Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Here's Why Apple Rejected Your iOS App

Twillerror alternative store (145 comments)

None of this would be an issue if Apple would allow for alternative stores. Even these could be filtered to some point.

Apple can run their store however they want, but having to jailbreak my phone to install a competitor to iTunes seems like anti competitive behavior.

about 3 months ago

Employers Worried About Critical Thinking Skills

Twillerror teachers teaching teachers (553 comments)

My problem with school is it always felt like teaching too abstractly. A certain level is good and I do want people to learn to innovative, but I do not think there is enough application.

Don't teach calculus, teach engineering. I feel like i spent months doing super complex math that I wouldn't even use as a rocket scientist. I would have loved to predict planetary motion than solving random math problems for hours and hours only to never use those skills.

The real world is generally open book. If I forget how to solve an equation I look up a solution on the internet or even my old math text books. I think if kids learn how to solve problems vs solving problems we'd be in a better place. I'd rather just give kids a problem and help them solve it vs give them a predefined example and make them solve it correctly the first time or get an F.

about 3 months ago

Confidence Shaken In Open Source Security Idealism

Twillerror can we even discuss this yet? (265 comments)

I don't really feel like the open source community is "ready" to talk about what security means.

It's nice that communities found these issues, but if I was in organized crime I'd be not only following this, but looking for exploits. Which should be a lot easier given the code. Looking for lesser projects vs even the big boys and going after that.

Do a search for "QA" in open source and the results are a little eye opening...in that you won't see much. I think in general open source projects need to actively find help and have their code scanned and analyzed more.

I believe open source can be far more secure and possibly already is, but just flat out denials of any issues in our communities is just being complacent.

Open source has security issues does not equal go back to closed source, but it does mean we have work to do to get better.

about 3 months ago

Password Security: Why the Horse Battery Staple Is Not Correct

Twillerror two form (549 comments)

Two form authentication is the real solution. Given enough time and computing people will break your hashed password. Heck with the oncoming quantum computers who knows if they will be secure at all.

Oh and heres an idea. Why don't we do a much better job of protecting the hashes in the first place. Encrypted the hash so a simple sql inject only returns even harder to see data. Put the data in another table. Use a stored procedures ( I know *GASP* ) to only allow one password hash to be retrieved at once. Use database schema permissions ( if available ) to make select password_hashed from hashes not allowed by the front end server.

I think honestly we hashed the password and then rubbed our hands together and patted each other on the back.

about 3 months ago

You Got Your Windows In My Linux

Twillerror create abstraction (613 comments)

I often wonder why the community does not create more tools that abstract away the differences as much as possible.

Every distro has it's package manager and with it different syntax. Imaging if you had a tool like "install-it mysql" which on Ubuntu goes to apt-get install, or pacman's syntax, or yum or whatever.

The thing I mostly worry about is packages. Say what you will about Windows and Mac, but developing an app for them generally has a limited set of ways. There is only one way to do services in Windows, etc.

It is hard to get say Webcam apps to get ported to Linux because the poor devs have to figure out webcams in 10 different distros. Everyone in the boards say "ubuntu 14 +1", .... no no Arch first!!! and so on. Should it matter as much app to app? Shouldn't distros at least have some level of uniformity...a layer of it.

about 5 months ago

Linus Torvalds: 'I Still Want the Desktop'

Twillerror Re:Apple as a model (727 comments)

If slashdot allowed for +1ing I would.

I would go further and say that both Apple and MS have some standard libraries at their core. Imagine trying to write a WebCam based app for Linux. For OSX or Windows you'd do a search and get pretty standard answer. For linux you'd get a ton of links to different libraries at different levels.

In general developing an app for OSX is way easier than for X. Yah most things are just webapss these days, but not everything. Which is why Chromebooks haven't totally take off. If Chromebooks had MS Office, Photoshop and a few other installed apps ( free or otherwise ) I think it would have more success. I mean why can't I installed Eclipse, Sublimetext, a Shell on a Chromebook....if I could we would have a Linux desktop technically.

about 5 months ago

Linus Torvalds: 'I Still Want the Desktop'

Twillerror The start a hardware company (727 comments)

At this point I think you would need to manage the device from start to finish.

