If we had sane leadership, our soldiers wouldn't be in Afghanistan or Iraq. Fact. The appropriate response to 9/11 wasn't to put soldiers on the ground in Afghanistan or Iraq. It would have been, if anything, to drop some ordinance on Mecca and/or Riyadh in honor of the 19 Saudis, and armor our commercial aircraft's cockpits. Nothing else. Not one stinking thing.
But we are led by idiots, and we are idiots. Hence our current condition.
The evidence was already there in his pathological interpretation of the 2nd amendment as stated publicly. He thinks "shall not be infringed" means "shall infringe as convenient."
He's more of a constitutional moron than a constitutional professor.
Obama's just another shill for the parties; he has claimed to be a professor of constitutional law, but on the two issues that have really been public recently which depended on the bill of rights, he has amply demonstrated that he doesn't read the document as written, he reads it as convenient.
For the 2nd amendment, where it says "shall not be infringed", he interprets that as "we can infringe if we want to", as witness his saying that the Washington law was a good law. He goes on to presume that the states have the power to infringe, but (a) the feds are forbidden via the 2nd, and the states are forbidden via the 14th, which states unequivocally "No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States."
For the 4th amendment, his vote on FISA shows he has absolutely no concern for the specific requirement that a warrant precede an invasion of a citizen's security, and the requirement that probable cause, oath or affirmation, and a description of the things being sought precede the warrant. FISA allows your security to be destroyed without any warrant at all; the difference between the old FISA and the new FISA is that the old provided a window of 72 hours without a tap; the new allows months at a time. Both are roundly unconstitutional, and blatantly, obviously so.
Obama and McCain are both "big government" guys, all about creating the maximum possible nanny state and to hell with the constitution. Sadly, we're going to get one or the other and our slide downhill is going to continue apace.
The constitutional republic is long gone. We live under an arbitrary system absolutely controlled by 545 privileged people. 435 in the house, 100 in the senate, 9 in the supreme court, and 1 in the executive. They're all directly or indirect selected by the political parties from a set of pre-qualified shills about twice that size. When someone comes along who is actually capable of competing in terms of the popular vote, they cut the media coverage from that person and so take them from them any possibility of success. Look at the Paul candidacy; on the net, where they couldn't control his media, he took over every poll, and he out fund-raised everyone. The MSM didn't bother to cover him except in a "hah-hah" kind of way, and bingo, his campaign was destroyed. This is our country: the system is 100% rigged.
So while we may mutter about Obama or McCain, the fact is that it isn't going to make any difference. Our constitution will continue to be treated like an old rag, our personal liberties will be highlighted by no-warrant searches and seizures, and our economy will continue to wither under the mismanagement of these people. The MIC will continue to push for foreign wars to grow fat off of, corporations will continue to pay for law that favors them and throws the citizen to the wolves. There will be no rebellion; the USA is simply dying from the neglect and ignorance of the rank and file citizen. Considering the state of the government's lack of constitutional compliance, it might be fairer to say it has already died.
Actually, the entire telecomm immunity thing isn't the point.
The point is, both the old FISA and the new FISA both allow warrantless searches. The old FISA provided for 72 hours of oversight-free tapping. The new FISA allows for many months of oversight-free tapping. They're both direct and obvious violations of the 4th amendment.
The position put forth by Obama is that "the government needs these tools"; the only correct action is to pursue article V (amendment) and see if they can get them; to violate the amendment because "they want to" is to act as if the constitution doesn't exist.
Why is this so important? Because if one part of the constitution can be ignored, so can any other part. Either we live in a constitutional republic, or we live in a nation ruled by 645 privileged nobles (535 reps, 100 senators, 9 judges and a president) who are not bound by anything other than what they agree upon.
I was brought up to understand that the nation I lived in was designed and authorized as a constitutional republic. How about you? Do you think the constitution should matter with regard to what the government can or cannot do, or are you more inclined to live in a nation ruled and guided exclusively by the fashions and opinions of 645 people? People, I should add, who were sworn into their jobs explicitly committing allegiance to, and swearing defense of, the constitution.
Is the retroactive pardoning of corporations for spying on the citizens distasteful? Yes, you bet it is. But it isn't the root of the problem, and as long as you, and people like you, keep harping on immunity, you're going to be blinded to what is actually wrong.
The real implications of genetics are a side of science that the politically correct have always cowered away from; the idea of the wish for all to have equal liberty is very difficult to reconcile with the fact that people are not, and never have been, equal in any objective sense. But we almost all pick our partners for their objective good qualities; looks to brains, effectiveness at providing, demonstrated success in the sieves of education, business, physical performance, compassion. We're all guilty of eugenics - we certainly don't pick the most disadvantaged bum from the camp under the bridge and mate with them.
Neither Skylark or Lensman are morally sound. Having said that, they're still great fun to read.
