Not sure this is the technology at play here, but ATL Server, a C++ based Microsoft web technology discontinued in 2008 basically supported two files extensions - .srf and .dll. See e.g. https://github.com/redpower1998/ATLServer/blob/bf3fd601bf281... .
How would it hurt you? The American Heritage Dictionary gives three definitions of hurt:
> 1. To cause physical damage or pain to (an individual or a body part); injure.
> 2. To experience injury or pain to or in (an individual or a body part).
> 3. To cause mental or emotional suffering to; distress.
Does looking at them cause you mental or emotional suffering?
What if I said that it caused me the same mental or emotional suffering anytime anybody wore a tshirt? Would you also say people should only wear tshirts inside?
They do. The problem is drug addiction. If you give drug addicts free houses, eventually the word gets out, and then even more drug addicts move to your state. Eventually you find yourself like California - spending an immense amount of money of an immense number of drug addicts mixed in with a few people who are down on their luck.
People addicted to heroin don't achieve their potential or their aspirations. The compassionate thing to do for drug addicts is to help them stop being addicted to drugs, not give them an apartment where they can do drugs without bothering anybody. Parent commenter is saying the state is doing mostly the latter and little of the former.
It's a bit more complex than that. At the surface, it's true - only 15% of homeless people in Seattle lived out of county before becoming homeless. But a deeper look shows as many as 30% more never really could afford housing - they had marginal housing situations, living with a friend, relative, or romantic partner without paying a proportionate share for their prior living situation.
This is part of the discrepancy - one side shoves the 15% number at everybody while the other side shoves at 45% number at everybody - we can't agree on what we're measuring.
I didn't quite speak clearly and so let me try to clarify. It's the opinion presented as opinion containing opinion presented as fact :).
In examples:
- "summer is the best season" is an opinion
- "summer has the highest temperatures" is a fact
- "summer is the best time to have romantic encounters" is an opinion
- "summer is the best season because romantic encounters truly only happen in the summer" is a weird amalgamation. It clearly presents an opinion, and says that opinion is based on a true fact, but in fact, the true fact the opinion relies on is not a fact at all, but merely another opinion.
Seems specious. Democratically elected representatives said it was to encourage the investment of capital as they wrote the laws, and then got reelected by the voters. You can say the representatives were lying and the voters didn't care / are dumb - but where's the evidence?
I think the simplest explanation for why representatives vote the way they do is the public statements they themselves make before and after their votes. If you want to make a more convoluted argument and assert a conspiracy, you should bring some evidence.
It's not quite so understandable to me that somebody would believe that position to be an inherent truth ("truly owe") rather than just a position.
Capital gains taxes have historically been lower to encourage the investment of capital. This might be good or bad policy. Many economists say it's good policy.
Fwiw (tangent), I don't necessarily believe either of those instances were cosmic-ray induced bit-flips. I'd have to dig up the study, but I read a study once that more or less concluded "cosmic-rays are more common in memory unsafe languages and on overclocked PCs". Or more accurately, engineers frequently misattribute memory corrupt and operating outside specification to cosmic rays.
Particularly when the software in question is running on somebody else computer, proprietary software and OS (or OS modules), unknown patch versions, etc.
You are looking for a debate, I think. It's the whole thread. You're nerd sniping. It's classic.
You're not a fan of DNSSEC and prefer CT. When faced with examples where CT doesn't cut it, you refuse to discuss the big picture, pounce on incorrect details, and then resort to claiming your opponents are uninformed or arguing in bad faith.
The bottom line is my original big picture claim, the part that's on-topic for the article - that CT works for browsers on personal computers but not other classes of internet connected devices - it's true! And you know it! But you'd rather debate the details than inform readers about what they actually want to know (the big picture - i.e. that DNSSEC is useful).
I've observed your behavior before on hacker news, but experiencing it directly is eye opening.
Of course it does. CT trust relies on root programs removing bad CAs and root programs and security researchers sharing information about bad CAs with root programs. The root programs, CA, and security researchers are colloquially "the CA community".
Do you believe CT protects set-top boxes against surveillance from nation state actors who compromise your router? Yes or no, if you don't answer, you're not engaging in good faith.
> Meanwhile if DNSSEC's vision is ever fully realized, you will lose that control entirely. There is no CT there, and even if it was build somehow it will be useless as it has no "teeth"
This is a false dichotomy. DNSSEC secures DNS records, it doesn't prevent logging certificate issuance.
Web PKI so strong that we recommend not using it for critical scenarios.. /s
It's late and I maybe haven't been super constructive here, but I think when you try to write out the actual assumptions behind CT as the whole solution, you realize you've got something that mostly works assuming assuming assuming - and worse, we'll never do any better, because those assumptions are fundamental technical limits. DNSSec may be ugly but at least its problems (like validators failing open) are just deployment issues, not fundamental technical issues.
I'm sick and tired of using technologies that provide security or correctness subject to a long list of preconditions and ways for folks to tell me I'm using it wrong. To build secure systems, we need technology that provides correct security without so much asterisks and fine print.
The example I gave was a router or gaming system updating itself (e.g. using CUrl) not a full browser. Don't strawman please - if my argument is as weak as you say, you shouldn't need to.
I want a version of Web PKI strong enough that I can turn off my tablet for a year, turn it back on in a coffee shop, apply automatic updates, and not have my web traffic monitored, even if I'm gay and the coffee shop is in Saudi Arabia.
From what I can see, DNSSec+CAA+.com+US CA+US hosting for the Android update server does the trick. No version of CT does.
> The fundamental difference is that with TLS you have to trust ALL certificate issuers, but with DNSSec you only have to trust your TLD and your certificate issuer.
It's probably fair to say I've been a bit over assertive about CT, but it's all in the margin to me. No amount of technical complexity can turn community trust into direct trust. TLS is a community trust model and DNSSec is a direct trust model. The fact that CT is a pretty good community trust model and that browsers have (so far) done a pretty good job at keeping the CT community small is interesting, but it doesn't turn community trust into direct trust. So while I'd agree it's an incredibly tedious tangent, I'd say it's tedious moreso because the pro-CT folks are missing the forest for the trees than for any technical details about CT.
Edit: because community trust fundamentally relies on the notion of the community taking action against bad actors. Whether it's a CA or a CT log provider, and whether it's malicious action or a bug or just ceasing to do business, community trust has a time axis where membership in the community changes and notions of keeping devices up to date and political struggles ("too big to fail") and the like that simply aren't needed in direct trust.
That's just not what's happening. Reread the conversation. I started from here:
> Certificate transparency is cool, but it's not clear it really works for many classes of devices
Smart TVs aren't some gotcha I'm throwing in at the end. It's literally the first thing I said about CT. CT works ok for mobile phones, laptops, and other devices where you can make certain assumptions about multiple networks and frequent updates. If you want a technology that doesn't require these assumptions, you want DNSSec.