Nonsense. There are multiple reasons that all connections need to be encrypted and authenticated.
What I find amusing everything you mention is a problem in no way solved by the use of encryption.
One obvious one is to prevent malicious parties from injecting malicious payloads into your web pages.
You think you're downloading a page from slashdot, but someone else modifies the data in transit, injects a XSS attack to gain access to the banking site you're logged into in another tab
If banking site is vulnerable to CSRF you would think it would be in their own interests in fixing this before the problem is exploited the next time same user clicks the wrong link from a Google search or opens the wrong email.
or injects malicious content that exploits some security vulnerability in your browser or OS to pwn your system and add it to a massive botnet which DoSes the forces of goodness and light. Or, worse, installs the Yahoo toolbar.
If you encrypt all the transports nothing changes. People will still exploit vulnerabilities in all the same ways. The only way to fix this is to fix bugs and all deficiencies that allowed them to exist in the first place.
Another important one is simply to establish the default expectation that everything is encrypted. If you only encrypt "important" traffic then anyone spying on you knows which traffic they should care about.
They can probably tell enough already just by IP/SNI.
Above all, it's simply nobody's business what you read/write on line, and encryption keeps that between you and the site you're visiting.
LOL I would care if every site on the Internet wasn't loaded to the hilt with a comical array of global trackers that follow people from site to site everywhere they go... no bumps in any wires required. I honestly can't name a single site except cryptome and eff without multiple global trackers sometimes up to a dozen or more with the capability to follow people around everywhere they go.
Coffee shop wifi operators, ISPs, mobile network operators, etc., don't need to know, and shouldn't know.
I agree keeping operators out of the loop so they don't add to the crap content is doing is awesome both for users as well as content.
Ideally it'd be nice to even protect which sites you're frequenting, but that requires more than a point to point secure channel.
Protect people from everyone except the multi-billion dollar big data stalker firms so the value of information they steal is not diluted by other players.
As we all know this was worked around more than a decade ago and all browsers save an ancient Safari outlier are not vulnerable to it.
CVE-2013-2566 (RC4 ciphers enabled)
We all know that cipher suites can be turned on and off independent of TLS version.
CVE-2011-3389 has a CVSS v2 Base Score of 4.3. Earlier this year, CVE-2013-2566 had a base score of 2.9.
Any vulnerability with a score higher than 4 is a PCI fail.
I would love for someone to provide a reference where in PCI a CVE scoring regime for PCI compliance is even mentioned.
Regardless these problems are not vulnerabilities when you turn off a broken cipher suite and implement workarounds having existed for more than a decade. Saying otherwise would be like adding up the CVE's for Windows or Linux and giving it a score higher than 4 zillion even though underlying issues had been addressed long ago.
As a result of this, PCI compliant TLS 1.0 servers were all using RC4 ciphers instead of CBC ciphers - pretty crappy given that BEAST was mitigated long ago and CBC ciphers were generally accepted as more secure than RC4.
I have vague memories of people trying this nonsense but it didn't last long.
And this is where it went wrong. Instead of reducing the score for CVE-2011-3389, they INCREASED the score for CVE-2013-2566. It now has a CVSS v2 Base Score of 4.3.:(
This decision by the NIST, essentially put the final nail in the coffin for PCI compliance using TLS 1.0.:(
Curse you NIST... or NASA or GEOINT or KGB or whoever for a completely broken chain of incoherent nonsense.
My personal opinion this is a CONSPIRACY.. more trivial work / check boxes for the Nessus button pushers to run while they abstract absurd amounts of cash from their victims.
The problem with that is that there is no actual way to detect that an old browser doesn't support SHA-2. For example, older versions of Firefox/NSS since 2003 have supported SHA-2 server certificates, but not SHA-2 in TLS cipher suites as the MAC algorithm, which wasn't specified until years later.
The TLS ClientHello message does not specify which types of hash algorithm the client supports for certificates, only the list of cipher suites that the client supports.
Thus, Facebook, or anyone else, has no way of determining if a client really doesn't support SHA-2 server certificates.
It might be possible to fingerprint clients based on what they advertise.
- Website owners configure allowable ciphers on their websites, which presumably the configure based on their user requirements. - Browsers negotiate strongest supported configurable ciphers advertised by websites.
