Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Slashdot Asks: How Do You Pay Your Taxes?

Terje Mathisen Norway is similar... (385 comments)

For a large majority of Norwegian citizens the old nightmare of filling in the tax return has been reduced to a very simple scan:

Does the pre-filled tax return I got in the mail (or checked online at the government site using secure two-factor authentication) include everything it should, i.e. all income, bank statements, any funds/stock and/or debts? The answer is Yes for something like 70%+, in which case they can do nothing, or accept it via the online site or even using SMS.

My personal return can have some consulting fees on top of my normal salary, so I have to login and add an extra income item, then submit the updated return.

Total time spent is about an hour.


3 days ago

Ask Slashdot: Will Older Programmers Always Have a Harder Time Getting a Job?

Terje Mathisen Is 40 the "new old"? (379 comments)

I'm 56, should I be forced to retire?

Programming is still something I do more or less 7 days a week because I like it, not to get rich or just because I'm paid to do so. When I started out this was pretty much the only way you could get into programming, i.e. my (technical) university didn't even offer an IT degree when I started there.

I've been programming since the seventies, I have written MBs of source code in many languages, but of course I'm getting about a year older every year. :-)

The main difference between today and 25-30 years ago is probably that now I'll spend a bit more time up front thinking about the problem _before_ I sit down to write the code. I've taken part in 3 of the 4 Facebook Hacker Cups that have been held so far and I've noticed that I get into trouble in the later rounds when time pressure becomes critical, but I like to think that I'm still coming up with good solutions even if it takes me more than 30-40 minutes to do so.

The international competitions that I've won have been for the fastest possible code but with some weeks to deliver the solution.


about a month ago

DDoS Larger Than the Spamhaus Attack Strikes US and Europe

Terje Mathisen Update your NTP sw! (158 comments)

I've been a member of the NTP Hackers team for more than a decade, the mechanism that is being abused for these attacks is in fact a very useful debugging/monitoring facility:

You can ask an ntpd server about how many clients it has and how often each of them have been accessing the server. On old/stable ntpd versions this facility was accessed using a single pure UDP packet (ntpdc -c monlist), and in reply you got back information about up to 602 clients (the size of the monlist buffer), sent as a big burst of UPD packets.

Researchers have developed maps of the entire publicly accessible NTP networks using this facility, I have personally used it to map the status of our fairly big corporate network. I.e. it can be extremely useful!

A few years ago the development version of ntpd switched to a different protocol and method to query this information, using a nonce which meant that you can no longer spoof the source address: (ntpq -c mrulist). Since the mrulist buffer is configurable, I have setup my public ipv6 pool server (ntp2.tmsw.no [2001:16d8:ee97::1]) to keep monitoring info for the last 10K clients.

Today we recommend that you either upgrade to ntpd v2.4.7, or if you really cannot do this, insert a 'restrict default noquery' option in the ntp.conf configuration file. The 'noquery' indicates that clients can still use the server for regular time requests, but the monitoring facility is disabled.


about 2 months ago

Dead Reckoning For Your Car Eliminates GPS Dead Zones

Terje Mathisen This was required before the end of SA! (151 comments)

All car navigation systems pretty much required this when the GPS system was still hobbled by the ~100m uncertainty caused by Selective Availability. (Ended by Clinton in May 2000).

The implementation is actually quite trivial: One sensor on each front wheel gives you two revolution counters (odometers).

Distance traveled is proportional to the sum of the two counters, while the difference in counts is proportional to how much you have turned.

As long as you have GPS reception you can use that to calibrate the odometers, so that differences in tire type & pressure is automatically compensated for.

Using a barometer you can do the same for altitude, automatically compensating for changes in local air pressure.


about 2 months ago

Nobel Prize Winning Economist: Legalize Sale of Human Organs

Terje Mathisen Re:Read Larry Niven's stories about "organleggers" (518 comments)

Thanks for posting, I was going to mention Niven's entire ARM series as required reading for _anyone_ who want to debate the relative merits of various forms of organ donation/transfer.

