Security is a slippery term, and hard to pin down, but loosely speaking, you're right: HTTPS with an invalid cert is MORE secure than HTTP (If you thought I said otherwise, I apologize, for I must have been unclear).
However, HTTPS is designed to do 2 things: Encryption, and authentication. In today's world, the threats are such that authentication is by far the more important function of HTTPS. Average users can not be expected to be knowledgeable enough to know this, and to make the necessary judgments properly. Therefore, HTTPS should be used for the purpose and in the way in which it was designed.
In other words, encryption-only (which is basically what HTTPS with an invalid cert is) protects against a certain class of attacks, and authentication against another class (although there is overlap). The point is that the threats of today mostly fall in the class that authentication can protect against.
The problem is that mom and pop users are not the ones who should solve this issue, cannot be educated about cryptography in a warning message AND are the most likely victims of phishing attacks and such. The people who complain about the number of steps to set up an exception are also the people who can make an informed judgment about the trustworthiness of a site to begin with. We should NOT be putting mom and pop at risk for the convenience of the knowledgeable minority of users. The sites mom and pop are most likely to visit will have their certificates in order anyway (or should have, at least). Not being able to access some legitimate sites that insist on using self-signed certificates is a small price to pay.
The Slashdot populace is always ready to bash Microsoft and others for their silly security policies (rightfully so, in many cases), which often place convenience ahead of actual security. So why is there suddenly a big debate when Firefox does the right thing and warns users about invalid certificates?
Allowing users to easily get past expired and/or self-signed certificates completely defeats the purpose of certificates. Self-signed certs should ONLY be used for development/debugging purposes, not for production environments.
For production websites, using a self-signed certificate is just an ugly hack to achieve encrypted (but not authenticated!) sessions, and it shouldn't be accepted as such! If you really want encryption without authentication, there are very good alternatives available.
A valid debate would be whether browsers should make it easier to set up an encrypted-but-not-authenticated session, for example by supporting http tunneled through ssh in a user-friendly way. Or maybe we need a whole new protocol for this.
What we SHOULDN'T do is diminish the (imperfect, yet better than nothing) security that the current system provides us for the sake of convenience.
>I'm still going to be annoyed that its not well
>conveyed onto consumers WHY this is bad.
In general, my position in this regard is that if you can't be bothered stay informed about a particular subject, you should just shut up and do as you're told. That isn't intended as a judgment, really! There are plenty of subjects on which I can't be bothered to stay informed, simply because there are only a wee 24 hours in the day. But I object to the argument that "consumers" should be able to kick back and relax while the government spoon-feeds them everything they need to know. THAT is what 1984 warned against.
Joe Average User does not understand SSL, self-signed certificates, or anything else about encryption and security. Even though snooping on a wireless connection is easier, in today's world, the attack Joe will MOST LIKELY face is a phishing email sent by an adversary who ultimately wants to execute a man-in-the-middle attack. Granting self-signed certificates the same status as "verified" (And I agree, the system isn't perfect by any means) would make this kind of attack even easier than it is today.
I can educate my mom to make sure "the little padlock" MUST be locked before she does anything on her bank's website. I can NOT educate her to check the certificate's contents.
For people who want encryption without authentication, the solution is not to grant self-signed certs the same status as verified certs. What we need is either a new protocol for encryption-only connections, or a user-friendly way in browsers to do this using existing protocols, for example HTTP-over-SSH.
Agreed, and well said: Encryption and identity verification are both purposes of certificates/SSL. However, in this day and age, the latter is by far the more important one of the two.
Sadly, another space related story by someone who is not well versed in the field. First of all, it is not going to be an "EU"/Russian craft. The EU does not have a space program. It's going to be an ESA/Russian craft. ESA membership does not imply EU membership and vice versa.
Second, the europeans will NOT build the crew module, but the service module, which is the part of the whole thing NOT holding the crew.
Didn't the Mythbusters bust this in one of the earlier seasons? If I remember correctly, the conclusion was that it doesn't matter if you use frozen or thawed chickens.
That's actually a good thing. Not to diminish the effort/risk/dedication/etc required, but we will only become a truly spacefaring race when the launch of a manned spacecraft is no longer news. Can you imagine a headline every time a jetliner takes off or lands safely? No, because it happens so often, and is so safe, it's become mundane. When we reach that point with spacecraft launching and landing, I for one will be out to celebrate!
Of course, securing communication against evesdroppers is important, but in today's world, establishing identity is a far more pressing problem. Something certificates are designed to address. Phishing works, not because people use insecure communication, but because they fail to verify who they're communicating with.
