Or, just use one of many numerous exploits to install malware on the real site. It's a lot easier. It's not going to prevent you from getting malware. Sure, it may stop one of these specific MITM attacks, but they aren't really very common anyway, are they?
The really easy way is to set up a real site with a real cert and start advertising on Instagram. You can push out a lot of malware that way.
These should be automatically excluded from the strict TLS rules that browsers impose, especially the ones that give you no option to bypass their built-in blocking mechanisms.
Cool, so when I'm at a coffee shop, and someone hijacks the DNS and redirects my bank's site to 192.168.0.3, doing a MITM with a self-signed cert, that should be accepted by the browser? It's OK because it's a private subnet!
If you think these browser "features" can protect your data from capture when you're on a public wifi connection, I've got some bad news for you...
Some ISPs have injected their own ads and tracking headers.
Ding ding! That's the real reason Google is promoting this crappy https everywhere propaganda. To get rid of any and all competition.
Also consider the potential for interference via MITM attack on HTTP. You could be getting served malware.
TLS is NOT going to stop that. Google's blacklist is what stops that. And, sites serving malware can be detected MORE QUICKLY if they are not encrypted.
My personal domain with my artwork isn't viewable via Chrome or Safari because it doesn't have (or need) a cert.
Err. no. If your personal domain isn't viewable then you fucked something up that is completely unrelated to certificates or not.
It's probably viewable. But Chrome puts this scary "Not secure" banner at the top of the page. Prompting visitors to leave right away that don't know what's going on.
Or try the domain hackme.houghi.org and see how that is connected. Excluding local IP addresses should be standard.
Exactly this. More specifically, IANA defines 3 private subnets for internal use:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
These should be automatically excluded from the strict TLS rules that browsers impose, especially the ones that give you no option to bypass their built-in blocking mechanisms. Would that really be so hard??? IE doesn't even tell you when they've decided to block a page due to a TLS issue - you just get a generic "Page can't be displayed" error. Good luck figuring out why. A recent update started blocking some Internal sites, so on a guess I decided to upgrade the SSL cert (it was valid, but still using the old SHA1). That fixed it, but IE would not tell me why.
This crap has to end. Yea, maybe I want in-motion encryption for my internal network, just to make sure there are no plain-text credentials exposed on the wire. That's cheap and easy with self-signed or internal CA techniques. AP5.floor2.local isn't on the Internet, that IP isn't publicly routable, and that wiring closet is still locked. WTF are you questioning my certificate?
Ok, I guess you might want to explain this one, because so far I cannot identify much beneficial the US did for the "third world" lately.
The AC below answered your question partially - offshoring of manufacturing and service industries. Other policies include almost total non-enforcement of hiring of cheap illegal immigrant labor especially by construction and household labor employers, and importing cheaper labor using H1-B and H3-B visas.
Additionally, the spending to maintain the ever-growing costs to maintain the American Empire overseas, which greatly benefits the elites in the US, while shifting the costs (both blood and treasure) to the lower classes.
but you singled out one of the best implementations that we have for a society that is effective and relatively efficient in keeping it's population happy
Well since the Netherlands are one of the biggest consumers of anti-depressant pharmaceuticals, I assume you're referring to the government support for keeping the population chemically docile.
Yes, it's looking down for Americans, but Indians, Chinese, Russians and a lot of others are doing so much better! Celebrate!
These two things are related, you know. US policies have made both things happen (less prosperity for American middle class and more prosperity for the third world).
So yeah. We all know the real problem - Intel exerting too much pressure on Microsoft.
Seriously, if Microsoft hadn't bowed to Intel, AMD would have had a HUGE head-start in the 64 bit world. Now, it's 2018, why hasn't Microsoft shipped Windows 10 on ARM? They have it working, so get the damn devices OUT THE DOOR.
Break the Intel monopoly. Microsoft needs Intel far, far less than Intel needs Microsoft.
This is about servers.
Microsoft isn't really a factor.
Actually, they are, when you look at their build-out of Azure.
Just because I happen to have read history, does not mean I approve of such characterizations, however commonplace they once were.
Still, it was a good quip, wasn't it? I mean, I don't get setups for those kinds of digs very often. I thought that came out pretty sharp! So thanks for that.
The only thing Amazon is pissed of at here is that they're not the ones turning a profit selling the metrics. It's just a matter of employees stealing and reselling company property. That's all. The story is no different from (and no more interesting than) McDonald's employees cooking and selling fries for themselves.
