may ACT very smart and will create something WHICH WOULD BE truly amazing IF IT WOULD WORK.

Yes, me too. I mean: the headline "Microsoft releases next version of windows for hobbyist 35$ computer meant for open source"....

Whats next?

-Office for linux - oops Office runs on Andoid.
-Microsoft hosts Linux - yes, azure runs also linux machines
-Microsoft sells Linux hardware - seems to be the case - Nokia N1
-Microsoft contributes to linux kernel - but they are not top 20 any more
-Linux devices are major income source for MS (~400Million$ for nothing from exFat patents)

I mean the last thing which is missing is that they actually open source windows. But maybe they do that when they replace the kernel by a linux kernel and forget the rest.....

Yea i mistyped "cock" instead of "cook" in the search field from which videos he should learn....

It is dangerous to have partially redundant mechanisms. If you have only explicit redundancy, then errors will show up.

This tool automates an administrative task. But only one.

Dangerous because automatic key updates should require a great deal of verification of the new keys. I could imagine some scenarios (e.g. cloned virtual machines), which lead to the authenticated key being correctly updated (e.g old instructions/documentation) by the admin, but the EC key not overwritten (since it's not in the standard procedure). If this EC key then is copied automatically to the client, any of the cloned machines would accepted as a verified server after the login.

Overkill because exposing the public keys in terms of the sftp protocol would be less invasive and give the client full control what to do whith the keys.

Seems reasonable to me.

Facebook: If you click here, for playing farmville and getting up-to date advertisements around the world and hearing which of your friends prepares pizza right now, you give us all your data. We will sell it or not, as we see fit, ask you about it or not, as we see fit, change the rules at any time, as we see fit, and if you dont disagree immeduatly, we will make an effort to protect our interest by just giving you enough privacy not to run away.

NSA: To stop terrorists killing you all, we need to log all data of you which we can get.

Yes, if you give me the choice if the ratio of loss of privacy to gained comfort/security is better for Facebook or the NSA, i choose the NSA.

Yes. I think if I do SW development, a price difference of 3 man-hours of less does not justify the trouble...

I would imagine that it get most troublesome only if you use the card for computing and rely on a homogenous memory access....

but fight pedophile criminals.

That being said, i doubt that i wnat to put justice in this respect in anonymous hands.

IMHO the biggest advantage of pascal was that data structures were well denfined and that strings were not nul terminated.

Two year ago: Openvpn was fine, but webpages of providers were blocked (not a bad strategy...).

Last year: private Openvpn server worked, but connections dropped after ~1Gbyte was transferred, and well known providers were blocked

This year: openvpn was detected (not sure how!) and private server seems to have ended on some "gray" list, ssh connectionsafter that were very slow (although that could coincide with slow internet); sshing to singapore AWS cloud was fine, but i had the feeling that switching between ports for ssh helped after big data transfers or long conenctions. Connecting by mobile (state telecom) was better than by WLAN.

Blocking seems to happen solely based on target (outside China) IP.

The rationale behind blocking vpns but not ssh is simple: China is not interested in blocking perfectly. They don't care about (or even may like) that you can set up cloud servers which you need for your thing outside China. They dont care about 1% of the population and all foreigners getting unfiltered access to the outside world. As long as they can filter the information for the vast majority. Which implies that the material they mostly care about is video, which means that intentionally slowing ssh still enable you to do your admin work, but you can not copy 1000 youtube videos quickly. Also, for ssh there is no "1-click-vpn" client available......

The relevant question is: could you trust the devices firmware in the first place? The las tfew year put a solid upper bound to my trust in this respect?

i did not say that this is a new idea.

The way out would be that i would have to license and register private keys for encryption. This is dificult to enforce since there is no way to judge if you use unregistered private keys without entering your home and looking at your harddrive.

The result would be that criminals would continue to use it, and that normal people would be criminalized.

on 4 weather ballon, you can place ~ 8 km of nylon fishing line.

So you can randomly traverse a 100x100x100m volume 80 times.

Not unlikely that you crash the papparazis expensive drone with this approach.