Meet Flink, the Apache Software Foundation's Newest Top-Level Project
In Scandinavian languages (Norwegian, Danish, Swedish), flink means clever or accomplished.
Was this by accident or intentional? :-)
OpenBSD Releases a Portable Version of OpenNTPD
[Full Disclosure: I have been a member of the NTP Hackers team for ~15 years, so you could claim that I'm partly to blame for the recent security problems even if I have not personally worked on the crypto or monitoring code.]
NTPD is definitely more complicated that what you need for a leaf (client-only) machine, like all the server functions and the code that support locally attached reference clocks, this is the main reason PHK is working on a dedicated NTP client.
We have known for many years that the monitoring functions, in particular the "mode 6" UDP packets were a potential DDoS amplification vector, which is why we replaced them.
For the crypto stuff we did what pretty much every other project did, i.e. we imported the functions we needed from openssl, and like pretty much every other project we messed up a few buffer handling issues.
The important point here is that anyone running a public server with a recommended configuration (no crypto, no remote monitoring) would not have had any security problems, even if they insisted on using 10+ year old versions!
With any version from withing the last 3-5 years you would also have been secure against the DDoS vector even if you did allow remote status monitoring.
How many system-level sw packages are you using where this would have bee true?
PS. OpenNTP should properly be called OpenSNTP, since it implements the Simple NTP subset instead of the full NTP protocol stack which includes system clock time/frequency tuning.
Ask Slashdot: Are Progressive Glasses a Mistake For Computer Users?
I am 57, I have used reading glasses for about 10 years, then switched to progressive (+2.75 to +0.75 on my right eye, +2.0 to 0 on my left) about three years ago.
I really love these glasses but have found like you that they are not at all suitable for my standard 3-monitor working setup:
Progressive lenses work by having a fairly large sweet spot (i.e. focus area) over the top half of the lenses, optimized for distance vision, then a much smaller bottom area which is optimized for (book) reading, i.e. with a focus distance of 30+ cm or about a foot. It is important to note that this lower area is significantly narrower than the distance-vision part!
The big problem is everything in between, i.e. the progressive part! When you blend two different lenses, the transition area will be very narrow, i.e. the area of good focus is shaped like a top-heavy timing glass with a narrow waist.
This will severely limit your normal sidewise focusing ability, and the narrowest slice seems to be close to the 60-100 cm distances typical of multi-monitor setups.
The only good solution I've found is to have a pair of dedicated programming glasses in the +1.75 to +2.25 range.
BTW, what I'm really waiting for is improved soft replacement lenses which hook into my eye muscles so that I can focus the same I did when I was younger, but the first generation of these only provide about +1.0 of adjustable focus range, and that is not enough to read fine print, or in my case: Detailed orienteering maps.
Ask Slashdot: How Would You Build a Home Network To Fully Utilize Google Fiber?
Here in Norway all electrical cables are installed inside plastic tubing, so you can pull out/replace them if you need to, with no need to tear down any walls. (BTW, we also do the same for water pipes: They are always installed as pipes-in-pipes, with a central drain point for the external pipes: This way any leak will be contained and you can fix it by pulling out the broken (usually due to freezing in winter) pipe and replace it.)
When we built a new home a few years ago I specified that the electricians should put in spare conduits between the main breaker room and every other room in the house, except bathrooms, this way I could pull whatever cable I would need.
PS. The sad part of the story is that the installation company had never done anything like this in a residential building before and they messed up badly, omitting the spare conduits to important locations like the living room/entertainment center. They ended up giving me a substantial rebate but I'm still a bit pissed off. :-(
The Frustrations of Supporting Users In Remote Offices
You are right, if it had been a pure Dos problem those would have worked, this probably means that the partition table was the victim, but I obviously don't remember all the details now. :-(
The Frustrations of Supporting Users In Remote Offices
Many, many years ago (1986 or so?) we had a branch oil exploration office in Iran, surveying new oil fields close to the border with Iraq.
Getting any kind of computer gear in or or out of the country was "difficult", and the best possible data connection was an extremely expensive 256 kbit/s satellite line.
One day I was told to help, over a bad phone line, a guy down in Teheran whose PcDos computer had crashed:
I was able to figure out that his crash had modified/overwritten the Boot Block on his hard drive, but that he did have a bootable Dos diskette available, so I sat for about 45 minutes on the phone, talking him through the DEBUG commands needed to load the boot block and manually modify it back to how it should have been, then write it back.
It worked on the first attempt. :-)
Soccer Superstar Plays With Very Low Brain Activity
When grading expertise on any given task/process, the top level ("Master") is usually defined to be when the person can not even explain how she is doing it, everything is automated to such a degree that "the solution was obvious".
Magnus Carlsen used to play even faster than he is doing these days, but he explains that this is not because to takes him longer to figure out the best possible moves, but because he has to take the time afterwards to do all the required calculations to confirm his instinctual choices.
He has also explained after some really complicated end games where he has kept on playing for small advantages, eventually turning "obvious draws" into wins, that "it was very easy, I just had to play the only possible move".
