Private ID cards issued by banks, employers, etc. are usually the same way; they belong to the issuer, not the recipient, are subject to restrictions on how they can be used, and must be surrendered on demand.
It's still kinda crap that you don't technically own it, because in every state I've lived in, you have to *pay* for the thing.... if the government wants to retain ownership of licenses, I think they should provide them for free.
It's not really all that unusual to pay for something without becoming the owner. Just think of it as a rental rather than a purchase.
Also, while most Visa cards may be issued and renewed "for free"—meaning "cost included", as they fully expect to recoup that expense in fees and interest—that doesn't apply to all of them; and if you lose or damage your card you'll probably find that you are expected to pay for its replacement.
Do you own your Visa card and your tamper-proof Driver's license? Sure,...
No, you don't. The Visa card belongs to the bank that issued it, and the driver's license is owned by the issuing state. The same goes for many other forms of identification. You are granted the card only for the purpose of identifying yourself as an account holder / licensed driver / employee / etc. Any other use is prohibited, and you are required to surrender the ID card on demand from the issuer. You are not the owner, only a temporary caretaker.
The original definition of Marxist Socialism involves state ownership of the means of production.
You're partly right in that they're gotten smarter about leaving in the appearance of private property when it doesn't conflict too badly with the way the government wants resources allocated. Why antagonize their flock needlessly, after all? But when private property owners accumulate and use their property in (non-harmful) ways the government doesn't like, regulation, taxes, and eminent domain are always ready to hand to bring things back in line with their vision.
The stance that you have the right to tell someone else how they can or cannot use their own property—absent any unauthorized impact to others' property—amounts in effect to a claim of ownership. Eminent domain takes this a step further by physically seizing the property, but even plain regulation, or the threat of regulation, is effectively a taking of private property for public use, most commonly without compensation. Ownership is the right to control. Whatever the government claims it has the right to regulate, it also claims to own. Is there anything that a modern government doesn't claim the right to regulate? As they see it, your property is their property, leased to you at their whim and only yours so long as they permit.
In some cases the taking is a small fraction of the item's value; in other cases the regulations destroy most or all of the items' value to the owner.
If you want to use the looser definition of socialism often employed in the US (transfer of wealth from top to bottom) then every government that has ever existed is socialist.
Not true. There have been, and are still, plenty of governments that are explicitly and publicly intended to work the other way, transferring wealth from the bottom to the top.
The more socialist ones also tend to have that effect in practice, but they work harder at disguising it. Any system which actually persisted in transferring wealth from the top to the bottom would soon find that there is no "top" left to transfer from. Redistribution is only effective when you can take small amounts from each of the many without the means to resist, for the concentrated benefit of a few. Of course, getting away with this depends on either an expensive enforcement system or the ability to successfully con the majority into thinking that all this redistribution is for their benefit.
To create a "brain wallet", you start with a low entropy string, so low that you can remember it in your brain, and then you do stuff to it to expand it out to the key length.
To be fair, it is possible to create a "brain wallet" with enough entropy to remain secure from this sort of attack. Such wallets will have randomly generated passphrases with at least 128 bits of entropy (generally 12-24 words selected uniformly from a standardized 2000-word dictionary, yielding about 11 bits per word). A 24-word passphrase of this sort is equivalent in entropy to a standard 256-bit Bitcoin private key, and within the memorization capacity of most humans.
The problem is "brain wallets" generated from low-entropy passwords, especially ones supplied by the user. Offline attacks against low-entropy passwords are, naturally, trivial to implement with modern computing capabilities.
So on Linux, -AB can have two different meanings. -A -B has only one meaning, it's always two switches.
"-A -B" is two switches only if "-A" does not have a required argument, otherwise it's one switch. It is not true that "-A -B" is always two switches.
If you're not sure whether a switch takes an optional argument, then the "-AB" and "-A -B" forms have the minor advantage of being unambiguous given that the switch either can take an argument or can be used without one, respectively. However, a better solution would be to consult the --help text or manual page and remove the uncertainty.
