Yes, it might be. I just remembered that even digital cable TV is encrypted these days.
Sure. That is their form of access control. They broadcast their streams 24/7 to everyone. (Sometimes even to those who don't need/want the signal.) To prevent theft they scramble all of the content and rent you a box to decode it. The Internet doesn't work the same way. The Internet has a lot of public content that has no need for encryption (you already mentioned YouTube) and you propose that we encrypt it and make the Internet slower? Why exactly? Just 'because we can'? Even with public files, one does not necessarily want everyone to know he/she is accessing them. And someone that is sniffing can see all http requests, including full path.
With all of the SSL MITM/sniffing stuff aside, the IP connections can still be logged and the data flows measured. What you are doing can still be assumed. You can still be implicated for connecting to a naughty site, etc. For example, say you connect to an adult site from work and this site is entirely https. Your boss still knows you were looking at porn on company time. He cares not which individual image or video you downloaded.
|
|
|
it's way overdue anyway for the entire web to switch to https
Although my argument was not for youtube-like services. More like forums, communication, chat, mail, identification, etc... The things for which security matters.
These two statements are contradictory.
|
|
|
Well, we don't really have ISP-based caching servers here in Europe, and it works OK. Most companies do their own frontend/backend caching.
Are you sure? Tons of ISPs do transparent caching. And for paid content you want security in place anyway.
Security != encryption. For paid content (small static files), I'd choose http over https any day. For handling logins/sensitive information I'd use SSL. There is no reason to SSL an entire site. Especially when the content is public anyway. It doesn't stop all attacks but is significantly more secure than plaintext. Nothing ever is fully secure, that is not an argument for lower security, ever!
That's not what I meant. I was pointing out that SSL isn't a "cure all" for MITM/sniffing attacks. If the browsers got their $hit together when it came to SSL it would be far better than it currently is.
|
|
|
I agree that plain http is better for static non-restricted stuff such as images, css, js, which is perfectly cachable. The main problem is that you can't use http images in https sites without creating browser warnings (the reason for this being insertion/xss attacks). A compromised cached proxy server could insert arbitrary images/css/js (and thus, scripts) into your site. (This could be solved if http supported content signing and checking on import, but that'd require browser and protocol changes)
I know all of this already. You're preaching to the choir. Eventually security will trump bandwidth and CPU concerns, as people will trust more of their life to internet, and it becomes easier and easier for laymen to sniff plaintext connections and hijack connections (firesheep et al). You can see it now with gmail, hotmail switching to https. That's only the beginning, many more are on the verge of switching.
Oh sure. Webmail should have always had SSL. I'm surprised they went this long without it. I'm sure that back when Hotmail started the CPU overhead would have killed them. I know this isn't the case now. SSL is a PITA for content delivery. It just won't fly. If I can't let ISPs cache my content I need 10x the amount of servers. Not to mention my site slows down because the ability for ISPs to cache my content local to a particular geographic region isn't possible. SSL also doesn't stop MITM/sniffing problems since no browser cares when SSL certs change. Until browsers ship with a plugin like Certificate Patrol (for FF), SSL won't save anyone from these attacks. Food for thought..
|
|
|
it's way overdue anyway for the entire web to switch to https
That will never happen. I used to think that too; until I flipped some of my extremely high traffic sites to https and my bandwidth consumption jumped. Turns out ISPs that used to be able to cache my images are unable to now. https is great, but it sucks on sites with lots and lots of images.
|
|
|
Think about what happens when a new Bitcoin install is downloading from block #1...
|
|
|
Why am I sold? Well, I've been waiting for a system like this for a long time. I've been through every 'slash and burn' Visa merchant regulation change since 1998. I've witnessed the rise and fall of many centralized payment systems. I've seen bank/court/government corruption with my own eyes, and on and on.. A lot of people on this forum can probably relate to this. My biggest fear is that government will stifle the adoption of Bitcoin by making it illegal. This, in turn, would compel any corporation in their jurisdiction to refuse to use it. We will end up with people who use Bitcoin illegally or from jurisdictions where it is still legal. The "wild west cowboys"; if you will. The mainstream media would likely smear Bitcoin and tell the general public that it only has one use - to further the black market. You'll get the typical vox populi reaction in the name of protecting children/animals/environment/"insert some cause here"; individuals will stop using it out of fear and it will snowball from there. They know how to play the hegelian dialectic game quite well. That said; I think we still have to try. I, for one, am not giving up. Cheers! The Madhatter
|
|
|
* Bitcoin client: not allowed, sorry
You should allow the Bitcoin client with generation switched off.
|
|
|
The coffee arrived today. I chose the light roast. It has a great flavor and is super caffeinated. This is definitely one of the best coffees I've ever purchased! Kudos!
|
|
|
I had sent a message to Satoshi and Stefan regarding a radio/youtube interview.
Neither one of them ever replied.
|
|
|
More correspondence: Hello Stefan, It has been 30 days since I started the FDR fundraiser. I have closed the donations box. I am now handing the box over to you to do with it as you wish. Here are the credentials for the MyBitcoin account that I had created to collect all of the coins into for FDR. Login here: https://www.mybitcoin.com/login/sign-in.phpUsername: XXXX Password: XXXX You should change the password immediately. Cheers! The Madhatter Reply: Thank you so much for your effort and time, I really appreciate your generosity! Best wishes, Stefan Molyneux, M.A. Host, Freedomain Radio http://www.freedomainradio.com
|
|
|
I'd like some tuna too, please!
|
|
|
Why should I trust a closed source on-chip AES-256 implementation? You are further ahead using a cheap thumb drive and whole disk crypto. Also, be sure to keep more than one backup of your thumb drive. That should solve the thumb drive theft and/or theft/copy/silently return it problems. As for the 10 password guess limit and self-destruct feature: I use GELI on FreeBSD and I leave my AES keys on a *computer*. The passwords are in my noggin'. Have fun toying with my thumb drives. They are inexpensive 'bricks'. Chips covered in epoxy? Who cares. I consider thumb drives disposable anyway. Lose a cheap thumb drive? It's an annoyance. Lose that IronKey thing and you might cry. Don't fall for hype.
|
|
|
When I see/hear the term "legal protection" I always think of a mafia being paid-off to leave someone alone. Damn those protection rackets.
|
|
|
I more or less just talking out of my arse. I know that each release of the Bitcoin application has a block lock in it. They move this lock forward each release. I was just toying with the idea (if it is possible) to move that lock forward (never backward) automatically.
|
|
|
Or alternatively, the network could accept that the MiB now control the world's only block generator, who would now see *all* transactions, and could impose any arbitrary tax on each - a situation even better for the government than with today's paper currency. At that point it would be easy for them to issue BTC identities and ignore all transactions going to non-approved addresses so anonymity vanishes. Although, since they directly tax each transaction, maybe they wouldn't be interested in the actual identities of the parties in each transaction.
I'd imagine that Bitcoin would fork into something else. "Bitcoin II: The resurrection"? It would have extensive block locking support or something. *shrug* Hey, there's an idea. Maybe Satoshi is *really* a government agent, and bitcoin is *actually* Big Government's latest attempt to regulate and control the world's trading. Shoot me down folks!
* The Madhatter cues the x-files theme song
|
|
|
Ahh.. now that's satire!
|
|
|
No more emails from him? Weird that he wouldn't get interested.
That is correct. He might just be really busy.
|
|
|
|