Why the hell do browser companies want to remove SHA1 support all together? Seriously, whats next, will they just stop support plain HTTP because HTTP is far more likely to be abused.
This really isn't about negotiation of weak ciphers it is about weaknesses in trust chain that allow third parties to insert fake certificates undetected. No matter what you negotiate based on a broken chain of trust the result is a lie.... this includes any possible attempt at "secure negotiation" as the fruits are based upon the lie of a valid trust chain.
So let me see if I understand Facebook's approach here: there are non-secure certificates. Facebook will fix the problem by downgrade connections to use non-secure certificates. Bad guys would never pretend to need a non-secure certificate. Therefore, Facebook remains safe?
No. The risk remains regardless of what individual sites do so long as the users browser remains willing to accept certificates signed with broken hash algorithms.
If your browser supports SHA-1 and Facebook uses only the most secure hash algorithm available an attacker can still pretend to be Facebook by leveraging SHA-1.
Fix is exclusively client side... servers just need to upgrade so that clients will continue to want to speak to them after clients no longer accept SHA-1.
To keep our PCI compliance we have to switch away from TLS1.0 and our processors basically forced us this year. So we had to get around that in a number of... less than perfect ways.
To this day I'm unaware of a valid technical justification for the above change. I keep hearing irrelevant excuses about implementation bugs and or solved problems having been well understood and fixed for years. There seems to be no new discovery that has served to justify abandoning TLS 1.0. SHA-1 is at least supported by a coherent understandable problem.
Any scheme to probe clients to determine if they support only SHA-1 I'm in favor of so long as sites doing so warn customers and recommend upgrades. There is no chance of this affecting upgraded clients refusing SHA-1 and simply cutting millions of people off has its own costs. Given there is no public evidence of a successful SHA-1 forgery and all actors with the resources to create one first likely completely have their way with multiple CAs anyway.
My son ( and many other children under the age of 12 ) do not have a cell phones but most know how to dial 911..... on phones that have an emergency dialer screen.
That scenario took me longer to type up than it took to pop into my head... oh and no my son does not know my wife's nor his grammy's nor my unlock pattern but I can trust him to dial 911 if something does go really really bad.
Seriously your own children don't know how to use your cell phone?
That scenario took me longer to type up than it took to pop into my head...
It makes no sense.
oh and no my son does not know my wife's nor his grammy's nor my unlock pattern but I can trust him to dial 911 if something does go really really bad.
Next your going to tell me you have a land line and he uses that to call people?
That's there so anyone can use any phone to call emergency services even if the owner happens to be incapacitated. How could you possibly think that's a bad thing?
Emergency dialers just end up pocket dialing emergency services for no practical benefit. A decade ago I would have seen the point of emergency dialers realistically today everyone either has their own cell phone or they know how to use the one that is available. While there is no doubt one can conjure up a scenario where this does not hold you would have to try really hard to do so.
MS is doing what it needs to in order to maintain it's offering alive. The competition is undercutting them with a $0 up front cost. All they are doing is responding by going after the same revenue stream.
Google employs the same strategy. Why is it ok for them to do it and be the most popular device choice but when MS does it it's a sin? I'm confused by the double standard.
I see this line of argument everywhere in this industry.
Every indefensible action is justified by saying "they do it too".
And god forbid you don't enumerate everyone and everything else that "does it too" you are accused of being a shill for god knows what or double standards.
This industry is full of children who never got past that phase of crying "BUT MOOOOM... Johnny did it too!!!!!1!!!"
There is NEVER a valid excuse for disrespecting your customers.
MS tried to stick to a model (buy/own a product) that was antiquated by Google's model (ad supported). Google instead offers everything at no charge while making money off the ads they push in your face. Users have embraced this model (even if most claim they hate it). For that reason MS is changing it's offering by monetizing through ads + a cut of app sales. Some will argue that MS is late to the game but I believe they resisted the change because they though people would go back to owning software.
MS is in the process of killing themselves because they are unable to understand Google is a search engine and Windows is an operating system.
So at the end of the day these changes are the result of what users want (not us the techies).
Make up a bullshit Global Warming disaster and tell them it's all their fault.
I believe humans are changing the climate. I also believe global warming is being leveraged as a political excuse for much more localized man-made problems. Every year at the UN we hear the same tired sob stories from heads of states blaming the obvious gross mismanagement of their own lands on "climate change".
