Or maybe the clinical stupidity of the US Government mandating backdoors in cryptography (either officially or covertly) has just been clearly illustrated. But then it would be absolutely impossible for anyone but friendly forces of the US Government to exploit such a thing, right?
That isn't really the type of cert expiry they are really referring to, but consider this: The mechanism you describe requires a certificate revocation list, which is just another way of doing the exact same thing - using a trusted 3rd party to ensure you all agree on the parameters used to determine if something is trustworthy or not. That's not an improvement, and in fact, it is far less tolerant to network interruptions (a network interruption could cause a client to trust a credential that it should. Using time, it doesn't matter if the network is interrupted within reason, you can still determine if the ticket is still valid).
Remember, this isn't about you tricking your own clock to trust a ticket provided to you. You could choose to do that all you want. Its about the other party choosing to trust you or not. And YOU don't get to roll back the clock on their infrastructure. If you could, you could open a security hole just as you have described, which perfectly illustrates why NTP/Time Synchronization is so important.
I partially agree with the sentiment of point 1, but he does have fixed costs to consider. That 96K isn't just salary. Still, I'm not sure it constitutes being impoverished the way the article paints it
On point 2 however, I think you are way off base. That statement really glosses over what it means to have synchronized time and why it is necessary. Two computers agreeing on the time between each other is not sufficient to be considered synchronized from a security perspective. To be synchronized for security, those two computers must agree with an impartial third party. Without that you open the door to manipulation by a bad faith actor and all kinds of holes can be opened up.
I am sure there are many ways to mitigate that situation without the use of a third party time system, but those solutions are going to be much more complicated. And we know what happens when you increase the complexity.
To further that thought, agile isn't about not planning, it's about not being stuck with a crappy monolithic plan for an entire project. A plan that isn't crappy because of incompetence or negligence, but because the initial plan can't possibly account for the realities that every project encounters as it progresses (missed or changing requirements, technical failings of infrastructure that could not be predicted, change of business needs, etc).
Agile is intended to get you to stop trying to jam a square peg in a round hole. The alternative is to pound on that bitch 'till it's round. Which one is likely to result in a better engineered end product?
Every time I see a cop doing something useless like sitting at the side of the road I want to see their budget cut. They do that crap instead of helping with real crimes. And don't say "but the traffic cops are the same cops that would be investigating crimes" because it's all under one budget.
Actually, sitting on the side of the road isn't doing nothing. Having a visible presence is the best means to ensure that people actually obey the speed limit. Knowing that a cop is parked at a particular place helps ensure that people won't drive recklessly in that area.
Sitting behind a billboard or hiding in a patch of trees in the center median trying to CATCH people in the midst of a revenue generating civil infraction rather than engaging in a behavior that might PREVENT dangerous activities, that is dereliction of duty.
Police departments ought to have a budget that is exponentially and inversely proportional to their ticket revenue. If they are writing that many tickets then they SUCK at deterrence.
What's the matter? Not looking forward to the calls to IT support to change your Biometric Password?
Biometric authentication is generally a Very Bad Idea (tm), with a very narrow set of reasonable use cases. Typing a password being "a time-waster" does not, in my opinion, meet the criteria.
I'm with the parent here, use HID or something similar.
weight-loss spam bots, you must all die of syphilis right now!
Oh the fury, the anger. I'm talking to you nisha AttAck, and you Aileen Assauult. To you sisterly_picare and you Lupita:) and you Ariyah:). Right at you Dorothy pics and you Inez is Funny!, and you too Melonie Grace. To you Kaelynn Griffin and you Alex FearLesS.
Just stop it, OK? It's like being inundated by the stepford-wives' retarded nieces. Enough is enough!
I can no longer fully embrace my Apple hatred. Could cook ACTUALLY be what every seems to BELIEVE that Jobs was? Debate amongst yourselves while I hide in the bomb shelter...
Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.
Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few years (pity the poor guy who works in the office with the address they keep listing). They post addresses that they scrape from the underside of some toilet seat somewhere or pull off of someone's twit-pick of their salami and provolone sandwich, but are absolutely deaf when the easily verifiable owners of the municipalities/businesses/addresses in question can give them authoritative information to use. And try reaching a human being at Google that doesn't work in the sales department, good luck.
I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis. The motto may be Don't be Evil, but they never said anything about not being a pain in the ass.
Executive chairman. And the idiot can't even do simple math to divide his is unvested equity allocation over 4 years before compairing it to the lowly yearly income of the average CEO. That article is a load of horseshit.
Sure, one could argue that he makes too much. But Schmidt didn't bankrupt my dad. So there's that.
It never fails to amaze me that no one seems to get the negative security implications of an integrated url/search bar, especially given the underwear knots some smart people seem to get over truly esoteric 1 in a billion use case vulnerabilities.
If the URL bar performs search, it is ripe for a mistyped URL to lead you to a fishing site (hell, bad guys don't even need to register every typo iteration in DNS anymore, they can just pollute search results; it's like DNS hijacking made simple.) I have seen my wife and kids do it time and time again, no matter how many times I tell them. They don't type in URLs anymore, they just type in "youtube" or "amazon" or "runescape" and then click on the first link that shows up.
Obviously this is dangerous, but more than that it broadcasts your URLs to Google or Bing or whatever. There is a mountain of information that can be culled from those queries that can compromise not only you but your business/employer. If it were reported that Firefox was sending every URL you entered to Microsoft or Google, people would lose their shit about it. But when the browser is designed to do that deliberately, no one seems to give a flying ----. THIS is the reason that I do not use Chrome. It's a gaping security hole, but because it is Google (who i am generally a fan of) it gets a free pass. That said, all browsers seem to exhibit the same behavior regardless of whether they have a separate search box.
If the URL I entered isn't found, return a 404. End of damn story. THIS is also the reason to still type http:/// or https:/// in the address bar.
But this is all just symptomatic of the larger problem of security in general. To pass my audits I have to take a hit either for being somewhat vulnerable to BEAST or for using the weak RC4 algorithm, pick one. And I don't process financial information of individuals in any way shape or form. But companies like Pandora get away with putting a credit card processing form in an https IFRAME inside a non-https url. And those frigging morons, when explained to them why this is monumentally stupid and that part of the reason for HTTPS is for the user to be able to verify that they are giving their credit card information to the people that they intend to (and to verify the certificates), just don't understand the issue. Their explanation is that it is too intensive to stream music over https so they have to do it this way. How can they be this successful and be this completely brain f'ing dead. Hey, Pandora: _blank. Look it up ass hats!
Or my bank totally not understanding that when I go to the bank page URL and it says "John Smith and 3 other friends like Dumb-Ass Credit Union. Like us on Facebook" that they have just communicated sensitive personal financial information to an incalculable host of 3rd parties. Why in the F does my credit union need to use social media? What the hell is wrong with people? Their response "Dumb-Ass Credit Union doesn't send any personally identifiable information to Facebook, blah blah blah". Seriously? Can they really be this stupid? Here is a hint, I now know that "John Smith" likely has a Dumb-Ass Credit Union account, step 1 in identity theft process complete. Of course, he WAS dumb enough to like it on Facebook, so there's that. I, however, had no intention of telling anyone I had an account at Dumb-Ass Credit Union, but the frigging Credit Union decided to tell Zuckerberg themselves, and they just don't get it.
My apologies s.petry for implying that the original sarcastic post was yours, you were just arguing in support of the post. I stand by my statements as to why that post was offensive/unconstructive, but apologize for having attributed the statement to you in my response.
If you some how believe that there is an implied claim of someone being an idiot for playing a MMO, you are inventing words that do not exist.
The parent's choice of the word idiot is perhaps not accurate (I take you to mean that the OP is uneducated), but it clearly was an indictment of the OP's intelligence in your passive aggressive response. There is no invention of any "words that do not exist" in the parent's interpretation of your smarmy post. It is a common sense interpretation from the words you plainly wrote.
