Why is privacy so important? Because you don't know what creepy things governments will do with it in the future. All the condition under which you gave away some of your personal information might not apply in the future. And getting your information back at that time will very likely be no option.
What if your face ends up with this new creepy technology. How can you even possibly defend your self against it? Some, for normal people, impossible to comprehent scientific research apoints you as a suspect. What can you do? This is creepy and scary and not something we should want.
As the author of an open source webserver, I must say that I'm not really happy with HTTP/2. It adds a lot of extra complexity to the server side of the protocol. And all sorts of ugly and nasty things in HTTP/1 (too much work to go into that right now) have not been fixed.
What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google. Multiplexing doesn't offer that much speed increase as some people would like you to believe. Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2. Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining, but is turned off by default in most browsers. What I also often see is that a browser makes a first request (often for a CGI script) and the following requests (for the images, JS, CSS, etc) are never made due to browser caching. So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.
Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers. Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.
In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer. Specially if you use a framework that communicates directly with the webserver about this (like I did with my PHP framework). You will be able to get hundreds to thousands requests per second for a CGI script instead of a few tens of requests. This is a speed increase that HTTP/2 will never offer.
I think this is a failed change to do it right. HTTP is just like SMTP and FTP one of those ancient protocols. In the last 20 years, a lot has changed. HTTP/1 worked fine for those years. But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.
Re:Obligatory reminder that an alternative exists
on
OpenSSL 1.0.2 Released
·
· Score: 1
I've done some statistics analysis on the output of PolarSSL's random generator. Looks good to me. Some while ago, they improved the random generator (now using AES). How long ago did you have problems with PolarSSL's random generator? If it was a long time ago, perhaps look at its current generator. Maybe your issue has been solved.
Re:Obligatory reminder that an alternative exists
on
OpenSSL 1.0.2 Released
·
· Score: 1
Can you tell me more about that random number problem?
Re:Obligatory reminder that an alternative exists
on
OpenSSL 1.0.2 Released
·
· Score: 4, Informative
Why start with something bad to make something good. If you want a good SSL library, try PolarSSL. It's a quite unknown, but great library. Unlike OpenSSL, this one has good documentation. The Hiawatha webserver uses it and it easily gives me an A+ score at SSL labs.
And that's how politicians work. Doing everything to avoid being held responsible when a terrorist strikes. And apparently, judges work the same way. Someone I know works very closely with several Dutch ministers and he confirms that decisions are often based on emotion, not on logic and common sense. It is exactly THIS what makes terrorist strikes so dangerous.
Symfony, Drupal, Wordpress, nah. They all forgot to include the most important thing in the base: security. Specially Wordpress, look at its spaghetti code and than look at the Banshee PHP framework. If you understand what that framework does for security, you'll never dare to run Wordpress or the other junk frameworks again.
SPDY is a protocol by Google, for Google. Unless you are doing more or less the same as Google does, SPDY is not very relevant for you. Having multiple HTTP requests via a single connection via multiplexing is only relevant if all website content is located at one and the same server. This is not the case for many websites on the internet. Images, specially for advertisements, are often located at a different webserver. I've read about real live scenario's where SPDY only gave up to 4% speed increase. And for rich websites we already got something called websockets. I've done a lot of experimenting with smart caching, both static and CGI content. Specially with caching CGI output, you can reach a speed increase that no new protocol can ever achieve.
IETF only took SPDY as a base for HTTP/2.0 because they failed to do the job themselves. I personally don't have much faith in HTTP/2.0. Not that I think it will cripple the internet, but it will not bring an improvement to the internet that will be worth all the effort of implementing this new protocol.
Tell me how. You say it's easy, but I say it's only easy if we allow it. Yes, you can give me a 911 kind of story, but those are easy to prevent (close the cockpit door in thise case).
Bingo! Image you were a terrorist, angry and filled with hate. What would you do? Hijack an airplane, place a bomb in a crowded train station or empty a gun in a supermarket? I'm sure it won't be the airplane hijacking, because that's just too much trouble. To see what threat level a country really has, don't look at the typical place the government is focusing on. Be creative, think like a terrorist and look for the weak spots. You'll find that from a technical point of few, it's very easy to commit a terrorist attack.
What makes it hard to do: find an idiot willing to sacrifice their own life for it. Yes, the middle east seems to be full of them. But you should know most people in terrorist organisations only joined them because them wanted to belong somewhere. No one wants to be alone. When family members joined the group, telling you all sorts of (false) stories about how great it is and how bad the other side is, it's hard not to go along. But that doesn't automatically make them people we should fear. Going with the flow is easier than doing something on your own. Fighting along side your fellows is easier than going to a foreign country on your own to commit a terrorist attack. Because that means you have to make decisions of your own, making up your own mind about it all instead of blindly following some leader.
