However, I was asking for someone to expand on an aspect of how...
>You then decide on whether that means the site's authenticated.
Specifically, once I have evidence that a MitM attack is in progress (by a notary giving me a certificate that differs from the one I got), how do I determine which certificate has been compromised? That is, am I wrong, or is the notary wrong?
And my point is that unless you know something about how the notary gets its cert, you cannot know who is wrong.
Are you saying that that particular answer is in the video? If so, please accept my apologies.
> the Convergence system is designed extensibly so that notaries can use whatever method they please to return their vote of confidence/no-confidence, be it whether they've seen the cert before, some result from DNSSEC, or even the existing CA system.
The need to determine that your notaries are using different methods stands. If all draw, for example, from the same DNSSEC cache (thus providing you the same result), you have no more information/security than if you had gotten the result from a single notary.
The minimum requirement is that at least one notary you refer to must use a method different from yours, or a path different from yours.
My question is how you verify that you have met that requirement.
> I have... never seen or done anything illegal [on behalf of my union].
YMMV. There are a great many unions, and a great many Locals of those same unions.
Unions exist to benefit the workers who belong to them. Some unions, some times, have been seen to do illegal things.
Many unions, many times, have been seen to do legal things that exercise "the legal process" in defense of union members who behaved badly. Think of the union, in this context, as a defense attorney. They don't have to approve of the accused, but they are obligated to provide a defense of him.
> Would it still wash when little Jenny asks mom why her family is going to hell for not accepting Jesus as their savior?
Sounds like the perfect time for little Jenny to get The Religion Lecture from mom, whatever flavor that lecture takes. Public school is not an excuse for parents to farm out all education and discussion of morality, ethics, and belief/skepticism.
> Or I hack the router you use to access the internet... all of the notaries you try to talk to I redirect to me. I say every site is valid regardless if it is or not.
You start off with the assumption that you need to hack the notary. I believe this is not necessary.
How does a Notary authenticate a cert? I would wager that in many cases, they check a source THEY consider reputable.
This leads to the cascading errors that you get in broadcast and internet news, where the AP gets it wrong, CNN gets it from the AP, bloggers get it from CNN, and wikipedia gets it from bloggers. And once Wikipedia gets it most folk assume it is true.
There is a need for the Notaries to do their authentication independently of other Notaries in this system. I think (#Iindependent Notaries / #Notaries) is likely to go down as (#Notaries) increases.
> if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.
If you got the box for free, your "money back" is "nothing".
If you paid for the box, the cost of the box (relative to the lawsuit required to enforce your rights) is negligible. Although in the UK, you might also have a "loser pays" legal system....
> You want to fix the problem fix the two party system that enables it.
What makes you think simply changing the political system is going to make the difference? Look at the countries around you.
> refuse entry for all products that do not comply with US Law [by demanding all US laws apply to manufacture of items being imported].
Are you willing to accept ALL the implications of that? 1) Imported products include foodstuffs. Laws include minimum wage. No more winter tree fruit. No more tropical fruit at all. No more Argentinean beef (or Chilean Sea Bass...:) ) Do you really think that Brazil will adhere to all USDA and EPA regulations during production?
More, oil stops. Who's going to win THAT game of chicken?
2) Reciprocity: Are you willing to submit to the same level of regulation for exports? Say, follow Russian laws about workers-per-X-square-feet? Saudi laws about women in particular jobs (say, driving)? That's precisely what you're begging for with this plan.
3) Who bells the cat? The FDA doesn't have enough people to inspect the quality of all foodstuffs coming into the country today. They spot check as best they can. Who pays for the additional inspections? Who pays for the inspections of those foreign manufactories and farms? Who ensures that those inspectors don't fall to corruption?
Just as an aside, I find it interesting that you complain about politicians not caring about LIBERTY (your emphasis) in the same breath you want to compel people in a foreign country to obey your own laws (and the regulations that go with them).
If 38 pounds makes that large a difference, perhaps they should be promoting weight loss plans for their pilots as well. It'd be a two-fer: lower fuel bills AND lower insurance costs.
Not to be a party pooper, but could you name a few corporate names? You mention Dearborn, which should be enough to identify the battery facility you mention, but the others?