The books I suggested at the top -- Decision at Doona and Welcome to Mars -- are both morally sound AND great fun to read. As some of the replies suggested, McCaffery is mostly known for her dragon books, which aren't exactly high quality SF; they're actually pretty poor fantasy (with, let it be said, huge appeal to kids - dragons, after all...) Decision at Doona is something else entirely. A great read. Welcome to Mars is - again IMHO - actually inspiring, though just a little dated if you're up on your electronics.
Those are good. Along those lines, if the readers in question can put up with a style like Verne's (in the sense that it isn't a modern style) they might enjoy E.E. Doc Smith's Skylark and Lensman series; those were very cool to read. The styles can be a show-stopper for some, though. Personally, I just re-read the Skylarks and they were great.
You gotta love slashdot's moderation. Of course a post about how you might use the precise technology brought up by an article is off-topic. Of course it is.
This is why letting any idiot moderate is a bad idea. Inevitably, you get idiots moderating.:-) This is also why you have to read slashdot at -1; moderation as a filter is pathologically unfit for use by sensible readers.
Just keep in mind, there's nothing stopping web developers from using straight HTML, CSS, JPG, PNG and GIF for basic animation. If you need media, you can embed an mpeg or a simple wav file. If you need processing, you can do it as CGI/server-side, at the same time ensuring 100% browser compatibility and avoiding the hijacking the web-client's CPU. Don't blame Adobe or MS or Sun for providing closed or deeply complicated, uncontrollable technologies; blame yourself for using them.
Flash no more "subverts" the web than Photoshop "subverts" image processing, or the GPL subverts how software is published. You want to use these things, that's your choice. There are other options available that are just as useful, and in some cases, more so.
Wrong. They CAN get valid certs for paypal.com — certs aren't one-up items that can only exist in one place. Fact: The only thing that ties a user's computer to 'paypal.com' is the hosts file and/or the DNS, both of which are easily compromised. A duplicate copy of the paypal.com certificate and key (and even the signing request, if they left that around) can be hijacked (as can anyone else's) and between that and a trivial hosts file compromise, you're screwed. But you don't even need to go that far. Just compromise the browser. The bottom line is authentication via certificates is an illusion, and if you depend on it, you're gullible at best. The consequences of that illusion is an industry that takes huge amounts of money for absolutely nothing of real value in return. They're selling illusion, but because they've convinced the public and gullible developers that the illusion has value, operating without it is exactly like standing up in a Catholic church and telling the congregation you're an atheist. Doing that will get you ostracized, which, for a business, is death.
It's a total scam. Authentication is impossible; encryption is trivial. Neither is worth ten cents. That illusion, however, is worth billions.
Nope. the certificate doesn't do authentication, because that whole idea is a scam. You CANNOT authenticate who you are talking to with any facility provided in the entire encryption chain. Understand? There IS NO AUTHENTICATION. It's B-U-L-L.
Therefore, we are left with looking at what else happens; and the only thing of any use is encryption. Mind you, there are some harmful things that happen, such as technical people get taken in by the illusion of authentication that the CA's are pushing off on the gullible; then the users get taken in, and now we have an environment where people think they are safe, when in fact, they are not; an environment where people think that little lock icon means that they know who they are talking to, when in fact, they do not; an environment where scads of money can be coerced out of businesses so that they are "up to par" with the "standard", which in FACT does absolutely NOTHING with regard to authentication.
Bottom line: A certificate's linkage to the party it is issued to can be completely and utterly compromised literally seconds after it is issued. There is no way to tell if this has happened. Therefore, they're absolutely useless for authentication. However, the encryption path provided by the https connection still protects the conversation from eavesdroppers between the two parties; this in itself is the single use of the mechanism, and it does NOT in ANY way require CAs.
Smells like a wonderful technology to implement as part of a camera sensor (when dealing with very low light, such as in astrophotography, nightshots of nature, etc.)
Canon's got the "switchable capacitor well" patent hanging in reserve, and it looks like they're going to have to use it with Nikon's new D700 going ASA 6400 and pushing all the way to 25600; but I wonder just how far you could take a camera's sensitivity if you had *accurate* photon counting... imagine a photodetector that counts photons as they arrive and simply increments a large counter. This would literally be a "digital" sensor, rather than an analog one. Precision light sensors. Mmmmm-good.:-)
I like wide-field astrophotography. I'd be all over a (relatively) affordable DSLR that could really do low light in a precise manner. Right now, you have to spend about three grand to get a camera body that can go to an honest ISO 6400; if they could get the price in or around that area with something that was effectively counting all the photons... Oy.
Have to do something about the color and IR filters, too. Swing them out of the way or something equally tricky. Maybe some variation on a single-well, filterless approach like the Foveon one.