I'm all for crunching complex models in gigantic computers as long as outputs include error bars and make useful predictions. I just wish people would find a way to disconnect science from the political questions about what if anything to do about it. There are plenty of people on both sides spewing bullshit for political advantage.
Actually, GHG emissions from the US are trending down while other countries' emissions are trending up sharply. So your weird, angry finger-pointing is out of date.
Ok now I'm pissed.. regardless of what direction I point there is a little sticker on the back of it saying "Made in China"
Jews are more represented on the left, but that doesn't mean that the left hasn't picked up anti-semitism with both hands and started chugging the kool-aid for all it's worth. Between crowds of hundreds shouting "slaughter the jews" and calling for the eradication of Israel, people throwing around terms like "ethnic cleansing" and "apartheid state", and even the return of age old classics like the "khazar" myth and blood libel it's feeling more like the 30s every day.
Apartheid state is what Israel will be in the next few decades if it continues to make no serious effort toward peace.
So what you're saying is not enough civilians are dying to justify actually doing something about the literal thousands of rockets, mortars,and bombs indiscriminately targeting them.
What your saying has nothing to do with my comment. My only point is both sides have plenty of blood on their hands. Israel is not innocent. Using the bullshit of what one side did as an excuse to do nothing solves nothing.
You're saying Israel should be punished for doing more than any other country on the face of the earth to protect civilians from terrorist attacks
Keep tugging on those imaginary strings. It is telling the whole world except North America and Australia support recognizing the state of Palestine.
Everyone is tired of Israel / Palestine conflict and the bullshit going on both sides. No party to the conflict is innocent. The only viable option is the "two state solution".
that Israel should be penalized for developing the Iron Dome and deploying it.
Iron Dome was developed by the United States of Israel.
"No Palestinian State" does not mean they are going to eradicate them by default.
For what little its worth the above was never my intent. It is pretty hard to see how any serious person could interpret it in such a way.
It means, in context (which you've taken it out of *for some reason*), that they don't want an officially recognized State full of people who have professed a willingness to die in order to exterminate all the Jews including the ones in Israel.
The point is they are not serious about peace because they will not accept the only hope for peace... a separate autonomous "Palestinian state".
However, the problem with this "activity" is that it encourages things like human trafficking, which is far from a victimless crime. I don't think a sufficiently strict regulatory structure can be built to prevent such abuse that doesn't cost a lot more than the current enforcement efforts based on current law. So I don't think your idea would really work out as well as you imagine. Girls will be trafficked and abused like they are now.
Human trafficking is market based subject to supply and demand.
If people who want to fuck for cash can go to their corner regulated, licensed brothel and buy all the sex they want there is less reason for underground unregulated markets to exist in the first place. Who is going to want to risk getting caught when the money is shit or they could open their own legitimate business?
Government is good at beating down outliers like murders and thieves but the 1920's showed us what happens when you try to beat down millions of people by force with disasters like prohibition. Government loses its power to organized crime which steps up to meet market demand by any and all means. People suffer unnecessarily as a result.
Seriously, if a girl wants to sell her body, why shouldn't she?
The reason is governments prefer to spend their time fostering unground untaxed, unregulated criminal markets where people are treated like slaves and placed in unnecessary danger.
I don't know why government actively seeks to erode their own legitimacy like this while subjecting their own citizens to unnecessary harm but they routinely do so with reckless abandon.
As a software developer who has worked for companies supporting multiple active platforms both 32-bit and 64-bit, 64 bit isn't the point. It's the massive burden of maintaining multiple build streams, tool-chains, test servers, release images, etc. for a dying platform (32-bit). 32-bit needs to die so this waste is eliminated.
This is why many build for 32-bit and ignore 64-bit unless they have a good reason because everyone can run 32. For example a "hello world" application does not benefit anyone from 64-bit version while a 64-bit version of Google earth would be amazing if it ever existed.
64-bit CPU modes often bring along larger register files and advanced instructions, which alone is a good reason many applications may want to become 64-bit vs 32.
No it is just memory people will blab about more registers and this and that but no tangible difference exists in real world use.
Can we have a "whites only" drinking fountain that doesn't discriminate against people who aren't white. Can we discriminate in favor of one race without discriminating against other races?
