You could always have the torrent client compensate for that, too -- the indexes aren't that big. Just have the client fetch the end of the file first.
It could well be that they can't do anything about it. SSL doesn't allow for name-based virtual hosts, in most browsers, so if gmail.com points to the same physical server as mail.google.com, they have to pick one or the other.
Simple fix, though: Just use https://mail.google.com/. Or bookmark your inbox, after logging in that way.
What SSL is not telling them, and can never tell them, is that the owner of usbamk.com put up a page to look like usbank.com in order to scam the user out of their money.
Actually, it can. Extended Validation -- much more expensive, but possible -- turns the address bar green in Firefox. What this means is that the CA has actually gone to considerably more lengths to make sure that you are actually who you claim to be.
So, if usbank.com has an EV certificate -- and if the users are trained to look for a green bar -- then usbamk.com would only have a yellow bar, and the user would notice their typo.
I don't really care about trust, since I'm 99% percent certain that I'm really connecting to my box. I do want encryption, though, so as to avoid random snoopers from seeing my username/password combo, or reading my mail.
Do you understand what a man-in-the-middle attack is? Especially on public wifi, those "random snoopers" would just as easily be able to give you a fake cert, and catch your username/password.
Or is it worse? Are you using a public terminal? Do you know what a keylogger is? 'Nough said.
I realize you can make the argument that an encrypted tunnel to an unverified host isn't really security (and I agree), but I don't need 100% security.
In this case, it's a bit like being a "little bit pregnant." Either your tunnel is secure, or it's not.
I'd like it
Write down the fingerprint on the cert, if you must use a public terminal -- that way, it's at least unlikely that there's a MITM outside of the box you're on.
Better, always use your own hardware -- a laptop, even an iPhone -- and pre-load your cert on that.
However, how can one explain that there is no security risk involved in creating an exception when the browser so fiercly states that it is a huge security risk?
By knowingly lying, or being sadly misinformed.
Now, it's true, there's considerably less security risk to use a self-signed certificate than to use none. And it's very likely not the end of the world. But the risk is not zero.
More importantly, your users would have to be savvy enough to understand that your own forum uses a self-signed certificate, whereas www.paypal.com doesn't -- and that they should only have to accept it once per computer. It would be a pretty fucking huge security risk if they started simply ignoring that dialog, so that the next time they're on public wireless, they get their PayPal account stolen.
A properly signed certificate costs $15 or so a year, and it's for the entire domain.
Or any one of the dozen hops between you and www.somebank.com.
Or anyone who happens to be in a non-switched-network (on a hub) between you and www.somebank.com -- in some cases, this means anyone else on your ISP.
Or anyone on the same wireless access point as you. (A guest over at your house, or someone in the same coffee shop.)
To anyone who thinks SSL isn't required, or that man-in-the-middle attacks on certificates aren't feasible, look at the above list and ask yourself if you trust all of these people.
Not only if you trust them not to pwn you, but if you trust them to keep their own machines secure enough so that no one pwns them first. (Maybe it'll be your friend's spyware-laden Vista laptop on your otherwise-secure wifi?)
What a properly-signed certificate means is that you have a much shorter list of people you're required to trust with your bank information -- that is, yourself, your own software, and VeriSign. Sucks that it's so centralized, but it is much better than being owned the next time you're on public wireless.
By the way, for those who don't know: GMail sessions can be hijacked if you don't use SSL. But to use SSL, it's trivial -- all you need to do is use https://mail.google.com/ to login.
For me, the decision not to use FireFox 3 came when FireFox 3 was released, and the Ubuntu package manager didn't let me update to the release version.
The guy whose job it is to build the Ubuntu packages was away -- on vacation, at a conference, something like that.
Why does FireFox even come with Ubuntu if it's not open source?
WTF? In what way is Firefox not open source?
The Firefox logo and the Firefox trademark -- these are what's not open source. If it bothers you so much, you can always use IceWeasel -- which is pretty much the Firefox source, plus a few Debian-specific patches, and rebranded so Mozilla doesn't sue them.
That would be an insane morale buster for the bad guys. Say you knife the Batman -- actually see your knife tear into his BatGuts -- but he shoots his BatRope and BatDisappears for ten minutes. When he comes back he's BatReplaced and as BatStrong as ever, but you don't know that. All you know is that the Batman can't be killed....
While I'm at it, I noticed you didn't list the dimensions... I've seen a Qosimo laptop, though not this generation. The one I saw was huge. Not a laptop so much as a slightly more portable desktop.
This is part of what I meant by "execution"... I had a Powerbook. The weight and the form factor was such that I could comfortably carry it around, to and from work. The curved corners helped it slide into and out of my bag, without catching.
It's that kind of subtle attention to detail that makes Apple more than just a brand and a marketing team....And, in the places they don't care about, it's that lack of attention (at all!) that makes OS X such a pain, if you start doing things they didn't expect. I found some bugs in their keyboard mapping that, to my knowledge, are still not fixed. (I don't use OS X anymore, so I don't know...)
You had me until here, then I couldn't stop laughing.
