Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Are the World's Religions Ready For ET?

Vellmont Re:ET would disprove God (379 comments)

According to the one religion I'm somewhat familiar with
Then you're not very familiar with Christianity, or religion, really.

Christianity has survived worse than aliens. Heliocentric theory, evolution, and earth as a globe are all facts that Christianity has had to deal with over the last 100 years. The different sects are at varying points in how they've evolved with these facts, but they have and are evolving.

You think of religion as a series of facts, which it partially is... but that's not the main thing. The main thing is group identity, and group identity can and does change with time. You can't really "disprove" group identity.

10 hours ago
top

Tor Executive Director Hints At Firefox Integration

Vellmont Re:IE better fits the definition. (108 comments)

w3 schools is about one of the WORST examples you could have picked. Web developers and designers don't use IE for obvious reasons.

But you're right though that browser market share is hugely dependent on what group you've picked. Business users use IE in much higher numbers. Given Microsoft's corporate masters, I'd be VERY surprised if they put an anti-spying feature in the browser. Remember, business loves to spy on their employees.

My money is still on Firefox though. Mozilla has a mission to provide privacy to its users. They actively resist making it easy for corporations to do MITM attacks on the browser though including custom placed to install CAs. Safari is a possibility too, but I'd still bet on FF.

yesterday
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Vellmont Re:It's been in bash a while. (317 comments)

Oh, and as an addendum, I consider anything that originates from the client, something that the user can generate.

i.e. untrusted input is untrusted input. People get far to specific about that kind of thing. If you're taking input from a client, and passing it to a system executable in some way, that's bad.

5 days ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Vellmont Re:It's been in bash a while. (317 comments)

I understand the nature of the bug. I ALSO think it's stupid to call an executable and pass in a parameter from the user.

5 days ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Vellmont Re:It's been in bash a while. (317 comments)


The "With many eyes all bugs are shallow" myth is busted again.

Uhh.. I guess I'd say the "many eyes" have been saying for almost 20 years that a website that takes in user data and then passes that to a shell to run an executable is kinda stupid, and insecure.

5 days ago
top

Remote Exploit Vulnerability Found In Bash

Vellmont http CGI scripts? Did I get stuck in 1996? (399 comments)


So far, HTTP requests to CGI scripts have been identified as the major
attack vector.

Umm.. who still does that? That sounded wonky, risk-prone, and a hack in the mid 90s. Who's still using CGI scripts to execute shell code?

about a week ago
top

jQuery.com Compromised To Serve Malware

Vellmont Re:They will never learn (103 comments)

I disagree with your basic premise, that things are secure, or insecure. Everything is a tradeoff. Using a foreign CDN is a tradeoff of trusting a third party to be secure vs doing it yourself. Just because you do it yourself doesn't mean it's "more secure", it's just more in your control, which can be good or bad.

We make this tradeoff all the time. Have you ever used 3rd party software on your website? Well then you're making a tradeoff as well.

You're right to be suspcious of trusting a 3rd party, but I don't agree that using a CDN is always a bad choice, incompetent, and obvious to anyone competent.

about a week ago
top

Ask Slashdot: How To Avoid Becoming a Complacent Software Developer?

Vellmont 40 hour weeks != complacent. (275 comments)

People develop lives and other interests. If you'd like to dedicate yourself to one thing, great. But you have an odd idea about the nature of liking what you do. Liking what you do is very different from wanting to do it all the time. The world is an interesting place with a lot of different things in it. Don't assume people that have other interests (Family, hobbies, houses, travel, leisure) aren't passionate about what they do, they've just realized that there's more to life than computers.

In fact, a good way to get burned out is to do exactly what I suspect you're doing. Working really long hours, and dedicating lots of your free time to software. Cut it out, and maybe you won't get burned out.

about two weeks ago
top

Ask Slashdot: Have You Experienced Fear Driven Development?