If you invent words that don't exist, there is a severe problem with reading and comprehension.
Your condition is false making your declaration vacuous. Here, I can do that too: If the color green weighs 5 pounds then you are a millionaire. Fun, but pointless.
If someone tells you that you are wrong, that is not hostility.
And there's the weeny. See, the OP wasn't making a declaration of fact that invited your measured judgement of their rightness or wrongness. The OP was asking for suggestions of something within a certain set of parameters. You took it upon yourself not to tell them that there is nothing within that set of parameters that fit (or that there is), you instead chose to imply that they don't know what they are asking. You shouldn't be asking for that. You should be doing this. I know, because I am ZEUSS!
The hostility comes in because of the way you stated your response. You could have said "I used to play MMO's, but now I find that reading a book is a much more enjoyable endeavor." That would still have been an off topic response, but at least it has the pretense of attempting to be helpful.
You declared "Read a book." First, instead of offering a response that was helpful you barked an order. A schizophrenically non-germane order I might add. Question: Hey, what are the best brand of running shoes? Response: Buy some reading glasses. Do you see how silly that looks?
Additionally, the expression "Read a book" is loaded, as you are well aware. I would give you a pass believing that you didn't know that the expression carries the implication that the receiver is illiterate, except that you have now educated us on "reading and comprehension", and are thus clearly in-the-know.
Bottom line, get over yourself. You responded like an ass. You can apologize (either for what you said or for having put it in a manner that was so easily misconstrued as you seem to be arguing), or you can own it, but you can't deny it.
Slashdot Mirror
Or maybe the clinical stupidity of the US Government mandating backdoors in cryptography (either officially or covertly) has just been clearly illustrated. But then it would be absolutely impossible for anyone but friendly forces of the US Government to exploit such a thing, right?
It's called private property, and they have to know when the fracking is taking place so they can get before and after samples. Think much?
Rarely. It is on leased land, not private property (at least not the Industry's private property). Often Federal leases.
Schrodinger's EULA?
That isn't really the type of cert expiry they are really referring to, but consider this: The mechanism you describe requires a certificate revocation list, which is just another way of doing the exact same thing - using a trusted 3rd party to ensure you all agree on the parameters used to determine if something is trustworthy or not. That's not an improvement, and in fact, it is far less tolerant to network interruptions (a network interruption could cause a client to trust a credential that it should. Using time, it doesn't matter if the network is interrupted within reason, you can still determine if the ticket is still valid).
Remember, this isn't about you tricking your own clock to trust a ticket provided to you. You could choose to do that all you want. Its about the other party choosing to trust you or not. And YOU don't get to roll back the clock on their infrastructure. If you could, you could open a security hole just as you have described, which perfectly illustrates why NTP/Time Synchronization is so important.
I partially agree with the sentiment of point 1, but he does have fixed costs to consider. That 96K isn't just salary. Still, I'm not sure it constitutes being impoverished the way the article paints it
On point 2 however, I think you are way off base. That statement really glosses over what it means to have synchronized time and why it is necessary. Two computers agreeing on the time between each other is not sufficient to be considered synchronized from a security perspective. To be synchronized for security, those two computers must agree with an impartial third party. Without that you open the door to manipulation by a bad faith actor and all kinds of holes can be opened up.
I am sure there are many ways to mitigate that situation without the use of a third party time system, but those solutions are going to be much more complicated. And we know what happens when you increase the complexity.
Agile doesn't mean there is no plan.
To further that thought, agile isn't about not planning, it's about not being stuck with a crappy monolithic plan for an entire project. A plan that isn't crappy because of incompetence or negligence, but because the initial plan can't possibly account for the realities that every project encounters as it progresses (missed or changing requirements, technical failings of infrastructure that could not be predicted, change of business needs, etc).
Agile is intended to get you to stop trying to jam a square peg in a round hole. The alternative is to pound on that bitch 'till it's round. Which one is likely to result in a better engineered end product?
