Subway's Sriracha is adulterated with mayo. Not exactly great for the diet. Idiots: they have mayo. If people wanted both, they could ASK for both. But, no.....

Interesting you say that... because for various medical reasons many parents don't want they're kids to have particular vaccines. Funny how we want to tar and feather them for refusing a vaccine over fears of a complication down the road that may or may not have evidence to back it up... yet its okay for them to skip the vaccines for other reasons.

So... the "anti-vax'ers" the article mentions... they're only a small subset of the population, right? Last I checked, according to the CDC they only account for less than .2 percent of the population. I understand the numbers are growing, but they're still a small subset. So if the other 99.8% of people are getting their vaccinations then this really only affects the non-vax'ers, right? In other words, they're getting exactly what they understand they'll get by not being vaccinated. So how is this a huge problem again? I'm confused. Granted, no one wants to see anyone, especially children, die unnecessarily when a vaccination could have kept them alive. But those who reject the vax's over fears of autism, etc understand that if they do get it, they're facing a different risk and they're basically playing the odds. In most cases, whether its measles or chicken pox, they get it, they get over it, and they'll never get it again and their immune systems are the better for it. In rare cases, they or their children will die. But they believe the odds of them dying from measles or pox is less than the odds of having a bad outcome from the vax and getting something like autism. Its all about risks the anti vax'ers are willing to take (and to take for their children). But being such a small subset of the population.. I'm not sure how this is a problem for the rest of us that are already vaccinated and can't get it anyway...

I've never had this problem. And since data is data is bits is bits... if this was an issue, you would think BR movies would have the same issue? I've been backing up to BR for about 3 years now and have had to go back to older media for restores and never had an issue. Like all media, your environment can affect them. I wouldn't let them get too hot or too cold, no direct sunlight, etc...

Oh, and for what its worth... yes, you can do rsync on Windows. I'm not assuming he has Mac, Linux, or UNIX. I've been doing rsync on the PC for years with cygwin... these days there are many more options and ports of rsync for Windows... even 64bit versions, etc. But my scripts are written around cygwin and expected variables and such, so I still do it the *old school* way. :) Just wanted to point this out though as inevitably someone will cry about rsync and Windows...

You could always just call up the NSA and ask them to restore the data. Odds are good they have a copy of it...

As you noted, Bluray holds a lot of data, but would take some time. Since its audio/video media, odds are most of it is pretty stagnant. I'd do an initial rsync job to write out to Bluray... then once a month or so repeat the job but now rsync will only get what's changed. Depending on the media type and age, you could also look at dedup'ing it and if the dedup'd copy is significantly smaller than the source you might be able to put that onto say one or two 3-4Tb drives.

Actually, we'd push the CA on the enterprise desktops to make the "experience" identical to it not being there. because the product was advertised as "transparent" to traffic, for some marketting-speak definition of "transparent".

The bottom line is "do that which makes customers complain the least".

If enough employees complained that this interception and certificate resigning was unacceptable, or not disclosed clearly enough, things might change. They don't.

For my part, I was satisfied that the decrypted traffic would not leave the appliance. Of course, someone could later change things so this was possible, but one can't object to useful, legitimate functions, because another might expend non-trivial effort to twist them to nefarious ends.

Hmm. I have BOTH Comcast residential and business class service. I wonder if the reponses are different.

Really? Adding untrusted sites always struck me as trivial.

We supported PKI integration simply to avoid the manpower lost in constantly trusting such sites, or having to manually import certs.

Furthermore, the mechanism is in the product to NOT decrypt and reencrypt selected sensitive whitelisted sites. The purchaser of the appliance has complete control.

It also does not work for some web applications which HAVE to be whitelisted because they do not permit import of new trust credentials.

Pfft.

Your whole privacy argument fails in the legal context because the unencrypted data does not leave the appliance.

Trust me, my employer and their lawyers went over these issues with great care, and I raised many of the concerns you pointed out. The issue hinges on two points:
1) enencrypted data does not leave the box (except whent the box actually does SSL termination), and 2) non-modified browsers (such as BYOD equipment) would pop up a Certificate validation error.

At that point it becomes an HR education issue.

Perhaps, but anything not belonging to third parties DOES belong to the deceased and should be bequethed as directed.

Now, getting a court order in a case like this should be trivial: the order is quite specific, the motion to the court to make the order simple, and the evidence clear.

No, people do not lose their individuality at work, but they should have a resonable understanding of their use of corporate resources, and most HR departments issue employee handbooks that spell this out, including any monitoring of computing or network resources that may take place.

As for being "tricked", only a fool would consider equipment not their own to respect their privacy wishes without engaging in some due diligence: either establishing a VPN to trusted equipment, or carefully examining the trust anchors the equipment they use has installed.

A better complaint might be to question the use of such equipment in public access networks, with forged CA certs. Proper practice would have a captive portal explaining policy, and using a clearly non-standard resigning CA that had to be explicitly accepted. But still, it is ultimately the user's responsibility to establish due diligence with regard to network security.

There is nothing inherently nefarious about resigning SSL traffic. In fact, in the public access scenario it helps thwart drive-by virus attacks and other malware through secure web sessions, at the expense of end user privacy. Do what us "in the know" do: set up a VPN to trusted servers.

In any case, the problem only arises when using equipment administered by others wirh prior installation of the trusted resigning CA cert: your own equipment, lacking the cert would CLEARLY indicate signing by an untrusted source. That strikes me as an appropriate balance: you have no expectation of privacy using someone else's computer!