Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



40% Of People On Terror Watch List Have No Terrorist Ties

The_Other_Kelly Re:Preparations for the Endgame (256 comments)

Thank you.

All we ever hear, is the "party line" regarding these issues.
I needed to know that it is not over.


about 6 months ago

40% Of People On Terror Watch List Have No Terrorist Ties

The_Other_Kelly Preparations for the Endgame (256 comments)

I am curious.

Do people in America really support this?

Are you aware of the path you are on?

Are you really ignorant of where this leads to?

Are you all in agreement?

about 6 months ago

IPMI Protocol Vulnerabilities Have Long Shelf Life

The_Other_Kelly Re:You're doing it wrong. (62 comments)

Then you have never worked for a modern commercial, technical company!

+ *All* benefits go to management, so their incentive is low cost, rapid delivery.
+ Any and all negatives, are laid on the heads of the technical staff, so again
      the incentive for management is low cost, rapid delivery.
+ While the technical staff, sometimes, have a different opinion, by definition
      nobody cares, since they are "non management". Monkeys make noise? They get the hose.

If by a miracle, the techs manage to actually do competent "Design, construct, test, ship" loops,
then they will be head-count reduced, since there is "fat" there. Wash, repeat.

The reality is that a trained chimp with Google, and either Office or some open source components
and 2 weeks worth of web-design, can duct tape together a minimal version that can fulfill at
least *some* of the customer's requirements. Even if only the color!

Obviously it will be crud, with low performance, no security and completely unmaintainable.

But this becomes the baseline cost!

What are customers willing to pay, over that cost, for the additional quality?
Guess what! NOTHING.

To pay the bonii, investors and the marketing costs, what are most modern tech companies willing
to pay, as a premium, for their employees, to exceed that baseline?
Guess again. Little or nothing.

This is not 1985. Software guys should be aware that electricians, plumbers and car mechanics have
better prospects, more pay and get paid overtime.

The only thing worse, is QA.

about 8 months ago

Measles Virus Puts Woman's Cancer Into Remission

The_Other_Kelly I Am Legend? (74 comments)

I know what happens now ... Vampires, end of world, bad acting, dead dogs and lots of dodgy special effect monsters.

And Emma Thompson. So not all bad ...

about 9 months ago

Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge

The_Other_Kelly Re:Works as Designed (798 comments)

Ah! But the Jocks uphold the system!

Those who support, always get special treatment, the only sin being to challenge established "Truths".

So, if the Jocks beat on the weak, the marginal, the dissenters, then they will be either ignored
or discretely applauded and supported.

And by Jocks, I mean Police, LEO, Spooks, and the various pillars of society.

I really wish that I was wrong.
I wish that things were not, what they have become.

about 10 months ago

Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge

The_Other_Kelly Works as Designed (798 comments)


Were you not listening, reading or watching for the past decade?

What did you not understand?
This. Is. Corporatism! (Not Sparta! 8-))

An under-educated class, born to be in debt, endlessly conditioned to obey, bred under pain of punishment, to Serve.

In this model, Authority is there to Rule, not to Adjudicate, so any attempt, no matter how trivial, to resist, to dissent, or,
as in this case, to provide any alternative to the Authority defined and controlled processes, will *always* be harshly punished.
As subversive.

Appeals for protection justify further exploitation, since the weak deserve to be hurt, and the system serves only the strong.
Might is Right, and don't bleed on the floor.

The only element missing is religion: "If Jaysus loved you, you wouldn't be picked on".

This school has a board.
This municipality has elected officials.
The Majority of the people in this area voted for this.
Your neighbours, colleagues and fellow-parents?
They want this.

This is what modern Western society has become.

about 10 months ago

Lies Programmers Tell Themselves

The_Other_Kelly The Greatest Lie? (452 comments)

I am a respected employee and colleague, and by collaborating we will build
interesting products, to be proud of. By working hard and learning more, I
will be promoted and paid more. Ultimately, I will reach retirement age and
spend an enjoyable time with my family, in retirement, perhaps even as
a non-executive director, until I die, of old age, surrounded by my loving
family, in my own bed.

As. If.

Have fun with that ...

about a year ago

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

The_Other_Kelly Re:Yes they did. (572 comments)

Mobilkom Austria?

about a year ago

Target's Internal Security Team Warned Management

The_Other_Kelly Looked for, found, reported, was fired. (236 comments)

I was the responsible IT manager, over all devs. admins, ops and security.

Reviewed all contracts and implementations, upon taking over the job.

Discovered some seriously, bad stuff.

Developed plan to *quietly*, discretely, repair over short time period.
"Rebury the bodies"

Turned out the responsible party was the CEO's favorite, "baby shark".

Got cardboard boxed. Out day after board presentation.

So it goes.

Interesting point:

All of those devs, techs and security people who moan about the lack of management support?
How many of you have ever supported or somehow defended *any* manager who tried to help you, to do the right thing?

Speaking personally, I would guess ... None of you. "Not my problem" attitude, up and down.

