Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Eric Smith Re:Closed source won here (580 comments)

Would you argue that if a Microsoft (or other vendor) SSL implementation was used by most of the world's web servers, this would have been less likely to happen? As far as I know, there's no reason to think that any other implementation, open or closed, would be any more immune to such problems. There is little or no evidence that closed source software is generally more reliable, or that substantial effort is made to audit it.

If you're arguing that it's bad that such a high percentage of the world's web servers use the same software, I might agree, but that is completely orthogonal to whether that software is open or closed.

3 days ago

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Eric Smith Re:Honestly, the "OSS is safe" discussion is over. (580 comments)

That OpenSSL is open source is irrelevant. This bug could just as easily have happened in closed source software. Using closed source software does not give any higher confidence in the quality of the code; many studies (e.g., 2012 Coverity Scan Open Source Report) show generally comparable code quality, with some open source projects scoring substantially better than average.

3 days ago

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Eric Smith safe languages (580 comments)

Heartbleed is a perfect example of why software should be written in "safe" languages, which can protect against buffer overruns, rather than unsafe languages like C and C++.

Of course, the problem is that if you try to distribute open source software written in a safe language, everyone bitches and whines about how they don't have a compiler for that language, and how run time checking slows the software down by 10%. Personally I'd rather have more reliable software that ran 10% slower, than less reliable software that ran faster. It's also crazy to turn off the run-time checks "after the software is debugged", as if the debugging process ever succeeded in finding all the bugs. As C.A.R. Hoare famously observed in 1973, "What would we think of a sailing enthusiast who wears his lifejacket when training on dry land, but takes it off as soon as he goes to sea?"

The "with enough eyes" argument, and "if programmers were just more careful" arguments don't justify continued widespread use of unsafe languages. Granted, safe languages don't eliminate all bugs, but they eliminate or negate the exploit value of huge classes of bugs that are not just theoretical, but are being exploited all the time.

I keep hoping that after enough vulnerabilities based on buffer overruns, bad pointer arithmetic, etc. are reported, and cost people real money, that things will change, but if Heartbleed doesn't make a good enough case for that, I despair of it ever happening.

3 days ago

How St. Louis Is Bootstrapping Hundreds of Programmers

Eric Smith 1% *success* rate is high (147 comments)

Given the low entry barrier as compared to traditional higher education systems, the surprise isn't the failure rate, but the success rate. Given the low cost per student of providing the course, even at a 1% success rate I expect that the cost per successful student is much better than the traditional systems, though I don't actually have numbers to back that up.

about a month ago

Ukraine May Have To Rearm With Nuclear Weapons Says Ukrainian MP

Eric Smith Re:Riiiight (498 comments)

so basically if they start building the uranium enrichment plants now, they might have a working nuke in 10-20 years.

There's an existence proof that it can be done in four years, if someone is willing to devote sufficient resources to it.

about a month ago

Polynesians May Have Invented Binary Math

Eric Smith They were two millenia late to the party. (170 comments)

There are several algorithms using the binary number system, including left-to-right binary exponentiation, in Pingala's Chanda-sutra, before 200 BCE. Knuth's _The Art of Computer Programming, Volume 2: Seminumerical Algorithms_ cites B. Datta and A.N. Singh's 1935 _History of Hindu Mathematics 1_. Also al-Kashi described the right-to-left binary exponentiation algorithm in 1427 CE.

about 4 months ago

Largest US Power Storing Solar Array Goes Live

Eric Smith Not creating energy (377 comments)

Unless there are some nuclear reactions going on in there, I really don't think it is creating any energy at all, much less "creating enough energy to power 70,000 homes".

about 6 months ago

Nvidia CEO: We Are Working On Next Generation Surface

Eric Smith If Outlook missing was the problem... (200 comments)

... then they could release an Outlook app for Surface 1.0. There's no reason that it would have to wait for 2.0.

That excuse may be the most pathetic thing I've ever heard.

about 8 months ago

Moscow Subway To Use Special Devices To Read Data On Passengers' Phones

Eric Smith Re:note to self. (163 comments)

Presumably MoFoQ meant aluminized mylar. It will attenuate RF, and if the bag is sealed, will act as a Faraday cage.

about 9 months ago

big.LITTLE: ARM's Strategy For Efficient Computing

Eric Smith wafer prices didn't go down for earlier nodes (73 comments)

The cost of a 45 nm wafer was higher than that of a 65 nm wafer, etc. It was only the cost of an individual die that went down, because with a smaller geometry an equivalent die was smaller, thus there were more of them per wafer.

about 9 months ago

Ask Slashdot: What Should Happen To Your Data After You Die?

