I'm pretty sure that a) Chrome and IE both use the Windows cert store, and b) if CNNIC was included as a trusted root, it would only be trusted for .cn path, because its not in the trust chain for .com or .ca or .gov or whatever.
Oh, and c) in Windows 8.1 at least there is no sign of CNNIC
So the guys expectations were wrong, and he got burned? So its the site's fault? You said it yourself, it was due to an expectation. Expectation can be false. There was absolutely NO duty for Blog of Arizona to keep this guy' identity secret. Just like Mike has no duty to anyone but himself when it comes to our identities.
If he had wanted to ensure his anonymity he should have protected his identity. He did not. He merely did not expose it deliberately. There is a BIG difference, and the fault lies with him, not the blog.
People are anonymous on blogs because they are allowed to be by the owner of the site. End of story. Don't want your racist leanings public? Don't give that information to someone! End of story.
You guys are attributing to a blogger the sacred trust that we carry with a lawyer or doctor. Which is insane. He had absolutely no duty to this guy to keep his name secret, and I'm not sure why anyone thinks he did? So strange.
Was there anything on his site explicitly stating that anonymous comments would never be exposed? Did he sign an NDA? No? Then buzz off, Blog of Arizona is 100% correct in what they did.
What? I think its pretty clear that anyone using Apache does so at their own peril now. Why is it moronic to assume that administrators interested in their users security will let go of ideology and begin using IIS.
A year of NSA revelations, 2 major POSIX security flaws and not a peep about CryptoAPI. However it shakes out with IIS, the debate about open vs closed source security is close to being settled for good.
Companies and people hand over evidence all the time without a warrant, so I'm not sure what your point is. A warrant is for an unauthorized search. This search was already authorized.
I really don't understand why this group would rather have cops searching through Hotmail than MS. Seems that every other story about the government searching emails has this site up in arms, but when MS does it you run back to the government. So weird.
Basically, yes, but its a massive gulf right now. Some organizations can get away with it because of their skillsets, but its hard to sustain and they have trouble hiring.
The U of A where I worked has a large OSS infrastructure, that I helped manage, and its hard to hire good people to support it. They manage it, but it would be impossible to scale it out to the desktop for 800 end user IT people, 10 000 staff and 45 000 students in the computer labs. In contrast, the EA agreement is only low 7 figures for all their MS licensing.
Its changing, and it will likely be a completely different ballgame in 10 years, but its not really a contest at my level.
After attacking Mike over one thing, I have to step in here and defend him. He is a friend of the general public, not Google. It's just that in a lot of ways Google has aligned incentives with the public because their business model is public trust (to a large degree). Microsoft's interests are aligned with their Enterprise customers and OEMs where the bulk of their revenues come from. So it might look like he's a Google supporter, but really issue by issue he agrees with them more often than MS.
This is changing as Google becomes more attracted to Enterprise revenues (very stable), and MS becomes more consumer focused. As their incentives drift towards each other their behavior will become more similar and Mike will hate on them equally (or cash twice the shill checks as you seem to think)
That's a fair point, but I'm not 100% sure its a better solution. I think they already hand over too much information to law enforcement. Microsoft at least has an incentive to only look at pertinent information and to scrub it when they're done. Law enforcement has no such incentive. I think the obvious solution is a neutral 3rd party or a Cloud Services regulatory board to handle sensitive issues like this.
I think a lot of the outrage towards this is because people don't understand how big a deal this is to Microsoft's biggest customers, both OEMs and EAs. They had to do something, and they did, they just didn't have a good solution on hand and guessed wrong.