The article you linked to is kind of confused and I'm not sure I blame them. This stuff is really complex!
According to the proposal[0], leaf certificates are prohibited from being signed with a validity window of more than 397 days by a CA/B[1] compliant Certificate authority. This is very VERY different from the cert not being valid. It means that a CA could absolutely make you a certificate that violated these rules. If a CA signed a certificate with a longer window, they would risk having their root CA removed from the CA/B trust store which would make their root certificate pretty much worthless.
To validate this, you can look at the CA certificates that Google has[2] that are set to expire in 2036 (scroll down to "Download CA certificates" and expand the "Root CAs" section) several of which have been issued since that CA/B governance change.
As of right now, as far as I know, Chrome will continue to trust certificates that are signed with a larger window. I've not heard anything about browsers enforcing validity windows or anything like that, but would be delighted to find out the ways that I'm wrong if you can point me to a link.
Further, your home made root certificate will almost certainly not be accepted by CA/B into their trust store (and it sounds like you wouldn't want that) which means you're not bound by their governance. Feel free to issue yourself a certificate that lasts 1000 years and certifies that you're made out of marshmallows or whatever you want. As long as you install the public part of the CA into your devices it'll work great and your phone/laptop/whatever will be 100% sure you're made out of puffed sugar.
I guess I have to disclose that I'm an xoogler who worked on certificate issuance infrastructure and that this is my opinion, that my opinons are bad and I should feel bad :zoidberg:.
It is really not a good idea to let your naked record go to a 3rd party. If you need your root to be an A name, go with a DNS provider that will do URL redirects. If you trust them with DNS resolution of your domain you can trust them to not go crazy with your root record.
EDIT:
If you are looking for a host that will do this, http://NameCheap.com is how I do it but I understand GoDaddy and Hover does it too. Seriously... go with a reputable registrar that has these simple features it will pay off in the end.
I agree with this 100% If anyone wants to implement something like this on a server which you have control over, here is the mod_rewrite line which enables this "service":
when I saw someone retweet about this service in my stream it was a bit confusing... can't really see the purpose myself, when you, as you mention, you can handle this within the confines of your own registrar.
I'm curious as to why the developer felt the need to make this.
I wrote this "service" and the answer to why I did it is three-fold. 1. I had used 2 services, blogger and shopify, which didn't support pointing naked domain names. 2. It took all of 10 minutes and 3. I somehow landed on an epic domain name.
The long answer is that I run a platform for high-availability sites. I don't want to manage the client's DNS and I want to have the flexibility to instantly move sites from server to server. The answer, is to setup a CNAME and have the clients point their primary CNAME (www) to a host where you control the DNS.
www.example.com CNAME to example.myhostingservice.com. example.myhostingservice.com would then either point to an IP address or a round-robin DNS setup.
That leaves the problem of the naked domain. Traditionally you'd point the naked domain to the Primary IP address and then do some httpd.conf magic to redirect the naked to the www (or vice versa). However this does not solve the problem of what happens if the underlying IP address changes.
Pointing the naked domain to a dedicated IP address which is not associated with where the site is hosted removes the problem of what would happen if you change IPs quickly.
I don't know specifically about the `crashme` tool but I can say that fuzzing is not a technique that has gone out of vogue. In fact it is standard security practice for finding ill defined behavior in programs for buffer overflows and other nasties. When you read the exacerbated cries of the security researchers who have been sitting on a critical IE/Firefox/Whatever bug they almost always scream something to the effect of "Why didn't they just use a fuzzer, it's easy to find these problems that way -- that's how I did it." I would like to give props to Google, their security teams have been diligent in running static analysis and fuzzing tools against their code (white box[1][2]/black box testing[3])
As always, Wikipedia is a great source for information on this one[4] and I can personally testify to OWASP's fuzzer if you're going after webpages (my last local OWASP that I went to was on fuzzing and was REALLY interesting)
Here comes the flame war about how our educational system has declined in the past hundred years. In an attempt to head that off at the pass (Hey, if you're going to have a cliché argument I get to use a cliché) here is the problem with that. This is a test designed to review the material deemed important by one person in 1895 (If it is really from then). The class would have gone over what "epochs into which U.S. History is divided". This is the same thing with the stupid joke that I always heard when I was doing calculus and adults were around "When I was growing up, you didn't have to spell out your math homework". That is code for "I have no idea what's going on here" and let's be honest, that is fine.
I would bet that most people who read this could have answered almost all of these questions at some point in their life. We have to remember that the purpose of education is to teach you how to learn and how to adjust to your current situations. You learn what you need to get the job done and you relearn what you can't remember to complete the job.
EDIT: It's good to see that Snopes already did this. Thank you Snopes and thanks glhaynes for pointing us to it.
More importantly, many of the test questions are dependent on rote memorization of facts that are nearly useless in the accomplishment of successful life. How many bushels in a tare? What is a "principle part" of a verb? These things can be found on Google. I have all the skills tested by this test, but lack some of the knowledge. Since my brain is just a cache for knowledge, I can always fault it in if the need arises.