It is a bit different, actually. Sharing data doesn't cause shrinkage, so the company isn't really losing money, here, like McDonald's does when fries go missing.
As well, Amazon employees in China have relatively small salaries, which may embolden them to take risks.
Not sure why I have to point this out, but the US employees are in the same boat. Plus, Amazon treats them like crap.
So no sympathy for Amazon in this - it's of their own doing. When you know your employer is raking in big bucks and only dropping you crumbs, you tend to want to find ways to cash in yourself. Amazon does it themselves - these guys just want in on the deal.
EFFECTS OF CHRONIC OR REPEATED EXPOSURE: Nicotine is a teratogen (capable of causing birth defects). Other developmental toxicity or reproductive toxicity risks are unknown. The information about nicotine as a carcinogen is inconclusive.
You're in a better situation, but I'd hardly call ingesting a carcinogen a much better situation.
Nicotine is not a carcinogen.
No, but the vapor is. Not nearly as bad as cigarette smoke, of course, but it does increase your risk a little.
There is no evidence of that. Some chemicals considered carcinogens have been detected in vapor in some circumstances, depending on the vape used and the device and settings. However, they were only detected in minute trace amounts, too small to actually increase the risk of cancer. No medical professional will tell you it's better to inhale anything into your lungs other than clean, fresh air, of course. But there is nothing yet to indicate that vape is any more dangerous that some very common environmental pollutants.
No, citations abound. Google "vape smoke carcinogens",
I asked you, because you seemed to know something Google doesn't, as all the links returned simply talk about how much safer vape is from the cigarette smoke,
Your logical fallacy is moving the goalposts. The question wasn't whether it was safer. Learn to read. The question was whether vaping produces carcinogens.
You don't seem to have learned anything about it yourself, since you think vape produces smoke.
It's a colloquialism. Again, learn to read.
Claiming imprecision on the part of someone else is "moving the goalposts," but the same on your own behalf is "a colloquialism" is the height of hypocrisy. Besides which, you're wrong, as, again, there are no carcinogens in vape at levels that are actually carcinogenic.
And even if they did actually manage to tax the tobacco and e-cig industries into the grave, there would be the sudden shortfall of a huge chunk of taxable income. History shows that no government ever takes that in stride very well, so I wouldn't be surprised if they suddenly applied a huge tax to something else they needed to deem evil, just to keep the cash flow going. The cycle begins.
You've identified the motivation to ban vaping: It causes people to buy less cigarettes, thus decreasing the revenue from cigarette taxes and tobacco settlement funds.
Cigarettes are not legal for kids. Not anywhere civilised.
Nor should e-cigarettes with addictive components be but the law was slow to catch up.
I think it's you that has some catching-up to do. From August of 2016: "Vape shops cannot give free samples to customers or sell to people younger than 18, under the new regulations. Merchants will be required to ask for identification from customers who appear to be under the age of 27."
That is a lie. Vape smoke has less carcinogens than tobacco smoke, but not none.
[citation needed]
No, citations abound. Google "vape smoke carcinogens",
I asked you, because you seemed to know something Google doesn't, as all the links returned simply talk about how much safer vape is from the cigarette smoke, which contains a large number of known carcinogens that are either non-existent or insignificant (non-cancer causing) in vapor.
That, and a lot of propaganda and misreported information.
and learn to internet already. What year is it that you don't know how to search the web?
You don't seem to have learned anything about it yourself, since you think vape produces smoke.
Nicotine on its own is much like caffeine: highly addictive, but not that harmful. It's the other crap in cigarettes that kills you. Vaping has no carcinogens.
That is a lie. Vape smoke has less carcinogens than tobacco smoke, but not none.
Except that the other products have been shown to have effectiveness in treating smoking which has not been shown with vaping.
You could try posting some links to studies that have not shown it. The "other products" effectiveness really isn't very good - in fact it's very close to the cold turkey method.
According to the NHS, lots of people have used vaping to quit smoking. Where are your studies?
Slashdot Mirror
Or, just use one of many numerous exploits to install malware on the real site. It's a lot easier. It's not going to prevent you from getting malware. Sure, it may stop one of these specific MITM attacks, but they aren't really very common anyway, are they?
The really easy way is to set up a real site with a real cert and start advertising on Instagram. You can push out a lot of malware that way.
This is just security karaoke (yea, I stole it).
These should be automatically excluded from the strict TLS rules that browsers impose, especially the ones that give you no option to bypass their built-in blocking mechanisms.