There are practical limits to drinking fountain discrimination. Perhaps with CV algorithms they could be made to discriminate against people who don't look white but this seems like a whole heck of a lot of extra work.
Drinking fountains primarily discriminate against either hobbits or giants.. also if in Orac is ahead of you in line dehydration is likely to be preferable.
It may be possible to use golomb rulers (Not a Golem or Gollum) to optimally define heights of a series of drinking fountains with optional stepping stones to allow all races to be optimally addressed. If there is just one fountain your pretty much screwed.
My own answer, after much thought, is actually "no". So I don't really see how the history is relevant to finding a solution to the Israeli-Palestinian problem.
From remarks of politicians history appears to be leveraged primarily as an excuse for inaction and or the continuance of war.
But a much better solution would be a single ethnically neutral country that didn't discriminate at all. Don't call it Israel.
Or more realistically kick everyone out and set off some kind of ecological disaster which renders the land uninhabitable for the next 2000 years so nobody will want to go back.
against Muslim aggression. Israel is entirely willing to live, in peace, with Arabs.
Quiz time... Who said: "If I'm elected, there will be no Palestinian state"
However, Muslims have hated Jews since the prophet Mohammad walked the earth. Hating Jews is commanded in Islam.
Welcome to the club, lots of crazy shit can be found in all the religious texts.
Hamas has launched thousands of rockets into Isreal. Hamas has Jew hatred written into Hamas's charter.
Israel killed more people in a single hour of Military conflict than all the rockets combined over three decades. Anyone who really wants peace will actively seek to move beyond tit for tat and excuses to continue war.
Slashdot Mirror
The point is that the attack can be carried out without the user visiting any malicious site.
The wire simply is not the instrument being leveraged against vast majority of users.
Are American citizens so lost that they do not see how ridiculous that sounds ?
24x7 media propaganda works. People are scared out their minds.
Nonsense. There are multiple reasons that all connections need to be encrypted and authenticated.
What I find amusing everything you mention is a problem in no way solved by the use of encryption.
One obvious one is to prevent malicious parties from injecting malicious payloads into your web pages.
You think you're downloading a page from slashdot, but someone else modifies the data in transit, injects a XSS attack to gain access to the banking site you're logged into in another tab
If banking site is vulnerable to CSRF you would think it would be in their own interests in fixing this before the problem is exploited the next time same user clicks the wrong link from a Google search or opens the wrong email.
or injects malicious content that exploits some security vulnerability in your browser or OS to pwn your system and add it to a massive botnet which DoSes the forces of goodness and light. Or, worse, installs the Yahoo toolbar.
If you encrypt all the transports nothing changes. People will still exploit vulnerabilities in all the same ways. The only way to fix this is to fix bugs and all deficiencies that allowed them to exist in the first place.
Another important one is simply to establish the default expectation that everything is encrypted. If you only encrypt "important" traffic then anyone spying on you knows which traffic they should care about.
They can probably tell enough already just by IP/SNI.
Above all, it's simply nobody's business what you read/write on line, and encryption keeps that between you and the site you're visiting.
LOL I would care if every site on the Internet wasn't loaded to the hilt with a comical array of global trackers that follow people from site to site everywhere they go... no bumps in any wires required. I honestly can't name a single site except cryptome and eff without multiple global trackers sometimes up to a dozen or more with the capability to follow people around everywhere they go.
Coffee shop wifi operators, ISPs, mobile network operators, etc., don't need to know, and shouldn't know.
I agree keeping operators out of the loop so they don't add to the crap content is doing is awesome both for users as well as content.
Ideally it'd be nice to even protect which sites you're frequenting, but that requires more than a point to point secure channel.
Protect people from everyone except the multi-billion dollar big data stalker firms so the value of information they steal is not diluted by other players.
CVE-2011-3389 (BEAST attack)
As we all know this was worked around more than a decade ago and all browsers save an ancient Safari outlier are not vulnerable to it.
CVE-2013-2566 (RC4 ciphers enabled)
We all know that cipher suites can be turned on and off independent of TLS version.
CVE-2011-3389 has a CVSS v2 Base Score of 4.3.
Earlier this year, CVE-2013-2566 had a base score of 2.9.
Any vulnerability with a score higher than 4 is a PCI fail.
