×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Government Recommends Cars With Smarter Brakes

WaffleMonster No thanks (254 comments)

A most dangerous category of automation is overly assumptive reflex actions based on incomplete knowledge of the situation.

What happens when I want to change lanes to avoid an accident and a computer has already decided to hit the breaks or apply them harder than intended? Now vehicle is turning and breaking at the same time probably in less than ideal conditions contributing to an initial event.

Only thing grosser than eating Cheetos and licking your fingers while texting and driving is making others pay for your cheesiness.

11 hours ago
top

Quantum Computing Without Qubits

WaffleMonster Something for nothing (81 comments)

I don't believe in real quantum computers because they require operating on the premise you can just sit there and extract whatever unlimited amounts of computation from the universe for a cost exponentially approaching free.

No doubt at all these machines given enough time and effort will work and they will provide the world with useful benefits only those benefits will look nothing like:

"Problems that would take a state-of-the-art classical computer the age of our universe to solve, can, in theory, be solved by a universal quantum computer in hours."

2 days ago
top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

WaffleMonster Save to PDF (296 comments)

Make your websites a PDF file. It will always look and print nicely without wasted time quibbling over screen size, browser compatibility, fonts, CMS security patches or complaints from clients who need your help changing x, y AND z by themselves for free.

The nice thing about PDF files creating them is just a click away for most WYSIWYG publishing systems and by withholding source document your clients will have no way of making any changes without paying you.

If you object to my response with reasonable arguments it may be better to consider a different approach better addressing your (customers) specific needs.

3 days ago
top

Oracle Releases Massive Security Update

WaffleMonster Impressive (79 comments)

How many unauthenticated remote exploits in a HTTP stack does it take to lose a customer?

Never understood how Oracle is allowed to continue to operate like this. The only thing worse than a multi-billion dollar software company failing to exercise any discipline over their systems unauthenticated attack surface is length of time they must have sat on all of these exploits just so they could package it up and release all at once.

3 days ago
top

Obama: Gov't Shouldn't Be Hampered By Encrypted Communications

WaffleMonster Re:Communication has never been secure (554 comments)

I think you spelled "reality" wrong :-) Never say or do anything you wouldn't want your mother to see on the front page of tomorrow's newspaper.

Good advice when making public statements or comments.

When having a private discussion with trusted people the government and any other peeping toms who think they have a right to it can eat random noise.

about a week ago
top

Obama: Gov't Shouldn't Be Hampered By Encrypted Communications

WaffleMonster Re:Communication has never been secure (554 comments)

Snail mail and land line phones were never secure, all it took was a search warrant/court order (really easy to get) and the police had it. Email is no different.

Sure they are, you just need to add your own security on top of it. People have always been able to break out their favorite secret book and OTP their message or speak in code.

All the ranting about the NSA and government intrusion just diverts from the fact that; 1) if you don't want anyone to hear what you say, don't say it.

Unacceptable.

) if you don't want anyone to read what you write, don't write it down.

See above.

The USA founding fathers lived with the knowledge that they would be held accountable for what they said and wrote, and today it's no different.

Really so while negotiating and working to build consensus it was all out there for anyone to know their bargaining positions? There was no need for secrecy?

about a week ago
top

US/UK Will Stage 'Cyber-Attack War Games' As Pressure Against Encryption Mounts

WaffleMonster Hack the planet (77 comments)

In the real world any serious attack would have been conduced in stealth far in advance with damage triggered at a time of the attackers choosing.

In the fantasy world military brass operate repelling a "cyber attack" means sitting in front of a oversized console while "god" yells Rabbit.. flu shot? Someone talk to me.

about a week ago
top

SystemD Gains New Networking Features

WaffleMonster Whackamole (552 comments)

It seems every time I turn around there is yet another system process overwriting my iptables configuration.

about two weeks ago
top

AirAsia QZ8501 Black Box Found

WaffleMonster Re:Disgusting (95 comments)

Insurance externalizes internalities.

No, it doesn't.

In what way does it not? With insurance someone else is paying the bill even when you fuck up. You will feel some additional pain but most of it is offloaded.

There are ways to turn costs or sudden losses into externalities via publicly provided or covered insurance, but that's not an consequence of all insurance.

My remarks are limited to "most Insurance".

