Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

ISIS Bans Math and Social Studies For Children

Unordained Grain of salt (973 comments)

Can we get verification on this? The CNN story doesn't so much as contain a picture of the flier, let alone corroboration that these were really distributed by ISIS. Is this like how, a few weeks ago, they were incorrectly accused of performing FGM? If this one is accurate, we should be able to get some evidence, if not necessarily proof...

about two weeks ago
top

Web Trolls Winning As Incivility Increases

Unordained Re:Bullshit (457 comments)

You might want to read more of her stuff before you dismiss her. She's primarily using the analysis of trolls, as examples of bad behavior, to study what our culture considers good behavior, and the boundaries thereof. She asks questions like "why is it okay for Fox News to sensationalize tragic events for their own profit, but not okay for a troll to amuse himself doing the same?", or "what are the boundaries between dialogue, critique, trolling, and harassment?" She treats trolls as a symptom of a culture that permits (and sometimes encourages) the behavior. Not because we're "bad" as a culture, but because sometimes our values and attributes (free speech, devil's advocate, macho, narcissism, etc.) sometimes intersect in odd ways. I've not seen her claim that things are now worse than ever before, nor that anonymity has anything to do with it, nor that "online"-ness is even particularly important -- this is just an entry-point to a wider field of study about cultural norms and how/when we break/bend them.

about a month and a half ago
top

Ask Slashdot: "Real" Computer Scientists vs. Modern Curriculum?

Unordained Yes, but no (637 comments)

I've recently watched my wife (C++ environment) deal with a new-grad (Java-based education.) It's true that pointers are a sticking point -- in the process of being taught Java, they get taught that pointers are bad and dangerous (all hail Java for solving the problem,) and can be made only barely tolerable by using auto_ptr, but really should just be avoided. Yeah, it's a problem, sure.

But the bigger problem we have with new-grads and junior-devs, in general, is the same problem you'd have in any field: they're green. They don't test well, or at all. They don't think designs through. They don't communicate well. They ask too many questions, or maybe worse, they ask too few. They try to fix things that aren't broken. They're bad at estimating task sizes (admittedly, people rarely get much better at that even after decades.) In an attempt to not suck, they reach out for best-practices and apply them zealously and inappropriately. They can't imagine how things will fail, or be abused. They spend too much time fixing small problems, and not enough time fixing big ones. And maybe worst of all, they're under the illusion that what they learned in school ought to prepare them for the workforce, when really it just gets their foot in the door.

We, as their seniors, are the ones that should be spending the time fixing their misconceptions, fleshing our their education, filling their minds with the horrors we've seen, and setting up their work habits. When they fail, it's because we fail to do these things, usually because we brought them in too late in a project, gave them too much responsibility, and are fighting a deadline. So we "just fix it" for them, and they don't learn from the experience, while we gain nothing in terms of productivity from having them.

But if I were to nitpick their education? Databases. Recent grads have little or no understanding of relational databases. Their thinking on organizing data, in general, is fuzzy at best, which impacts more than just database code, it impacts class and API designs, often crippling whole features with incorrect cardinality. It deserves more attention in school. The rest, we can fix in production. =)

about 2 months ago
top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

Unordained Re:Wait, wait... (132 comments)

http://www.wired.com/2014/04/o...

We can still break into the systems we "need" to break into, without keeping a full hand of all possible vulnerabilities. To reduce our overall exposure to risk, it makes sense to disclose most of these to vendors for patching, maybe some with a delay. Our government can buy up vulnerabilities from Exodus, then release them -- Exodus gets paid, we get somewhat better security all around, and the NSA gets a few last holes to work with.

about 2 months ago
top

Facebook Lets Users Opt Out of Targeted Ads

Unordained Re:opt-out of untargeted ads (97 comments)

Competition. Invisible Hand. Selective pressure from consumers who don't want a site with 80% screen real-estate devoted to ads, and subconsciously choose to spend their time on sites with (for whatever reason) fewer, better ads.
There are obviously limits and pressures already at play, or every site would be nothing but a wall of ads, because "more profit."

