Comment Re:Wrong... (Score 1) 880
Or Jibbers!
Or Jibbers!
It's the only place I can get decent reception. Relocate your router and I'll gladly get off your lawn.
In the meantime, can you please give it a quick mow? It's getting long and tickly.
Unless your company/vendor forces you to use it externally, or will not provide said VM for internal sites.
I'm not agreeing that it's OK to use such a browser, just saying that it's not necessarily the users own fault. Companies can be idiots too when it comes to IT security.
I don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.
If this is such a case, the fuckwad is the company (for not hiring developers to upgrade the app) or the vendor that supplies the app without upgrading it (Maybe the company is still to blame for not moving to a more current product, or maybe there isn't one). Either way, the user that is forced to stick with the crappy browser is not necessarily the problem.
Though he might be!
You are correct in your understanding.
You can also check your privacy just by looking at the certificate for any site you are visiting over HTTPS. Check the certificate authority and make sure it looks legitimate. If you are unsure, you could look the cert up using an online service and compare the online version and your local version.
They should match but there always caveats - Maybe the site is using different certs on different parts of a CDN that has its own server cert installed in browsers. CloudFare is a good example of this - they can create valid certs as they please since they partnered with GlobalSign.
But your VM method should be just fine, yeah
Free ones (at least StartSSL) are recognized by most browsers that I have tried. That's an anecdotal, non-exhaustive list, of course. I'd be curious to find out what mainstream browsers do not recognise them though.
With StartSSL the actual cert generation is easier than that as they create the key on their server first and they ask for the forms on the site. No CSR is needed, though you can do it that way if you wish.
What is a tiny bit annoying is their authentication - you need a client authentication cert installed on your browser. Not hard in itself, but annoying if you have let the old one expire as they then need to review your request for a new one.
One other thing is verification that you own the domain, through various methods. Not hard to do, but automated and very necessary.
No
What? I think this thread is going off track somewhat. I don't think Dave420 was talking about Client Auth certs. He was talking about root certs installed on the clients. Without the standard set of root and intermediate certs installed on the client (Installed by default on web browsers and some other clients such as Java virtual machines etc), TLS will not work (Well it will, but there will be warnings).
What Dave420 meant was that for the appliances and software solutions that cache/inspect the TLS traffic can only do so if a new root cert is installed on the client. This root cert enables the MITM device to create its own cert for any website without the client throwing up a warning.
Nothing to do with client auth.
Except modern browsers and servers support SNI, so the hostname is now sent as plaintext on the network.
Even for lower use images, caching them closer to the poster could be helpful given that their circle of friends is likely, statistically, to be in the same region. One image alone would not make much difference in this case, but millions of low use images mostly coming from caches closer to most of the people viewing them would make a huge difference.
The Corolla has CVT now too. It's getting pretty common out there in some mass-market cars.
Also, on his other comment about Wankel engines, I believe that Mazda are re-introducing one. Just rumours now, but it's not necessarily dead yet.
Very relevant, lol...
Who will build and maintain the infrastructure needed to accommodate said leisure society?
He's probably thinking of when it switched to MTP. There were a few glitches when that happened, some linux boxes could not mount it without fiddling, but it's pretty universally supported now. Except on OSX, I think?
He has not acquired a fortune; the fortune has acquired him. -- Bion