Eric Smith The acronym is wrong (122 comments)

The name needs a few more words. Instead of IAM, the acronym should be IAMNOT.

1 year,6 days

Competitors Complain To EC That Free Android Is a 'Trojan Horse'

Eric Smith If Open Source has a competitive advantage... (315 comments)

... in Microsoft's opinion, I don't think there's much preventing them from open-sourcing their own software to get that same advantage.

1 year,9 days

Mobile App Screens Calls With Brain Waves

Eric Smith Good Times (40 comments)

If you hear of an app called Good Times, don't download or install it. It is a virus that will erase your hard drive and put your phone's processor into an nth-complexity infinite binary loop.

1 year,13 days

Bezos Expeditions Recovers Pieces of Apollo 11 Rockets

Eric Smith Re:Ownership of recovered artifacts (119 comments)

The 10% is for salvage rights. Deliberately abandoned property is different than salvage.

1 year,27 days

Bezos Expeditions Recovers Pieces of Apollo 11 Rockets

Eric Smith Ownership of recovered artifacts (119 comments)

NASA claims that the US government still owns these artifacts. I think they're mistaken. The artifacts are not salvage, but rather abandoned property. NASA intentionally allowed them to be abandoned more than 40 years ago with no stated or demonstrable intention of ever recovering them. Since they were outside the territory of any US state, I don't think they are subject to any form of escheat. I think Bezos has clear title and ownership. If there's some US law providing to the contrary, I'd be interested in seeing the legal citation.

If Bezos wants to give them to NASA out of his own generosity, that's great, but I don't think he's under any actual legal obligation to do so.

1 year,29 days

Ask Slashdot: Making Side-Money As a Programmer?

Eric Smith Re:Does your day job pay you enough? (257 comments)

I only have that problem if I'm working a lot of overtime for the day job, or working at an extremely boring or unpleasant day job. I try to avoid those, though sometimes there's not much choice.

I'm sure that having hobbies or personal projects that are non-computer-related would be good, but I don't really have any. However, my computer-related personal projects are so dissimilar to my day job that they almost do seem like different fields to me.

about a year ago

Ask Slashdot: Making Side-Money As a Programmer?

Eric Smith Does your day job pay you enough? (257 comments)

If so, working on personal projects that don't necessarily have any likelihood of financial reward may be much more satisfying than doing paying work in your spare time. I've certainly found that to be the case. I spend my spare time on projects that are just things I'm personally interested in. Often they're very obscure, and only of interest to a small number of other people. However, I enjoy them very much. Sometimes I publish them as free software, and when I do, it is very cool to meet the few other people with similar interests. Because I'm interested in a wide variety of things, I've got enough ideas for personal projects to keep me busy for hundreds of years, so I almost never get bored.

I also was very lucky that a very-long-term project project in which I invested a huge amount of time (thousands of hours) starting in 1995, with absolutely no expectation of financial reward, actually started making me a non-trivial amount of money starting in 2009. I'm certainly not going to claim that this is a likely outcome, but it can happen.

As an example of a small and very obscure personal project, in July of 2011 I rewrote the Apple I ROM monitor to work on an MC6800 microprocessor (rather than the 6502), because the Apple I hardware design was theoretically capable of being configured for the MC6800. It's of no practical value whatsoever, and will never make me any money, but I submitted it as a RetroChallenge contest entry and actually won second place and a small prize. Just recently someone in Australia actually installed an MC6800 in an Apple 1 replica, did a little hardware debugging, and got my monitor code running on it. (I'd only run it in simulation with MESS.) It was very satisfying watching the video on Youtube.

about a year ago



Sony categorizes U.S. Constitution as fiction

Eric Smith Eric Smith writes  |  more than 6 years ago

Eric Smith writes "When you buy a Sony PRS-500 ebook reader, you get a credit to download 100 "classic" ebooks (public domain works, so Sony doens't ahve to pay royalties, though they still DRM them for our convenience). One of the available "books" is the U.S. Constitution, which according to the info page on the reader Sony has classified as "Fiction & Literature"."
Link to Original Source


Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account