about 4 months ago
top

Facebook Lets Users Opt Out of Targeted Ads

Unordained opt-out of untargeted ads (97 comments)

I'd like to opt out of the untargeted ads. I don't so much mind relevant, possibly-useful advertising -- I don't feel like it wastes my time so much, or even, in a way, creepily insinuates I would be interested in things I'm totally not. As long as the targeted advertising is done right, I'd rather have it. The more accurate such advertising gets, the more value-per-print it can generate, and therefore the less overall advertising will be required to sustain the "free" services we use. One well-chosen ad is worth dozens of spammy ones.

Or ... could we get the big advertising systems to allow us to pay them, centrally, to remove ads across all the sites they print on? And have them just forward a portion of the money to the sites themselves, just as they would have paid them to print an equivalent number of ads, while serving me nothing but 1px placeholders?

about 4 months ago
top

The Sudden Policy Change In Truecrypt Explained

Unordained Re:Speculation (475 comments)

And other people are trying to resurrect/fork it, trying to get all the legal ducks in a row to meet the requirements of the license.

I've been curious how the original anonymous developers would be able to enforce the terms of their previous license ... even if they had some means of proving in court that they really were who they claimed to be, and had the right to sue, they would lose their anonymity in the process, which is of some value to them.

The anonymity of the developers is a double-edged sword, in this kind of product. It temporarily makes it harder for intelligence agencies (or organized crime) to put pressure on them, but long-term, is it worthwhile? Either their identities will be found out and used against them, or their continued anonymity will be used against the project by at least casting down on the trustworthiness of the project. Ownership of crypto keys (software signing keys) is a pretty good stand-in for identity, except that our laws don't have the same respect for them as for other cases of identity-theft -- they're "just data", to be handed over, and possibly abused.

(Doubting the usefulness of anonymity in no way endorses the likes of Microsoft, and their line that having an established identity entrains reputation, and the desire to protect said reputation in turn guarantees trustable software. At least with TC we have source, and a hopefully independent audit, and that's perhaps the most important piece in the end.)

about 4 months ago
top

Google Starts Blocking Extensions Not In the Chrome Web Store

Unordained Re:Firefox FTW! (225 comments)

Ugh. I'm one of those developers who would be affected, as I have custom FF extensions deployed for a mid-size client. We don't use the "Enterprise" FF though. I suppose we might have to switch, and deploy FF updates differently, just to keep the ability to run extensions (that have no business being uploaded to anyone's store, as they're entirely site-specific.)

about 4 months ago
top

Really, Why Are Smartphones Still Tied To Contracts?

Unordained first-mover (482 comments)

I worked as a programmer for the sales & marketing arm of a cell company, 6 years ago. It was quite clearly stated (internally) that they wanted to get out of the subsidy business, but they couldn't. They were too small to take the risk of being the first or only to do so in their market. So long as other carriers were offering subsidies with their contracts, making the move would be suicidal. We probably weren't the only company in that situation, but unless you could come to some grand bargain, nobody was going to move first.

about 4 months ago
top

Heartbleed Sparks 'Responsible' Disclosure Debate

Unordained Re:Yes, that was handled badly (188 comments)

So does that mean you're suggesting the safest course would be to:
    (a) tell everyone to shutdown ALL OpenSSL-backed services, urgently.
    (b) after 1 day, tell everyone they can bring their 0.9.8 services back online.
    (c) after 1 day, tell the remainder that it's okay to come back online, with heartbeat disabled.
    (d) have the patch ready for distribution around this time.
?

