Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:You think 7 vaccines is a lot? (Score 3) 341

by thermowax (#49524397) Attached to: Study Confirms No Link Between MMR Vaccine and Autism

You are aware, are you not, that mothers pass antibodies to the fetus during the last trimester because they share, oh, I don't know, BLOOD?! There's even a name for it: 'passive immunity". Antibodies are also heavily transferred during the first couple of weeks' breast milk.

Their effect tapers off after a couple of months, which is why vaccines are necessary. (Or if the mother hasn't had a disease or its vaccine).

Comment: Re:Yep. (Score 1) 294

by thermowax (#49488313) Attached to: IT Worker's Lawsuit Accuses Tata of Discrimination

Snort. It's not always that way. Maybe in any Silicon Valley workplace loaded with semi-adolescent/self-absorbed/hipster geeks and PHBs (I've been there)- but there is actually a subset of the geek population that is quiet, thoughtful, polite, reasonably socially adept, extremely smart, and devoted to the mission over their own personal gain. For optimal results, add good management that recognizes the value of an employee that is a team player and not a prima donna that needs to be "tamed".

It's about being professional.

Comment: Yep. (Score 5, Interesting) 294

by thermowax (#49486889) Attached to: IT Worker's Lawsuit Accuses Tata of Discrimination

The comments below that article are interesting, and they- as well as the article- mirror my experience exactly.

I used to work for a domestic (US) majority (65%+) Indian company. Not small, at least 5,000 people. The CEO and CFO were Indian, and the rest followed. Not knowing their H1-B figures, I distinctly got the impression they were using the place for an immigration/sponsorship factory for their friends, extended family, caste, whatever. Management? Virtually 100% Indian. Layoffs? Huh, no Indians in that round, either. It was pretty obvious how non-Indians were treated like crap, but no one was in a law-suitin' mood because this was just after the dot-bomb crash and tech jobs weren't falling off the trees anymore. I realize everyone is an individual, blah, blah, but it seems endemic to native Indian culture that if you're not Indian you ain't shit.

I'm probably going to get yelled at for saying this, but the thing that pissed me off the most- another cultural thing- is that they weren't interested in working together (amongst themselves or with non-Indians) to find the best solution to a problem. Technical discussions always degenerated into dick waving arguments. They were more interested in getting *their* solution jammed through for a personal victory than the greater good. It was disgusting.

Comment: Jesus, we're fucked. (Score 5, Insightful) 351

by thermowax (#48898089) Attached to: Americans Support Mandatory Labeling of Food That Contains DNA

This showed up in The Washington Post a week ago... and I'm still aghast.

Slashdot has classified this as a "humour" story, but I find it simply frightening. There's always going to be a certain quantity of dullards on the left end of the curve, but... 80%?! 80% of Americans are unfamiliar with one of, if not *the* most fundamental concepts of biology? This isn't "Dihydrogen Monoxide" trickery, DNA is DNA and it's functionality is taught in high school- usually repeatedly.

However, the thing that really, really scares me and keeps me awake at night is that *these fuckers vote*.

Comment: Re:Re-educate about crime (Score 1) 481

by thermowax (#48524815) Attached to: Cops 101: NYC High School Teaches How To Behave During Stop-and-Frisk

>> Can we talk about the culture of crime that exists among rich white men in the financial industry?

Oh, shut the fuck up, you weak-minded twat. I'm beyond tired of hearing this useless analogy trotted out as though it's somehow compensatory. I'll tell you "Why is that?": Relatively speaking, I, and I suspect most people, really don't give that much of a shit about white-collar crime. If something happened that affected me personally somehow- and I don't mean in the greater "it costs all of us" sense, like insurance fraud- you bet I'd be pissed.

But I wouldn't be dead. Or worse. Gunshot- or beating-induced paralysis is quite the bitch. I might wind up poor, but I'd still be around to play with my kids, run in the park, that kind of wonderful mundane nonsense.

*That's* what people are concerned about. And *that's* the kind of violent crime perpetrated, vastly disproportionate to their numbers in society, by "brown and black people".

Comment: Chambers needs to go. (Score 1) 148

by thermowax (#48176747) Attached to: Cisco Exec: Turnover In Engineering No Problem

I've been working with Cisco gear since 1992 or so, and I've seen a continuous drive to crap. Once rock solid products are now feature- and bug- bloated, impregnable silos exist between the product lines, support simply sucks on both an account team and TAC level... and every time Chambers puts forth a quarterly report he doesn't seem to have anything good to say. (Mind you, I appreciate honesty, but sometimes as CEO you have to sell the company a little).

Perhaps if they spent a little more time preventing the attrition of decent people they'd see some benefits.

Comment: Re:Network-based IPS and IDS are obsolete (Score 2) 60

by thermowax (#47581059) Attached to: Multipath TCP Introduces Security Blind Spot

"Your IDS/IPS cannot look inside SSL traffic, either, which could contain exploit code (conveniently packed and encrypted by the SSL container)."

You might want to go read up on SSLStrip before you make that assertion. There are a bunch of other utilities that do basically the same thing, but their names escape me at the moment.

