You do realise that would mean filing several thousand tax returns at the end of the year right? One to every county, state and city comptroller for which they have to collect tax? This idea would annihilate commerce on a grand scale.
Also, then Amazon is at a disadvantage against foreign-located internet retailers. Should they then be forced to collect tax for the cities, counties and states? And how?
You know, people talk about it being "easy" just on the basis that they can get a list of state/county/country tax rates. Has anyone considered just how monumental it would then be to ensure that every business is registered to collect tax in every potential locality, and at the end of the year calculating, submitting and paying at minimum 500 tax returns? No, it's not "easy" by any stretch.
Well, for a start Amazon does not actually use any services in that state, and are not represented within it. I'm told a certain democratic republic was founded by a bunch of guys who were pissed off at taxation without representation?
Hell no. As a New Zealand company, I have exactly zero intention of ever collecting and remitting taxes for more than 500 jurisdictions across the planet (probably closer to a thousand or so - I'm told individual counties can have their own sales taxes there). Your idea would result in the absolute collapse of commerce as we know it. I collect and pay taxes to one authority - the one where I physically exist - and that's it.
Because the organisation should be expected to have offices in every single city of every single region of every single country on the planet. And on top of that, the customer has to keep track of a post-it note or something storing these fingerprints. Screw that. Face it, it's a bad idea.
You know what would really happen? A market opportunity would open and we'd have companies start up which store and list all the fingerprints of big organisations who pay them money. Let's call them "Certificate Authorities". Users would just go look at the fingerprint on that site (if they don't just say "oh, fuck it" and just click OK) and those Certificate Authorities (CAs for short) would become the new targets.
But yes, the dating sites are usually populated by images of little known actresses pulled from porn sites and the like, claiming to be oh so interested in you but... hark! Thou dost not have a Gold Subscription in order to reply to the message! Oh, and Nigerians claiming to be hot women that would love to come to live with you but unfortunately they need $5000 to get through customs. Payable by Western Union plskthx.
No, there won't be legal keys. Since the key is not so much a Dirt 3 key as it is a Steam Redemption Code. And redeeming a code which Steam has not generated and activated will go badly for you.
To make sure you are really on our site compare this number: 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8 to the fingerprint in your Internet browser address bar.
Um, if you've been MitM'd, all the hacker needs to do is change that text during transit. Your suggestion does not, at all, add any security.
Um, not just Firefox. Chrome makes it sound like the world will end as well. In fact, only Internet Explorer passes you through with a mere "Yes/No" dialog box and a mumbled warning about possible forgeries - every other browser makes you jump through fiery hoops to OK a self-signed cert with messages predicting the imminent death of your family, tidal waves consuming your home, and terrorists arriving to kick your dog if you do.
You aren't allowed to register a.xxx unless you're putting porn on it. You can, however, blacklist the name so it cannot be used. But you don't have to pay annually for it.
Basically, you're arguing that.xxx will be a giant desert with nothing in it but blacklisted trademarks.
Yes, but all the big, legitimate publishers already voluntarily shoehorn themselves into the "unsafe" results by declaring an ICRA rating, and all sorts of other wizardry to make it crystal clear to visiting individuals and search crawlers that they are an adult site. The only organisations that would choose not to shift to.xxx based on your reasoning would be the ones that are already dodgy.
Um, no. The plural of anecdote is not data, and the singular sure as hell isn't either. One person having issues with their SSL with no evidence of anyone else having that same problem is almost 0% likely to be an issue with the implementation which is the same as that of millions of other people without that problem.
Considering the target of most of that type of attack actually is Linux/BSD servers, it's quite reasonable to expect you'd have antivirus (or better, Intrusion Prevention Systems) on them. With PCI in play, it's even required. ClamAV is free and does the job well enough I'm led to believe.
By the looks of the tail of that import alert, the FDA claims jurisdiction by way of the Department of Health and Human Services, back-dooring via the controls on radiation Mammography devices.
And many of those personal liberties impinge on societal liberties. Should the needs of the few outweigh the needs of the many? I say no. Should the needs of the many outweigh the needs of the few? Again no - but there must be careful balance between them. I would argue that sacrificing the right to own a device that if pointed at an office building window could potentially blind everyone in a large open plan area but has near zero practical application in favour of the many's right to not be blinded is a fair trade-off.
Any Bloody User, Group, Network Node or Whatever Else You Want = Windows.
Yeah, Linux ACL controls are shit. And Windows' are confusing as hell to the uninformed (like yourself). Remember the origins of that Windows feature (hint: POSIX).
