We also have a transparent intercept on port 80. And no, the proxy doesn't accept CONNECT. We even block ICMP, so no ping-tunnels. You should be able to tunnel your way out over HTTP, but it'll take a bit of work - far beyond what students can do.
They have low-tech means of circumventing the filter, mostly involving spending an hour going through page after page on google until they find a site not blocked.
Wouldn't mean much. Screencaps can be trivially faked, anyway. The submitter clearly doesn't want us to know which school this is. I can only say it isn't the one I work at - we use SSL interception on the school computers, but not on the BYOD network, which simply blocks SSL entirely.
The school would simply explain that monitoring use of the IT facilities is an essential part of their safeguarding or child protection policy. That's as far as it'll go.
It's one of the big rules of school management. You do *not* question the safeguarding program. No matter how silly it may seem. To do so would risk opening onesself up to accusations of endangering students. No school employee ever lost their job for being too cautious.
The policy which requires the school protect the children against dangerous* sexual imagery and enforce the school's anti-bullying policy**.
*We're talking to parents here - as far as they are concerned, it's dangerous. **If students are exchanging harsh insults on the school email, we need to know about it.
I work at a school. Yes, we have all machines on their network trust us as a root CA. We do that with good reason.
Currently in most countries, especially the UK, there is an atmosphere of paranoia bordering on terror anywhere that minors and sex may come within a hundred meters of each other. Even so, teenagers tend to meet their stereotype and display a fascination with sexual imagery. This means that it is absolutely essential that schools maintain a comprehensive internet content filter. This is not an optional extra. Without it, it's only a matter of time (and not much time) before some student happens across Dirty Dave's Scat and Fisting Gallery and shows it off to all his classmates. This in turn results in many terrified parents, legal action against the school for destroying jimmy's innocent little mind, and columns in the Daily Mail demanding the head be fired.
If we could not filter the internet, there would be no option but to forgo it. If we could not filter the ssl sites, there would be no option but to block ssl entirely by blocking all traffic on port 443. There is no possibility of effectively filtering SSL without installing a root CA, and so that is what we have to do for any device on our network that needs SSL connectivity.
Got that? No filtering, no internet. That's just the way it is. I don't like censorship more than anyone else, but this is the real world and sometimes ideology has to take a back seat to practicality and an angry mob of parents. Besides, without effective filtering, the students would spend more time playing flash games, watching the yogscast, listening to music videos and checking facebook than actually doing their work. Giving the students a locked-down and heavily censored internet is still better than giving them no internet at all, which would hold them back academically.
Google's primary business is advertising. All the services they provide are there to service that business, either by allowing them to serve up more advertisments or by collecting data they can use to target those adverts with greater precision.
The trusted proxy panic was really a scare about nothing. It's just a way to allow for HTTP(S)2 interception by a proxy which the client machine explicitly trusts and authenticates - something which is already very common practice in the corporate lan as a means of keeping the employees off of porn/facebook.
They say they need a court order. How do we know they havn't just issued some secret National Security Letter or FISA warrant that says 'let us sift through everything, and we'll throw you in jail if you ever tell anyone this request was made?' This assurance is better than nothing, yes - but it doesn't change the fact that if you want to be secure from prying government eyes human or automated, you just can't trust any service provider any more. The only way to be sure is to verify security at both endpoints of any conversation, and encrypt on the assumption that all intermediary hosts and routers are compromised or monitored.
So the media report introduced inaccuracies in their summarisation. Nothing new there. I should have seen that one.
Still poor though, as the 'covered by clothing' part, combined with modern teenage fashions, means a lot of young women are now going around in such a manner that any picture of them is now one stop short of child porn.
Yes, it's a government-required standardised test. Administered by the exam board OCR. I'm guessing OCRs agreement is something along the lines of OCR turning a blind eye and the school not starting legal action that could run for years and embarrass everyone involved.
Isolation. Geographic, mate choice, breeding season. Lots of factors can cause two nearly-identical populations to stop interbreeding, and divergence follows from there. That's simplified, of course. Species is something of an artificial concept - there are things like ring species that show just how hard it can be to classify.
Because to the fundamentalist, it's an all-or-nothing thing. If you accept evolution, you have to throw out the story in Genesis - but if you do that, how can you be sure the rest happened? How can you be sure the story is right about the flood, or the slavery of the hebrews in egypt, or the exodus event, or the settlement of Israel, or all the prophets that followed? If you accept that one part of the holy text is a lie, then you open the whole thing up to doubt.
