I only deal with SSL/TLS on the web as a consumer. As a coder I deal with in-house non web setups where you trust your CA completely and don't use any others, or any other services.
I don't disagree, but secure auth is what the (usually) RSA exchange at the beginning of an SSL session is for. I'm not sure I see the difference between that and your proposal.
I don't, for instance, care about having slashdot encrypted at all. if someone steals the password or the cookie then so be it. But where I want encryption at all - online banking, shopping - I want to be sure. And it's not really a case of "extra sure", it's any surety at all.
If you're angling at changing the signal-to-noise ratio then I sympathise, but unauthenticated SSL is pretty much useless in my book. That's not to say self-signed is useless, if you get the self-signed cert ahead of time, or the public key of a private CA, then it's great. In fact I'd go so far as to say where you have explicitly accepted a CA in a situation where you know there has been no compromise, it's more trustworthy than any of the preloaded CA certs in a browser.
They *should* get all sorts of warnings in the browser because anyone could be MITM attacking the session in a variety of ways. If you want to self-sign then set up your own trusted signer (not hard!) and distribute the signer public key to people before they use the service.
People use the net for all sorts these days, banking included. The last thing we want is to get the less tech-savvy individuals used to accepting untrusted certificates.
Well not only that but there's error checking and correction built into most media and a lot of protocols, so I'd be damn surprised, even if you did have bit degradation, if that amounted to anything on the other end.
Ah but life's so much more interesting if you meet a few of the less than perfect matches on the way, and your standards might get in the way of getting to know the person that is the best fit.
Just FYI - there's an iPlayer channel here in the UK too, so it's certainly capable of streaming video. Didn't seem as nice as using the PS3 somehow though.
There's a difference between volnteering to give up some small amount of privacy (talking crap on facebook) and being put under surveillance by the government or corporations.
I don't know, I have my own domains. I don't use the sillier ones for anything remotely employment or business related. They get a laugh once in a while and I get the satisfaction that I'm in control of stuff. I recently gave up running my own mailserver from home though.
My mother doesn't EVER need to run a piece of server software and her computer really does not need to be addressable by anyone else at all, ever. Why should it be?
1. Not American or in America, thanks. I'm British.
2. I work with people who have explained that this is how it works in the countries they come from. I'm sure some people like to stick close to family, but it doesn't seem to be all that many.
"So yeah, it's convenient that you have indians to blame for everything that goes bad in the company.... psychologically speaking, you need that in order to be happy:)"
Screw you!
Our product is selling in the tens of millions of dollars worth each year, with a dev team of 12. It's doing *very* nicely thankyou. I don't need to blame indians for anything other than not contributing at all whilst the rest of us (indian ex-pats who moved to the UK included) got on with it and made a success of ourselves.
No disrespect to our non-western programming chums, I've worked with great programmers of a lot of different nationalities. The thing about outsourcing to the far east and india is that all the good people already left for the western economies where they get paid more.
Oh hey, I'm not glad about it in any way and I don't wish it on anyone, I'm just saying that seems to be what he wants to do with his life and I'd gladly pay him to do so if it were my company. I certainly wouldn't insist on that sort of behaviour.
Personally I prefer to have a good life/work balance and think others should too.
By the time you've factored in design, coding unit tests, debugging, beta programs, documenting and specifying everything... 10 lines a day of rock solid code on average.
That said I produce about 10K a year (50 per day) at peak productivity. On average across multiple years.
That's the threat I hold in reserve (but haven't yet had to execute) should my slightly unconventional (10.30am-7pm, yes I work a 37 hour week) hours be questioned.
When called upon to do so I work a lot more. I worked 50+ hours a week through July to get stuff done. Americans may scoff at the hours but that's 35% over what I'm contracted for, and that they got it for free.
I work for one of the biggest names in the business and they seem to spend an awful lot of time trying to stop us producing anything, yet the money keeps flowing in...
I agree in part though, if your concentration span is 20 minutes you're doing it wrong. When I get into "the zone" I can go for several hours at a time without really even looking up. I just don't do it every day
I work with one who turns his brain to the whole thing, design, methodology, requirements, coding, testing. Highly, highly valuable. Not the world's best team lead, and no life to speak of outside of going to see his parents once in a while.
I'd hire him in a second, were I in charge of a company, and promote hime way up the technical chain. He's that good. But I don't want to be him.
Slashdot Mirror
You'd lose that bet.
:)
I work 37 hours a week. A few more (up to 50) when absolutely necessary. I think there were four weeks I did that last year.
Our software is doing great, the company is doing great and I'm getting paid well, raises and a promotion last year.
I'd recommend you find other work. Or maybe move to europe
Quite enjoyed Ghostbusters. The 1984 version on the C64 that is :)
The recent PS3 game was also fun, but not earth shattering.
The only thing I got from it was "no mod tools == bad". Other than that, no.
Woops, didn't think of that!
I only deal with SSL/TLS on the web as a consumer. As a coder I deal with in-house non web setups where you trust your CA completely and don't use any others, or any other services.
