The only reason you'd need a Verisign intermediate CA is if you want to be able to hit the vast majority of clients as configured out-of-the-box, without your certs pushed by group policy or whatever. Nobody involved seems to have a remotely good explanation of why Bluecoat has one; or what legitimate purposes it could possibly serve that couldn't be served by a vastly less dangerous toy.
The reason is simple: most customers of these devices prefer to implement them in transparent proxy mode, which requires no endpoint device (browser, etc.) configuration, no pushing of internal certs, etc. Browsers are talking on 80/443 happily unaware that their traffic is being proxied, and the SSL server certs being presented by Google or Facebook or their bank are not actually certs from those servers...they're Blue Coat's imposter certificates, generated on-demand.
I will tell you what Fedora version I plan to skip: whatever initially switches us to Wayland. That will be a guaranteed shit-show, and a good call to avoid upgrading for a few months. But 24 is solid methinks.
Thanks! Yeah, I'll likely sit that one out as well. X works just fine for what I do.
For people like me who run the XFCE spin specifically to get away from the bloated nightmare that is Gnome 3.x, is there anything in this latest release that is of any interest?
As a one-time employee of Blue Coat who holds a technical certification on their ProxySG line of products, I can confirm absolutely that these devices use these intermediate CA certs to generate on-demand certs for any destination that the device's owner allows on their network by policy.
From the viewpoint of the user's browser, the remote server (Google or CNN or BankofAmerica) appears to be sending you a trusted certificate. You would have to open the security dialog and examine the details of the certificate to even notice anything unusual.
So all the scruples reside with the device owner, not the manufacturer. As delivered, the devices can impersonate ANY server certificate. It's up to the implementer to construct policies that exclude traffic to certain servers or of certain categories from this ability.
All that time and effort spent on finding ways for corporate profiteers to artificially restrict the transmission of bits from point A to point B; and even if implemented, it will probably be circumvented in a minuscule fraction of the development time.
/. used to be populated with *actual* nerds. In today's microwave generation of BBT-watching wannabes, kids think they can adopt nerd culture by simply wearing ironic vintage shirts and chunky eyeglasses. Heaven forbid they might have to actually *understand* mathematics and physics.
There are things I love about this town, and things I despise; and this sort of sanctimonious bullshit ranks high on the latter.
I actually hope someone gets killed doing that. You have absolutely *no* idea why any person at any given moment is driving in a particular manner. Could be they're just late, could be a life-threatening medical emergency. What gives *you* the right to presume anything and then try to impose your presumption onto anyone else?
Seriously, that's the worst sort of selfish assholery. And while I might not shoot you dead myself for deliberately impeding my way, if such a case came before me as a juror, it's unlikely I'd convict someone else for doing it.
I'm running Chrome-stable 45.0.2454.93-1 on Fedora 21 (kernel 4.1.6-100.fc21)
It rewrote the URL as "a/%00" then paused for a moment before the window vanished. On restart, it displays the "Chrome did not shut down properly" message.
Seriously, when I was in grade school and assigned reports that required research, the school didn't twist itself into knots trying to figure out how to get me an affordable set of encyclopedias or other reference material. I went to the damned library and did the research.
It's my understanding that schools today have internet-connected computer labs and/or public computers in their libraries, so this question is moot.
You don't seem to understand the difference between criminal and civil law.
Criminal statutes establish some conduct as illegal (theft, rape, murder, etc.), and commission of such offenses will cause the state to act against you.
Civil law establishes rules under which individual parties may sue each other for relief, damages, etc. Libel is a civil infraction. If you write something that is maliciously untruthful about another person (and though it creeps me right the fuck out, businesses *are* legally considered persons for these purposes) and it damages them in some way, they have standing to sue you in court.
In short, the state is not telling you that you are subject to criminal prosecution for lying, but the law does allow for anyone who you lie about to sue the pants off you.
The 1st amendment doesn't apply, as libel is a civil infraction.
You're still free to say/write whatever the hell you like, but if you do so maliciously and mendaciously and it causes articulable damages to another person, then they have grounds to bring suit. It's not the government that acts against you, it's the injured party.
So the 14th amendment incorporates the limitations on the federal government onto the states as well. It only happened in 1868, so it's understandable that some people might not yet be up to speed on the concept.
Slashdot Mirror
The only reason you'd need a Verisign intermediate CA is if you want to be able to hit the vast majority of clients as configured out-of-the-box, without your certs pushed by group policy or whatever. Nobody involved seems to have a remotely good explanation of why Bluecoat has one; or what legitimate purposes it could possibly serve that couldn't be served by a vastly less dangerous toy.
The reason is simple: most customers of these devices prefer to implement them in transparent proxy mode, which requires no endpoint device (browser, etc.) configuration, no pushing of internal certs, etc. Browsers are talking on 80/443 happily unaware that their traffic is being proxied, and the SSL server certs being presented by Google or Facebook or their bank are not actually certs from those servers...they're Blue Coat's imposter certificates, generated on-demand.
