×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Zocalo Re:Overstating the case (512 comments)

Heartbleed is a score for closed source. Those trying to spin it like this is open source working are delusional.

So, if this were to have happened in a closed source library, another company would have been looking at the code in order to discover the bug *how*, exactly? Even if the bug had been found by a white hat, the only recourse would have been to raise a bug report with the vendor and hope they actually did something about it. The failure for open source here isn't the development model, it's the fact it took two years for the vaunted "many eyes" to get around to looking at new code in a critical piece of the tool chain. As I noted, that's something that can easily be addressed by forcing commits be vetted before acceptance, and potentially other ways too, but again, you could also apply that approach in a closed source shop.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Zocalo Re:Overstating the case (512 comments)

This, and I suspect a lot of shilling by proprietary software vendors playing up the "many eyes make bugs shallow" thing. This wasn't so much a failure of the open source model as it was a failure to properly vet commits to the code of a project before accepting them into the main tree, and that could happen just as easily on a closed source development model as an open source one. That might be OK for small hobby projects, and perhaps even major projects that don't have quite so major ramifications in the event of a major flaw, but hopefully this will serve as a wake up call for projects that aim to form some kind of critical software infrastructure. For such projects requiring that commits be reviewed and "signed off" by one or more other developers would perhaps have caught this bug, and others like it, and could perhaps work very well in conjuction with some of the bug-bounty programmes out there. Of course, "Find a flaw in our pending commits, and get paid!" only works if the code is open for inspection...

yesterday
top

Slashdot Asks: How Do You Pay Your Taxes?

Zocalo Income taxes? I'm an expat you insensitive clod! (377 comments)

Some countries don't even have personal income tax, and apart from the U.S. I don't know of any others that require their citizens pay income taxes on wages earned overseas. Admittedly several of the countries on the list are not the best places to live, but for non-USians it's perfectly possible to avoid paying income tax altogether.

yesterday
top

Yahoo DMARC Implementation Breaks Most Mailing Lists

Zocalo Re:SPF.. (83 comments)

A better solution might be to move the original sender's "From" to another header ("Return-Path", "Reply-To", - whatever works best for the list software/admin) and set a new "From" to an address that would feed any replies to the list's submission/moderation queue. If the address of the person replying is on the mailing list or the list accepts any submission address, it goes into the normal queue for remailing, if not it either gets discarded as a bogus reply that is probably spam or goes into a moderation queue, depending on the list.

This is still an implementation flaw in the way DMARC and SPF work with mailing lists rather than a problem with mailing lists though, so the onus really belongs with DMARC and SPF to better provide a way to support mailing lists. Including a way to specify in the DMARC/SPF configuration for the that the sender is a mailing list and that they need to validate the original sender against a different header instead - "X-Originally-From", rather than the mailing list's domain in the current "From", perhaps?

about a week ago
top

Last Month's "Planet X" Announcement Was Probably Wrong

Zocalo If they *do* find it... (44 comments)

Hopefully they will name it something beginning with "P" so mnemonics like "My Very Easy Method, Just Set Up Nine Planets" and so on all work again, or has anyone come up with a good one for the current 8 planet setup?

about a week ago
top

How the Internet Is Taking Away America's Religion

Zocalo Re:Correlation is not causation. (1036 comments)

It's a view point in the UK that has been around for years - at least a few decades - although where it originated from and when I have no idea. Quite possibly it was the Daily Mail or a similar rag going off on one of the their diatribes about "declining standards" or whatever they had a bee in their bonnet over that month. From comparing notes though it does seem C of E schools in the UK generally force much less dogma and indoctrination upon impressionable infants compared with church schools of other faiths, and even other christian denominations. I guess you really do reap what you sow... :)

about two weeks ago
top

How the Internet Is Taking Away America's Religion

Zocalo Re:Correlation is not causation. (1036 comments)

The graphs certainly back up the idea that the best way to raise an atheist is to send the child to a Church of England school (in my case I was an atheist by the age of nine), but I suspect that the increasingly secularisation in UK education has something to do with that as well. When the only primary school in a small rural town is a church school (usually that would be C of E, but sometimes Catholic) and you have a typical rural UK demographic representing both major christian denominations plus a scattering of other faiths that school tends to get coerced into providing a more agnostic education if it wants financial support from the local government.

about two weeks ago
top

How the Internet Is Taking Away America's Religion

Zocalo Re:unfiltered information will make people THINK! (1036 comments)

I think there's more to it than just being exposed to skepticism from existing atheists/agnostics too. You get much more exposure to people who are from different cultures and religions that you might in your own little neighbourhood, both knowingly and unknowingly, and when that penny drops, that's when the thinking part kicks in. Generally you are going to you realise that, hey, they are not that unlike us and we actually share many of the same views on life - most religions teach the same core principles wrapped up in some slightly different stories, after all. It's fairly well understood that major cities with cosmopolitan populations tend to be more open minded and their populations tend to have a less religious view than those from more rural communities, so I suspect this is just the same principle manifesting itself on a much grander scale.

about two weeks ago
top

Linux Developers Consider On-Screen QR Codes For Kernel Panics

Zocalo Re:Good idea (175 comments)

It might actually be more than that. Worst case, the screen in in 80x25 text mode (assuming a PC), which gives 2,000 binary bits, but if you start playing around with extended ASCII graphics characters you could probably encode a KB of data quite easily. Hardly a crash dump, but easily enough to get across the essentials.

about two weeks ago
top

European Parliament Votes For Net Neutrality, Forbids Mobile Roaming Costs

Zocalo Re:Touristy places will be in for a surprise.. (148 comments)

That would be excellent if this happened, although unlikely given how much the local population that supports the tourist trade is likely to rely on that same mobile coverage. I go on vacation to *get away* from the daily grind, yet of late it has got to the point that you can't go anywhere without someone yakking on a mobile phone, and I go to some pretty out of the way places to try and make that happen. The absolute last thing you want to hear when you reach Everest Base Camp, slightly out of breath from the lack of oxygen and effort, and are just starting to take in the amazing view is:

*Latest naff ringtone*
"Hello...?"
*pause*
"Yes, I'm climbing Mount Everest!"

It kind of ruins the moment, you know?

about two weeks ago
top

I prefer my peppers ...

Zocalo Re:How about (285 comments)

Not just tasty in their own right, but also not be so hot that you kill any chance of really enjoying the taste of whatever else that you are eating them with/in. I can manage peppers a fair way up the scale; a hot Piri Piri sauce doesn't bother me much, nor do habaneros, which are both around the 50-100K bracket IIRC, but all I can taste after a few mouthfuls is the pepper. I'd much rather have something like jalapeños or something even lower on the scale, so I can taste both the pepper and the rest of the meal for the entire sitting.

about three weeks ago
top

How Satellite Company Inmarsat Tracked Down MH370

Zocalo Re:Little disturbing (491 comments)

Inmarsat managed to eliminate the northen arc based on differences in expected doppler differences of the signal pings, when the last ping was received, and assuming a conservative fuel consumption to that point, there would have been insufficient fuel left for the plane to make land, hence it went down in the ocean. It's important to note that Inmarsat is unable to say where exactly, only that it is within a given range of the location where last known ping was now known to have been sent from, which is where the search for wreckage is now centred. I gather this is the result of a highly unorthodox set of data analysis that is well outside normal procedures for determining location, hence the reason it's taken so long - some of the techniques they used probably haven't ever been done before.

about three weeks ago
top

How Satellite Company Inmarsat Tracked Down MH370

Zocalo Re:Flight recorder (491 comments)

Still vastly better than what it was only a day ago, and there seems to be a lot more possible debris sightings in the search area which I take as a sign they might be in the right area and will hopefully pin it down some more. The race now is to find it before the black box transmitters go silent, a task for which the US is dispatching some specialist search gear apparently, because that's probably the only hope of giving the bereaved a chance at some closure left now.

about three weeks ago
top

Oculus Rift Developer Kit 2 Ready For Pre-Order Today

Zocalo Re:I think this is dangerous (100 comments)

I don't think it's going to be quite the VR nirvana that some people are expecting, at least not for some of the more involved games that would benefit the most from VR - simpler console based stuff will be fine, although I'd expect there to be a similar level of bandwagon jumping crap that we had when the first "Multimedia PCs" were all the rage. Having a device like the Oculus Rift strapped in front of your eyes is a double edged sword; yes, you are totally immersed in the virtual environment, but you are also much more limited in your interactions with the real one. You are going to need to have situational awareness of both worlds, and do everything in the real one pretty much by touch alone, and that's likely a more limiting factor than some people might be expecting.

