Re: "Oops, we got caught."
Then we're likely doomed to repeat it until we evolve a better human since a lot of what causes this is part of the human condition. We tend to cooperate only out of necessity; we compete otherwise.
16605 publicly visible posts • joined 10 Jun 2009
How can we be sure routers will honor the option fields since there are already security concerns about the option fields: they already tend to block options around Record Routes (either for Loose or Strict Sources), so they may be leery about accepting other options. Next, how will the legacy hardware use the system if they aren't able to insert Option fields themselves? Sounds like a similar problem from a different angle. Furthermore, since the scheme requires the use of a new kind of edge router, why not just use the same location for some kind of proxy server for those instances where an IPv4-only device MUST talk to an IPv6-only device (as a proxy is the only practical approach to bridging the protocols) without using options that they may not be able to make?
In essence, using the option field seems to have incompatibility issues of its own that make it just look like IPv6 in another package.
I don't know. What makes you think ICANN can't find some way to blow it over, if not retaliate such as by calling out Protectionist President Trump? That's why a nuclear card may need to at least be threatened. Money won't really faze ICANN but the threat of being made irrelevant certainly will.
"Option 3 is therefore the most likely. Nothing much of anything will happen. The Registrars will comply with the law. ICANN will continue to flail for another few years, then eventually accept the inevitable. Grumpily, and possibly after having been hit with the fine stick. The board will continue to be smug, useless wankers, continue to increase the size of their bonuses, and when the money starts to run out will consider selling some more .name domains to raise cash."
But there's a wildcard to Option 3: President Trump, who you've noticed is VERY protectionist. Not to mention impulsive. If he starts noticing the GDPR as Europe stepping on American toes, there's bound to be a brouhaha that can potentially tie ICANN's hands. Not to mention put California under an uncomfortable microscope.
Thing, is the EU willing to play the ultimatum card and eventually start the wholesale balkanization of the Internet by usurping all ICANN functions? So far, I haven't heard threat of such an ultimatum which would probably be the only way to really get ICANN'S attention (since they can probably play sovereignty against the fines).
And as they say, no test or simulation is a proper substitute for the real thing. No emergency plan can be tested without an actual emergency. And as for a plan, it should be planS (plural) able to cover one another in case Murphy syrikes and a backup plan fails and you have to go to the backup backup plan.
"I will NOT do the hassle to make all that HTTPS, if indeed I even can for the simpler things - I already have a real decent protection from the internet at large going on - in one spot, between all that and the 'net."
Also, doesn't this present a SPoF problem if someone goes out of their way to tackle you "one spot" to get at all the things behind it?
But unlike your scenario, the Chinese Cannon is transparent. Even the most observant user can't tell whether an encrypted connection has been altered on the fly. In fact, there IS no way to tell until it's too late, PLUS there's no way to block it because it happens outside your control, unlike all your scenarios which require either user intervention (installing rogue certificates) or user ignorance (not noticing a bad certificate pin). So I say my scenario still stands, PLUS it's actually happened in real life, so we KNOW it CAN and WILL happen.
"In fact, you don't have to be a "state level actor" (TM) to MITM a HTTPS session."
OK, then, explain. How do you MITM an HTTPS session without the private key, without breaking certificate pinning, AND if you've been there before (breaking the First Contact Problem)?
"Actually, today is far easier to distribute malware through ads than trying to intercept connections which may require a far higher access to the target network."
Which well-resourced, well-connected, or state-sponsored actors (Chinese Cannon) are likely able to do.
And MY point is that ANY unencrypted HTML page, even an Apache test page, can be hijacked by a man in the middle, altered on the fly to inject malware, and then sent alone with the end user none the wiser. It's what allows things like the Chinese Cannon and Verizon Supercookie to work (both use MITM techniques). THAT'S why the push to remove unencrypted HTML, no matter the content (because the content is irrelevant--it's the mere fact it's unencrypted that's the key here). Similar to why Telnet made way for Secure Shell.