An 8-headed display Mac Pro is $3239. To which you add four 1TB drives, and RAM, both from elsewhere. You chuck out (or sell, it's very good hardware) the 2 GB stick of RAM and the HD it comes with.
RAM is $699 per 8GB (as pairs of 4GB sticks @ memorysuppliers.com); so you need $2800 for 32 GB; a 1 Tb drive is $190 (WD Caviar GP WD10EACS Hard Drive @ buy.com), so you need $760 for four drives. Total:
Simple check: Go to the Apple store, and price a Mac Pro 8-core with the basic amenities; 2 GB ram, the recommended HD. Then price it maxed out; one HD of the largest size (1/2 TB last I looked) and 32 GB of RAM. Finally, take the original price and add 32 GB of RAM in 4 GB sticks (the Mac Pro can take 8 sticks) from a reputable online store. The difference is astonishing.
I have a recent Mac Pro, and I expanded it the sensible way; the amount of money I saved by doing that is staggering. I've had absolutely no problems.
I bought my Palm T|X, direct from Palm, within 24 hours of when they first became available. I ordered it direct so that Palm would get all the margin (profit) from the order. I do this when I am trying to support a company. Keep that in mind as you read the rest of this. They got more money from my orders than they would have if I had bought from, say, buy.com.
I ordered it overnight on Wednesday afternoon; they sat on the order until Friday, and so I received it Monday, basically five days after I had ordered it instead of one. Annoying, but it was new, they were probably overwhelmed with orders, etc., so I just grumbled a bit. The TX itself, well, it was fantastic. A little thing here or there wasn't perfect, but overall, this was the PDA I'd been waiting for. WiFi, Bluetooth, beautiful display, music and video playback, used almost all my software from my long in the tooth M505 Palm... the TX is fantastic. Really.
Considering that I was so happy with the T|X, I decided to get one for my sweetheart as well (she's also a long-time Palm/PDA user.) So, I ordered it on October 18th. We received it on October 19th. Much better. Unfortunately, this is where the happy tone of the story fades out.
Her TX would refuse to connect to any WiFi node without taking about ten tries. Then it would connect. Once connected, it was fine. But connecting could literally take five minutes of poking and prodding it. This was clearly no good (heck, PDAs are supposed to be convenient, aren't they?) So I called Palm. They kept me on the phone for about 40 minutes (I timed it. Total cost to me, $46.60 via AT&T) I spoke to Cody in support. In 40 minutes, he verified, apparently by following a support script, what I had clearly described to him in the first 30 seconds: This T|X was not connecting properly. Yes, I kept my temper and stayed polite. I know this game.
So he tells me, now I have to call the Palm store. So I do - toll free. I tell them what Cody told me, and I give them the service request number he supplied for my issue. They take it, tell me it will be 24-48 hours and then they will issue (by email) an RMA. This new fellow also explains that the procedure continues such that if they accept the RMA (verify the problem on receipt of the unit) then Palm will refund to my card.
I object: I ask, "Why refund? I want it replaced -- this is a gift!" They say there is no other option, and this is to "protect them from fraud." I ask them how, exactly, giving me my $300 back protects them more than giving me a working T|X... but this only angers the person on the phone, who tells me he isn't going to explain company policy to me. Imagine that. So I thank him for his time (no, really, I did, and I remain polite as well) and I hang up.
So, 48 hours pass, no RMA email. (Definitely -- I kept every email while waiting for the RMA, so no spam filtering, nothing. Man, was that annoying!) So I call them again. This guy tells me that it takes 2-5 days to issue an RMA and the previous person "didn't know what they were talking about." Uh-huh.
So I wait. Five days pass. No RMA. So I call them again. It's October 24th now. They say they'll send it out after 5 pm, specifically telling me these emails are batched all at once. 5pm rolls around... no RMA. 9pm... midnight...
So the next morning, I call them again, only this time I call technical support back at the toll number. (Total time, 20 minutes, Total cost to me, $23.30 via AT&T -- we're now at $69.00 expended on toll calls to Palm support.) We're still sitting on this busted T|X, and no RMA. I'm not happy at all. My sweetheart is dissapointed, to say the least. But I remained polite. The fellow on the phone (Chris, employee number 72485) allowed as to how he could escalate the issue, and fax me the RMA. He did, and we got it, wonder of wonders, and so now we have this RMA. It's a UPS ground return to Palm. Gritting my teeth, I hand it off to UPS and wait.
On November 3rd, I receive an email(!) from Palm saying that they
Which is not to say that if they came up with strong AI they would keep the technology from the US, they just wouldn't use it to attack the US
I don't think you really understand the relationship between Japan and the US. Japan has already repeatedly attacked the US post-WwII, and done a huge amount of damage; there's a reason the Japanese say, in all seriousness, that "business is war." There's a reason our electronics industry crashed, our car industry almost crashed, our steel industry crashed, you can look right at Japan for many of the penultimate causes. They're already huge owners of US debt and US land. If Japan were to develop AI, you can bet your last pitifully weak dollar that they'd use it to gain as much of an additional foothold over us as possible. Presuming we're talking about real AI here, that would probably be a very, very substantial foothold.
As far as classical military uses, they're only as likely to do that as they are to create a self defense force. Oh, wait.:-)
[certs]...verify the credentials of the website you're connecting to
No. They don't. They match a stored file against a protocol using other stored files and a program that knows that protocol. That stored file is not a "credential" in the sense of being something you should trust. No more than any copyable, fakable, transportable ID should be trusted, anyway. It's simply a key. A key that can be copied. A key that be ignored (by removing or otherwise compromising the locking mechanism in the program.) There is no, repeat no, assurance that you're talking to me if you connect to a server you think, for whatever reason, is mine. If my server has been rooted, that opens up many doors to taking advantage of you, certificate or not. If your computer has been compromised, that opens up many more such doors. In all such cases, what you're verifying is not where you think it is and does not mean what you think it means, and all actions and reactions along the connection you've made are under the control of the compromising agent, again, certificate, or not.
When you connect to a site using a browser's https, what you should be saying to yourself is "look, ma, looks like they have a key, if this dang lock is working." You do not know who "they" is. You do not know if they should have one. You do not know if your locking mechanism is working the way it worked yesterday. You do not even know if the IP you think you're connecting to is the same one you connected to yesterday, name resolution aside. Servers can move in very short order. Legitimately, and otherwise.
What is funny -- ok, well, it's actually sad -- is that the best protected sites tend to be nameservers and hardware with similar roles. Not always, but it takes more savvy to run one than it does to either put up a web site or power up your home computer and begin browsing the net. Technologies that protect us from compromises at those levels are kind of like wearing chain mail to the mall in case someone attacks you with a sword. That's not the real problem. The real problem is the guy who wants to snatch your purse, steal your car, robs your house after you left, etc. Likewise, the real problem with https (for the consumer) is the guy who roots the server you're trying to talk to, or roots your own machine. And as history has shown us, protections against those attacks haven't been proven to be anywhere near sufficient.
You are Alice. You want to talk to Bob's website: www.example.com
I'm Evel - and I have hacked Alice's computer, compromising anything I need to, from her certificate collection to her browser to her hosts file or all of the above.
Alice ->[her browser hums a happy song] home network -> Evel [collects her CC info, etc., moves to island with hot chicks and rum drinks.] Mind you a keylogger would be enough, but just for fun...
Alice is not safe from attacks. Not with a certificate, and not without one. End of story.
However: If Alice talks to a legitimate merchant, and no one has hacked anything, then the conversation between her and the other end is very difficult to break into, moreso than her computer, I might add. Which is the same advantage you would have had with self-signed certificates. The ONLY time you're safe is when you've not been hacked. To say that because ONE hack has been deterred -- the MITM attack -- the user should feel safe... I'm not buying it. It is as meaningless as saying you're safe because one out of a thousand vulnerabilities in your browser have been patched. You're not safe until there are no vulnerabilities; consequently, you're not safe. Period.
No. It just ensures you're out some fees. It does not ensure you're talking to a server that legitimately hosts google.com, or to any particular IP, even.
In order to hose you, all I need to do is direct your browser to a new IP where I have a server set up to respond as www.google.com, with a certificate to match which I got from my brother, who works at google, or my sister, who quietly and non-destructively (she's too smart to be interested in showing she's been there) got root on some of google's https-delivery hardware.
I can redirect your browser as required by hacking your hosts file right on your computer, I can do it by hacking the nameserver at your ISP, or, I can skip all that trouble by replacing your firefox with a version that shows *you* "google.com" in the toolbar while I have it connect to "oh-you-are-so-bloody-hosed.com." I can also replace your trusted certificates, or compromise that whole handshake from ever working at all. Remember, since I"m going after your info, all I have to do is make it LOOK like it's secure; it doesn't actually have to be. Firefox being open source, this isn't exactly what I'd call a difficult attack, either.
Cert authorities can't guarantee you any service you can't guarantee yourself. Not one stinking thing. Well, other than if you are legitimate, that you'll be out some money or the connivance with the browser manufacturers will scare the living heck out of any consumer who connects to your self-signed certificate, so you really have to get one from them.
[stares at water bill]
If we had sane leadership, our soldiers wouldn't be in Afghanistan or Iraq. Fact. The appropriate response to 9/11 wasn't to put soldiers on the ground in Afghanistan or Iraq. It would have been, if anything, to drop some ordinance on Mecca and/or Riyadh in honor of the 19 Saudis, and armor our commercial aircraft's cockpits. Nothing else. Not one stinking thing.