Pet projects, and occasionally restrictions on funding. I wouldn't be at all surprised if someone tries to sneak in a clause saying none of the money may be spent on climate change research or something of that nature.
Lets see how this comes out of the congressional sausage factory before we get too excited. Much of the spending is going to be contested. Budgets are also common places to stick unpopular riders, so there will probably be a few nasty surprises snuck in.
At a guess: It uses a different essid, but runs at the same channel/frequency as the customer's wifi. Retuning a transceiver is a slow process, it's not practical to jump between channels every packet, and multiple transceivers would raise the cost.
You underestimate the importance of rhetoric. A solid position can easily lose out in public perception to a pack of lies skillfully presented and tied in with the audience's defining values. Creationism is a very good example of that. Scientifically it's been dismissed more ways than I can describe - hundreds of independant avenues of scientific investigation all confirm it's a load of rubbish. Yet it remains very popular in the US, because supporters have been able to present it as an essential part of christianity - and it'll take more than the combined knowledge of all fields of science to convince most people to give up something as self-defining as their religion. The anti-vax movement can exploit something perhaps even more powerful, the parential protective instinct.
Debate and public perception isn't about arguments. They are only a part of the debate, and not even the most important part at that. Humans are not rational creatures.
Sometimes mockery is also required. Responding to lies with truth can easily create the impression of a debate of two respectable sides, when the more accurate perception is that one has arguments and the other has cheating and manipulation. In that situation, it's not enough to just point out the errors: They must be mocked without mercy to make it clear that the position is not only wrong, but so wrong as to be laughable and not worthy of any respect.
It's an idea, but it would be prone to mistakes. Some innocent person gets the coins in a transaction, and finds they are now suspect. Add in a tumbler or take it to a bitcoin casino (You'd only need one ignoring the blacklist or late on their updates) and hundreds of people suddenly have tainted wallets.
Because the hackers can launder the coins. Sell them to unsuspecting people, who find their new coin is worthless. Donate them to charities, so any blacklisting project inadvertantly blocks them too.
We also have a transparent intercept on port 80. And no, the proxy doesn't accept CONNECT. We even block ICMP, so no ping-tunnels. You should be able to tunnel your way out over HTTP, but it'll take a bit of work - far beyond what students can do.
They have low-tech means of circumventing the filter, mostly involving spending an hour going through page after page on google until they find a site not blocked.
Wouldn't mean much. Screencaps can be trivially faked, anyway. The submitter clearly doesn't want us to know which school this is. I can only say it isn't the one I work at - we use SSL interception on the school computers, but not on the BYOD network, which simply blocks SSL entirely.
The school would simply explain that monitoring use of the IT facilities is an essential part of their safeguarding or child protection policy. That's as far as it'll go.
It's one of the big rules of school management. You do *not* question the safeguarding program. No matter how silly it may seem. To do so would risk opening onesself up to accusations of endangering students. No school employee ever lost their job for being too cautious.
The policy which requires the school protect the children against dangerous* sexual imagery and enforce the school's anti-bullying policy**.
*We're talking to parents here - as far as they are concerned, it's dangerous.
**If students are exchanging harsh insults on the school email, we need to know about it.
I work at a school. Yes, we have all machines on their network trust us as a root CA. We do that with good reason.
Currently in most countries, especially the UK, there is an atmosphere of paranoia bordering on terror anywhere that minors and sex may come within a hundred meters of each other. Even so, teenagers tend to meet their stereotype and display a fascination with sexual imagery. This means that it is absolutely essential that schools maintain a comprehensive internet content filter. This is not an optional extra. Without it, it's only a matter of time (and not much time) before some student happens across Dirty Dave's Scat and Fisting Gallery and shows it off to all his classmates. This in turn results in many terrified parents, legal action against the school for destroying jimmy's innocent little mind, and columns in the Daily Mail demanding the head be fired.
If we could not filter the internet, there would be no option but to forgo it. If we could not filter the ssl sites, there would be no option but to block ssl entirely by blocking all traffic on port 443. There is no possibility of effectively filtering SSL without installing a root CA, and so that is what we have to do for any device on our network that needs SSL connectivity.
Got that? No filtering, no internet. That's just the way it is. I don't like censorship more than anyone else, but this is the real world and sometimes ideology has to take a back seat to practicality and an angry mob of parents. Besides, without effective filtering, the students would spend more time playing flash games, watching the yogscast, listening to music videos and checking facebook than actually doing their work. Giving the students a locked-down and heavily censored internet is still better than giving them no internet at all, which would hold them back academically.
