I think you're confused. Pirates hijack boats, sometimes kill people, sometimes hold hostages for ransom, and otherwise cause jackassery upon the open sea (near Somalia I guess).
Copyright infringement is a civil matter and has to do with DRM and the like.
I didn't see any particular reason to move from CVS to SVN either. The only reason I could see was support for directory changes. But they screwed up everything else.
Give git a try. It's a big change and it's a frustrating first few days, but before long you're like: why didn't I try this before???
(Hg is the same way, afaik, but I never tried it.)
The only caveat is windows. If you work on windows, be prepared for a slow cygwin port... gaarh. Still worth it. CVS sucks, SVN sucks the same but different. Try git.
I wish Google or someone would come out with a phone which is based on a completely open OS like Linux and where people can write their own programs and so on for it.
If you have to do all that work for the privilege of automatic payments, why not just pay them by hand? Therefore, my wife and I just pay them by hand. Works great.
Also, you're much better off paying off your credit card every month. We write the check by hand, for the full amount. It's nice.
I doubt I'll ever go to automatic bill pay because of errors. One time SBC sent me a $450 bill because of errors on their part. With automatic bill pay, they'd already have the money and my dialog with their customer service would have been about giving it back instead of the other way around.
Then, another time, only a couple years later, they sent me a bill for $3300 -- not kidding in any way. The only way I got them to listen to me that time was by saying, "MPSC." Automatic bill pay would have made that a horrible disaster.
Basically since those two incidents, I've been 100% totally against automatic bill pay... at least the type where the company pulls from your accounts directly. The flavors where a 3rd party keeps an eye out for mistakes might be more palatable.
Awesome. Leave it to NASA to install more and more complicated parts on something until it's almost completely useless and costs a billion dollars per launch.
Next, failing to learn from other previous design mistakes, they'll install heat resistant tiles all over the thing.
I'm not the one suggesting we misuse them. I have a signed certificate afterall. I suggested using a self-generated CA because I know that will get rid of the warning. The usual way to do it relatively securely is to fax people the complete footprint, email it to them, or otherwise describe it. It's like 15 characters, they can tell if it matches up.
All I'm saying is that if you try to do SSL without x509, you are susceptible to man in the middle attacks and you'll have no way to detect it. This is particularly true when you temporarily accept the self signed certificate each time you visit the site.
At least with the ff3 warning system you are required to store the certificate so the man in the middle attack either happens the first time and eventually the attack lapses and you'll notice the certificate change, or it happens later and you notice the certificate change.
Either way, SSL without x509 is not secure and to say it is shows a fundamental misunderstanding of the whole process. Man in the middle attacks are the chink in the armor and the flaw needed to be addressed. I'm not saying x509 is good and I really like the whole CA industry, I'm saying it's a necessary evil.
Where can I sign up for the really expensive phone with no buttons, locked into a single provider, that I can't modify or enjoy in any way (except the approved ways I suppose).
If you really think this, I suggest you go back and read about x509, man in the middle attacks, and the reasons why they chose x509 for ssl.
I'm not saying there shouldn't be an alternative to x509, I'm saying that's what we have, no live with it or come up with a new certificateless protocol that doesn't have a serious man in the middle flaw.
more secure if all http servers switched to using self-signed SSL certificates in place of unencrypted connections.
It wouldn't. It would certainly be less subject to people listening in, but it would most definitely be less secure, since you would have no way to know if you were really talking to your bank, or the guy that took over the site using dns poisoning attacks.
SSL isn't meant just for encrypting pages, it's meant for verifying identity also.
There are two solutions to this problem.
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
2. buy a cheap ass certificate from godaddy for $10. Your domain registration likely costs this much as well, but we don't complain about that, do we? The service is actually worth $10.
Without the above, the ff3 presentation is correct, the certificate is bad and should not be trusted. Otherwise you're in real danger of man in the middle attacks.
Not without a billion dollars. Dollars are the only votes left that mean anything here. To that end, I send spare dollars to the EFF since they're actually getting things done; things that complaining and protesting do not get done.
Who uses their ISPs DNS servers? Most people probably. Well, I don't trust them. My friends and I run a recursing nameserver that we access over a VPN link.
Normally you'd only use openid for authentication (who are you) and there would be an additional password mechanism for authorization (do I have the right to be here).
Both could be combined with other methods, or you could create your own openid provider...
You can also combine delegate your website to a provider of choice, and if they start sucking you can change to another provider without changing your credentials at the sites you frequent.
Slashdot Mirror
I think you're confused. Pirates hijack boats, sometimes kill people, sometimes hold hostages for ransom, and otherwise cause jackassery upon the open sea (near Somalia I guess).
Copyright infringement is a civil matter and has to do with DRM and the like.
Please don't continue calling copyright infringement piracy. It's not.
In english, it depends on the editing rules you've adopted, but usually modern publishers use single quotes inside double quotes to escape them:
I was all like, "She said, 'wtf?'"
I'm unclear on where the ? goes though. Usually punctuation goes on the inside of quotes "like this." ... but for double quotes like that I'm baffled.
I didn't see any particular reason to move from CVS to SVN either. The only reason I could see was support for directory changes. But they screwed up everything else.
Give git a try. It's a big change and it's a frustrating first few days, but before long you're like: why didn't I try this before???