Basically put out limited line like Apple. Use high quality and standard chipset. I mean like a good ethernet chip, a good sound card, etc. With a standard build it is way easier to test your OS and make sure everything functions on your various models.

From there take Gnome or KDE and fork it. Go the Linux Mint Gnome route. If you are a company you can just decide how things work. Macs work one way, Windows another, but for the most part they work the way their company's wants to. That standard is what makes them popular, even amongst developer types and the kind of people that go to OSCon.

Then get a good testing community going. Make sure it works with printers. Make sure it works with projectors, make sure it works with dual monitors, make sure it works with the keyboards.

Come out with your own damn keyboards and mice.

Make the upgrade process simple, straightfoward, and automated. Certainly use a package manager, but hide it away.

The community might be able to take it and abstract, but given the linux community they would just tweak it to the point where it isn't as "beautiful".

Ubuntu tried and failed many of things. I think mostly because the people who generally run linux do so because they want to.

The difference here is that someone will walk into best buy, login to amazon, or your own site, maybe a dedicated store (think apple store) and walk out with a device that runs an OS which happens Linux...not buy some hardware and "try" to get linux working on it.

I don't think HP, Dell, etc have any interest in this and so someone needs to start it. Maybe we can leverage open hardware, maybe not, but I think we need to replicate the Apple model.

From there the hard part. Get the gaming community behind you, get Office to run on it...I mean the real Office, and keep going to get the world to treat your product with respect.

about 5 months ago

Researchers Hack Gmail With 92 Percent Success Rate

Twillerror No, hackers hacked Android apps via malware (87 comments)

They hacked Chase, Amazon, and a few other apps as well.

This has very little do to with GMail and more to do with a novel way to attack GUI based apps on the Android platform. By chance GMail had one of the highest success rates.

This would be like getting keylogging malware installed on your computer and then getting your your slashdot password compromised by reading keystrokes...and then saying Slashdot got hacked. No you computer go hacked, not Slashdot.

It also seems as GMail app gets updated it's rate might vary since this has to do with "guessing" what an app is doing by looking at system metrics.

about 5 months ago

How To FIx Healthcare.gov: Go Open-Source!

Twillerror Healthcare.gov is not Facebook (307 comments)

Am I the only one that thinks things have gotten a bit hyperbolic. I hear a lot of non technical people talking about how "bad" the architecture is.

This is a new product and has more users a few weeks in then most of the big boys had in over a year.

We are not selling a iPhone or a plane ticket here. This is a complex infrastructure with lots of back end interactions. The front end is fairly modern. They haven't gotten around to minimizing and consolidating the JS files, but that will come I'm sure.

I've gotten through the sign up process, they added some stuff to do some ad-hoc shopping. I've seen much more dragging of feet by supposed enterprise players. What are we 20 days into this enormous platform? Most of the people complaining don't even need the damn thing because they already have insurance.

At the end of the day the exchanges are not even selling insurance. Insurance companies are doing that. It's like using googles shopping feature. Ultimately the insurance company is Amazon.com. If you need the insurance you'll go directly to the person selling it. Hell we probably should have started with the exchanges being nothing more than a fancy craigslist.

People who need insurance because they are sick or scared will get it. They will get the subsidies etc. The vast majority of these so called "healthy young" are just declining insurance through there employers. They just have to fill out a bunch of paper work with their HR department.

At the end of the day healthcare.gov is something to help people get insurance. The subsides and the new rules are what will get it for them.

about a year ago

With Microsoft Office on Android, Has Linus Torvalds Won?

Twillerror MS knows exactly what THEIR core customers want (365 comments)

"Since Microsoft has a very vague idea of what users want" ... BS

Do you own a truck? If you don't and don't want one you wouldn't tell Ford and Ram(Dodge) what they should put in their trucks.

Excel is the Grep\AWK\Sed of the enterprise\business world. Not all of it, but a large percentage. The fact of the matter is there is a whole lot in your life that was built with the assistance of Word, Excel, and hell even PowerPoint. You think the construction company that built the building your in uses VIM to manage there shit.

