Hey, if you like to define yourself by your car, that's cool. For myself, the car is a box that goes from place to place. I spend my money on things that actually make me happy, not the box that I use to get there. If I don't buy a new car every 3 years, that's a good quarter million dollars over twenty years that I can spend on housing, travel, cultural events, hobbies, whatever. But if you think it's better to have a nice box, it's your money. The car companies certainly spend a lot of money trying to convince people that the box really is the most important thing in life.
The point of a cheap used car is to provide transportation. The point of an expensive new car is to make the driver look like someone who can afford an expensive new car. The point is that being expensive is going to end up being less important to shoppers than playing nicely with their phone (even though there are a lot of older folks who have trouble imagining a world where you can't judge someone by the car they drive).
Why on earth would someone want to spend a ton of money on a car? Who cares what the thing that moves you from place to place looks like? (Apparantly, the answer is "shallow old people".)
Who decides who "example.com" is? A collection of CAs or the person who gets the money for adding the NS entry for example.com? You may have existential angst over this, but at a practical level the registrar is going to be intimately involved in deciding who owns your domain and will have a de facto ability to spoof that, cut you off, or do other bad things. The question is whether they can do any of this stealthily. One nice thing about DANE is that you can actually monitor the records which are being provided to ensure that people are getting the correct records (doing this right would mean either having a number of test locations or hiring a third-party provider that does this as a service). This is in contrast to the CA model, in which you don't know that someone is presenting a bogus cert unless you're google and you get to instrument everybody's browser.
As for the price, you misunderstand. Paying more certainly doesn't guarantee quality, but not paying certainly guarantees that a provider won't implement expensive controls. If you need a highly secure domain in the DNSSEC scheme, then you want a registrar that will implement things like out of band verification of changes, multi-party controls on their end to prevent unauthorized changes, routine auditing, etc. That will cost more than getting a domain from a registrar that doesn't provide those services. You're probably going to be using a registrar that has a low enough volume that they can actually inspect changes to a degree impossible if you support automated bulk registrations (so the costs are spread over fewer customers).The neat thing is, you get to decide what you need--there's no good reason why my vanity domain needs the same level of security as microsoft.com. If you're on the really high end, I'd expect that you'd actually third-party audit the registrar to make sure that they're doing the things they say they are. (That also won't be free.) But at least there would be economic incentives to do all of these things, unlike the current regime where there's no effective difference between a $100k verisign EV cert and a free startssl cert.
>>registrars between you and the root can spoof you. Not good.
Why is that not good? If your registrar is malicious, they can get a certificate issued for you anyway. The really nice thing about the "you have to trust your registrar" model is that you can actually vote with your wallet. Don't care about security? Get a cheap registrar. Want really good security? Pay extra for a registrar that has stronger guarantees. Even better: if a registrar screws up, its customers can leave. (Unlike the CA model, where if the CA screws up, they're too big to fail.) The techincal aspects are almost secondary to the benefits of providing economic incentives for the security-critical actors to do the right things.
Their politics are irrelevant. The question is whether the entire world should trust the post office in hong kong to secure every web site in the entire world.
It's already been beaten to death up-thread. The benefits are things like more efficient space utilization and improved aerodynamics. The cost is that something that doesn't happen very often is less convenient. For the majority of car owners who were never going to change their bulbs anyway, there is basically no cost at all. I think that most "reasonable people" have no idea what is required to change their bulb, as galling as it may be for you. Calling it a safety concern is just about as hyperbolic as it gets. Seriously, how often do you blow a bulb? While driving? In a snow storm? If this is your number one issue, go ahead and get yourself a fifty year old chevy. It'll be a death trap in that snowstorm in a lot of ways, but it'll be really easy to change the headlight. (Not actually true: it required a screwdriver, and the screw was likely corroded and a PITA to remove in the dark on the side of a road. Even 50 years ago most people didn't really care about this issue.)
But your point is basically "it shouldn't because I say so", which isn't really compelling. Who cares if it's many hours of driving? Most of the time if I lose a headlight I'm only really sure that it's out when I get to the garage and confirm that there's only one bright spot on the wall; there is sufficient redundancy in the system that driving on a single light is a non-event. In a case where it's really, really, dark and you really can't see well enough on one bulb, the odds are that the bright is still working fine. The odds that the second light will immediately go and that you'll be driving with no regular light is significantly less than the odds that the janky bulb stuff in the glove compartment or rattling in the trunk will have failed due to rough handling. This is simply a non-issue for any reasonable person, even if it really pisses you off.
I used to replace in pairs, don't anymore. (The bare halogens are best just left alone. On my current car, the left bulb lasted 6 years longer than the right.)
The one in the trunk is likely to fail from rattling around in the trunk.
And regardless of whether I had a spare bulb, I'd never stop on the side of the road to change it, I'd just drive on the remaining light until a more convenient time.
I meant they come in pairs on the front of the car. I generally buy them one at a time. If you replace headlights at a rate that requires you to buy them in bulk, you may be installing them improperly.
