was explicitly for mail, which is treated differently than other things due to the special nature of mail.
Shouldn't the EFF argue that a cloud service is the equivalent of a bank's safe deposit box? Someone else holds your property on your behalf. For SDBs, the government needs a warrant...just like if your stuff was in the cloud.
Obviously, they put it right next to the 30,000 pounds of bananas:
http://vimeo.com/16809690
For little boxes that deal with DNS, time, etc - put them in amazon. They're critical servers, but don't really need to be at your site. Put the primaries outside, and slaves on the inside. That way if you have an outage you can always repoint DNS to somewhere else...something you can't do if your primary DNS is on a dead network.
I guess your career was more important...b*tch! // just kidding, my mom was great.
It could be that you suck, and people think you're not good enough to write stuff from scratch.
It could be that nobody in your organization writes stuff from scratch.
It could be that you're so good at fixing other people's crap code that you're too valuable to work on new stuff.
In any case, you need to either leave or start agitating.
And another thing: why don't browsers show you the problem on the screen? They just have a "show certificate" button, and they let you figure out what the heck is wrong. Most people won't have any idea why a given certificate didn't pass validation. Here's a short list that browser makers can use:
1. The server name doesn't match the name on the certificate (common).
Insecurity risk: low.
Action: Highlight the hostname in the URL and the hostname on the destination server.
User Suggestion: contact the server administrator about the problem and continue on.
2. The issuer of the certificate is unknown to me (the browser).
Insecurity risk: high on a public website, low on an internal site.
Action: Highlight the issuer and the website that you were trying to connec tto
User suggestion: if you recognize the issuer as someone you know (like your company) and you're connecting to the company's website, continue. If not, do not continue and disconnect your computer from the network.
3. The domain name on the certificate doesn't match the one I tried to connect to (unusual).
Insecurity risk: high
Action: highlight the domain name on the certificate, the domain name you tried to connect to, and the issuer.
User suggestion: the website i'm trying to connect to appears to be a totally different site than I was expecting. This may mean that someone is trying to intercept your data. We recommend that you stop all activity and disconnect your computer.
4. The certificate is valid, but it's expired (common).
Insecurity risk: low
Action: highlight the expiration date of the cert, and show that everything else is good.
Risk: low, if everything else is valid
User suggestion: It appears the security certification of the website is expired. Everything else looks OK, and the risk of interception is low. Continue?
One of the reasons this problem exists is there are no guidelines as to exactly how to present this problem to the user.
The user can't do anything about the problem - but they have to be told that their transaction (whatever it is) has failed or cannot be completed.
I suspect that on a PC, most people have no idea what that "certificate problem" dialog box means. As far as they're concerned, it's a useless error that happened on the way to their online banking session.
On mobile, it's even worse. You're using SSL behind the scenes, and what can you say?
"I'm sorry, I was trying to log in and the server credentials are different than what I expected. I can't log you in."
This will make even less sense to an end user, and won't fit on the screen.
"It appears that someone is trying to intercept the data we're sending to our servers. Do you want to continue and expose your private data to an unknown person?"
That's probably more accurate.
"For some reason, we couldn't verify the security of your connection. Do you want to continue and expose your data to an unknown person?"
That's probably a good error message, but I'm sure others can come up with better ones.
If you're using a self-signed cert, install your root into your app. Why not? It'll at least allow you to not turn off host checking.
This may be more of a problem overseas, but I've been in hotels in the US that I've been to that have tried to MTM on SSL (ie: the cert is from some network device in the hotel, not my bank). It was very strange.
ISPs are run by technical people, who are somewhat notorious for poor people skills.
The site owner TFA:
Rather than shutting down the site, he said, it could have done "something simple, like, calling any of the three numbers for us they have on file".
Why didn't they just call? Oh wait, that would involve human contact.
Who are you talking about, BackBlaze or the stores?
BackBlaze did what they should have done: solve the business problem at hand. Does anyone know anybody that wasn't able to buy a 3TB hard drive at retail due to BackBlaze's purchases?