Slashdot in general does not get this. I'm sure there are plenty of desktop support guys on here who do. Google docs is great an I use them all the time, but it's a tinker toy to some of the more advanced features in Excel that most people haven't even heard of.

Throw together a pivot table with a slicer and then see me in the morning. Take a look at stock symbol DATA for tableu...there is a world outside of compilers, web servers, and VIM people.

You can't tell me you haven't heard a iPad guy tell you he wishes he had Excel on there.

MS has done okay with the XBox. I think the phone and tablet is a catch 22 for them. If they don't do it people will wonder why. If they do people will wonder why.

about a year and a half ago

Full-Size Remote Control Cars

Twillerror truckers (91 comments)

I wouldn't be surprised if UPS would be interested. Trucker gets tired just hand off. No more potty breaks etc.

I'm interested in the security and reliability of the connection. Cloud cover, overpasses, etc etc. Although I suppose you could combine a little auto driving in there like auto breaking and dealing with being cutoff. I don't think you could react fast enough remotely...plus if you wrecked the impact is less for you so you might get lazy.

about a year and a half ago

Microsoft Will Have To Rename SkyDrive

Twillerror should they have won? (274 comments)

I know we all hate MS here, but doesn't it worry you that you can't have a product name with the word Sky in it.

I mean if MS renamed themselves to SkySoft or something maybe...and even then...

Seems like we just gave this company a bunch of free publicity that wasn't actually being harmed. Was anyone confused by the names?

about a year and a half ago

Anonymous Source Claims Feds Demand Private SSL Keys From Web Services

Twillerror verisign or godaddy (276 comments)

Have they been asked? Do they keep a copy?

about a year and a half ago

The Pentagon's Seven Million Lines of Cobol

Twillerror use paycor\adp (345 comments)

Regardless of your political leanings this is a job that the private sector could handle way way better. It is super hard to create a good software shop...let alone being the military.

We use paycor and we have good to great IT in general. We could program a pay app, but why the hell would we? Is pay schedule really that complicated....if it is why not simplify it...a great opportunity for reform.

about a year and a half ago

The Smart Grid Has Arrived

Twillerror cnbc asked a bunch of kids (121 comments)

CNBC asked a bunch of kids if they wanted glasses or least wanted to try them. Some CNET guy was there.

All the little kiddies raised there hands. Then told it was 1500 bucks they lowered them.

I think cost is its biggest problem. Everyone who sees the videos thinks it is cool..everyone will use them why they drive or walk around town. They will probably take them off when they sit down at the bar.

about a year and a half ago

Researchers Analyze Twitter To Find Happiest Parts of the United States

Twillerror depression pills (160 comments)

Seems like an easier data set to parse and a bit more truthful. You can tweet how happy you are, but at the end of the day your taking pills for depression your are not(of course excluding certain medical conditions). L.A. and other areas might be exposed for people seeming to be happy, but ultimately not.

about 2 years ago

Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Twillerror Re:buffer overflows (208 comments)

would a secondary dedicated IP stack work. Hardware wise could we tell the CPU that a byte or range is where stack is and fault if its written twice...write once or clear.

about 2 years ago

Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Twillerror buffer overflows (208 comments)

Are we ever going to fix the real issue? You generally use one to start horking the stack and then get the CPU to jump to some address. Then these protections come into play.

I get the feeling people have just given up versus trying to change compilers and hardware to protect the stack. I should be able to keep writing into an unprotected char array and never come close to some instruction pointer shouldn't I. Is it too much to demand?

about 2 years ago

Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates

Twillerror small set of ips (88 comments)

So the tech note mentions that this is only accessible from a small subset of ips...WHAT IPS!!!!!!

At least it doesn't sound like a zero day so we have time to get it patched. Since we block the management ips from our firewall it sounds like this would only effect attacks from within your network.

about 2 years ago



Are techies piracy tone deaf?

