Depends where. I live in SF most of most years. London is wonderful, if you got a bit of dosh, and I'm there a few months, pretty regularly. Back in Portobello area...
Paris is just a train ride away. Two tubes and a Eurostar? Downtown Paris, from your Kensington door step. Freakin' great town, if you've French friends. I don't think it would be livable, unless you spoke very good French, 'tho.
I met a traveller from an antique land Who said: "Two vast and trunkless legs of stone Stand in the desert. Near them on the sand, Half sunk, a shattered visage lies, whose frown And wrinkled lip and sneer of cold command Tell that its sculptor well those passions read Which yet survive, stamped on these lifeless things, The hand that mocked them and the heart that fed. And on the pedestal these words appear: 'My name is Ozymandias, King of Kings: Look on my works, ye mighty, and despair!' Nothing beside remains. Round the decay Of that colossal wreck, boundless and bare, The lone and level sands stretch far away.
I want Bill Gates to do for American Education just exactly what he did for design of computer operating systems and for compound document management formats.
Because everybody knows that dollars are a surefire benchmark of brain power, so we have proof that Gates is an uncanny supergenius, who should now direct that dollar stream to blast any obstacle for his genius vision of how we should live, and be educated.
Public policy? Twaddle! Smart people with money. That's the cure for what ails society!
SoftImage was king. Alias Wavefront was a powerful contender, with different strengths and weaknesses.
Microsoft bought SoftImage, as a part of the effort to displace high-end Unix workstations with PC's running NT. It was all over, but the shouting. Alias transformed Wavefront into Maya in roughly this timeframe, while MS starved out "dot release" life support on SoftImage...
He also abhorred the violent creation of the Israeli nation, and was actively anti-Zionist.
Yet his work has been captured by the Hebrew University, and is used to glorify a nation who's creation he saw as tragic, and who's establishment he repudiated.
Tough to detect with MOST browsers. They don't report cert chaining in a way that's useful for this. You COULD check the trust chain everytime you HTTPS. Firefox has the Lock icon to click. Same for Safari.
There are plugins for Firefox that alleviate this:
People STILL ask me why I don't use Chrome or Surfari...
Additionally? Modify your workstations settings to use an authoritative external DNS server. OpenDNS is good... enough. Or your ISP servers from home. Then? Use TOR to browse. Be careful with your bank! They may close web-access to your account if TOR has it appear that you log in from Switzerland and Iceland!
These are not the best counter measures, and don't handle every case. TOR relies on SSL - but on a proxy-port, not 80, so usually outside the scope of these gateways. Depending how your company has it's CA published, they may still look "right" when using external DNS lookups, too.
Your employer probably does little with this - it is usually a part of the configuration for Microsoft Forefront TMG (Formerly ISA Server). I f you have Outlook Web Access, and do any spend on MS recommended practices, then you have a TMG, and 9 out of 10 times, the "Inspection Proxy for SSL" feature.
The intent is to scrub the stream for malware attachments and malicious XML, etc. Most are set-and-forget, with little competence to exploit or understand what they have done.
Bigger corporations, or those aware of data sensitivity issues are another matter. Outbound traffic may be subject to this inspection, for DLP with something like Vontu Network Prevent. These controls are managed by folks who spend 25K on netsec, not 25 C's.:-) Then? Clever operators may be logging and trapping all kinds of info. Reports are very "compliance centric" 'tho. The DLP operator team usually has a fair amount of audit scrutiny. Usually...
Any way, TLS is irrevocably broken. It is reasonable security, trivially implemented and nearly as easily defeated. You own DNS and the path? You own the world.
I am involved in defining a new transport security mechanism for my company's products, because TLS/SSL of handwaving, and IPsec brittleness.
Slashdot Mirror
Depends where. I live in SF most of most years. London is wonderful, if you got a bit of dosh, and I'm there a few months, pretty regularly. Back in Portobello area...
Paris is just a train ride away. Two tubes and a Eurostar? Downtown Paris, from your Kensington door step. Freakin' great town, if you've French friends. I don't think it would be livable, unless you spoke very good French, 'tho.
I met a traveller from an antique land
Who said: "Two vast and trunkless legs of stone
Stand in the desert. Near them on the sand,
Half sunk, a shattered visage lies, whose frown
And wrinkled lip and sneer of cold command
Tell that its sculptor well those passions read
Which yet survive, stamped on these lifeless things,
The hand that mocked them and the heart that fed.
And on the pedestal these words appear:
'My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!'
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.