Admittedly, SSLStrip relies (generally) on the target ignoring the bad cert warning, but if you've compromised the target and inserted your root CA into the "trusted" list, well... no more warning. And, as someone else mentioned, if you're a netadmin and control the end nodes, there are lots of companies that will sell you inline appliances that will do exactly the same thing- completely transparently.

WebSense and PaloAlto 6.0- and probably others- will even let you take the cleartext off-box for DLP, or "archiving".

How much you want to bet that one of the trusted root CAs distributed with all browsers (eg, VeriSign) is an NSA plant? Trust no one.

+ - Massachusetts SWAT teams claim they're private corporations, immune to oversight->

Submitted by thermowax
thermowax writes: Massachusetts SWAT teams claim they’re private corporations, immune from open records laws. Kind of amusing this is in arch-Liberal Mass, but enough editorializing: I don't even know where to start here. No FOIA demands, no investigations, or reviews... the police state gets more real on a daily basis.
Link to Original Source

Comment: Re: Nothing "near" about it (Score 1) 236

Amusingly, if you go to the Smithsonian Museum of Technology (iirc) there is/was a display of some Bell Labs stuff where they were (until fiber immediately- at the time- made it obsolete) doing *exactly that*. Little 1cm or so tubes, carefully soldered together, to form microwave waveguides.

I bet you could pick that patent up for cheap... er, maybe not any more.

Comment: Re:Political stunt (Score 2) 256

by thermowax (#43078165) Attached to: White House Urges Reversal of Ban On Cell-Phone Unlocking

Not debating your points, but I'd like to see people stop regurgitating the bullshit fucking meme about "half the people are below average". Half the people are below the *median*. Half the people are below the *mean* only if the data happen to fall that way, a perfect bell curve being one distribution for which this is true.

Data: 1, 1, 1, 1, 10. (n=5).
Mean: 2.8.
Q: How many points are below the mean? (Hint: it ain't 2.5.)

Comment: Hmm, books causing life pivots. (Score 1) 700

by thermowax (#41638563) Attached to: Ask Slashdot: What Books Have Had a Significant Impact On Your Life?

1. Out of The Inner Circle, Landreth. Read this in 1986 or so when it originally came out. Holy shit, did that change my life. It put me on the vector that, among other things, has me reading Slashdot today.
2. M*A*S*H- Hooker. Besides being ripping funny, introduced me to the concept that if you're really good at what you do, you can get away with a lot. A whole lot.
3. 1980 Signetics Linear IC Databook. Never underestimate the learning capability of a curious kid on a remote farm with no internet access ('cause it didn't exist. Well, not as we know it.)
4. War Games. Yeah, so it's a movie, but life-changing nonetheless. See items 1-3.

Comment: Re:They don't enforce snooping on everything (Score 1) 782

by thermowax (#40349079) Attached to: Ask Slashdot: What's Your Take On HTTPS Snooping?

No, not really, at least not in my experience. The primary motivation is to be able to peer into SSL/TLS traffic to see if there's malware using it as a transport. Internet caching is... well, I won't say a dead technology, but at least in the enterprises where I've worked bandwidth is sufficiently cheap (and caching proxies tend to break stuff unpredictably) that they typically don't bother.

Consider: if you don't block 443, and you don't decrypt/examine it, that's a wiiiide open hole out of your network for any botnet members to phone home or exfiltrate data... or a host of other things. It's a real problem.

Comment: Re:They don't enforce snooping on everything (Score 5, Informative) 782

by thermowax (#40349033) Attached to: Ask Slashdot: What's Your Take On HTTPS Snooping?


The https proxy server is trusted as a signing CA. It generates server certs real-time for any requested https content, then retrieves the content for you on the other side- via it's own https session- before sending it back to you. Since the proxy is trusted by your browser, it doesn't complain.

Without getting into a protracted discussion about x.509 certs and their completely fucked implementation, suffice to say that while the proxy can effectively decrypt your https traffic, noone else can. There's still a reasonable amount of security there.

Although it depends a great deal on the proxy admin to keep it secure...

Comment: Re:Let's just be clear about that. (Score 1) 273

by thermowax (#39610559) Attached to: Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages

You're almost right. There are a number of commercial appliances (Websense makes one, which I've deployed for corporate use) that do exactly this so the corporate powers-that-be can peer into SSL encrypted traffic. This is generally (hopefully) for IDS/IPS purposes.

The key is that:

1. Corporate workstations have to be loaded with a CA cert generated by the appliance so they trust all certs issued by the appliance, and
2. The fake server certs are generated *real time*. Pre-generation isn't necessary.

So the reality is that this happens every day if you're running one of these systems. You raise an interesting point, though, that if a CA with their CA cert already in browser distros did this, it would be pretty much undetectable. However, then anyone with one of those appliances could do this man-in-the-middle attack, rendering the CA's infrastructure/reputation worthless. Additionally, they'd have the CA's private key, which is the crown jewel of a CA- so I doubt that would happen.

Now, if someone maliciously inserted their CA key into a browser distro, well, that opens the door for all kinds of fun...


Elegance and truth are inversely related. -- Becker's Razor