This is understandable too. Humans are primarily equiped to deal with people we know in person. Historically, strangers were deeply distrusted. This has changed in the modern world, where we constantly deal with people we don't know, yet have to trust to some degree. In practice, we use things like appearance, tone of voice etc to identify people, but there is also a lot of implicit trust involved. This works out pretty well, most of the time, because the effort to fake an identity often outweigh the potential rewards.
As with many things, all this breaks down in cyberspace, where anyone can pretend to be anyone else without too much trouble. And while the mechanisms to establish identity do exist, people are unfamiliar with them, and the mechanisms are rather pathetic: Do you really distrust a website that looks EXACTLY like your bank's, just because there's a little padlock in the bottom-right that's not closed?
Tool-builders need to enforce the rules rigorously so people become educated and comfortable with them. Certificates are a powerful mechanism to establish identity. We shouldn't abuse that mechanism for something it's not intended for, simply because it muddles the water between good and bad security.
If someone needs encrypted communication without identity verification, then there are other ways to do this (SSH for example).
Take a look at the screenshot in the original article and note that there ONLY emails with login details in that inbox, and they are ALL unread. So clearly, this is not the author's main, personal mailbox. What's more, while the fact that this happened is mindbogglingly stupid, it's actually reasonable to believe the authors when they say this was accidental, and not malicious.
I would volunteer, except there's no way I am going to be in confined quarters with 4 rude, psychopathic, depressed, suicidal Russian alcoholics for 17 months!
Think I'm prejudiced? Go ahead, visit Russia some time and prove me wrong.
Nope. When that happens I'll have to reconsider. Personally, I don't think the Dutch networks will go there, but of course I could be wrong.
We'll see. Until then, MCE meets my needs nicely.
We'll see. I'm about to build a media center PC for the bedroom with some spare hardware and planned to try Ubuntu Media Center. In my experience though, installing MythTV is not the hard part, it's getting it to work. Especially since I am in the Netherlands, getting the channels and EPG set up is a royal pain. That's part of the attraction of MCE: I enter my postal-code and cable provider (including channel-package), and presto! All channels are set up and the guide is filled with the correct data (ie, no missing channels and no data for channels I don't have).
I'm not sure getting into a feature-by-feature comparison is all that interesting. MCE can do most of the things on that list, but not all. Likewise I'm sure there are things MCE can do Myth cannot. I personally like MCE because of the ease of installation and the great UI. I plays my DivX and MP3 collections, and generally allows me to do the things I want. If that means I can only play back recorded TV on that particular system, I'm fine with that. Other users may reach a different conclusion. If a web interface is all-important to you, nothing I've seen beats MythTV. For me, recording what I want is important. When MCE starts limiting that, I'll reconsider my options. Until then, I'm a happy MCE user.
For the longest time, I absolutely refused to install Windows MCE on my media PC for exactly that reason. However, after finally giving it a test-drive (just to confirm my prejudice, you know), the surprising conclusion was obvious: I've tried pretty much all mediacenter packages out there, and NONE (even the commercial alternatives) are even within shouting distance of MCE when it comes to ease of installation, stability and user friendliness. I can get a clean machine up and running in an hour with MCE. Compare that to the RedHat MythTV Howto, which takes many hours for even a basic install. And after that, it's a pain to get everything set up and working as it should. All that is a steep price for avoiding DRM that (in my experience) never gets in the way.
Of course, all this changes when suddenly a bunch of content becomes impossible to record, but I'll cross that bridge when I get there (or when it gets here, across the big pond).
>These caps found their way into PC mobo's, and there was a spate of in-the-field capacitor failures >in certain motherboards.
That's funny, because it's exactly what happened here just last week. All the caps on a Dell motherboard blew out, and the tech that came in to fix it told me it was a known issue with that particular batch of mobo's.
If it's really that critical, you might want to take a look at something like Correctness by construction. They actually do not recommend using C++, but with rigorous developer discipline you can achieve similar results to what they describe.
Also, separating critical and non-critical modules is a good idea. That means you can do the not-so-critical GUI quickly in some convenient environment (Qt, Kylix, whatever) and do the critical stuff the hard way.
Debating this issue with True Believers is useless. It doesn't matter how much evidence, arguments and/or common sense you bring to bear. Any argument you make, they refute. In case of your argument about fossils, they argue carbon dating is flawed, and point to some examples where carbon dating hasn't worked. Or the fossils are planted by God to test the faithful.
Whatever.
