Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Password Security: Why the Horse Battery Staple Is Not Correct

Daniel_Staal Re:Many passwords just don't matter. (549 comments)

I just had an excellent counter-argument today: Work uses one password to log into their benefits site and into the handheld scanner used on the floor. The handheld scanner has a keyboard of less than 20 keys - numbers are easy, letters are hard, capital letters are really hard, and special characters are impossible. And there's no other input.

My login to my benefits is now controlled by the password I can type into what's basically a telephone keypad. Because that's where I need to type it a couple of times a day.

about two weeks ago
top

Liking Analog Meters Doesn't Make You a Luddite (Video)

Daniel_Staal Re:Analog displays are better in some situations. (155 comments)

Because the average human being can actually read it better off of a changing analog-style dial than they can understand a bare number. It has to do with us being well developed at judging distances for throwing and jumping. (And an analog dial allows you to read both off of one instrument.)

about three weeks ago
top

Liking Analog Meters Doesn't Make You a Luddite (Video)

Daniel_Staal Re:Analog displays are better in some situations. (155 comments)

The other place analog (or analog-style) gauges shine is when the rate of change is more important than the value. Speedometers and tachometers are good examples: You usually care more if you are speeding up, slowing down, or keeping the same speed than whether you are going 65 or 66mph.

about three weeks ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Daniel_Staal Re:I disabled CGI in Apache (318 comments)

Depends on what PHP is doing. If it makes a call to system(), anywhere... No, you are not. (Assuming you have bash as /bin/sh - the BSD's don't, and some Linux distros don't.)

If it stays entirely within PHP, then you are. But that'd be a lot of work to double check - You need to check every line of code you run, and the php interpreter itself to see where it calls out.

about a month ago
top

Apple's "Warrant Canary" Has Died

Daniel_Staal Re:Not completely gone (236 comments)

From the Ars story on the article: Apparently there's some newish law that would keep them from commenting specifically on Section 215 - If they want to do aggregate disclosure they have to group it with disclosures under another law. (Section 702 - which we know they have received orders under, since it was in the Snowden files.) (They also have the option of doing non-aggregate disclosures, but they couldn't do it immediately.)

about a month and a half ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

Daniel_Staal Re:Dial up can still access gmail (334 comments)

Assuming POP/IMAP and SMTP aren't blocked - which is even more likely to be the case than that the Gmail page is blocked.

about a month and a half ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

Daniel_Staal Re:Dial up can still access gmail (334 comments)

Or use Gmail with an email client and IMAP.

Might work, but doesn't solve any of this guy's problems.

And, an ISP that blocks email?

Sure. If the Internet service is that bad, I’m guessing it's some developing country that's nationalized the Internet. Therefore, they want you using their servers and services, because half the point is to make spying on you easier. Not particularly uncommon... (Often they'll only block it if it's encrypted or something like that.)

about a month and a half ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

Daniel_Staal Re:Sorry (334 comments)

Actually, an iPad sounds like exactly what he's looking for: Locked-down, with specific functions accessible. There's even some provisions for remote maintenance by authorized personnel. (He'd have to get OS X server and configure things first, I think, but it should be possible.) Main problem is dealing with connecting it to a dial-up link.

about a month and a half ago
top

Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

Daniel_Staal Re:Dial up can still access gmail (334 comments)

You are making the assumption that Gmail isn't blocked, and that the users in question would be open to changing their email addresses.

Also, webmail over dialup has the distinct disadvantage of requiring you to be online to read your email. This ties up your phone line, and may cost money. Batch-download is normally a better solution over intermittent links: Connect to get your email, disconnect, read it, write replies, connect to send. Total time online: usually less than a minute.

about a month and a half ago
top

College Students: Want To Earn More? Take a COBOL Class

Daniel_Staal Re:COBOL: Why the hate? (270 comments)

1: It's wordy. Larry Wall's famous statement on it is: 'I knew I’d hate COBOL the moment I saw they’d used “perform” instead of “do”.'
2: It's Crufty. Lots and lots of odd corner cases that are there because it made sense in the 70's, as well as decisions that used to be standard: All variables have to be declared at the start of the program, for instance. (With strong typing.)
3: It's finicky. The position (not the indentation) on the line matters, you have to declare things like your input and output formats formally (and separate from where you use them), etc.

COBOL is an excellent example of design-by-committee and then 'accumulate features as needed'. It's object-oriented features are a great example: Bolted on as an obvious afterthought, at a weird angle from the rest of the language, but yes it can be used. It all works, and you can write programs in it, but it's like being forced to write a bad instruction manual.