Google's primary business is advertising. All the services they provide are there to service that business, either by allowing them to serve up more advertisments or by collecting data they can use to target those adverts with greater precision.
The trusted proxy panic was really a scare about nothing. It's just a way to allow for HTTP(S)2 interception by a proxy which the client machine explicitly trusts and authenticates - something which is already very common practice in the corporate lan as a means of keeping the employees off of porn/facebook.
They say they need a court order. How do we know they havn't just issued some secret National Security Letter or FISA warrant that says 'let us sift through everything, and we'll throw you in jail if you ever tell anyone this request was made?' This assurance is better than nothing, yes - but it doesn't change the fact that if you want to be secure from prying government eyes human or automated, you just can't trust any service provider any more. The only way to be sure is to verify security at both endpoints of any conversation, and encrypt on the assumption that all intermediary hosts and routers are compromised or monitored.
So the media report introduced inaccuracies in their summarisation. Nothing new there. I should have seen that one.
Still poor though, as the 'covered by clothing' part, combined with modern teenage fashions, means a lot of young women are now going around in such a manner that any picture of them is now one stop short of child porn.
"the sexual or other intimate parts"
If you want folds and crinkly dissolves, you use a flip chart.
Not really. It's stereotyping people based on religion, not race. Very different thing, even if there is a statistical correlation.
I don't think this school really cares about the league table. People who want to send their children there do not do so because of the tables.
Yes, it's a government-required standardised test. Administered by the exam board OCR. I'm guessing OCRs agreement is something along the lines of OCR turning a blind eye and the school not starting legal action that could run for years and embarrass everyone involved.
So basically, the Jewish Amish.
Isolation. Geographic, mate choice, breeding season. Lots of factors can cause two nearly-identical populations to stop interbreeding, and divergence follows from there. That's simplified, of course. Species is something of an artificial concept - there are things like ring species that show just how hard it can be to classify.
Because to the fundamentalist, it's an all-or-nothing thing. If you accept evolution, you have to throw out the story in Genesis - but if you do that, how can you be sure the rest happened? How can you be sure the story is right about the flood, or the slavery of the hebrews in egypt, or the exodus event, or the settlement of Israel, or all the prophets that followed? If you accept that one part of the holy text is a lie, then you open the whole thing up to doubt.
Pet projects, and occasionally restrictions on funding. I wouldn't be at all surprised if someone tries to sneak in a clause saying none of the money may be spent on climate change research or something of that nature.
Lets see how this comes out of the congressional sausage factory before we get too excited. Much of the spending is going to be contested. Budgets are also common places to stick unpopular riders, so there will probably be a few nasty surprises snuck in.
At a guess: It uses a different essid, but runs at the same channel/frequency as the customer's wifi. Retuning a transceiver is a slow process, it's not practical to jump between channels every packet, and multiple transceivers would raise the cost.
You underestimate the importance of rhetoric. A solid position can easily lose out in public perception to a pack of lies skillfully presented and tied in with the audience's defining values. Creationism is a very good example of that. Scientifically it's been dismissed more ways than I can describe - hundreds of independant avenues of scientific investigation all confirm it's a load of rubbish. Yet it remains very popular in the US, because supporters have been able to present it as an essential part of christianity - and it'll take more than the combined knowledge of all fields of science to convince most people to give up something as self-defining as their religion. The anti-vax movement can exploit something perhaps even more powerful, the parential protective instinct.
Debate and public perception isn't about arguments. They are only a part of the debate, and not even the most important part at that. Humans are not rational creatures.
The idea isn't to change their mind. Some minds cannot be changed. The idea is to stop them convincing anyone else.
Sometimes mockery is also required. Responding to lies with truth can easily create the impression of a debate of two respectable sides, when the more accurate perception is that one has arguments and the other has cheating and manipulation. In that situation, it's not enough to just point out the errors: They must be mocked without mercy to make it clear that the position is not only wrong, but so wrong as to be laughable and not worthy of any respect.
It's an idea, but it would be prone to mistakes. Some innocent person gets the coins in a transaction, and finds they are now suspect. Add in a tumbler or take it to a bitcoin casino (You'd only need one ignoring the blacklist or late on their updates) and hundreds of people suddenly have tainted wallets.
Because the hackers can launder the coins. Sell them to unsuspecting people, who find their new coin is worthless. Donate them to charities, so any blacklisting project inadvertantly blocks them too.