So it's unsurprising that Ubisoft pushed it out the way it was. If they announced a delay, they'd lose out on seasonal sales, their preorders would be decimated and it would affect their quarterly figures. So they pushed out something with some serious bugs and performance issues and used an embargo to prevent bad press until after all those preorders were fulfilled. I'm sure they'll get around to fixing the worst of the bugs, but people have been sold a lemon.
As consumers, there is a clear lesson to be learned here - do not preorder. Do not reward companies who use hype and lies to promote a game that may not live up to expectations. If a game is THAT AMAZING, then it'll still be so in a week or two after release when consensus is formed. And if it isn't... well that's €60+ you've saved for a better game.
It seems like it would be pretty trivial for someone working at a store to disconnect it from the internet at will.
And it would be pretty trivial for the credit card company and police to notice thefts all occurring from this one shop and rain fire down on their asses.
Aside from digits, EBCDIC is infamous for it's bizarro alphabet layout which wasn't contiguous so code patterns like "if 'a' I suspect the EBCDIC only existed because IBM being IBM couldn't countenance interoperability with other systems and therefore tried to ringfence and enforce its own format.
TL;DR: Install Perspectives if you want to use an unknown CA.
It's not a case of installing anything. It requires a whole new secure protocol that browsers support out of the box.
Broken by StartSSL, which provides personal use certificates without charge.
It's still a CA and it's demonstrative of the uselessness of a CA in the first place. The cert makes a scary box go away nothing more. Even if its free (in money) it's still an onerous task in time and effort to obtain a cert. And with my tinfoil hat on, why should I trust an operation in Israel to generate a trustworthy certificate for my site? It's not the first time a CA has been compromised and issued phony certs for MITM attacks.
I have my own problems with PGP's assumption of transitive trust. Just because you can vouch for someone's identity doesn't mean you can vouch for that person's ability to correctly vouch for others' identities.
True but it still has the potential to build more meaningful trust to a site than a CA can. e.g. Red Hat could sign Ubuntu's site and vice versa and they could sign various Linux user groups and so forth. Just like happens with PGP keys. It's more meaningful than some random CA and far harder compromise especially if browsers cache keys and signatories or look them up in SSL observatory.
Having read the myths page I largely believe it was the right thing to do. Linux is a living operating system and sometimes it has to be dragged kicking and screaming away from things that may have been acceptable in 1990 but not when going against other modern operating systems. Wayland is another ongoing example of that and I'm sure that once it becomes the default choice in some dists that we'll see people being extremely vocal about that too.
How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
Exactly. The whole concept of a certifying authority is fundamentally broken. It's just a tax on security. If I'm a bank or merchant then it might be worth paying a CA a lot of money to come and verify I am who I say and how I store and control access to my cert. But the standard signature that most sites obtain is worse than fucking useless. At most it might verify my credit card or my fake id. It's just a tax and the net result plain text is the default.
Sites should be able to use unsigned keys for basic encryption. Sites should also be able to sign each other's keys and build a web of trust. Finally if they absolutely must they can get a CA to sign it. Just like with PGP. There are disadvantages to unsigned certs in that they don't stop man in the middle but browsers cache keys and participate in SSL observatory so that visitors to sites still have some measure of assurance that the key is being manipulated.
Browsers could also present the security of a web of trust in a reasonable way as a checklist or traffic light system. Encrypts traffic (green tick); Protects from casual eavesdropping (green tick); Protects against man in the middle attacks (red cross); Signed by someone you trust (red cross) etc.
The current system is just dumb and I'd hope that somebody, be it Mozilla, Google or whomever would roll out something better that does away with the need for a CA or forgo all encryption.
... then this should do it since it can't use TLS.
I don't see it makes a difference. For anyone doomed to use IE6 for eternity, it won't matter what Google does in its own browser because they're not using it, at least not for whatever crappy internal website still requires IE6.
Smarter people than you have been working on these problems for years already and have made significant progress.
Yes at doing basic navigation. There are far too many intractable problems remaining to think self drive is remotely useful on open roads. They will fail over to the driver or stop dead so often as to be annoying. I should also note your "smarter people" can't even do basic speech recognition on a phone with sufficient accuracy to make it work well. What makes you think a far more complex problem is somehow within their grasp?
The good thing about computers is that they can be programmed to fail gracefully
Which would be great if they only fail gracefully in a critical situation such as a potential collision. If they "fail gracefully" because they're confused by the plastic bag blowing across the street, or the lights being out, or by the large puddle ahead, or the cop telling them to proceed, or leaves / ice / snow obscuring a sensor, or by any car in front of my car which decides to fail gracefully then they'll suck.
It is not sufficient to fail to safe. Cars must make good progress too for the occupant and occupants of all the other cars behind. This is why all the puffery about how many miles Google cars have driven without accidents is only a fraction of the story. Yeah it's great they haven't killed anybody. It's a significant achievement. If such vehicles just stop for no reason at all (and they will) then they will suck and they will suck hard.
He has not acquired a fortune; the fortune has acquired him. -- Bion