What it can do that other languages can't, mostly, is run on Big Iron with legacy code from before I was born. It has some decent features for financial markets (decimal numerics are supported natively, for instance), but mostly it's that it's been in banks and big institutions for decades and it's cheaper (and less risky) to hire someone to support it than to hire teams to rewrite their entire codebase. It works, and has been working, basically forever in computer terms. My mom learned COBOL in college, on punchcards. The language hasn't changed all that much since then. (For good and bad.) It's unlikely ever to be 'cool', but it's also unlikely to go away anytime soon.

about a month and a half ago
top

US Scientists Predict Long Battle Against Ebola

Daniel_Staal Re:+-2000 deaths? (119 comments)

Possibly. But the short-term social disruption would not be something I'd like to witness.

And since the 'short-term' in this case is probably 'a generation or two', I'd have to be a witness. (Or dead.)

about a month and a half ago
top

US Scientists Predict Long Battle Against Ebola

Daniel_Staal Re:+-2000 deaths? (119 comments)

All it takes is a couple of people who 'aren't infected, just look' (there are a few days of little-to-no symptoms) to bribe some official to get on some plane or past a border check. We're a significantly more interconnected world today than even a hundred years ago - you don't need rats to spread things widely.

It's not a pandemic - yet. But it wouldn't take much for it to be one, and it would be major.

about a month and a half ago
top

The State of ZFS On Linux

Daniel_Staal Re:Technobabble... (370 comments)

It depends partly on what features of ZFS you'll be using, and what types of performance you need. In general, you can run ZFS for an arbitrarily-large disk set with about 2GB of RAM - but you won't be using the memory cache features of ZFS much at all. The more ram you have available, the more it'll assign to the ARC (read cache). If you are running a media fileserver, where every read is a large file and is unique, then the ARC doesn't make much difference. If it's a webserver, where you read the same small files over and over, it's a huge difference. Things like compression and larger checksums also can take slightly more RAM.

The one real computable is if you try to turn on deduplication - you need something like 5GB of RAM per TB of data to be deduped, or performance goes to hell. This is to store the dedup lookup tables (which are put in the ARC) - if you can't fit them into RAM, every read/write adds having to read them into RAM, lookup where the data is, and then load the data. (Which can mean several reads per IO op.) Note that you don't have to dedup the entire dataset - it's on a per-filessystem basis. (And ZFS makes creating filesystems trivial.) Still, it's best to leave it off unless you have ungodly amounts of RAM to throw at it, and know you are storing heavily duplicated data.

about a month and a half ago
top

Choose Your Side On the Linux Divide

Daniel_Staal Re:My opinion on the matter. (826 comments)

- Useless on a server - where you only reboot 4 times a year or so and never have to hot-plug anything or change wireless networks.

Bull. Lots of servers currently run daemontools or similar, or else they use some other hack, because the SysVinit doesn't have any way to restart services (like crond) the one time they exit after running fine for months...

That is a feature, not a problem.

There are multiple programs out there to restart demon processes, if needed, with varying amounts of notifications to the admin, and varying interfaces. You pick which works best for you. An embedded appliance may need a 'restart at all costs, write a log and forget about it' program. You may want your restart program to email you, while someone else may prefer a web interface to check status. Maybe some programs should only be restarted in specific circumstances.

The Unix way is not to try to be everything to everybody, but to pick a specific function and do it really well, in a way that lets others do the same thing in a different way if they find the need to do so.

(I'll admit the biggest red flag to me about Systemd is binary logs - that prevents many useful things, in my experience.)

about 2 months ago
top

HP Gives OpenVMS New Life and Path To X86 Port

Daniel_Staal Re:LOL Itanium (136 comments)

D'oh. Sorry, yeah, my bad fingers. VMS, not VAX.

about 3 months ago
top

HP Gives OpenVMS New Life and Path To X86 Port

Daniel_Staal Re:LOL Itanium (136 comments)

VAX was already on 64-bit for ages when Linux was still in it's earliest versions. It's not going 'x86'. It's going 'x86-64', which didn't exist when Itanium was created. IA-64 was Intel's vision of the future - a complete overhaul of the instruction set. It bombed, but AMD64 wasn't written until several years later - and AMD does nice chips, but they don't really compete in that segment. (Or they didn't in 2001, at least.) It made perfect sense to port to what was supposed to be the new enterprise-class processor, instead of porting to an outdated desktop-class processor.

Linux on x86 can do lots of things, and is a very good system for many situations. If you need big iron (and the capabilities it provides - things like being able to upgrade or replace CPUs on running machines without downtime), VAX is better. In many cases you don't actually need big iron - a cluster of Linux boxes will do just fine. But when you need it, nothing else will do.

about 2 months ago
top

HP Gives OpenVMS New Life and Path To X86 Port

Daniel_Staal Re:If there have been signs..... (136 comments)

Exactly: I'm sure there are tons of custom apps written for VMS in banks, insurance companies, railroads, etc. These are places where 'if it works, don't break it' rules, and VMS is working, and has worked for decades. Being able to buy support and replace hardware is valuable to them, and I wouldn't switch platforms in their place unless there was no other option.

about 2 months ago
top

Ask Slashdot: Correlation Between Text Editor and Programming Language?