But we are led by idiots, and we are idiots. Hence our current condition.
The evidence was already there in his pathological interpretation of the 2nd amendment as stated publicly. He thinks "shall not be infringed" means "shall infringe as convenient."
He's more of a constitutional moron than a constitutional professor.
Obama's just another shill for the parties; he has claimed to be a professor of constitutional law, but on the two issues that have really been public recently which depended on the bill of rights, he has amply demonstrated that he doesn't read the document as written, he reads it as convenient.
For the 2nd amendment, where it says "shall not be infringed", he interprets that as "we can infringe if we want to", as witness his saying that the Washington law was a good law. He goes on to presume that the states have the power to infringe, but (a) the feds are forbidden via the 2nd, and the states are forbidden via the 14th, which states unequivocally "No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States."
For the 4th amendment, his vote on FISA shows he has absolutely no concern for the specific requirement that a warrant precede an invasion of a citizen's security, and the requirement that probable cause, oath or affirmation, and a description of the things being sought precede the warrant. FISA allows your security to be destroyed without any warrant at all; the difference between the old FISA and the new FISA is that the old provided a window of 72 hours without a tap; the new allows months at a time. Both are roundly unconstitutional, and blatantly, obviously so.
Obama and McCain are both "big government" guys, all about creating the maximum possible nanny state and to hell with the constitution. Sadly, we're going to get one or the other and our slide downhill is going to continue apace.
The constitutional republic is long gone. We live under an arbitrary system absolutely controlled by 545 privileged people. 435 in the house, 100 in the senate, 9 in the supreme court, and 1 in the executive. They're all directly or indirect selected by the political parties from a set of pre-qualified shills about twice that size. When someone comes along who is actually capable of competing in terms of the popular vote, they cut the media coverage from that person and so take them from them any possibility of success. Look at the Paul candidacy; on the net, where they couldn't control his media, he took over every poll, and he out fund-raised everyone. The MSM didn't bother to cover him except in a "hah-hah" kind of way, and bingo, his campaign was destroyed. This is our country: the system is 100% rigged.
So while we may mutter about Obama or McCain, the fact is that it isn't going to make any difference. Our constitution will continue to be treated like an old rag, our personal liberties will be highlighted by no-warrant searches and seizures, and our economy will continue to wither under the mismanagement of these people. The MIC will continue to push for foreign wars to grow fat off of, corporations will continue to pay for law that favors them and throws the citizen to the wolves. There will be no rebellion; the USA is simply dying from the neglect and ignorance of the rank and file citizen. Considering the state of the government's lack of constitutional compliance, it might be fairer to say it has already died.
Here's Obama's change:
1) I will filibuster!
Changes to...
2) I vote AYE.
Here it is:
http://fyngyrz.wordpress.com/2008/06/16/on-privacy/
Actually, the entire telecomm immunity thing isn't the point.
The point is, both the old FISA and the new FISA both allow warrantless searches. The old FISA provided for 72 hours of oversight-free tapping. The new FISA allows for many months of oversight-free tapping. They're both direct and obvious violations of the 4th amendment.
The position put forth by Obama is that "the government needs these tools"; the only correct action is to pursue article V (amendment) and see if they can get them; to violate the amendment because "they want to" is to act as if the constitution doesn't exist.
Why is this so important? Because if one part of the constitution can be ignored, so can any other part. Either we live in a constitutional republic, or we live in a nation ruled by 645 privileged nobles (535 reps, 100 senators, 9 judges and a president) who are not bound by anything other than what they agree upon.
I was brought up to understand that the nation I lived in was designed and authorized as a constitutional republic. How about you? Do you think the constitution should matter with regard to what the government can or cannot do, or are you more inclined to live in a nation ruled and guided exclusively by the fashions and opinions of 645 people? People, I should add, who were sworn into their jobs explicitly committing allegiance to, and swearing defense of, the constitution.
Is the retroactive pardoning of corporations for spying on the citizens distasteful? Yes, you bet it is. But it isn't the root of the problem, and as long as you, and people like you, keep harping on immunity, you're going to be blinded to what is actually wrong.
The real implications of genetics are a side of science that the politically correct have always cowered away from; the idea of the wish for all to have equal liberty is very difficult to reconcile with the fact that people are not, and never have been, equal in any objective sense. But we almost all pick our partners for their objective good qualities; looks to brains, effectiveness at providing, demonstrated success in the sieves of education, business, physical performance, compassion. We're all guilty of eugenics - we certainly don't pick the most disadvantaged bum from the camp under the bridge and mate with them.
Neither Skylark or Lensman are morally sound. Having said that, they're still great fun to read.