Very true, but then what do we do until that generation is the only one left? So long as our generation, and our progenitors, and their progenitors are still around, we still have generations that simply can't grasp the concept. Do we simply write them off and say "too bad, so sad"? Do we implement some horrific mongrel of a transitional system that only barely achieves the objective? I think this may well be one of those cases where inertia is the enemy. And noone beats inertia.
Good to see some frank discussion there - many on this site would simply throw a troll mod or ad hominem insult because they disagree.
I agree on the topic of phone numbers there, but I think it's important to remember that an SHA-1 fingerprint is a buttload longer than a phone number, and I imagine that people would do business with a darn sight more companies for which they'd have to memorise their fingerprint for than they currently remember phone numbers for. This would lead to the rise of services like phone books and directory service websites for certificate fingerprints, which would re-centralise control of the authentication infrastructure again, completely defeating the purpose. No matter what, there is always going to be someone that we have to trust to say "yes, this domain and certificate are owned by this entity". The best we can do is ensure that the Authority is one that can be trusted to be truthful in exercising that authority.
The US government only controls the root zone, . (yes, fullstop). ICANN operates them under contract. com, and net are controlled by Verisign, org is controlled by some other lot - Public Domain Registry or something. I've yet to encounter a DNS server which actually queries the root zone regularly, and I've certainly never seen one query the root zone for anything other than a referral to the corresponding TLD's zone.
Why, oh why, do "FOSSies" constantly suggest unworkable solutions that simply would not work for the vast majority of people on the internet? "Web of trust"? Really? Unless you plug that into some kind of by extension untrusted system (like Facebook, MSN, or something of the like) then noone except the "nerds" will bother to set up that web - resulting in the same security we have now. "Verify fingerprints at the branch"? Noone (not even most nerds) will bother with that - the very thought of expecting normal, average people to go "verify" a 64-character (or longer) SHA-1 thumbprint in the flesh is laughable. They'll just click "accept" like they do now, and wonder why someone in Zimbabwe stole all their money.
Slashdot Mirror
You do realise that would mean filing several thousand tax returns at the end of the year right? One to every county, state and city comptroller for which they have to collect tax? This idea would annihilate commerce on a grand scale.
Also, then Amazon is at a disadvantage against foreign-located internet retailers. Should they then be forced to collect tax for the cities, counties and states? And how?
Where I live, that would be a tax cut. Our income taxes alone are 30%.
You know, people talk about it being "easy" just on the basis that they can get a list of state/county/country tax rates. Has anyone considered just how monumental it would then be to ensure that every business is registered to collect tax in every potential locality, and at the end of the year calculating, submitting and paying at minimum 500 tax returns? No, it's not "easy" by any stretch.
Well, for a start Amazon does not actually use any services in that state, and are not represented within it. I'm told a certain democratic republic was founded by a bunch of guys who were pissed off at taxation without representation?
Hell no. As a New Zealand company, I have exactly zero intention of ever collecting and remitting taxes for more than 500 jurisdictions across the planet (probably closer to a thousand or so - I'm told individual counties can have their own sales taxes there). Your idea would result in the absolute collapse of commerce as we know it. I collect and pay taxes to one authority - the one where I physically exist - and that's it.
Because the organisation should be expected to have offices in every single city of every single region of every single country on the planet. And on top of that, the customer has to keep track of a post-it note or something storing these fingerprints. Screw that. Face it, it's a bad idea.
You know what would really happen? A market opportunity would open and we'd have companies start up which store and list all the fingerprints of big organisations who pay them money. Let's call them "Certificate Authorities". Users would just go look at the fingerprint on that site (if they don't just say "oh, fuck it" and just click OK) and those Certificate Authorities (CAs for short) would become the new targets.
Oh wait. I just described the current system.
It makes perfect sense. If one organisation is not allowed to tie products together, neither should any other.
Obligatory "pics or it didn't happen".
But yes, the dating sites are usually populated by images of little known actresses pulled from porn sites and the like, claiming to be oh so interested in you but... hark! Thou dost not have a Gold Subscription in order to reply to the message! Oh, and Nigerians claiming to be hot women that would love to come to live with you but unfortunately they need $5000 to get through customs. Payable by Western Union plskthx.
It doesn't work that way. When trying to claim something is at fault, the onus is on you to prove that's the case - and I guarantee you can't.
Fuck that.
What's good for the goose is good for the gander.
No, there won't be legal keys. Since the key is not so much a Dirt 3 key as it is a Steam Redemption Code. And redeeming a code which Steam has not generated and activated will go badly for you.
