×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Virgin Galactic To Launch 2,400 Comm. Satellites To Offer Ubiquitous Broadband

FireFury03 Line of sight? (123 comments)

Will it have the same line of site limitations as current satellite Internet? I'm in Seattle, and with providers like HughsNet you need a very good line of sight to the south to get service. IIRC, where I used to work we had the dish pointed only 24 degrees above the horizon.

These sats are going into LEO, not GEO, so their position in the sky won't be fixed. I imagine you'll used a phased array antenna to track them. The good points being: lower latency, no requirement to see the southern horizon specifically. The bad point being that you'll need a view of a bigger chunk of the sky to avoid signal dropouts as the satellites move - how big a chunk depends on how many satellites they have up there (and therefore how many are above the horizon at the same time). If they have enough satellites, it may work out better for you.

about two weeks ago
top

MI5 Chief Seeks New Powers After Paris Magazine Attack

FireFury03 Re: Fuck the Nanny State (319 comments)

The people want it to stay this way and a massacre or two will not change that.

Although crazies keep voting for UKIP, who have said they want to legalise firearms...

about three weeks ago
top

Inside Cryptowall 2.0 Ransomware

FireFury03 Re:Malware (181 comments)

If a program needs to look at stuff in other file structures then give it read access

Great! $malware got read access to your bank details.

You want it to be able to write to files in those other directories, fine, it reads in a file it isn't allowed to overwrite or change, and then saves it's own copy that it can molest in whatever way it wants.

So now instead of having a single copy of the file, you have a separate copy saved by each application that has been used to process it - creating a mountain of almost-identical files that the user has to keep track of is not a user friendly way of doing things.

Better is to have a versioned filesystem - each time a file is changed (by any application!) the delta is saved and the filesystem keeps the old data hidden away. Most of the time everything behaves as normal - you have one copy of a file, no matter how many times it is edited. If you need to roll back some changes then you just ask to see previous versions of that file, much like a source control system. And indeed, there are a number of file systems that do exactly this - if you care about such things there's nothing stopping you doing it.

It doesn't stop malware reading your files or modifying them, but it does mean you can recover the unmodified versions... but then doing backups (which everyone should be doing anyway) gives you similar protection.

about three weeks ago
top

Inside Cryptowall 2.0 Ransomware

FireFury03 Re:Malware (181 comments)

And, hell, why do applications get the run of every file I use under my account? Should they not have to request such things first? Even on Unix-likes, if you get on as my user, you can trash all my data - why?

Because anything else would require popping up numerous "would you like to allow this application to do $foo" boxes, and then you end up training the user to just hit "yes" on everything because it's too damned annoying to make a decision every time when the vast vast majority of access requests really are legitimate.

Sandboxing based on applications making their own decisions and being relatively trustworthy might not be a bad plan though - i.e. if your web browser has an immutable list of files it needs access to, and you trust your web browser, that provides some level of protection when some malware compromises the browser, so long as the immutable list really is immutable and the malware can't modify it.

I'm sorry, but the very concept of a virus scan happening "at scheduled intervals" or after you've already double-clicked on the file just tells you that it's too late before you start.

Well no, if you can roll back everything that happened between the "all clear" scan and the "you've been cracked" scan then that's certainly much better than nothing.

Fact is, I didn't install it and I have no idea what it ACTUALLY does.

You don't know what most software ACTUALLY does, even if you did install it - most software people use is closed source, but even the open source is a black box unless you actually audit it.

about three weeks ago
top

Should We Be Content With Our Paltry Space Program?

FireFury03 Re:As a former scientist: (287 comments)

True to a point, but the knowledge gained from the ISS is nothing to sneeze at either. I do agree that a manned mars mission is a bit silly at this point though, we don't really have the technology yet to make it feasible. More research into alternate energy sources should be where most of the money should be going.

I suspect a manned Mars mission will always be "a bit silly" at any point until people start actually doing it. And whilst I can't really point to much tangible return on the investment, "blue skies" project do have a habit of producing some quite unexpected returns.