Hmm. Seems to me it's also good for the following points of view:
1) Miniaturization 2) Reduced cost and/or power consumption via increased integration 3) Improved ergonomics (case design not dictated by repair requirements) 4) Aerodynamics 5) Durability (repairability generally requires additional access points, fasteners, etc., which are themselves points of failure)
Or maybe there are no rational reasons to design things in way that's hard to repair, and it's all just a big conspiracy.
Who the heck replaces a headlight on the side of the road in the dark? You'd have to 1) have the lightbulb and 2) (probably because of #1) already be down one headlight (they do come in pairs). The optimal solution would be to just get the bulb replaced when it burns out rather than being a lazy SOB and driving around with a bulb in the trunk without actually installing it.
Replacing a screen makes economic sense for only a vanishingly small period of time, after which it's cheaper to ebay an entire phone than to procure the parts. Some people want to master the skill of changing such things out, just as there are people who want to master the skills of flint knapping or making homespun fabric. But that's just because they want to, not for any practical reason.
Or you can save the expense and skip the second factor altogether--which is an acceptable risk for almost everyone.
Side note: a second factor token isn't buying much for the attacks we're seeing in the real world. (Compromised endpoint; and no, it doesn't take personal targeting for someone to go active once a user on a compromised host has been identified as using a bank with a scripted attack pattern.) What you really want to stop theft in that scenario is an out of band channel, like SMS confirmation. But then you've got a different set of problems with mobile malware potentially being able to spoof that. Picking just one attack vector, choosing an arbitrary mitigation, then criticizing the banks for implementing the mitigation in too stringent a fashion because your arbitrary standard is "good enough" seems...myopic at best.
The NTP people are generally more concerned about accurate & precise network time than about security. If security is your goal (and you're willing to compromise on highly accurate time) you're almost certainly better off with a SNTP solution intended to be simple and secure.
Firewalls which do stateful inspection of NTP conversations are exceedingly rare. So if you follow the normal practice and have a "stateful" UDP port open on the firewall to a given external NTP server, it's not possible for the firewall to distinguish between a response packet from the external NTP server and a query packet spoofed to appear to be originating from the external NTP server. That is, a client will be potentially vulnerable to spoofed packets from any IP it uses as a server.
Slashdot Mirror
Dude, it's just a car. It's ok if people don't want to buy into the car culture, let it go.
Hey, if you like to define yourself by your car, that's cool. For myself, the car is a box that goes from place to place. I spend my money on things that actually make me happy, not the box that I use to get there. If I don't buy a new car every 3 years, that's a good quarter million dollars over twenty years that I can spend on housing, travel, cultural events, hobbies, whatever. But if you think it's better to have a nice box, it's your money. The car companies certainly spend a lot of money trying to convince people that the box really is the most important thing in life.
The point of a cheap used car is to provide transportation. The point of an expensive new car is to make the driver look like someone who can afford an expensive new car. The point is that being expensive is going to end up being less important to shoppers than playing nicely with their phone (even though there are a lot of older folks who have trouble imagining a world where you can't judge someone by the car they drive).
General Electric != General Motors
Why on earth would someone want to spend a ton of money on a car? Who cares what the thing that moves you from place to place looks like? (Apparantly, the answer is "shallow old people".)
Who decides who "example.com" is? A collection of CAs or the person who gets the money for adding the NS entry for example.com? You may have existential angst over this, but at a practical level the registrar is going to be intimately involved in deciding who owns your domain and will have a de facto ability to spoof that, cut you off, or do other bad things. The question is whether they can do any of this stealthily. One nice thing about DANE is that you can actually monitor the records which are being provided to ensure that people are getting the correct records (doing this right would mean either having a number of test locations or hiring a third-party provider that does this as a service). This is in contrast to the CA model, in which you don't know that someone is presenting a bogus cert unless you're google and you get to instrument everybody's browser.
As for the price, you misunderstand. Paying more certainly doesn't guarantee quality, but not paying certainly guarantees that a provider won't implement expensive controls. If you need a highly secure domain in the DNSSEC scheme, then you want a registrar that will implement things like out of band verification of changes, multi-party controls on their end to prevent unauthorized changes, routine auditing, etc. That will cost more than getting a domain from a registrar that doesn't provide those services. You're probably going to be using a registrar that has a low enough volume that they can actually inspect changes to a degree impossible if you support automated bulk registrations (so the costs are spread over fewer customers).The neat thing is, you get to decide what you need--there's no good reason why my vanity domain needs the same level of security as microsoft.com. If you're on the really high end, I'd expect that you'd actually third-party audit the registrar to make sure that they're doing the things they say they are. (That also won't be free.) But at least there would be economic incentives to do all of these things, unlike the current regime where there's no effective difference between a $100k verisign EV cert and a free startssl cert.
>>registrars between you and the root can spoof you.
Not good.
Why is that not good? If your registrar is malicious, they can get a certificate issued for you anyway. The really nice thing about the "you have to trust your registrar" model is that you can actually vote with your wallet. Don't care about security? Get a cheap registrar. Want really good security? Pay extra for a registrar that has stronger guarantees. Even better: if a registrar screws up, its customers can leave. (Unlike the CA model, where if the CA screws up, they're too big to fail.) The techincal aspects are almost secondary to the benefits of providing economic incentives for the security-critical actors to do the right things.
