I live in Switzerland, were we fortunately still trust parents to make decisions for their children.
So we have almost no video game censoring here.
We speak four languages here - German, Italian, French and RÃto-Romanian (the latter is dying).
I'm in the German speaking part, and most tv movies that feature action and are oriented towards adults are heavily cut on Germanys commercial TV. Almost all the gore is filtered out.
If the same Movie is shown on an Austrian or Swiss TV channel, the gore isn't cut.
OTOH, Tits are no problem. You can basically see tits 24/7 on TV - Swiss, German, Austrian, doesn't matter. Of course, the context is mostly documentation/education.
Back to the topic at hand: video games.
Sometimes the only available version Switzerland is the German-German version, which is cut for gore. Some publishers might publish a Swiss/Austrian-German version that might be subbed but not dubbed. In that case, you'll have to make sure to buy the right version.
In other cases, you can choose between an unsubbed UK/US version and a German-German version.
Police should only employ top specialists in every topic there is, so they can make a judgment on of any situation on site.
That way, when somebody lies on the street and needs a heart transplant, the police can help him on-site. No special equipment needed, a chewing gum and a swiss army knife will do th etrick.
On my first trans-continental flight (AMS-SEA), i had a swiss pocket knife in my laptop bag. I had to talk to some guy (presumably from the US) about what i was going to do in Seattle, but the screening process was quick and fast.
And i still got that knife - even on the flight back, it was still in my laptop bag.
A fully fueled and loaded plane will go into a large federally owned building regardless of whether there are a hundred passengers plotting a coup on your ass, or a crew lying quietly dead in the back of the plane.
Which could easily be shot down.
When you hijack a plane with enough people on board, shooting the plane down can still give a huge image hit on the ones that did the shooting, even if it was the right thing to do.
On a plane with only terrorists onboard, it would be very easy to give order to have it shot down.
SSH is pretty much the same as self signed certificates, but it's user base is entirely different. We have a few internal machines with a *nix on them, and i deploy their keys through Group Policy to all clients (using putty as an SSH client).
I suppose you can do the same in a *nix only environments by automating known_hosts deployment into all user profiles.
How can the $100 a month people afford a SERVER FARM?
It's like "Gas Prices are too high for poor people that drive a Mercedes SUV". Heck, it doesn't matter that they can't pay the gas prices because they can't even pay for the car.
If you have a whole server farm, i doubt that the ~1000 / server / year matter much. Again, this for an EV certificate - used by Online Businesses and such.
The FF3 behaviour will make most normal users just think, "Oh, the website is broken. I guess I can't go there." They won't even read the error message: they'll just see that there is one, and give up.
That's good. I'm fine with that. "Secure by default".
Or, depending on IE's behaviour (which I do not know in this particular case), they'll see, "Oh, I can't get to this website in Firefox.
IE7's error message and behaviour are slightly different - first, accessing the site anyway is a single click. However, that click will be necessary each time you try to access the site. When you want to make the trust permanent, much more convoluted steps are necessary (around 10 clicks through a variety of property dialog boxes, and even more complicated on Vista).
Just because I want to have the possibility of encrypted traffic for visitors to my website
Encrypted traffic doesn't mean much when everyone can go inbetween you and them. MITM attacks against self signed certificates are easy to do.
Most hobbyists websites do not require SSL - if you host a discussion group or anything similar to that, SSL is not required. MITM attacks are still easy, so you haven't lost or gained anything.
Or perhaps you can enlighten me with a use case for a hobbyist website that requires SSL.
Slashdot Mirror
It's even more complex than that.
I live in Switzerland, were we fortunately still trust parents to make decisions for their children.
So we have almost no video game censoring here.
We speak four languages here - German, Italian, French and RÃto-Romanian (the latter is dying).
I'm in the German speaking part, and most tv movies that feature action and are oriented towards adults are heavily cut on Germanys commercial TV. Almost all the gore is filtered out.
If the same Movie is shown on an Austrian or Swiss TV channel, the gore isn't cut.
OTOH, Tits are no problem. You can basically see tits 24/7 on TV - Swiss, German, Austrian, doesn't matter. Of course, the context is mostly documentation/education.
Back to the topic at hand: video games.
Sometimes the only available version Switzerland is the German-German version, which is cut for gore. Some publishers might publish a Swiss/Austrian-German version that might be subbed but not dubbed. In that case, you'll have to make sure to buy the right version.
In other cases, you can choose between an unsubbed UK/US version and a German-German version.
Police should only employ top specialists in every topic there is, so they can make a judgment on of any situation on site.
That way, when somebody lies on the street and needs a heart transplant, the police can help him on-site. No special equipment needed, a chewing gum and a swiss army knife will do th etrick.