To my mind, governments seem to be mostly concerned with themselves at the moment, with nothing to unify those in power towards some common (non-selfish) goal. With the few top-richest people being as rich as they are now I wouldn't be surprised if a few of them banded together to put together a manned Mars mission long before any government (so long as they do so before a revolution comes and redistributes the wealth a bit more fairly).

about a month ago
top

Should We Be Content With Our Paltry Space Program?

FireFury03 Re:ROI (287 comments)

That's not really true. You can look at a research lab and measure the ROI retrospectively quite easily and use this to make forward looking decisions, and that's what a lot of companies do. They'll close research labs that haven't produced anything useful in the last 5-10 years, but they'll increase funding to ones that have.

And what about research that takes longer than 5-10 years to come to fruition (which actually isn't very long)?

Lets take fusion research as an example - that has spent decades sucking money out of governments and has produced very little return on that investment. It may never produce much return. But if we ever do crack fusion for commercial power generation, that would be a serious game changer - probably a big enough return to justify a couple of hundred years of otherwise fruitless investment.

about a month ago
top

Should We Be Content With Our Paltry Space Program?

FireFury03 Re:No we shouldnt (287 comments)

But that doesn't mean that the government should be paying for it, because not all of us agree we should be paying for it. Using Tax to pay for something should only happen for things we can only collectively purchase, like National Defense. We should be able to pay for it ourselves, and reap the rewards individually

Umm, I don't agree with my taxes being spent on "National Defence" (when I can sum up the current "defence" ideas as "go into foreign countries and blow up some brown people").

Guess what - you don't get to choose what your tax gets spent on. In theory, it should be apportioned democratically, but even that doesn't happen - a significant number of people objected to the Iraq war and were ignored.

about a month ago
top

Should We Be Content With Our Paltry Space Program?

FireFury03 Re:No we shouldnt (287 comments)

Compare NASA to, for example, Xerox PARC (Ethernet, the GUI, laser printers, etc.) or Bell Labs (the transistor, access control lists, UNIX, etc.) and see which produced more inventions that benefitted the economy as a whole per dollar spent.

Each shuttle launch cost, on average, $1.5bn. The cost of one launch would fund over ten thousand PhDs, or several hundred DARPA programs. Do you really think that NASA is the best ROI for taxpayers?

The problem with NASA is largely the senators dictating how the money will be spent, which leads to a huge amount of wastage. The shuttle is a good example - NASA could only get the funding if they made a space craft that fitted some fairly mutually exclusive specifications - the result was a space craft that could do none of those things especially well and almost certainly more expensively than building several separate craft tailored to specific jobs.

Look at the A-3 test stand as another example: it was designed for the Constallation programme, and when Obama cancelled the programme the partially constructed test stand was of no use. Congress demanded that NASA keep constructing this useless piece of hardware and they spent about $200M on it _after_ it was known that there was no use for it. How can you expect NASA to be value for money when it is treated as a jobs creation programme and forced to waste money like that?

SLS is probably another good example - insanely expensive, not least because congress are actually dictating the engineering requirements, and no doubt the government will order NASA to scrap it before completion, completely wasting all the money that was invested in it. Despite its huge cost, I kinda hope that SLS doesn't get scrapped, because then at least the money has gone into something that can be used instead of yet another useless cancelled project.

Far better would be to just give NASA a lump of money and tell them to do with it as they please - the money would still end up invested in paying people to do jobs (the jobs might not be in the various senator's chosen locations, but they would still happen), and we'd probably have a lot more science at the end of it instead of a huge pile of half-completed scrapped projects.

about a month ago
top

Google Proposes To Warn People About Non-SSL Web Sites

FireFury03 Re:Sly (396 comments)

And whilst I use StartSSL, it's a pain that you can't get free wildcard certs for your domain...

And it fucking pisses me off that the grocery store won't just give me free food, too.

