Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Linux On a Motorola 68000 Solder-less Breadboard

Rene S. Hollan Re:Awesome (99 comments)

Kudos.

The first computer I built used a 6809 and ran either Flex or a homebrew monitor.

I have PLENTY of experience with AMOS on 68k systems. As Caroll Oconnor and Jean Stapleton sang: "Those were the days!"

7 hours ago
top

Meet Carla Shroder's New Favorite GUI-Textmode Hybrid Shell, Xiki

Rene S. Hollan Re:Xiki Sucks.. (176 comments)

Some of us might consider that a feature.

about 5 months ago
top

'Godfather of Ecstasy,' Chemist Sasha Shulgin Dies Aged 88

Rene S. Hollan Re:It's just sad... (164 comments)

I lived withing spitting distance of a meth house a couple of years ago, in a nice neighborhood. Wouldn't have known anything were it not for the fact that it got raided. 'Course compared to LSD, Meth is nasty.

about 6 months ago
top

Ask Slashdot: What Inspired You To Start Hacking?

Rene S. Hollan Re:I was born at the right time... (153 comments)

Conversely, I didn't dabble much with cassettes. The business for which I coded, very briefly used a cassette deck to load BASIC into the Altair, but switched to 8" hard-sectored floppy drives (being a business, it had "infinite financial resources" compared to my meager means, for some value of "infinite") very quickly: fiddling with the level settings and waiting eight minutes to load BASIC (after enterring the cassette bootloader by hand from the front panel) was not practical.

I DID once write a loader for that same Altair 8800 that used a TI Silent 700 with dual digital cassette heads that recorded at 5120 bps (IIRC) on digital cassettes (or high quality cassettes with a hole punched at the right spot in the leader :-) ).

I guess the punched card thing was more of a mainframe/mini-computer thing. When I started my undergraduate degree in 1979 most programming at the university was still done on punched cards and run "batch". We did have a row of ten DecWriters, and an express CRT terminal, but there were more punch card machines available. When accounts were issued, they were in the form of orange "control" punched card (80 column) "ACCOUNT command" cards. More mainframe CRT terminals were added over time, and were covetted because they were 1) faster than the DecWriters at 1200 bps over current-loop interfaces, and 2) didn't suffer the inconvenience of having to constantly go get scrap paper (and ensure that someone didn't comandeer your DecWriter!). The downside was that they displayed 24 rows of 80 colums text. So, having got a clean compile, one of the first things one would do was request a printout from the mainframe printers.

What I would do was code on the terminals, and at the end of the term, or when I was running out of my very small disk space allotment, get special permission to have my programs punched on cards for posterity. I got "mag tape" privileges about 1980/81 but realize that the recording density was 1600 bpi (later 6250) and the longest tape real was 2400 feet, so about five megabytes on a long tape (later 22.5 MB, but the 6250 bpi tapes were "finicky"). Only recently did I get rid of about 100 pounds of punched cards.

about 6 months ago
top

Ask Slashdot: What Inspired You To Start Hacking?

Rene S. Hollan Re:I was born at the right time... (153 comments)

Actually, to be accurate, I got the Honours degree in 82 and followed it up with a Master of Computer Science degree in 84. Had just a video monitor and 300 BPS Hayes "Smartmodem" at home to connect to the university Cyber 7600 and later 835 mainframes.

about 6 months ago
top

Ask Slashdot: What Inspired You To Start Hacking?

Rene S. Hollan Re:I was born at the right time... (153 comments)

HP2000 timesharing computer system with remote access via teletype at 110bps and an accoustic model. I can still remember the smell of teletype ribbons and paper in the high school computer room.

Why? To be able to get the computer to compute stuff for me. Initial programs were to print trig/log tables so i wouldn't have to buy them. I was already a science geek, computing orbital parameters for fun, and adding logs was easier than multiplication.

I was 13 years old. It was 1974.

The next year the high school got a 300 bps DecWriter. OMG! That was "fast". We got a card reader and optical scan 40 column cards, so we could "program" outside of the computer room. At some point we got a 1200 bps portable thermal paper TI terminal.

By 1975 or 76, I was hacking on an Altair at a local business, writing accounting software for them in Basic.

My first computer that I actually owned was a 6809-based system running Flex around 1984. A PC clone came shortly after that. By this time I was well on my way toward an Honours Computer Science degree.

about 6 months ago
top

Ask Slashdot: Minimum Programming Competence In Order To Get a Job?

