That's a fascinating guess. It's not a feature I've personally used. Although yes, the Cisco configurations and the Cisco _clients_ do tend to have a horrible morass of undocumented options.
> since that puts an upper bound on human ingenuity
I'm saying to master the components you need before planning the project. Simply saying "human ingenuity will solve that" is like saying "we'll make the software secure when we're ready to publish". It is, itself, guaranteeing project failure.
> The stars will die out long before entropy becomes relevant here.
Do you understand what "entropy" is? Even using the purely thermodynamic definition, there is a very real energy cost for preserving complete coherence of the DNA sequence. Certainly, as a dynamic chemical system, the "entropy" present in the DNA molecule itself and its complex environment prohibit the likelihood of perfect sequence coherence over lengthy times. The result of such failures is degradation. One of the most unfortunate results of such losses is, frankly, cancer.
Frankly, for significant extension of human life, a general cancer cure is of critical importance. Or the accumulation of small risk factors is going to accumulate to a near certainty of dangerous cancers, of many different sorts. We already see this among our older citizens!
>> especially since scar tissue accumulates and regrowth of neural tissue has never been mastered.
> Neither which is a permanent problem.
Given the lack of progress for both issues, there's little concrete reason to assume they are _not_ permanent issues.
> I assure you that companies like Google, Facebook, Twitter, Microsoft and their relation ALL do the EXACT SAME THING.
Not from my direct experience with several of those companies. They install wldcard certificates, signed by one of the commercial root authorities, not their own root certificates.
Do you have any direct experience or instances to show that _any_ major software vendor or software service does this?
> I work at a school.
Clearly, not in IT or network security. A root CA is not for "filtering". A proxy or firewall is for filtering, and a root CA doesn't help with that other than to automatically authorize the certificates presented by the proxy. A root CA is for signing other certificates so that they are accepted without the manual intervention of the student or visitor using the "Bring-Your-Own-Device".
It may have conceivably been installed under a sealed warrant for "national security" reasons. Much like the Patriot Act in the USA demands silent cooperation with warrant free investigations of unconstitutional scope, I'm sure that UK governmental agencies have also demanded and received cooperation with dangerously excessive search orders.
A "private boarding school" implies that the school might well have international students, or students with parents are of economic and political power. Is it feasible to contact _those_ students and their families, to explain what the school has been doing without their knowledge? A similar scandal involving the use of webcams on student laptops to photograph them at home was reported on Slashdot, http://en.wikipedia.org/wiki/R....
Doing Main-In-The-Middle attacks with the root CA and SSL certificates signed by that root CA is only one of the risks. Once certificates signed by that CA are accepted, they're permanently usable for fake websites, for main-in-the-middle attacks with proxies using those faked SSL certificates for designated websites, and for replacing ordinary SSL signed software or update packages with fake, rootkitted packages. The list of subtler security issues is longer: those are only a few of the leading problems.
I'd be profoundly concerned that the school is not competent to protect their CA, or other certificates that have already been signed with it. Since they've already demonstrated ignorance among some personnel of their own security practices, and unwillingness to communicate truthfully with students, I'd assume that they've never properly secured the host or network on which they've stored their CA. Unless they have _erased_ the private CA and all copies of it, it can be misused at anytime in the future, especially on the school's own network.
Moreover, if possible before the CA is erased, _all_ of those certificates already signed with the CA need to be revoked, and replaced with a correctly signed one. That's quite expensive, at roughly $200 USD/certificate/year. You can buy get the certificates more cheaply, but that estimate includes the technical time to go replace the old certificates.
What you're describing is a sometimes hidden form of the "Not Invented Here" problem, where some deficit in a working software stack is discarded for theoretical, not production reasons. In this case, it can be guaranteed to be unstable because it would replace whatever production grade audio tool is already working with one written in house, requiring maintenance, and _likely vulnerable to the same SELinux problems_.
> Telomere breakdown, and cell deterioration is one of our biggest issues
And if we stopped entropy, cell detioration would not occur. It's about as likely, I'm afraid. Telomeres are a molecular _answer_ to DNA deterioration, preenting the connection of one DNA molecule to another at the end points. And some types of system damage are cumulative, especially since scar tissue accumulates and regrowth of neural tissue has never been mastered.
I remember these designs. They absolutely stripped the tread off the rear wheels within a few hundred miles of using them, and kept the local bike shops in serious business replacing wheels. Not tires: the wheels.
Federal offices are merely an example. I know businesses that absolutely refuse to put their mailing address or the location of their offices or their business office telephone number on their website or in local telephone listings, to avoid physical spam or having angry customers show up at their door. And in the business world, just try to find the street address of the ISP data centers near you.
Google Maps has been a reliable way for me to actually _find_ the data center I need to visit, when the staff of the company I'm dealing with don't know the street address, and the IT person is in the data center and their cell phone can't work from inside there.
I'm afraid that I was unclear. Worrying about how this will hide valid "NXDOMAIN" results is pointless, since thoe have already been hijacked by many ISP's DNS proxy servers and instead return the ISP's desired advertising page. They can also be redirected to far, far more dangerous services, sich as Phishing websites or mail servers to accept misaddressed email.
It's spelled NXDOMAIN, by the way.
NXDOMAIN has not been a reliable response for invalid DNS queries for roughly 15 years. Look into the history of the "*.com" DNS entry in Verisign's root servers for the
Given that the data has _already_ been corrupted, this seems a reasonable attempt to broaden what is now done with "example.com". It also has the benefit that it's not auto-activated in default Kerberos configurations, a bit of behavior that genuinely alarms me in most default Kerberos setups and which few configuration tools have the ability to remove.
Airplanes do not normally float in a medium of highly corrosive saltwater. And they can usually go _around_ storms, or land when the weather gets excessively dangerous. And even good quality, powerful engines need regular hand-on maintenance over the course of a 30 day trip.
> You opt for "married men make better performers"
Please: I didn't say that. It affects the role. For example, married men may be unwilling to perform 80 hour work weeks at crunch time. Being older, and willing to object to abusive contracts or work hours, certainly affects _my_ work performance. And my age is correlated with my work experience.
What I'm saying is that it's unrealistic, and unreasonable, to say these factors don't _affect_ work performance. In soome cases, they may _improve_ work performance! It depends on the situation and the role.