I believe you'll find that the standard behavior under Linux is the opposite of what you claim:
[~]$ ssh -o -Y test@example.com command-line: line 0: Bad configuration option: -y
The `getopts` command in Bash works the same way:
[~]$ set -- -A -B [~]$ getopts "A:B" opt; echo $opt; echo $OPTARG; A -B
As does `ls`:
[tmp]$ touch -- -t plain [tmp]$ ls -t plain [tmp]$ ls -t -t plain [tmp]$ ls -I-t plain [tmp]$ ls -I -t plain
(Tested in Debian Linux. The -I (--ignore) option to `ls` specifies a glob pattern to skip in the output.)
Even the test program in the getopt(3) manual page you linked to processes "-t -n" as a single option "-t" with argument "-n". The documentation simply states that "optstring is a string containing the legitimate option characters. If such a character is followed by a colon, the option requires an argument, so getopt() places a pointer to the following text in the same argv-element, or the text of the following argv-element, in optarg." There is nothing to indicate that following argv-elements starting with a dash are treated differently.
Options with optional arguments (like Perl's "-i" option) are not allowed to be split, so in this case "-A -B" would indeed be treated as two separate options. However, this would cause "-A B" to be processed as an argumentless "-A" and a separate positional argument "B" (equivalent to "B -A"), and not as a substitute for "-AB".
I routinely use X forwarding on a 10 megabit LAN without any problems. More likely a poorly written application is to blame.
The problem is that an X application which is written correctly for local display (for example, taking advantage of hardware acceleration) is "poorly written" for running with a non-local X server, and vice-versa. To handle both cases well you have to implement two different UIs, which shows that X's much-vaunted "network transparency" isn't actually transparent at all.
What people want is ssh -X and yes it is a top priority to many.
That, plus the ability to reconnect to the same session (Ã la screen),...
In other words, what people really want is the functionality provided by xpra. The thing is, xpra would actually be easier to implement as a Wayland compositor than the current hack based on Xdummy or Xvfb.
For example there used to be a keystroke for killing grabs. They removed it claiming it was "unnecessary" because you only need it if there's a bug in an application.
They removed it because it was a security problem, not because it was "unnecessary". You could use it to bypass lock screens, which are implemented in part through screen grabs.
The AllowDeactivateGrabs and AllowClosedownGrabs options are available in xorg.conf if you want to restore the original insecure behavior.
However, that 1 dollar a week thing... isn't it exactly what people here and elsewhere asked for? Like, for so long?
Close, but not quite. Quantity is relevant here. What people were asking for was the ability to pay the amount that the site would have received for the advertising in exchange for ad-free access, not 50 times that amount. It's doubtful that Wired even gets $1/year in advertising revenues from an average non-ad-blocking visitor, never mind $1/week. Paying $52/year just for access to a handful of Wired articles would be unreasonable for all but the most devoted readers.
Would you be ok with a company monitoring your browsing habits like that? Such that they know if you bought something already.
The problem is that they're tracking you too closely already. If they just showed the same selection of ads to every visitor then the odds of repeatedly seeing ads for something you already bought wouldn't be very high. Instead, they track you just enough to know that you were interested in the product at one time, without also noting that you already purchased the item and thus are no longer in the market. Rather than adding more tracking, the issue could be resolved by doing less, or at least allowing the obsolete tracking data to expire from the ad profile after a reasonable time (days, not months).
taking advantage of the fact that binary data can be encoded into something that looks like a photo to software
Not just to software; the encoding looks like a photo to humans, too. It may not be a stunning landscape or an entrancing self-portrait, but even a photo of pure noise is still a photo.
So if the utility wants to deter bitcoin miners from moving in to their area (or at least charge them more to make up for the risk) they need to work with the local government to draw a line in the sand somewhere. That line needs to be drawn in a way that non-technical lawyers, judges and politicans can understand and that can be enforced using information the utility has access to.
I don't disagree with any of that, but whatever "line in the sand" they pick ought to have some relationship to the risks they're trying to mitigate. Power density is simply too arbitrary, and thus discriminatory. Do your bitcoin mining in a traditional data center drawing 220 MW and you pay an extra $3M/month. Colocate your mining operation at a low-energy farm operation spanning a few hundred acres, using the same amount of power, and you pay the normal rates. The risks haven't changed at all, but the power density is much lower.
They should just require a multi-year transferable contract with an early termination fee for any new commercial-grade service, backed by an insurance policy. Established industries with low churn would be able to get low premiums, since their risk would be low. Riskier industries would pay higher premiums. This would deal with the real issue while getting the utility out of the business of discriminating against specific customers.