Yes, I'm sure there will still be a few people actually traveling to another country and actually commit a terrorist attack. But how much damage can one person do? If he's successful he'll maybe kill ten people. How much of a threat is that? In the days after, more people are killed but other means but we don't speak of them. We're all used to those threats, they're part of our life. What makes a terrorist attack threatening, is that it's new to most people and we allow the media to blow it up to huge proportions. We believe every bit of fear the media spreads and we want them to spread fear, because that feels like the most natural response.
The best way to deal with the terrorist threat is to realize that it's very small and to accept that it's there. For most people count, you'll never ever see a terrorist in your whole life and they certainly won't get you killed. And for those few unlucky people who get killed by a terrorist, be lucky that you weren't killed by something as stupid as crashing your own car into a tree.
Yes, they did. They learned that that was just an incident, that it is impossible to guarantee 100% security, that even if 100% security was possible it would make flying very unpleasant, that you should not give in to terrorist threats and that driving a car is far more dangerous than flying and everybody accepts the risk of traveling by car. The last 25 years proof that they are right.
Given the fact that security at airports is not very good and nothing really bad has happened in the last decade, what does this tell us about the real terrorist threat level in Europe?
Don't let yourself get scared by politicians who rule by using fear. Learn from the hard facts!
Caching: You can cache Facebook's images, stylesheets and Javascripts just fine. Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying. Firewalling: Firewalling based on hostname / port, yes. Firewalling based on bad content (malware), no. Parental control: Same as firewalling. And blocking this kind of content is not only done by IP address, but often also by words in the hostname. This cannot be done when you can't read the hostname in the HTTP request.
I agree with most of what you've said. However, I don't think it's lust for power, it's lust for money. Yes, the weapons industry was threatened by the Cold War ending and America needed a new enemy to keep that industry running. The terrorists became that new enemy. However, it's a relative small amount of people to whom this cause applies. The rest of us simply repeat and believe their call: fear the terrorists!
Personally, I believe mainstream media are partly to blame with their 24/7 "breaking now" mentality.
Of course, people started to become numb for that. Remember, the media's job is not to bring the news, but to sell the news. Keep that in mind when reading / listening to the news.
Politics is mostly to blame for that. Even here in the Netherlands we have awareness campaigns like 'Netherlands against Terrorism'. We don't have any significant terrorist threat in the Netherlands. None of us has ever seen a terrorist and will most likely never do. So, the only thing that campaign does is put fear in our minds.
I agree. But I also believe that if someone took the time and specially the courage the tell the people the truth, he/she would get even more votes. But to do so, that person first needs the proper understanding of this matter. And that's where the problem starts.
And the reason for this all: fear. Fear for terrorists, fear for being held responsible, fear for the unknown. We live in a world in which we no longer accept any kind of risk. No matter how low that risk. Well, at least risks we are aware of. We fear terrorists, we fear ebola, we fear being robbed in the streets while at the same time we smoke, eat unhealthy food, practice dangerous sports and get in the car. Every day we do things that are more dangerous than the things we fear most.
Yes, terrorists should be stopped, but not at all cost. And there is no way to make 100% sure no terrorist will ever hit us. So, stop pretending we can! Stop wasting our time, money and privacy to give us false security! And if a terrorists hits us and kills 20 people, is say: that's bad but it isn't the end of the world. Life goes on. In the same time more people are killed for other reasons and we don't even hear about them!
Look at Boston. Despite all the anti-terrorist measures in America, it was still possible to do this kind of attack. And what happened to Boston? Nothing, they moved on. And that's how it should be done. Yes, it's easy for me to say because I haven't lost any family or friends in that attack. But that is the right way to look at it for politicians. Respond to it with logic and common sense and not with fear and emotion. Because that only makes it worse!
What a cheap flame. And how not original. And you're wrong. SQL injections can be done with every language. To solve this, all it takes is a programmer who understands what he's doing and knows about a vulnerability that has been known for about 20 years and for which there is NO excuse for not knowing it.
It's not really hard do to it right, even in PHP. And there is a simple proof for that.
You might want to take a look how the Banshee PHP framework deals with SQL. With its SQL driver and the security_audit script, it's really hard to have an SQL injection error in your code.
Slashdot Mirror
Why is privacy so important? Because you don't know what creepy things governments will do with it in the future. All the condition under which you gave away some of your personal information might not apply in the future. And getting your information back at that time will very likely be no option.
What if your face ends up with this new creepy technology. How can you even possibly defend your self against it? Some, for normal people, impossible to comprehent scientific research apoints you as a suspect. What can you do? This is creepy and scary and not something we should want.
