Humanity faces a five hundred million billon trillion dollar loss of income due to premature extinction of the species.

Yes, of course "within applicable law" could be added to that, but then in the words of Richard Hammond, they don't put up signs saying "no murdering" on every street corner, do they?

In my country, for example, monitoring of employees is allowed if and only if the employees (via their elected representatives, I'm not talking politicians but intra-company employee councils) agree to it. I've been on such a council, and we did agree to some requests and rejected others.

Which is why I explicitly wrote "the private key part" as being a potential danger. You do realize that if there's a public key, there's also a private key, yes?

Of course a public key is not a danger, that's why it's called a public key in the first place.

Some of these days I feel old. There used to be a time on /. when you didn't have to explain how PKI works or other baby steps and could take a base intelligence level of your readers for granted.

Apparently if you are foolish enough to run Microsoft's Skype on your Nexus 5, they have found a way to kill your battery. This is the same old Microsoft we have always known.

:-)

You wanted to misread me and succeeded. I'm not speaking about the pupils notebooks. I was clearly talking about the security of the private key part, wherever it is kept. I explicitly added that word to my response, specifically so people wouldn't misunderstand it in the precise way that you did.

Personally, I find this to be the single most infuriating aspect of the financial crisis -- in any country. Every single time I hear about public time and money being wasted on frivolous prosecutions, I am keenly reminded that these are the same police services and directors of public prosecutions who won't investigate the banks. Not who can't; who won't -- Refuse to even. it would be one this if the justice system was simply universally inept. But cases like this shows they can and do act with extreme prejudice when they have a mind to.

It's shambolic, slipshod, corrosive to the justice system and ultimately seditious. It's the clearest indication of the justice system which has been seized by political interests, and which refuses to perform its stated function to maintain the rule of law.

P.S.
Regarding Corzine. The money did not "disappear". Corzine stole it out of customer accounts to covers his bills at JP Morgan. He knew exactly where it went; and the SEC and the Justice Department know exactly where it went but refuse to do anything about ti. They're too busy perusing basement dwelling geeks and beatniks to investigate those cases which actually rock the foundations of commerce and law. Stellar job there Mr Holder; Kudos.

Please, also don't act like your the first person ever that this has happened to. It's been standard practice for at least the last 15 years I've been working IT in schools in the UK.

Your post is constructive right up to phrase "the last 15 years" which apparently justifies how little your network reveals to the surveilled about the actual extent of the surveillance, even to the point of having software installed that they know little to nothing about on their own equipment that could open back doors to the device when employed outside of the school network if by some extraordinary turn of events proves to be slightly less than 100% bullet proof in its coding, implementation, and deployment. Nothing ever goes wrong with WEP or SSL.

Would it damage the small little minds to know more about how this all became "bog standard" without so much as a public whimper? Probably. Does that mean your Slashdot post is filtered on your own school network? Probably.

In my world, forged SSL certificates should be clearly marked as such. There should even be a "forger identity" field and a "forger authority" field (containing the pertinent parental agreement UUID).

None of this would interfere whatsoever with your legal authority to protect your network or your success in achieving this protection. It would increase the awareness of the surveilled of what externalities they have actually taken on downstream of their agreement with you to allow you to do so.

The fact that you've been doing this for fifteen years already without any of this in place is a sad argument.

If this is the school's equipment so that the school absorbs it's own externalities of having badly-coded surveillance kits forcibly installed (I'm guessing the rock stars on that coding team were on the guaranteed forcible-installation side of the house) and the equipment is emblazoned with a giant warning "abandon privacy all ye who input here" there should still be a giant warning screen that comes up whenever a user tries to access a major financial institution (I'm told the government tracks the identities of these organizations) which warns the user "you are attempted to access a financial institution through a forged SSL root chain which is potentially a far leakier pipe than regular SSL, are you really sure you want to do this?"

So you're justified in doing what you do, but you're also so damn sneaky about doing it, that fires spring up in public opinion when the least of what goes on is exposed to public discussion.

No need to hammer the state of affairs in the daily consciousness so that these public fires don't flare up. Because fifteen years.

