Wouldn't it be easier to just bring a knife along, and turn this into a mere two step process:
1. Apply knife to throat. As our Muslim brethren have shown us, even a small knife will do. You just need to make sure he's soundly asleep...
2. Bring your new swag home, and finish the work with a spoon, then let it dry and polish
You know, Muslims are feeling that their prophet is as real as your cartoon children. And the prophet didn't give consent either. Rather he gave explicit dissent. Islam has strict rules about any depiction of the prophet, whether unflattering or not.
No, anytime we criminalize possession of mere pictures, and attach disproportionate punishment to it, democracy suffers.
... and the day someone uses this to host kiddy porn, the jackbooted thugs won't put you into a BSD jail, but into a real-life pound-me-in-the-ass jail...
You: "I don't know it"
Luxembourg judge: "You are a computer profesionnal. Computer professionals by definition know everything that's on their computer. Therefore you know your password. Now surrender it!"
Even if it turns out that you are not legally responsible for the content
In many jurisdictions, posession is enough to make you guilty, knowing posession is not a requirement
Even in those jurisdictions that only criminalize knowing posession, the judge may strike the word knowing on a whim, an book you anyways. Yes, it's a bad bad world out there, and judges don't necessarily uphold the law as written. And they get away with it. Indeed, who is going to condemn them for it? Another judge, a work colleague who they've a good chance of knowing personally... This is an area where "innocent until proven guilty" doesn't mean squat.
Funny how we all shake our heads at the Muslims, who kill over pictures, but considering this whole kiddie porn madness: we're not any better. It's just pictures. Cartoons even in some cases.
A person with an IQ of less than 80 is not going to understand the contents anyways (it's cosmology for chrissakes), so why not use a grown-up font and layout?
Huh. I didn't know that, as I only have ever done the individual verification. It's not uncommon for someone to wear many hats (i.e., to be affiliated with several organizations). It'd certainly be nice if their system allowed for a single individual account to switch between different "identities", so that one could issue certs for themselves or any number of organizations with which they're affiliated and which they've validated with StartSSL.
Indeed...
Have you suggested such an improvement to them?
Yes, of course. They wouldn't budge. Their suggestion: just use the "free" plan instead, there you can wear as many hats as you like (which I did... after this incident they never saw another cent from me). Weird way of promoting your business...
And that's another issue: they don't take any suggestions! For example: some (all?) of their automated mails are formatted as a single long line. I suggested to them that general usage is to stay below 78 characters per line. Should be easy to fix, as they probably use some kind of.txt template, where they could just insert a couple of breaks. Answer: well, at least our mails don't contain a virus (or something equally silly). Hey that's great! But it would be even nicer if the lines were shorter as well. A year afterwards, the issue was still not fixed.
Technically, yes, but policy-wise, no: Class 1 certs are not intended for commercial use.
Well, it's not commercial use, it's for several non-profits and one political party.
As you suspected, the $9 offering from PositiveSSL is for a single, non-wildcard, non-SAN certificate.
Yeah, that's the kind of certificate that you can for free from StartSSL (class 1)
NameCheap also sells Comodo PositiveSSL multi-domain certs [namecheap.com] for $30/year for up to 100 domains, which is quite a reasonable price.
Yeah, that would be reasonable. Can these domains be wildcard, or does each domain only have a single host?
Wildcard certs are also available [namecheap.com], with Comodo wildcards costing $94/year.
... or maybe the theater owners (and Sony) do not actually believe the threats, but instead fear that many spectators might believe those threats, and performance on opening might be very lackluster... Better cancel it all along, and do it 2 weeks later when there are (hopefully...) no new threats.
I see the value of the proposal: it is easy to inject malware inside a HTTP stream.
Only when the attacker is sitting on the path from the browser to the server. Not when listening in on the side-lines.
... and sitting on the path is the exact definition of man-in-the-middle, which allows to take advantage of poor certificates. And how many people properly understand certificates?
However, with only 33% of the sites that are SSL enabled, they are just going to show warnings everywhere, and users will quickly learn to ignore them.
Exactly. And once users are trained to ignore warnings, they will ignore them too if they are about bad certificates, so nothing is gained (see above).
StartSSL offers completely free-of-cost certificates that are widely recognized by browsers to individuals and non-commercial sites. $60/year gets you an ID-verified account and the ability to offer unlimited certificates (they only charge for the validation, certificates are free). A second $60 ($120 total) gets your organization verified, again with the ability to issue unlimited certs.
And if you do pay the $60, you can only manage a single legal entity. Which means, if you are the certificate manager of some organization, you can either get certificates in the name of that organizationation (after completing the paperwork and paying the additional $60), or for your own private sites, but not for both at once. Yes, after completing the paperwork for getting certificates for your organization, you lose the right to get certificates for yourself. Crazy, but true!
