Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Is a "Wikipedia For News" Feasible?

Unordained Re:I don't get it (167 comments)

Crowd-sourcing content is one aspect, but I'm very much looking forward to "subscribing" to a story and getting only updates after that -- as short as possible, whether they be corrections, links to related stories, or truly new information. I can fit a lot more news into my day if I don't have to hear/read the same context/intro information each time there's an update.

Less important to me is a "ask the author" system, by which readers can suggest directions for investigative journalists to take: how is this incident related to previous ones, what's the political context for this, does anyone have any proposed solutions to the problem, has anything changed since this story was posted 6 months ago, etc. I don't necessarily want to read opinions from fellow readers, nor post my own "facts" as a citizen-journalist, I just want to prod journalists into doing more of what they already do well.

about three weeks ago

Ask Slashdot: Getting Around Terrible Geolocation?

Unordained Re:W3C does geolocation? (100 comments)

Yeah, I was thinking this guy's got it all backwards. If MaxMind et al are already showing the right position, then the problem is the location returned by the W3C API call in his unspecified browser which depends on which location service his browser uses (possibly not the default), and whether his device is GPS-equipped.

In the absence of GPS, Firefox defaults to using Google Location Service (according to https://www.mozilla.org/en-US/... ), which is not one of the 4 "providers" listed at http://whatismyipaddress.com/ and could easily be the one database that's wrong, causing his confusion. I expect Chrome to do the same. IE may use a Microsoft-provided IP database, again separate from the four above -- I couldn't find confirmation of this.

For servers that don't rely on W3C javascript calls to get your location, it all entirely depends on which service they subscribe to, which you may not be able to find out. Short of submitting corrections to "all of them", you're just out of luck.

about a month ago

Amazon Goes After Oracle (Again) With New Aurora Database

Unordained Re:What's the Difference? (102 comments)

You might check NuoDB, as that's their target audience.

RAC was indeed pretty cool. We did have to fight with the Ops guys, though, over the advertised auto-retry feature, which was dangerous for multi-statement transactions, and the documentation (at least at the time) didn't make that clear.

about a month ago

Facebook and Apple Now Pay For Female Employees To Freeze Their Eggs

Unordained Re:Because studies show ... (253 comments)

Thank you! I'm seeing a lot of comments here about how wonderful it is to make the choice to be a stay-at-home-mom, how great it is for the kids, and how that's not less productive than a high-paying job. But I'm not seeing the equivalent for men, that there's a tough choice between "being a dad" (stay at home dad) and "being a man" (with a job), that each male should be encouraged to make the choice that's right for him without pressure from his employer.

about 2 months ago

ISIS Bans Math and Social Studies For Children

Unordained Grain of salt (981 comments)

Can we get verification on this? The CNN story doesn't so much as contain a picture of the flier, let alone corroboration that these were really distributed by ISIS. Is this like how, a few weeks ago, they were incorrectly accused of performing FGM? If this one is accurate, we should be able to get some evidence, if not necessarily proof...

about 3 months ago

Web Trolls Winning As Incivility Increases

Unordained Re:Bullshit (457 comments)

You might want to read more of her stuff before you dismiss her. She's primarily using the analysis of trolls, as examples of bad behavior, to study what our culture considers good behavior, and the boundaries thereof. She asks questions like "why is it okay for Fox News to sensationalize tragic events for their own profit, but not okay for a troll to amuse himself doing the same?", or "what are the boundaries between dialogue, critique, trolling, and harassment?" She treats trolls as a symptom of a culture that permits (and sometimes encourages) the behavior. Not because we're "bad" as a culture, but because sometimes our values and attributes (free speech, devil's advocate, macho, narcissism, etc.) sometimes intersect in odd ways. I've not seen her claim that things are now worse than ever before, nor that anonymity has anything to do with it, nor that "online"-ness is even particularly important -- this is just an entry-point to a wider field of study about cultural norms and how/when we break/bend them.

about 4 months ago

Ask Slashdot: "Real" Computer Scientists vs. Modern Curriculum?

Unordained Yes, but no (637 comments)

I've recently watched my wife (C++ environment) deal with a new-grad (Java-based education.) It's true that pointers are a sticking point -- in the process of being taught Java, they get taught that pointers are bad and dangerous (all hail Java for solving the problem,) and can be made only barely tolerable by using auto_ptr, but really should just be avoided. Yeah, it's a problem, sure.

But the bigger problem we have with new-grads and junior-devs, in general, is the same problem you'd have in any field: they're green. They don't test well, or at all. They don't think designs through. They don't communicate well. They ask too many questions, or maybe worse, they ask too few. They try to fix things that aren't broken. They're bad at estimating task sizes (admittedly, people rarely get much better at that even after decades.) In an attempt to not suck, they reach out for best-practices and apply them zealously and inappropriately. They can't imagine how things will fail, or be abused. They spend too much time fixing small problems, and not enough time fixing big ones. And maybe worst of all, they're under the illusion that what they learned in school ought to prepare them for the workforce, when really it just gets their foot in the door.