It's been no easier in the past to deal with sudden catastrophes than it is now.

I'm not so sure. In isolation this is an easy case to make...hey a tree fell on my house and now I can afford to fix it... there are also downsides and opportunity costs.

Hospital industry is a good example of what happens when you allow externalities to run rampant. Huge increases in overall share of GDP for little measurable improvement in outcomes. What is worse most of the expenditures go into dealing with the consequences of diseases which normally only occur when people fail to take proper care of themselves.

In any event disagreement is not grounds for -1 troll mod and +4 insightful is hardly deserved by those who veer off topic.

about two weeks ago
top

Microsoft Ends Mainstream Support For Windows 7

WaffleMonster Changes for vendors sake (633 comments)

I sincerely hope in the year 2020 there is an operating system in existence I would happily want to upgrade to.

Commercial vendors are spending too much time "playing games" and not enough time providing actual value to end users.. I fear by 2020 things will only get worse yet it is also clear MS has belatedly learned some lessons.

The final end of support for Windows 15 will be January 19th 2038.

about two weeks ago
top

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

WaffleMonster It's a feature (629 comments)

How are we supposed to root our devices if all the security holes get patched?

about two weeks ago
top

Chevrolet Unveils 200-Mile Bolt EV At Detroit Auto Show

WaffleMonster Name and style fails (426 comments)

Chevy Bolt...really? Did the lawyers gather around in a drunken stupor one night and belch that one out?

Why can't electric cars look ... normal? Who wants to buy this? I just don't understand.

about two weeks ago
top

AirAsia QZ8501 Black Box Found

WaffleMonster Re:Disgusting (95 comments)

Even if this were true, what makes it a "pile of dogshit that smells". Insurance does serve a very useful role in our society.

Insurance externalizes internalities. It seems necessary because its existence over many decades has fucked up society enough to make it that way.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:HTTP isn't why the web is slow (161 comments)

SPDY will allow later requests to be answered before the first one. You seem to be focusing on the aspect of re-using old stale connections. I'm talking about the many dozens of connections needed on the initial visit to a web site right now.

When I mention head of line blocking I am referring to the transmission of the overall stream of data transported via TCP. Whatever structure comprises SPDY the stream itself is subject to head-of-line blocking. Multiple unrelated assets within a related stream are at the mercy of the properties of that stream. Multiple unrelated parallel streams are able to operate *independently* of the other.

The problem occurs normally (bad luck, ICW) and especially with lossy networks such as a high latency wireless network you end up blocking for RTT or RTO.. during that time nothing is transmitted with SPDY. If instead parallel TCP streams are used remaining streams are able to continue transmission.

The RFC itself says that it's vulnerable to replay attacks.

Of course it absolutely is.

Even more so than what's currently in use.

To conduct a replay attack you need to be able to get a copy of the packet to replay it. If you can do this you can own the TCP channel. I don't know how things can get any worse. In either case with or without fast open adding security (e.g TLS) is often helpful.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:HTTP isn't why the web is slow (161 comments)

There's a different type of HOL blocking specific to multiplexed HTTP pipelining (at the next highest protocol layer). If one resource is slow to load because of being dynamic, it can hold up the entire queue.

This makes little sense. HTTP/1.1 pipelining is only even possible if the size of content is known a-priori. Hard to imagine limited cases where you can know the size in advance before taking time to generate it.

I do agree there are multiple instances at multiple layers that can have the affect of stalling the pipeline.

My understanding is that your browser cookies and user agent string would be re-sent with every request using RFC7413. That's not small.

Its insignificant, what matters for senders is latency.

And it can't handle POST requests safely, meaning fragmented protocols.

I hope your kidding there are no useful transaction semantics defined for POST requests or any other HTTP verbs. Any assumption this is somehow safe today is wrong. It can only be made safe by application layer detection.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:HTTP isn't why the web is slow (161 comments)

The only reason you've given for HTTP/2.0 being worse is that it's not already an RFC.

It is worse because it is HOL'd and requires additional resources to manage state persistence for idle TCP channels. The other solutions leverage stateless cookies without speculative tradeoffs inherent with sitting on idle sessions. This is a BFD when your servicing thousands of concurrent requests.

SPDY and by extension HTTP/2.0 does not have head of line blocking issues. The requests are multiplexed, but tagged, and requests can be answered out of order.