Twillerror Twillerror writes  |  more than 2 years ago

Twillerror (536681) writes "Over the last few weeks a flood of SOPA related articles have been on slashdot. One common theme in comments is that piracy is not a problem at all. Using piracy as way to improve sales is modded up way over any suggestion that people are stealing regardless of lost sales or not. Is part of the problem here that techies are in denial that there is an issue that needs solving in the first place?"

Is blocking ads piracy?

Twillerror Twillerror writes  |  more than 4 years ago

Twillerror (536681) writes "As a web developer I'm a little put off by the success of browser plugins like AdBlock that modify the content of pages and remove ads. I like site like Slashdot and I'm perfectly fine looking at an ad or two since the content is free. I think I learned of a few products as well. One rationalization is to remove flash ads that slow your computer, but if the site is free the appropriate option in my opinion is to not visit the offending site.If the site is funded via ads by removing them you might as well be stealing it. What does Slashdot think?"

MS Licensing gets worse

Twillerror Twillerror writes  |  about 5 years ago

Twillerror (536681) writes "RedmondMag reports on problems with the new new Volume licensing site that MS has recently launched. As someone who has used this system it has to be in the top 5 worst major sites I've ever used. I'm not as big of anit-MS guy as the normal Slashdot reader, but licensing in MS I think is clearly "just bad". Cost is debatable, but CALs are just confusing and hard to implement. At what point will MS just drop CALs and start charging reasonable fees for Exchange Server, Active Directory access, File server access and the like. I think people will pay for Windows Server 2008, but when you have to upgrade all your existing 2003 CALs it makes the adoption to hard. Why should I have to pay extra for a copy of windows to hit a file server...when will MS make enough off SMB? Will the site problems finally nudge MS to revamp their licensing approach?"
Link to Original Source

Anyone running really old Linux versions?

Twillerror Twillerror writes  |  more than 5 years ago

Twillerror writes "The other day I heard a story/myth about nuclear plants running VMWare to emulate Windows 95 systems. I guess the software would only run on Win95 and getting new hardware to run Win95 can be hard.

Got me thinking about Linux and older versions of it. Is anyone running much older versions of the kernel in production like situations or maybe just for fun?"

Why must Linux be case sensitive?

Twillerror Twillerror writes  |  more than 5 years ago

Twillerror (536681) writes "Recently I got an orginally Windows developed web based application up and running on Linux by using JFS without case sentivity. Code referenced files in a case insentive fashion(not ideal I know). Which got me thinking about the merits of both approaches.

This question also seems to have a lot of emotion behind it from the *nix community which confuses me. I can't for the life of me understand why you would want a directory with both text.txt and Test.txt in it. I like the fact that most OSs keep the fact that it is Test.txt, and don't store test.txt, but that is where it stops. Many of the conversations I see out there bring programming languages into the mix which I think is seperate. Also, I've seen misguided posts that say Linux can do "ls -a" and "ls -A" which has nothing to do with this as well.

Can we have an honest discussion about exactly what would break on Linux and why are worlds would stop functioning? I get the consistency argument, but can't that be implemented at the programming languaging or script processing level(determined by that community) and not at the OS level? If you dont' want bash to execute "LS" and only execute "ls" is that for bash to decide and not ext3? I'm also concerned about interoperability."

Could the browser just be a VM?

Twillerror Twillerror writes  |  more than 6 years ago

Twillerror (536681) writes "I've been a backend web developer for many years. Recently though I've been doing more HTML, CSS, DOM writing...more of the GUI end of things. I've come to the conclusion that HTML sucks, but its the path of least resitance and so gets the most attention. People are willing to work for hours just to get things to align correctly and work in the all browsers. I can't count how many times I've discovered some weird DOM parsing bug in both IE and/or Mozzila causing some JS toolkit to fail.

Working with Flex (Flash based applications) I was mostly pleased with how much easier it was to get a good looking application and how much and more reliable it was. It was actually compiled!. It was more like your traditional GUI API where you have containers and components. You have real input forms, trees, tables, etc. You want an input that only accepts numbers...a few characters. In general a better toolkit for laying out a desktop like application. The three biggest problems I see are that A) it is not open/standard, B) it tends to get abused for things like ads and other annoying things, and C) the embed or object tags are annoying and trying to get things to play nice inside of HTML is just bad.