We, as their seniors, are the ones that should be spending the time fixing their misconceptions, fleshing our their education, filling their minds with the horrors we've seen, and setting up their work habits. When they fail, it's because we fail to do these things, usually because we brought them in too late in a project, gave them too much responsibility, and are fighting a deadline. So we "just fix it" for them, and they don't learn from the experience, while we gain nothing in terms of productivity from having them.

But if I were to nitpick their education? Databases. Recent grads have little or no understanding of relational databases. Their thinking on organizing data, in general, is fuzzy at best, which impacts more than just database code, it impacts class and API designs, often crippling whole features with incorrect cardinality. It deserves more attention in school. The rest, we can fix in production. =)

about 4 months ago

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

Unordained Re:Wait, wait... (132 comments)


We can still break into the systems we "need" to break into, without keeping a full hand of all possible vulnerabilities. To reduce our overall exposure to risk, it makes sense to disclose most of these to vendors for patching, maybe some with a delay. Our government can buy up vulnerabilities from Exodus, then release them -- Exodus gets paid, we get somewhat better security all around, and the NSA gets a few last holes to work with.

about 4 months ago

Facebook Lets Users Opt Out of Targeted Ads

Unordained Re:opt-out of untargeted ads (97 comments)

Competition. Invisible Hand. Selective pressure from consumers who don't want a site with 80% screen real-estate devoted to ads, and subconsciously choose to spend their time on sites with (for whatever reason) fewer, better ads.
There are obviously limits and pressures already at play, or every site would be nothing but a wall of ads, because "more profit."

about 6 months ago

Facebook Lets Users Opt Out of Targeted Ads

Unordained opt-out of untargeted ads (97 comments)

I'd like to opt out of the untargeted ads. I don't so much mind relevant, possibly-useful advertising -- I don't feel like it wastes my time so much, or even, in a way, creepily insinuates I would be interested in things I'm totally not. As long as the targeted advertising is done right, I'd rather have it. The more accurate such advertising gets, the more value-per-print it can generate, and therefore the less overall advertising will be required to sustain the "free" services we use. One well-chosen ad is worth dozens of spammy ones.

Or ... could we get the big advertising systems to allow us to pay them, centrally, to remove ads across all the sites they print on? And have them just forward a portion of the money to the sites themselves, just as they would have paid them to print an equivalent number of ads, while serving me nothing but 1px placeholders?

about 6 months ago

The Sudden Policy Change In Truecrypt Explained

Unordained Re:Speculation (475 comments)

And other people are trying to resurrect/fork it, trying to get all the legal ducks in a row to meet the requirements of the license.

I've been curious how the original anonymous developers would be able to enforce the terms of their previous license ... even if they had some means of proving in court that they really were who they claimed to be, and had the right to sue, they would lose their anonymity in the process, which is of some value to them.

The anonymity of the developers is a double-edged sword, in this kind of product. It temporarily makes it harder for intelligence agencies (or organized crime) to put pressure on them, but long-term, is it worthwhile? Either their identities will be found out and used against them, or their continued anonymity will be used against the project by at least casting down on the trustworthiness of the project. Ownership of crypto keys (software signing keys) is a pretty good stand-in for identity, except that our laws don't have the same respect for them as for other cases of identity-theft -- they're "just data", to be handed over, and possibly abused.

(Doubting the usefulness of anonymity in no way endorses the likes of Microsoft, and their line that having an established identity entrains reputation, and the desire to protect said reputation in turn guarantees trustable software. At least with TC we have source, and a hopefully independent audit, and that's perhaps the most important piece in the end.)

about 7 months ago

Google Starts Blocking Extensions Not In the Chrome Web Store

Unordained Re:Firefox FTW! (225 comments)

Ugh. I'm one of those developers who would be affected, as I have custom FF extensions deployed for a mid-size client. We don't use the "Enterprise" FF though. I suppose we might have to switch, and deploy FF updates differently, just to keep the ability to run extensions (that have no business being uploaded to anyone's store, as they're entirely site-specific.)

about 7 months ago

Really, Why Are Smartphones Still Tied To Contracts?