Daniel_Staal Re:Uh, sure.. (359 comments)

BBEdit gets a fair amount of use as well. Some versions of xcode will even emulate BBEdit commands, if you set the right option. (And may have the option to directly substitute BBEdit as the main text editor.)

But I get your point: If you are writing in Obj-C, you are probably using xcode, because you are almost certainly developing for either Mac or iOS, and that is where you need to be.

about 4 months ago
top

Cable Boxes Are the 2nd Biggest Energy Users In Many Homes

Daniel_Staal Re:huh (394 comments)

Efficiency is a big selling point in refrigerators; one of the first things people will look at. (And it will be posted very obviously on every one in the store.) Cable boxes... Not so much. I’m not sure what the big selling points on them are - probably how easily it is for the cable company to monitor their usage.

Electric water heaters are probably big users in houses that have them - but I'm not sure that's even a majority of houses in the USA; gas-powered heaters are common, and more efficient.

about 4 months ago
top

Aliens and the Fermi Paradox

Daniel_Staal Re:Progenitors? (686 comments)

Never played the game. Didn't even know the concept was discussed in it.

And, on a relative scale, yes it's not hard. It's certainly far easier than sending a ship to trade with someone that far away. In fact, nearly all of the problems of interstellar travel go away in this case - the basic fact is that not having to slow down when you get there (and not caring about the safety of any occupants in the vehicle) makes the issue massively easier. You don't have to worry about fuel, or shielding, or long-term biological maintenance. Just accelerate it up to speed and have a few final maneuvering thrusters on an automatic system.

Of course, if you are traveling around you've solved those problems, and can if you wish launch from within your target's solar system. Which makes targeting much easier, though you may give yourself away as you get the weapon up to speed.

On the other hand, hiding isn't as hard as you might think, especially if life (but not sentient life) is moderately common. Most of it even makes economic sense: Keep your transmissions low powered and focused so there isn't much leakage, and keep the atmosphere fairly clean. That will make it nearly impossible to tell an 'inhabited' system from a 'life-bearing' system from any distance.

Of course any aliens could be proactive and be striking at any life-bearing system, although that's a lot of wasted effort. Still, even then if we were to move into space-based colonies and asteroids we could hide fairly effectively. (Again, communication would be the biggest leaker, but economics and the square cubed law help the hider out.)

about 5 months ago

Submissions

top

Most web programming languages vunerable to denial

Daniel_Staal Daniel_Staal writes  |  more than 2 years ago

Daniel_Staal writes "Ars Technica is reporting: "Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication Congress event in Germany, the flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google's open source JavaScript engine V8. The vendors and developers behind these technologies are working to close the vulnerability, with Microsoft warning of "imminent public release of exploit code" for what is known as a hash collision attack."

OCert advisory here."

Link to Original Source
top

Network Solutions stands by policy.

Daniel_Staal Daniel_Staal writes  |  more than 6 years ago

Daniel_Staal writes "Apparently Network Solutions believes nothing is wrong with it's policy on registering domains: After review, they have decided to stand by their policy, and continue to register every domain checked. Why? To save us from scammers: "We would be perfectly happy to end this process if ICANN or the registries would do something to protect small businesses or other small users." Apparently the point is to register them before the scammers have a chance to, and not to make money for Network Solutions: "We are not trying to make a bunch of money off of this.""
top

Daniel_Staal Daniel_Staal writes  |  about 8 years ago

Daniel_Staal writes "My sister will be traveling abroad next year on a one-year study program. She has indicated to the tech guy in the family (me) that she would like something she would be less likely to mind loosing as her computer than her current iBook when she does. Any suggestions on a sub-laptop computing device?

Her requirements are fairly straighforward, but contain a couple of oddities. Basically she wants to be able to keep in contact with people, and do her homework. For that she needs email, VoIP (Skype, for preference), web browsing and MS Office or compatable. The kicker is that her homework will be in Arabic, while her email/web will be in English. (Or, at least mostly.) She wants a keyboard; she'd probably be ok with 3/4 size keys, but I'd have to convince her. VoIP is not a deal-breaker, just a strong request.

So, what small size/cost factor portables do you know that have good Arabic support and can be used for basic web access? My current thought is a HP Jornada, but I'm not sure what to compare it to. (And I'm not sure about Arabic support.)"

Journals

Daniel_Staal has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?