I'm not pushing Flash, but I'm pushing for a more Flash like future. Suppose we had an open source Flash...there would be a mute button in the options so that no ad would ever be able to play sound without your approval. We might have a standard format and compiler..etc...etc. Web apps could be deployed in a mostly binary format without the need for a slow and complex parser.

My main point is that HTML is for content. It is really good for storing this submission or a slashdot comment, but when it comes to doing a full fletched application it falls short. Google's GMAIL has so much Javascript it's not even funny and regardless of the browser I've had bug after bug with it after it ran for a while. What GMail and other internet apps do right is mix server side power with a desktop like application. Imagine if Outlook just displayed email and a whole cluster of Exchange servers did the searching and sorting as good as Google does.

What I'd like to propose is that W3C rethink the problem and make the browser a "JVM like" application. Expose an API which allows an engine to draw graphics, save files to disk, send an email, open a socket, etc. Then have plugins that could do whatever we need. Then HTML 4 could be a plugin and HTML 5 could be a plugin. We won't have some ultra complex browser that has to parse HTML 1-5 and all the various quirks mode and crap. Then Flex\Flash can run in there as well as some open source alternative. These plugins can then register with the main browsers through some sort of approval process. So Firefox would just auto download whatever engine they needed and we would have a trusted list of applications.

Ultimately I think a standard as complex and large as HTML is just not feasible. The W3C has to please to many people...the content people and application people. Javascript is a cool little language, but we can't be limited to just it...and we can't be limited to just an HTML web. This is why the iPhone and many others have a Google Maps app and you don't just browse to Google Maps. Imagine if you hit Google Apps and it downloaded a Google made plugin that ran the living crap out of their apps."

Proactive security

Twillerror Twillerror writes  |  more than 6 years ago

Twillerror (536681) writes "It seems like almost every day some site is hacked or another exploit is found in an application. The theme is usually the same. A buffer overflow, XSS attack or SQL Injection. The standard solutions then follow. Either check the array length, validate the input, or strip bad tags or attributes. All of which are reactive.

The NX bit(Wikipedia) is a step in the right direction. Should we not be focusing more on similar solutions that prevent or eliminate the problem.

For instance on the SQL front imagine having your SQL statements start with a security line. An example might be...
allow select : users; expected rowcount <= 1;

select username, password from users where login = '%form.login%'

The developer could specify what his/her statement is intended to do. The SQL engine could easily detect if it tries something else and refuse to run it, or better yet silently reject the invalid part of the statement and alert the application.

For XSS attacks imagine if the browser added a "noscript" attribute to DIV tags. Anything inside those tags could not execute javascript. A way to wrap user submitted content. If the browser detected the script it could actually throw a warning to the user. Taking it one step further the browser might be able to report this error back to the web server to alert them of the problem.

What else could we do to be more proactive about security in the programming languages themselves?"

Twillerror Twillerror writes  |  more than 8 years ago

Twillerror writes "After reading the article on slashdot concering bands refusing iTunes I was reminded about what I consider to be digital music's biggest flaw. This to me is the lack of a standardized album file. Imagine an MP3 or Ogg that had a bit of XML stuck onto it's header of footer. This had the normal ID3 Tag information, but also had a list of tracks and start\offset times.

If say WinAmp and other players knew of this format, they could make the list of songs collapsable, and make them part of a randomizer. Imagine that you could say, play two songs off each random album I choose.

This to me is why iTunes has done better as a player, because of it's organizational skills. On the other hand, I think that ultimately if all the tracks are not in one binary file that they will get broken up. Also, backup would be far faster for people who only scanned in albums.

Yes sometimes I'd rather just get a track off an album, but most of the time I'd rather get the whole thing. Mostly because most of the bands I listen to might actually do care about their albums...mostly. This is a personal opinion, but I that almost everyone out there has listened to a great album in it's entirity and would like it stuck together."



Mother of Computing

Twillerror Twillerror writes  |  more than 10 years ago

This women invented the compiler, if such a thing can be "invented".


Slashdot Login

Need an Account?

Forgot your password?