The books I suggested at the top -- Decision at Doona and Welcome to Mars -- are both morally sound AND great fun to read. As some of the replies suggested, McCaffery is mostly known for her dragon books, which aren't exactly high quality SF; they're actually pretty poor fantasy (with, let it be said, huge appeal to kids - dragons, after all...) Decision at Doona is something else entirely. A great read. Welcome to Mars is - again IMHO - actually inspiring, though just a little dated if you're up on your electronics.
Those are good. Along those lines, if the readers in question can put up with a style like Verne's (in the sense that it isn't a modern style) they might enjoy E.E. Doc Smith's Skylark and Lensman series; those were very cool to read. The styles can be a show-stopper for some, though. Personally, I just re-read the Skylarks and they were great.
I'd suggest you try Anne McCaffrery's "Decision at Doona" and James Blish's "Welcome to Mars."
Both are great SF, both are aimed at younger readers, both are upbeat and greatly enjoyable to read.
You gotta love slashdot's moderation. Of course a post about how you might use the precise technology brought up by an article is off-topic. Of course it is.
This is why letting any idiot moderate is a bad idea. Inevitably, you get idiots moderating. :-) This is also why you have to read slashdot at -1; moderation as a filter is pathologically unfit for use by sensible readers.
Just keep in mind, there's nothing stopping web developers from using straight HTML, CSS, JPG, PNG and GIF for basic animation. If you need media, you can embed an mpeg or a simple wav file. If you need processing, you can do it as CGI/server-side, at the same time ensuring 100% browser compatibility and avoiding the hijacking the web-client's CPU. Don't blame Adobe or MS or Sun for providing closed or deeply complicated, uncontrollable technologies; blame yourself for using them.
Flash no more "subverts" the web than Photoshop "subverts" image processing, or the GPL subverts how software is published. You want to use these things, that's your choice. There are other options available that are just as useful, and in some cases, more so.
Wrong. They CAN get valid certs for paypal.com — certs aren't one-up items that can only exist in one place. Fact: The only thing that ties a user's computer to 'paypal.com' is the hosts file and/or the DNS, both of which are easily compromised. A duplicate copy of the paypal.com certificate and key (and even the signing request, if they left that around) can be hijacked (as can anyone else's) and between that and a trivial hosts file compromise, you're screwed. But you don't even need to go that far. Just compromise the browser. The bottom line is authentication via certificates is an illusion, and if you depend on it, you're gullible at best. The consequences of that illusion is an industry that takes huge amounts of money for absolutely nothing of real value in return. They're selling illusion, but because they've convinced the public and gullible developers that the illusion has value, operating without it is exactly like standing up in a Catholic church and telling the congregation you're an atheist. Doing that will get you ostracized, which, for a business, is death.
It's a total scam. Authentication is impossible; encryption is trivial. Neither is worth ten cents. That illusion, however, is worth billions.
Nope. the certificate doesn't do authentication, because that whole idea is a scam. You CANNOT authenticate who you are talking to with any facility provided in the entire encryption chain. Understand? There IS NO AUTHENTICATION. It's B-U-L-L.
Therefore, we are left with looking at what else happens; and the only thing of any use is encryption. Mind you, there are some harmful things that happen, such as technical people get taken in by the illusion of authentication that the CA's are pushing off on the gullible; then the users get taken in, and now we have an environment where people think they are safe, when in fact, they are not; an environment where people think that little lock icon means that they know who they are talking to, when in fact, they do not; an environment where scads of money can be coerced out of businesses so that they are "up to par" with the "standard", which in FACT does absolutely NOTHING with regard to authentication.
Bottom line: A certificate's linkage to the party it is issued to can be completely and utterly compromised literally seconds after it is issued. There is no way to tell if this has happened. Therefore, they're absolutely useless for authentication. However, the encryption path provided by the https connection still protects the conversation from eavesdroppers between the two parties; this in itself is the single use of the mechanism, and it does NOT in ANY way require CAs.
Smells like a wonderful technology to implement as part of a camera sensor (when dealing with very low light, such as in astrophotography, nightshots of nature, etc.)
Canon's got the "switchable capacitor well" patent hanging in reserve, and it looks like they're going to have to use it with Nikon's new D700 going ASA 6400 and pushing all the way to 25600; but I wonder just how far you could take a camera's sensitivity if you had *accurate* photon counting... imagine a photodetector that counts photons as they arrive and simply increments a large counter. This would literally be a "digital" sensor, rather than an analog one. Precision light sensors. Mmmmm-good. :-)
I like wide-field astrophotography. I'd be all over a (relatively) affordable DSLR that could really do low light in a precise manner. Right now, you have to spend about three grand to get a camera body that can go to an honest ISO 6400; if they could get the price in or around that area with something that was effectively counting all the photons... Oy.
Have to do something about the color and IR filters, too. Swing them out of the way or something equally tricky. Maybe some variation on a single-well, filterless approach like the Foveon one.