StartSSL is a business, and its business model is to give out free Class 1 certs with the hope of converting you into a paying customer.

*sigh*

The conversation was about it being so very cheap to roll out SSL because its trivial to get free SSL certificates. I'm not criticising StartSSL, I'm simply stating that it *isn't* trivial to get wildcard certificates. So the whole "you should use SSL everywhere coz it's free" premise kinda falls down there, since it isn't in fact free.

about a month and a half ago
top

Google Proposes To Warn People About Non-SSL Web Sites

FireFury03 Re:Self-signed certificate (396 comments)

Firefox blocked self signed certs. It used to warn and allow an exception but no longer.

I don't need to spend time or money to tell me who I am. What is the problem of me signing my own certificate?

Not true. Firefox blocked _short_ self signed certs (and yes, it's a stupid move - stick up a big warning by all means, but blocking them completely is insane. Lots of people now can't use FireFox to access legitimate networking hardware that uses short self signed certs). However, make a sensibly long self signed cert and it works fine as it always did.

about a month and a half ago
top

Google Proposes To Warn People About Non-SSL Web Sites

FireFury03 Re:Stupid (396 comments)

Answer: So that when someone browses to your URL they don't get malware injected into their browser by a MITM.

If your browser is vulnerable to injected malware then you're pretty much screwed already - an attacker just needs to trick you into visiting their site (which can have a perfectly legitimate SSL cert), no MITM injection required.

about a month and a half ago
top

Google Proposes To Warn People About Non-SSL Web Sites

FireFury03 Re:503 (396 comments)

Google should do whatever it wants. After all, if I get annoyed enough by Google Chrome, I'll just switch back to Firefox or Opera. Only the ChromeOS/ChromeBook/ChromeBox users may be screwed (because they've made the mistake of locking their hardware to a specific vendor browser).

IE taught us that this kind of thing doesn't happen quickly - web developers _still_ have to deal with IE's buggy rendering, despite good alternatives having been available for 15 years. Ok, IE has got better but it's still not great. Users don't see this stuff as a browser problem - if your website doesn't work right then the users see it as a problem with your website.

about a month and a half ago
top

Google Proposes To Warn People About Non-SSL Web Sites

FireFury03 Re:Sly (396 comments)

StartSSL.com gives free Class1 and is preinstalled in every modern browser

And whilst I use StartSSL, it's a pain that you can't get free wildcard certs for your domain...

about a month and a half ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

FireFury03 Re:So close, so far (561 comments)

Well, it is pretty much like real life, but I'm not sure we want to be teaching kids "this is the crap you can expect fom life" rather than inspiring them to do more.

I did take a slight exception to this though:

But Steven and Brian are also everything frustrating about the tech industry. Steven and Brian represent the tech industry assumption that only men make meaningful contributions.

As far as I can tell from the story, Steven and Brian did nothing wrong at all - clueless Barbie fucks things up and then asks them to fix it, which they do. This bit of the story would probably be pretty similar if you replace Barbie with any clueless person (male or female) who's just infected a bunch of computers with a virus. What were they supposed to do in this situation?

about 2 months ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

FireFury03 Re:Opposition is from a small elite (550 comments)

An elite crowd trying to force on everyone else what they think is the right way? Thats one of the many reasons people are against systemd!

The maintainers (you call them "an elite crowd") of some distros have made the decision to use systemd because they think that's the right thing to do - someone has to make the decision, and if not the maintainers, who? Or would you prefer that the maintainers decide to do something that they think isn't right?

No one is forcing anyone to use systemd - the source is there for anyone to use as they see fit; Some distros have decided that systemd is the right way to go, some have decided to use other inits, you can either choose the distro (from a wide selection) that suits your purposes the most, or you can even make your own, no one is forcing you to use one particular distro.

Note: I don't really have any opinions about systemd, I currently use Fedora and it seems to work ok, but if I have problems then I can switch distros.

One thing I don't understand is how in the hell it is considered ok to have this in Debian STABLE? Maybe, in Fedora or OpenSuse but Debian stable???!