Please tell me you don't mean a "password-protected" zip file.
Every time I see a cop doing something useless like sitting at the side of the road I want to see their budget cut. They do that crap instead of helping with real crimes. And don't say "but the traffic cops are the same cops that would be investigating crimes" because it's all under one budget.
Actually, sitting on the side of the road isn't doing nothing. Having a visible presence is the best means to ensure that people actually obey the speed limit. Knowing that a cop is parked at a particular place helps ensure that people won't drive recklessly in that area.
Sitting behind a billboard or hiding in a patch of trees in the center median trying to CATCH people in the midst of a revenue generating civil infraction rather than engaging in a behavior that might PREVENT dangerous activities, that is dereliction of duty.
Police departments ought to have a budget that is exponentially and inversely proportional to their ticket revenue. If they are writing that many tickets then they SUCK at deterrence.
*In Arizona, to this day, you can walk into a bank with a gun with no problems.
* - If you are white.
What's the matter? Not looking forward to the calls to IT support to change your Biometric Password? Biometric authentication is generally a Very Bad Idea (tm), with a very narrow set of reasonable use cases. Typing a password being "a time-waster" does not, in my opinion, meet the criteria.
I'm with the parent here, use HID or something similar.
This.
weight-loss spam bots, you must all die of syphilis right now!
Oh the fury, the anger. I'm talking to you nisha AttAck, and you Aileen Assauult. To you sisterly_picare and you Lupita:) and you Ariyah :). Right at you Dorothy pics and you Inez is Funny!, and you too Melonie Grace. To you Kaelynn Griffin and you Alex FearLesS.
Just stop it, OK? It's like being inundated by the stepford-wives' retarded nieces. Enough is enough!
Un. Fu. King. Believable.
See AIG, circa 2005. Much more than $116 million.
Who the fuck let George Will in here?
They just forgot a decimal place. Always some silly little error like that.
I can no longer fully embrace my Apple hatred. Could cook ACTUALLY be what every seems to BELIEVE that Jobs was? Debate amongst yourselves while I hide in the bomb shelter...
Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.
Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few years (pity the poor guy who works in the office with the address they keep listing). They post addresses that they scrape from the underside of some toilet seat somewhere or pull off of someone's twit-pick of their salami and provolone sandwich, but are absolutely deaf when the easily verifiable owners of the municipalities/businesses/addresses in question can give them authoritative information to use. And try reaching a human being at Google that doesn't work in the sales department, good luck.
I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis. The motto may be Don't be Evil, but they never said anything about not being a pain in the ass.
Executive chairman. And the idiot can't even do simple math to divide his is unvested equity allocation over 4 years before compairing it to the lowly yearly income of the average CEO. That article is a load of horseshit. Sure, one could argue that he makes too much. But Schmidt didn't bankrupt my dad. So there's that.
It never fails to amaze me that no one seems to get the negative security implications of an integrated url/search bar, especially given the underwear knots some smart people seem to get over truly esoteric 1 in a billion use case vulnerabilities.
If the URL bar performs search, it is ripe for a mistyped URL to lead you to a fishing site (hell, bad guys don't even need to register every typo iteration in DNS anymore, they can just pollute search results; it's like DNS hijacking made simple.) I have seen my wife and kids do it time and time again, no matter how many times I tell them. They don't type in URLs anymore, they just type in "youtube" or "amazon" or "runescape" and then click on the first link that shows up.
Obviously this is dangerous, but more than that it broadcasts your URLs to Google or Bing or whatever. There is a mountain of information that can be culled from those queries that can compromise not only you but your business/employer. If it were reported that Firefox was sending every URL you entered to Microsoft or Google, people would lose their shit about it. But when the browser is designed to do that deliberately, no one seems to give a flying ----. THIS is the reason that I do not use Chrome. It's a gaping security hole, but because it is Google (who i am generally a fan of) it gets a free pass. That said, all browsers seem to exhibit the same behavior regardless of whether they have a separate search box.