I would love for someone to provide a reference where in PCI a CVE scoring regime for PCI compliance is even mentioned.
Regardless these problems are not vulnerabilities when you turn off a broken cipher suite and implement workarounds having existed for more than a decade. Saying otherwise would be like adding up the CVE's for Windows or Linux and giving it a score higher than 4 zillion even though underlying issues had been addressed long ago.
As a result of this, PCI compliant TLS 1.0 servers were all using RC4 ciphers instead of CBC ciphers - pretty crappy given that BEAST was mitigated long ago and CBC ciphers were generally accepted as more secure than RC4.
I have vague memories of people trying this nonsense but it didn't last long.
And this is where it went wrong. Instead of reducing the score for CVE-2011-3389, they INCREASED the score for CVE-2013-2566. It now has a CVSS v2 Base Score of 4.3. :(
This decision by the NIST, essentially put the final nail in the coffin for PCI compliance using TLS 1.0. :(
Curse you NIST... or NASA or GEOINT or KGB or whoever for a completely broken chain of incoherent nonsense.
My personal opinion this is a CONSPIRACY.. more trivial work / check boxes for the Nessus button pushers to run while they abstract absurd amounts of cash from their victims.
The problem with that is that there is no actual way to detect that an old browser doesn't support SHA-2.
For example, older versions of Firefox/NSS since 2003 have supported SHA-2 server certificates, but not SHA-2 in TLS cipher suites as the MAC algorithm, which wasn't specified until years later.
The TLS ClientHello message does not specify which types of hash algorithm the client supports for certificates, only the list of cipher suites that the client supports.
Thus, Facebook, or anyone else, has no way of determining if a client really doesn't support SHA-2 server certificates.
It might be possible to fingerprint clients based on what they advertise.
- Website owners configure allowable ciphers on their websites, which presumably the configure based on their user requirements.
- Browsers negotiate strongest supported configurable ciphers advertised by websites.
Why the hell do browser companies want to remove SHA1 support all together? Seriously, whats next, will they just stop support plain HTTP because HTTP is far more likely to be abused.
This really isn't about negotiation of weak ciphers it is about weaknesses in trust chain that allow third parties to insert fake certificates undetected. No matter what you negotiate based on a broken chain of trust the result is a lie.... this includes any possible attempt at "secure negotiation" as the fruits are based upon the lie of a valid trust chain.
So let me see if I understand Facebook's approach here: there are non-secure certificates. Facebook will fix the problem by downgrade connections to use non-secure certificates. Bad guys would never pretend to need a non-secure certificate. Therefore, Facebook remains safe?
No. The risk remains regardless of what individual sites do so long as the users browser remains willing to accept certificates signed with broken hash algorithms.
If your browser supports SHA-1 and Facebook uses only the most secure hash algorithm available an attacker can still pretend to be Facebook by leveraging SHA-1.
Fix is exclusively client side... servers just need to upgrade so that clients will continue to want to speak to them after clients no longer accept SHA-1.
To keep our PCI compliance we have to switch away from TLS1.0 and our processors basically forced us this year. So we had to get around that in a number of ... less than perfect ways.
To this day I'm unaware of a valid technical justification for the above change. I keep hearing irrelevant excuses about implementation bugs and or solved problems having been well understood and fixed for years. There seems to be no new discovery that has served to justify abandoning TLS 1.0. SHA-1 is at least supported by a coherent understandable problem.
Any scheme to probe clients to determine if they support only SHA-1 I'm in favor of so long as sites doing so warn customers and recommend upgrades. There is no chance of this affecting upgraded clients refusing SHA-1 and simply cutting millions of people off has its own costs. Given there is no public evidence of a successful SHA-1 forgery and all actors with the resources to create one first likely completely have their way with multiple CAs anyway.
My son ( and many other children under the age of 12 ) do not have a cell phones but most know how to dial 911 ..... on phones that have an emergency dialer screen.
That scenario took me longer to type up than it took to pop into my head ... oh and no my son does not know my wife's nor his grammy's nor my unlock pattern but I can trust him to dial 911 if something does go really really bad.
Seriously your own children don't know how to use your cell phone?
That scenario took me longer to type up than it took to pop into my head ...
It makes no sense.
oh and no my son does not know my wife's nor his grammy's nor my unlock pattern but I can trust him to dial 911 if something does go really really bad.
