Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: Should You Invest In Documentation, Or UX?

BaronM Re: You're doing it wrong. (198 comments)

As an admin/IT manager, what I'd like to see is:

1. Meaningful, specific error/log messages when something goes wrong.
2. Accurate documentation of what those errors mean.

Most end-users won't read long or complicated documentation, business application in particular almost always require end-user training on how to use them --as implemented-- and --in accord with company practice/policy--, so generic docs are of limited value.

On the other hand, I sincerely miss the days when I could actually expect proper error codes and documentation thereof, and having that available would certainly influence a purchasing decision on my part.

about a week ago
top

The Biggest iPhone Security Risk Could Be Connecting One To a Computer

BaronM Re:Well insulated? That's debatable... (72 comments)

Once you intentionally circumvent the security of the 'walled garden', I don't think you get to complain about vulnerabilities anymore.

To go with the ever-popular car analogy:

If a guy with a screwdriver is able to start my unmodified car without the smart-key being present, that is a security flaw.

If I modify my car to bypass the 'smart-key is present' requirement to start it, I don't get to complain when my car is stolen by some guy with a screwdriver.

about a week ago
top

The IPv4 Internet Hiccups

BaronM Re:Stop doing CIDR! (247 comments)

OK, I've done BGP before, and I've never heard of anything smaller than a /24 being globally advertised -- most common router configurations won't even accept anything smaller.

That said, how is any network of any size supposed to protect itself again ISP outages other than multihoming? It clutters the routing table, but there is no other solution.

about a week ago
top

Study: Firmware Plagued By Poor Encryption and Backdoors

BaronM Re:Going to need MUCH better firewalls (141 comments)

Well, yes, that actually IS a better idea.

OTOH, if an IP-connected hot-water heater is the only kind on the market next time I need a new one, I'd prefer to have the 'securing it' worked out in advance, because I'm sure not going to do without.

about two weeks ago
top

Study: Firmware Plagued By Poor Encryption and Backdoors

BaronM Going to need MUCH better firewalls (141 comments)

I can't ever see secure firmware becoming the norm given the economics of consumer goods, so I think we're going to need much better firewalls than what we see in SOHO routers currently.

Port/address level control is spectacularly insufficient when everything runs on port 80, and nobody is going to spend time mapping out specific source/destination pairs for everything (The washer can talk to the dryer. The washer can talk to my smartphone. The dryer can talk to my smartphone...)

I'd like to see something like a home-PKCS standard where:
1. Any IOT device requires a client certificate supplied by the router
2. The router drops any traffic not signed by a recognized client certificate
3. The router's signing key must be kept on a seperate USB drive, and the WAN port is locked out if the USB drive is inserted.

To set up a new device on your home network you would:

1. Insert USB key into the router (WAN port shuts down)
2. Generate a new client certificate for the new device (push button "a")
3. Install the certificate on the new device (push button "b" on router and also on device within 60 seconds, enter PIN, something automated like that)
4. Remove USB key from router (WAN port comes back up)

The router will now pass signed traffic to/from your new device. Traffic not signed? No talking to IOT devices for you.

Yeah, key management sucks, but I bet it could be fairly easily automated for home use. It would take more thought and detail than I've outlined above, but should be doable. Unfortunately, that would require that everyone agree to follow the same standard for home-PKCS, and I can't see that happening either.

Plus cheap devices would have the crypto implemented badly, plus you wouldn't be able to turn on the microwave from your office, so on and so forth.

Never mind, I give up.

about two weeks ago
top

Larry Rosen: A Case Study In Understanding (and Enforcing) the GPL

BaronM Fault appears to lie with Versata (191 comments)

If I read correctly:

1. Versata produced software 'DCM' incorporating Ximpleware's GPLv2 licensed code.
2. Versata licensed DCM to Ameriprise, who then distributed copies to it's independent contractors.
3. Ximpleware's code is subject to patent claims in the USA, making distribution under GPLv2 impermissible, and Versata did not have a commercial license, making Versata's distribution of Ximpleware's code unlicensed (in the USA).
4. Ameriprise was not aware of (1) or (2) until discovery related to a lawsuit between Versata and Ameriprise.

If this is correct, I can see where Ximpleware has a copyright claim against Versata, but I don't see where Ximpleware has a copyright claim against Ameriprise for any distribution of DCM to it's contractors. Strictly speaking, I suppose Ameriprise did distribute copies of Ximpleware's code, but if they did so under good-faith belief that they had appropriately licensed DCM from Versata, I can not see it being reasonable to hold Ameriprise liable.