To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW.
Never mind that; the summary just got the units completely wrong, and consequently was off by four orders of magnitude. The actual threshold from the linked slides is 250 kWh/ft^2/year, which is a long-winded way of saying 28.5 W/ft^2. Ergo, 220 MW would need a bit over 7.7 million square feet of operating space, or about 177 acres, to stay below the threshold, which makes the rule a bit harder to game. (Partner with a local farming operation, perhaps?)
Power density is still a stupid way to decide electric rates. The size of a client's operating space has no bearing whatsoever on cost or risk to the electric company.
They are not targeting miners specifically. They are targeting "high density users (more than 250kW per square foot)".
Yeah, right. The rule may not say "bitcoin mining" in so many words, but even the utility company itself said that this was targeted at miners.
The real issue is that kW per square foot is a arbitrary and meaningless metric. It has nothing at all to do with the cost of delivering the electricity or the risks associated with building out new infrastructure. It's not unreasonable that the utility wants some compensation in exchange for the risk of building out expensive distribution infrastructure, especially for the sake of what they see as a risky industry, but they need to come up with a more equitable basis for sharing the risks than "power density".
If nothing else, the metric is too easily gamed: just rent a larger facility. To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW. Minimal expense to the miners—all of which goes to real estate and construction, not the utility—and the utility remains stuck with exactly the same expenses and risks as before.
To give only representation to people or groups and not people in different geographies is called taxation without representation, since, then the geographies with low populations are not getting a vote comparable to the vote that larger communities get in the process.
Nonsense. It's people that are taxed, not geographies. Representation by land-mass is perhaps the least equitable way of voting on taxation. That just ensures that the more populous areas suffer from tax burdens far in excess of their representation.
(The most equitable arrangement, of course, would be proportional representation based on how much taxes the individual pays—counting as tax any loss of value due to restrictions imposed on the use of one's property.)
And if you're buying internet service from a rogue ISP that alters web pages, you need a new ISP, not a red X.
Big-name ISPs like AT&T, Verizon, and Comcast have been caught tampering with HTTP traffic to insert their own tracking headers and ads—including scripts in some cases—and not everyone has a great deal of choice in ISPs in their area. This is hardly a theoretical concern, and HTTPS is the most direct and effective way to prevent such tampering.
Your own reputation is at stake, along with users' security. Do you want to get blamed for inappropriate content that some random ISP injected into your page? It may technically be the ISP's fault, or even the user's for choosing that ISP, but you made the tampering possible by failing to take reasonable and customary steps to ensure the integrity of the data delivered from your server.
A security-conscious company, head of household, or even ISP can largely protect users against malware that's been added to sites by detecting it at the firewall, as it enters the network. Unless of course it's https, in which case you can't detect the content at all.
If users want that sort of protection they can manually configure a proxy, thus consenting to allow their traffic to be inspected. We do need better proxy protocols for HTTPS which permit inspection but not tampering, and avoid bypassing the browser's built-in certificate validation. This could be accomplished by making the proxy a simple passive conduit while sharing the client's symmetric encryption key and IV with the proxy. This would let the proxy decrypt the traffic as it's forwarded and cut off the connection in the event of a problem, but tampering would still be detectable since the proxy would not possess the HMAC secret.
Companies and households could force all traffic to pass through the proxy simply by blocking direct connections. ISPs would have a harder time getting away with that, which is as it should be. ISP-level malware protection should be an optional benefit, not a mandatory requirement.
HTTPS encrypts the data transfer, and provides for VERIFICATION that a third party CA believes the site is who it says it is. No authentication involved.
On the contrary, the HTTPS server is forced to authenticate itself as the holder of the private key signed by a CA. Verification is between the server and its CA, not between the client and the server, and serves as a preliminary to obtaining a CA's signature for the server's key.
TLS can also be used to authenticate the client using a client certificate or a password (TLS-SRP), but this is much less common.
So my simple web server, serving up some basic info - like maybe my most recent cat photos.. Are you saying that I *must* use SSL to do this?
If you don't use SSL then you're putting your users at risk, not because someone might find out that they're looking at cat pictures, but because someone can tamper with the unprotected connection and inject malware which appears to come from you.
And to make SSL work I have to pay to get a certificate (cuz I don't really trust the freebie options yet).