You're right, that would be a bad plan.
I don't disagree, but secure auth is what the (usually) RSA exchange at the beginning of an SSL session is for. I'm not sure I see the difference between that and your proposal.
Depends what you're encrypting for...
I don't, for instance, care about having slashdot encrypted at all. if someone steals the password or the cookie then so be it. But where I want encryption at all - online banking, shopping - I want to be sure. And it's not really a case of "extra sure", it's any surety at all.
If you're angling at changing the signal-to-noise ratio then I sympathise, but unauthenticated SSL is pretty much useless in my book. That's not to say self-signed is useless, if you get the self-signed cert ahead of time, or the public key of a private CA, then it's great. In fact I'd go so far as to say where you have explicitly accepted a CA in a situation where you know there has been no compromise, it's more trustworthy than any of the preloaded CA certs in a browser.
SSL without authentication is inadequate.
They *should* get all sorts of warnings in the browser because anyone could be MITM attacking the session in a variety of ways. If you want to self-sign then set up your own trusted signer (not hard!) and distribute the signer public key to people before they use the service.
People use the net for all sorts these days, banking included. The last thing we want is to get the less tech-savvy individuals used to accepting untrusted certificates.
Well not only that but there's error checking and correction built into most media and a lot of protocols, so I'd be damn surprised, even if you did have bit degradation, if that amounted to anything on the other end.
Really?
Because in most of the western world there are more women than men. Of course demand could be for multiple females...
Ah but life's so much more interesting if you meet a few of the less than perfect matches on the way, and your standards might get in the way of getting to know the person that is the best fit.
Holding out for "the one" is a fools errand.
Just FYI - there's an iPlayer channel here in the UK too, so it's certainly capable of streaming video. Didn't seem as nice as using the PS3 somehow though.
There's a difference between volnteering to give up some small amount of privacy (talking crap on facebook) and being put under surveillance by the government or corporations.
Very, very different.
And perhaps even cool?
I don't know, I have my own domains. I don't use the sillier ones for anything remotely employment or business related. They get a laugh once in a while and I get the satisfaction that I'm in control of stuff. I recently gave up running my own mailserver from home though.
Why?
Seriously, why?
My mother doesn't EVER need to run a piece of server software and her computer really does not need to be addressable by anyone else at all, ever. Why should it be?
Issues that NAT causes? Like shielding n00bs from the wilds of the internet?
NAT is a blessing. It allows people to access the net without being exposed to it.
Won't make it easier? When companies can just roll over and hand over data without a warrant?
Yeah. Great.
He's not that guy, he's perfectly pleasant and not the smelly, balding, long-haired geek you have pictured.
1. Not American or in America, thanks. I'm British.
2. I work with people who have explained that this is how it works in the countries they come from. I'm sure some people like to stick close to family, but it doesn't seem to be all that many.
"So yeah, it's convenient that you have indians to blame for everything that goes bad in the company.... psychologically speaking, you need that in order to be happy :)"
Screw you!
Our product is selling in the tens of millions of dollars worth each year, with a dev team of 12. It's doing *very* nicely thankyou. I don't need to blame indians for anything other than not contributing at all whilst the rest of us (indian ex-pats who moved to the UK included) got on with it and made a success of ourselves.
LOL @ twice as hard!
No disrespect to our non-western programming chums, I've worked with great programmers of a lot of different nationalities. The thing about outsourcing to the far east and india is that all the good people already left for the western economies where they get paid more.
Oh hey, I'm not glad about it in any way and I don't wish it on anyone, I'm just saying that seems to be what he wants to do with his life and I'd gladly pay him to do so if it were my company. I certainly wouldn't insist on that sort of behaviour.
Personally I prefer to have a good life/work balance and think others should too.
That's just another way of saying that it seems to be working just fine!
100?
I've seen people quote 10.
By the time you've factored in design, coding unit tests, debugging, beta programs, documenting and specifying everything... 10 lines a day of rock solid code on average.
That said I produce about 10K a year (50 per day) at peak productivity. On average across multiple years.
That's the threat I hold in reserve (but haven't yet had to execute) should my slightly unconventional (10.30am-7pm, yes I work a 37 hour week) hours be questioned.
When called upon to do so I work a lot more. I worked 50+ hours a week through July to get stuff done. Americans may scoff at the hours but that's 35% over what I'm contracted for, and that they got it for free.
You'd think so wouldn't you?
I work for one of the biggest names in the business and they seem to spend an awful lot of time trying to stop us producing anything, yet the money keeps flowing in...
I agree in part though, if your concentration span is 20 minutes you're doing it wrong. When I get into "the zone" I can go for several hours at a time without really even looking up. I just don't do it every day
I work with one who turns his brain to the whole thing, design, methodology, requirements, coding, testing. Highly, highly valuable. Not the world's best team lead, and no life to speak of outside of going to see his parents once in a while.
I'd hire him in a second, were I in charge of a company, and promote hime way up the technical chain. He's that good. But I don't want to be him.