I understand where you're coming from. As you may know, I've been doing infosec for a long time, and I know the difference between "compliant" and "secure". I'm rather surprised you chose CompTIA Security+ as your example of a bad security certification. The new one especially is quite comprehensive, in my view. Not that a single certification can ensure that a candidate is ready to perform any and all jobs related to security, but I'd say that if even 10% of the people designing and maintaining these systems had enough knowledge to pass Security+, we'd be in a lot better shape.

He had a huge criminal enterprise to run, tons of money to launder, murders to order, and hopefully he'd make some time to enjoy his ill-gotten gains before he eventually made a mistake and got busted. If he was wasting his time setting up a captcha, that was pretty stupid. The smart thing would be for him to have someone eho understands banking and finance take care if the banking and finance, someone who understands programming take care of the programming, someone who understands high-capacity server infrastructure take care of the server infrastructure, ehile he ran the whole operation and spent some time on his boat. Actually, not really. He was successful before silk road,so the smart thing to do would have been to continue to make money legally. That has the advantage of not ending with a prison sentence.

> Paypal engineers do not go to prison for an extended period of time when they are caught.

Neither does the script monkey that Ulbricht hired to set up the captcha.

98 of the top 100 fastest supercomputers in the world run Linux. Most phones also run Linux. See also consumer electronics of all kinds - TVs, routers, webcams, consumer NAS drives ... Linux works everywhere. As Linux has been installed everywhere over the last few years, Microsoft has gone from a monopoly, the 800 pound gorilla, to trying to catch up in order to survive.

There is a reason for this. Linux didn't make any assumptions about what hardware people were going to use next week. Even the architecture could be whatever you anted that day - DEC Alpha, Blackfin, ARM (any), Atmel AVR, TMS320, 68k, PA-RISC, H8, IBM Z, x86, assorted MIPS, Power, Sparc, and many others.
Microsoft built specifically for the desktop, and supported one platform - x86. Suddenly, most new processors being sold were ARM, and screens shrank from 23" to 4". Microsoft could only scramble and try to come up with something, anything tat would run on the newly popular ARM processors, and ended up with Windows RT. Linux kept chugging along because they had never made any assumptions about the hardware in first place. To start maing those assumptions now would be stupid.

We don't know whether smart watches will be all the rage next year, or if cloud computing wll take off even more than it has, or virtualization, or a resurgence of local computing with power, battery-friendly APUs and roll-up displays. To specialize for "dektop" hardware or "server" hardware would be dumb, because we don't know what those are going to look like five years from now, or if either will be a major category. How many people here remember building web sites for WebTV? How well did that pay off, investing in building a WebTV version, then a Playstation version? The sites that faired these changes the best built fluid, adaptive sites that don't CARE what kind of client is being used to view them - they just work, without being tailored to any specific stereotype of some users.

> I would hope

Hope is good. Got some change to go with that? That's what'l solve everything - hope and change. (I'm hoping for some change right about now).

Sure, your tax money will continue to pour into Tesla, because green. Most of this won't be tax-financed, though. It'll be paid for by forcing Nevada homeowners to pay Tesla for the lunchtime power production that'll be shunted to ground since they aren't home to use it.

> I find it a bit hard to believe that a guy who is able to get one of the largest black-market enterprises running on a server

Do you find it hardto believe that Paypal's engineers make significantly more obvious mistakes? They do, of course. The thing about crime, and security, is that you can do a hundred things just right, and be taken down by the one thing you missed. It's adversarial like sports, but unlike sports 47-2 is a losing score for the team who scored 47. Those two items on which you let the authorities score put you in prison.

DANE seems very nearly pointless to me. Maybe I'm mising something. The victim goes to Paypal.com. Their browser checks the certificate to make sure it's really Paypal.com, as opposed to a MITM or someone who hijacked Paypal's DNS. That's the typical use for TLS, right?

So checking the cert is supposed to protect the user from an adversary who can intercept packets addressed to Paypal.com and send back bogus responses. That means the adversary can intercept DNS packets intended for Paypal.com and respond wuth a bogus cert record. Nothing has been gained unless you can independently verify the DNS records using some other mechanism. It's proposed that DNSSEC be used for this. DNSSEC basically means the DNS record is signed, so to trust the DNS we need to validate the cert used to sign the DNS. Okay, soall we have to do is find a way to validate a DNS signing cert. If we can validate that cert, we can trust the ssl cert.

Hmm, we validate someone's cert by first validating their cert? I don't think we've made any progress toward solving the problem.

> The problem is that they are blocking commercial activities while allowing recreational activities

You can't see the difference between you operating a toy over an uninhabited field vs UPS and Amazon operating a fleet if thousands of commercial drones operating in neighborhoods? With commerce comes scale.

The sites got certificates and installed them several years ago, before thw current "https everywhere " trend. In other words, they decided that because they were handling sensitive information, they needed a secure connection. Maybe they have an order form,that accepts credit cards, whatever. For some reason, they needed to be more secured than most sites. The URL in the address bar says "https", indicating that it is secured. We know that although they publicly declared that their site should be secured, it isn't.

Contrast xkcd.com. Randall didn't get a certificate, because you don't need a secured connection to look at nerd comics. Which site presents a security risk? The site that has no need of tls, or the site that needs to be secured, but isn't?

* xkcd might actually have a cert, if they sell stuff on the site or whatever. I didn't bother checking because it's beside the point whether that specific site uses a cert.

I'm not sure how I ended up typing those extra parens. Odd.

These two are very, very handy for careful programmers, who don't just assume that everthing always works, and that noone is trying to hack, or enter "weird" input like a name with a single quote, such as o'Malley.

Examples:
open(INPUT, $file) or die "Couldn't open input: $!");

compare other languages, where being careful requires that every other line start with "if (!":
if(!open(INPUT, $file) ) {
        die "Couldn't open input: $!";
}

Similarly:
die ("That's an awfully long name") if (($name > 1024));
vs:
if ($name > 1024) {
        die("That's an awfully long name");
}

If you're regularly checking your assumptions, I think the syntax is very handy.

Perl is my preferred language for the majority of tasks that I do. I really like Perl overall. TIMTOWTDI annoys me, though. There is a right way to do it. Once is a great while, there are two correct ways, and still one best way.

TIMTOWTDI seems more appropriate for PHP, "do it however, as long as it looks like it kinda works for now. It's not like we're actual programmers who know what we're doing".

> It's less confusing to have one os (all linux) than two

Yep. Pretty much everything I own runs Linux, so no matter what device I'm working on the shell interface is the same. On my phone I use the graphical interface most of the time, of course, but I _can_ open a command line and find out what's using al my storage space it just the same as I would on my work desktop, my laptops, my server, my NAS, my PBX, and anything else I own.

At my 8-5 job, the company-owned machine has the same bash shell, which works the same way, running on an OSX kernel instead.

My experience is that when new versions of Word have problems opening a file created by a previous version, the solution is to open them in OpenOffice and use OO to save to the newest MS Word format (or leave them as odt).

In that way, OpenOffice has BETTER compatibility with various types of MS Word documents than MS Word itself does.