That's your problem. The free certificates work just fine, so there's no need to pay unless you run a big enough operation to warrant an EV certificate.
particularly legacy sites that carry no practical risks
There is no such thing. It doesn't matter whether the content of the connection is particularly sensitive; whenever you connect to any Internet site over an unauthenticated connection, an attacker can take advantage of that opportunity to substitute malware in place of the innocuous data you expected. Malicious scripts, injected third-party ads, exploit-riddled media filesâ"unprotected connections offer endless opportunities for those so inclined to take over your PC. The only way to protect yourself and your PC is to use TLS to verify that the data came from the expected source.
So we used to have a simple system, see http:/// on the URL bar, or see https:/// on the bar.
Only http:/// is hidden, so users can still look for https:///. In fact, the difference is even more obvious than before: instead of just one missing letter, the entire protocol field indicates whether the connection is encrypted.
In other words, you want the gold-plated system that you think will work best for you—as you claim not to care about costs—and you don't care how many others must be deprived of the more reasonable levels of care which they could actually afford to get it.
It's not often that you see someone deliberately out themselves publically as a self-centered sociopath, but I do commend you for your honesty.
This isn't an argument for the one-size-fits-all socialist solution. Both options should be available. If all you can afford is the back-alley physician offering hand-mixed medication only marginally more likely to heal you than to make your condition worse, there shouldn't be anyone standing in your way of getting that treatment. (If someone wants to offer you a better option out of their own resources, of course, that's fine too.) On the other hand, if you can afford top-notch care from the finest doctors and are willing to spend the money, no one should interfere with that, either.
The single-payer system doesn't take away the cost; it just redistributes it less fairly. If you make an average income and require the average amount of medical care over the course of your life you'll end up paying just as much in the end, in the form of taxes and/or inflation rather than health care. What it does eliminate, however, is choice. When someone else is being billed for your treatment, the level and type of care you qualify for becomes their decision, not yours.
Have a look at CodeWorld. While still a work in progress, it's designed specifically for students new to programming, and renders the output of simple programs as pictures and animation right in the web browser.
Slashdot Mirror
Government-related stuff can always be different.
Private ID cards issued by banks, employers, etc. are usually the same way; they belong to the issuer, not the recipient, are subject to restrictions on how they can be used, and must be surrendered on demand.
It's still kinda crap that you don't technically own it, because in every state I've lived in, you have to *pay* for the thing. ... if the government wants to retain ownership of licenses, I think they should provide them for free.
It's not really all that unusual to pay for something without becoming the owner. Just think of it as a rental rather than a purchase.
Also, while most Visa cards may be issued and renewed "for free"—meaning "cost included", as they fully expect to recoup that expense in fees and interest—that doesn't apply to all of them; and if you lose or damage your card you'll probably find that you are expected to pay for its replacement.
Do you own your Visa card and your tamper-proof Driver's license? Sure, ...
No, you don't. The Visa card belongs to the bank that issued it, and the driver's license is owned by the issuing state. The same goes for many other forms of identification. You are granted the card only for the purpose of identifying yourself as an account holder / licensed driver / employee / etc. Any other use is prohibited, and you are required to surrender the ID card on demand from the issuer. You are not the owner, only a temporary caretaker.
The original definition of Marxist Socialism involves state ownership of the means of production.
You're partly right in that they're gotten smarter about leaving in the appearance of private property when it doesn't conflict too badly with the way the government wants resources allocated. Why antagonize their flock needlessly, after all? But when private property owners accumulate and use their property in (non-harmful) ways the government doesn't like, regulation, taxes, and eminent domain are always ready to hand to bring things back in line with their vision.
The stance that you have the right to tell someone else how they can or cannot use their own property—absent any unauthorized impact to others' property—amounts in effect to a claim of ownership. Eminent domain takes this a step further by physically seizing the property, but even plain regulation, or the threat of regulation, is effectively a taking of private property for public use, most commonly without compensation. Ownership is the right to control. Whatever the government claims it has the right to regulate, it also claims to own. Is there anything that a modern government doesn't claim the right to regulate? As they see it, your property is their property, leased to you at their whim and only yours so long as they permit.
In some cases the taking is a small fraction of the item's value; in other cases the regulations destroy most or all of the items' value to the owner.
If you want to use the looser definition of socialism often employed in the US (transfer of wealth from top to bottom) then every government that has ever existed is socialist.
