×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

AdNauseam Browser Extension Quietly Clicks On Blocked Ads

DERoss Firefox Only (285 comments)

The extension will not install in SeaMonkey even though its core modules are the same as those used by Firefox.

about two weeks ago
top

FBI Seizes Los Angeles Schools' iPad Documents

DERoss A Plan without a Plan (229 comments)

The iPads were distributed without any planning about accountability. No one knew who would be responsible if an iPad were lost. (Without a parent's approval, the minor student could not be held legally responsible.) No one knew who paid for repairs. No one knew what was to happen to the iPad when the student moved to a different school district. No one even knew how the iPads would be used within the curricula.

For 8 years, I was an elected school board member in a quite small but high-performing school district. At the closest, we are about 1 mile from the Los Angeles Unified School District. Ours is a rather affluent community. We do not give our students personal electronics. We make PCs available in our high school library, which also serves as a public library where adults can also use PCs.

about three weeks ago
top

Ask Slashdot: Getting Around Terrible Geolocation?

DERoss Broken Geolocation Is Good (100 comments)

I use a browser extension called Secret Agent from https://www.dephormation.org.u.... This works with Gecko-based browsers (e.g., Firefox, SeaMonkey) on Windows, Mac, and Linux systems. It sends fake HTTP headers to confuse Web servers that are trying to track my browsing activities. This causes many geolocation routines to give wrong results. I have Secret Agent set to change its faked headers on every HTTP request sent from my browser.

While composing this comment, I tested a few sites. One had me on the coast of Argentina and then (same Web site) in eastern Michigan. GeoIP thinks I am in Indonesia. Although I am indeed in southern California, JustMyIP thinks I am two counties further south. Appspot thinks I am in Palo Alto, about 350 miles north of my home. IP Address Geolocation was the closest, thinking I am in Los Angeles. I am about a five-minute walk from the Los Angeles County line but about 8 miles from the Los Angeles City limits.

Between Secret Agent and setting my cookies file to "read only", I have some limited protection from tracking.

about a month ago
top

Carmakers Promise Not To Abuse Drivers' Privacy

DERoss This Primise Is Already False (98 comments)

Franchised car dealers already violate this promise; and many (most?, all?) independent service garages and body shops do, too. If you take your car to a dealer for servicing, your mileage is reported to CarFax, which then reports your mileage to your car insurance. If you have an accident and do not report it to your insurance, the accident is reported by the body shop that does the repairs. CarFax pays the dealers, garages, and shops for these data; and insurance companies pay CarFax.

What is worse is that erroneous data are difficult to correct. In advance of an insurance policy renewal, I received an E-mail message asking me to use the insurance company's Web site to report my mileage. When I reported 25,065 miles, the entry was rejected with a message indicating I could not report an odometer reading less than the prior reading. On the Web site, there was a link to view the mileage history for my car. The immediately prior entry was for 241,080 miles, reported by CarFax on the date of the last routine servicing of my car. I checked the invoice for that servicing; it indicated 24,108 miles. A zero had been added to the end of the mileage, either by the dealer's service department or by CarFax! Working with both the service manager at the dealer and the local agent for the automobile insurance company, it took several phone calls over a month to obtain a correction.

  See http://www.carfax.com/, which will charge you for a report on a specific car. See also http://www.mycarfax.com/, from which you can get a free report.

about a month ago
top

The Fight Over the EFF's Secure Messaging Scoreboard

DERoss OpenPGP (63 comments)

The scorecard gives negative marks for both PGP for Mac and PGP for Windows, for both "Are past comms secure if your keys are stolen?" and "Has the code been audited?" Both negative marks are quite wrong!!

Using the OpenPGP definition, decryption requires both a private key and a passphrase. If the private key is compromised but the passphrase remains safe, a file or message encrypted via OpenPGP cannot be decrypted. This depends, of course, on a lengthy passphrase that exists only in the user's head. My passphrase is over 20 characters long and contains upper-case and lower-case letters, spaces, and punctuation.

Older versions of PGP (a commercial implementation of OpenPGP) have indeed been audited. The source codes were made public. They were thoroughly examined by outsiders. And they were compiled and compared with the distributed binary code. I do not know if this is true of the latest versions, but the older versions contained no security vulnerabilities and still work quite well.

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss Re:Get rid of time changes and time zones! (613 comments)

When everybody's carrying around a smart phone -- effectively, a computer with a GPS -- then it should be easy to calculate the actual local time, solar time, any place on Earth.

Everybody is NOT carrying around a smart phone. My wife has a dumb phone that satisfies her needs. I do not even have a dumb phone because I enjoy getting away from the phone.

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss Re:Everyone should just use GMT (613 comments)

GMT was rendered obsolete in 1972. The current international standard is UTC (Universal Time Coordinated).

