Ah, they are engineered in the U.S. though, which is where the $ to increase efficiency. (I suppose it was too much to think they might be manufactured here).
On the internet, there's plenty of reason to preserve anonymity and free speech. You can't kill someone over the internet, and real criminals will always find ways around a "passport" system, they already find ways around other kinds of security.
What if I just want to run an HTTP server on a non-standard port for development? Not everyone is running a DNS server, nor should DNS records need to be changed so often.
How would it allow named virtual hosts? The only thing you have at the network layer is the IP address that the message was sent to, that's why HTTPS virtual hosts is difficult to implement.
If browsers won't accept the certificate unless it's in the database, then the database *will* be correct. Certificates that aren't in the database ought to require some sort of user intervention to permit them, even if they are "private" certificates. Basically publication in the database would be part of getting the certificate issued, and would be a requirement for it to work properly, thus privacy legislation wouldn't apply.
If a CA is found to be issuing illegitimate certificates (they would have to publish them if they want them to work...) then they won't be a CA much longer. However, as it stands now, it sounds like any CA can issue an illegitimate certificate, blacklisting them all doesn't sound workable.
I'm surprised something like this wasn't done at least for those new "EV" certificates they were hyping.
Why not simply have a public database of valid issued certificates? That way you can know when a bad certificate without needing to encounter it. You still need to check the database for certificates with either solution, but the revocation database seems like useful.
Heh, I suppose you're right. Though of course I hope my answer makes it clear that a public revocation database doesn't have merit, which probably isn't the answer the teacher is looking for.
Social engineering is an area I can't answer to. As for securing the connection, the public key that the server identifies itself with would be well-known. Signed keys would not be valid for the server. It would still be possible for the "keyholder" to be bought, I suppose. However, I'm sure a sufficiently trustworthy entity could be found for that purpose (on the other hand, I don't trust verisign at all).
However, I don't think it can stop at a "revocation database". The database should list ALL the valid keys for the domain. Not only does this allow the browser to whitelist just those keys, a key can't be issued to a domain without the domain owner knowing about it. After all, whitelisting is far more secure than blacklisting.
I think the best bet would be to have many databases managed by separate organizations. The databases would each have their own key, rotated hourly. Each databases would also list the valid public keys for the other databases. A browser can verify that a MITM attack is not occurring by checking with some number of the other databases to ensure the key the database it is using is correct. The critical point here is that paying off one or two database admins may be easy, but buying off ALL of them should be difficult. If more than one or two of the databases can't be contacted for verification, the user should be told that their connection may be compromised. The root certificate for each organization would be used to sign each of its rotating keys. The public keys would be well known and embedded in the browser. In order to take down the whole system you need to compromise all of the keys.
For social engineering attacks, there may be a solution, but it has little to do with a public key database.
The first time the user enters a banking site and logs in, the site tells the browser that it is a banking site. In the future, the browser will not allow the same information to be entered on a site with a different domain, or over an unsecure connection. In order for this to work, the bank needs to require the user to enter some unique piece of information, like a number that they were provided by the bank when they opened their account.
That's what certificate signing is supposed to protect against. Of course, if you have $100 million lying around or you're the government, you can probably get certificates signed for domains you don't own, and they'll look real. That's why we need a public database of certificates that browsers check against, rather than signing certs.
All of what you state is true for the Northern U.S., but could be explained by ice melting as a result of global warming. Climate change is on a massive scale, and it will affect different parts of the world differently. Even if humans aren't causing global climate change, cleaning up the air is a GOOD THING for our own health.
The work in climate engineering (or whatever it's called) is good too. We shouldn't assume that the Earth will always be habitable by humans without us needing to fight for it. None of this is going to make us 'poor' either, that's a lot of hooey. The economy runs on work, any kind of work will do. It might mean some businesses fall while others are created, but that's how capitalism works.
In fact, most SDK's out there would likely have a similar "flaw". In Java land you need to do the escaping yourself, and there isn't a built-in function to do XML or HTML escaping. You just need to know to handle it.
Actually, many sites limit the scope of their removal statement to profane language and the sort, if they say "we can remove any review we don't like" or "we can remove profane language and negative reviews" (or the sort), then they're in the clear, maybe.
The question is whether the purchaser reasonably expected all reviews to be present. Since it's an online site where they could submit their own review, unless there was a notice to the effect of "we filter out reviews we don't like" it's possible to make the argument.
On a small scale, the poster could sue the retailer. On a large scale, it may indeed be false advertising.
I said they should be, not that they're likely to be.