Vellmont Re:Experience counts (232 comments)

I think you said the words you're talking about in your anecdote. Worth and trust. Both those are earned, and can be over-valued. The developer in question shouldn't be trusted.

about two weeks ago
top

Apple Will No Longer Unlock Most iPhones, iPads For Police

Vellmont Re: So everything is protected by a 4 digit passco (504 comments)


Not without huge advances in theoretical mathematics, no.

Cryptography relies not only on the math being correct, but the implementation as well. How sure are you that Apple implemented the random number generator properly, for instance? Maybe that 128 bit key only has 64 bits of entropy because someone screwed up. 64 bits of entropy is feasible to brute-force.

Also, only RSA relies on factoring large numbers. RSA, and other public-cryptography is only used to encrypt the key. The underlying algorithm is still generally block ciphers like AES, which aren't dependent on prime numbers.

about two weeks ago
top

Apple Will No Longer Unlock Most iPhones, iPads For Police

Vellmont Easy fix for the government. (504 comments)

So instead of requesting access to the data, they'll request access to installing a special update to your phone that simply transmits the encryption key.

If you trust Apple to update your software, and Apple has to do whatever the government says, there's always going to be a way for the government to get your data.

about two weeks ago
top

Ask Slashdot: Have You Experienced Fear Driven Development?

Vellmont Re:Experience counts (232 comments)

Of course, the respect you're seeking must be proportional to your actual skills, merit to the company, etc.

Hmmm.. this is the only statement I find questionable. Everything else I agree with. I think everyone deserves respect. The lowest level employee doesn't deserve to be yelled at for missing deadlines, or having a bug that's missed. That's basic human nature, and you're not entitled to it simply because you're more valuable, it's something all people need. I understand your position, but if the only way you can gain "respect" is through fear (fear you'll leave), that's still an indication of a sick organization.

Long term, you should still leave if everyone doesn't deserve respect, not just "valuable" people.

about two weeks ago
top

Schizophrenia Is Not a Single Disease

Vellmont Re:Then I guess you could say... (222 comments)


The trick is that doctors need to stop treating schizophrenics like we're sick. They need to start treating us like we're real people that just happen to have a different sense of reality.

In a sense, I sort of agree with you, in another, totally not. Depression is also another way of viewing reality. Is someone who's depressed "wrong" about concentrating on the negative aspects of living? No... but I think most people who're depressed would rather NOT be depressed. Obviously telling someone who's depressed to just "cheer up", and "things aren't that bad" isn't going to help much. But like a disease, it's an aspect of yourself you'd rather not have and aren't in total control of, and want to be "cured" of. So the disease model isn't too far from the truth. I don't see how scizophrenia is much different.

You yourself don't really like your symptoms, wouldn't you rather they be gone? So I'm not sure I really understand your point.

about two weeks ago
top

Why Atheists Need Captain Kirk

Vellmont Re:Deism (937 comments)

The same inadequate reasoning that makes people think their could be meaning to the universe is the same lack of reasoning that causes smart people to be religious.

You make the mistake of categorizing all religion into one big bin. Thinking about our place in the universe is a religious activity, but also a very human one. Deciding we have no place in the universe, or the universe has no meaning is also in that same category. By seeking to escape religion, you're only being ensared by it.

about two weeks ago
top

Windows Tax Shot Down In Italy

Vellmont Re:Need more than a legal precedent (421 comments)


More than a legal precedent this needs solid regulations with teeth. I suspect that if you walk into whatever the Italian equivalent of Best Buy waving this judgement around and demanding a refund that they will just have security escort you out. But if refusal to even offer a Windows free machine was worthy of a fine, let alone not removing it, then windows free machines would be widely available.

I've spent some time living and working in Italy. I'd be very, very careful before I simply apply US and Canadian ideas and norms onto Italy. Italy isn't filled with big box stores. I don't know that there's an equivalent mass retailer that sells everything from PCs to appliances in Italy. Rome at least is more filled with smaller retailers rather than enormous mega-retailer stores like in the US. There's some big retailers to be sure, but there's a lot more smaller ones.