Unordained first-mover (482 comments)

I worked as a programmer for the sales & marketing arm of a cell company, 6 years ago. It was quite clearly stated (internally) that they wanted to get out of the subsidy business, but they couldn't. They were too small to take the risk of being the first or only to do so in their market. So long as other carriers were offering subsidies with their contracts, making the move would be suicidal. We probably weren't the only company in that situation, but unless you could come to some grand bargain, nobody was going to move first.

about 8 months ago

Heartbleed Sparks 'Responsible' Disclosure Debate

Unordained Re:Yes, that was handled badly (188 comments)

So does that mean you're suggesting the safest course would be to:
    (a) tell everyone to shutdown ALL OpenSSL-backed services, urgently.
    (b) after 1 day, tell everyone they can bring their 0.9.8 services back online.
    (c) after 1 day, tell the remainder that it's okay to come back online, with heartbeat disabled.
    (d) have the patch ready for distribution around this time.

I agree with the caution. TBD:
    (1) there's the risk that telling admins to shut everything down, all versions, without telling them why, will cause them to ignore the notice
    (2) while these services are shutdown, what will admins do instead? will they use insecure services because "the show must go on"?

about 8 months ago

Heartbleed Sparks 'Responsible' Disclosure Debate

Unordained Re:Yes, that was handled badly (188 comments)

Yes. You don't have to notify people of the exact flaw and how it can be exploited, to help them protect themselves while waiting for a patch. The immediate response should have been to tell people to disable heartbeat, or barring that, shutdown their affected systems. Yes, it would suck, but since you don't know for sure that the exploit is known only to the researchers, you should assume it's in the wild, and this is the only safe thing to do in the interim. (Could this be used as a form of DoS? Sure, if sysadmins get used to wholly shutting down services anytime there's a warning from anyone, or if the partial shutdown of one service in fact makes another service less secure. TBD.)

All this discussion of disclosing to OpenSSL first, letting them patch, giving distros time to get updates ready ... ignores that the moment OpenSSL goes to fix the bug, the patches are public. Attackers waiting to see a flaw in OpenSSL would be monitoring version-control regularly, to see if any given patch looked interesting. While your distros are being quietly told to get updates ready, the attackers are analyzing the patch to see what kind of bug you fixed, knowing that, because there's radio silence, sites are vulnerable.

Making a big stink about it is the only way to make sure sites actually get updated, anyway. Distros and whatnot having updates available does not get those updates installed. We don't have auto-update on any servers. As was discussed recently, many sysadmins have to submit patches to change-control boards for approval, and if there's not a furor over the issue, there's no emergency approval.

    (a) a blitz identifying only the versions affected and what to do about it,
    (b) a patch release sufficiently delayed to give end-users a chance to shutdown affected services,
    (c) a blitz about the availability of the update, which people will care about more because they've already had to take action to protect themselves, and are possibly sitting in a shutdown state.

about 8 months ago

First Phase of TrueCrypt Audit Turns Up No Backdoors

Unordained Re:To Crypt or Not To Crypt (171 comments)

Not only does TC do a poor job protecting my data, but when an attacker does manage to guess a user's low-entropy password, he can then try that password all over the place to see where else the user has used it

That's not at all unique to TrueCrypt. If someone guesses a user's password, it's the user's fault they used the same password elsewhere.

Password-strengthening before encryption is not the same as salting & hashing passwords for later authentication, where rainbow tables and "guessing" a password makes sense -- we're not talking about storing the resulting strengthened password where it could directly attacked ... unless, maybe, perhaps you're trying to say this is stored in-memory while the system is running, and that's the kind of attack you're trying to describe? I don't see why the strengthened password would even need to be kept in memory once it's used to unlock the real keys, which TC will need at runtime for crypto. Having to re-fetch the real keys based on the password at every i/o would be prohibitively expensive.

about 8 months ago

Adaptation From Flash Boys Offers Inside Look at High-Frequency Trading

Unordained Re:day trader loses to second traders (246 comments)

I mostly agree with you, although the article does also mention the murkiness surrounding the "dark pools" that banks run your order through first, where they could have the opportunity to trade against you, before forwarding to exchanges. The big exchanges might be vulnerable only to the multi-exchange exploit that is the meat of this article, but the "dark pools" are implied to have their own, different shadiness going on. Sadly, this piece doesn't explore that enough -- possibly because insufficient light has been shed on the issue to date. Investigations are in order.

about 9 months ago



Firebird 2.1 Released

Unordained Unordained writes  |  more than 6 years ago

unordained (262962) writes "Firebird 2.1 was released today. The open-source, cross-platform, free (even for commercial use) relational database product now features database triggers (such as on-commit), derived tables (".. from (select ...)"), common table expressions ("with recursive" is equivalent to "connect by" in Oracle), global temporary tables (transaction- and session-bound), the "returning" clause for DML operations, "update or insert" (known as "merge into" in Oracle), monitoring tables (incl. query cancellation), and much more! Please see the release notes for details, and go to firebirdsql.org or ibphoenix.com to download."


Unordained has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?