Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:bad but creating false evidence trails is worse (Score 3, Insightful) 46

by kbonin (#49447087) Attached to: The DEA Disinformation Campaign To Hide Surveillance Techniques

"Parallel Construction" is a fundamental part of police work now. When Federal law enforcement orders local law enforcement to lie to judges and prosecutors (Stingrays, etc.), whats really left? The last few generations of law enforcement, and the continuing example from the top of the executive branch on down, makes it clear that it is now perfectly acceptable and even expected if not required behavior to lie to everyone, including other branches of government. The historical checks and balances are almost all gone now...

Comment: Re:Are the CAs that do this revoked? (Score 2) 139

by kbonin (#49330167) Attached to: Chinese CA Issues Certificates To Impersonate Google

Agreed. The ONLY effective punishment for a CA that breaches trust or competence this poorly is to mark its roots as permanently untrusted. In a world that has set aside morals and ethics (or redefined them into doublespeak meaninglessness), the only punishment that will actually make corporations change their behavior are penalties that significantly exceed the full gains of breaking the rule or law. The related challenge is raising the certification bar, so this doesn't become a "whack a mole" with CCNIC2, CCNIC3, TOTALLY_NOT_CCNIC, etc...

Comment: Re:Brother HL-4040 Printers (Score 1) 190

by kbonin (#48711777) Attached to: Ask Slashdot: Best Options For a Standalone Offline Printing Station?

Also Brother MFC-8480DN, prints PDF fine from USB drives that originate from many different programs. Only print I ever had fail used Adobe DRM to protect one of the layers, had to print that from Windows, because the bits needed to remain secret before being reproduced on a piece of paper. (sigh)

Comment: DOA due to Liability shift to consumer... (Score 5, Insightful) 558

by kbonin (#48235069) Attached to: Rite Aid and CVS Block Apple Pay and Google Wallet

It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud. Add full access to your bank account to make the worst-case liability exposure whatever you have in your account, and privacy terms that allow them to use health related data that could have been protected under HIPPA. Tell me again why I would want to use this?

Comment: Snowden leaks: NSA data now used by DEA, others. (Score 5, Insightful) 191

by kbonin (#48056229) Attached to: Silk Road Lawyers Poke Holes In FBI's Story

Great link:

NSA programs PINWALE, MARINA, NUCLEON are now used to share their collected data (that isn't actually "collected" under new legal redefinition.) with DOD and who knows how many other agencies.

"Parallel Construction" is used to hide sources.

This is what happens when checks and balances decay in a system that has no honor or respect for what once made it great.

Comment: Stockholders come first, security isn't important. (Score 1) 205

by kbonin (#47318671) Attached to: The Security Industry Is Failing Miserably At Fixing Underlying Dangers

Working in this industry at several giant companies, the view is simple - the company works for the stockholders, the stockholders demand ever higher returns, and NOTHING the company does is nearly as important as increasing the short term stock price. So what money is spent on R&D will be spent chasing new "shiny" features and the absolute bare minimum level of security and bug fixes required to "continue leveraging the brand". In the mean time, the business will focus on increasing the productivity of its remaining workforce, and continue to look for new ways to innovate through outsourcing, off-shoring, right sizing, acquisitions, virtual workforces, and anything else that looks good on paper for short term gains while not requiring hiring new FTE (Full Time Engineers), at least domestically.

Comment: They haven't changed, read your licenses.... (Score 1) 742

by kbonin (#46317009) Attached to: "Microsoft Killed My Pappy"

Few examples:

MSDN lets you download software to develop and test against. I need to test some Microsoft software on various cloud providers. But before I do, I think I'll take a peek at my license agreements:
    "Qualified MSDN Cloud Partners. To run software on third party shared servers you must:" ... "Deploy your licenses only with Windows Azure Platform Services or Qualified MSDN Cloud Partners."

Does your company / marketing dept. want to put a Windows Logo on your product? Check your license, you might have to dumb down your Android or iOS version to get it approved.

It goes on, and on... Yes, most companies ignore these, but they are still in the agreements. At its heart, Microsoft hasn't changed yet.

Comment: Re:Netflix (Score 1) 215

by kbonin (#44936375) Attached to: Apple Offers Refund To Stiffed Breaking Bad Season Pass Customers

While I won't argue about the convenience of Netflix (for movies and shows that appear there, once they do do appear), since I don't spend a great deal of time watching TV, its more practical for me to take my money that would otherwise go to Cable and/or Netflix and buy movies and TV shows on DVD or BD. That way, while the fine print does state that I'm only licensed to use the "video device" for personal non-commercial private viewing, I do have a growing library of insured high quality digital copies I may watch immediately anytime I want that cannot be revoked or disappear in an annual licensing negotiation, nor count against the steadily more constrained bandwidth available in most of the US. And someday when the courts uphold that the DMCA anti-circumvention clause may no longer invalidate the "space shifting" precedent, I'll be able to legally rip it all and have a legal mobile digital library of same content. (I know, I can dream...)

Comment: Re:Design != manufacture capability (Score 4, Insightful) 395

by kbonin (#43840109) Attached to: Chinese Hackers Steal Top US Weapons Designs

Yes, but manufacturing processes are often also obtainable documents. Any company who has set up good process control around their manufacturing lines has probably documented almost if not everything needed to recreate their subset of the secret sauce. Due to subcontracting these constitute a more distributed set of targets, and probably have local IT staff better capable of locking down their small networks than a megacorp oursourcing model would, but its probably all still there...

Comment: Re:Cost / Benefit issue... (Score 2) 441

by kbonin (#42019115) Attached to: It's Hard For Techies Over 40 To Stay Relevant, Says SAP Lab Director

Having spent about 10% of my career in embedded, I would agree that domain knowledge is of far higher importance in the embedded world. The knowledge base for tool chains and platforms needed to write production quality code on most embedded platforms is significantly than most desktop / server / web app worlds...

Comment: Cost / Benefit issue... (Score 4, Interesting) 441

by kbonin (#42018815) Attached to: It's Hard For Techies Over 40 To Stay Relevant, Says SAP Lab Director

Writing as someone coding professionally since the early 80s, in project teams sizes from 3 to 10k, and at the highest primarily engineering position I can achieve without becoming a non-coding manager (Systems Architect)...

As engineers age, they may gain experience, but productivity does often drop. We also have those pesky families and/or work-life balance goals. And an unfortunately repeating pattern for engineers is reaching a point where they now think they know everything they need to, and learning grinds down, sometimes to nothing. If they only work on legacy code that might be OK if no innovation is required. Domain knowledge is difficult to quantify the value of, and varies greatly by organization and project, and I would argue that all seniors should work hard at making sure this is clearly documented AND passed down.

Most companies are happy to keep a few older experienced engineers around to try and direct teams of young high productivity programmers (no family / life, willing to work 60-100 hour weeks) and attempt to mentor them to make less mistakes. Increasingly these teams are in low cost regions, most commonly India.

I would begrudgingly agree that in most cases, in terms of a cost / benefit analysis of 'value to the organization / stockholder', which is what really matters, this is true a statistically significant percentage of the time.

Of course, most of the time comments like this are merely the result of a HR directive to cull expensive engineers to reduce payroll and make room for more low cost region 'resources', driven by a suit that doesn't understand the full value of their older engineers. Unfortunately we live in a world where most important decisions are made by MBAs without a clue. Older engineers must learn to make sure the layers above them understand their real value to the organization.

The UNIX philosophy basically involves giving you enough rope to hang yourself. And then a couple of feet more, just to be sure.