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss Re:Nuke it from High Orbit (613 comments)

Changing clocks twice a year is nuts, nuke this insanity from high orbit.

What "twice a year"? When SoCalEd fails -- several times a year unrelated to weather -- I have to reset 7 clocks and check 3 more to make sure their battery backups kept them current.

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss Re:I'd like to flip it bigtime (613 comments)

I work in an office all day and I don't care if it's light or dark outside while I'm at the office. Already today it's sunrise at 8AM and sunset at 4PM.

Where I live, sunset today (after resetting 18 timing devices in my home) will be at 6:01pm.

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss Re:Against changing clocks twice a year (613 comments)

How then do you deal with the occasional leap-second, in which the last minute of a calendar quarter has 61 seconds?

about a month and a half ago
top

Ask Slashdot: Where Do You Stand on Daylight Saving Time?

DERoss 18 "clocks" (613 comments)

Counting not only obvious clocks but also the timers on our thermostat, garden irrigation system, blood glucose meter (I have type 2 diabetes), TV and DVD/VCR (which have separate "clocks"), the gas and microwave ovens, and controller for lights on front walkway, I had to reset 18 timing devices this morning.

But this is not merely a twice-a-year effort. Failing to do proper preventative maintenance on its system, Southern California Edison can have an electrical outage at any time of the year; weather is rarely a factor. Every time there is an outage, I have to reset 7 devices and check three more to make sure their internal battery backups did not fail. Then there is the tall-case clock (also known as a grandfather's clock); if I forget to wind it before it runs down, I must then reset it. And there are two battery-driven clocks that occasionally need new batteries.

about a month and a half ago
top

Ask Slashdot: An Accurate Broadband Speed Test?

DERoss Speed Test Problems (294 comments)

Most speed-test Web sites fail to tell the user where the the server at the other end is located or who owns it. For that reason, I generally use Speedtest.net or DSLReports, both of which allow me to select a distant server. Speedtest.net has a really large set of responding servers all over the world. DSLReports has a very limited set of servers for its Flash-based test but seems to match Speedtest.net for its Java-based test.

I have a browser extension that obfuscates my browser's outgoing HTTP headers and thus confounds many geolocation algorithms. Both Speedtest.net and DSLReports generally think I am someplace other than where I really am, in some cases on a different continent. I am not sure what is being tested in this situation, so I generally disable the extension.

about 2 months ago
top

Ask Slashdot: What Do You Wish You'd Known Starting Out As a Programmer?

DERoss Learn to Recognize Abusive Employers and Jump Away (548 comments)

I went to work for System Development Corporation (SDC) in 1969. SDC was actually the company that established computer programming as being distinct from building computers; before then, the only people programming were the engineers who built the computers. SDC was a good company with good pay and good benefits. Then, SDC sold itself to the Burroughs Corporation, which succeeded in a hostile takeover of Sperry Univac and became Unisys.

At Unisys, we found ourselves in an environment that treated highly experienced technicians and professionals as if we were assembly line workers. Unisys even imposed work rules on us salaried employees that are actually legal only for hourly wage-earners. I should have recognized the abuse sooner than I did and "jumped ship". I could have timed a change for when shortage of software experts made job jumping very profitable. Instead I stuck it out until mass layoffs were very near.

When Burroughs and Sperry Univac merged, the resulting Unisys had more than 120,000 employees. Today, Unisys has less than 25,000.

I must disagree with the replies that indicate programming is poorly paid. I earned sufficient pay that I was able to retire very comfortably before I was 62.

I would suggest that programmers learn how to test rigorously the software they create. This requires that they also write software specifications that are testable, after which they should learn to write formal test procedures. They can then advance into becoming requirements analysts and software test engineers (except in states where "engineer" is a career that requires a license). There are too few analysts and testers, who are often paid much more than programmers. Large computer-based projects are failing because of a lack of clear, objective, and testable specifications. Attempts to put those projects into actual use are disastrous because of a lack of testing.

For some details about my career, see http://www.rossde.com/retired.....

about 3 months ago
top

Ask Slashdot: What Do You Wish You'd Known Starting Out As a Programmer?

DERoss Re:I wish you'd know basic English... (548 comments)

Given that snydeq wrote the opposite of what we think he meant, he might not understand your (Anonymous Coward's) correction. After all illiteracy often includes an inability to understand what is written and not merely an inability to express one's self in writing.

snydeq wrote: "I simply loved to code and could have cared less about my 'career' ..." That means snydeq cared more than he could have cared. If he instead wrote: "I simply loved to code and could not have cared less about my 'career' ...", that would mean he did not care at all.

about 3 months ago
top

How many devices are connected to your home Wi-Fi?