Why not Debian Stable? Red Hat Enterprise Linux uses systemd, so it must be good enough for enterprise use, so why it it not good enough for Debian Stable?

about 2 months ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

FireFury03 Re:Not resigning from Debian (550 comments)

"systemd does the right thing by stopping normal boot and just boot into a safe, minimal shell. A quick glace in the log file (journal) will instantly tell you (using red letters for emphasis) that fstab is broken in such and such a way. A quick edit with Vim can then solve the problem." - did you miss these lines in his comment? Just how "far" is "far enough" ?

Well that would depend... If its your desktop machine then popping a shell on the screen would probably work(*). If it's a headless networked device then you're going to need the NICs brought up and sshd started.

(*) This isn't especially user friendly though... how about firing X up and having a nice GUI thing to fix the problem?

about 2 months ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

FireFury03 Re:Not resigning from Debian (550 comments)

This kind of tight coupling is unheard of in Linux history.

Not true at all - stuff has been tightly coupled plenty of times in the past. Lots of stuff is very tightly coupled with udev these days, for example. And whilst I will agree that tight coupling is bad, its sometimes hard to see how it could be avoided.

about 2 months ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

FireFury03 Re:Not resigning from Debian (550 comments)

The use of System V init allowed Linux to be comfortablef for UNIX admins looking for a less expensive or more widely installable solution, and the end of the use of System V init means that Linux is starting to head away from the UNIX operating systems.

Linux has been heading away from Unix systems for a long time. As a long-time Linux user, on the odd occasion that I have to deal with the likes of Solaris I find it feels *very* backwards by comparison... It's almost like going back to the 1980s...

about 2 months ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

FireFury03 Re:How systemd became Debian's default init system (550 comments)

What if it was someone attacking your sshd and making it crash when it failed?

    By automatically restarting it, you just allow the attacker to continue trying to exploit it.

    By automatically restarting it, you don't solve the issue that makes it crashing.

    By automatically restarting it, you, most of the time, don't even see it restarted, so really not giving you any way to solve the real problem.

It's not that I don't find process monitoring interesting, it's just that automatically restarting can bring more problems than it solves.

As with any service, the "correct" action upon a crash is probably dependent on what the machine is actually supposed to be doing. Take for example, a dedicated web server - having Apache do down when under attack and not attempt to recover would be bad since the attacker will have successfully caused a denial of service with very little effort. Compare to a private telephone exchange, for example, which is running a web server purely for management purposes - a crashed web server is not a disaster, the whole thing keeps doing its primary job without it, so automatically restarting the crashed web service _may_ not be the best plan.

So I guess the answer here is "it depends" and therefore the administrator should be able to choose either option, so selecting an init system that doesn't support one of the options would be bad.

In the case of sshd, since it is potentially the only way to safely fix a broken server, allowing it to die permanently seems like a bad option to me. A better option would probably be to restart it and firewall off all but a few "safe" IP addresses. That way the administrator can still access the server from one of those IPs and the attacker can't cause any more damage.

A well behaving daemon shouldn't be restarted (except maybe for rereading config files), it should start and stay that way. If it crashes randomly, then you might try to find the bug.

Whilst I agree that you should fix a crashy service rather than restarting it each time it breaks, there are nver the less reasons why you may want to auto-restart the service:
  - In the real world, you can't just shut down a service until a bug has been fixed; you need to continue running it as best you can while the problem is being looked into and fixed. So a stop-gap measure may be necessary.
  - Whilst you may believe some software to be bug-free, this may not be the case, and in some cases it would be disasterous to discover that thre is a bug by finding a service permanently go down. Far better to restart it and log the error.
  - Bits _do_ occasionally get flipped in memory or registers, so software may well occasionally crash through no fault of its own. It is reasonable to have something in place to mitigate this should it ever happen.
So yes, I agree, if a service is crashing all the time then it needs to be fixed, but that doesn't mean that you should abandon all possibility of recovering from an unexpected crash.

about 2 months ago
top

Overbilled Customer Sues Time Warner Cable For False Advertising

FireFury03 Re:Comcast tried to steal $50 from me (223 comments)

Comcast offered a $50 cash card if we signed up for internet service with them. We signed up in May, and the card never came. We called and they denied that they ever offered the card. A few more calls later, they agreed that they offered it and said they would send it. It never came. Last month, five months, a final call was made and the card arrived.