I will tell you what Fedora version I plan to skip: whatever initially switches us to Wayland. That will be a guaranteed shit-show, and a good call to avoid upgrading for a few months. But 24 is solid methinks.
Thanks! Yeah, I'll likely sit that one out as well. X works just fine for what I do.
All the strong-arm authoritarianism, none of the democratic illusions of choice!
For people like me who run the XFCE spin specifically to get away from the bloated nightmare that is Gnome 3.x, is there anything in this latest release that is of any interest?
Seriously, I snorted my coffee when I read that. Well played.
This is spot-on.
As a one-time employee of Blue Coat who holds a technical certification on their ProxySG line of products, I can confirm absolutely that these devices use these intermediate CA certs to generate on-demand certs for any destination that the device's owner allows on their network by policy.
From the viewpoint of the user's browser, the remote server (Google or CNN or BankofAmerica) appears to be sending you a trusted certificate. You would have to open the security dialog and examine the details of the certificate to even notice anything unusual.
So all the scruples reside with the device owner, not the manufacturer. As delivered, the devices can impersonate ANY server certificate. It's up to the implementer to construct policies that exclude traffic to certain servers or of certain categories from this ability.
res ipsa loquitur
"Cry me a river."
Seriously, this "I'm the center of the universe" bullshit has gotten way out of hand.
All that time and effort spent on finding ways for corporate profiteers to artificially restrict the transmission of bits from point A to point B; and even if implemented, it will probably be circumvented in a minuscule fraction of the development time.
Such a fucking waste.
Amen, brotha.
/. used to be populated with *actual* nerds. In today's microwave generation of BBT-watching wannabes, kids think they can adopt nerd culture by simply wearing ironic vintage shirts and chunky eyeglasses. Heaven forbid they might have to actually *understand* mathematics and physics.
There are things I love about this town, and things I despise; and this sort of sanctimonious bullshit ranks high on the latter.
I actually hope someone gets killed doing that. You have absolutely *no* idea why any person at any given moment is driving in a particular manner. Could be they're just late, could be a life-threatening medical emergency. What gives *you* the right to presume anything and then try to impose your presumption onto anyone else?
Seriously, that's the worst sort of selfish assholery. And while I might not shoot you dead myself for deliberately impeding my way, if such a case came before me as a juror, it's unlikely I'd convict someone else for doing it.
...is where you cop to having an iPhone, as if that bitch weren't already more full of holes than your grandma's colander.
Yeah, I think that scale sounds about right, since there's generally a one-in-a-million chance of my giving a shit about someone being offended.
For the record, I'd happily wear the "Slashtard" label long before I'd ever consider becoming an iTard.
My GalaxyS5 is not affected, and it's running Chrome 45.0.24.54.94
I tested it as a solo tab, then again as a 2nd and 3rd tab. Every time, it kills the entire browser. (Chrome-stable 45 on 64-bit Fedora 21)
I'm running Chrome-stable 45.0.2454.93-1 on Fedora 21 (kernel 4.1.6-100.fc21)
It rewrote the URL as "a/%00" then paused for a moment before the window vanished. On restart, it displays the "Chrome did not shut down properly" message.
I would personally recommend Remington (I use their 870 Express platform), although I've heard good reports about Mossberg as well.
Agreed. Batons and tasers are plenty. Cops should always defuse and de-escalate. They don't need lethal firearms.
Seriously, when I was in grade school and assigned reports that required research, the school didn't twist itself into knots trying to figure out how to get me an affordable set of encyclopedias or other reference material. I went to the damned library and did the research.
It's my understanding that schools today have internet-connected computer labs and/or public computers in their libraries, so this question is moot.
You don't seem to understand the difference between criminal and civil law.
Criminal statutes establish some conduct as illegal (theft, rape, murder, etc.), and commission of such offenses will cause the state to act against you.
Civil law establishes rules under which individual parties may sue each other for relief, damages, etc. Libel is a civil infraction. If you write something that is maliciously untruthful about another person (and though it creeps me right the fuck out, businesses *are* legally considered persons for these purposes) and it damages them in some way, they have standing to sue you in court.
In short, the state is not telling you that you are subject to criminal prosecution for lying, but the law does allow for anyone who you lie about to sue the pants off you.
The 1st amendment doesn't apply, as libel is a civil infraction.
You're still free to say/write whatever the hell you like, but if you do so maliciously and mendaciously and it causes articulable damages to another person, then they have grounds to bring suit. It's not the government that acts against you, it's the injured party.
So the 14th amendment incorporates the limitations on the federal government onto the states as well. It only happened in 1868, so it's understandable that some people might not yet be up to speed on the concept.