Cool, so when I'm at a coffee shop, and someone hijacks the DNS and redirects my bank's site to 192.168.0.3, doing a MITM with a self-signed cert, that should be accepted by the browser? It's OK because it's a private subnet!
If you think these browser "features" can protect your data from capture when you're on a public wifi connection, I've got some bad news for you...
Some ISPs have injected their own ads and tracking headers.
Ding ding! That's the real reason Google is promoting this crappy https everywhere propaganda. To get rid of any and all competition.
Also consider the potential for interference via MITM attack on HTTP. You could be getting served malware.
TLS is NOT going to stop that. Google's blacklist is what stops that. And, sites serving malware can be detected MORE QUICKLY if they are not encrypted.
My personal domain with my artwork isn't viewable via Chrome or Safari because it doesn't have (or need) a cert.
Err. no. If your personal domain isn't viewable then you fucked something up that is completely unrelated to certificates or not.
It's probably viewable. But Chrome puts this scary "Not secure" banner at the top of the page. Prompting visitors to leave right away that don't know what's going on.
Or try the domain hackme.houghi.org and see how that is connected. Excluding local IP addresses should be standard.
Exactly this. More specifically, IANA defines 3 private subnets for internal use:
These should be automatically excluded from the strict TLS rules that browsers impose, especially the ones that give you no option to bypass their built-in blocking mechanisms. Would that really be so hard??? IE doesn't even tell you when they've decided to block a page due to a TLS issue - you just get a generic "Page can't be displayed" error. Good luck figuring out why. A recent update started blocking some Internal sites, so on a guess I decided to upgrade the SSL cert (it was valid, but still using the old SHA1). That fixed it, but IE would not tell me why.
This crap has to end. Yea, maybe I want in-motion encryption for my internal network, just to make sure there are no plain-text credentials exposed on the wire. That's cheap and easy with self-signed or internal CA techniques. AP5.floor2.local isn't on the Internet, that IP isn't publicly routable, and that wiring closet is still locked. WTF are you questioning my certificate?
Ok, I guess you might want to explain this one, because so far I cannot identify much beneficial the US did for the "third world" lately.
The AC below answered your question partially - offshoring of manufacturing and service industries. Other policies include almost total non-enforcement of hiring of cheap illegal immigrant labor especially by construction and household labor employers, and importing cheaper labor using H1-B and H3-B visas.
Additionally, the spending to maintain the ever-growing costs to maintain the American Empire overseas, which greatly benefits the elites in the US, while shifting the costs (both blood and treasure) to the lower classes.
but you singled out one of the best implementations that we have for a society that is effective and relatively efficient in keeping it's population happy
Well since the Netherlands are one of the biggest consumers of anti-depressant pharmaceuticals, I assume you're referring to the government support for keeping the population chemically docile.
Yes, it's looking down for Americans, but Indians, Chinese, Russians and a lot of others are doing so much better! Celebrate!
These two things are related, you know. US policies have made both things happen (less prosperity for American middle class and more prosperity for the third world).
Not sure about the math there trying to tax the weapons exporters, but the rest of your comment is spot-on!
So yeah. We all know the real problem - Intel exerting too much pressure on Microsoft.
Seriously, if Microsoft hadn't bowed to Intel, AMD would have had a HUGE head-start in the 64 bit world. Now, it's 2018, why hasn't Microsoft shipped Windows 10 on ARM? They have it working, so get the damn devices OUT THE DOOR.
Break the Intel monopoly. Microsoft needs Intel far, far less than Intel needs Microsoft.
This is about servers.
Microsoft isn't really a factor.
Actually, they are, when you look at their build-out of Azure.
congratulations on achieving the Full Slashdot.
:) Thanks!!
Just because I happen to have read history, does not mean I approve of such characterizations, however commonplace they once were.
Still, it was a good quip, wasn't it? I mean, I don't get setups for those kinds of digs very often. I thought that came out pretty sharp! So thanks for that.
Rule 10 Be precise in your speech
the Chinese have, for literally centuries, been known as the "Jews of Asia"
Wish i could upvote 5 times
Because you're a racist anti-Semite too?
The only thing Amazon is pissed of at here is that they're not the ones turning a profit selling the metrics. It's just a matter of employees stealing and reselling company property. That's all. The story is no different from (and no more interesting than) McDonald's employees cooking and selling fries for themselves.