Next your going to tell me you have a land line and he uses that to call people?
How about: Want the PRIVILEGE to drive (as it's not a RIGHT)?
The difference between privilege and rights are purely subjective.
The UN believes Internet access is a right. Our exalted king believes life itself is a privilege.
Then you're monitored every fucking second so you don't fuck up and hurt someone else.
Feel free to move to a country more aligned with your "values".
That's there so anyone can use any phone to call emergency services even if the owner happens to be incapacitated. How could you possibly think that's a bad thing?
Emergency dialers just end up pocket dialing emergency services for no practical benefit. A decade ago I would have seen the point of emergency dialers realistically today everyone either has their own cell phone or they know how to use the one that is available. While there is no doubt one can conjure up a scenario where this does not hold you would have to try really hard to do so.
MS is doing what it needs to in order to maintain it's offering alive. The competition is undercutting them with a $0 up front cost. All they are doing is responding by going after the same revenue stream.
Google employs the same strategy. Why is it ok for them to do it and be the most popular device choice but when MS does it it's a sin?
I'm confused by the double standard.
I see this line of argument everywhere in this industry.
Every indefensible action is justified by saying "they do it too".
And god forbid you don't enumerate everyone and everything else that "does it too" you are accused of being a shill for god knows what or double standards.
This industry is full of children who never got past that phase of crying "BUT MOOOOM... Johnny did it too!!!!!1!!!"
There is NEVER a valid excuse for disrespecting your customers.
MS tried to stick to a model (buy/own a product) that was antiquated by Google's model (ad supported). Google instead offers everything at no charge while making money off the ads they push in your face. Users have embraced this model (even if most claim they hate it). For that reason MS is changing it's offering by monetizing through ads + a cut of app sales. Some will argue that MS is late to the game but I believe they resisted the change because they though people would go back to owning software.
MS is in the process of killing themselves because they are unable to understand Google is a search engine and Windows is an operating system.
So at the end of the day these changes are the result of what users want (not us the techies).
Wrong, nobody wants it.
But I'm glad Microsoft is shedding legacy so aggressively.
I'm glad they are shedding their integrity so aggressively.
There's no way the OS will install itself automatically. It'll merely be downloaded to your machine (or machines).
Its great Microsoft pays our Internet bills and purchases hard disks for everyone.
Chicks don't dig stalkers and creeps... Getting your wish will be your undoing.
Make up a bullshit Global Warming disaster and tell them it's all their fault.
I believe humans are changing the climate. I also believe global warming is being leveraged as a political excuse for much more localized man-made problems. Every year at the UN we hear the same tired sob stories from heads of states blaming the obvious gross mismanagement of their own lands on "climate change".
I'm all for crunching complex models in gigantic computers as long as outputs include error bars and make useful predictions. I just wish people would find a way to disconnect science from the political questions about what if anything to do about it. There are plenty of people on both sides spewing bullshit for political advantage.
Actually, GHG emissions from the US are trending down while other countries' emissions are trending up sharply. So your weird, angry finger-pointing is out of date.
Ok now I'm pissed.. regardless of what direction I point there is a little sticker on the back of it saying "Made in China"
Jews are more represented on the left, but that doesn't mean that the left hasn't picked up anti-semitism with both hands and started chugging the kool-aid for all it's worth. Between crowds of hundreds shouting "slaughter the jews" and calling for the eradication of Israel, people throwing around terms like "ethnic cleansing" and "apartheid state", and even the return of age old classics like the "khazar" myth and blood libel it's feeling more like the 30s every day.
Apartheid state is what Israel will be in the next few decades if it continues to make no serious effort toward peace.
So what you're saying is not enough civilians are dying to justify actually doing something about the literal thousands of rockets, mortars,and bombs indiscriminately targeting them.
What your saying has nothing to do with my comment. My only point is both sides have plenty of blood on their hands. Israel is not innocent. Using the bullshit of what one side did as an excuse to do nothing solves nothing.
You're saying Israel should be punished for doing more than any other country on the face of the earth to protect civilians from terrorist attacks
Keep tugging on those imaginary strings. It is telling the whole world except North America and Australia support recognizing the state of Palestine.