I believe the foot/leg motor skills of a Neymar is comparable to those of a world champion orienteer: The best orienteers can run cross-country, through rocks, stones, windfall & vegetation, while studying an incredibly detailed map in order to navigate, making it impossible to focus on the ground while looking at the map. This means that the actual broken field running must use a small amount of brain capacity, all the movements are fully automated.
I know that Petter Thoresen (former multiple world champion) once was told to do a training race in Germany while a champion Kenyan cross country runner would tail him to check his technique: Even while orienteering Petter could run fast enough that the x-c runner was dropped after less than a mile.
Laser Eye Surgery, Revisited 10 Years Later
This is exactly what I've been waiting for, even if this first version only supplies a single diopter of focal plane adjustment:
Since orienteering maps are _very_ detailed I normally require +2 or more bifocal glasses in order to see all the fine detail clearly.
There is also a potential problem with the size of the lens: The visual opening is smaller than a natural or fixed replacement lens so the problem with night vision would still be there.
OTOH, this also means that the research is ongoing, I'm hoping for even better options in a few years. :-)
Laser Eye Surgery, Revisited 10 Years Later
I normally run around 75 orienteering competitions every year, 15-20 of them during late fall/winter/early spring when we have very little daylight here in Norway.
This means that those races are all at night, using a LED headlamp to read the map and to the see the ground in front of me. Since I got old enough for presbyopia I have been forced to use either bifocal glasses or a single contact lens: The glasses work OK under dry daytime conditions, but with any kind of moisture in the air they quickly become useless. The single contact means that I can only see the map with my right eye and the terrain only with the left, while distance perception suffers.
When I asked about lasik I was told that with my need for maximum night vision I would probably be very bothered by halos/diffraction spikes, the alternative is to do a multi-focal lens replacement surgery:
This uses a lens with two or three focal points, i.e. distance/reading. Most people can learn to disregard the out of focus image and only "see" the sharp version, but since more than half the light is lost night vision suffers significantly.
I'm still hoping they will be able to develop a real elastic replacement lens, i.e. something that allows me to regain the childhood capability to focus anywhere from the tip of my nose to infinity, in the meantime I'll try to make do without surgery.
Geographic Segregation By Education
At least here in Norway this trend probably started even earlier, but we have a significantly larger proportion of dual-income university-educated couples. (This trend is supported by our one-year parents leave with pay, where the parents have to share this time, and by public kindergartens when the children are a little older.)
I suspect that a strong driver for this big city concentration is the fact that most couples meet sometime during their university studies, and when this switched from being men getting their MSc's meeting the girls from the nursing schools, to being men & women at the same university, they would have really strong incentives to try to settle in a city with a big enough employer base that both would have multiple job alternatives.
I.e. my wife & I have lived in Oslo for almost 30 years now, we have always had lots of employment options, while my youngest brother and his wife live in a far smaller town:
In their area it has significantly harder to locate alternate (and interesting) employment when bad times hit the company one of them worked at.
Exploiting Wildcards On Linux/Unix
The real bug here is the same as in SQL injection attacks: A failure to safely distinguish between program and data!
I.e. when doing chown usr:grp *.php, the wildcard globbing should escape any special letters, particularly including white space and wild card characters.
This is the same idea as when you use prepare(... ?,?) on any sql statement with replaceable parameters, then execute() with the relevant dynamic values.
Ask Slashdot: Where's the Most Unusual Place You've Written a Program From?
10 meter below the sea surface, inside one of the legs of a semi-submersible drilling platform in the North Sea in winter (Dec 1981).
About 98% relative humidity, 10+ C, water dripping everywhere, including a pulsing spigot from the 10 cm long crack we were down there monitoring.
We had lowered a full lab worth of expensive HP gear into that environment and I did on-site programming (digital signal analysis) on an 8-bit HP-87 microcomputer.
The software worked and all the gear survived, even if we had to unpack it from the shipping boxes in order throw a rope around each unit and first lower them and then afterwards pull them back up the narrow manhole inspection ladders.
Later in the same decade I wrote what might be the ultimate executable ascii generator while on a skiing vacation in a mountain log cabin (no computers, just a notebook and a hex dump of all the x86 16-bit opcodes.
My version ran using only the 70+ chars that MIME specifies as not needing any form of encoding.
It used the minimum possible amount of self-modification in the bootstrap loader ( a single two-byte backwards branch).
It survived most common forms of reformatting, i.e. changing line terminators from CRLF to just LF (unix) or just CR (Mac), or merging all lines in a paragraph into one.
Ask Slashdot: What Inspired You To Start Hacking?
I started at NTH (currently called NTNU) in Trondheim (Norway) in 1977, so my first-year programming class was in Fortran 2, hand-punched on 80-column cards.
I can still recall my sense of wonder when I realized (during the second lab exercise or so) that "I can make this computer do anything I like!".
My first ever extra-curricular program used modulo 1e10 arithmetic on a 36/72 bit machine in order to calculate pi with as many digits as I could manage within the 60 cpu seconds which was my maximum allotment.