Maybe you have all been luckier.

about a year ago

Irish Politician Calls For Crackdown On Open Source Internet Browsers

The_Other_Kelly Re:Thanks (335 comments)

Thank you! Seriously! I was so upset about the stupidity of this, that I overlooked the perfect word to describe them!


1 year,18 days

Irish Politician Calls For Crackdown On Open Source Internet Browsers

The_Other_Kelly What more can one expect from total Assholes? (335 comments)

Just when you think that you have grown beyond caring, theses guys manage to poke beneath the shield and hit the "AAAAAARRRGGGHH" button !!
I am sorry for taking this seriously, but after the Bank Bailouts, the corruption, the incompetency, the cover-ups and the sheer fuck-wittery of the past
years, they attack OPEN SOURCE BROWSERS !!

What more can one expect from politicians that:
- kowtow-ed to the EU on the Maastricht Treaty re-Vote, (It puts the lotion in the basket, and votes again and again until the answer is YES)
- sold 3 generations of their own people out, in the form of a bank bailout for *private* non-system critical banks,
- have no concept of Justice whether social, civil or criminal
- have no concept of public probity, of duty or what to be a servant of the people actually means
- assume in blind arrogance that their own short-sighted, small-town, bigoted, religion-ridden, never questioned views are "NORMALITY"
    and those of everyone else, are simply illegal.

In short. Olympic level Assholes.

Winking and smiling and smirking, crapping out their "hokesy/folksy" catchphrases, with constant shit eating grins.

Concepts such as free speech, right to privacy, equal treatment before the law, due process,
womens' rights (especially reproductive rights), ... are considered amusing or just dismissed,
out of hand, by these troglodytes.

For example, the implicit assumption that *all pornography* is simply illegal!

The US and Britain have blanket surveilled every Irish citizen for generations, and this cringing *lackey*
assumes that *law enforcement* was the purpose.

Call me harsh, but I interpret the failure of elected representatives to protect .the rights of their citizens,
in the face of blatant intrusions, as more than incompetence, more than failure.
It is treachery.

Following the usual, endless cycle, whenever social unrest threatens, the Haves in Ireland,
push the Have-nots to emigrate. Since, conveniently, the non-resident cannot vote, there
was, is and will never be any pressure on the ruling elite to change any of their policies ... the opposition is simply disenfranchised.

And nothing changes.

I dream of another Ireland.
A country where an informed electorate hold their elected leaders to account, demand the
definition and enforcement of just laws which protect individual and public rights.
A truly Free Ireland.

Until then, I apologise to the world that we are represented by these fools and that
you have to listen to their blather.

1 year,18 days

The Changing Face of Software Development

The_Other_Kelly Re:Age Discrimination? (173 comments)


I really thought the same thing, but found out that
life doesn't always turn out how you think.

I excelled and prospered, for 20 years. From dev to Senior,
to team lead, Architect, Dept lead, division leader and CTO.
Including sw dev, it ops and heavy, heavy doses of security.

And then ... 40.

And it is really like your life-gem has expired.

"You're really great, but we just don't hire anybody over 40,
  and certainly no techs over 35 ...".

There is not even anyone to argue with, just flat rejection.

So I wish you luck with your career. Hope it works out for you.

about a year ago

Former NSA Honcho Calls Corporate IT Security "Appalling"

The_Other_Kelly Re:Maybe, but . . . (174 comments)

You should treasure the fact that you work in an org. where people care enough to even try!
If you are smart, cynical and cunning, (strongly recommended for security professionals!),
you can channel this into a benefit for you, your group and the whole company.

If you "Deputize" the eager-beavers, then it gives you a lot more eyes and ears.
Yes, sadly, you will have the annoying "I Just Read ...." know-it-alls, but even if
the involvement is in reality, an illusion, you still get more back than you invest.

With, of course, the concept of responsibility, focus, and "handover" ...

"Thank you for bringing this to our attention, you are, indeed, so-cool,
and now we can take it further, leaving you to get on with the things the
company actually pays you for ..."

The best example I've ever seen of this, is the Starling speech to the
troopers in the Silence of the Lambs.

A small barrier to entry, to keep out the assholes, is also advised.
A monthly, unpaid, evening meeting for the "security" associates,
with some feedback, news, updates and a doughnut, keeps things
running well.

In the end, as Corporate Security, you can either act like an occupying army,
or a police force that operates with the support of your users.
Treat your users like shit, and they will notice, and they will not have your back.

Of course, this is no guarantee that if you treat them well, they won't
stab you in the back anyway, but ... as a security person, you already know
that you will get to see the worst that people have to offer, ... anyway.

The really cynical would point out that if you really were, an occupying army,
then you should be smart enough to build up your "cadre" of supporters,
without visible points-of-protest, and for "counter-intel" usage ...

about a year ago

Former NSA Honcho Calls Corporate IT Security "Appalling"

The_Other_Kelly Re:No Shit, Sherlock (174 comments)

Actually Man-in-the-Middle transparent proxies, which intercept
and monitor SSL/TLS traffic, are now standard in most corps.
You don't get a browser alert since the corporate "fake" CA
is pre-installed as trusted in your browsers by the corp's IT.

