If you do not have a valid certificate signed by a CA, SSL is not providing any security.

Yes, the warning you get when you visit a site with an invalid cert is much scarier than what you see if you visit an unencrypted site. But it's the sites that use encryption that users care about, because those are the sites that get their passwords and credit card numbers.

Perhaps you think the browser should make an exception for self-signed certs. After all, there's nothing "wrong" with their signatures. Nothing's expired. No signature fails to validate. Why not just make the URL bar orange or something? Because anyone can create a self-signed cert and sub it into a Bank of America SSL connection.

It sure is annoying that you have to pay $20 every year to keep an SSL cert. I totally agree that this a problem. But right now, without that $20, you have a connection that provides cryptographically zero security. Short of coming up with a way to create a trustworthy CA that runs for less than $20 a year, there is no great solution to this problem.

If we're not going to warn folks about unencrypted links where every proxy in the way is a man-in-the-middle attack waiting to happen, why are we going through such contortions to warn them about the same attacks in a situation where they are much harder to accomplish?

I've never understood this warning at all.

Judging from the number of orders we've been getting, it seems like people have been waiting for something like this for a while. While there are other wireless digital photo frame products out there, we really feel that we've been the first company to tackle it from the software perspective.

Thanks again!

http://blog.johnath.com/2008/08/05/ssl-question-corner/

An especially pertinent point from his post:

"Several CAs accepted by all major browsers sell certificates for less than $20/yr, and StartSSL, in the Firefox 3 root store, offers them for free."

So anything that basically "mixes" the sun will cause more heat to be emitted. No sun spots=no mixing, and all the heat remains trapped.

I think that after trapping heat for so long, the sun gets hotter and generates more sun spots because of all the extra energy. The sun spots bleed it out, and the cycle continues.

Update: Here is a good example of silly REST dogma: http://www.25hoursaday.com/weblog/2008/06/10/TwoCardinalSins... (since a lot of people don't seem to understand that REST isn't the same as HTTP, but more like a religion layered on top of HTTP).

For example, the FriendFeed api includes a method that fetches multiple feeds at once: http://friendfeed.com/api/feed/user?nickname=paul,bret,jim&#... Where should one user PUT their updates such that a simple HTTP cache will know to invalidate that GET? It's not possible. The cache must understand the internals of the system in order to do proper invalidation here.

It is a valid neurosis, though. Even 20-25 years ago, a scientist wasn't that bad off, economically. My uncle made enough money to buy a house in the Bay Area as a microbiologist at a government lab. Nowadays there is no way someone in the same position could buy a house in the same area. Even renting your own apartment would be painful. The salary has remained the same, whereas life has gotten much more expensive.

I was working based on this paper written by Google researchers in June 2007, which refers to one of Google's "typical" servers having a theoretical peak power of 213W and an actual peak power of 145W:

http://research.google.com/archive/power_provisioning.pdf

While I agree that in general information about Google's systems is a mix of inaccurate and out-of-date, I think it's probably safe to trust numbers given in research papers published by Google... especially when the numbers deal with how much power is being used, and the topic of the paper is power distribution within datacenters.

Therefore, I'm gonna point out that this is !HN.

Some guy whining aggressively about sports on TV -- this seems about as far from HN as you can actually get.