The Chinese Cannon happened. Now it's clear that ANYONE who wants to drive-by a victim can just hit a midpoint, sniff for HTML in the clear, inject malware, and PROFIT! Just like with Telnet, there's only one practical solution to a malicious MITM: give Mallory no cleartext to sniff.
NO unencrypted website can really be considered safe anymore due to increasing MITM attacks like the Chinese Cannon and Verdon Supercookie. Malate can be injected even into a vanilla HTML page, on the fly, by an agent sniffing for ANY unencrypted Web traffic to hijack.
"So I did. It produced quite impressive results."
Surprised the button wasn't blue instead of read, since it seems you triggered what many hospitals term a "Code Blue," meaning a life-threatening emergency, usually a cardiac arrest (in your case, it was respiratory arrest and cyanosis on a newborn). Given the promptness of the reply, the alarm was probably local to the ward you were in because a crash team was already in place.
It may also be worth noting that GIMP entered the 2.10 cycle only a few months ago (in April), and 2.10 represents major changes since the 2.8 cycle which should be noticeable from the get-go (I've known about it for a bit since I'd been using the 2.9 experimental cycle for a while). The continued compatibility is probably the reason this is 2.10 instead of 3.0, that's how big the change to 2.10 represents.
"Installing new code should be something you only do rarely from sources you personally trust. It shouldn't be something you casually do when a QR-code tells you to do it or something your browser run automatically as a feature."
That problem will ALWAYS be there. Simply because of box thinking, or there's no way to fully encapsulate everything you want something to do in a limited interface. It's the reason for downloads in the first place, going all the way back to the PC (in the broadest sense to include pre-IBM stuff) days. Who cares about security when it comes to "just get the bloody job done"?
"It amuses me that Almon Strowger invented his automatic telephone switch specifically because the telephone operator in his home town would connect calls intended for him to a competitor (both were undertakers) who just happened to be the operator's husband."
I wonder if it was less that and more she knew when bereavement calls were going around and let her husband know about them so he could get the jump on Strowger.
"In some places, like Europe you have the additional possibility of getting your time via longwave transmitters. The DCF77 signal, carries the time in a way you can get your error well down below a millisecond. Other simmilar transmitters will still get you the time to a fraction of a second."
The US equivalent is WWV out of Fort Collins, Colorado, which gets its timebase from NIST in nearby Boulder. It transmits several different time signals with varying degrees of precision.
And even then you have to be careful that the courts don't see your tactic as getting to a blanket ban the long way round/by a thousand cuts. Plus, like I said, the Founding Fathers were specifically afraid of the government itself cracking down on its own citizens (the Day of the Jackboot). That's why the country wasn't founded with a standing army.
CA leads the way in pollution standards due to Los Angeles (pollution ducks when you live in a thermal inversion zone). And districting remains in each state's hands (per the Constitution IIRC so the Feds can't usurp). Abortion can be a hot topic, but popular opinion still favors the status quo which can make the courts leery.
"I have empirical evidence that radio advertising works (I got customers from it)"
I have empirical evidence of the opposite. Seems most people change the station or turn the radio OFF when the ads come on (and let me tell you, some of them are LAME).
Only when the public will accept the fact the zinger net isn't free and everything starts disappearing behind pay walls and people either pony up or go, "Stop the Internet! I wanna get off!"...and go back to the TV spots, product placement, international junk calls with fake Caller IDs, billboards, and junk mail...
I will admit, 128TiB in such a small form factor sounds tempting...but as no one's quoted a price, I have to assume (a) such a capacity doesn't really exist yet, and (b) if I have to ask for a quote, I probably can't afford it. Shame, as even an affordable 16TiB of solid state storage (form factor irrelevant) would be awfully nice right about now, especially as I look at my spinning rust collection with increasing trepidation.
I guess it's simply a cade of Your Mileage May Vary, as it seems EVERY manufacturer from SanDisk to Samsung has had bad days. My firsthand experience makes me trust Samsung and SanDisk most. Meanwhile, the only MicroSD card I've had wear out was a 16GB Lexar...in a dash cam.