First, a school network is not a public network and it can run any policy it wants, including intercepting and monitoring traffic. You don't have to sign anything, using the network is implicit consent to the rules it is run by. The only legal requirement in my country (so your laws may differ) is disclosure of those rules, you must be able to look them up somewhere.

Second, regarding danger. The danger is exactly equivalent of the lowest security among the machine(s) that have a copy of the school root certificate (the private key part). If any of them gets compromised and the attacker gets a copy, he can do everything the school does, including interception and manipulation of traffic. If the school rates that as "low", then it assumes that users of the network don't do anything of personal importance, like online banking.

I don't. You are putting those words into my mouth. Most importantly, by me including things like creativity, ingenuity and craftsmanship, it should've been very, very obvious that my understanding includes skill and knowledge differences between people. I must assume you are intentionally trying to misunderstand me.

So if you call it labor or work or anything else is pure semantics to me. What's important is that wealth creation is done by people who do stuff. If they do it in their heads or with their hands is a detail. If they do it with bare hands or with tools is a detail.

I have absolutely no idea what you're talking about here. I've never invalidated money anywhere, on the contrary I've tried to explain how money gets value that is independent of its physical representation. How you arrive at an invalidation of money from there is a mystery to me.

We also have a transparent intercept on port 80. And no, the proxy doesn't accept CONNECT. We even block ICMP, so no ping-tunnels. You should be able to tunnel your way out over HTTP, but it'll take a bit of work - far beyond what students can do.

They have low-tech means of circumventing the filter, mostly involving spending an hour going through page after page on google until they find a site not blocked.

Wouldn't mean much. Screencaps can be trivially faked, anyway. The submitter clearly doesn't want us to know which school this is. I can only say it isn't the one I work at - we use SSL interception on the school computers, but not on the BYOD network, which simply blocks SSL entirely.

The school would simply explain that monitoring use of the IT facilities is an essential part of their safeguarding or child protection policy. That's as far as it'll go.

It's one of the big rules of school management. You do *not* question the safeguarding program. No matter how silly it may seem. To do so would risk opening onesself up to accusations of endangering students. No school employee ever lost their job for being too cautious.

I don't care to lie under oath.

The policy which requires the school protect the children against dangerous* sexual imagery and enforce the school's anti-bullying policy**.

*We're talking to parents here - as far as they are concerned, it's dangerous.
**If students are exchanging harsh insults on the school email, we need to know about it.

I work at a school. Yes, we have all machines on their network trust us as a root CA. We do that with good reason.

Currently in most countries, especially the UK, there is an atmosphere of paranoia bordering on terror anywhere that minors and sex may come within a hundred meters of each other. Even so, teenagers tend to meet their stereotype and display a fascination with sexual imagery. This means that it is absolutely essential that schools maintain a comprehensive internet content filter. This is not an optional extra. Without it, it's only a matter of time (and not much time) before some student happens across Dirty Dave's Scat and Fisting Gallery and shows it off to all his classmates. This in turn results in many terrified parents, legal action against the school for destroying jimmy's innocent little mind, and columns in the Daily Mail demanding the head be fired.

If we could not filter the internet, there would be no option but to forgo it. If we could not filter the ssl sites, there would be no option but to block ssl entirely by blocking all traffic on port 443. There is no possibility of effectively filtering SSL without installing a root CA, and so that is what we have to do for any device on our network that needs SSL connectivity.

Got that? No filtering, no internet. That's just the way it is. I don't like censorship more than anyone else, but this is the real world and sometimes ideology has to take a back seat to practicality and an angry mob of parents. Besides, without effective filtering, the students would spend more time playing flash games, watching the yogscast, listening to music videos and checking facebook than actually doing their work. Giving the students a locked-down and heavily censored internet is still better than giving them no internet at all, which would hold them back academically.

A couple of years ago when I first read the bitcoin whitepaper and was very impressed and excited (how can you read that and *not* be impressed and excited?) I proposed a slight change to the bitcoin protocol to add support for messages querying for "elided" blocks, i.e. a means for querying a peer for blocks only relevant to a given transaction (the history of all addresses relevant to and leading up to that transaction). The elided blocks would just be the full details necessary to allow a client to validate a transaction, with the Merkel tree being used to elide most of the data.

With a feature like this, a client would not need to download the entire block chain, they'd just need a) enough of the block chain to be able to validate elided blocks which wouldn't be much, and b) a peer willing to answer elided block queries for them. Since answering an elided block query takes real work (you have to have the entire block chain indexed in such a way as to make answering such a query efficient, which means storing alot of data, with proper indexes, and proper software, and connecting to the bitcoin transaction firehose, with the cost associated with that), I included a mechanism that would facilitate allowing the peer to 'charge' you for this service, using the same pseudo-anonymity of regular bitcoin.

The idea being that a client should not have to trust a third party to handle their transactions for them, which is the only feasable way to do bitcoin transactions now unless you want to download 15 GB - not really feasable in most circumstances - and connect to the firehose - also not feasable in most circumstances, and would be much less so were bitcoin to actually become used with any real transaction volume on a global scale. For a small fee (probably cents per transaction I would guess) you could use a system that didn't require you to trust any peers (unlike the current "we'll hold your wallet for you and do your transactions on your behalf" services that seem to have proliferated to make bitcoin actually feasable for clients).

I started to write it, but then gave up on it because I lost interest. All I got out of it was a couple of bitcoins I bought for fun, that made me about 2 grand (on paper of course, I never sold them and I don't really think it's possible to actually liquidate bitcoins into real money without serious work and headache).

As a long-time PHP dev, I recognize that it's very popular to hate on PHP, and has been for some time. And there are some valid criticisms of PHP, particularly from the domain of purity. PHP is a brutish language, with lots of warts. Whether it's the lack of any sort of parallelism or threads, or the random_underscores or the random(haystack, needle) ordering of variables in functions, there's plenty to complain about.

But PHP has its strengths, too. Its translation of strings to integers to hexidecimal numbers is "good enough" for most cases. Embedding variables into new strings works "good enough" that it's highly useful. It is extremely stable - I literally cannot remember a single incident of unexpected crashing. It's array/hash thingie is a highly convenient way to organize data from semi-sanitized sources, which is largely the norm in embedded, "enterprise" development and/or vertical stack software development.

And despite these strengths, PHP offers some interesting angles that are pragmatic (non-technical) in nature:

1) There are lots of PHP application templates and starter apps that work as a starting point for new start ups. The PHP community is generally very forgiving of newbies.

2) It's uni-thread model is simple enough for beginner/intermediate programmers to comprehend easily.

3) It's already installed on every 2-bit website hosting provider's servers.

4) You can get a tremendous amount of "real work" done with PHP. You could rather easily run a US national census by website using a small cluster of PHP servers.

Once, long ago, I was a beginner programmer, and I chose PHP for largely these reasons, reasons that have sustained me well as a developer. My company, founded on this technology, has grown rapidly and well, meeting the needs of our clients.

How can I not thank the PHP designers for the free gift that I built I career out of?

Now you're really reaching. I was discussing reasonable everyday circumstances. Now you're way off talking about something very different. I have no particular desire to go there.

Exactly. Which most people in the United States do not consider "reasonable". You're making my point for me.

You're trying to regulate "public" in a ridiculous manner. It would never work. Not in a free society, anyway.