At the risk of a possible bad analogy, if Google included undocumented unlicensed code in Android, I would not consider it reasonable to hold each phone vendor liable for infringement, either.

about two weeks ago
top

Microsoft Surface Drowning?

BaronM Re:RT? Definitely not a Windows NT expoerience. (337 comments)

I've got an S2RT also, and I have to agree with you. For me, the worst part is that when it's working well, it's absolutely brilliant. I'd go so far as to say that 95% of the time, it's everything I hoped it would be, and the other 5% it leaves me jaw-droppingly stunned at how fundamentally broken it is.

My two favorite bits 'o broken:

1. The screen periodically gets stuck in landscape, and nothing but a reboot will unstick it.
2. Three times now Bitlocker (which can not be turned off) has decided that it has the wrong key and will not even accept a recovery key. Time to factory-reset.

Both pure software brokenness.

about two weeks ago
top

The ESports Athletes Who Tried To Switch Games

BaronM Re: eSports aren't like regular Sports (146 comments)

Have you ever tried to keep up with constitutes a "catch" in the NFL? Rules change all the time in pro sports, and players need to keep up. There may be good reasons why pro videogame players are locked to a particular game, but I doubt rule changes have much to do with it.

More likely, in my opinion, is that pro games excel at the game they first learned deeply enough to play "intuitively", and trying to switch is like trying to switch to another language. Do-able, sure, but requiring a long period of immersion to "speak like a native".

about two weeks ago
top

Yahoo To Add PGP Encryption For Email

BaronM Re:Where is the private key stored? (175 comments)

With any encryption scheme, key management is usually the biggest pain in the ass. No doubt, this is the biggest problem with implementing encryption for webmail.

Keeping my private key on a USB drive on my keychain could ALMOST work, in that on any desktop or laptop I could insert it to get to the key. For mobile, I think Yahoo will need to release a mail app that supports an easy & secure way to load your key.

Also - keying a passphrase on a moble device to open/sign/encrypt email will suck big time. This could be a great use for a fingerprint sensor on phones.

about two weeks ago
top

Man-Made "Dead Zone" In Gulf of Mexico the Size of Connecticut

BaronM Re: So? (184 comments)

As neither a farmer nor a marine biologist, I should probably shut up, but hey, this is Slashdot!

I have to wonder how much use of synthetic fertilizer could be reduced by systematic crop rotation between corn and legumes to fix nitrogen naturally rather than dumping on the land? I suppose the price would probably be yields down/food prices up, but food is historically cheap at the moment.

about two weeks ago
top

Ask Slashdot: Datacenter HDD Wipe Policy?

BaronM Physical destruction (116 comments)

I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

about two weeks ago
top

T-Mobile Smartphones Outlast Competitors' Identical Models

BaronM Test with unlocked phone? (127 comments)

It would be interesting to know if an unlocked AT&T phone moved to T-mobile's network suddenly lasts longer.

about two weeks ago
top

Ask Slashdot: What To Do About the Sorry State of FOSS Documentation?

BaronM Re:Wow, this is hard. (430 comments)

Here's the thing: quality technical writing DOES require specialized skills. It also requires close collaboration with and cooperation from the dev team.

Having worked with a professional tech writer in the past, the process works something like this:

1. Dev team writes the software to meet the business requirements, keeping notes about which requirements are met completely, partial solutions, known bugs, etc.
2. Tech writer meets with dev team on a regular basis, developing draft documentation from dev team notes and business requirements following appropriate style guidelines.
3. At some point, a release is declared. Tech writer completes draft documentation draft for work completed for that release.
4. Dev team and tech writer reviews draft documentation together for completeness and correctness.
5. QA team implements the software in the QA environment PER THE DOCUMENTATION. -- this is the key part. If the documentation is insufficient to implement the software and/or the software does not work as documented, it is a bug.
6. Bug reports are filed against both the software and the documentation as necessary.
7. Release is ready when the software is acceptably debugged and works as documented.

Of course, this hardly ever happens anymore whether software is FOSS, commercial, or in-house, but I have see the process happen, and it is a beautiful thing when it does.

about two weeks ago
top

Supreme Court Upholds Most EPA Rules On Greenhouse Gases

BaronM Headline is backwards (109 comments)

What the Supreme Court actually did was to disallow direct regulation of CO2 unless the EPA actually wants to attempt to regulate ALL producers of >250 tons annually, which is impractical.