Not true. There have been, and are still, plenty of governments that are explicitly and publicly intended to work the other way, transferring wealth from the bottom to the top.
The more socialist ones also tend to have that effect in practice, but they work harder at disguising it. Any system which actually persisted in transferring wealth from the top to the bottom would soon find that there is no "top" left to transfer from. Redistribution is only effective when you can take small amounts from each of the many without the means to resist, for the concentrated benefit of a few. Of course, getting away with this depends on either an expensive enforcement system or the ability to successfully con the majority into thinking that all this redistribution is for their benefit.
To create a "brain wallet", you start with a low entropy string, so low that you can remember it in your brain, and then you do stuff to it to expand it out to the key length.
To be fair, it is possible to create a "brain wallet" with enough entropy to remain secure from this sort of attack. Such wallets will have randomly generated passphrases with at least 128 bits of entropy (generally 12-24 words selected uniformly from a standardized 2000-word dictionary, yielding about 11 bits per word). A 24-word passphrase of this sort is equivalent in entropy to a standard 256-bit Bitcoin private key, and within the memorization capacity of most humans.
The problem is "brain wallets" generated from low-entropy passwords, especially ones supplied by the user. Offline attacks against low-entropy passwords are, naturally, trivial to implement with modern computing capabilities.
You're moving the goalposts. What you said was:
So on Linux, -AB can have two different meanings. -A -B has only one meaning, it's always two switches.
"-A -B" is two switches only if "-A" does not have a required argument, otherwise it's one switch. It is not true that "-A -B" is always two switches.
If you're not sure whether a switch takes an optional argument, then the "-AB" and "-A -B" forms have the minor advantage of being unambiguous given that the switch either can take an argument or can be used without one, respectively. However, a better solution would be to consult the --help text or manual page and remove the uncertainty.
I believe you'll find that the standard behavior under Linux is the opposite of what you claim:
The `getopts` command in Bash works the same way:
As does `ls`:
(Tested in Debian Linux. The -I (--ignore) option to `ls` specifies a glob pattern to skip in the output.)
Even the test program in the getopt(3) manual page you linked to processes "-t -n" as a single option "-t" with argument "-n". The documentation simply states that "optstring is a string containing the legitimate option characters. If such a character is followed by a colon, the option requires an argument, so getopt() places a pointer to the following text in the same argv-element, or the text of the following argv-element, in optarg." There is nothing to indicate that following argv-elements starting with a dash are treated differently.
Options with optional arguments (like Perl's "-i" option) are not allowed to be split, so in this case "-A -B" would indeed be treated as two separate options. However, this would cause "-A B" to be processed as an argumentless "-A" and a separate positional argument "B" (equivalent to "B -A"), and not as a substitute for "-AB".
I routinely use X forwarding on a 10 megabit LAN without any problems. More likely a poorly written application is to blame.
The problem is that an X application which is written correctly for local display (for example, taking advantage of hardware acceleration) is "poorly written" for running with a non-local X server, and vice-versa. To handle both cases well you have to implement two different UIs, which shows that X's much-vaunted "network transparency" isn't actually transparent at all.
What people want is ssh -X and yes it is a top priority to many.
That, plus the ability to reconnect to the same session (Ã la screen), ...
In other words, what people really want is the functionality provided by xpra. The thing is, xpra would actually be easier to implement as a Wayland compositor than the current hack based on Xdummy or Xvfb.
For example there used to be a keystroke for killing grabs. They removed it claiming it was "unnecessary" because you only need it if there's a bug in an application.
They removed it because it was a security problem, not because it was "unnecessary". You could use it to bypass lock screens, which are implemented in part through screen grabs.
The AllowDeactivateGrabs and AllowClosedownGrabs options are available in xorg.conf if you want to restore the original insecure behavior.
(By habit I normally seperate my flags since -AB can mean -A B, with B being an argument to A).
With separate flags that becomes "-A -B", with -B being an argument to -A. How is that better?
However, that 1 dollar a week thing... isn't it exactly what people here and elsewhere asked for? Like, for so long?
Close, but not quite. Quantity is relevant here. What people were asking for was the ability to pay the amount that the site would have received for the advertising in exchange for ad-free access, not 50 times that amount. It's doubtful that Wired even gets $1/year in advertising revenues from an average non-ad-blocking visitor, never mind $1/week. Paying $52/year just for access to a handful of Wired articles would be unreasonable for all but the most devoted readers.
