I think Joe Cascio's idea of "collateralized identity" looks really interesting here:
http://joecascio.net/joecblog/2013/03/25/collateralized-identity-using-bitcoin-to-suppress-sockpuppets/

The core problem we're really trying to solve with a CAPTCHA is: anonymous identities are very cheap to create. We can require the user to provide and verify an email address, but it turns out those are cheap to create too. What we really need is a way for the user to prove that they have something invested in their identity - be it monetary value, time, cpu cycles, or whatever. A bit like slashdot karma (so you can filter out trolls/spammers using identities with nothing invested in them, which are cheaply created/replaced.)

Bitcoin, if it should ever gain widespread adoption, provides a very convenient mechanism to accomplish this:
1. each bitcoin user already owns pseudonymous unique public identifier (ie. their bitcoin address), which they can provide to any website as a portable identity
2. to prove ownership of this identity the user can sign a challenge from the website using their private key (hey, we just solved the password problem too!)
3. an amount of monetary value (ie. bitcoin) stored at this address, plus the length of time it has been stored there, is publicly visible on the block chain.

This allows the website to assign weight to the identity based on a combination of: the amount of value stored with the identity + the time it has been stored there. An identity that has had $20 stored with it for 3 days is probably not a spammer. An identity that has had $0.20 stored with it for 3 months is also probably not a spammer.

Of course it is easy to generate an unlimited number of such identities - but hard to have a decent amount of value stored with each of them for a decent amount of time. Websites can easily adjust the weighting threshold required to sign up / post comments based on experience with incoming spam. And there's always the ban hammer - which suddenly has some real weight behind it again :)

Important to note:
1. the money (ie. bitcoin) associated with the ID stays under the user's control at all times. The user alone has the private keys required to transfer/spend it any time they like - of course doing so would lower the weight assigned to their identity by any websites that inspect it.
2. the website need not store any authentication information for the user (eg. a password). The user retains control of their private key, and can use it to authenticate without disclosing it to the website.

Too hard for Joe Public to understand? Maybe.

Just imagine this all wrapped up in a friendly browser plugin. When you visit a website there's no login page - your browser has your private keys (perhaps encrypted with a master password, like Firefox's password manager does today) and just automatically authenticates you. Your browser could provide a drop-down "switch identity" widget in the toolbar to let you flip between multiple IDs / generate new ones, which is the only bit visible to the user (they need never hear terms like "private key".)

An "add weight to this identity" option would allow you to add/withdraw funds for any ID. Initially this might look like a bitcoin transfer (confusing for non-technical people), but a private company could easily provide a regular payment gateway on top of this (ie. accepting dollars), making the process no harder than recharging your skype credit.

Adding weight to any identity would be strictly optional, but might eg:
* allow you to skip CAPTCHAs
* allow you to post at +2 on slashdot by default
* generally increase the trust in your identity being genuine all over the web - use your imagination....

You can restrict what a particular user is allowed to execute with sudo.

You could indeed get a cert for s1ashdot.org, but if you don't mind my saying, that's a pretty crappy attack mate :)

A lot of people might notice the blatant "1" in your domain name; many more might never visit that domain at all. Which is really the point here.

Let's pretend for the sake of this example that slashdot actually supports SSL :) When I visit the real https://f6ffb3fa-34ce-43c1-939d-77e64deb3c0c.atarimworker.io/, with their valid CA-signed cert, I still have confidence I'm communicating with their server not yours.

If you were in a position to intercept my packets to slashdot - ie. the situation in which SSL is of some value - then you still couldn't do much. You can send fake replies to me, pretending to be slashdot.org - classic MITM attack - but your self-signed certificate is a dead giveaway. Good luck getting a CA to issue you a cert for slashdot.org, I doubt they're interested in issuing a duplicate while there's already a valid one out there.

This is the problem trusted certs are designed to solve. Your problem is a different one; it's called phishing (terrible name huh?).

Actually, they've kludged something something together to help with that problem also: big institutions that really need it (eg. banks) can pay a ton of money to a CA for an "extra special cert", which gives them eg. that nice green address bar in firefox, indicating a higher level of identity trust to the user.

Yes, it's probably a cash cow. But hopefully they do a few background checks before issuing those at least, and the high fee presents a barrier that Joe Random Phisher may be unwilling to pay.

This is a misconception. DNS poisoning is certainly not required.

If somebody is in a position to read your packets, they are also very likely to be in a position to intercept / modify those packets.

Any point on the route between you and the destination host could be sending those reply packets you receive and failing to pass yours along to the next hop; you really have no way of knowing.

This could be fully automated and, for example, enabled by default for data going to a particular destination host. The initial implementation is non-trivial, I'll grant you, but it only needs to be written once and then every script kidding from here to Timbuktu can pass it around amongst themselves. The attacker requires no more resources than regular plaintext sniffing, excluding a little cpu time to handle the crypto. You think these things don't exist? :)

Encryption is nothing without trust.

Wow brave post; looks like you were really inviting trouble with these kind of statements :) I used to hold similar views, and I know it can be a hard position to defend. It's not my fault / I have a slow metabolism / I exercise all the time and don't lose weight / some people are just built differently / etc.

Back then I weighed 132kg and had been fat all my life. Today I weigh 91.5kg, fit into ordinary size clothes (read: M, L), and feel springy & full of energy after climbing a couple flights of stairs, instead of puffed & out of breath. The change came only after I saw through all of these excuses and changed my own attitude.

You are obviously proud of the self control you have developed thus far, and you should be, but I would suggest you need to develop it a little further. You can't prevent your brain telling you that you feel hungry, but you can recognise that it is malfunctioning and choose to ignore the signal; nobody is holding a gun to your head compelling you to eat large portions. Eat nutritious food in "moderate" (look it up, it's smaller than you think!) size portions, and enjoy the feeling of being "hungry" - that's your body running low on fuel and burning the reserves!

It's not a terrible thing to feel "hungry". Not the way people in rich western countries use the word (I'm from New Zealand). There are many people in the world who live with real hunger on a daily basis. Do not mistake "I feel like eating" for *hunger* - in your case & in mine it's really not that serious that it can't be overlooked :) After you get used to eating less, your brain will catch on and stop sending the "hunger" signals.

Also, don't knock weight training. Firstly, any kind of exercise is better than none. Secondly, if your body converts fat into muscle you may not initially lose weight (muscle weighs more), but you're already more healthy. Thirdly, having more muscle is like having a bigger engine in a car; you need more juice to run it, even just during daily tasks. In other words more muscle means your metabolism rises and you burn fat more easily, plus you feel like you have more energy and exercise becomes easier. Cardio training is important too, but you've gotta start somewhere - it's a momentum thing. The more you do, the easier it gets.

In short: you have to eat less (esp. less fat; going crazy with fruit & veg can't hurt) and exercise more. That's the only way, and it's damn tough, but it does work and when you get to the other side you realise it's really really worth it :-)

Your body simply can't construct fat cells out of thin air - you have to put the right things in to it to enable it to become fat. Whatever your makeup predisposes you to, what food you put inside your body is your always your own choice.

My 2 cents.

How dare you. You may think you're being clever, green, perhaps even resourceful. But the fact is, every time you use recycled equipment you're stealing from the pockets of the hard-working, starving engineers at Intel!

Who do you think created the "intellectual property" inside your machine? Intel, I presume, have invested a lot of time and money into designing that chip you're running, and you've never paid them a dime for their effort. Thief! Just imagine if everybody behaved as you do - nobody would make computers anymore!

CPUs want to be free. Intel want to be paid. You just want to be cheap.