What the EPA intended to do was to regulate producers of >100,000 tons annually, with the possibility of reducing that threshold over time as we get handle on the issue.

What the Supreme Court did leave intact is the ability to regulate CO2 production by producers who are already regulated for other reasons 'anyway'.

That does happen to match up fairly well with what the EPA intended to do originally, but does not allow the flexibility to regulate CO2 producers who do not produce large amounts of other pollution.

about 2 months ago
top

Microsoft Fixing Windows 8 Flaws, But Leaving Them In Windows 7

BaronM Re:Dear Microsoft.... (218 comments)

I wouldn't go so far as "useless", but I'd say powershell would be a lot more useful if I could count on having the AD and Exchange cmdlets available. As it is, many of my admin scripts are tied to my workstation due to dependencies.

Or, the answer is I'm an idiot who doesn't know the right way to package and distribute powershell scripts.

about 2 months ago
top

Sparse's Story Illustrates the Potholes Faced By Hardware Start-Ups

BaronM Fixed battery?! USB charger?! (103 comments)

I was thinking "looks good", until I saw that this setup uses a dual-headed USB charger that sure looks designed for indoor use only. I'm fine with a fixed battery in my cell phone, tablet, and even laptop, but my bike a) lives outdoors and b) need to accept a spare battery because working lights can be a life-or-death matter.

Nice design, but seriously deficient function.

about 2 months ago
top

Terran Computational Calendar Introduces Minimonths, Year Bases, and Datemods

BaronM Backup rotation (209 comments)

That is remarkably similar to what I used to use for a backup tape rotation once upon a time:

27 daily tapes labeled d1-d27
13 'monthly' tapes labeled m1-m13
1 year-end tape labeled appropriately

It was easy to manage since there was never any question which tape was 'next' or safe to reuse. Robotic tape libraries, software with better tape management, and eventually disk-to-disk backup make it obsolete, but I always did think that a 28x13+1(or2) calendar would be much more sensible than what we have now.

Not that I was ever silly enough to think that the world would adopt just because it makes more sense :)

about 3 months ago
top

'Curiosity' Lead Engineer Suggests Printing Humans On Other Planets

BaronM Re:Out of his discipline (323 comments)

Capable? We're capable of it now (for values of 'now' == 'using a current level of technology').

Doing it requires some heavy lifting in a few senses:

1. We would need to accept that the first group or groups out are most likely going to die, and that we're going to accept that as part of the learning curve. That sucks, but I wouldn't expect to have any problems finding volunteers regardless.
2. Those volunteers would need to accept that those who survive will probably live short lives in miserable conditions working hard to build infrastructure that followers-on will benefit from.
3. We would need to accept that doing this means dedicating somewhere between 1x and 2x the size of the annual US annual pet food & supplies budget ($35 billion) every year for the next decade or so (http://www.americanpetproducts.org/press_industrytrends.asp).
4. We would need to provide some incentive for the volunteers beyond adventure and fame. Land grants on Mars, perhaps?

Obviously way oversimplified, but once you take away the need to make it a safe round trip, the project gets much easier. I could be wrong; there may not be enough volunteers ready to risk their lives for a chance to colonize Mars, but I'd bet there are.

What's holding us back isn't technology, it's a lack of societal will to devote the relatively modest resources needed to try.

about 3 months ago
top

'Curiosity' Lead Engineer Suggests Printing Humans On Other Planets

BaronM Re:Out of his discipline (323 comments)

Meanwhile, Elon Musk is going to go ahead and do it anyway: http://www.wired.com/2012/11/e...

I wouldn't bet my life on his succeeding, but I wouldn't bet it on his failing, either.

about 3 months ago

Submissions

top

SCO does not own UNIX copyrights, owes Novell $$

BaronM BaronM writes  |  about 7 years ago

BaronM (122102) writes "From Ars Technica:

SCO does not and never did own the copyrights to UNIX. They have no case, never had a case, and by the way, own Novell 95% of the licensing revenue they collected from Sun and Microsoft for SysV licenses."
top

BaronM BaronM writes  |  more than 7 years ago

BaronM (122102) writes "What else is there to say? Apparently, Sun has decided to celebrate it's 25th Anniversary by cutting prices on a selection of fun gear. In particular, the T2000 can be had for a price that mere mortals can afford, and who doesn't want to play with an 8-core, 32-hardware-thread system? (If that really doesn't interest you, don't embarass yourself by saying so.)"

Journals

BaronM has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>