(Hg is the same way, afaik, but I never tried it.)
The only caveat is windows. If you work on windows, be prepared for a slow cygwin port... gaarh. Still worth it. CVS sucks, SVN sucks the same but different. Try git.
I just had horrifying visions of MS jQuery .Net Visual Studio Professional.
When will they get rid of that effing messenger that pops up in the systray no matter how many times I remove the .exe completely.
I wish Google or someone would come out with a phone which is based on a completely open OS like Linux and where people can write their own programs and so on for it.
I believe it's called android.
I'm reading this blurb like this, "Judges, in a remarkably stupid an uninformed decision, said that JK Rowlings can be a greedy bitch." Wow.
... once you know, you newegg.
Start with items with lots of reviews, read the most critical first. 4. profit.
If you have to do all that work for the privilege of automatic payments, why not just pay them by hand? Therefore, my wife and I just pay them by hand. Works great.
Also, you're much better off paying off your credit card every month. We write the check by hand, for the full amount. It's nice.
I doubt I'll ever go to automatic bill pay because of errors. One time SBC sent me a $450 bill because of errors on their part. With automatic bill pay, they'd already have the money and my dialog with their customer service would have been about giving it back instead of the other way around.
Then, another time, only a couple years later, they sent me a bill for $3300 -- not kidding in any way. The only way I got them to listen to me that time was by saying, "MPSC." Automatic bill pay would have made that a horrible disaster.
Basically since those two incidents, I've been 100% totally against automatic bill pay ... at least the type where the company pulls from your accounts directly. The flavors where a 3rd party keeps an eye out for mistakes might be more palatable.
Awesome. Leave it to NASA to install more and more complicated parts on something until it's almost completely useless and costs a billion dollars per launch.
Next, failing to learn from other previous design mistakes, they'll install heat resistant tiles all over the thing.
I'm not the one suggesting we misuse them. I have a signed certificate afterall. I suggested using a self-generated CA because I know that will get rid of the warning. The usual way to do it relatively securely is to fax people the complete footprint, email it to them, or otherwise describe it. It's like 15 characters, they can tell if it matches up.
All I'm saying is that if you try to do SSL without x509, you are susceptible to man in the middle attacks and you'll have no way to detect it. This is particularly true when you temporarily accept the self signed certificate each time you visit the site.
At least with the ff3 warning system you are required to store the certificate so the man in the middle attack either happens the first time and eventually the attack lapses and you'll notice the certificate change, or it happens later and you notice the certificate change.
Either way, SSL without x509 is not secure and to say it is shows a fundamental misunderstanding of the whole process. Man in the middle attacks are the chink in the armor and the flaw needed to be addressed. I'm not saying x509 is good and I really like the whole CA industry, I'm saying it's a necessary evil.
Where can I sign up for the really expensive phone with no buttons, locked into a single provider, that I can't modify or enjoy in any way (except the approved ways I suppose).
I'd really like one of those.
Mmm, 2nd edition. You do know there was a 4th edition recently?
If you really think this, I suggest you go back and read about x509, man in the middle attacks, and the reasons why they chose x509 for ssl.
I'm not saying there shouldn't be an alternative to x509, I'm saying that's what we have, no live with it or come up with a new certificateless protocol that doesn't have a serious man in the middle flaw.
I'm not worried, I bought a signed one for $10...
If you're worried, it's a solution you could look at.
It wouldn't do them any good.
Try to buy a cert for bankofamerica.com, even from a crappy source. I don't think you'll be able to do so.
more secure if all http servers switched to using self-signed SSL certificates in place of unencrypted connections.
It wouldn't. It would certainly be less subject to people listening in, but it would most definitely be less secure, since you would have no way to know if you were really talking to your bank, or the guy that took over the site using dns poisoning attacks.
Isn't the ultimate reference the definition?
http://www.w3.org/TR/CSS21/
http://www.w3.org/Style/CSS/
SSL isn't meant just for encrypting pages, it's meant for verifying identity also.
There are two solutions to this problem.
1. create your own CA and tell your customers to import the CA by clicking here (before putting them in ssl mode). It's really not much trouble to set up your own CA.
2. buy a cheap ass certificate from godaddy for $10. Your domain registration likely costs this much as well, but we don't complain about that, do we? The service is actually worth $10.
Without the above, the ff3 presentation is correct, the certificate is bad and should not be trusted. Otherwise you're in real danger of man in the middle attacks.
Not without a billion dollars. Dollars are the only votes left that mean anything here. To that end, I send spare dollars to the EFF since they're actually getting things done; things that complaining and protesting do not get done.
Who uses their ISPs DNS servers? Most people probably. Well, I don't trust them. My friends and I run a recursing nameserver that we access over a VPN link.
ISPs just aren't trustworthy.
authentication vs authorization...
Normally you'd only use openid for authentication (who are you) and there would be an additional password mechanism for authorization (do I have the right to be here).
Both could be combined with other methods, or you could create your own openid provider ...
You can also combine delegate your website to a provider of choice, and if they start sucking you can change to another provider without changing your credentials at the sites you frequent.
Now just how do they know what the local peoples called that previous super continent? Did they leave a written record?
the uverse set top box seems to take about 5 minutes to fully boot up...