I agree with the caution. TBD:
    (1) there's the risk that telling admins to shut everything down, all versions, without telling them why, will cause them to ignore the notice
    (2) while these services are shutdown, what will admins do instead? will they use insecure services because "the show must go on"?

about 5 months ago
top

Heartbleed Sparks 'Responsible' Disclosure Debate

Unordained Re:Yes, that was handled badly (188 comments)

Yes. You don't have to notify people of the exact flaw and how it can be exploited, to help them protect themselves while waiting for a patch. The immediate response should have been to tell people to disable heartbeat, or barring that, shutdown their affected systems. Yes, it would suck, but since you don't know for sure that the exploit is known only to the researchers, you should assume it's in the wild, and this is the only safe thing to do in the interim. (Could this be used as a form of DoS? Sure, if sysadmins get used to wholly shutting down services anytime there's a warning from anyone, or if the partial shutdown of one service in fact makes another service less secure. TBD.)

All this discussion of disclosing to OpenSSL first, letting them patch, giving distros time to get updates ready ... ignores that the moment OpenSSL goes to fix the bug, the patches are public. Attackers waiting to see a flaw in OpenSSL would be monitoring version-control regularly, to see if any given patch looked interesting. While your distros are being quietly told to get updates ready, the attackers are analyzing the patch to see what kind of bug you fixed, knowing that, because there's radio silence, sites are vulnerable.

Making a big stink about it is the only way to make sure sites actually get updated, anyway. Distros and whatnot having updates available does not get those updates installed. We don't have auto-update on any servers. As was discussed recently, many sysadmins have to submit patches to change-control boards for approval, and if there's not a furor over the issue, there's no emergency approval.

So:
    (a) a blitz identifying only the versions affected and what to do about it,
    (b) a patch release sufficiently delayed to give end-users a chance to shutdown affected services,
    (c) a blitz about the availability of the update, which people will care about more because they've already had to take action to protect themselves, and are possibly sitting in a shutdown state.

about 5 months ago
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

Unordained Re:To Crypt or Not To Crypt (171 comments)

Not only does TC do a poor job protecting my data, but when an attacker does manage to guess a user's low-entropy password, he can then try that password all over the place to see where else the user has used it

That's not at all unique to TrueCrypt. If someone guesses a user's password, it's the user's fault they used the same password elsewhere.

Password-strengthening before encryption is not the same as salting & hashing passwords for later authentication, where rainbow tables and "guessing" a password makes sense -- we're not talking about storing the resulting strengthened password where it could directly attacked ... unless, maybe, perhaps you're trying to say this is stored in-memory while the system is running, and that's the kind of attack you're trying to describe? I don't see why the strengthened password would even need to be kept in memory once it's used to unlock the real keys, which TC will need at runtime for crypto. Having to re-fetch the real keys based on the password at every i/o would be prohibitively expensive.

about 5 months ago
top

Adaptation From Flash Boys Offers Inside Look at High-Frequency Trading

Unordained Re:day trader loses to second traders (246 comments)

I mostly agree with you, although the article does also mention the murkiness surrounding the "dark pools" that banks run your order through first, where they could have the opportunity to trade against you, before forwarding to exchanges. The big exchanges might be vulnerable only to the multi-exchange exploit that is the meat of this article, but the "dark pools" are implied to have their own, different shadiness going on. Sadly, this piece doesn't explore that enough -- possibly because insufficient light has been shed on the issue to date. Investigations are in order.

about 6 months ago
top

Court Rules Against Online Anonymity

Unordained Re:Appropriate Supreme Court Quote (314 comments)

Defamation laws, as far as I see, only cover the negatives, not the positives. You can have all the fake praise you like, as long as there's no fake complaint. Statements of "our service is great" are not the same as "my experience was terrible" -- there's an expectation that vague statements from a company may be misleading (bluster) while not really wrong in a verifiable sense, but with specific customer stories, we expect them to be accurate, fact-based. Ads may use actors, but they generally have fine-print identifying them as interpretations of, re-enactments of, or syntheses of multiple, actual customer letters.

about 9 months ago
top

Court Rules Against Online Anonymity

Unordained Re:Appropriate Supreme Court Quote (314 comments)

Whether the reviews are true or not may very well depend on the identity of the supposed reviewer. If it's in the form of "they destroyed my carpet", the cleaning service could either try to prove that this has not happened to any customers ever, or that this review did not come from a customer to whom it actually happened. If it's not a real customer, then it's probably a competitor, and at that point, it's very much libel -- purposefully spreading lies for the purpose of damaging someone else's reputation. Reviews like this really do matter to a small business. If they reveal the identities and discover it was a real customer and a real experience, there's nothing legally they could do to remove it, because it wouldn't be libel, and would be protected. But they also can't do anything about it now, until they prove it's false, which requires them to reveal identities.