Are there any subtleties involved at all, such as economies of scale, particular materials, connection to supply chains, etc? That is, could those companies you worked for step into the industry within three years and compete economically?... and if they can, why are you not planning on making a bundle showing/telling them how?
I think they (both) might want to check with Steven Mancinelli. Notch's defense would run to "I can't be infringing on Bethesda's trademark, since this other trademark was plainly issued to the pertinent domain AND is more directly infringed if anyone is.
The cop who did the actual beating was fired "a day after receiving a disability pension from the state". Not the most ringing endorsement for law enforcement "self policing".
> disrupting cell service seems like a violation of free speech.
True. However, it isn't a first amendment constitutional violation. No law, no foul. And if BART is privately held, there's an extra helping of Does Not Apply.
I know you didn't imply first amendment, but so often "free speech" arguments do.
Oddly enough, we can't do that realistically enough.
You joke, of course. "A game with lots of boring stuff in it." But... it would be entirely TOO boring to be a game.
Say, the "wait in line at the DMV". When you really wait in line at the DMV, you've got (stereotypically) at least a modest number of independent people, each an individual, and each with their own behaviors, task at the DMV, etc.
So you're looking at individual "skins" for each one, and a set of behaviors for each. The guy "just there for a photo". The guy who doesn't have his DEQ papers but wants his car's license plates updated anyway. The woman's kid who re-arranges the waiting area chairs. etc. You COULD make all this. But to make it at all interesting, you'd have to have a large number of cases.
And then... you'd have to write how each interacts with the others. The guy who paces while waiting for his number to be called. The kid who teases the baby. The guy who simply blows up (or suffers PTSD) when the baby cries. The guy who ignores it all and simply hunkers down when the shouting starts.
While it's conceivable with a very small number of individual characters interacting with each other, things break down when you start thinking of synergies, of interactions more than one on one. (Say, someone drags out a gun. Some people hit the floor, some people jump the gunman, some freeze in place, yadda yadda.) You're crushed by simple combinations.
And if you go for less realism than that? You get Grand Theft Auto. Congratulations, you've redefined "ultimate".
While I see your humor, I have to argue that your point (and, to be honest, the point you were replying to) is a victim of mistaking (or improperly generalize) Nth generation tools as 1st generation tools.
Computer control of equipment is done because computers are available. Use of petroleum products in computers is done because petroleum is available. Substitutes in each case exist, but result in lower efficiency and/or greater costs. Much greater costs, much lower efficiency in many cases.
But you'll recall that the first oil was gained by sicking shovels into the ground, or by dipping buckets in pitch springs. And the first things we'd recognize as computers were analog/mechanical devices.... unless you count abacuses, of course.
> They're called Anonymous. They may be trying to create change the wrong way...
Anyone who has ever been arrested for protesting, anyone who has ever been beaten up for protesting has faced someone who felt they were "trying to create change the wrong way".
For some people, "the wrong way" is any way that they don't already control. IE courts, congress, laws, etc.
For some people, "the wrong way" is any way at all.
> FTA: "A lot of editorial guidelines... are impenetrable to new users."
I'm not a wikipedia editor, but I do edit on other wikis. And yes, there's factionalism, cabals, groupthink, it goes by many names.
Unfortunately for some, I have grown out of my "putting up with bullshit" stage. The nice thing is that you can document the history of this bullshit. The not so nice thing is that you then have to make a fight of it.
And that's the crux of it, right there. People edit Wikipedia because they find it entertaining or rewarding to do so. "Making a fight of it" isn't fun, for most folks.
Slashdot Mirror
It's nice that you've told me that.
However, I was asking for someone to expand on an aspect of how ...
>You then decide on whether that means the site's authenticated.
Specifically, once I have evidence that a MitM attack is in progress (by a notary giving me a certificate that differs from the one I got), how do I determine which certificate has been compromised? That is, am I wrong, or is the notary wrong?
And my point is that unless you know something about how the notary gets its cert, you cannot know who is wrong.
Are you saying that that particular answer is in the video? If so, please accept my apologies.
> the Convergence system is designed extensibly so that notaries can use whatever method they please to return their vote of confidence/no-confidence, be it whether they've seen the cert before, some result from DNSSEC, or even the existing CA system.
