69. Make your own joke.
69. Make your own joke.
You mean "certificate".
Probably, they are not.
NSA has been doing hash collisions in MD5 space to get past this niggle. Your company, probably not. Yet.
Tough to detect with MOST browsers. They don't report cert chaining in a way that's useful for this. You COULD check the trust chain everytime you HTTPS. Firefox has the Lock icon to click. Same for Safari.
There are plugins for Firefox that alleviate this:
An indicator of changes in chain-of-trust, etc.
https://addons.mozilla.org/en-US/firefox/addon/perspectives/ Way cool "web-of-trust" validation infrastructure, with more info here:
People STILL ask me why I don't use Chrome or Surfari...
Additionally? Modify your workstations settings to use an authoritative external DNS server. OpenDNS is good... enough. Or your ISP servers from home. Then? Use TOR to browse. Be careful with your bank! They may close web-access to your account if TOR has it appear that you log in from Switzerland and Iceland!
These are not the best counter measures, and don't handle every case. TOR relies on SSL - but on a proxy-port, not 80, so usually outside the scope of these gateways. Depending how your company has it's CA published, they may still look "right" when using external DNS lookups, too.
This is very common
Your employer probably does little with this - it is usually a part of the configuration for Microsoft Forefront TMG (Formerly ISA Server). I f you have Outlook Web Access, and do any spend on MS recommended practices, then you have a TMG, and 9 out of 10 times, the "Inspection Proxy for SSL" feature.
The intent is to scrub the stream for malware attachments and malicious XML, etc. Most are set-and-forget, with little competence to exploit or understand what they have done.
Bigger corporations, or those aware of data sensitivity issues are another matter. Outbound traffic may be subject to this inspection, for DLP with something like Vontu Network Prevent. These controls are managed by folks who spend 25K on netsec, not 25 C's.
Any way, TLS is irrevocably broken. It is reasonable security, trivially implemented and nearly as easily defeated. You own DNS and the path? You own the world.
I am involved in defining a new transport security mechanism for my company's products, because TLS/SSL of handwaving, and IPsec brittleness.
'Cept I believe there's a real role for Government. And I think there are things often left as common interest, best achieved through pooling resources.
Especially when it comes to defending the weak, the powerless and helpless. You need either divinely guided, benevolent philosopher kings and knights of chivalry...
Or functioning institutions of an enlightened democratic society, in which government is but one functioning part, along with education and real money.
I'm sorry... is there a better word to describe this self-absorbed troll?
Shall I go on?
You always mistake me for a Liberal. If I defy some of your other biases, that does not locate me on the other end of a bi-polar axis.
The end was intent to cripple state government, making them mere Federal administrative delegated regions. Necessary along with the Federal Reserve Act and the 16th Income Tax amendment, to make the former "USA" defunct, and replace it with an American nation capable of completing its imprial advature beyond the boundaries of the continent.
It is no mistake that these actions are taken, as the final southwestern states are joined to the Union, and US begins transgressing into Europe and Mexico, after testing the waters with Spain.
I'm quoting a "pro".
Hot on the heels of Apple's SSL/TLS implementation "flaw" across all stacks, and the Snowden revelations of NSA infiltration for weakening crypto?
You don't have to be wearing Tin Foil, just to become a little suspicious...
Oh and another thing, who in the hell uses a tablet for anything professional in terms of music or video production? Oh I know you will find one or 2 examples of "professional" work as proof of concept, but the truth is a touch surface is to unreliable to do music live, and to constrained to be useful for high end video.
-----IPADS. So many possibilities, sooooo cheap.
I would encourage a new composer on a budget to start with an iPad, and challenge them to fill it up with software using the $5,000-$50,000 they just saved. Go nuts--you'll never exhaust the budget!! I've created sounds that have suited my clients needs very well, using the following iPad apps:
--Cubasis: a pro workstation on you iPad. Are you KIDDING?!?! Amazing.
--Cubase IC Pro: Use the iPad as a control surface for the big, expensive Cubase/Nuendo.
--MorphWiz: No bad tones with this synth by Jordan Rudess. Beautiful interface.
--Korg iMS-20: Analog synth emulator de LUXE. I've gotten 45,000 hits on my YouTube tutorial for it, too!
--iKaoscillator: Can't make a wrong note here. Just touch the screen, get a groove. Korg has such great tones, always.
--Animoog: Yeah, I could have used the _real_ Moog, but this one is different. Tricky interface, LUSH, motion-filled sounds.
--Symphony Pro: Notation software. Beautiful.
I also like to jam with:
--OnSong: Keeps track of my hundreds of jam charts. Thorough, useful software, worth every penny and more. I project the jam charts from the iPad to a big screen, so's everybody can read 'em and see the chords. Invaluable.
--Mugician: For some reason, even as a keyboard-challenged guitar player, I can play riffs on this interface and jam comfortably. The notes are laid out like stacked bass strings. It's related to GeoSynth and Cantor, but this is the one I seem to have the best success with. Buy 'em all. They're cheap, and we need to support these geniuses.
And I have a blast tinkering with:
--Mixtikl: I think I'll be able to use this one to create one of my holy grails: perfect predictable yet ever-evolving ambience for napping.
--GarageBand: Yeah, I'll admit it. I've used the "smart instruments" in a pro production. Once. Is it cheating when it sounds perfect in context? You tell me. I also use it to sketch quick backing tracks for songs I'm writing.
--Hex OSC full: I invented this hexagonal keyboard layout myself when I was in high school. Dad took me to see a patent lawyer to see if we could make money on it. I never got a chance to fiddle with it 'till this app came out, but they didn't _quite_ get the key touch or tones right. SO I'm still wondering if it makes for a good instrument.
--TouchOSC, MIDI Touch, V-Control
--GuitarAtSight, BetterEars, NailThatNote, etc. Ear training, sight reading apps. A little trip to boot camp never hurt the Fat Man. Maybe I'll get good at this stuff someday.
--I just heard great things about Twisted Wave.
It's a valve-amp simulator/modeller. It'll blow your mind. Swap valves, add values, go crazy and build the amp of your dreams.
I built an Ampeg Flip-Top ++ that turns my bass into WALL OF MOTOWN live, when going direct to PA.
Now THAT's a good use!
Audio sucks dog poop. Cannot run multi-stage signal processing loop without dropout or stuttering latencies. Oh. Try and locate/change "Default Audio Device" in the crippleware Microsoft Tablet UI. Or in the traditional "Control Panel". I spent more than 10 minutes trying to accomplish this once-simple actin on a Win8 tablet, last week - with the assistance of an MS employed consultant, no less!
Also this "tablet" uses 60 percent of advertised storage capacity for just OS binaries!
Microsoft: The little, flat box, full of fail.
After a number of decimal places, nobody gives a damn.