Forgot your password?
typodupeerror

Submission Summary: 0 pending, 4 declined, 0 accepted (4 total, 0.00% accepted)

Security

+ - Cherokee supports HTTPS Virtual hosts.->

Submitted by k1e0x
k1e0x (1040314) writes "This is of some interest for a slow news day..

Apparently Cherokee 0.9.0 was just released and it can do HTTPS Virtual hosts.

http://www.cherokee-project.com/doc/other_goodies.html
"SSL Virtual Hosts
You might have been told elsewhere that named virtual hosts in SSL cannot be supported without SNI (Server Name Indication) because a web server cannot see the hostname header when the SSL request is being processed. Technically this might have been correct in the past. The first thing that the server has to do is to connect with the other end by using SSL/TLS. The user entered host part of the URI must match the Common Name (CN) provided by the certificate. Since virtual hosts are in use, the CN of the first available certificate may or may not match the one specified in the early stages of TLS negotiation.

However, nothing is forever.. and that applies to SSL/TLS connections as well. Cherokee elegantly respins the SSL layer once it knows the virtual server, and the magic occurs: SSL supporting several certificates on the same IP address and port."


--

Apache team had been saying it can not be done for years..

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
"Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical, and a somewhat "chicken and egg" problem. The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server Apache has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase. Bingo!"
"

Link to Original Source
Republicans

+ - Ron Paul raises $500,000 in 4 days online.->

Submitted by
k1e0x
k1e0x writes "Ron Paul is changing the way politics work in America.

As Obama raises $1 million dollars from 500 rich people at a lavish dinner party. Ron Paul made one last fund raising push to raise $500,000 in the final week of Q3. They achieved this goal in 4 short days and now Ron has set the bar at $1,000,000. http://www.ronpaul2008.com/http://www.ronpaul2008.com

Can Ron Paul raise $1 Million dollars in a week without offering the contributers so much as a cracker in return? Can Ron Paul and his supporters pull of the impossible (again)? Is this the beginning of the end for politician's snobbish dinner parties?

We will soon know the answers, he has 3 days left."

Link to Original Source
Republicans

+ - Is the MSNBC Debate Poll Legitimate?

Submitted by
k1e0x
k1e0x writes "Did Ron Paul really win the debate? Did his message of small government resonate with people? or is it a case of click fraud? Could Ron Paul really have more internet savvy supporters than John McCain and Giuliani combined? How do you explain the results?

http://www.ronpaulpresshub.com/

Ever since Ron Paul won the MSNBC Debate Poll, there have been some people around the blog world and Digg expressing skepticism with regards to the validity of the poll. Have some folks stuffed ballots for Paul before? Sure. Pajamas Media pointed out that some Paul supporters did cast many votes, but they also noted that both Romney and Obama had supporters do the same thing. Have some Paul supporters engaged in this more than front runner supporters? It's possible, given the fact that he now is only now getting any media attention. This is why on-line polls should be run by professional system administrators and web programmers, so that vote stuffing can be minimized and the results can be more useful. It's simply too easy for people to influence on-line polls. All it takes is one or two bad apples to give fuel to people who want to sling mud.
"
United States

+ - Laser beams and.. the.. Laser Inspection Force ?

Submitted by k1e0x
k1e0x (1040314) writes "So, if someone created a laser with parts from China how powerful can it be before that someone is bused by the.. well.. actually who inspects lasers? Is there something like a breathalyser for a laser beam?

If I decide to use this (alleged) laser I (may) have what are the risks? Lets say it (may be) 20x the legal limit but will not cause blindness as it (may have) been tested on actual (make believe) people, who suffered no real (or imagined) blindness.

Humor aside.

How do I go about making something like that legal for display and who would ever know anyhow? I don't expect some random police officer to stop by and go.. "My, My, son, you got yur self an awfal bright looking lasur thar"

Uhh.. that is .. if they had reason to.. and they don't, ( >_> ) because I have no laser.. ya know."

Successful and fortunate crime is called virtue. - Seneca

Working...