I've long since stopped trying to convince religious people of anything. It's a waste of time. They live in their world, I live in mine, and there's no way we can communicate effectively. The whole idea of building an argument based on facts and evidence is alien to these people. Mentioning the scientific method, the burden of proof, occam's razor: They shrug it off and tell you God exists, because it says to in the Bible, and the Bible is True, since it's the Word of God. QED. It's not so much that there's disagreement about facts. They are actually having a DIFFERENT conversation than you are. They are talking about something completely different than you think they are, and think according to different rules you and I will never understand. 1+1 does NOT necessarily equal 2.
It's like eating soup with a fork: It just doesn't work.
Current levies for DVD+/-R/RW are range from Eur 0.09 to Eur 0.13 per Gigabyte. Applying the high number to a 60 Gig iPod would mean a price hike of about Eur 7.80.
Agree with it or not, Dutch law does require a fee be paid to the copyright holder for every copy you make of any piece of music/video. This is true even for copies of CD's/DVD's you bought legitimately and even if the copy is for your personal use only.
While the proposal is real, the register's claim it will be Eur 3.28 per gigabyte is not correct. The website of the Stichting Thuiskopie explicitly states (loosely translated): "Reports stating there is any agreement at all about the level of taxation are incorrect".
Not to be too egocentric, but when I search for my own name on Google, the first 10 results include several articles I wrote in the past. On MSN Search, none of those articles show up in the first 10 PAGES.
They may be in there somewhere beyond page 10, but in that case MSN's ranking has a serious problem. Those articles include my first and last name next to each other. All results except the first one on MSN contain both my first and last name in different parts of the text. It's pretty elementary to rank documents with the search terms close together higher than documents where the search terms are far apart.
I really used to like Creative. Then they started doing the same stupid thing that turned me off of Real and countless other companies: They try to force and lock you into using THEIR products. In a world where it is perfectly possible to just plug in an mp3 player and have it show up as an extra drive, Creative decides you need to install their "driver", which by the way also installs YET ANOTHER MEDIA CENTER, for a turn-key totally scalable enterprise media experience solution. This media center takes over all file associations, unless you find the hidden checkbox to opt out of that "feature". It's a horrible application, that completely fails to fit in with the normal Windows look and feel.
No paid overtime and no comp days here. Then again, "crunch-time" is not a term that appears in my employer's dictionary. 40 hours a week, that's it.
Oh, and 25 paid vacation days a year, but then that's the legal minimum where I come from.
Slashdot Mirror
Security is a slippery term, and hard to pin down, but loosely speaking, you're right: HTTPS with an invalid cert is MORE secure than HTTP (If you thought I said otherwise, I apologize, for I must have been unclear).
However, HTTPS is designed to do 2 things: Encryption, and authentication. In today's world, the threats are such that authentication is by far the more important function of HTTPS. Average users can not be expected to be knowledgeable enough to know this, and to make the necessary judgments properly. Therefore, HTTPS should be used for the purpose and in the way in which it was designed.
In other words, encryption-only (which is basically what HTTPS with an invalid cert is) protects against a certain class of attacks, and authentication against another class (although there is overlap). The point is that the threats of today mostly fall in the class that authentication can protect against.
The problem is that mom and pop users are not the ones who should solve this issue, cannot be educated about cryptography in a warning message AND are the most likely victims of phishing attacks and such. The people who complain about the number of steps to set up an exception are also the people who can make an informed judgment about the trustworthiness of a site to begin with. We should NOT be putting mom and pop at risk for the convenience of the knowledgeable minority of users. The sites mom and pop are most likely to visit will have their certificates in order anyway (or should have, at least). Not being able to access some legitimate sites that insist on using self-signed certificates is a small price to pay.
The Slashdot populace is always ready to bash Microsoft and others for their silly security policies (rightfully so, in many cases), which often place convenience ahead of actual security. So why is there suddenly a big debate when Firefox does the right thing and warns users about invalid certificates?
Allowing users to easily get past expired and/or self-signed certificates completely defeats the purpose of certificates. Self-signed certs should ONLY be used for development/debugging purposes, not for production environments.
For production websites, using a self-signed certificate is just an ugly hack to achieve encrypted (but not authenticated!) sessions, and it shouldn't be accepted as such! If you really want encryption without authentication, there are very good alternatives available.
A valid debate would be whether browsers should make it easier to set up an encrypted-but-not-authenticated session, for example by supporting http tunneled through ssh in a user-friendly way. Or maybe we need a whole new protocol for this.
What we SHOULDN'T do is diminish the (imperfect, yet better than nothing) security that the current system provides us for the sake of convenience.
>I'm still going to be annoyed that its not well
>conveyed onto consumers WHY this is bad.
