Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Jesus, we're fucked. (Score 5, Insightful) 351

by thermowax (#48898089) Attached to: Americans Support Mandatory Labeling of Food That Contains DNA

This showed up in The Washington Post a week ago... and I'm still aghast.

Slashdot has classified this as a "humour" story, but I find it simply frightening. There's always going to be a certain quantity of dullards on the left end of the curve, but... 80%?! 80% of Americans are unfamiliar with one of, if not *the* most fundamental concepts of biology? This isn't "Dihydrogen Monoxide" trickery, DNA is DNA and it's functionality is taught in high school- usually repeatedly.

However, the thing that really, really scares me and keeps me awake at night is that *these fuckers vote*.

Comment: Re:Re-educate about crime (Score 1) 481

by thermowax (#48524815) Attached to: Cops 101: NYC High School Teaches How To Behave During Stop-and-Frisk

>> Can we talk about the culture of crime that exists among rich white men in the financial industry?

Oh, shut the fuck up, you weak-minded twat. I'm beyond tired of hearing this useless analogy trotted out as though it's somehow compensatory. I'll tell you "Why is that?": Relatively speaking, I, and I suspect most people, really don't give that much of a shit about white-collar crime. If something happened that affected me personally somehow- and I don't mean in the greater "it costs all of us" sense, like insurance fraud- you bet I'd be pissed.

But I wouldn't be dead. Or worse. Gunshot- or beating-induced paralysis is quite the bitch. I might wind up poor, but I'd still be around to play with my kids, run in the park, that kind of wonderful mundane nonsense.

*That's* what people are concerned about. And *that's* the kind of violent crime perpetrated, vastly disproportionate to their numbers in society, by "brown and black people".

Comment: Chambers needs to go. (Score 1) 148

by thermowax (#48176747) Attached to: Cisco Exec: Turnover In Engineering No Problem

I've been working with Cisco gear since 1992 or so, and I've seen a continuous drive to crap. Once rock solid products are now feature- and bug- bloated, impregnable silos exist between the product lines, support simply sucks on both an account team and TAC level... and every time Chambers puts forth a quarterly report he doesn't seem to have anything good to say. (Mind you, I appreciate honesty, but sometimes as CEO you have to sell the company a little).

Perhaps if they spent a little more time preventing the attrition of decent people they'd see some benefits.

Comment: Re:Network-based IPS and IDS are obsolete (Score 2) 60

by thermowax (#47581059) Attached to: Multipath TCP Introduces Security Blind Spot

"Your IDS/IPS cannot look inside SSL traffic, either, which could contain exploit code (conveniently packed and encrypted by the SSL container)."

You might want to go read up on SSLStrip before you make that assertion. There are a bunch of other utilities that do basically the same thing, but their names escape me at the moment.

Admittedly, SSLStrip relies (generally) on the target ignoring the bad cert warning, but if you've compromised the target and inserted your root CA into the "trusted" list, well... no more warning. And, as someone else mentioned, if you're a netadmin and control the end nodes, there are lots of companies that will sell you inline appliances that will do exactly the same thing- completely transparently.

WebSense and PaloAlto 6.0- and probably others- will even let you take the cleartext off-box for DLP, or "archiving".

How much you want to bet that one of the trusted root CAs distributed with all browsers (eg, VeriSign) is an NSA plant? Trust no one.

+ - Massachusetts SWAT teams claim they're private corporations, immune to oversight->

Submitted by thermowax
thermowax (179226) writes "Massachusetts SWAT teams claim they’re private corporations, immune from open records laws. Kind of amusing this is in arch-Liberal Mass, but enough editorializing: I don't even know where to start here. No FOIA demands, no investigations, or reviews... the police state gets more real on a daily basis."
Link to Original Source

Comment: Re: Nothing "near" about it (Score 1) 236

Amusingly, if you go to the Smithsonian Museum of Technology (iirc) there is/was a display of some Bell Labs stuff where they were (until fiber immediately- at the time- made it obsolete) doing *exactly that*. Little 1cm or so tubes, carefully soldered together, to form microwave waveguides.

I bet you could pick that patent up for cheap... er, maybe not any more.

Comment: Re:Political stunt (Score 2) 256

by thermowax (#43078165) Attached to: White House Urges Reversal of Ban On Cell-Phone Unlocking

Not debating your points, but I'd like to see people stop regurgitating the bullshit fucking meme about "half the people are below average". Half the people are below the *median*. Half the people are below the *mean* only if the data happen to fall that way, a perfect bell curve being one distribution for which this is true.

Data: 1, 1, 1, 1, 10. (n=5).
Mean: 2.8.
Q: How many points are below the mean? (Hint: it ain't 2.5.)