Rene S. Hollan H1Bs do not work "cheaper" (466 comments)

As a former H1-B holder, and current lawful permanent resident ("Green Card"), here long enough to become a citizen (> five years), H1-B DO NOT work cheaper.

At least, it is ILLEGAL to pay them less than 95% of the prevailing wage in the local area (as determined by the State Dept. of Labor). Furthermore, the employer has to bear the brunt of non-immigrant related legal paperwork and the cost of sending them home at the end of their visa. H1-Bs actually cost employers MORE than citizen workers.

While it is true that contracting firms and employers themselves will often lie regarding wages, this is criminal, and strongly opposed by legal H1-B workers as much as it is opposed by citizens.

about 6 months ago
top

One-a-Day-Compiles: Good Enough For Government Work In 1983

Rene S. Hollan Re:Dead-end bureaucracy (230 comments)

Of course, the vast majority of people doing programming in 1983 didn't do any of this. If you count everyone who was entering any code (from "Hello World" on up), the vast majority of programmers were working on 8-bit microcomputers that didn't require jumping through any such hoops. If you had a Commodore 64, you could get a basic test program working in less than a minute:

10 PRINT"HELLO WORLD"
20 GOTO 10
RUN

Then once you figured that out you could learn about variables, figure out how to write to the screen RAM, and eventually figure out sprites. And then once you figured out that interpreted BASIC at 1 MHz wasn't fast enough to do a decent arcade game, you'd move on to assembly. I'd wager a majority of the people programming today learned in an environment like this. Edsger Dijkstra and other academic computer scientists hated BASIC, which they thought taught bad habits and caused brain damage, but they were wrong. It was this kind of hacker culture that created the flourishing IT industry we have today, not the dead-end bureaucracy represented by Thatcherite Britain.

Quoting another post to get past the damn filter.

Then once you figured that out you could learn about variables, figure out how to write to the screen RAM, and eventually figure out sprites. And then once you figured out that interpreted BASIC at 1 MHz wasn't fast enough to do a decent arcade game, you'd move on to assembly. I'd wager a majority of the people programming today learned in an environment like this. Edsger Dijkstra and other academic computer scientists hated BASIC, which they thought taught bad habits and caused brain damage, but they were wrong. It was this kind of hacker culture that created the flourishing IT industry we have today, not the dead-end bureaucracy represented by Thatcherite Britain.

How to make the lineprinter rip the paper:

              PROGRAM FOO(INPUT, OUTPUT)
10 PRINT 20
20 FORMAT(133H+---- .... ----)
              GOTO 10
              STOP
              END

Stupid formatting doesn't work, but you get the idea.

about 7 months ago
top

One-a-Day-Compiles: Good Enough For Government Work In 1983

Rene S. Hollan Re:ah, those were the daze;-) (230 comments)

1979-1980. Punched cards. CDC 7600. If one was lucky one could get time on one of the Decwriters and work interactively. Getting paper before someone stole your seat was another story. Pair programming became popular for that reason.

about 7 months ago
top

I prefer my peppers ...

Rene S. Hollan Re:Sriracha (285 comments)

Subway's Sriracha is adulterated with mayo. Not exactly great for the diet. Idiots: they have mayo. If people wanted both, they could ASK for both. But, no.....

about 8 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

Actually, we'd push the CA on the enterprise desktops to make the "experience" identical to it not being there. because the product was advertised as "transparent" to traffic, for some marketting-speak definition of "transparent".

The bottom line is "do that which makes customers complain the least".

If enough employees complained that this interception and certificate resigning was unacceptable, or not disclosed clearly enough, things might change. They don't.

For my part, I was satisfied that the decrypted traffic would not leave the appliance. Of course, someone could later change things so this was possible, but one can't object to useful, legitimate functions, because another might expend non-trivial effort to twist them to nefarious ends.

about 8 months ago
top

Crowdsourcing Confirms: Websites Inaccessible on Comcast

Rene S. Hollan Biz AND Residential connections (349 comments)

Hmm. I have BOTH Comcast residential and business class service. I wonder if the reponses are different.

about 8 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

Really? Adding untrusted sites always struck me as trivial.

We supported PKI integration simply to avoid the manpower lost in constantly trusting such sites, or having to manually import certs.

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

Furthermore, the mechanism is in the product to NOT decrypt and reencrypt selected sensitive whitelisted sites. The purchaser of the appliance has complete control.