Their politics are irrelevant. The question is whether the entire world should trust the post office in hong kong to secure every web site in the entire world.
It's already been beaten to death up-thread. The benefits are things like more efficient space utilization and improved aerodynamics. The cost is that something that doesn't happen very often is less convenient. For the majority of car owners who were never going to change their bulbs anyway, there is basically no cost at all. I think that most "reasonable people" have no idea what is required to change their bulb, as galling as it may be for you. Calling it a safety concern is just about as hyperbolic as it gets. Seriously, how often do you blow a bulb? While driving? In a snow storm? If this is your number one issue, go ahead and get yourself a fifty year old chevy. It'll be a death trap in that snowstorm in a lot of ways, but it'll be really easy to change the headlight. (Not actually true: it required a screwdriver, and the screw was likely corroded and a PITA to remove in the dark on the side of a road. Even 50 years ago most people didn't really care about this issue.)
But your point is basically "it shouldn't because I say so", which isn't really compelling. Who cares if it's many hours of driving? Most of the time if I lose a headlight I'm only really sure that it's out when I get to the garage and confirm that there's only one bright spot on the wall; there is sufficient redundancy in the system that driving on a single light is a non-event. In a case where it's really, really, dark and you really can't see well enough on one bulb, the odds are that the bright is still working fine. The odds that the second light will immediately go and that you'll be driving with no regular light is significantly less than the odds that the janky bulb stuff in the glove compartment or rattling in the trunk will have failed due to rough handling. This is simply a non-issue for any reasonable person, even if it really pisses you off.
I used to replace in pairs, don't anymore. (The bare halogens are best just left alone. On my current car, the left bulb lasted 6 years longer than the right.)
The one in the trunk is likely to fail from rattling around in the trunk.
And regardless of whether I had a spare bulb, I'd never stop on the side of the road to change it, I'd just drive on the remaining light until a more convenient time.
I meant they come in pairs on the front of the car. I generally buy them one at a time. If you replace headlights at a rate that requires you to buy them in bulk, you may be installing them improperly.
Hmm. Seems to me it's also good for the following points of view:
1) Miniaturization
2) Reduced cost and/or power consumption via increased integration
3) Improved ergonomics (case design not dictated by repair requirements)
4) Aerodynamics
5) Durability (repairability generally requires additional access points, fasteners, etc., which are themselves points of failure)
Or maybe there are no rational reasons to design things in way that's hard to repair, and it's all just a big conspiracy.
Actually, I did resolder my washing machine control board. (It was a victim of the early ROHS solder that tended to develop mechanical fractures.)
Who the heck replaces a headlight on the side of the road in the dark? You'd have to 1) have the lightbulb and 2) (probably because of #1) already be down one headlight (they do come in pairs). The optimal solution would be to just get the bulb replaced when it burns out rather than being a lazy SOB and driving around with a bulb in the trunk without actually installing it.
Replacing a screen makes economic sense for only a vanishingly small period of time, after which it's cheaper to ebay an entire phone than to procure the parts. Some people want to master the skill of changing such things out, just as there are people who want to master the skills of flint knapping or making homespun fabric. But that's just because they want to, not for any practical reason.
Or you can save the expense and skip the second factor altogether--which is an acceptable risk for almost everyone.
Side note: a second factor token isn't buying much for the attacks we're seeing in the real world. (Compromised endpoint; and no, it doesn't take personal targeting for someone to go active once a user on a compromised host has been identified as using a bank with a scripted attack pattern.) What you really want to stop theft in that scenario is an out of band channel, like SMS confirmation. But then you've got a different set of problems with mobile malware potentially being able to spoof that. Picking just one attack vector, choosing an arbitrary mitigation, then criticizing the banks for implementing the mitigation in too stringent a fashion because your arbitrary standard is "good enough" seems...myopic at best.
You can add a petty subjective clause if you want to, but the point remains--choose the tool that's right for the job you're trying to do.
And crap code or not, it's probably keeping more accurate time than the NTP server that you wrote. ;-)
The NTP people are generally more concerned about accurate & precise network time than about security. If security is your goal (and you're willing to compromise on highly accurate time) you're almost certainly better off with a SNTP solution intended to be simple and secure.
Note that most machines running OSX would be vulnerable to spoofed packets from the same IP (the apple NTP server)...
Firewalls which do stateful inspection of NTP conversations are exceedingly rare. So if you follow the normal practice and have a "stateful" UDP port open on the firewall to a given external NTP server, it's not possible for the firewall to distinguish between a response packet from the external NTP server and a query packet spoofed to appear to be originating from the external NTP server. That is, a client will be potentially vulnerable to spoofed packets from any IP it uses as a server.
It's nice that you think you've managed to define a rigid standard of what risk is acceptable to everybody, but I'm not sure that's actually true.
Of course, this old urban legend ignores the reality of different rail gauges. There maybe some link there, but it's pretty darn tenuous.
Apparently the american pallet is about 30% larger than a euro pallet
Interestingly, the same seems to be true of the american palate.
quite a bit, since the engine is attached to the frame rather than leviated in the vacuum.