To make sure you are really on our site compare this number: 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8 to the fingerprint in your Internet browser address bar.
Um, if you've been MitM'd, all the hacker needs to do is change that text during transit. Your suggestion does not, at all, add any security.
Um, not just Firefox. Chrome makes it sound like the world will end as well. In fact, only Internet Explorer passes you through with a mere "Yes/No" dialog box and a mumbled warning about possible forgeries - every other browser makes you jump through fiery hoops to OK a self-signed cert with messages predicting the imminent death of your family, tidal waves consuming your home, and terrorists arriving to kick your dog if you do.
You aren't allowed to register a .xxx unless you're putting porn on it. You can, however, blacklist the name so it cannot be used. But you don't have to pay annually for it.
Basically, you're arguing that .xxx will be a giant desert with nothing in it but blacklisted trademarks.
Advertising dating sites isn't. And those guys pay big money for advertising.
Yes, but all the big, legitimate publishers already voluntarily shoehorn themselves into the "unsafe" results by declaring an ICRA rating, and all sorts of other wizardry to make it crystal clear to visiting individuals and search crawlers that they are an adult site. The only organisations that would choose not to shift to .xxx based on your reasoning would be the ones that are already dodgy.
Um, no. The plural of anecdote is not data, and the singular sure as hell isn't either. One person having issues with their SSL with no evidence of anyone else having that same problem is almost 0% likely to be an issue with the implementation which is the same as that of millions of other people without that problem.
Considering the target of most of that type of attack actually is Linux/BSD servers, it's quite reasonable to expect you'd have antivirus (or better, Intrusion Prevention Systems) on them. With PCI in play, it's even required. ClamAV is free and does the job well enough I'm led to believe.
By the looks of the tail of that import alert, the FDA claims jurisdiction by way of the Department of Health and Human Services, back-dooring via the controls on radiation Mammography devices.
And many of those personal liberties impinge on societal liberties. Should the needs of the few outweigh the needs of the many? I say no. Should the needs of the many outweigh the needs of the few? Again no - but there must be careful balance between them. I would argue that sacrificing the right to own a device that if pointed at an office building window could potentially blind everyone in a large open plan area but has near zero practical application in favour of the many's right to not be blinded is a fair trade-off.
Owner/Group/World = Linux.
Any Bloody User, Group, Network Node or Whatever Else You Want = Windows.
Yeah, Linux ACL controls are shit. And Windows' are confusing as hell to the uninformed (like yourself). Remember the origins of that Windows feature (hint: POSIX).
Very true, but then what do we do until that generation is the only one left? So long as our generation, and our progenitors, and their progenitors are still around, we still have generations that simply can't grasp the concept. Do we simply write them off and say "too bad, so sad"? Do we implement some horrific mongrel of a transitional system that only barely achieves the objective? I think this may well be one of those cases where inertia is the enemy. And noone beats inertia.
Good to see some frank discussion there - many on this site would simply throw a troll mod or ad hominem insult because they disagree.
I agree on the topic of phone numbers there, but I think it's important to remember that an SHA-1 fingerprint is a buttload longer than a phone number, and I imagine that people would do business with a darn sight more companies for which they'd have to memorise their fingerprint for than they currently remember phone numbers for. This would lead to the rise of services like phone books and directory service websites for certificate fingerprints, which would re-centralise control of the authentication infrastructure again, completely defeating the purpose. No matter what, there is always going to be someone that we have to trust to say "yes, this domain and certificate are owned by this entity". The best we can do is ensure that the Authority is one that can be trusted to be truthful in exercising that authority.
The US government only controls the root zone, . (yes, fullstop). ICANN operates them under contract. com, and net are controlled by Verisign, org is controlled by some other lot - Public Domain Registry or something. I've yet to encounter a DNS server which actually queries the root zone regularly, and I've certainly never seen one query the root zone for anything other than a referral to the corresponding TLD's zone.
Why, oh why, do "FOSSies" constantly suggest unworkable solutions that simply would not work for the vast majority of people on the internet? "Web of trust"? Really? Unless you plug that into some kind of by extension untrusted system (like Facebook, MSN, or something of the like) then noone except the "nerds" will bother to set up that web - resulting in the same security we have now. "Verify fingerprints at the branch"? Noone (not even most nerds) will bother with that - the very thought of expecting normal, average people to go "verify" a 64-character (or longer) SHA-1 thumbprint in the flesh is laughable. They'll just click "accept" like they do now, and wonder why someone in Zimbabwe stole all their money.