It also does not work for some web applications which HAVE to be whitelisted because they do not permit import of new trust credentials.

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

Pfft.

Your whole privacy argument fails in the legal context because the unencrypted data does not leave the appliance.

Trust me, my employer and their lawyers went over these issues with great care, and I raised many of the concerns you pointed out. The issue hinges on two points:
1) enencrypted data does not leave the box (except whent the box actually does SSL termination), and 2) non-modified browsers (such as BYOD equipment) would pop up a Certificate validation error.

At that point it becomes an HR education issue.

about 9 months ago
top

Apple Refuses To Unlock Bequeathed iPad

Rene S. Hollan Re:Why? (465 comments)

Perhaps, but anything not belonging to third parties DOES belong to the deceased and should be bequethed as directed.

Now, getting a court order in a case like this should be trivial: the order is quite specific, the motion to the court to make the order simple, and the evidence clear.

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

No, people do not lose their individuality at work, but they should have a resonable understanding of their use of corporate resources, and most HR departments issue employee handbooks that spell this out, including any monitoring of computing or network resources that may take place.

As for being "tricked", only a fool would consider equipment not their own to respect their privacy wishes without engaging in some due diligence: either establishing a VPN to trusted equipment, or carefully examining the trust anchors the equipment they use has installed.

A better complaint might be to question the use of such equipment in public access networks, with forged CA certs. Proper practice would have a captive portal explaining policy, and using a clearly non-standard resigning CA that had to be explicitly accepted. But still, it is ultimately the user's responsibility to establish due diligence with regard to network security.

There is nothing inherently nefarious about resigning SSL traffic. In fact, in the public access scenario it helps thwart drive-by virus attacks and other malware through secure web sessions, at the expense of end user privacy. Do what us "in the know" do: set up a VPN to trusted servers.

In any case, the problem only arises when using equipment administered by others wirh prior installation of the trusted resigning CA cert: your own equipment, lacking the cert would CLEARLY indicate signing by an untrusted source. That strikes me as an appropriate balance: you have no expectation of privacy using someone else's computer!

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

Wrong: behind our corporate router, it's our network. The users are in our employ. That's the reasoning.

And the notice is in the trusted certs installed on the client PCs.

End to end security was in place AS FAR AS THE CORPORATE ORGANIZATION IS CONCERNED. Security from the standpoint of the employee is a different issue that the employee has to take up with the employer.

Do you really think your corporate network traffic is secure from your employer? It's easy enough for you to check, you know.

about 9 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

Rene S. Hollan Re:Not MITM (572 comments)

HTTP Proxy, SMTP Proxy "encrypted traffic" features. (There was also an HTTPS proxy, but all it did was drop connections to destinations on a blacklist by domain name as specified by the certificate the remote server provided: it did not decrypt, reencrypt, and resign).

It properly IS a proxy since it proxies the traffic for you. Whether you consider that a MITM attack on encrypted traffic depends on whether you trust the proxy or not.

SSL does not prevent MITM attacks: it just makes MITM mangling of encrypted traffic discoverable. IF the "man" is "your man" (or your employer's man) then it presumably is not an attack.

Realize the target audience of vendors of procducts like these: IT managers who want to "protect" against malicious traffic, whether encrypted or not. Of course we can only do that as a MITM. But they way they see it, all network connections "inside" are "theirs", so our box is "their" man in the middle. Often they are clueless and just ask salesmen "Does it work with HTTPS and SMTP/STARTTLS and SMTP/SSL?" without knowing what that means, only that encrypted traffic is "difficult" to scan.

about 9 months ago

Submissions

top

FBI: U.S. Constitution supporters "Terrorists"

Rene S. Hollan Rene S. Hollan writes  |  more than 4 years ago

Rene S. Hollan (1943) writes "Also, the pamphlet alluded to is here: http://www.radioliberty.com/fbipam.htm

This was brought to my attention on a Facebook page.

To be fair, the offending phrase is "'defenders' of the U.S. Constitution against federal government and the UN" suggesting some form of perversion or extremism in said "defense". But it was Barry Goldwater who said, "Extremism in the defense of liberty is no vice; moderation in the pursuit of justice is no virtue" at the 1964 Republican Convention in a sentence attributed to his speech writer Karl Hess.

Coming from a federal organization sworn to uphold said Constitution, this is troubling."

Link to Original Source

Journals

Rene S. Hollan has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?