Actually dont see how you can have PFS on DHE either if one of the endpoints doesnt co-operate. You can simply dump the master keys and provide those to the decrypting app.
If I tell you a secret, and you tell someone else ... there's not a lot I can do a about that. If you don't want a third party to be able to hand over your plaintext (or store it) -- don't give them your plaintext (or a means to access your plaintext).
Similarly, if I send you a PGP encrypted email, I can't know if you decrypt that and hand it over to someone else (willingly or unwittingly).
I can though, still assume that if I send you a GPG encrypted email to your gmail account - I've only got to worry about _you_ leaking the contents, not Google.
Oh, absolutely. I just wanted to point out that if you're communicating with google, you're communicating with google -- so even if they enable perfect forward secrecy over smtp/tls -- that's not a 100% fix.
It is still better than them not enabling it -- because if we can assume they do not log the data by default, on their own (aka: we can trust google) -- old data won't be accessible once a (theoretical) new warrant arrives.
I work in deep packet analytics and have interacted with several telcos and vendors. If you are developing a packet analytics or metrics product the temptation to tap into your production traffic, if only for validating your product is too strong. In our segment, access to live traffic is the primary "raw material" to develop, test, and enhance the products. So they may not use your data to "spy" but there is no protection against your data making it into packet captures (tcpdumps or pcaps) which then acquire a life of their own. I am not saying Nokia does this, but that any telco/vendor including this one who makes packet analysis products has to fight the temptation not to do it.
I would never ever use a service that decrypts HTTPS traffic. How do we know that the other side is encrypted ? For all you know, the other side of the proxy could not even use SSL for services that offer both modes (google,facebook,twitter, etc etc).
I think the OP is balancing the economic costs of firing with the psychological advantages to be had by chucking him and clearing his mind. If the guy wasnt "close to indispensible", he'd likely be gone by now. One way out could be to bring some other employees up to speed and then fire the guy.
Overall I agree with the top comment. Having the guy around for long would inflict a negative air at the top that might permeate the entire organization. Gotta go for sure.
I had one too in India when I was 13. The ZX Spectrum 48K. Loved it to death. Magazines were a bit hard to come by here, but I managed to get my hands on one book, I think it was called "Machine code with ZXSpectrum". I remember a program called HELPA, which you had to first enter by hand, then you could use that to enter machine code. I remember writing my first program using HELPA, a block which would change colors randomly. I still remember being stunned by how much faster machine code was compared to BASIC.
Also cant forget my favorite game at the time - Highway Encounter.
Puzzle solving ability is a reliable indicator only if the candidate hasnt specifically prepared for them. Many Indian IT companies in the mid-late 90's conducted exams with difficult programming puzzles in them. This was great for a while, but soon those who wrote these exams told everyone else and the puzzle pool dried up. Future groups scored really well due to being better prepared against a known pool of puzzles. These days most IT companies have moved on to SAT/GRE style analytical problems.
Imagine your luck if you are at a Google interview and already know the Pascal triangle. You can just put up an act pretending to analyze various aspects before unveiling your grand solution.
If companies are merely using analytical ability as a filter, a SAT/GRE style exam will do better because the problem pool is much larger making it less vulnerable to preparation.
Great point. I wonder how the Freemium model works for something like Splunk. Do free users constitute a completely different universe or there is significant conversion of free to paying users ?
Well given that free Splunk won't index any useful amount of data, and the pricing is so high that it can only work for corporations, I can only see Splunk working as a license-enforcing trial.
I am Indian and I wish we would lighten up. Things aren't pure as milk here either. There are quite a few Indian companies which ask their employees to use Western names while creating online content such as on support forums, twitter accounts, etc.
How else can you pull this off unless you design to image to be as close to organic results as possible ? But I wonder what happens if the site owner decides to change the styles, the image would then foolishly look fake.
The rating stars however are a different story and are definitely in the dark gray area (say at #333). The "rated by lots" will make users draw a comparison with the other unpaid listings without realizing it is fake, atleast in the sense the other stars arent fake.
Actually dont see how you can have PFS on DHE either if one of the endpoints doesnt co-operate. You can simply dump the master keys and provide those to the decrypting app.