Would you be ok with a company monitoring your browsing habits like that? Such that they know if you bought something already.
The problem is that they're tracking you too closely already. If they just showed the same selection of ads to every visitor then the odds of repeatedly seeing ads for something you already bought wouldn't be very high. Instead, they track you just enough to know that you were interested in the product at one time, without also noting that you already purchased the item and thus are no longer in the market. Rather than adding more tracking, the issue could be resolved by doing less, or at least allowing the obsolete tracking data to expire from the ad profile after a reasonable time (days, not months).
taking advantage of the fact that binary data can be encoded into something that looks like a photo to software
Not just to software; the encoding looks like a photo to humans, too. It may not be a stunning landscape or an entrancing self-portrait, but even a photo of pure noise is still a photo.
So if the utility wants to deter bitcoin miners from moving in to their area (or at least charge them more to make up for the risk) they need to work with the local government to draw a line in the sand somewhere. That line needs to be drawn in a way that non-technical lawyers, judges and politicans can understand and that can be enforced using information the utility has access to.
I don't disagree with any of that, but whatever "line in the sand" they pick ought to have some relationship to the risks they're trying to mitigate. Power density is simply too arbitrary, and thus discriminatory. Do your bitcoin mining in a traditional data center drawing 220 MW and you pay an extra $3M/month. Colocate your mining operation at a low-energy farm operation spanning a few hundred acres, using the same amount of power, and you pay the normal rates. The risks haven't changed at all, but the power density is much lower.
They should just require a multi-year transferable contract with an early termination fee for any new commercial-grade service, backed by an insurance policy. Established industries with low churn would be able to get low premiums, since their risk would be low. Riskier industries would pay higher premiums. This would deal with the real issue while getting the utility out of the business of discriminating against specific customers.
To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW.
Never mind that; the summary just got the units completely wrong, and consequently was off by four orders of magnitude. The actual threshold from the linked slides is 250 kWh/ft^2/year, which is a long-winded way of saying 28.5 W/ft^2. Ergo, 220 MW would need a bit over 7.7 million square feet of operating space, or about 177 acres, to stay below the threshold, which makes the rule a bit harder to game. (Partner with a local farming operation, perhaps?)
Power density is still a stupid way to decide electric rates. The size of a client's operating space has no bearing whatsoever on cost or risk to the electric company.
They are not targeting miners specifically. They are targeting "high density users (more than 250kW per square foot)".
Yeah, right. The rule may not say "bitcoin mining" in so many words, but even the utility company itself said that this was targeted at miners.
The real issue is that kW per square foot is a arbitrary and meaningless metric. It has nothing at all to do with the cost of delivering the electricity or the risks associated with building out new infrastructure. It's not unreasonable that the utility wants some compensation in exchange for the risk of building out expensive distribution infrastructure, especially for the sake of what they see as a risky industry, but they need to come up with a more equitable basis for sharing the risks than "power density".
If nothing else, the metric is too easily gamed: just rent a larger facility. To keep entire proposed 220 MW addition under the 250kW/ft^2 threshold you only need to add 880 square feet, which would be far less expensive than paying the 2c/kWh surcharge, over $3M per month for 220 MW. Minimal expense to the miners—all of which goes to real estate and construction, not the utility—and the utility remains stuck with exactly the same expenses and risks as before.
To give only representation to people or groups and not people in different geographies is called taxation without representation, since, then the geographies with low populations are not getting a vote comparable to the vote that larger communities get in the process.
Nonsense. It's people that are taxed, not geographies. Representation by land-mass is perhaps the least equitable way of voting on taxation. That just ensures that the more populous areas suffer from tax burdens far in excess of their representation.
(The most equitable arrangement, of course, would be proportional representation based on how much taxes the individual pays—counting as tax any loss of value due to restrictions imposed on the use of one's property.)
And if you're buying internet service from a rogue ISP that alters web pages, you need a new ISP, not a red X.
Big-name ISPs like AT&T, Verizon, and Comcast have been caught tampering with HTTP traffic to insert their own tracking headers and ads—including scripts in some cases—and not everyone has a great deal of choice in ISPs in their area. This is hardly a theoretical concern, and HTTPS is the most direct and effective way to prevent such tampering.