It is a bit different, actually. Sharing data doesn't cause shrinkage, so the company isn't really losing money, here, like McDonald's does when fries go missing.
As well, Amazon employees in China have relatively small salaries, which may embolden them to take risks.
Not sure why I have to point this out, but the US employees are in the same boat. Plus, Amazon treats them like crap.
So no sympathy for Amazon in this - it's of their own doing. When you know your employer is raking in big bucks and only dropping you crumbs, you tend to want to find ways to cash in yourself. Amazon does it themselves - these guys just want in on the deal.
EFFECTS OF CHRONIC OR REPEATED EXPOSURE: Nicotine is a teratogen (capable of causing birth defects). Other developmental toxicity or reproductive toxicity risks are unknown. The information about nicotine as a carcinogen is inconclusive.
- https://www.cdc.gov/niosh/ersh...
In other words, nicotine is not a carcinogen. Idiot.
You're in a better situation, but I'd hardly call ingesting a carcinogen a much better situation.
Nicotine is not a carcinogen.
No, but the vapor is. Not nearly as bad as cigarette smoke, of course, but it does increase your risk a little.
There is no evidence of that. Some chemicals considered carcinogens have been detected in vapor in some circumstances, depending on the vape used and the device and settings. However, they were only detected in minute trace amounts, too small to actually increase the risk of cancer. No medical professional will tell you it's better to inhale anything into your lungs other than clean, fresh air, of course. But there is nothing yet to indicate that vape is any more dangerous that some very common environmental pollutants.
No, citations abound. Google "vape smoke carcinogens",
I asked you, because you seemed to know something Google doesn't, as all the links returned simply talk about how much safer vape is from the cigarette smoke,
Your logical fallacy is moving the goalposts. The question wasn't whether it was safer. Learn to read. The question was whether vaping produces carcinogens.
You don't seem to have learned anything about it yourself, since you think vape produces smoke.
It's a colloquialism. Again, learn to read.
Claiming imprecision on the part of someone else is "moving the goalposts," but the same on your own behalf is "a colloquialism" is the height of hypocrisy. Besides which, you're wrong, as, again, there are no carcinogens in vape at levels that are actually carcinogenic.
Wait.... don't cigarette manufacturers have a major stake in e-cigs too? How could they not?
Most do, yes. But those sales are not subject to the agreement.
And even if they did actually manage to tax the tobacco and e-cig industries into the grave, there would be the sudden shortfall of a huge chunk of taxable income. History shows that no government ever takes that in stride very well, so I wouldn't be surprised if they suddenly applied a huge tax to something else they needed to deem evil, just to keep the cash flow going. The cycle begins.
You've identified the motivation to ban vaping: It causes people to buy less cigarettes, thus decreasing the revenue from cigarette taxes and tobacco settlement funds.
Cigarettes are not legal for kids. Not anywhere civilised. Nor should e-cigarettes with addictive components be but the law was slow to catch up.
I think it's you that has some catching-up to do. From August of 2016: "Vape shops cannot give free samples to customers or sell to people younger than 18, under the new regulations. Merchants will be required to ask for identification from customers who appear to be under the age of 27."
That is a lie. Vape smoke has less carcinogens than tobacco smoke, but not none.
[citation needed]
No, citations abound. Google "vape smoke carcinogens",
I asked you, because you seemed to know something Google doesn't, as all the links returned simply talk about how much safer vape is from the cigarette smoke, which contains a large number of known carcinogens that are either non-existent or insignificant (non-cancer causing) in vapor.
That, and a lot of propaganda and misreported information.
and learn to internet already. What year is it that you don't know how to search the web?
You don't seem to have learned anything about it yourself, since you think vape produces smoke.
Anecdotes are not science.
Here is some science for you, which refutes your opinion.
But don't let science get in the way of some good political FUD, eh?
Then how do you explain new results that show vaping to be nearly as harmful as smoking, just in very different ways?
Propaganda, from sources that prefer people to smoke cigarettes because that benefits them.
Nicotine on its own is much like caffeine: highly addictive, but not that harmful. It's the other crap in cigarettes that kills you. Vaping has no carcinogens.
That is a lie. Vape smoke has less carcinogens than tobacco smoke, but not none.
[citation needed]
Except that the other products have been shown to have effectiveness in treating smoking which has not been shown with vaping.
You could try posting some links to studies that have not shown it. The "other products" effectiveness really isn't very good - in fact it's very close to the cold turkey method.
According to the NHS, lots of people have used vaping to quit smoking. Where are your studies?