Whoops! NIST is an "Untrusted Organization"!
Now, was this a gift to the NSA, or to the Jailbreakers?
Right, Smitty.
English is the best language.
Think BIG!
What if the next presidential limo was 3000 mics of LSD, Donald Sutherland reading "The Cat In the Hat" and a disco ball?
Monoculture.
It worked for Windows security! Why not for American education?
I want Bill Gates to do for American Education just exactly what he did for design of computer operating systems and for compound document management formats.
Because everybody knows that dollars are a surefire benchmark of brain power, so we have proof that Gates is an uncanny supergenius, who should now direct that dollar stream to blast any obstacle for his genius vision of how we should live, and be educated.
Public policy? Twaddle! Smart people with money. That's the cure for what ails society!
"Old man, take a look at my life..."
Hey. It's "Gamification" of the comment hierarchy.
Save us both some time, and just send it to me...
Right you are. Being on the SoftImage side, that chronology is fuzzier to me.
Still have an Indigo R4400 Elan here, under the desk...
Interesting, your take on SoftImage as related to the games world. XSI was after my folks were all driven away by the 3.x taper...
SoftImage was king. Alias Wavefront was a powerful contender, with different strengths and weaknesses.
Microsoft bought SoftImage, as a part of the effort to displace high-end Unix workstations with PC's running NT. It was all over, but the shouting. Alias transformed Wavefront into Maya in roughly this timeframe, while MS starved out "dot release" life support on SoftImage...
He also abhorred the violent creation of the Israeli nation, and was actively anti-Zionist.
Yet his work has been captured by the Hebrew University, and is used to glorify a nation who's creation he saw as tragic, and who's establishment he repudiated.
http://dissidentvoice.org/2010/01/einstein-on-palestine-and-zionism/
Kurzweil is Lex Luthor.
I Score...
69. Make your own joke.
CA?
You mean "certificate".
Probably, they are not.
NSA has been doing hash collisions in MD5 space to get past this niggle. Your company, probably not. Yet. :-)
Tough to detect with MOST browsers. They don't report cert chaining in a way that's useful for this. You COULD check the trust chain everytime you HTTPS. Firefox has the Lock icon to click. Same for Safari.
There are plugins for Firefox that alleviate this:
An indicator of changes in chain-of-trust, etc.
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
https://addons.mozilla.org/en-US/firefox/addon/perspectives/ Way cool "web-of-trust" validation infrastructure, with more info here:
http://perspectives-project.org/
http://perspectives-project.org/firefox/
People STILL ask me why I don't use Chrome or Surfari...
Additionally? Modify your workstations settings to use an authoritative external DNS server. OpenDNS is good... enough. Or your ISP servers from home. Then? Use TOR to browse. Be careful with your bank! They may close web-access to your account if TOR has it appear that you log in from Switzerland and Iceland!
These are not the best counter measures, and don't handle every case. TOR relies on SSL - but on a proxy-port, not 80, so usually outside the scope of these gateways. Depending how your company has it's CA published, they may still look "right" when using external DNS lookups, too.
This is very common
Very.
Your employer probably does little with this - it is usually a part of the configuration for Microsoft Forefront TMG (Formerly ISA Server). I f you have Outlook Web Access, and do any spend on MS recommended practices, then you have a TMG, and 9 out of 10 times, the "Inspection Proxy for SSL" feature.
The intent is to scrub the stream for malware attachments and malicious XML, etc. Most are set-and-forget, with little competence to exploit or understand what they have done.
Bigger corporations, or those aware of data sensitivity issues are another matter. Outbound traffic may be subject to this inspection, for DLP with something like Vontu Network Prevent. These controls are managed by folks who spend 25K on netsec, not 25 C's. :-) Then? Clever operators may be logging and trapping all kinds of info. Reports are very "compliance centric" 'tho. The DLP operator team usually has a fair amount of audit scrutiny. Usually...
Any way, TLS is irrevocably broken. It is reasonable security, trivially implemented and nearly as easily defeated. You own DNS and the path? You own the world.
I am involved in defining a new transport security mechanism for my company's products, because TLS/SSL of handwaving, and IPsec brittleness.
I'm sorry... is there a better word to describe this self-absorbed troll?
Consistent.
Fat.
Shall I go on? :-)
I'm quoting a "pro".
Hot on the heels of Apple's SSL/TLS implementation "flaw" across all stacks, and the Snowden revelations of NSA infiltration for weakening crypto?
You don't have to be wearing Tin Foil, just to become a little suspicious...