Your own reputation is at stake, along with users' security. Do you want to get blamed for inappropriate content that some random ISP injected into your page? It may technically be the ISP's fault, or even the user's for choosing that ISP, but you made the tampering possible by failing to take reasonable and customary steps to ensure the integrity of the data delivered from your server.
A security-conscious company, head of household, or even ISP can largely protect users against malware that's been added to sites by detecting it at the firewall, as it enters the network. Unless of course it's https, in which case you can't detect the content at all.
If users want that sort of protection they can manually configure a proxy, thus consenting to allow their traffic to be inspected. We do need better proxy protocols for HTTPS which permit inspection but not tampering, and avoid bypassing the browser's built-in certificate validation. This could be accomplished by making the proxy a simple passive conduit while sharing the client's symmetric encryption key and IV with the proxy. This would let the proxy decrypt the traffic as it's forwarded and cut off the connection in the event of a problem, but tampering would still be detectable since the proxy would not possess the HMAC secret.
Companies and households could force all traffic to pass through the proxy simply by blocking direct connections. ISPs would have a harder time getting away with that, which is as it should be. ISP-level malware protection should be an optional benefit, not a mandatory requirement.
HTTPS encrypts the data transfer, and provides for VERIFICATION that a third party CA believes the site is who it says it is. No authentication involved.
On the contrary, the HTTPS server is forced to authenticate itself as the holder of the private key signed by a CA. Verification is between the server and its CA, not between the client and the server, and serves as a preliminary to obtaining a CA's signature for the server's key.
TLS can also be used to authenticate the client using a client certificate or a password (TLS-SRP), but this is much less common.
So my simple web server, serving up some basic info - like maybe my most recent cat photos.. Are you saying that I *must* use SSL to do this?
If you don't use SSL then you're putting your users at risk, not because someone might find out that they're looking at cat pictures, but because someone can tamper with the unprotected connection and inject malware which appears to come from you.
And to make SSL work I have to pay to get a certificate (cuz I don't really trust the freebie options yet).
That's your problem. The free certificates work just fine, so there's no need to pay unless you run a big enough operation to warrant an EV certificate.
particularly legacy sites that carry no practical risks
There is no such thing. It doesn't matter whether the content of the connection is particularly sensitive; whenever you connect to any Internet site over an unauthenticated connection, an attacker can take advantage of that opportunity to substitute malware in place of the innocuous data you expected. Malicious scripts, injected third-party ads, exploit-riddled media filesâ"unprotected connections offer endless opportunities for those so inclined to take over your PC. The only way to protect yourself and your PC is to use TLS to verify that the data came from the expected source.
The Let's Encrypt project will work just fine with Windows servers. You just need a compatible ACME client, and there are a few options available:
ACMESharp
letsencrypt-win-simple
So we used to have a simple system, see http:/// on the URL bar, or see https:/// on the bar.
Only http:/// is hidden, so users can still look for https:///. In fact, the difference is even more obvious than before: instead of just one missing letter, the entire protocol field indicates whether the connection is encrypted.
In other words, you want the gold-plated system that you think will work best for you—as you claim not to care about costs—and you don't care how many others must be deprived of the more reasonable levels of care which they could actually afford to get it.
It's not often that you see someone deliberately out themselves publically as a self-centered sociopath, but I do commend you for your honesty.
This isn't an argument for the one-size-fits-all socialist solution. Both options should be available. If all you can afford is the back-alley physician offering hand-mixed medication only marginally more likely to heal you than to make your condition worse, there shouldn't be anyone standing in your way of getting that treatment. (If someone wants to offer you a better option out of their own resources, of course, that's fine too.) On the other hand, if you can afford top-notch care from the finest doctors and are willing to spend the money, no one should interfere with that, either.
The single-payer system doesn't take away the cost; it just redistributes it less fairly. If you make an average income and require the average amount of medical care over the course of your life you'll end up paying just as much in the end, in the form of taxes and/or inflation rather than health care. What it does eliminate, however, is choice. When someone else is being billed for your treatment, the level and type of care you qualify for becomes their decision, not yours.
Have a look at CodeWorld. While still a work in progress, it's designed specifically for students new to programming, and renders the output of simple programs as pictures and animation right in the web browser.