They should show them pirated pirate movies.

The NSA has not been caught red-handed, either. The article even points out that the pictures have not been independently verified.

It's useful, I don't know if it's convenient. Most sites won't even load anymore if you have Javascript turned off.

What does "obsolete" mean? If his writing instrument does what he needs it to do and he's happy using it, then more power to him. Who's to tell him he can't use it, or an IBM Selectric, or even a quill pen and vellum? Nothing is obsolete if it still works for your needs.

If they're not a NASA astronaut, why would they?

>If you have a site where an attacker would have bothered with the elaborate process of getting the private key, and then do MITM attacks with it on users, and it >would actually matter, you wouldn't have used StartSSL in the first place, and $25 would be absolutely nothing for you.

>Hint: not you

None of which has any bearing on my original point, which is that we need a better and more secure way of applying security to web servers that isn't reliant on the good graces of a third party (either through their schedule of fees or through their procedures and policies). If you want a more secure internet, you have to make it cheaper and easier for the guys who are just like me. As I mentioned in my top post, the admins I spoke of can't afford to replace their certificates and so their sites remain unsecured.

StartSSL won't revoke a certificate unless you pay the $25 revocation fee and they won't just let you cut a new certificate while the old one is unrevoked. How is that not extortion? The only option is to either pay up or find another provider (and leave your old, unrevoked certificate out there).

>Yup, twenty-five whole dollars. That's the price of several Big Macs, with fries!. Shameless what some CAs will charge.

(Not defending the CA racket here, but $25 isn't really that much when they give the certs out for free. In any case why revoke them, just replace them with a new, free cert. Yes, I know someone can spoof the server using the old cert, but if you want to save the $25...).

That's $25 per certificate. That may sound cheap to you, but it's not cheap to everyone and especially not when you may have several (or dozens) to replace. In any case, revocations should be free. Also, StartSSL won't let you cut a new certificate for a host while an unrevoked certificate exists for that host, so you either pay them to revoke it, wait until it expires, or change the hostname (or move to a different CA, I guess). All three are unacceptable scenarios, IMHO.

What would help is if there were some certificate system that didn't rely on extortion or exorbitant prices. I know several admins that mitigated the hole but couldn't replace their certificates either because the signer charges a ridiculous revocation fee (I'm looking at you, StartSSL), or because the cost of cutting and signing new certificates was too high. We need a better trust system.

Well, no....it won't be a Lamborghini really, but it will look just like one, we promise! Ok, the engine will only be a four-cylinder but it will only cost twice as much as Google's Lamborghini! No, we won't charge you for gas or oil for the first six months, but after that we may have to charge a slight service fee. The speedometer goes up to 200MPH, but most of the time, you won't be able to go over 35. Also, you can only drive to three cities per month before you hit your mileage cap because we don't want you taking unfair advantage of the roads. Speaking of roads, did we mention the slight access fee to help cover the cost of building out new roads (someday, maybe, if someone else threatens to build roads first)?

They don't have sarcasm where you're from?

Users are not administrators by default, but so much poorly-written software out there requires local admin rights to run (let alone install) that it's virtually unavoidable.

So, for the bottle to be edible, it's going to have a removable, non-edible outer wrapping to protect it from contamination during the shipping, handling, and sales process. That means you've just moved the problem one layer out. You're still going to be generating waste.

Someone from the future travels to the past, changes something fundamental and the universe slips into an alternate reality from which it can never return and in which no event can be expected to unfold as it did in the original.

What do you think this is, Star Trek?

Consider the enormous advantages that say, President Obama's daughters have over say, an Asian girl from a economically disadvantaged family. Yet the check marks that each would mark on a college application would result in the President's daughters getting racial preference.

Or consider two students from the same socioeconomic background (perhaps even attending the same high school), but one is white and one is black. Under affirmative action, the white student would have to perform at an exponentially higher level to receive the same consideration. As long as race is a consideration AT ALL, then the playing field isn't level.