Verisign runs the top-level domain DNS servers for com, net, edu, cc, name, and a few other smaller ones. If you lookup gmail (ignoring caching), you have to ask Verisign-owned servers where the google DNS servers are, so you can ask those servers what the gmail IP address is. For the security of the internet: it's pretty important.

Until late 2010, Verisign also ran the dominant SSL business. That red circle with the black digitized check at the bottom of your bank's web page? Yeah, that. The SSL business was sold to Symantec, are are trying to slowly rebrand. For the security of the internet, SSL is also kinda important.

So google's doing it wrong? So is Yahoo? They shouldn't have so many computers? How about Amazon? Supercomputers are all doing it wrong?

It's called "running a successful service at internet scale". And it's a really good gig if you can get it

A second specific comment

The configuration of a system is much more complex than most configuration management tools consider. The tools generally limit themselves to the list of things a "sane" person would change.

The list of things that actually affect the running of your system is much, much larger.

• Libraries. Did you hand-jam in a specific openssl version for some application?
• Programs. Did you hand-upgrade openssh on one system?
• /usr/local. Is it in the path of a shell script used to launch a service? Is everything under it managed?
• Permissions. Did someone do "chmod -r" somewhere they should not have?

If you write rules in puppet to handle all of that, your set of rules blows up to be insanely detailed, long, and completely unmanagable.

But the reinstall handles it all. In an automated, scripted fashion that allows you to easily change what you need.

Seriously people. Cobbler & similar install servers. They need to be part of any large scale host management. And since they are already there, are easy to leverage into being a large part of your large scale host management. And then reinstalling the server is the sane solution.

cfengine, puppet, chef et all are in the set of acceptable solutions. And if you have per-host information you care about keeping, superior to blindly reimaging.

But why do you have per-host information? Per-host information (log files, or important data on local storage) is an inherent management pain. The best answer is to keep that to the minimum set of hosts possible, and use coarse tools on the majority. Then you're manually managing 2 hosts, and bulk managing 998. Which is a cubic ton better than manually managing most of 1000 hosts. (remote syslog is your friend.)

(Upgrade? Really? Um, no. Reinstall. Again, you have to be able to reinstall quickly and accurately. And since you can do that, why not do that?)

You should.

And then, once you figure out what's wrong, you should reimage the box to fix it. Yes, I'd dead serious. Manually futzing with one box ("configuration drift") is farther up the list of reasons why things break than you would believe.

You have 1000 servers. You need to upgrade them to RHEL 6. Do you put a DVD in each of 1000 DVD drives?

NO!

You use an image server. Kickstart. Cobbler. Figure out how the new image looks like, and then pxeboot 1000 servers. That goes much faster. (to the sysadmin above, reimaging a server should take 25 minutes, most of which is spent surfing slashdot, not an hour).

So now, you've got a server that's misbehaving. One of 1000. Out of pure coincidence, honest, the one server you were manually futzing with last week, but that can't possibly be connected. Fixing that server yourself will cause more "configuration drift", and leave you with one server that's still different than the 999 other servers. And hey, that image server is still on your network. Just reimage the thing.

It's popular because it's the answer that scales. kthxbye.

The user would be none the wiser if the user had never gone to that encrypted site before with that browser and stored the key. It's the SSH trust model, only with a bad rap.

I believe your delusion is thinking that the people pirating your music actually searched for it. Rather, the odds are good that they did broad search, and then downloaded everything. After all, they were already at the relevant web site, they'd already downloaded one thing, the marginal cost (in time at the keyboard) of downloading everything was pretty close to zero. And hey, while they had never heard if it, what's the hard in giving it a try.

So they did. And then never bothered listening to it again.

I don't have any advice for you, other than better advertising. DRM doesn't work, and converting someone who pirated it to a buyer only works for subsequent releases.

But the kids who downloaded it from the Pirate Bay? They aren't your customers, and those are not lost sales. They wouldn't have bought it anyway, so you're not really losing money from them.

I expect, in terms of rounds fired, handguns are overwhelmingly used for harmless recreation.

Because maintaining a google apps account takes zero time?

It means they broke a 768-bit RSA key in 6 months. As a practical matter, everyone has to have the information they had, so the decryption can be done offline. They only used 80 computers, so assuming the task is linearly parallelizable (which I don't know), anyone who cares (and can afford 1000 high-end computers) can break a 768-bit RSA key in about 2 days or so.

Which means that a 1024-bit key is only safe for about 3 years. (But 3 years of 1000 high-end computers dedicated to the task of breaking your key is still really expensive. So that's probably pretty safe. Stealing the computer with the private key is still cheaper). But given the pace of technology and factoring techniques, that will likely come down.

4096-bit keys seem to be sufficiently safe for the foreseeable future. (Didn't gpg used to mock you if you told it to create a key that large?)

I chose the muddle along option because I have two family members I can easily calibrate myself against...

My Dad could be taken through a rollercoaster in a dark black enclosed building (Flight of Fear), and at the end could point north with no hesitation. He navigates by "I'm about [here] relative to my destination, so I need to go that way" and doesn't need a GPS.

My mom could be placed in a field at sunset on the equator at the equinox, and wouldn't know which way was north.

(But, for some reason, Dad has a GPS in his car, and even though I gave Mom one, she's left it in it's box.)

So I'm between those two. I get turned around easily, but at least I can memorize landmarks.

Do you accept Wikipedia? How about Slashdot?

Relevant case law: