23 April 2011

Excitement on Horse Corner

So, there we are climbing Horse Corner yesterday, when some dump-truck heading towards the local gravel pit takes a turn in front of us. As the truck takes the turn I think to myself "gosh, that truck is going into that turn pretty fast...".

The truck makes the turn...for the most part. Everything on the truck makes it except for the apparatus on top of dump trucks that swings back and forth -- the thingie that prevents the wind from blowing away the contents in the body. This apparatus can't take the forces involved with the turn, so the whole thing...falls apart.

So, now me and the guy who I'm riding with find ourselves climbing a steep hill, with a heavy 8-foot long steel pipe clattering down the hill straight at us. My fellow cyclist goes right into the ditch, I swing left out into the road, and the pipe clatters between us. A little way down the hill the pipe rolls off into the ditch.

The dump-truck never stops.


I guess that some rides are more memorable than others... (-:



(the attached map was nicely put together by somebody else)




07 April 2011

Certificate Authority Model Is Br0ken

I was mildly surprised when I read in Bruce Schneier's Blog that the Comodo Group Issued Bogus SSL Certificates. Here is yet another example of a CA that doesn't even understand why it exists, and what security precautions it should take because of this.

I think that the most prescient observation I have ever seen written about the Internet's current manifestation of CAs was written by Matt Blaze, who wrote:
Commercial certificate authorities protect you from anyone from whom they are unwilling to take money.
Of course, in this particular case, Comodo Group was so eager to take money from people who wanted their stamp of approval that they partnered with various third-parties in order to issue more certs....and they never ensured that these third-parties implemented adequate security measures.

This NYT article also provides pretty good information.

Now a lot of this mess has ended up in the laps of browser manufacturers (Mozilla, Google, Opera, Microsoft, etc.). I feel badly for them, really, I do. I am involved with a project right now that works with things like root certificates, and handling things like certificate revocations is something that I am only beginning to have the time to investigate. This is a complicated area to work in...