In general, my position in this regard is that if you can't be bothered stay informed about a particular subject, you should just shut up and do as you're told. That isn't intended as a judgment, really! There are plenty of subjects on which I can't be bothered to stay informed, simply because there are only a wee 24 hours in the day. But I object to the argument that "consumers" should be able to kick back and relax while the government spoon-feeds them everything they need to know. THAT is what 1984 warned against.
Joe Average User does not understand SSL, self-signed certificates, or anything else about encryption and security. Even though snooping on a wireless connection is easier, in today's world, the attack Joe will MOST LIKELY face is a phishing email sent by an adversary who ultimately wants to execute a man-in-the-middle attack. Granting self-signed certificates the same status as "verified" (And I agree, the system isn't perfect by any means) would make this kind of attack even easier than it is today.
I can educate my mom to make sure "the little padlock" MUST be locked before she does anything on her bank's website. I can NOT educate her to check the certificate's contents.
For people who want encryption without authentication, the solution is not to grant self-signed certs the same status as verified certs. What we need is either a new protocol for encryption-only connections, or a user-friendly way in browsers to do this using existing protocols, for example HTTP-over-SSH.
Agreed, and well said: Encryption and identity verification are both purposes of certificates/SSL. However, in this day and age, the latter is by far the more important one of the two.
Sadly, another space related story by someone who is not well versed in the field. First of all, it is not going to be an "EU"/Russian craft. The EU does not have a space program. It's going to be an ESA/Russian craft. ESA membership does not imply EU membership and vice versa.
Second, the europeans will NOT build the crew module, but the service module, which is the part of the whole thing NOT holding the crew.
Still, the original story is pretty unlikely. In this regard, the relevant Snopes entry is interesting: http://www.snopes.com/science/cannon.asp
Didn't the Mythbusters bust this in one of the earlier seasons? If I remember correctly, the conclusion was that it doesn't matter if you use frozen or thawed chickens.
That's actually a good thing. Not to diminish the effort/risk/dedication/etc required, but we will only become a truly spacefaring race when the launch of a manned spacecraft is no longer news. Can you imagine a headline every time a jetliner takes off or lands safely? No, because it happens so often, and is so safe, it's become mundane. When we reach that point with spacecraft launching and landing, I for one will be out to celebrate!
Well said.
Of course, securing communication against evesdroppers is important, but in today's world, establishing identity is a far more pressing problem. Something certificates are designed to address. Phishing works, not because people use insecure communication, but because they fail to verify who they're communicating with.
This is understandable too. Humans are primarily equiped to deal with people we know in person. Historically, strangers were deeply distrusted. This has changed in the modern world, where we constantly deal with people we don't know, yet have to trust to some degree. In practice, we use things like appearance, tone of voice etc to identify people, but there is also a lot of implicit trust involved. This works out pretty well, most of the time, because the effort to fake an identity often outweigh the potential rewards.
As with many things, all this breaks down in cyberspace, where anyone can pretend to be anyone else without too much trouble. And while the mechanisms to establish identity do exist, people are unfamiliar with them, and the mechanisms are rather pathetic: Do you really distrust a website that looks EXACTLY like your bank's, just because there's a little padlock in the bottom-right that's not closed?
Tool-builders need to enforce the rules rigorously so people become educated and comfortable with them. Certificates are a powerful mechanism to establish identity. We shouldn't abuse that mechanism for something it's not intended for, simply because it muddles the water between good and bad security.
If someone needs encrypted communication without identity verification, then there are other ways to do this (SSH for example).
Take a look at the screenshot in the original article and note that there ONLY emails with login details in that inbox, and they are ALL unread. So clearly, this is not the author's main, personal mailbox. What's more, while the fact that this happened is mindbogglingly stupid, it's actually reasonable to believe the authors when they say this was accidental, and not malicious.
I would volunteer, except there's no way I am going to be in confined quarters with 4 rude, psychopathic, depressed, suicidal Russian alcoholics for 17 months! Think I'm prejudiced? Go ahead, visit Russia some time and prove me wrong.
Nope. When that happens I'll have to reconsider. Personally, I don't think the Dutch networks will go there, but of course I could be wrong. We'll see. Until then, MCE meets my needs nicely.
We'll see. I'm about to build a media center PC for the bedroom with some spare hardware and planned to try Ubuntu Media Center. In my experience though, installing MythTV is not the hard part, it's getting it to work. Especially since I am in the Netherlands, getting the channels and EPG set up is a royal pain. That's part of the attraction of MCE: I enter my postal-code and cable provider (including channel-package), and presto! All channels are set up and the guide is filled with the correct data (ie, no missing channels and no data for channels I don't have).