My bank has a security mechanism where they show a set of images unique to my account so that I can detect impostor sites that entice me to enter my credentials where they shouldn't go (the impostor site doesn't know the unique images associated with each banking account). There really should be a law against these security fingerprint images being conveyed through a forged-certificate SSL proxy no matter how legitimate the usage agreement. Once those images are scraped and laundered, one more safeguard we've be taught to trust is down the spiral tube.

If it's rational, necessary, and you're proud of it, do it out in the open as democracy conceptually demands, with plenty of loud warning signs where the externalities impose heightened risk.

which OS/Web-browser is so insecure that it accepts a root certificate from the network like this?

Firefox.

Firefox loves CAs. Firefox must have CAs. If your website uses a self signed cert, Firefox will scream unholy murder and frighten most visitors away until you register with a proper, Christian root CA and do thing the way the applied cryptography community believes they should be done.

And all the while, the entire root CA infrastructure is so shoddily implemented that MITM attacks like this are common at most companies. What a joke! HTTPS and SSH are almost meaningless in such an environment.

I think it's time for the entire Internet to admit that the current CA model is a joke of an implementation and cannot be relied upon to protect privacy, security, or trust for ordinary users at all.

First, a school network is not a public network and it can run any policy it wants, including intercepting and monitoring traffic. You don't have to sign anything, using the network is implicit consent to the rules it is run by. The only legal requirement in my country (so your laws may differ) is disclosure of those rules, you must be able to look them up somewhere.

Second, regarding danger. The danger is exactly equivalent of the lowest security among the machine(s) that have a copy of the school root certificate (the private key part). If any of them gets compromised and the attacker gets a copy, he can do everything the school does, including interception and manipulation of traffic. If the school rates that as "low", then it assumes that users of the network don't do anything of personal importance, like online banking.

I don't. You are putting those words into my mouth. Most importantly, by me including things like creativity, ingenuity and craftsmanship, it should've been very, very obvious that my understanding includes skill and knowledge differences between people. I must assume you are intentionally trying to misunderstand me.

So if you call it labor or work or anything else is pure semantics to me. What's important is that wealth creation is done by people who do stuff. If they do it in their heads or with their hands is a detail. If they do it with bare hands or with tools is a detail.

I have absolutely no idea what you're talking about here. I've never invalidated money anywhere, on the contrary I've tried to explain how money gets value that is independent of its physical representation. How you arrive at an invalidation of money from there is a mystery to me.

You also make it virtually impossible for the average citizen to carry a firearm for self-defense, an activity that's allowed with very few questions in 43 of the 50 States. You can't even legally carry pepper spray in MA without a license, something that I'm pretty sure is allowed without a license in every other State in the Union.

Thanks, but no thanks. Plenty of States to choose from that don't regulate self-defense or abortion.

I got four letters for you:J-U-R-Y

I got some letters for you, too: Voir dire. This is the process wherein lawyers weed out all your peers in favor of compliant idiots. That's not what it's supposed to do, of course, but that's how it's used. It's then almost always followed by admonishment by the judge to the effect that the jury has to apply the law as written, with nothing at all about the jury's actual duty to evaluate the law -- in fact, if that's brought up, likely you'll have a mistrial.

If you go to court in the US, you can pretty much look forward to success in ratio with the money you spend on your lawyer, and how well your lawyer manages to pass that largesse along to the judge. And too bad if the judge thinks public opinion means more than your money.

Umm, seriously?

Doubt there is anything for a bus like this, but if you look at a Prius there is quite a bit of data on the maintenance costs.

The rengertice breaking saves on brake pad wear, to the point that Toyota reports they don't need replacment till 100,000 miles. The Power Shift transmission has fewer gear sets, resulting in less wear on them, and has no clutch, CVT belt, or torque converter. Plus there is no timing belt, alternator, starter. And since the ICE is not running all the time it's experiences less wear and Toyota reports you don't need to replace the coolant till around the 8 year mark.

Of course this is countered by the lump sum of the battery and expensive dealership rates for when repairs are needed; but this wouldn't be a comparable factor on this kind of bus since you'd need the manufacturer to repair it regardless; and the poor MPG the old ones had would more then makeup the cost of a replacement battery years down the line.

The NSA approves of this messege.