Oh you wouldn't be answering if i did that. You'd either be puking or furiously masturbating.
Except in a homoerotic fashion.
My assumption would be that the US learned a bit from what happened 7 years ago and built a few SAMs around reasonably important buildings.
These streaming solutions work reasonably well for simple drawn animation.
Southpark would be the #1 poster child here.
Bonus points for using an IT analogy in a car discussion ;)
You're absolutely right. And i also try to minimize the inconvenience i cause other people because of my lazyness.
But there aren't many alternatives to trans-atlantic flights. And first class seats are way out of reach of my spending abilities.
On my first trans-continental flight (AMS-SEA), i had a swiss pocket knife in my laptop bag. I had to talk to some guy (presumably from the US) about what i was going to do in Seattle, but the screening process was quick and fast.
And i still got that knife - even on the flight back, it was still in my laptop bag.
I can tell that it's worse to fly when you're obese than sitting next to someone who is obese.
A fully fueled and loaded plane will go into a large federally owned building regardless of whether there are a hundred passengers plotting a coup on your ass, or a crew lying quietly dead in the back of the plane.
Which could easily be shot down.
When you hijack a plane with enough people on board, shooting the plane down can still give a huge image hit on the ones that did the shooting, even if it was the right thing to do.
On a plane with only terrorists onboard, it would be very easy to give order to have it shot down.
In such a setup, it would be the SSL Proxy's job to make sure that the "real" certificate is right. The user never sees it.
I'm still trying to find my way out of the communications tower, you insensitive clod!
The error message you're getting is completely different from mine:
Secure Connection Failed
www.cacert.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Did you install fancy plugins? :)
RDP authenticates through SSL or Kerberos :P
SSH is pretty much the same as self signed certificates, but it's user base is entirely different. We have a few internal machines with a *nix on them, and i deploy their keys through Group Policy to all clients (using putty as an SSH client).
I suppose you can do the same in a *nix only environments by automating known_hosts deployment into all user profiles.
No, why? It's his workplace - if he can't trust the proxy, he has other problems.
But yes, surfing on job sites is not a good idea with such a setup ;)
If you do not care if someone can get your data, you can use plain HTTP.
If you do care, you need protection against MITM attacks - which self signed certificates do not provide.
How can the $100 a month people afford a SERVER FARM?
It's like "Gas Prices are too high for poor people that drive a Mercedes SUV". Heck, it doesn't matter that they can't pay the gas prices because they can't even pay for the car.
You can't have data security without data authenticity.
Yes, the vast majority of people are morons that doesn't justify babysitting them. They have the right to be morons and to do moronic things.
As far as i know, even the US has speed limits.
Because in this case, it is cheaper to solve the problem directly than hacking together a half-working solution that breaks every second day.
If you have to work for four hours on this one, your company has already spent more money on the problem than it would cost to get a decent web host.
Get some balls and stand up to your bosses - having professional integrity also means that sometimes you have to say "No, you'll have to pay up".
Hack when it's necessary. Pay when it's possible.
I meant to spell "for". The "o" was a typo though, an Umlaut to be specific. Slashdot's broken UTF-8 supported converted it to what you're seeing now.
Is the proxy transparent or not?
If transparent:
Does the proxy generate a certificate on the fly with a matching hostname? If yes, just import the proxy root certificate.
If not:
Then you shouldn't have the problem you're experiencing. Could be something completely broken with the proxy.
If you have a whole server farm, i doubt that the ~1000 / server / year matter much. Again, this for an EV certificate - used by Online Businesses and such.
Less validated certs can be had for much less.
The FF3 behaviour will make most normal users just think, "Oh, the website is broken. I guess I can't go there." They won't even read the error message: they'll just see that there is one, and give up.
That's good. I'm fine with that. "Secure by default".
Or, depending on IE's behaviour (which I do not know in this particular case), they'll see, "Oh, I can't get to this website in Firefox.
http://projectdream.org/~lb/ie7-unknownca.jpg
IE7's error message and behaviour are slightly different - first, accessing the site anyway is a single click. However, that click will be necessary each time you try to access the site. When you want to make the trust permanent, much more convoluted steps are necessary (around 10 clicks through a variety of property dialog boxes, and even more complicated on Vista).
Just because I want to have the possibility of encrypted traffic for visitors to my website
Encrypted traffic doesn't mean much when everyone can go inbetween you and them. MITM attacks against self signed certificates are easy to do.
Most hobbyists websites do not require SSL - if you host a discussion group or anything similar to that, SSL is not required. MITM attacks are still easy, so you haven't lost or gained anything.
Or perhaps you can enlighten me with a use case for a hobbyist website that requires SSL.