*Everything* implemented over TCP has head of line blocking issues. This property is inherent in the definition of a stream which is what TCP implements. The only way around it is multiple independent streams. It does not matter how the protocol is structured or what it does as long as it is doing it within a single TCP stream.

Head of line blocking is really only an issue for dynamic content.

Why?

Pipelining all of your static resources through a single connection to a single subdomain is more efficient than multiple requests.

Even in the case where RFC7413 has not been deployed this isn't always true especially over low bandwidth/lossy links. If one stream has to eat RTT or worse RTO other streams can continue to transmit unimpeded. It is important to avoid cherry picking simulation results. Not all of them are positive.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:Shrug (161 comments)

Browsers on the other hand are supposed to take invalid HTML and try to do something useful with it. If browser developers didn't have to spend so much time trying to make their code interpret invalid syntax, they could probably fix a lot of the other bugs that actually affect valid code.

While it may well be more difficult to write an HTML parser this effort is an insignificant rounding error when considered within context of effort needed to produce a modern browser stack.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:versus 20 years for IPv6. 2002 cutover to IPv6 (161 comments)

Thirteen years later, 95% of internet traffic is still IPv4. Ten or twenty years from now, do we want to be using a better version of HTTP, or still be using HTTP/1.1 and talking about HTTP/2?

I don't care if we're still using HTTP/1.0 a hundred years from now. IPv6 is actually needed to solve an actual problem and offers real benefit to users needing to directly communicate with their peers - especially those currently stuck behind carrier NATs lacking a global address of their own.

HTTP/2 isn't going to make anyone's online experience any better or faster. Even today with our quad core muti-ghz CPUs, GPUs, several GB ram, dozens mbits of bandwidth sites still take forever to load... the only thing that has changed instead of loading actual content more time is spent engaged in massive data collection and cross-domain spying. The problem that needs solving isn't technical it is political.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:Shrug (161 comments)

1: mechanisms for interoperability were bolted on later, not included as core features that every client and router should support and enable by default. The result is that relays for the transition mechanisms are in seriously short supply on the internet and often cause traffic to be routed significantly out of it's way.

The Internet is a production network. You either deploy IPv6 fully in a production quality matter or don't do it at all. The mistake was in developing transition mechanisms in the first place which have done nothing but get in the way of adoption.

there was lots of dicking around with trying to solve other problems at the same time rather than focusing on the core problem of address shortage. For example for a long time it was not possible to get IPv6 PI space because of pressure from people who wanted to reduce routing table size.

Not everyone in the world has access to the same buying power enjoyed by rich western states. *Someone* ultimately has to pay for PI, rinky-dink multi-homing and lazy TE shenanigans. It is a political calculation whom that should be.

Stateless autoconfiguation and the elimination of NAT seemed like good things at the time but they raised privacy issues and added considerable complexity to home/small buisness deployments.

Reality is IPv6 privacy extensions were widely deployed in a landscape already dominated by browser fingerprinting, browser cookies, plugin cookies, DNS fingerprinting.

about two weeks ago
top

HTTP/2 - the IETF Is Phoning It In

WaffleMonster Re:HTTP isn't why the web is slow (161 comments)

Part of the reasons for dozens of (sub)domains is because even modern browsers still have a connection limit per host. And there's a lot of overhead in establishing an HTTP connection. If you're loading lots of tiny files, it makes sense to download them all through one HTTP connection. HTTP/1.1 already has pipelining, but almost no server is set up to use it.

Completely disagree. RFC7413 is already an RFC unlike SPDY and already solves the problem of overhead for new requests using stateless cookies without keeping session state (e.g. tied up resources) open speculatively in anticipation of future reuse.

Multiplexing multiple streams within a single stream = Head of Line blocking. A problem that does not exist when using multiple independent streams are employed.

The same concept applied to TLS currently in the pipeline allows for requests to be processed by the application stack on the 0th round trip using HTTP/1.0 with no head of line blocking.

In essence deploying HTTP/2.0 is worse than simply addressing underlying deficiencies in TCP and TLS... Better still this effort carries forward and is reusable for other non HTTP based protocols.

about two weeks ago

Submissions

WaffleMonster hasn't submitted any stories.

Journals

WaffleMonster has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?