Clearly they have a strategy of screwing customers, either through intentional scripting or extreme negligence.

Not just telecomms companies - I'm currently being screwed over by Npower. I was a customer for 18 months, during that time I got a single correct bill and had to spend hours chasing them to get the others corrected. My original contract gave me a discount on the billing anniversary (January) - they never credited the discount, so I raised a dispute in January and they agreed to credit it. Except it never got credited. In the summer I left them as a customer, filed a complaint (about the shiteness of their service and about the unpaid discount) and refused to pay the final bill as it was incorrect. They responded to my dispute, replying to my complaint about the poor service but ignoring my points about the incorrect bill. I re-raised the complaint and got an automated "we'll respond in under 10 days" reply - never got an actual response so I followed it up 10 days later, again no response. The billing department are now threatening to take out a court summons against me for the unpaid (incorrect) bill. The billing department say they can't do anything about the disputed bill or the threatened court action and that I will need to raise a complaint with the complaints department, completely ignoring the fact that I've already tried to raise a complaint several times and the complaints department won't respond.

So now I've sent 50MB of paperwork and telephone recordings to the regulator in the hope that they can beat some sense into Npower before I have to waste yet more time defending myself in court.

I'm left wondering if this is actually incompetence, or if their corporate policy is to conveniently "forget" to pay discounts that were promised a year ago in the hope that most people won't notice.

about 3 months ago

Submissions

top

New rules for government departments' compliance with open standards

FireFury03 FireFury03 writes  |  more than 2 years ago

FireFury03 writes "Effective immediately, all British government departments are to comply with a set of Open Standards Principles (OSPs) when procuring for IT contracts. This follows a public consultation in which around 70% of respondents said they believed it would improve innovation, choice and value for money. Government sources say that although some suppliers have expressed reluctance to move towards OSPs, very few were able to articulate why they wouldn’t be beneficial.

Hopefully this will lead to fewer monolithic multi-million pound IT contracts going to the same old big businesses time after time, and more opportunity for small businesses to participate. Carving up a project and handing it to small businesses is likely very beneficial — less risk since the risk is spread amongst many suppliers, cheaper since there is more competition so less chance to overcharge like the big contractors currently do, and supporting small local businesses also helps the economy."

Link to Original Source
top

Illegal downloaders 'face UK ban'

FireFury03 FireFury03 writes  |  more than 6 years ago

FireFury03 writes "The BBC is reporting that the UK government may be planning to force ISPs to ban customers who are using their internet connections to infringe copyright. Apparently about 10% of the UK population regularly infringe copyright over the internet and there is no comment on how the ISPs are expected to detect infringement."
top

Active glacier found on Mars

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "The European Space Agency's Mars Express spacecraft has spotted an icy feature which appears to be a young active glacier. Dr Gerhard Neukum (what a cool name :), chief scientist on the spacecraft's High Resolution Stereo Camera said "We have not yet been able to see the spectral signature of water. But we will fly over it in the coming months and take measurements. On the glacial ridges we can see white tips, which can only be freshly exposed ice". Estimates place the glacier at 10,000 — 100,000 years old."
Link to Original Source
top

Another warning over IPv4 address exhaustion

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "The BBC is running a story on the IPv4 address exhaustion problem. The chairman of ICANN is warning that IPv4 addresses will probably run out in 2-3 years and we really need to roll out IPv6 now. The article notes that he is also Google's chief internet evangelist (Google still don't publish an IPv6 address for their search engine).