Since then I've done an awful lot of hacking, but almost exclusively in the old meaning of the term.
Currently I'm playing around with hardware/software codesign on the Mill computer architecture, writing fast & efficient fp emulation for machine models without full hw fpu.
Why Scientists Are Still Using FORTRAN in 2014
Fortran has had "higher-order array operators" for _many_ years now (see FORTRAN 90), but even without this most Fortran code is written using simple iterative operations over arrays, with explicit multi-dimension indexing. This tends to make the auto-vectorizers job much simpler.
As the AC noted, Fortran has pretty much no aliasing issues at all, unless you go out of your way with COMMON blocks, this makes it far easier to optimize the code.
Ask Slashdot: What Tech Products Were Built To Last?
My Fluke multimeter which I got from my new boss the day I started my first job outside university back in 1984 (i.e. 30 years ago) is still working just as well as on the first day.
I have to replace the 9V battery every 5 (3-10?) years, but otherwise this little gem has survived everything, including several accidental drops, some from more than 2m height.
Really good stuff.
The portable Fluke digital oscilloscope (Scopemeterl 123) which I got 10+ years later is also working well, the only problem here is that it uses an old-style NiCd rechargeable battery which I've had to replace once. Fluke seems to be selling it still, under the 123/S name. :-)
Slashdot Asks: How Do You Pay Your Taxes?
For a large majority of Norwegian citizens the old nightmare of filling in the tax return has been reduced to a very simple scan:
Does the pre-filled tax return I got in the mail (or checked online at the government site using secure two-factor authentication) include everything it should, i.e. all income, bank statements, any funds/stock and/or debts? The answer is Yes for something like 70%+, in which case they can do nothing, or accept it via the online site or even using SMS.
My personal return can have some consulting fees on top of my normal salary, so I have to login and add an extra income item, then submit the updated return.
Total time spent is about an hour.
Ask Slashdot: Will Older Programmers Always Have a Harder Time Getting a Job?
I'm 56, should I be forced to retire?
Programming is still something I do more or less 7 days a week because I like it, not to get rich or just because I'm paid to do so. When I started out this was pretty much the only way you could get into programming, i.e. my (technical) university didn't even offer an IT degree when I started there.
I've been programming since the seventies, I have written MBs of source code in many languages, but of course I'm getting about a year older every year. :-)
The main difference between today and 25-30 years ago is probably that now I'll spend a bit more time up front thinking about the problem _before_ I sit down to write the code. I've taken part in 3 of the 4 Facebook Hacker Cups that have been held so far and I've noticed that I get into trouble in the later rounds when time pressure becomes critical, but I like to think that I'm still coming up with good solutions even if it takes me more than 30-40 minutes to do so.
The international competitions that I've won have been for the fastest possible code but with some weeks to deliver the solution.
DDoS Larger Than the Spamhaus Attack Strikes US and Europe
I've been a member of the NTP Hackers team for more than a decade, the mechanism that is being abused for these attacks is in fact a very useful debugging/monitoring facility:
You can ask an ntpd server about how many clients it has and how often each of them have been accessing the server. On old/stable ntpd versions this facility was accessed using a single pure UDP packet (ntpdc -c monlist), and in reply you got back information about up to 602 clients (the size of the monlist buffer), sent as a big burst of UPD packets.
Researchers have developed maps of the entire publicly accessible NTP networks using this facility, I have personally used it to map the status of our fairly big corporate network. I.e. it can be extremely useful!
A few years ago the development version of ntpd switched to a different protocol and method to query this information, using a nonce which meant that you can no longer spoof the source address: (ntpq -c mrulist). Since the mrulist buffer is configurable, I have setup my public ipv6 pool server (ntp2.tmsw.no [2001:16d8:ee97::1]) to keep monitoring info for the last 10K clients.
Today we recommend that you either upgrade to ntpd v2.4.7, or if you really cannot do this, insert a 'restrict default noquery' option in the ntp.conf configuration file. The 'noquery' indicates that clients can still use the server for regular time requests, but the monitoring facility is disabled.
Dead Reckoning For Your Car Eliminates GPS Dead Zones
All car navigation systems pretty much required this when the GPS system was still hobbled by the ~100m uncertainty caused by Selective Availability. (Ended by Clinton in May 2000).
The implementation is actually quite trivial: One sensor on each front wheel gives you two revolution counters (odometers).
Distance traveled is proportional to the sum of the two counters, while the difference in counts is proportional to how much you have turned.
As long as you have GPS reception you can use that to calibrate the odometers, so that differences in tire type & pressure is automatically compensated for.
Using a barometer you can do the same for altitude, automatically compensating for changes in local air pressure.
Nobel Prize Winning Economist: Legalize Sale of Human Organs
Thanks for posting, I was going to mention Niven's entire ARM series as required reading for _anyone_ who want to debate the relative merits of various forms of organ donation/transfer.
I registered as a blood donor on my 18th birthday, my bone marrow profile has been in the data banks for a couple of decades (but with no harvest requests so far), and if I should ever suffer from a fatal accident my next of kins have all been informed that I would like as many of my organs to be reused as possible.