I'm not sure getting into a feature-by-feature comparison is all that interesting. MCE can do most of the things on that list, but not all. Likewise I'm sure there are things MCE can do Myth cannot. I personally like MCE because of the ease of installation and the great UI. I plays my DivX and MP3 collections, and generally allows me to do the things I want. If that means I can only play back recorded TV on that particular system, I'm fine with that. Other users may reach a different conclusion. If a web interface is all-important to you, nothing I've seen beats MythTV. For me, recording what I want is important. When MCE starts limiting that, I'll reconsider my options. Until then, I'm a happy MCE user.
For the longest time, I absolutely refused to install Windows MCE on my media PC for exactly that reason. However, after finally giving it a test-drive (just to confirm my prejudice, you know), the surprising conclusion was obvious: I've tried pretty much all mediacenter packages out there, and NONE (even the commercial alternatives) are even within shouting distance of MCE when it comes to ease of installation, stability and user friendliness. I can get a clean machine up and running in an hour with MCE. Compare that to the RedHat MythTV Howto, which takes many hours for even a basic install. And after that, it's a pain to get everything set up and working as it should. All that is a steep price for avoiding DRM that (in my experience) never gets in the way. Of course, all this changes when suddenly a bunch of content becomes impossible to record, but I'll cross that bridge when I get there (or when it gets here, across the big pond).
>These caps found their way into PC mobo's, and there was a spate of in-the-field capacitor failures
>in certain motherboards.
That's funny, because it's exactly what happened here just last week. All the caps on a Dell motherboard blew out, and the tech that came in to fix it told me it was a known issue with that particular batch of mobo's.
If it's really that critical, you might want to take a look at something like Correctness by construction. They actually do not recommend using C++, but with rigorous developer discipline you can achieve similar results to what they describe.
Also, separating critical and non-critical modules is a good idea. That means you can do the not-so-critical GUI quickly in some convenient environment (Qt, Kylix, whatever) and do the critical stuff the hard way.
(Apologies for the lame sig below)
Debating this issue with True Believers is useless. It doesn't matter how much evidence, arguments and/or common sense you bring to bear. Any argument you make, they refute. In case of your argument about fossils, they argue carbon dating is flawed, and point to some examples where carbon dating hasn't worked. Or the fossils are planted by God to test the faithful.
Whatever.
I've long since stopped trying to convince religious people of anything. It's a waste of time. They live in their world, I live in mine, and there's no way we can communicate effectively. The whole idea of building an argument based on facts and evidence is alien to these people. Mentioning the scientific method, the burden of proof, occam's razor: They shrug it off and tell you God exists, because it says to in the Bible, and the Bible is True, since it's the Word of God. QED. It's not so much that there's disagreement about facts. They are actually having a DIFFERENT conversation than you are. They are talking about something completely different than you think they are, and think according to different rules you and I will never understand. 1+1 does NOT necessarily equal 2.
It's like eating soup with a fork: It just doesn't work.
Current levies for DVD+/-R/RW are range from Eur 0.09 to Eur 0.13 per Gigabyte. Applying the high number to a 60 Gig iPod would mean a price hike of about Eur 7.80. Agree with it or not, Dutch law does require a fee be paid to the copyright holder for every copy you make of any piece of music/video. This is true even for copies of CD's/DVD's you bought legitimately and even if the copy is for your personal use only.
While the proposal is real, the register's claim it will be Eur 3.28 per gigabyte is not correct. The website of the Stichting Thuiskopie explicitly states (loosely translated): "Reports stating there is any agreement at all about the level of taxation are incorrect".
Not to be too egocentric, but when I search for my own name on Google, the first 10 results include several articles I wrote in the past. On MSN Search, none of those articles show up in the first 10 PAGES.
They may be in there somewhere beyond page 10, but in that case MSN's ranking has a serious problem. Those articles include my first and last name next to each other. All results except the first one on MSN contain both my first and last name in different parts of the text. It's pretty elementary to rank documents with the search terms close together higher than documents where the search terms are far apart.
I really used to like Creative. Then they started doing the same stupid thing that turned me off of Real and countless other companies: They try to force and lock you into using THEIR products. In a world where it is perfectly possible to just plug in an mp3 player and have it show up as an extra drive, Creative decides you need to install their "driver", which by the way also installs YET ANOTHER MEDIA CENTER, for a turn-key totally scalable enterprise media experience solution. This media center takes over all file associations, unless you find the hidden checkbox to opt out of that "feature". It's a horrible application, that completely fails to fit in with the normal Windows look and feel.
</rant>
No paid overtime and no comp days here. Then again, "crunch-time" is not a term that appears in my employer's dictionary. 40 hours a week, that's it. Oh, and 25 paid vacation days a year, but then that's the legal minimum where I come from.