But the one thing you should be VERY wary of is applying the rule of law to Italy. The normal rules of fines, and governments imposing restrictions on things doesn't always apply. Italian courts are a mess, and regularly change verdicts. So I wouldn't just naturally expect Italian retailers to suddenly start offering Windows free machines available for sale. Italy isn't like the US, or even the rest of the EU.

about three weeks ago
top

Publishers Gave Away 123 Million Books During World War Two

Vellmont .06 is not free. (121 comments)

$.06 is about 80 cents today. That's not free. You may think it's a minor distinction, but the truth is it's not. We know from repeated sociological studies that people treat free as a different category than something that's charged for. And if you establish the value early on as free, it's VERY hard to go back and get people to pay later on.

That's totally different than charging 80 cents in 2014 dollars. I'd also imagine that being in the military has different expectations than civilian life. It's a donation the publishers gave to the war effort. Once the war is over, nobody would expect to go back to being given cheap books anymore.

about three weeks ago
top

In France, a Second Patient Receives Permanent Artificial Heart

Vellmont Re:Predictable (183 comments)

Before you go around calling people morons, you might want to learn a little about how software is horribly insecure, even when designed to be. The recent OpenSSL vulnerability is a good example.

If you think "slapping encryption, message signing, and sanity checks" is going to save you, you have a LOT to learn.

about three weeks ago
top

Home Depot Confirms Breach of Its Payment Systems

Vellmont Re:PCs are the problem (111 comments)

That and credit card companies are too fucking cheap to switch to chip and pin. The only reason the rest of world switched was because the companies were forced to. Not in the good old USA.
Well, you're going to start getting your (and my) wish starting around October 2015. That's the date the liability shifts. Then the liability shifts to the party implementing the least technology. So if the card issuer issues a chip and pin card, and the retailer has only swipe, the retailer is responsible for any fraud from customers with chip and pin cards. If the retailer has a chip and pin machine, but the card issuer has only swipe, then the card issuer is liable.

So essentially you're going to start seeing big retailers upgrade to chip and pin machines sometime around Oct 2015. I'm sure it'll be a slow process, with small retailers taking many years to finally upgrade. But it'll happen.

about three weeks ago
top

Does Learning To Code Outweigh a Degree In Computer Science?

Vellmont Re:False premise (546 comments)


  If you are still skeptical, I invite you to go to talk to HR and ask them what it would take to get entry-level job without a degree.

Not all companies have HR gatekeepers. HR is their to filter out job requirements. If the job requirements say "Or equivelent experience", that's your ticket. If there's no HR department (the case with many smaller companies), then that barrier is gone.

Bascially, I'm calling bullshit here. I've known many people, including myself with very successful careers in IT without college degrees. Please stop applying your experience to everyone.

about a month ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

Vellmont Re:JAVA (230 comments)


To me, that indicates a JAVA vulnerability, not a Linux vulnerability.

Right. Just like Nigerian 419 scams are conducted in English, so English is a vulnerability.

about a month ago

Submissions

top

Vellmont Vellmont writes  |  more than 7 years ago

Vellmont (569020) writes "I live in an apartment, and I've recently become enamored with the idea of turning my Linux server into a burglar alarm. The goal would be to provide the same features of a professional burglar alarm (motion detection, keypad de-activation and activation, and a loud alarm) plus some extra features that's easy for an internet connected computer such as paging alerts. Has anyone found hardware that can be fairly easily interfaced with Linux, as well as an open-source project that drives the alarm?"
top

Vellmont Vellmont writes  |  more than 7 years ago

Vellmont (569020) writes "Xname.org, a popular provider of free DNS hosting has been taken offline do to a distributed denial of service attack. Their website now reads:
XName is temporarily closed since 08:00PM CEST yesterday evening. We were experiencing the largest DDoS we ever had on both ns0 and ns1 IP addresses, forcing our upstream providers to cut off XName servers in order to preserve their other customers. We're working hard in order to have at least one DNS server answering ASAP, and we already negociated with a premium transit provider to host one of our DNS servers shortly.
Anyone relying soley on Xname.org for DNS hosting should probbably change their domain records to point elsewhere."

Journals

Vellmont has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?