As the author of an open source webserver, I must say that I'm not really happy with HTTP/2. It adds a lot of extra complexity to the server side of the protocol. And all sorts of ugly and nasty things in HTTP/1 (too much work to go into that right now) have not been fixed.
What I have experienced is that SPDY (and therefor also HTTP/2) will only offer more speed if you are Google or are like Google. Multiplexing doesn't offer that much speed increase as some people would like you to believe. Often, the content of a website is located on multiple systems (pictures, advertisements, etc), which still requires that the browser uses more than one connection, even with HTTP/2. Also, HTTP/1 already allows a browser to send multiple requests without waiting for the response of the previous request. This is called request pipelining, but is turned off by default in most browsers. What I also often see is that a browser makes a first request (often for a CGI script) and the following requests (for the images, JS, CSS, etc) are never made due to browser caching. So, to me HTTP/2 adds a lot of complexity with almost no benefits in return.
Then why do we have HTTP/2? Well, because it's good for Google. They have all the content for their websites on their own servers. Because IETF failed to come up with a HTTP/2 proposal, a commercial company (Google in this case) used that to take control. HTTP/2 is in fact a protocol by Google, for Google.
In my experience, you are far better off with smart caching. With that, you will be able to get far better speed-increase results than HTTP/2 will ever offer. Specially if you use a framework that communicates directly with the webserver about this (like I did with my PHP framework). You will be able to get hundreds to thousands requests per second for a CGI script instead of a few tens of requests. This is a speed increase that HTTP/2 will never offer.
I think this is a failed change to do it right. HTTP is just like SMTP and FTP one of those ancient protocols. In the last 20 years, a lot has changed. HTTP/1 worked fine for those years. But for where the internet is headed, we need something new. Something completely new and not a HTTP/1 patch.
I've done some statistics analysis on the output of PolarSSL's random generator. Looks good to me. Some while ago, they improved the random generator (now using AES). How long ago did you have problems with PolarSSL's random generator? If it was a long time ago, perhaps look at its current generator. Maybe your issue has been solved.
Can you tell me more about that random number problem?
Why start with something bad to make something good. If you want a good SSL library, try PolarSSL. It's a quite unknown, but great library. Unlike OpenSSL, this one has good documentation. The Hiawatha webserver uses it and it easily gives me an A+ score at SSL labs.
And that's how politicians work. Doing everything to avoid being held responsible when a terrorist strikes. And apparently, judges work the same way. Someone I know works very closely with several Dutch ministers and he confirms that decisions are often based on emotion, not on logic and common sense. It is exactly THIS what makes terrorist strikes so dangerous.
Symfony, Drupal, Wordpress, nah. They all forgot to include the most important thing in the base: security. Specially Wordpress, look at its spaghetti code and than look at the Banshee PHP framework. If you understand what that framework does for security, you'll never dare to run Wordpress or the other junk frameworks again.
SPDY is a protocol by Google, for Google. Unless you are doing more or less the same as Google does, SPDY is not very relevant for you. Having multiple HTTP requests via a single connection via multiplexing is only relevant if all website content is located at one and the same server. This is not the case for many websites on the internet. Images, specially for advertisements, are often located at a different webserver. I've read about real live scenario's where SPDY only gave up to 4% speed increase. And for rich websites we already got something called websockets. I've done a lot of experimenting with smart caching, both static and CGI content. Specially with caching CGI output, you can reach a speed increase that no new protocol can ever achieve.
IETF only took SPDY as a base for HTTP/2.0 because they failed to do the job themselves. I personally don't have much faith in HTTP/2.0. Not that I think it will cripple the internet, but it will not bring an improvement to the internet that will be worth all the effort of implementing this new protocol.
America always wants to force democracy to the rest of the world, so it should not complain about the downsides.
If that's his charge, I say let the American people speak out a verdict instead of a jury or judge.
Tell me how. You say it's easy, but I say it's only easy if we allow it. Yes, you can give me a 911 kind of story, but those are easy to prevent (close the cockpit door in thise case).
Bingo! Image you were a terrorist, angry and filled with hate. What would you do? Hijack an airplane, place a bomb in a crowded train station or empty a gun in a supermarket? I'm sure it won't be the airplane hijacking, because that's just too much trouble. To see what threat level a country really has, don't look at the typical place the government is focusing on. Be creative, think like a terrorist and look for the weak spots. You'll find that from a technical point of few, it's very easy to commit a terrorist attack.