They contracted to a private company for the work. It should be simple, "you're required to follow these rules: XYZ, we won't pay you until those requirements are fulfilled."
I voted for Obama and I support him and healthcare reform.
However, this is something that should be brought up. It's great that Obama wants to modernize government IT use and communications, but this is different for the government than it is for the private sector. A company can decide they don't really need to go that extra mile to make their site perfect in terms of accessibility, they can be just barely on this side of the law and be fine. However, for the government, the site should be damn near perfect. It's the right of every citizen to be able to communicate effectively with their government. They serve all of us, so there isn't a "good enough" when it comes to access. Companies can choose customers, governments can't.
And they really don't want to be bothered with being able to search for "democracy" or "freedom"? Yes, I can see the Chinese people really have a say in their government.
Android is the same way, you can download an app from anywhere. Though you do need to check the "Allow third-party applications" box in the configuration, which is trivial. It's nice, it means that T-Mo and Google have very little effective control of the device.
(Happy owner of a G1, never giving it up until another good capacitive touch-screen based phone with a keyboard comes out)
My in-car CD player has tactile feedback, I switch songs, adjust the volume and turn it off all the time without looking at it. And no, I don't have in-wheel controls.
GPS is another beast entirely they often have no physical buttons aside from the power button. Then again, usually all you need to do is enter the destination, which you should probably do before you start driving.
A 4 9s datacenter fails.0001% of the time. The chances of two 4 9s datacenters failing simultaneously is.0001% squared (.0000001%). The 5 9s data center fails.000001% of the time. Therefore, two 4 9s datacenters are ten times as reliable as one 5 9s datacenters (assuming I did my math right). That's why RAID works.
The robber should be required to pay for the cost of replacing the door with a similar or identical one. The store owner is still responsible for the cost of a lock.
The contract would have said "you will be paid X for Y" and Y would have included "not touching the computers". Thus they don't get paid X if they don't do Y.
Their contract likely said they were not permitted to touch the machines or any other work-related materials. Thus, they broke the contract and would not be paid.
Slashdot Mirror
Ah, they are engineered in the U.S. though, which is where the $ to increase efficiency. (I suppose it was too much to think they might be manufactured here).
There are plenty of HDTVs produced in the U.S., particularly in CA. Vizio is probably the most recognized one, but there are others.
On the internet, there's plenty of reason to preserve anonymity and free speech. You can't kill someone over the internet, and real criminals will always find ways around a "passport" system, they already find ways around other kinds of security.
What if I just want to run an HTTP server on a non-standard port for development? Not everyone is running a DNS server, nor should DNS records need to be changed so often.
How would it allow named virtual hosts? The only thing you have at the network layer is the IP address that the message was sent to, that's why HTTPS virtual hosts is difficult to implement.
If browsers won't accept the certificate unless it's in the database, then the database *will* be correct. Certificates that aren't in the database ought to require some sort of user intervention to permit them, even if they are "private" certificates. Basically publication in the database would be part of getting the certificate issued, and would be a requirement for it to work properly, thus privacy legislation wouldn't apply.
If a CA is found to be issuing illegitimate certificates (they would have to publish them if they want them to work...) then they won't be a CA much longer. However, as it stands now, it sounds like any CA can issue an illegitimate certificate, blacklisting them all doesn't sound workable.
I'm surprised something like this wasn't done at least for those new "EV" certificates they were hyping.
Why not simply have a public database of valid issued certificates? That way you can know when a bad certificate without needing to encounter it. You still need to check the database for certificates with either solution, but the revocation database seems like useful.
I'm not being glib, I'm being serious.
Heh, I suppose you're right. Though of course I hope my answer makes it clear that a public revocation database doesn't have merit, which probably isn't the answer the teacher is looking for.
Social engineering is an area I can't answer to. As for securing the connection, the public key that the server identifies itself with would be well-known. Signed keys would not be valid for the server. It would still be possible for the "keyholder" to be bought, I suppose. However, I'm sure a sufficiently trustworthy entity could be found for that purpose (on the other hand, I don't trust verisign at all).
However, I don't think it can stop at a "revocation database". The database should list ALL the valid keys for the domain. Not only does this allow the browser to whitelist just those keys, a key can't be issued to a domain without the domain owner knowing about it. After all, whitelisting is far more secure than blacklisting.
