Comment Re:Holy misleading summary, Batman! (Score 1) 587
Iain M. Banks - the last "true Scotsman" of sci fi authors. He will be missed. Nobody comes close.
Iain M. Banks - the last "true Scotsman" of sci fi authors. He will be missed. Nobody comes close.
"Well regulated", relevant or not, means well equipped and trained. Always has. Not sure what you think it means, you haven't said.
As far as "consequences" go, the states with the strongest laws have the highest incidence of violent crime.
You sure you want to trot out the fallacy that prohibition is effective? Didn't work out very well for alcohol, utterly failed for MJ.
The definition of "well regulated" has not changed, and Heller/McDonald specifically dismantle the infantile "militia" argument:
[T]he activities [the Amendment] protects are not limited to militia service, nor is an individual's enjoyment of the right contingent upon his or her continued or intermittent enrollment in the militia.
Furthermore, under US v. Miller, the 2nd Amendment covers arms "commonly used for self defense", which certainly does not exclude "military" weapons, especially since the 2A specifically protected state of the art (at the time) firearms equipped by infantry.
There is basically nothing about your post which is even remotely factual - just typical partisan whining.
You'd also have to convince the AI to not actually try to learn anything new, or it might actually try to confirm that the things you assert are, in fact, true (or at least that you've given it non-obvious, falsifiable truisms to follow).
The OP assumes religious beliefs is emotional and irrational. That's false. Discussion over.
Agreed, religious beliefs are emotional and irrational.
Nobody should worship anybody based on faith.
It all started with corporate "enterprise" firewall vendors who saw a demand for MiTM-in-a-box from "enterprise" IT.
Corporations are notoriously uninterested in the repercussions of their actions.
This fine bloatware didn't merely act as an MiTM, it do so so incompetently that it exposed the user to basically any MiTM attack on an SSL connection(the root cert it used to sign bogus certificates was identical across every installation and effectively unprotected and the MiTM component would re-sign any cert handed to it, even an invalid one, opening the user to downright trivial MiTM attacks.
Many "enterprise" (lol) class proxies (deployed by corporations to "protect" their internal networks") do the exact same thing.
Allowing unrestricted remote access to your machine's trusted root CA list via GP is a feature of windows.
Why would they remove it? It is for the "enterprise".
There shouldn't be any ability to tamper with the OS so fundamentally and so easily.
Guess what? If you use a windows machine at work, your boss can already install whatever bogus root CA's he wants into your machine without you knowing it, via GP. And he'll claim he has to, because w/o it, the corporate proxy can't MITM you.
That is a feature, not a bug. The whole point to Windows GP is to allow your boss to push bogus root CAs into your work machines' store (without you knowing it, let alone preventing it) so the corp proxy can MITM sniff all of your https traffic at will. Remove that ability, and expect your local PHB to whine incessantly.
Never mind that the idiots running the IT dept have no clue how bad it is to deploy a CA that can automatically sign forged certs arbitrarily. And most employees are clueless enough to never bother checking their trust root CA list.
Unrestricted MS group policy push means all of TLS/SSL is a complete sham.
Hopefully this Superfish fiasco will bring this to light, However, I am not optimistic, given the quality of reporting on it so far, and the fact that employers do not want their employees to know exactly how much the corporate proxy has compromised the entirety of internet security.
I know the response is "well just trust your IT dept, they won't let their bogus root CA priv key fall into the wrong hands; corporate proxies are for your own good".
Right.
Why doesn't windows defender alert you when your employer pushes their proxy's CA into your work machine's trusted CA list via group policy push?
Superfish is just the tip of the iceberg.
Corrupting a Windows machine's CA store is very common in "enterprise" environments where your employer wishes to proxy all outgoing SSL/TLS connections.
The fact that most people are completely unaware of this is disturbing, but unsurprising.
Again, why would you use the host key for this purpose? Most likely the client would generate the key (no relation to the host key) they would want preloaded. The manufacturer has no reason to use the host key as both a host key AND a key in the authorized_key file. That is simply stupid.
No, in this case, knowing the host key would let you pose as the host.
Then again, you don't even generally need the host key to post as the host because 9 times out of 10 nobody actually verifies that the presented host key matches the expected host key.
If the host is unknown, generally they simply assume the key is correct.
If the last stored key and doesn't match the one presented, they generally ignore the error that ssh spews telling you of a potential MITM attack.
He has not acquired a fortune; the fortune has acquired him. -- Bion