What makes it hard to do: find an idiot willing to sacrifice their own life for it. Yes, the middle east seems to be full of them. But you should know most people in terrorist organisations only joined them because them wanted to belong somewhere. No one wants to be alone. When family members joined the group, telling you all sorts of (false) stories about how great it is and how bad the other side is, it's hard not to go along. But that doesn't automatically make them people we should fear. Going with the flow is easier than doing something on your own. Fighting along side your fellows is easier than going to a foreign country on your own to commit a terrorist attack. Because that means you have to make decisions of your own, making up your own mind about it all instead of blindly following some leader.
Yes, I'm sure there will still be a few people actually traveling to another country and actually commit a terrorist attack. But how much damage can one person do? If he's successful he'll maybe kill ten people. How much of a threat is that? In the days after, more people are killed but other means but we don't speak of them. We're all used to those threats, they're part of our life. What makes a terrorist attack threatening, is that it's new to most people and we allow the media to blow it up to huge proportions. We believe every bit of fear the media spreads and we want them to spread fear, because that feels like the most natural response.
The best way to deal with the terrorist threat is to realize that it's very small and to accept that it's there. For most people count, you'll never ever see a terrorist in your whole life and they certainly won't get you killed. And for those few unlucky people who get killed by a terrorist, be lucky that you weren't killed by something as stupid as crashing your own car into a tree.
Yes, they did. They learned that that was just an incident, that it is impossible to guarantee 100% security, that even if 100% security was possible it would make flying very unpleasant, that you should not give in to terrorist threats and that driving a car is far more dangerous than flying and everybody accepts the risk of traveling by car. The last 25 years proof that they are right.
Given the fact that security at airports is not very good and nothing really bad has happened in the last decade, what does this tell us about the real terrorist threat level in Europe?
Don't let yourself get scared by politicians who rule by using fear. Learn from the hard facts!
Caching: You can cache Facebook's images, stylesheets and Javascripts just fine.
Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying.
Firewalling: Firewalling based on hostname / port, yes. Firewalling based on bad content (malware), no.
Parental control: Same as firewalling. And blocking this kind of content is not only done by IP address, but often also by words in the hostname. This cannot be done when you can't read the hostname in the HTTP request.
RemainAfterExit=yes
I agree with most of what you've said. However, I don't think it's lust for power, it's lust for money. Yes, the weapons industry was threatened by the Cold War ending and America needed a new enemy to keep that industry running. The terrorists became that new enemy. However, it's a relative small amount of people to whom this cause applies. The rest of us simply repeat and believe their call: fear the terrorists!
Of course, people started to become numb for that. Remember, the media's job is not to bring the news, but to sell the news. Keep that in mind when reading / listening to the news.
Politics is mostly to blame for that. Even here in the Netherlands we have awareness campaigns like 'Netherlands against Terrorism'. We don't have any significant terrorist threat in the Netherlands. None of us has ever seen a terrorist and will most likely never do. So, the only thing that campaign does is put fear in our minds.
I agree. But I also believe that if someone took the time and specially the courage the tell the people the truth, he/she would get even more votes. But to do so, that person first needs the proper understanding of this matter. And that's where the problem starts.
And the reason for this all: fear. Fear for terrorists, fear for being held responsible, fear for the unknown. We live in a world in which we no longer accept any kind of risk. No matter how low that risk. Well, at least risks we are aware of. We fear terrorists, we fear ebola, we fear being robbed in the streets while at the same time we smoke, eat unhealthy food, practice dangerous sports and get in the car. Every day we do things that are more dangerous than the things we fear most.
Yes, terrorists should be stopped, but not at all cost. And there is no way to make 100% sure no terrorist will ever hit us. So, stop pretending we can! Stop wasting our time, money and privacy to give us false security! And if a terrorists hits us and kills 20 people, is say: that's bad but it isn't the end of the world. Life goes on. In the same time more people are killed for other reasons and we don't even hear about them!
Look at Boston. Despite all the anti-terrorist measures in America, it was still possible to do this kind of attack. And what happened to Boston? Nothing, they moved on. And that's how it should be done. Yes, it's easy for me to say because I haven't lost any family or friends in that attack. But that is the right way to look at it for politicians. Respond to it with logic and common sense and not with fear and emotion. Because that only makes it worse!
Than how can a penguin be a parasite?
PHP done right. I challenge you to find a security leak.
What a cheap flame. And how not original. And you're wrong. SQL injections can be done with every language. To solve this, all it takes is a programmer who understands what he's doing and knows about a vulnerability that has been known for about 20 years and for which there is NO excuse for not knowing it.
It's not really hard do to it right, even in PHP. And there is a simple proof for that.
You might want to take a look how the Banshee PHP framework deals with SQL. With its SQL driver and the security_audit script, it's really hard to have an SQL injection error in your code.