You see, I have a Toshiba laptop. Hardware specs are nice, and it is a beast, but it has a rather long list of things that are wrong with it -- not least of which is the complete lack of XP drivers.
Apple's success is not tech or the quality of its products, it is a success built up on branding and marketing.
You're thinking of MySpace.
I'll grant that Apple has always relied heavily on branding and marketing, but they have the tech and the execution to follow through.
I don't remember "grid computing" being quite the on-demand system that, say, Amazon EC2 is. What makes it cool is the ability to scale it up and down on demand, rather than in months or years.
Or maybe it's some combination of grid computing with virtualization.
And yes, it's pretty much a buzzword. Just like Web 2.0 or AJAX or all the rest. It's a useful abstraction, but not a world-changing "paradigm shift".
Actually, there were no bathrooms shown in Star Trek, unless you count a Sonic Shower in Enterprise -- and most Trekkies would like to forget Enterprise ever existed.
Has the price changed that much? Last I looked, Apple was actually competitive (within $100, sometimes cheaper) with commodity hardware. The only difference is, you can't get a Mac without the bells and whistles.
In other words, you get exactly what you pay for, which includes $1k of hardware you don't actually need.
I'm amazed -- how many posts, how many blogs on this issue so far, yet no one ever seems to point out the worst part, in black and white:
Obama said, clearly and unambiguously, that he would filibuster any legislation which provides retroactive immunity to telecoms. He not only didn't filibuster, he voted for it -- and I have yet to hear anything from him or his campaign to justify this.
Please correct me if I'm wrong about any of this.
I like someone who can change their mind. That's a good thing. But this is blatant dishonesty -- he said one thing, and then did another.
Are we so jaded to corrupt politicians that no one cares? Or that it's assumed that this is just how it works, and that we must choose the lesser of two evils?
Obama asked us to hope... I suppose that's the most disappointing part. I allowed myself a bit of naive hope, and he's already let me down. Not as a leader, but as a human being.
You could always have the torrent client compensate for that, too -- the indexes aren't that big. Just have the client fetch the end of the file first.
Apparently stands for "Hackers On Planet Earth."
It could well be that they can't do anything about it. SSL doesn't allow for name-based virtual hosts, in most browsers, so if gmail.com points to the same physical server as mail.google.com, they have to pick one or the other.
Simple fix, though: Just use https://mail.google.com/. Or bookmark your inbox, after logging in that way.
What SSL is not telling them, and can never tell them, is that the owner of usbamk.com put up a page to look like usbank.com in order to scam the user out of their money.
Actually, it can. Extended Validation -- much more expensive, but possible -- turns the address bar green in Firefox. What this means is that the CA has actually gone to considerably more lengths to make sure that you are actually who you claim to be.
So, if usbank.com has an EV certificate -- and if the users are trained to look for a green bar -- then usbamk.com would only have a yellow bar, and the user would notice their typo.
I don't really care about trust, since I'm 99% percent certain that I'm really connecting to my box. I do want encryption, though, so as to avoid random snoopers from seeing my username/password combo, or reading my mail.
Do you understand what a man-in-the-middle attack is? Especially on public wifi, those "random snoopers" would just as easily be able to give you a fake cert, and catch your username/password.
Or is it worse? Are you using a public terminal? Do you know what a keylogger is? 'Nough said.
I realize you can make the argument that an encrypted tunnel to an unverified host isn't really security (and I agree), but I don't need 100% security.
In this case, it's a bit like being a "little bit pregnant." Either your tunnel is secure, or it's not.
I'd like it
Write down the fingerprint on the cert, if you must use a public terminal -- that way, it's at least unlikely that there's a MITM outside of the box you're on.
Better, always use your own hardware -- a laptop, even an iPhone -- and pre-load your cert on that.
given the cost for certificates
Can you really not afford $15/year?
However, how can one explain that there is no security risk involved in creating an exception when the browser so fiercly states that it is a huge security risk?
By knowingly lying, or being sadly misinformed.
Now, it's true, there's considerably less security risk to use a self-signed certificate than to use none. And it's very likely not the end of the world. But the risk is not zero.
More importantly, your users would have to be savvy enough to understand that your own forum uses a self-signed certificate, whereas www.paypal.com doesn't -- and that they should only have to accept it once per computer. It would be a pretty fucking huge security risk if they started simply ignoring that dialog, so that the next time they're on public wireless, they get their PayPal account stolen.
A properly signed certificate costs $15 or so a year, and it's for the entire domain.
Your ISP could do it.
Or their ISP.
Or any one of the dozen hops between you and www.somebank.com.
Or anyone who happens to be in a non-switched-network (on a hub) between you and www.somebank.com -- in some cases, this means anyone else on your ISP.
Or anyone on the same wireless access point as you. (A guest over at your house, or someone in the same coffee shop.)
To anyone who thinks SSL isn't required, or that man-in-the-middle attacks on certificates aren't feasible, look at the above list and ask yourself if you trust all of these people.
Not only if you trust them not to pwn you, but if you trust them to keep their own machines secure enough so that no one pwns them first. (Maybe it'll be your friend's spyware-laden Vista laptop on your otherwise-secure wifi?)