I registered as a blood donor on my 18th birthday, my bone marrow profile has been in the data banks for a couple of decades (but with no harvest requests so far), and if I should ever suffer from a fatal accident my next of kins have all been informed that I would like as many of my organs to be reused as possible.


about 3 months ago

Coca-Cola Reserves a Massive Range of MAC Addresses

Terje Mathisen Minimal range, not massive! (371 comments)

MAC addresses consists of 48 bits, of which 24 is a vendor code and the other half some sort of serial number.

I.e. the smallest possible allocation of MAC addresses is a single vendor code, giving 2^24 or 16M unique addresses.

Sounds like an obvious starting point for a Coca-Cola MAC address in every vending machine.

about 4 months ago

Ask Slashdot: Do You Run a Copy-Cat Installation At Home?

Terje Mathisen I go to work to have fun. Don't you? (308 comments)

I've been spending many hours of my free time in front of a screen like now, close to every day since the day I got my first personal computer (an IBM PC clone back in 1982).

This was two years before I landed a job working on PCs (chief responsible for all hw/sw on IBM compatible PCs in Norway's largest corporation), when I understood that they wanted to pay me good money (50% more than I was currently making) for doing what I was already doing as a hobby I was very pleased indeed.

Since then I've written several tens of MBs of code (about 20+ MB before 1990), most of it in my free time even if I later could reuse many programs & algorithms in my daytime job. I have always had at least a couple of computers at home, currently I have just one big deskside tower and a bunch of laptops. They run Windows 7 & 8, as well as FreeBSD (my gateway/fw/ntp stratum 1/ipv6 gw box) and Linux.

I've been able to work on a lot of interesting projects (if you google my name you'll find a few), including game code, ntp, crypto, graphics, video/audio decoding, simulation and modeling.

Currently my main hobby project is to take raw LiDAR point clouds and use pattern recognition to try to generate vector base maps for orienteering, including shades of green and yellow to represent various degrees of runability and visibility.

When I was ~20 years younger I won or made it to the podium in several programming/optimization contests, these days I've taken part in 3 of the 4 Facebook Hacker Cups that's been held so far. I usually make it to the second main round but I'm not fast enough any longer to get into the top 100 who make it to the finals. The main part is that it is fun to figure out problems and come up with efficient algorithms!

They key message here is that even though I'm getting closer to retirement age, I have absolutely no plans to stop thinking/thinkering!

about 4 months ago

The Cybersecurity Industry Is Hiring, But Young People Aren't Interested

Terje Mathisen Bulls**t: 24% is a _lot_! (289 comments)

Please give me a big list of other occupations which more than 24% of a random sample of kids are interested in, then I'll allow you to claim that too few youngsters are interested in cybersecurity.


about 6 months ago

New Threat To Seaside Nuclear Plants, Datacenters: Jellyfish

Terje Mathisen BT, DT, sort of... (123 comments)

A few years back we were sailing on my father-in-law's nice sloop when the wind dropped so we had to start the engine.

At the time we were in the middle of the narrow Drøbakssundet sound which all shipping to/from Oslo has to pass through, so we had to get out of the shipping lanes quickly, right?

After just a minute or so the engine choked up, and with a dead calm we had no other option than to declare an emergency and use the VHF to call for assistance from Sea Rescue.

We got towed into harbour and lifted up, then we found that the cooling water intake had got clogged by jellyfish puree. :-(


about 7 months ago

Ask Slashdot: Are 'Rock Star' Developers a Necessity?

Terje Mathisen Turbo Pascal pedigree (356 comments)

Take a look at http://en.wikipedia.org/wiki/Turbo_Pascal !

Turbo Pascal was a runaway hit specifically because it broke with UCSD's version which was slow as molasses.

It also allowed you to break out of the straightjacket whenever you needed, including dropping down all the way to inline asm/hex codes.

37 kB for a complete IDE with editor/compiler/linker/debugger/run time library.


about 7 months ago

Ask Slashdot: Are 'Rock Star' Developers a Necessity?

Terje Mathisen Re:ROCK STAR DEVELOPER NON-EXISTANT (356 comments)

At the risk of getting a lot of flames: I've been in this category a few times, but never consistently over many months or years.

