2900+ entries in 0.092s
copumpkin: Chaang-Noi: does thailand have a good national liquor
copumpkin: wait, glbse doesn't have a facility to tell you who your shareholders are?
copumpkin: and given your other interests, it wouldn't be a huge stretch for you to take these yourself
copumpkin: I thought you said you were a photographer at some point
copumpkin: mircea_popescu: do you take all these photos?
copumpkin: nefario: don't be pissy just cause he has a better beard than you
copumpkin: especially since there's no single notion of risk
copumpkin: although The John Walker is the best
copumpkin: AND I AM HERE TO PLUNDER YOUR BOOTY
copumpkin: MrWubbles is full of shit, most of the time
copumpkin: assuming they aren't downplaying it, which they probably are :)
copumpkin: I think the official statement is that the guy made off with 2000 coins or so
copumpkin: the crash was artificial to exploit their withdrawal limits
copumpkin: and then make the site use the sub-cert
copumpkin: store the root somewhere else, and have it sign a sub-cert
copumpkin: I might go out of my way to add your cert to my trusted set
copumpkin: that's why central cert auths are worthwhile
copumpkin: but the vast majority of your users aren't going to know that
copumpkin: sure, you'd attach it to some other notion of identity
copumpkin: or just not even bother doing that
copumpkin: they can act as a middleman and forward requests to your real site
copumpkin: usagi: the point is, if you use a self-signed cert, someone else can pose as your site, and nobody will know
copumpkin: the certificates (possibly even client-side, in some systems) provide auth
copumpkin: TLS provides two features: authenticating your peer, and encryption
copumpkin: you can do that without a certificate
copumpkin: might as well use uncertified diffie-hellman
copumpkin: usagi: self-signed certs defeat the purpose of the system
copumpkin: but during development, it's fairly common to not pay for a real one :)
copumpkin: it's a self-signed root that doesn't match the domain
copumpkin: all of which can be solved by language design decisions
copumpkin: because it comes from a feature in format strings that nobody ever even uses, except for exploits
copumpkin: the latter of which is particularly stupid
copumpkin: most security bugs in the wild arise from buffer overflows or format string vulns
copumpkin: I know what I'm talking about, too :)
copumpkin: the vast majority of security holes arise from a couple of features that many language simply omit
copumpkin: the idea is to minimize the opportunities for them
copumpkin: and I don't even have to write my own STM impl
copumpkin: my colleague saw him on the subway home this evening
copumpkin: usagi: admittedly, asking for idiosyncrasies of particular versions of a specific language isn't exactly testing our security knowledge :)