Oddly enough, if you don't pay anything at all ("class 1 certificates"), you can get certificates for several associations and yourself at once. Of course, then you can't get wildcards or SAN certificates, so you are forced to use SNI (more hassle to set up, and might not work with exotic browsers).
If, for some reason, that's not satisfactory, Comodo resellers like NameCheap offer PositiveSSL certs for less than $9/year. That's less than a beer at the local bar.
Wow, a place where beer is even more expensive than here in Luxembourg! But seriously, I guess the $9/year is for plain certificates, no wildcard and non SAN? In that case it would compete with StartSSL's free offering, rather than their $60 plan. If it actually does include wildcard certificates, I would be interested in details.
I hope so too. That way, the hackers will release the files (the contents, not just the filenames), which contain enough juice to sink Sony Pictures (and possibly other parts of Sony too) for good.
every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.
Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...
The suggestion in the book that it would be appropriate to plug a known-virus-infected USB thumbdrive into another computer in order to fix it seems totally crazy to me. Even if the second computer does have better security there's no guarantee the virus isn't a new one that hasn't made it into virus checker recognition databases yet...
Yeah, but you forgot an important detail... The suggestion was not just to plug it in to another computer, but to plug it into another computer that isn't yours. In case it does becomes infected, you just sneak away, and pretend that nothing happened...
But only if you're a boy. If you're a girl, you just keep sitting next to it and weep...
If you are turning north from I-10 onto I-65, or if you are on I-65 and turning east or west onto I=10, you have already failed at taking the quickest was from anywhere to anywhere else.
Just looking at a map, while coming from North I-65 and going east on I-10 looks kinda nonsensical, going west doesn't look so bizarre. You'd use that connection when going from Montgomery to New Orleans, wouldn't you?
Or is that just a general comment that those roads tend to be congested, and are never the quickest way (no matter which way you turn?)
"politic" meaning roughly in the original Greek "To shout down"
Bullshit. The word "politic" is derived from "polis", the Greek word for "city". So "politics" is the art of running a city (or city-state, as most cities were back then), not the art of shouting your opponent down...
If you run a web server of any kind, just grep for () in your/var/log/apache2/referer.log, and you'll see plenty of hits: fgrep '()'/var/log/apache2/referer.log
... if not, maybe you're simply running a site that is too obscure?
Slashdot Mirror
1. Apply knife to throat. As our Muslim brethren have shown us, even a small knife will do. You just need to make sure he's soundly asleep...
2. Bring your new swag home, and finish the work with a spoon, then let it dry and polish
No, anytime we criminalize possession of mere pictures, and attach disproportionate punishment to it, democracy suffers.
Put it in a BSD Jail
... and the day someone uses this to host kiddy porn, the jackbooted thugs won't put you into a BSD jail, but into a real-life pound-me-in-the-ass jail...
You: "I don't know it"
Luxembourg judge: "You are a computer profesionnal. Computer professionals by definition know everything that's on their computer. Therefore you know your password. Now surrender it!"
Even if it turns out that you are not legally responsible for the content
Funny how we all shake our heads at the Muslims, who kill over pictures, but considering this whole kiddie porn madness: we're not any better. It's just pictures. Cartoons even in some cases.
A person with an IQ of less than 80 is not going to understand the contents anyways (it's cosmology for chrissakes), so why not use a grown-up font and layout?
Huh. I didn't know that, as I only have ever done the individual verification. It's not uncommon for someone to wear many hats (i.e., to be affiliated with several organizations). It'd certainly be nice if their system allowed for a single individual account to switch between different "identities", so that one could issue certs for themselves or any number of organizations with which they're affiliated and which they've validated with StartSSL.
Indeed...
Have you suggested such an improvement to them?
Yes, of course. They wouldn't budge. Their suggestion: just use the "free" plan instead, there you can wear as many hats as you like (which I did... after this incident they never saw another cent from me). Weird way of promoting your business...
And that's another issue: they don't take any suggestions! For example: some (all?) of their automated mails are formatted as a single long line. I suggested to them that general usage is to stay below 78 characters per line. Should be easy to fix, as they probably use some kind of .txt template, where they could just insert a couple of breaks. Answer: well, at least our mails don't contain a virus (or something equally silly). Hey that's great! But it would be even nicer if the lines were shorter as well. A year afterwards, the issue was still not fixed.
Technically, yes, but policy-wise, no: Class 1 certs are not intended for commercial use.
Well, it's not commercial use, it's for several non-profits and one political party.
As you suspected, the $9 offering from PositiveSSL is for a single, non-wildcard, non-SAN certificate.
Yeah, that's the kind of certificate that you can for free from StartSSL (class 1)
NameCheap also sells Comodo PositiveSSL multi-domain certs [namecheap.com] for $30/year for up to 100 domains, which is quite a reasonable price.