I.e. getting a challenge at work: "Mobil Oil left the meeting when we said you guys could develop this (safety) system in 3 months, with just one month to the first deployable version. They had calculated that it would take at least a calender year independent of the number of developers!"

My coworker and I hid away in a meeting room for three days, at which point we had written the entire first version, including a separate machine with a full sw simulation of all the missing hw parts, with programmable (Monte Carlo) error rates for all components and tracking of any resulting errors in the user output.

If I could do this day in and day out I would deserve that "rock star" title, but I know very well that I cannot.

Most of the time I'm quite happy working out interesting algorithms, shooting the breeze over at comp.arch or just spending my time figuring out why a given application/system doesn't work (or perform too badly).

I'm actually getting paid for that last part, so that is good.

Besides, I also want time for my wife & kids, my hobbies (orienteering, xc skiing/snowboarding, windsurfing/kiting, rock climbing etc), so I limit my work hours to the regulation 40h/week.

OTOH I have known/met a few real "rock stars", John Carmack is way up on that list and so is Anders Heijlsberg (who I first met way back when here in Scandinavia when he was a young punk who had just sold Turbo Pascal to Borland). Mike Abrash isn't quite as bright as Carmack, but he is incredibly persistent as well as consistently good.

All three of these come across as really nice guys.


about 7 months ago

New Seagate Hybrid Drives Hampered By Slow Mechanical Guts

Terje Mathisen Hybrid really does make sense, but not like this! (130 comments)

I have seen research that I believe in which basically states that a hybrid drive can provide equivalent performance to a pure SSD solution, with capacity equal to a regular drive, but only if you have enough flash memory available:

The crucial point corresponds to about 5% of the total capacity, so a 500 GB disk like the new Seagate would require at least 25 GB of flash (which probably means 32 GB), instead of the very paltry 8 GB they are delivered with.

The only real advantage here compared to the previous model ( I have a 750 GB/8 GB hybrid disk in this laptop) seems to be the inclusion of write caching, I can personally attest that with a pretty much full drive, having just 1% flash cache doesn't seem to deliver any noticeable improvements compared to the same drive without the flash memory.


1 year,15 days

Handheld Black Hornet Nano Drones Issued To UK Soldiers

Terje Mathisen Re:Too light? Not at all (97 comments)

You have to separate 'cost' and 'price':

The price will of course stay as high as possible (i.e. whatever the military is willing to pay), while manufacturing cost will come down now that they have made & debugged the design.


about a year ago

Handheld Black Hornet Nano Drones Issued To UK Soldiers

Terje Mathisen Re:Too light? Not at all (97 comments)

Read the article: One of the main selling points of this tiny little helicopter is the fact that it is actually very stable even in high winds.

Remember that it was developed here in Norway where we have quite a bit of "inclement weather", i.e. it has to be able to handle both wind, dust and some rain.

Re. the excessive cost: This will obviously come down a lot, and even if the main article didn't say so, each kit contains multiple drones: The mil-spec controller is probably far more expensive to manufacture than each drone.


about a year ago

Making Sure Interviews Don't Turn Into Free Consulting

Terje Mathisen Re:Is This for Real? (232 comments)

Is this serious? Here's a big red warning sign for me: if my job can be jeopardized by twenty minutes of talking, I'm probably in the wrong industry. I can tell you how to implement a solution but it's the actual work and planning and care that should be paid for cash money.

I have actually BT, DT, but in a good sense! :-)

I went to an interview once where they did ask me some more or less general questions about how I would solve various problems that I believed might arise, and I spent maybe 10-15 minutes brainstorming about it.

A week later I was invited back for a second interview, and this time they started by saying that "one of those ideas you gave us was so good that we have already added it to the requirements section in the Request for Proposal we have sent out to various vendors", and then we went on to more specifics like when I could start, what sort of salary I would require etc.

I got the offer (a very good one) for the job in writing the day after, and then a couple of phone calls when I didn't accept immediately ("we will give you an additional 3 extra pay grades rise") but in the end I decided that the job would probably become too boring for me after a year or two, so I declined.


about a year ago

What Early Software Was Influential Enough To Deserve Acclaim?

Terje Mathisen NetWare was a killer app! (704 comments)

For about 5+ years, Novell NetWare was indeed a killer app, it was the _only_ functional File/Print server for PCs!

