I use Google Authenticator on my home server (and on Google itself). It's a great solution to this problem and works very well. Some ssh clients (notably on iOS) can't handle the two-factor authentication, but I just set those up with private key authentication.

I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.

And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.

There is no room for approximations in a supposed 'COMPUTATIONAL ENGINE' and if YOU can't understand this then I think you should go back to the fantasy world you live in where exact numbers don't matter.

*All* non-integral math done by a computer is an approximation.

Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).

There are places online that sell preloaded credit Visa cards for BitCoins. Is that liquid enough for you?

No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.

You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.

"I've known people who have sued over blatant property rights violations..."

Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.

Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.

This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.

The general idea is that it would force corporations to compete by meeting their customers' needs instead of buying political influence.

He was making a joke, yes- that's what he does. But that line reflects his (and my) actual views on the subject. Laws can set the general rules (eg. no fraud), but they can't get into the specifics of individual deals without inviting corruption.

As opposed to the cancer patients that are dying because they're denied access to experimental treatments? The FDA cuts both ways, and it's not at all clear to me that it's a net win, especially when you consider where health care could be if it were allowed to flourish like the computer industry.

"When buying and selling are controlled by legislation, the first things bought and sold are legislators."

What's really funny is that the people who want the government involved in everything are the same who act outraged when the inevitable corruption follows.

What, are they nuts? Who would want to live in a place where barroom brawls give way to deluges of bullets? Or where would-be minor road rage incidents end up in cars full of corpses? The violent crime rate there must be through the roof!

Except that reality doesn't match left-wing fantasy, and Vermont has one of the lowest murder rates in the country.

I don't understand why people can't leave the shooting of criminals to the police

Because when seconds count, the police are only minutes away.

I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.

If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.

The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.

Your point about spoofed URLs and such is correct, but that's a different problem.

But that doesn't actually protect you - it just gives you a false sense of security.

If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?

It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.

Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.

Without validation, encryption is worthless. You'd never know a man-in-the-middle attack was occurring, and then what's the point?