Yeah, that would be reasonable. Can these domains be wildcard, or does each domain only have a single host?
Wildcard certs are also available [namecheap.com], with Comodo wildcards costing $94/year.
Interesting...
Yeah. Beer in Switzerland isn't cheap. :/
I know. So expensive that people cannot even afford mustard to put on their sausage along with it ...
... or maybe the theater owners (and Sony) do not actually believe the threats, but instead fear that many spectators might believe those threats, and performance on opening might be very lackluster... Better cancel it all along, and do it 2 weeks later when there are (hopefully...) no new threats.
Well actually, if you are going to be killed by a terrorist at some point during the day, you would have to wake up alive first.
The terrorist could conceivably kill you in your sleep, with a single shot at your head through your pillow...
I see the value of the proposal: it is easy to inject malware inside a HTTP stream.
Only when the attacker is sitting on the path from the browser to the server. Not when listening in on the side-lines.
However, with only 33% of the sites that are SSL enabled, they are just going to show warnings everywhere, and users will quickly learn to ignore them.
Exactly. And once users are trained to ignore warnings, they will ignore them too if they are about bad certificates, so nothing is gained (see above).
StartSSL offers completely free-of-cost certificates that are widely recognized by browsers to individuals and non-commercial sites. $60/year gets you an ID-verified account and the ability to offer unlimited certificates (they only charge for the validation, certificates are free). A second $60 ($120 total) gets your organization verified, again with the ability to issue unlimited certs.
And if you do pay the $60, you can only manage a single legal entity. Which means, if you are the certificate manager of some organization, you can either get certificates in the name of that organizationation (after completing the paperwork and paying the additional $60), or for your own private sites, but not for both at once. Yes, after completing the paperwork for getting certificates for your organization, you lose the right to get certificates for yourself. Crazy, but true!
Oddly enough, if you don't pay anything at all ("class 1 certificates"), you can get certificates for several associations and yourself at once. Of course, then you can't get wildcards or SAN certificates, so you are forced to use SNI (more hassle to set up, and might not work with exotic browsers).
If, for some reason, that's not satisfactory, Comodo resellers like NameCheap offer PositiveSSL certs for less than $9/year. That's less than a beer at the local bar.
Wow, a place where beer is even more expensive than here in Luxembourg! But seriously, I guess the $9/year is for plain certificates, no wildcard and non SAN? In that case it would compete with StartSSL's free offering, rather than their $60 plan. If it actually does include wildcard certificates, I would be interested in details.
And if the source and destination are clueless then an educated third party has to manage it.
... an educated and trustworthy third party. And that's where it becomes difficult...
I really hope they don't pay!
I hope so too. That way, the hackers will release the files (the contents, not just the filenames), which contain enough juice to sink Sony Pictures (and possibly other parts of Sony too) for good.
every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.
Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...
The suggestion in the book that it would be appropriate to plug a known-virus-infected USB thumbdrive into another computer in order to fix it seems totally crazy to me. Even if the second computer does have better security there's no guarantee the virus isn't a new one that hasn't made it into virus checker recognition databases yet...
Yeah, but you forgot an important detail... The suggestion was not just to plug it in to another computer, but to plug it into another computer that isn't yours. In case it does becomes infected, you just sneak away, and pretend that nothing happened...
But only if you're a boy. If you're a girl, you just keep sitting next to it and weep...
http://www.amazon.de/gp/product/0449816192
Everybody knows wind turbines are eye sores.
They obscure all the lovely smoke stacks.
A couple of years back, the French complained that a new wind turbine field in Germany was spoiling the nice scenic view of the Chateau de Malbrouck (located just opposite the German-French border from that infamous field).
Unfortunately, they conveniently completely forgot what the Germans see when they look at the Chateau de Malbrouck
When you qualify it by saying, "always on third party SSDs", then it's not the same as "always" (unqualified).
But he did:
Apple has always disabled TRIM on those
So, what's your point?
If you are turning north from I-10 onto I-65, or if you are on I-65 and turning east or west onto I=10, you have already failed at taking the quickest was from anywhere to anywhere else.
Just looking at a map, while coming from North I-65 and going east on I-10 looks kinda nonsensical, going west doesn't look so bizarre. You'd use that connection when going from Montgomery to New Orleans, wouldn't you?
Or is that just a general comment that those roads tend to be congested, and are never the quickest way (no matter which way you turn?)
In many places, Ambulances and firefighters are using the same technology. So expect some false positives...
The current panic underscores it as well - first people underreact and now they are overreacting.
The shwinesflu scare a couple of years ago may also be an explanation for the initial under-reaction...
"politic" meaning roughly in the original Greek "To shout down"
Bullshit. The word "politic" is derived from "polis", the Greek word for "city". So "politics" is the art of running a city (or city-state, as most cities were back then), not the art of shouting your opponent down...
fgrep '()'