Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Are the CAs that do this revoked? (Score 2) 133

by kbonin (#49330167) Attached to: Chinese CA Issues Certificates To Impersonate Google

Agreed. The ONLY effective punishment for a CA that breaches trust or competence this poorly is to mark its roots as permanently untrusted. In a world that has set aside morals and ethics (or redefined them into doublespeak meaninglessness), the only punishment that will actually make corporations change their behavior are penalties that significantly exceed the full gains of breaking the rule or law. The related challenge is raising the certification bar, so this doesn't become a "whack a mole" with CCNIC2, CCNIC3, TOTALLY_NOT_CCNIC, etc...

Comment: Re:Brother HL-4040 Printers (Score 1) 190

by kbonin (#48711777) Attached to: Ask Slashdot: Best Options For a Standalone Offline Printing Station?

Also Brother MFC-8480DN, prints PDF fine from USB drives that originate from many different programs. Only print I ever had fail used Adobe DRM to protect one of the layers, had to print that from Windows, because the bits needed to remain secret before being reproduced on a piece of paper. (sigh)

Comment: DOA due to Liability shift to consumer... (Score 5, Insightful) 558

by kbonin (#48235069) Attached to: Rite Aid and CVS Block Apple Pay and Google Wallet

It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud. Add full access to your bank account to make the worst-case liability exposure whatever you have in your account, and privacy terms that allow them to use health related data that could have been protected under HIPPA. Tell me again why I would want to use this?

Comment: Snowden leaks: NSA data now used by DEA, others. (Score 5, Insightful) 191

by kbonin (#48056229) Attached to: Silk Road Lawyers Poke Holes In FBI's Story

Great link: http://www.alexaobrien.com/sec...

NSA programs PINWALE, MARINA, NUCLEON are now used to share their collected data (that isn't actually "collected" under new legal redefinition.) with DOD and who knows how many other agencies.

"Parallel Construction" is used to hide sources.

This is what happens when checks and balances decay in a system that has no honor or respect for what once made it great.

Comment: Stockholders come first, security isn't important. (Score 1) 205

by kbonin (#47318671) Attached to: The Security Industry Is Failing Miserably At Fixing Underlying Dangers

Working in this industry at several giant companies, the view is simple - the company works for the stockholders, the stockholders demand ever higher returns, and NOTHING the company does is nearly as important as increasing the short term stock price. So what money is spent on R&D will be spent chasing new "shiny" features and the absolute bare minimum level of security and bug fixes required to "continue leveraging the brand". In the mean time, the business will focus on increasing the productivity of its remaining workforce, and continue to look for new ways to innovate through outsourcing, off-shoring, right sizing, acquisitions, virtual workforces, and anything else that looks good on paper for short term gains while not requiring hiring new FTE (Full Time Engineers), at least domestically.

Comment: They haven't changed, read your licenses.... (Score 1) 742

by kbonin (#46317009) Attached to: "Microsoft Killed My Pappy"

Few examples:

MSDN lets you download software to develop and test against. I need to test some Microsoft software on various cloud providers. But before I do, I think I'll take a peek at my license agreements: http://msdn.microsoft.com/en-u...
    "Qualified MSDN Cloud Partners. To run software on third party shared servers you must:" ... "Deploy your licenses only with Windows Azure Platform Services or Qualified MSDN Cloud Partners."

Does your company / marketing dept. want to put a Windows Logo on your product? Check your license, you might have to dumb down your Android or iOS version to get it approved.

It goes on, and on... Yes, most companies ignore these, but they are still in the agreements. At its heart, Microsoft hasn't changed yet.