DERoss Re:None (260 comments)

I paid someone to go into my cramped upper attic (during a hot summer day) and run a cable from my wife's PC to our router, which is located in our lower attic on the other side of the wall from my own PC. He then ran a cable from the TV cable to our modem. This latter involved removing several cable splices in favor of just 1 or 2 in order to improve the quality of the signal.

Although I had subscribed to Time Warner Cable for Internet service, the system did not work. TWC had to come to my house and lay a new underground cable from their own junction box at the street to my junction box on my house. The existing TWC cable (more than 35 years old at that time) just did not have the capacity to handle a broadband Internet connection. During that, I noticed that the old cable had merely been laid in a trench in the ground without any conduit; a conduit would have made the task so much more easy. Unfortunately, the new cable was also placed without any conduit. I got credit on my TWC bill for the time between subscribing and getting the new cable.

Although the router has WiFi capability, I disabled that.

about 3 months ago
top

51% of Computer Users Share Passwords

DERoss Re:I definitely share password with family (117 comments)

Problem #1 is NOT a problem in California. A safe deposit box at a bank is not sealed when one of the owners dies. Those who are on the signature card to open a safe deposit box retain full access after one of them dies.

In my case, the box is part of a bank account that is owned by a living trust that is part of my wife's and my estate plan. For continuity, our trust requires that there always be two trustees; and our heirs are excluded from being trustees to prevent conflict among them. Nevertheless, our son was on the signature card for the safe deposit box; the bank allows existing signers to add anyone to the card. When he died, the bank required a new signature card without his name on it. We then added our daughter to the card. If either my wife or I die, the trustee-in-waiting named in the trust document becomes the second trustee. She will then be added to the signature card. In the meantime, the bank does not block any access to the box by anyone on the current signature card when one of them dies.

For problem #2, I do not disclose at which bank -- let alone at which bank branch -- our safe deposit box is located. I definitely do not disclose the box number. If a court order was issued to access the box, it would have to be served on me for me to locate the box. At that point, I would have the opportunity to go back to court to challenge the order. Anyway, there is nothing on our box that represents criminal activity. A civil lawsuit that would require the other party to access my box might involve an improper "fishing expedition" since the other party would not have any prior knowledge of the box's contents.

about 4 months ago
top

51% of Computer Users Share Passwords

DERoss Re:I definitely share password with family (117 comments)

I did the same. My Web user IDs and passwords are in an envelope in my bank's safe deposit box as well as in a strongly encrypted file on my PC. The encryption key exists only in my head and in that envelope.

But for some non-Internet files (e.g., complete PC backups, tax returns from prior years), the files are encrypted via PGP. Decrypting them requires a passphrase (longer than a password, with embedded blanks and punctuation); some require my PGP private key. The envelope in the safe deposit box contains the passphrase on paper and the private key on a floppy, on a CD, and on paper. Otherwise, the passphrase exists only in my head. (My PGP public key is indeed public and is found on a number of key servers around the world.)

When my wife's cousin died, his widow could not access anything on his PC. I hope my wife does not have that problem.

about 4 months ago
top

Slashdot Asks: Should Schooling Be Year-Round?

DERoss A Different Approach (421 comments)

I was an elected school board member in the 1980s. During that time, I would attend the annual California School Boards Association conferences.

One year, I heard an interesting presentation on a form of year-round schooling. The presenter described a calendar in which regular classes would meet for 9 weeks followed by a 3-week break, making a four-quarter school year. The 3-week break would not be a break for all students. He pointed out that 9 months of failure could not be corrected in only 6 weeks of summer school, a ratio of 6.5 to 1. Instead, students not meeting expected academic performance would have to attend remedial classes during the 3-week break, a ratio of 3 to 1.

It was already a noticeable problem in our schools that students would sometime miss classes because their parents took them on a skiing trip in the winter, to visit family in the spring, or to see fall color. As a member of the 2005-2006 County Grand Jury, I learned that this problem had grown worse county-wide in the 15 years after I left the school board. This radical calendar would provide 3 weeks off for those trips for students who were performing well in class.

This calendar would also provide an extra 2 weeks around Christmas and New Year, when even remedial students and their teachers would be off. It would provide for all the holidays the state Legislature mandates on public schools. Yet it would still involve the full 182 days of instruction annually that the Legislature also mandates. By shifting teacher in-service days to the 3-week breaks, students would actually be learning during all 182 days.

Of course, there would be increased costs for the remedial instruction and for the in-service days. That likely dooms this concept since too many members of the state Legislature think cutting taxes is the most important thing they can do, more important than educating our children, repairing our roads, assuring a supply of water, or anything else.

about 4 months ago
top

How long ago did you last assemble a computer?

DERoss Never (391 comments)

Q: How many software engineers does it take to change a lightbulb?
A: None. That's a hardware problem.