Everyone is tired of Israel / Palestine conflict and the bullshit going on both sides. No party to the conflict is innocent. The only viable option is the "two state solution".
that Israel should be penalized for developing the Iron Dome and deploying it.
Iron Dome was developed by the United States of Israel.
"No Palestinian State" does not mean they are going to eradicate them by default.
For what little its worth the above was never my intent. It is pretty hard to see how any serious person could interpret it in such a way.
It means, in context (which you've taken it out of *for some reason*), that they don't want an officially recognized State full of people who have professed a willingness to die in order to exterminate all the Jews including the ones in Israel.
The point is they are not serious about peace because they will not accept the only hope for peace ... a separate autonomous "Palestinian state".
However, the problem with this "activity" is that it encourages things like human trafficking, which is far from a victimless crime. I don't think a sufficiently strict regulatory structure can be built to prevent such abuse that doesn't cost a lot more than the current enforcement efforts based on current law. So I don't think your idea would really work out as well as you imagine. Girls will be trafficked and abused like they are now.
Human trafficking is market based subject to supply and demand.
If people who want to fuck for cash can go to their corner regulated, licensed brothel and buy all the sex they want there is less reason for underground unregulated markets to exist in the first place. Who is going to want to risk getting caught when the money is shit or they could open their own legitimate business?
Government is good at beating down outliers like murders and thieves but the 1920's showed us what happens when you try to beat down millions of people by force with disasters like prohibition. Government loses its power to organized crime which steps up to meet market demand by any and all means. People suffer unnecessarily as a result.
Seriously, if a girl wants to sell her body, why shouldn't she?
The reason is governments prefer to spend their time fostering unground untaxed, unregulated criminal markets where people are treated like slaves and placed in unnecessary danger.
I don't know why government actively seeks to erode their own legitimacy like this while subjecting their own citizens to unnecessary harm but they routinely do so with reckless abandon.
As a software developer who has worked for companies supporting multiple active platforms both 32-bit and 64-bit, 64 bit isn't the point. It's the massive burden of maintaining multiple build streams, tool-chains, test servers, release images, etc. for a dying platform (32-bit). 32-bit needs to die so this waste is eliminated.
This is why many build for 32-bit and ignore 64-bit unless they have a good reason because everyone can run 32. For example a "hello world" application does not benefit anyone from 64-bit version while a 64-bit version of Google earth would be amazing if it ever existed.
64-bit CPU modes often bring along larger register files and advanced instructions, which alone is a good reason many applications may want to become 64-bit vs 32.
No it is just memory people will blab about more registers and this and that but no tangible difference exists in real world use.
Can we have a "whites only" drinking fountain that doesn't discriminate against people who aren't white. Can we discriminate in favor of one race without discriminating against other races?
There are practical limits to drinking fountain discrimination. Perhaps with CV algorithms they could be made to discriminate against people who don't look white but this seems like a whole heck of a lot of extra work.
Drinking fountains primarily discriminate against either hobbits or giants.. also if in Orac is ahead of you in line dehydration is likely to be preferable.
It may be possible to use golomb rulers (Not a Golem or Gollum) to optimally define heights of a series of drinking fountains with optional stepping stones to allow all races to be optimally addressed. If there is just one fountain your pretty much screwed.
My own answer, after much thought, is actually "no". So I don't really see how the history is relevant to finding a solution to the Israeli-Palestinian problem.
From remarks of politicians history appears to be leveraged primarily as an excuse for inaction and or the continuance of war.
But a much better solution would be a single ethnically neutral country that didn't discriminate at all. Don't call it Israel.
Or more realistically kick everyone out and set off some kind of ecological disaster which renders the land uninhabitable for the next 2000 years so nobody will want to go back.
against Muslim aggression.
Israel is entirely willing to live, in peace, with Arabs.
Quiz time...
Who said: "If I'm elected, there will be no Palestinian state"
However, Muslims have hated Jews since the prophet Mohammad walked the earth. Hating Jews is commanded in Islam.
Welcome to the club, lots of crazy shit can be found in all the religious texts.
Hamas has launched thousands of rockets into Isreal. Hamas has Jew hatred written into Hamas's charter.
Israel killed more people in a single hour of Military conflict than all the rockets combined over three decades. Anyone who really wants peace will actively seek to move beyond tit for tat and excuses to continue war.