The need to determine that your notaries are using different methods stands. If all draw, for example, from the same DNSSEC cache (thus providing you the same result), you have no more information/security than if you had gotten the result from a single notary.
The minimum requirement is that at least one notary you refer to must use a method different from yours, or a path different from yours.
My question is how you verify that you have met that requirement.
"stellar" meaning, in this case, "to be thrown into a star at the earliest opportunity".
Download the Ubuntu kernel: Free
Download the Gentoo kernel: Still free.
Identify the portions of the kernel that are "bloat": Very expensive (in time, or prior knowledge, or consultation fees).
End up with a lightning fast Linux install that has zero incompatibilities with your hardware and applications: Priceless
> I have ... never seen or done anything illegal [on behalf of my union].
YMMV. There are a great many unions, and a great many Locals of those same unions.
Unions exist to benefit the workers who belong to them. Some unions, some times, have been seen to do illegal things.
Many unions, many times, have been seen to do legal things that exercise "the legal process" in defense of union members who behaved badly. Think of the union, in this context, as a defense attorney. They don't have to approve of the accused, but they are obligated to provide a defense of him.
> Would it still wash when little Jenny asks mom why her family is going to hell for not accepting Jesus as their savior?
Sounds like the perfect time for little Jenny to get The Religion Lecture from mom, whatever flavor that lecture takes. Public school is not an excuse for parents to farm out all education and discussion of morality, ethics, and belief/skepticism.
Informative link:
FOIA update: OIP guidance: The Attorney-Client privilege
> Or I hack the router you use to access the internet... all of the notaries you try to talk to I redirect to me. I say every site is valid regardless if it is or not.
You start off with the assumption that you need to hack the notary. I believe this is not necessary.
How does a Notary authenticate a cert? I would wager that in many cases, they check a source THEY consider reputable.
This leads to the cascading errors that you get in broadcast and internet news, where the AP gets it wrong, CNN gets it from the AP, bloggers get it from CNN, and wikipedia gets it from bloggers. And once Wikipedia gets it most folk assume it is true.
There is a need for the Notaries to do their authentication independently of other Notaries in this system. I think (#Iindependent Notaries / #Notaries) is likely to go down as (#Notaries) increases.
> if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.
If you got the box for free, your "money back" is "nothing".
If you paid for the box, the cost of the box (relative to the lawsuit required to enforce your rights) is negligible. Although in the UK, you might also have a "loser pays" legal system....
> You want to fix the problem fix the two party system that enables it.
What makes you think simply changing the political system is going to make the difference? Look at the countries around you.
> refuse entry for all products that do not comply with US Law [by demanding all US laws apply to manufacture of items being imported].
Are you willing to accept ALL the implications of that? :) ) Do you really think that Brazil will adhere to all USDA and EPA regulations during production?
1) Imported products include foodstuffs. Laws include minimum wage. No more winter tree fruit. No more tropical fruit at all. No more Argentinean beef (or Chilean Sea Bass...
More, oil stops. Who's going to win THAT game of chicken?
2) Reciprocity: Are you willing to submit to the same level of regulation for exports? Say, follow Russian laws about workers-per-X-square-feet? Saudi laws about women in particular jobs (say, driving)? That's precisely what you're begging for with this plan.
3) Who bells the cat? The FDA doesn't have enough people to inspect the quality of all foodstuffs coming into the country today. They spot check as best they can. Who pays for the additional inspections? Who pays for the inspections of those foreign manufactories and farms? Who ensures that those inspectors don't fall to corruption?
Just as an aside, I find it interesting that you complain about politicians not caring about LIBERTY (your emphasis) in the same breath you want to compel people in a foreign country to obey your own laws (and the regulations that go with them).
https://www.xkcd.com/875/
If 38 pounds makes that large a difference, perhaps they should be promoting weight loss plans for their pilots as well. It'd be a two-fer: lower fuel bills AND lower insurance costs.
A passing grade in the AI class is given to students who correctly deduce whether they are being graded by a human or an AI.
Tenure is given on a similar basis: whether the students are submitting original work or plagiarizing off the internet.
Expect the first tenured AI teachers to be announced shortly...
Not to be a party pooper, but could you name a few corporate names? You mention Dearborn, which should be enough to identify the battery facility you mention, but the others?