I think of it more as a look at how different life was in 1895. You couldn't Google anything. A farm owner probably would benefit from being able to do those math problems in his head.
I think you are right about how it reflects a different time.
I doubt many average farmers kids made it through to 8th Grade though. Anyone who was taking the 8th Grade exam was probably reasonably wealthy, looking to continue studying, and take on a profession of some kind.
The "tare" is the weight of the container holding the item being weighed, in this case presumably the weight of the wagon, which is why the question specifies that weight. If you ask Google "tare in bushels", your comment itself shows up as the top answer :-).
I don't agree with you, I rather think farmers would need to know how to convert things like bushels just as much as I need to know how to convert milliamps to amps. The only difference is metric is easy, so you don't need to get tested on it.
My point is that I am not a farmer, thus whether I can pass this test from memory is totally uninteresting and means nothing about whether or not education is declining in America. (I.e. I agree with the parent.)
But the long-term memory is a memory cache that shrinks when not used. That's why the ignorant are always thrashing about, no matter how clever they are.
There are a lot of problems with HFT (high-frequency trading) that basically boil down to proximity to the exchange. If you haven't paid for a colo inside their datacenters you can't well expect to use the usual HFT tricks of putting in requests for things you don't want and then never making actions on them because your 40ms latency to the exchange will mean that the guys in the colo have acted on your move. I heard someone say that they got a colo for 10,000 a month (sorry, I don't have a source for that) so that kind of edges you out of really good HFT. Another thing to know is that you are running around like a chicken with your head cut off trying to grab pennies off a railroad track that is running bullet trains (I love that analogy). i.e. very dangerous. Slight mistakes can cost you hundreds of dollars ever 20ms until you hit ctrl+C in your script! I do wish you the best of luck and I hope you will write about your progress/experience in HFT on HN in the future.
I suspect they are not sorted by popularity. The user setting is "topcolor" and this page is "topcolors", so don't assume that the "top" is implying most used.
I will add a little more detail. When Netflix starts sending enough data through standard connections that they start to cripple the internet, they will set up peering agreements and run direct line to the front door of every ISP. If you don't think that is possible look at Google who has peering agreements with everyone except tier 1. We will be fine, the sky isn't falling and no, this is not the end of the world. Not even close.
Peering reduces load on the backbone, but not on the middle or last mile which is where I think congestion is predicted to appear. Only the broadband ISPs can upgrade there.
In June, RadioLab (The NPR show), did a show called "Oops" that had a section on this. It was a REALLY interesting episode and continues to be a spectacular podcast.
I'm far from impressed with this. How is ?? any different from a guard ( || )? I use that all the freaking time in every language. I've never written a line of C# and even I know about the parallel module, how didn't that make the cut?
C# has || just like any other language, but objects aren't truthy and nulls aren't falsy. This was a good design decision, since it catches the common = vs. == error if(a=b) while doing the type check rather than silently doing the (probably) wrong thing. As a consequence, the || doesn't work as it does in other places. Hence ??.
Java, as far as I know, does not allow if (someObject) where someObject is a class type. AFIAK, java only allows that if someObject is a bool, or possibly an int as well.
In strongly typed languages in general, null is not the same thing as false and not-null is not the same thing as true.
According to the proposal[0], leaf certificates are prohibited from being signed with a validity window of more than 397 days by a CA/B[1] compliant Certificate authority. This is very VERY different from the cert not being valid. It means that a CA could absolutely make you a certificate that violated these rules. If a CA signed a certificate with a longer window, they would risk having their root CA removed from the CA/B trust store which would make their root certificate pretty much worthless.
To validate this, you can look at the CA certificates that Google has[2] that are set to expire in 2036 (scroll down to "Download CA certificates" and expand the "Root CAs" section) several of which have been issued since that CA/B governance change.
As of right now, as far as I know, Chrome will continue to trust certificates that are signed with a larger window. I've not heard anything about browsers enforcing validity windows or anything like that, but would be delighted to find out the ways that I'm wrong if you can point me to a link.
Further, your home made root certificate will almost certainly not be accepted by CA/B into their trust store (and it sounds like you wouldn't want that) which means you're not bound by their governance. Feel free to issue yourself a certificate that lasts 1000 years and certifies that you're made out of marshmallows or whatever you want. As long as you install the public part of the CA into your devices it'll work great and your phone/laptop/whatever will be 100% sure you're made out of puffed sugar.
I guess I have to disclose that I'm an xoogler who worked on certificate issuance infrastructure and that this is my opinion, that my opinons are bad and I should feel bad :zoidberg:.
[0] https://github.com/cabforum/servercert/pull/138/commits/2b06... [1] https://en.wikipedia.org/wiki/CA/Browser_Forum [2] https://pki.goog/repository/