Back on form
Let me be first!
"THREE HUNDRED AND SIXTY DEGREE FEEDBACK!" the PFY gasps "SOUNDS FANTASTIC!!!" "Really?" the Boss says doubtfully... "Somehow I thought that you wouldn't be all that keen." "Au contraire," the PFY responds. "We here and Systems and Networks are only too keen to know the thoughts and feelings of our clientele. We hope to …
"And the rest is history – and we all know whom history is written by.
The Proxy... ®"
And who writes the future for its historic fundamental base/enlightened source ...... Noble Sages/Foxy Savages/SMART Machines?
Yes, of course they do.
Around 12 volts, if memory serves. But, they also come with a hefty battery. Given the addition of DC-to-AC at one end, a long line of AC capacitor+diode voltage steppers, and finishing with a few diodes and some really big inductors... you can turn a long, tingly zap into a short, leaves-a-crater zap. Plus, that lovely resonance in the human body causes certain frequencies to be much more devastating than others.
Actually you don't need to recompile the browser to intercept SSL wrapped sessions.
Just install your own Trusted Certificate Authority certificate on the employee's machines.
SSL session between the browser and the proxy uses a made up on the fly cert for www,whateversite.com and the browser trusts it as a valid cert because it has been signed by BOFHsign CA which it trusts :)
So when at work worth checking actually who signed that cert you are trusting by clicking on that padlock :)
Our nanny filter does a similar trick in order to sniff https sessions.
Firefox, IE, and Chrome all see through it when they try to verify the site's actual certificate, though. It could also be that it's not a root level wildcard cert. (which we probably should do, but that's playing with the kind of fire that we'd rather not play with.)
Why would you trust that the browser would tell you who signed the certificate?
Also, the proxy will detect when you try to download a compiler, and instead send you a modified version of said compiler. When you compile the source for your browser, the compiler will detect that you are trying to compile a browser and insert the desired anti-privacy features.
You cannot create a trusted environment in an untrusted one.
This one just felt really weak. Normally I don't complain but I much prefer actual victimisation of users, not just the promise of victimisation.
Now how about a toilet refitted with retractable automated cattle prod and voice recognition?
<groan> <thwup... kzeeert>
Perfect way to catch problem users (all users unless proven otherwise probably...) when they least expect it.
Your classic battery-powered bovine-moving gimcrack uses a switch and relay to interrupt a DC current, supplying half a fairly square AC wave to the primary windings of a coil with a much larger secondary winding. Higher albeit amperically attenuated voltage results. That's the basic principle - generate, mirror, boost, tune etc. thereafter as you please. Send SAE for basic plans.
git along little doggy