If the URL I entered isn't found, return a 404. End of damn story. THIS is also the reason to still type http:/// or https:/// in the address bar.
But this is all just symptomatic of the larger problem of security in general. To pass my audits I have to take a hit either for being somewhat vulnerable to BEAST or for using the weak RC4 algorithm, pick one. And I don't process financial information of individuals in any way shape or form. But companies like Pandora get away with putting a credit card processing form in an https IFRAME inside a non-https url. And those frigging morons, when explained to them why this is monumentally stupid and that part of the reason for HTTPS is for the user to be able to verify that they are giving their credit card information to the people that they intend to (and to verify the certificates), just don't understand the issue. Their explanation is that it is too intensive to stream music over https so they have to do it this way. How can they be this successful and be this completely brain f'ing dead. Hey, Pandora: _blank. Look it up ass hats!
Or my bank totally not understanding that when I go to the bank page URL and it says "John Smith and 3 other friends like Dumb-Ass Credit Union. Like us on Facebook" that they have just communicated sensitive personal financial information to an incalculable host of 3rd parties. Why in the F does my credit union need to use social media? What the hell is wrong with people? Their response "Dumb-Ass Credit Union doesn't send any personally identifiable information to Facebook, blah blah blah". Seriously? Can they really be this stupid? Here is a hint, I now know that "John Smith" likely has a Dumb-Ass Credit Union account, step 1 in identity theft process complete. Of course, he WAS dumb enough to like it on Facebook, so there's that. I, however, had no intention of telling anyone I had an account at Dumb-Ass Credit Union, but the frigging Credit Union decided to tell Zuckerberg themselves, and they just don't get it.
My apologies s.petry for implying that the original sarcastic post was yours, you were just arguing in support of the post. I stand by my statements as to why that post was offensive/unconstructive, but apologize for having attributed the statement to you in my response.
If you some how believe that there is an implied claim of someone being an idiot for playing a MMO, you are inventing words that do not exist.
The parent's choice of the word idiot is perhaps not accurate (I take you to mean that the OP is uneducated), but it clearly was an indictment of the OP's intelligence in your passive aggressive response. There is no invention of any "words that do not exist" in the parent's interpretation of your smarmy post. It is a common sense interpretation from the words you plainly wrote.
If you invent words that don't exist, there is a severe problem with reading and comprehension.
Your condition is false making your declaration vacuous. Here, I can do that too: If the color green weighs 5 pounds then you are a millionaire. Fun, but pointless.
If someone tells you that you are wrong, that is not hostility.
And there's the weeny. See, the OP wasn't making a declaration of fact that invited your measured judgement of their rightness or wrongness. The OP was asking for suggestions of something within a certain set of parameters. You took it upon yourself not to tell them that there is nothing within that set of parameters that fit (or that there is), you instead chose to imply that they don't know what they are asking. You shouldn't be asking for that. You should be doing this. I know, because I am ZEUSS!
The hostility comes in because of the way you stated your response. You could have said "I used to play MMO's, but now I find that reading a book is a much more enjoyable endeavor." That would still have been an off topic response, but at least it has the pretense of attempting to be helpful.
You declared "Read a book." First, instead of offering a response that was helpful you barked an order. A schizophrenically non-germane order I might add. Question: Hey, what are the best brand of running shoes? Response: Buy some reading glasses. Do you see how silly that looks?
Additionally, the expression "Read a book" is loaded, as you are well aware. I would give you a pass believing that you didn't know that the expression carries the implication that the receiver is illiterate, except that you have now educated us on "reading and comprehension", and are thus clearly in-the-know.
Bottom line, get over yourself. You responded like an ass. You can apologize (either for what you said or for having put it in a manner that was so easily misconstrued as you seem to be arguing), or you can own it, but you can't deny it.
This all seems ...so...familiar....
EBay Brick 'n Mortar
This question has been closed as not constructive by ... oh wait, wrong forum.
I would like to embrace and extend your comments, but unfortunately my conscience prevents from doing so.