That's not a hijacking.
An 8-headed display Mac Pro is $3239. To which you add four 1TB drives, and RAM, both from elsewhere. You chuck out (or sell, it's very good hardware) the 2 GB stick of RAM and the HD it comes with.
RAM is $699 per 8GB (as pairs of 4GB sticks @ memorysuppliers.com); so you need $2800 for 32 GB; a 1 Tb drive is $190 (WD Caviar GP WD10EACS Hard Drive @ buy.com), so you need $760 for four drives. Total:
$3239 - macpro w/wifi, 8 display outputs (4x ATI 2600 XT 256MB), 2.8 GHz
$2800 - ram
$ 760 - drives
---------
$6799...
Same configuration (32 GB, 4x1 TB drives) from the Apple store:
$13,989.00
This is also true of Apple desktops.
Simple check: Go to the Apple store, and price a Mac Pro 8-core with the basic amenities; 2 GB ram, the recommended HD. Then price it maxed out; one HD of the largest size (1/2 TB last I looked) and 32 GB of RAM. Finally, take the original price and add 32 GB of RAM in 4 GB sticks (the Mac Pro can take 8 sticks) from a reputable online store. The difference is astonishing.
I have a recent Mac Pro, and I expanded it the sensible way; the amount of money I saved by doing that is staggering. I've had absolutely no problems.
I bought my Palm T|X, direct from Palm, within 24 hours of when they first became available. I ordered it direct so that Palm would get all the margin (profit) from the order. I do this when I am trying to support a company. Keep that in mind as you read the rest of this. They got more money from my orders than they would have if I had bought from, say, buy.com.
I ordered it overnight on Wednesday afternoon; they sat on the order until Friday, and so I received it Monday, basically five days after I had ordered it instead of one. Annoying, but it was new, they were probably overwhelmed with orders, etc., so I just grumbled a bit. The TX itself, well, it was fantastic. A little thing here or there wasn't perfect, but overall, this was the PDA I'd been waiting for. WiFi, Bluetooth, beautiful display, music and video playback, used almost all my software from my long in the tooth M505 Palm... the TX is fantastic. Really.
Considering that I was so happy with the T|X, I decided to get one for my sweetheart as well (she's also a long-time Palm/PDA user.) So, I ordered it on October 18th. We received it on October 19th. Much better. Unfortunately, this is where the happy tone of the story fades out.
Her TX would refuse to connect to any WiFi node without taking about ten tries. Then it would connect. Once connected, it was fine. But connecting could literally take five minutes of poking and prodding it. This was clearly no good (heck, PDAs are supposed to be convenient, aren't they?) So I called Palm. They kept me on the phone for about 40 minutes (I timed it. Total cost to me, $46.60 via AT&T) I spoke to Cody in support. In 40 minutes, he verified, apparently by following a support script, what I had clearly described to him in the first 30 seconds: This T|X was not connecting properly. Yes, I kept my temper and stayed polite. I know this game.
So he tells me, now I have to call the Palm store. So I do - toll free. I tell them what Cody told me, and I give them the service request number he supplied for my issue. They take it, tell me it will be 24-48 hours and then they will issue (by email) an RMA. This new fellow also explains that the procedure continues such that if they accept the RMA (verify the problem on receipt of the unit) then Palm will refund to my card.
I object: I ask, "Why refund? I want it replaced -- this is a gift!" They say there is no other option, and this is to "protect them from fraud." I ask them how, exactly, giving me my $300 back protects them more than giving me a working T|X... but this only angers the person on the phone, who tells me he isn't going to explain company policy to me. Imagine that. So I thank him for his time (no, really, I did, and I remain polite as well) and I hang up.
So, 48 hours pass, no RMA email. (Definitely -- I kept every email while waiting for the RMA, so no spam filtering, nothing. Man, was that annoying!) So I call them again. This guy tells me that it takes 2-5 days to issue an RMA and the previous person "didn't know what they were talking about." Uh-huh.
So I wait. Five days pass. No RMA. So I call them again. It's October 24th now. They say they'll send it out after 5 pm, specifically telling me these emails are batched all at once. 5pm rolls around... no RMA. 9pm... midnight...
So the next morning, I call them again, only this time I call technical support back at the toll number. (Total time, 20 minutes, Total cost to me, $23.30 via AT&T -- we're now at $69.00 expended on toll calls to Palm support.) We're still sitting on this busted T|X, and no RMA. I'm not happy at all. My sweetheart is dissapointed, to say the least. But I remained polite. The fellow on the phone (Chris, employee number 72485) allowed as to how he could escalate the issue, and fax me the RMA. He did, and we got it, wonder of wonders, and so now we have this RMA. It's a UPS ground return to Palm. Gritting my teeth, I hand it off to UPS and wait.