Comment: Re:Netflix (Score 1) 215

by kbonin (#44936375) Attached to: Apple Offers Refund To Stiffed Breaking Bad Season Pass Customers

While I won't argue about the convenience of Netflix (for movies and shows that appear there, once they do do appear), since I don't spend a great deal of time watching TV, its more practical for me to take my money that would otherwise go to Cable and/or Netflix and buy movies and TV shows on DVD or BD. That way, while the fine print does state that I'm only licensed to use the "video device" for personal non-commercial private viewing, I do have a growing library of insured high quality digital copies I may watch immediately anytime I want that cannot be revoked or disappear in an annual licensing negotiation, nor count against the steadily more constrained bandwidth available in most of the US. And someday when the courts uphold that the DMCA anti-circumvention clause may no longer invalidate the "space shifting" precedent, I'll be able to legally rip it all and have a legal mobile digital library of same content. (I know, I can dream...)

Comment: Re:Design != manufacture capability (Score 4, Insightful) 395

by kbonin (#43840109) Attached to: Chinese Hackers Steal Top US Weapons Designs

Yes, but manufacturing processes are often also obtainable documents. Any company who has set up good process control around their manufacturing lines has probably documented almost if not everything needed to recreate their subset of the secret sauce. Due to subcontracting these constitute a more distributed set of targets, and probably have local IT staff better capable of locking down their small networks than a megacorp oursourcing model would, but its probably all still there...

Comment: Re:Cost / Benefit issue... (Score 2) 441

by kbonin (#42019115) Attached to: It's Hard For Techies Over 40 To Stay Relevant, Says SAP Lab Director

Having spent about 10% of my career in embedded, I would agree that domain knowledge is of far higher importance in the embedded world. The knowledge base for tool chains and platforms needed to write production quality code on most embedded platforms is significantly than most desktop / server / web app worlds...

Comment: Cost / Benefit issue... (Score 4, Interesting) 441

by kbonin (#42018815) Attached to: It's Hard For Techies Over 40 To Stay Relevant, Says SAP Lab Director

Writing as someone coding professionally since the early 80s, in project teams sizes from 3 to 10k, and at the highest primarily engineering position I can achieve without becoming a non-coding manager (Systems Architect)...

As engineers age, they may gain experience, but productivity does often drop. We also have those pesky families and/or work-life balance goals. And an unfortunately repeating pattern for engineers is reaching a point where they now think they know everything they need to, and learning grinds down, sometimes to nothing. If they only work on legacy code that might be OK if no innovation is required. Domain knowledge is difficult to quantify the value of, and varies greatly by organization and project, and I would argue that all seniors should work hard at making sure this is clearly documented AND passed down.

Most companies are happy to keep a few older experienced engineers around to try and direct teams of young high productivity programmers (no family / life, willing to work 60-100 hour weeks) and attempt to mentor them to make less mistakes. Increasingly these teams are in low cost regions, most commonly India.

I would begrudgingly agree that in most cases, in terms of a cost / benefit analysis of 'value to the organization / stockholder', which is what really matters, this is true a statistically significant percentage of the time.

Of course, most of the time comments like this are merely the result of a HR directive to cull expensive engineers to reduce payroll and make room for more low cost region 'resources', driven by a suit that doesn't understand the full value of their older engineers. Unfortunately we live in a world where most important decisions are made by MBAs without a clue. Older engineers must learn to make sure the layers above them understand their real value to the organization.

Comment: Re:Domestic Drones w/ ADS-B transponders = trackab (Score 2) 223

by kbonin (#41830841) Attached to: More Drones Set To Use US Air Space

I would imagine that if this evolves it will end up having constraints attached to it along the lines of the prohibitions on retransmitting or relaying information from other protected radio frequencies. While there are useful reasons to translate and distribute general flight tracking information, I'd be willing to bet that either these services are forced to omit law enforcement transponders altogether, or there will be automated gag orders on such sites regarding to drones under certain circumstances such as pending activity (selective availability on drone tracking data?)

In any case, I would imagine that if you want accurate local drone data you'll have to collect it yourself.

As others have now posted this is possible on the cheap: RTL-SDR software over DVB-T dongles based on Realtek RTL2832U (supposedly as cheap as $20) provide a receiver, and GNU Radio with gr-air-modes gives you decoded ADS-B data streams on a decent PC.

"You're a creature of the night, Michael. Wait'll Mom hears about this." -- from the movie "The Lost Boys"