I was a SOFTWARE test engineer for 30+ years and a programmer before that (starting in the early 1960s). I understand what many of the hardware components do, but that is the limit of my knowledge.

about 5 months ago
top

35% of American Adults Have Debt 'In Collections'

DERoss Debts of a Dead Person Sent to Collection (570 comments)

My son died in early April 2013 without a will. Sufficient funds to pay his bills remained in his bank and credit union accounts, but no one could touch them. I sorted through all his bills and contacted all his creditors, informing them of the situation -- that they would indeed be paid if their bills were legitimate but that they might have to wait a few months for me to access his funds.

I finally got a court order to access his funds seven months later. In the meantime, three bills had already been sent to collection -- bills from creditors that I had previously contacted.

One bill in collection was for a major balance on a Discover credit card. By the time I got the collection notice, I had already sent a check to Discover. That problem was quickly resolved with no further problems.

Another bill in collection was for Time Warner Cable, for TV, phone, and Internet. I notified them shortly after my son died that they had to discontinue his service. They had billed him for the entire month of April, including the weeks following his death. I sent a check for a lesser amount to the collection agency with a cover letter detailing how I computed a pro-rata amount of the bill for the short part of the month before my son died. The collection agency returned the check with a letter informing me that they had returned the account back to Time Warner Cable. I never heard again from either the collection agency or Time Warner Cable.

The third bill sent to collection was for a medical group that supplies emergency room doctors to a local hospital. The explanation of benefits from my son's health insurance indicated that they had paid the medical group and that no further payment was due from my son. My further investigation revealed that, while the hospital and its emergency room were in-network for my son's health insurance, the hospital had out-sourced their emergency room doctor service to a medical group that was out-of-network for ALL insurance plans except Medicare. The medical group wanted payment for the difference between what the insurance allowed and what they billed. I wrote a letter to the collection agency (having already sent a similar letter to the medical group) informing them that the hospital chose my son's doctor and, since my son had no choice in the matter, they would have to deal with the hospital for any further payment. I also informed the the credit agency that my son's estate was not large enough to require probate and, if they insisted on payment, they would have to initiate probate at their own expense. I never heard again from either the collection agency or the medical group.

While all this was being resolved, we received several phone calls from the collection agencies. They insisted on knowing where my son was, so my wife gave them the address of his cemetery.

We also received insurance explanations of benefits indicating several medical providers were not being paid because they submitted their claims too late (more than 6 months after the dates of service). I have not heard directly from any of those providers. If they do send me a request for payment, I will reply that I am not responsible for their failure to submit timely claims. In any case, my son's estate is now "closed". All remaining funds were transferred into a blocked guardianship on behalf of my grandson. It will take a court order -- at the creditor's expense -- to unblock the accounts.

I am quite sure that my son is well beyond caring about black marks on his credit history. It seems, however, that no black marks have appeared. More than a year after his death, offers of new credit cards for large credit limits still keep arriving in the mail for him.

about 5 months ago

Submissions

top

Regional Concentrations of Scientists and Engineers in the United States

DERoss DERoss writes  |  about a year ago

DERoss (1919496) writes "The National Science Foundation has publish a research paper with the subject title, which may be found at http://www.nsf.gov/statistics/infbrief/nsf13330/. The lead paragraph contains the sentence "The three most populous states—California, Texas, and New York—together accounted for more than one-fourth of all S&E employment in the United States."

According to the 2010 census, however, those three states also contain more than one-fourth (26.5%) percent of the U.S. population. In other words, there is NO concentration beyond how the general population is concentrated."
top

Question: How do I obtain enforcement of my copyr

DERoss DERoss writes  |  more than 2 years ago

DERoss (1919496) writes "I have a personal Web site with many, many pages. One of the pages — one of my very first from before 1999 — describes the community in which I live. As with most of my Web pages, this one carries a copyright notice.

Often, my community page is plagiarized by real estate agents and brokers without my permission. Can I get the U.S. government to enforce my copyright. Or is enforcement limited to the MPAA , RIAA, and their allies."

Link to Original Source
top

PGP Vulnerability -- No Fix for Freeware Version

DERoss DERoss writes  |  about 4 years ago

DERoss (1919496) writes "PGP Desktop — used to encrypt or digitally sign E-mail and files — contains a serious vulnerability in current versions 10.0.3 and 10.1. This vulnerability allows a signed message or file (or sometimes a signed and encrypted message or file) to be altered without invalidating the signature. This makes it impossible to use a digital signature to verify the integrity of a message or file. While many individual, non-commercial users of PGP Desktop use the freeware trial version, Symantec will not provide a fix except for the purchased version. For non-technical details, see [http://www.rossde.com/PGP/pgp_weak.html#inject]."
Link to Original Source

Journals

DERoss has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?