Are there any subtleties involved at all, such as economies of scale, particular materials, connection to supply chains, etc? That is, could those companies you worked for step into the industry within three years and compete economically? ... and if they can, why are you not planning on making a bundle showing/telling them how?
I think they (both) might want to check with Steven Mancinelli. Notch's defense would run to "I can't be infringing on Bethesda's trademark, since this other trademark was plainly issued to the pertinent domain AND is more directly infringed if anyone is.
Just because you make a song, doesn't mean you can make the top score on it in Guitar Hero.
Just because you make Q3A doesn't mean you can make top score in it. Video game developments and FPS game players develop different skill sets.
The cop who did the actual beating was fired "a day after receiving a disability pension from the state". Not the most ringing endorsement for law enforcement "self policing".
> disrupting cell service seems like a violation of free speech.
True. However, it isn't a first amendment constitutional violation. No law, no foul. And if BART is privately held, there's an extra helping of Does Not Apply.
I know you didn't imply first amendment, but so often "free speech" arguments do.
Oddly enough, we can't do that realistically enough.
You joke, of course. "A game with lots of boring stuff in it." But... it would be entirely TOO boring to be a game.
Say, the "wait in line at the DMV". When you really wait in line at the DMV, you've got (stereotypically) at least a modest number of independent people, each an individual, and each with their own behaviors, task at the DMV, etc.
So you're looking at individual "skins" for each one, and a set of behaviors for each. The guy "just there for a photo". The guy who doesn't have his DEQ papers but wants his car's license plates updated anyway. The woman's kid who re-arranges the waiting area chairs. etc. You COULD make all this. But to make it at all interesting, you'd have to have a large number of cases.
And then... you'd have to write how each interacts with the others. The guy who paces while waiting for his number to be called. The kid who teases the baby. The guy who simply blows up (or suffers PTSD) when the baby cries. The guy who ignores it all and simply hunkers down when the shouting starts.
While it's conceivable with a very small number of individual characters interacting with each other, things break down when you start thinking of synergies, of interactions more than one on one. (Say, someone drags out a gun. Some people hit the floor, some people jump the gunman, some freeze in place, yadda yadda.) You're crushed by simple combinations.
And if you go for less realism than that? You get Grand Theft Auto. Congratulations, you've redefined "ultimate".
> That they used individual members instead of a botnet to go after the email server seems irrelevant,
If you substitute "autodialer" and "phone switchboard", does your statement still make sense?
You could insist that individuals stop calling (stalking laws), but that would not cause the union to be the responsible (and sueable) party.
While I see your humor, I have to argue that your point (and, to be honest, the point you were replying to) is a victim of mistaking (or improperly generalize) Nth generation tools as 1st generation tools.
Computer control of equipment is done because computers are available. Use of petroleum products in computers is done because petroleum is available. Substitutes in each case exist, but result in lower efficiency and/or greater costs. Much greater costs, much lower efficiency in many cases.
But you'll recall that the first oil was gained by sicking shovels into the ground, or by dipping buckets in pitch springs. And the first things we'd recognize as computers were analog/mechanical devices. ... unless you count abacuses, of course.
No, no, no!
Lasers aren't vaporware! ... depending on power and focus limitations, of course...
Lasers MAKE vaporware!
> They're called Anonymous. They may be trying to create change the wrong way ...
Anyone who has ever been arrested for protesting, anyone who has ever been beaten up for protesting has faced someone who felt they were "trying to create change the wrong way".
For some people, "the wrong way" is any way that they don't already control. IE courts, congress, laws, etc.
For some people, "the wrong way" is any way at all.
> FTA: "A lot of editorial guidelines ... are impenetrable to new users."
I'm not a wikipedia editor, but I do edit on other wikis. And yes, there's factionalism, cabals, groupthink, it goes by many names.
Unfortunately for some, I have grown out of my "putting up with bullshit" stage. The nice thing is that you can document the history of this bullshit. The not so nice thing is that you then have to make a fight of it.
And that's the crux of it, right there. People edit Wikipedia because they find it entertaining or rewarding to do so. "Making a fight of it" isn't fun, for most folks.
While they modified the mouse hardware to do it, using a mouse as a malware vector has been done before.