Comment: Hmm, books causing life pivots. (Score 1) 700

by thermowax (#41638563) Attached to: Ask Slashdot: What Books Have Had a Significant Impact On Your Life?

1. Out of The Inner Circle, Landreth. Read this in 1986 or so when it originally came out. Holy shit, did that change my life. It put me on the vector that, among other things, has me reading Slashdot today.
2. M*A*S*H- Hooker. Besides being ripping funny, introduced me to the concept that if you're really good at what you do, you can get away with a lot. A whole lot.
3. 1980 Signetics Linear IC Databook. Never underestimate the learning capability of a curious kid on a remote farm with no internet access ('cause it didn't exist. Well, not as we know it.)
4. War Games. Yeah, so it's a movie, but life-changing nonetheless. See items 1-3.

Comment: Re:They don't enforce snooping on everything (Score 1) 782

by thermowax (#40349079) Attached to: Ask Slashdot: What's Your Take On HTTPS Snooping?

No, not really, at least not in my experience. The primary motivation is to be able to peer into SSL/TLS traffic to see if there's malware using it as a transport. Internet caching is... well, I won't say a dead technology, but at least in the enterprises where I've worked bandwidth is sufficiently cheap (and caching proxies tend to break stuff unpredictably) that they typically don't bother.

Consider: if you don't block 443, and you don't decrypt/examine it, that's a wiiiide open hole out of your network for any botnet members to phone home or exfiltrate data... or a host of other things. It's a real problem.

Comment: Re:They don't enforce snooping on everything (Score 5, Informative) 782

by thermowax (#40349033) Attached to: Ask Slashdot: What's Your Take On HTTPS Snooping?


The https proxy server is trusted as a signing CA. It generates server certs real-time for any requested https content, then retrieves the content for you on the other side- via it's own https session- before sending it back to you. Since the proxy is trusted by your browser, it doesn't complain.

Without getting into a protracted discussion about x.509 certs and their completely fucked implementation, suffice to say that while the proxy can effectively decrypt your https traffic, noone else can. There's still a reasonable amount of security there.

Although it depends a great deal on the proxy admin to keep it secure...

Comment: Re:Let's just be clear about that. (Score 1) 273

by thermowax (#39610559) Attached to: Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages

You're almost right. There are a number of commercial appliances (Websense makes one, which I've deployed for corporate use) that do exactly this so the corporate powers-that-be can peer into SSL encrypted traffic. This is generally (hopefully) for IDS/IPS purposes.

The key is that:

1. Corporate workstations have to be loaded with a CA cert generated by the appliance so they trust all certs issued by the appliance, and
2. The fake server certs are generated *real time*. Pre-generation isn't necessary.

So the reality is that this happens every day if you're running one of these systems. You raise an interesting point, though, that if a CA with their CA cert already in browser distros did this, it would be pretty much undetectable. However, then anyone with one of those appliances could do this man-in-the-middle attack, rendering the CA's infrastructure/reputation worthless. Additionally, they'd have the CA's private key, which is the crown jewel of a CA- so I doubt that would happen.

Now, if someone maliciously inserted their CA key into a browser distro, well, that opens the door for all kinds of fun...


Comment: Re:Do you even bother to edit submissions anymore? (Score 1) 185

by thermowax (#38348028) Attached to: Researchers Create a Statistical Guide To Gambling

Sigh. Not always. You have to look for positive expectation games in casinos, but they can be found. Google "positive expectation video poker" if you don't believe me.

Also, there's card counting at blackjack, of course, but you'll be detected quickly and summarily removed.

That said, if becoming a VP playing drone is your idea of fun, that's your business. I'm there for the free beer and to have fun, and I'm willing to pay a nominal fee to do so. Playing craps, getting loaded, and minimizing that fee are what I enjoy. Did you know that depending on how you play craps, you can make the house advantage asymtotically approach zero?


Comment: Well, not really. (Score 1) 212

by thermowax (#38014482) Attached to: With Troop Drawdown, IT Looks To Hire More Vets

I've worked in a number of military-oriented institutions (TLAs, if you get me) and while I have nothing but respect for the warfighter, I rarely found any of them to be technical superstars. Like any population, there were a few, but overwhelmingly they were put-the-square-peg-in-the-square-hole guys. They could memorize a manual and know everything about a piece of equipment (well, on a sysadmin level), but innovation was not their strong suit. At all.

And this is why the government/military has had and will continue to have immense problems attracting really, *really* good people to work in their CyberCorps or whatever they're calling it now. There's too much procedure in those circles; good techies quickly go insane.

One thing I did find, though, was that *usually* the officers had damn good project management skills and knew how to solve problems, support their people, and get the job done. That skillset is really universally applicable to all fields, though, and not just IT.

The tao that can be tar(1)ed is not the entire Tao. The path that can be specified is not the Full Path.