From a computer architecture viewpoint NetWare had a lot of interesting ideas, including (by far) the most efficient sw stack I have ever seen:

Back around 1990 Drew Major had bummed the File Read Request code to the point where it needed just 300 clock cycles to do:

a) Pick up incoming packet
b) Detect that this was a file read request
c) Check that the user had the proper access rights to this file
d) Locate the relevant data in the the file cache (otherwise queue a physical read request)
f) Construct the response packet
g) Return the response to the client

A bit later, around 1993-1995 Novell had their Multi-Master distributed Directory Service which from day one was far more functional that anything Microsoft has been able to write up to now.

Lotus Notes also had some good ideas, mostly related to replication and synchronization, allowing data to migrate to wherever it was needed/used.


about a year ago

Ask Slashdot: Do You Still Need a Phone At Your Desk?

Terje Mathisen Re:Haven't had a desk phone for 10+ years! (445 comments)

No problem: We even put up a micro/nano-cell base station inside our EMP-secure (deep basement) server room!


about a year ago

Ask Slashdot: Do You Still Need a Phone At Your Desk?

Terje Mathisen Haven't had a desk phone for 10+ years! (445 comments)

Here in Norway pretty much all medium-sized and larger businesses have agreements with a cell phone company that basically means that all company-internal calls are free, as well as all external calls made via cell towers located around their office locations.

I.e. all the calls that you would have used a land line phone for in the old days.

We have of course never had the horrible "cell phone receiver pays" system used in the US, partly because all cell phones have gotten numbers from a couple of separate ranges, never used for land-line phones, so that we always knew if we were calling a fixed or mobile phone.

The last time I bought a cell phone with a contract clause must have been 5+ years ago, it was for one of my kids.


about a year ago

NASA To Encrypt All of Its Laptops

Terje Mathisen Re:This is amazing: Why didn't they do it 10+ year (226 comments)

No, the resource usage was not "extreme":

We did measure some slowdown of applications, but mostly in the single-digit percentage range.

This was simply because most applications those days did all their work in memory, only Microsoft's virtual disk swapper would use the disk during normal operation, and then only in case you suddenly needed a lot of free memory space.

Bulk load of application and data files did slow down a bit, but significantly less than 50%, i.e. the hard drive did not suddenly become half as fast even for bulk transfers.

When I was involved in the AES process more than 10 years ago, one of our targets was to optimize the crypto code so that a 1996 vintage PentiumPro could handle a 100 Mbit/s full-duplex communication line, or correspondingly about 20 MB/s of disk en/de-cryption.

Today full disk crypto is effectively free, except in power usage, since all computers have multiple cores, most of which are idle even when an application is working hard, and a single core can keep up with the fastest available (spinning) hard drive. A modern i7 core with the AES extensions can do the crypto without getting hot. :-)


about a year and a half ago

NASA To Encrypt All of Its Laptops

Terje Mathisen This is amazing: Why didn't they do it 10+ years a (226 comments)

I was in charge of testing/verification of full disk crypto when my then-employer (Hydro) mandated it almost 20 years ago:

At that time 5 vendors made it through our pre-qualification tests, among these I was able to trivially break 3 of them (replace a conditional branch with its opposite), one took 20 minutes and only Utmaco's SafeGuard Easy had done a proper security design, where the user password was used as (part of) the seed for the key used to decrypt a copy of the master disk key.

I.e. the system _must_ be safe against attack from anyone, including the vendor!

I wrote a longer post about this the previous time the same issue came up on /.


about a year and a half ago



SlashDot reference in QuestionableContent

Terje Mathisen Terje Mathisen writes  |  more than 6 years ago

Terje Mathisen (128806) writes "The very good online comic http://www.questionablecontent.net/ made a small story break today (comic #1023), in that Hannelore, the girl with Compulsive Cleaning Disorder is shown watching TV commercials for "Wikipedios" (soup cans containing pasta letters spelling out Wikipedia articles), and then in the last panel:

"Try SLASH-DOTZ! Tasty ice cream dots with a minty candy shell! They're +5:Delicious!""


Terje Mathisen has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account