I think the best bet would be to have many databases managed by separate organizations. The databases would each have their own key, rotated hourly. Each databases would also list the valid public keys for the other databases. A browser can verify that a MITM attack is not occurring by checking with some number of the other databases to ensure the key the database it is using is correct. The critical point here is that paying off one or two database admins may be easy, but buying off ALL of them should be difficult. If more than one or two of the databases can't be contacted for verification, the user should be told that their connection may be compromised. The root certificate for each organization would be used to sign each of its rotating keys. The public keys would be well known and embedded in the browser. In order to take down the whole system you need to compromise all of the keys.
For social engineering attacks, there may be a solution, but it has little to do with a public key database.
The first time the user enters a banking site and logs in, the site tells the browser that it is a banking site. In the future, the browser will not allow the same information to be entered on a site with a different domain, or over an unsecure connection. In order for this to work, the bank needs to require the user to enter some unique piece of information, like a number that they were provided by the bank when they opened their account.
That's what certificate signing is supposed to protect against. Of course, if you have $100 million lying around or you're the government, you can probably get certificates signed for domains you don't own, and they'll look real. That's why we need a public database of certificates that browsers check against, rather than signing certs.
All of what you state is true for the Northern U.S., but could be explained by ice melting as a result of global warming. Climate change is on a massive scale, and it will affect different parts of the world differently. Even if humans aren't causing global climate change, cleaning up the air is a GOOD THING for our own health.
The work in climate engineering (or whatever it's called) is good too. We shouldn't assume that the Earth will always be habitable by humans without us needing to fight for it. None of this is going to make us 'poor' either, that's a lot of hooey. The economy runs on work, any kind of work will do. It might mean some businesses fall while others are created, but that's how capitalism works.
In fact, most SDK's out there would likely have a similar "flaw". In Java land you need to do the escaping yourself, and there isn't a built-in function to do XML or HTML escaping. You just need to know to handle it.
Actually, many sites limit the scope of their removal statement to profane language and the sort, if they say "we can remove any review we don't like" or "we can remove profane language and negative reviews" (or the sort), then they're in the clear, maybe.
The question is whether the purchaser reasonably expected all reviews to be present. Since it's an online site where they could submit their own review, unless there was a notice to the effect of "we filter out reviews we don't like" it's possible to make the argument.
On a small scale, the poster could sue the retailer. On a large scale, it may indeed be false advertising.
If this is 12-13 million people in Canada, that's nearly half their population. (No I'm not kidding)
I said they should be, not that they're likely to be.
They contracted to a private company for the work. It should be simple, "you're required to follow these rules: XYZ, we won't pay you until those requirements are fulfilled."
I voted for Obama and I support him and healthcare reform.
However, this is something that should be brought up. It's great that Obama wants to modernize government IT use and communications, but this is different for the government than it is for the private sector. A company can decide they don't really need to go that extra mile to make their site perfect in terms of accessibility, they can be just barely on this side of the law and be fine. However, for the government, the site should be damn near perfect. It's the right of every citizen to be able to communicate effectively with their government. They serve all of us, so there isn't a "good enough" when it comes to access. Companies can choose customers, governments can't.
And they really don't want to be bothered with being able to search for "democracy" or "freedom"? Yes, I can see the Chinese people really have a say in their government.
It's sad that the police saw fit to abuse an area of the law that was ill-defined rather than following the logical procedure of getting a warrant.
Patents won't protect you against a troll, they'll only protect you against people who actually make software. Stop astroturfing.
Android is the same way, you can download an app from anywhere. Though you do need to check the "Allow third-party applications" box in the configuration, which is trivial. It's nice, it means that T-Mo and Google have very little effective control of the device.
(Happy owner of a G1, never giving it up until another good capacitive touch-screen based phone with a keyboard comes out)
My in-car CD player has tactile feedback, I switch songs, adjust the volume and turn it off all the time without looking at it. And no, I don't have in-wheel controls.
GPS is another beast entirely they often have no physical buttons aside from the power button. Then again, usually all you need to do is enter the destination, which you should probably do before you start driving.
Actually, I think your math is a bit off.
.0001% of the time. The chances of two 4 9s datacenters failing simultaneously is .0001% squared (.0000001%). The 5 9s data center fails .000001% of the time. Therefore, two 4 9s datacenters are ten times as reliable as one 5 9s datacenters (assuming I did my math right). That's why RAID works.
A 4 9s datacenter fails
The robber should be required to pay for the cost of replacing the door with a similar or identical one. The store owner is still responsible for the cost of a lock.
The contract would have said "you will be paid X for Y" and Y would have included "not touching the computers". Thus they don't get paid X if they don't do Y.
Their contract likely said they were not permitted to touch the machines or any other work-related materials. Thus, they broke the contract and would not be paid.