The alternate solution might be for all review systems to say "this review is anonymous [better: not a verified identity], so the person being reviewed really has no opportunity to face his accuser, so you should take this with a really big grain of salt". And maybe not even count it in the averaged star-rating. And then you've just killed their business model, because the identity/registration stuff is such a hurdle.

about 9 months ago
top

23-Year-Old X11 Server Security Vulnerability Discovered

Unordained Re:scary (213 comments)

Amazing that when they run this kind of automated tool on a project of this importance and breadth, this is ... the only vulnerability it found?

This doesn't invalidate "many eyes" at all (as some are claiming here) -- the fact that a bunch of reviewers didn't find this one bug is unfortunate, but if "many eyes" had really failed, I would have expected automation to find dozens or hundreds of bugs.

about 9 months ago
top

BBC: Amazon Workers Face "Increased Risk of Mental Illness"

Unordained Re:Amazon brutal, but not a convenient liberal cau (321 comments)

Really? Because I'm pretty sure the standard conservative argument is that if you create an obstacle, people will always "find a way", and in fact you should purposefully do so. Don't give them food or shelter, and they'll magically educate and empower themselves.

about 10 months ago
top

BBC: Amazon Workers Face "Increased Risk of Mental Illness"

Unordained Re:Amazon brutal, but not a convenient liberal cau (321 comments)

Yes, it's really amazing we haven't yet declared ourselves mentally ill, for putting people first. I mean, really -- minimum wages? Food and shelter? Safety regulations? Non-discrimination in the workplace? Civil rights? Healthcare? Are we nuts?!?

about 10 months ago
top

NYT: Healthcare.gov Project Chaos Due Partly To Unorthodox Database Choice

Unordained Re:follow the money (334 comments)

I have no problem with the idea of the ACA being a first step in a long series toward single-payer healthcare. I doubt it'll happen, because it's too controversial and it wouldn't make sense to risk everything when we've gotten this far. But hey, maybe. And I don't mind, either. There's nothing scary about it.

But I do have a problem with the idea that making a non-functioning healthcare.gov was all part of a master-plan. I do love how we can have two narratives: that the administration is so incompetent they would allow something like this to happen, OR, it's all part of their super-genius plan to take us to medicare-for-all but LOOK like bumbling idiots along the way. That anyone should pick the latter concerns me greatly.

So, to put a timeline to your prediction: how long should we wait to see if the healthcare.gov failure was really just a front to take us to single-payer "as the fix"? 6 months? Because any longer than that, and they wouldn't be able to keep the supposed charade up, they'd have to fix the site or implement single-payer. If your answer is on the order of 10 years, then you're talking about an entirely different political game, not about healthcare.gov.

about 10 months ago

Submissions

top

Firebird 2.1 Released

Unordained Unordained writes  |  more than 6 years ago

unordained (262962) writes "Firebird 2.1 was released today. The open-source, cross-platform, free (even for commercial use) relational database product now features database triggers (such as on-commit), derived tables (".. from (select ...)"), common table expressions ("with recursive" is equivalent to "connect by" in Oracle), global temporary tables (transaction- and session-bound), the "returning" clause for DML operations, "update or insert" (known as "merge into" in Oracle), monitoring tables (incl. query cancellation), and much more! Please see the release notes for details, and go to firebirdsql.org or ibphoenix.com to download."

Journals

Unordained has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?