What a properly-signed certificate means is that you have a much shorter list of people you're required to trust with your bank information -- that is, yourself, your own software, and VeriSign. Sucks that it's so centralized, but it is much better than being owned the next time you're on public wireless.
By the way, for those who don't know: GMail sessions can be hijacked if you don't use SSL. But to use SSL, it's trivial -- all you need to do is use https://mail.google.com/ to login.
For me, the decision not to use FireFox 3 came when FireFox 3 was released, and the Ubuntu package manager didn't let me update to the release version.
The guy whose job it is to build the Ubuntu packages was away -- on vacation, at a conference, something like that.
Why does FireFox even come with Ubuntu if it's not open source?
WTF? In what way is Firefox not open source?
The Firefox logo and the Firefox trademark -- these are what's not open source. If it bothers you so much, you can always use IceWeasel -- which is pretty much the Firefox source, plus a few Debian-specific patches, and rebranded so Mozilla doesn't sue them.
Which boots so much slower than Grub -- or even more modern OSes, like Vista.
Maybe he BatComes BatBack... And he can't be BatKilled... Holy Bat-Language, Batman!
Close...
That would be an insane morale buster for the bad guys. Say you knife the Batman -- actually see your knife tear into his BatGuts -- but he shoots his BatRope and BatDisappears for ten minutes. When he comes back he's BatReplaced and as BatStrong as ever, but you don't know that. All you know is that the Batman can't be killed....
In that case, can't get much faster than Grub. People will tell you it's a bootloader, but it has cat, so it must be an OS!
While I'm at it, I noticed you didn't list the dimensions... I've seen a Qosimo laptop, though not this generation. The one I saw was huge. Not a laptop so much as a slightly more portable desktop.
This is part of what I meant by "execution"... I had a Powerbook. The weight and the form factor was such that I could comfortably carry it around, to and from work. The curved corners helped it slide into and out of my bag, without catching.
It's that kind of subtle attention to detail that makes Apple more than just a brand and a marketing team. ...And, in the places they don't care about, it's that lack of attention (at all!) that makes OS X such a pain, if you start doing things they didn't expect. I found some bugs in their keyboard mapping that, to my knowledge, are still not fixed. (I don't use OS X anymore, so I don't know...)
Also, Toshiba makes good laptops
You had me until here, then I couldn't stop laughing.
You see, I have a Toshiba laptop. Hardware specs are nice, and it is a beast, but it has a rather long list of things that are wrong with it -- not least of which is the complete lack of XP drivers.
Apple's success is not tech or the quality of its products, it is a success built up on branding and marketing.
You're thinking of MySpace.
I'll grant that Apple has always relied heavily on branding and marketing, but they have the tech and the execution to follow through.
I don't remember "grid computing" being quite the on-demand system that, say, Amazon EC2 is. What makes it cool is the ability to scale it up and down on demand, rather than in months or years.
Or maybe it's some combination of grid computing with virtualization.
And yes, it's pretty much a buzzword. Just like Web 2.0 or AJAX or all the rest. It's a useful abstraction, but not a world-changing "paradigm shift".
It would be tricky, but should be possible to mount a hidden volume as root -- or, failing that, a loopback file in that hidden volume.
It wouldn't encrypt the entire disk, and it might be tricky to maintain a dummy root or two, but it could be done.
Even the presentation logic is "compiled" -- Java translated into JavaScript.
Hmm. Maybe it was Voyager?
Actually, there were no bathrooms shown in Star Trek, unless you count a Sonic Shower in Enterprise -- and most Trekkies would like to forget Enterprise ever existed.
Well, to be honest, you'd probably have $10, but who's counting?
Obama's a politician, not the messiah that everyone's pretending he is.
I didn't ask for a messiah, just a decent human being.
Of course, the type of person I think would be good at the job is the kind of person who wouldn't run anyway.
Well, hey, I'm considering writing in John Stewart. But it is worth mentioning that Washington didn't want the job.
Has the price changed that much? Last I looked, Apple was actually competitive (within $100, sometimes cheaper) with commodity hardware. The only difference is, you can't get a Mac without the bells and whistles.
In other words, you get exactly what you pay for, which includes $1k of hardware you don't actually need.
I'm more surprised it took this long.
It's also portable. This joke now works without context, for people who know what a Pystar is.
I'm amazed -- how many posts, how many blogs on this issue so far, yet no one ever seems to point out the worst part, in black and white:
Obama said, clearly and unambiguously, that he would filibuster any legislation which provides retroactive immunity to telecoms. He not only didn't filibuster, he voted for it -- and I have yet to hear anything from him or his campaign to justify this.
Please correct me if I'm wrong about any of this.
I like someone who can change their mind. That's a good thing. But this is blatant dishonesty -- he said one thing, and then did another.
Are we so jaded to corrupt politicians that no one cares? Or that it's assumed that this is just how it works, and that we must choose the lesser of two evils?
Obama asked us to hope... I suppose that's the most disappointing part. I allowed myself a bit of naive hope, and he's already let me down. Not as a leader, but as a human being.