So, yes, basically ... there *is* no encryption and they look
at everything.

Oh! And using Cisco "policy based routing", or WCCP2 or
other networking mojo, you cannot decide to skip the proxy,
from your client.

And ... using Deep Packet Inspection, the protocol will not
just be matched versus the destination port, so your genius
attempts to ssh to your external server running on tcp/443,
will not only be blocked, you will be flagged and tagged.

Solution? Just use your own equipment with either built
in 3/4G connections, or just tether across your personal

Caesar and Rome ...

about a year ago

The Changing Face of Software Development

The_Other_Kelly Age Discrimination? (173 comments)


So, since 2010 the percentage of developers 40+ is shrinking?
And worldwide converging on 35?

Which means, unless there is a "Carrousel" scenario, that
developers are both being fired, then not rehired, after 35 years old.

Which agrees with what I have been seeing for the past 2 years.

Is it clear to software people that they have a 10 to 15 year "shelf-life",
with the associated limited earning potential?

about a year ago

Bone-Eating Worms Found In Antarctic Waters

The_Other_Kelly Re:Aha! (38 comments)

I thought the experiment goal was: To see, into how many tins, they can fit a whale ...

about a year and a half ago

Judge Rules In Favor of Volkswagen and Silences Scientist

The_Other_Kelly Re:No good deed goes unpunished (254 comments)

Ahh! Fun followup!

VW *have* an encrypted 1024-bit ECU solution in place,
but this looks aimed at the chipper/modders.

We all look forward to reading the details when the academics
publish or, should it leak ...

about a year and a half ago

Judge Rules In Favor of Volkswagen and Silences Scientist

The_Other_Kelly No good deed goes unpunished (254 comments)

This is getting old, since how many times has this been repeated in the past years?

If you notify, so that good companies can analyse, patch and protect customers,
then you risk that "bad" companies will play "sly" and just sue you to stop the
information, rather than fix the problem. Or even better, fit you up for an attempted
extortion defense or shift the blame onto the reporter, using spin.

Most modern companies deny the existence of *any* responsibility to their customers,
employees or communities (natural, governmental or academic).

So why the expectation of different behaviour when it comes to security?

Actually, these issues are pretty useful when it comes to deciding on which
products to purchase, since you get to see the real ugly shapes behind the PR

VW have pioneered the use of reduced, only 2-year warranties, at least in Europe,
without lowering the price of their cars. Support is not a priority factor for them.
Security has obviously been a low priority issue that they have decided *not* to
"waste" money on.

If, the issue is really as reported, that given access (either physical or via some wifi "probe"),
to the controller unit (CAN?) for the ECUs, since VW did not add encryption, authentication
or serious security, an intruder can control a lot of things in the car, even while it is
in motion.

Which means that VW would:
1. Need not only updated software to fix the controller, they would probably need some
        hardened hardware, probably including some TPM/tamperproof elements.
2. Need new supplier handling, development, testing, support and dealer support mechanisms.
3. Have to build a "PKI"-type infrastructure for their dealers, including identification/registration
        key distribution and other key handling nightmares.
4. To avoid the potential liability issues, they might also need some addtional components to
        provide "black box" audit mechanisms, similar to flight recorders. Again with crypto,
        tamper-proofing and crash resistance.

Which is all EXPENSIVE. And OBVIOUS. And offers dealer chain lockin and other
non-competitive medium+ term advantages.

So, apparently faced with an entirely foreseeable issue, VW chose the cheap option, and
now it has blown up in their faces. So they have to fix this, then do it right anyway.

And depressingly predictable, what was the response?
Did they play the quality card, roll with it and try to convert it into a "branding"
op, while actually addressing the issue?

They sent in the lawyers.
Stifle discussion, threaten academics and try to kick the problem away under the table.
I would also bet that they are right now lobbying for new "responsible reporting" laws,
at German and EU levels.

Schein nicht sein.

Well, I won't be buying a VW, Audi, Skoda, Seat anytime soon.

To generalise, unless a company has contracted you to analyse and report on their products,
then what obligation or benefit do you have to report anything to them?
If you contact them to report an issue, companies have try to frame you for extortion in order
to suppress the security vulnerability. "No comment on judicial process" ...

Publish and be damned, though the Heavens Fall.

about a year and a half ago



Iain Banks: Extremely ill with Cancer

The_Other_Kelly The_Other_Kelly writes  |  about 2 years ago

The_Other_Kelly (44440) writes "News that will shock and sadden the many fans of Iain (M.) Banks.

He is suffering from gall bladder cancer, and things do not look good.
See http://friends.banksophilia.com/ for details.

His books, both normal and science fiction, are world view
warping Excessions, and my heart goes out to him and his.
I am shocked and saddened.

Thank you, Iain."

Link to Original Source




The_Other_Kelly The_Other_Kelly writes  |  more than 12 years ago

Thoughts from Today:
- STD STL versus STLPORT 4.0 ???
- map Can't put refs as key/data type.
- The size of error msgs using STL !!! HUGE !!
- 3rd Generation (ick) content platform ???

Slashdot Login

Need an Account?

Forgot your password?