On November 3rd, I receive an email(!) from Palm saying that they
I don't think you really understand the relationship between Japan and the US. Japan has already repeatedly attacked the US post-WwII, and done a huge amount of damage; there's a reason the Japanese say, in all seriousness, that "business is war." There's a reason our electronics industry crashed, our car industry almost crashed, our steel industry crashed, you can look right at Japan for many of the penultimate causes. They're already huge owners of US debt and US land. If Japan were to develop AI, you can bet your last pitifully weak dollar that they'd use it to gain as much of an additional foothold over us as possible. Presuming we're talking about real AI here, that would probably be a very, very substantial foothold.
As far as classical military uses, they're only as likely to do that as they are to create a self defense force. Oh, wait. :-)
I said the GP's (now GGGP) moderator hadn't moved out. Not you.
There, fixed that for you.
No. They don't. They match a stored file against a protocol using other stored files and a program that knows that protocol. That stored file is not a "credential" in the sense of being something you should trust. No more than any copyable, fakable, transportable ID should be trusted, anyway. It's simply a key. A key that can be copied. A key that be ignored (by removing or otherwise compromising the locking mechanism in the program.) There is no, repeat no, assurance that you're talking to me if you connect to a server you think, for whatever reason, is mine. If my server has been rooted, that opens up many doors to taking advantage of you, certificate or not. If your computer has been compromised, that opens up many more such doors. In all such cases, what you're verifying is not where you think it is and does not mean what you think it means, and all actions and reactions along the connection you've made are under the control of the compromising agent, again, certificate, or not.
When you connect to a site using a browser's https, what you should be saying to yourself is "look, ma, looks like they have a key, if this dang lock is working." You do not know who "they" is. You do not know if they should have one. You do not know if your locking mechanism is working the way it worked yesterday. You do not even know if the IP you think you're connecting to is the same one you connected to yesterday, name resolution aside. Servers can move in very short order. Legitimately, and otherwise.
What is funny -- ok, well, it's actually sad -- is that the best protected sites tend to be nameservers and hardware with similar roles. Not always, but it takes more savvy to run one than it does to either put up a web site or power up your home computer and begin browsing the net. Technologies that protect us from compromises at those levels are kind of like wearing chain mail to the mall in case someone attacks you with a sword. That's not the real problem. The real problem is the guy who wants to snatch your purse, steal your car, robs your house after you left, etc. Likewise, the real problem with https (for the consumer) is the guy who roots the server you're trying to talk to, or roots your own machine. And as history has shown us, protections against those attacks haven't been proven to be anywhere near sufficient.
You are Alice. You want to talk to Bob's website: www.example.com
I'm Evel - and I have hacked Alice's computer, compromising anything I need to, from her certificate collection to her browser to her hosts file or all of the above.
Alice ->[her browser hums a happy song] home network -> Evel [collects her CC info, etc., moves to island with hot chicks and rum drinks.] Mind you a keylogger would be enough, but just for fun...
Alice is not safe from attacks. Not with a certificate, and not without one. End of story.
However: If Alice talks to a legitimate merchant, and no one has hacked anything, then the conversation between her and the other end is very difficult to break into, moreso than her computer, I might add. Which is the same advantage you would have had with self-signed certificates. The ONLY time you're safe is when you've not been hacked. To say that because ONE hack has been deterred -- the MITM attack -- the user should feel safe... I'm not buying it. It is as meaningless as saying you're safe because one out of a thousand vulnerabilities in your browser have been patched. You're not safe until there are no vulnerabilities; consequently, you're not safe. Period.
No. It just ensures you're out some fees. It does not ensure you're talking to a server that legitimately hosts google.com, or to any particular IP, even.
In order to hose you, all I need to do is direct your browser to a new IP where I have a server set up to respond as www.google.com, with a certificate to match which I got from my brother, who works at google, or my sister, who quietly and non-destructively (she's too smart to be interested in showing she's been there) got root on some of google's https-delivery hardware.
I can redirect your browser as required by hacking your hosts file right on your computer, I can do it by hacking the nameserver at your ISP, or, I can skip all that trouble by replacing your firefox with a version that shows *you* "google.com" in the toolbar while I have it connect to "oh-you-are-so-bloody-hosed.com." I can also replace your trusted certificates, or compromise that whole handshake from ever working at all. Remember, since I"m going after your info, all I have to do is make it LOOK like it's secure; it doesn't actually have to be. Firefox being open source, this isn't exactly what I'd call a difficult attack, either.
Cert authorities can't guarantee you any service you can't guarantee yourself. Not one stinking thing. Well, other than if you are legitimate, that you'll be out some money or the connivance with the browser manufacturers will scare the living heck out of any consumer who connects to your self-signed certificate, so you really have to get one from them.