We keep getting these warnings, but very few ISPs and domestic router manufacturers seem to act (is it even possible to get a domestic ADSL router that does IPv6 without putting custom firmare on it yet?) Will we see a large scale roll-out of IPv6 soon, or will the industry wait until the sky falls in before acting?"

Link to Original Source
top

Google Sky launches

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "The BBC is reporting that Google have launched the Google Sky add-on for Google Earth. It will allow astronomers a chance to glide through images of more than one million stars and 200 million galaxies.

"Click a button and the world flips round and you see the sky from that particular location," explained Mr Parsons. "[The view] would be the constellations that you would see oriented in the sky on that particular day at that particular time." Users can overlay the night sky with other information such as galaxies, constellations and detailed images from the Hubble Space Telescope.
Although so far I've been unable to find any information published by Google."

Link to Original Source
top

UK petition for government IT projects to be open

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "There is a Petition on the UK government's website calling for publicly funded IT projects to be implemented as Free software. From the petition: "This would allow for more of the public to benefit from the development of the software since the code would be available for anyone to use and improve. Furthermore, compatibility with other Free licences (such as the GPL) would promote rapid development and reduced costs through the reuse of existing code.""
Link to Original Source
top

OSC threatten BBC over Microsoft tie-in

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "After the BBC Trust approved the BBC's development of a Windows-only video-on-demand service in April, the Open Source Consortium is threatening the BBC with a complaint to the European Commission, since it gives Microsoft an unfair advantage and is not in the public interest. They have also complained to the regulator (Ofcom) and the BBC Trust comparing the situation to the BBC only making programmes that can only be watched on one particular brand of television.

As a licence fee payer, I feel that I should have the right to withhold a portion of my licence fee since the BBC obviously feels it appropriate to artificially restrict the content and therefore prevent a proportion of licence fee payers from legitimately accessing it. It is also interesting to note from the article that the BBC seems to consider supporting only Windows and Mac to be "platform agnostic", with no mention of other operating systems."

Link to Original Source
top

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "There is a petition on the British government's website calling for software projects funded by the tax payer to be released under a Free licence so that the tax payer can re-use the code they paid for and also examine the progress of the project. All to often these projects seem to over run and cost many times the original budget. This blog on the subject suggests that this is a common practice in the US — if corporate America can do it, why not everyone else?"
top

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "An unprecidented 19 countries have now responded during the contradictions phase of the ISO/IEC standardisation of Microsoft's OpenXML document format. At this time the responses haven't been made public and ECMA have the opportunity to propose resolutions, before the end of the month, to the problems cited. The question has to be raised — what will Microsoft do if the specification is rejected? Can they pressure the relevent people or will they have to withdraw the specification and work up a new, more sane one? In any case, it's good to see that there are some sane people who aren't completely under Microsoft's thumb involved in the standardisation process."
top

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "The British Standards Institute has issued a contradiction to Microsoft's OpenXML document format, blocking it's fast-track ISO standardisation for 90 days. The article states that "Proponents of the rival Open Document Format" are opposed to the format as there is "no point in having two document standards." This seems to miss the true problems with the (incomplete) OpenXML specification and the British Standards Institute have not yet stated the reasons for their objection."
top

FireFury03 FireFury03 writes  |  more than 7 years ago

FireFury03 writes "linux.com has an article about how eBay are discriminating against Linux users after revising their Sell Your Item web tools.
"The tool is the sellers' auction setup wizard officially named Sell Your Item. eBay rolled out Sell Your Item 3.0 at the end of the summer, adding some more AJAX-ified flair and polish. It was October before I dusted off a relic in need of selling and tried the new form for myself, and found that it didn't work in Linux."
The article goes on to say that kludging your browser's User-Agent string to pretend to be Windows works around the problem, although I haven't got it to work (it serves up a different version of the page but it's still broken). Whilest you can still use the old system to list new items, there doesn't seem to be any solution for those of us who listed items with the new tool and now want to go back to revise the listing without any access to Windows machines."

Journals

FireFury03 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?