There's a lot of people planning on using the Oculus to play Star Citizen when it comes out, yet this is a traditional old school style PC flight sim at heart which, as many old timers will attest, even with all the buttons and other controls on a HOTAS setup, you often still needed some controls on the keyboard. The game also has an FPS mode that many of those same players are planning on using with a mouse rather than a stick, so that most likely means that the left hand will be moving between throttle and keyboard and the right between stick and mouse. Sure, most PC gamers can touch type, but with the Oculus we won't even have the benefit of our peripheral vision to find the home keys and get our bearings to find the key(s) we want, and I think that might be harder to do quickly than some people expect, particularly when they are in the middle of a dogfight or attempted boarding. That's not to say it's an unsolvable problem, some extra thought on control to key mappings might be enough to avoid most mis-steps, and I expect to see a lot of work going into making input devices much more tactile to help with this over the next few years - braille keyboards for hardcore VR gamers anyone?

about a month ago
top

Full-Disclosure Security List Suspended Indefinitely

Zocalo Re:If you believe in full disclosure (162 comments)

Perhaps. By not applying Full Disclosure to the identity of the "insider" that has resulting in this you could accuse John Cartright of breaching his and the list's principles, but without knowing the details of the threat (and the list has resistant many such threats in the past) it's difficult to know what the consequence of that might be. Or maybe there is no really significant threat other than some inconvenience, but this is just the straw that broke the camel's back. If not taking down this list would result in the breach of a court order, then this is almost certainly the right tack to take, regardless of how painful it might seem, unless we are expecting John to potentially become another fugitive from justice, like Edward Snowden?

Sure,it's a sad day for freedom of information, and will no doubt have negative consequences due to more information being known only those with malicious intentions and companies sweeping issues under the rug due to lack of exposure, but even so I don't think it's ont that is worth compromising your life over, let alone expecting someone else to do so.

about a month ago
top

Recent news events re: Bitcoin ...

Zocalo Re:changed my view of it for the better (192 comments)

It's not negative, the older generation is just more jaded and has seen too many things like this turn into a fad to risk any significant amount of tangible worth on it. There is also the risk of association given the close links between BC and the digital underworld to consider, particularly when dealing with laypersons (many of whom might be in senior management); "You use Bit Coin? Isn't that used to buy drugs and stuff?" It's not some toy like a new programming language, Seti@Home, or an Arduino that you can hack around with and the only real risk is a bit of time and CPU cycles; you've got to put actual money on the line, and quite a bit of it if you want to mine productively. Those "flaws and nitpicks" that you mention are resulting in far too much of that money getting ganked, although admittedly, that's often the fault of the original owner failing to do their homework and making a silly mistake like trusting their BC to a third party that isn't deserving of that trust.

In my view, crypto currencies are still at v1.0, and we all should know the rule about ".0" releases, let alone "1.0" releases. As such, I find that it's an interesting notion but almost certainly doomed to be replaced by something new and improved once all the teething troubles and peripheral issues that we are currently seeing get addressed. I'm not really expecting the tech masses (including the jaded grey beards) to really embrace it until we start seeing the next generation of currencies and have some kind of framework in place to prevent most of those "flaws and nitpicks" without having to RTFM. Any possible mainstream public acceptance is probably only going to come once there are far more legitimate uses than illegitimate ones and it's generally seen as a safe and convenient thing to do, even for a complete n00b that's likely to click on a link to a file called "rootkit.exe", cancel the AV warnings and run it anyway.

about a month ago
top

Environmentalists Propose $50 Billion Buyout of Coal Industry - To Shut It Down

Zocalo $50 billion seems quite cheap (712 comments)

Ahh, yes! That low, low, price doesn't include the price of building renewable-power plants to replace those coal fired ones that are to be shutdown, nor does it even include any budget for sending out lots of blankets to prevent millions from freezing to death during the next cold spell. Nope, that part is entirely left down to others, and specifically to the government and thus taxpayers money. So, yeah, $50b to buy and shutdown the plants, and then what, maybe $500b of pork on a good day to replace them with renewables? Sure, sounds like a good deal to me...

I think I'll just chalk this up as another ill thought out scheme that'll never work.

about a month ago
top

How Do You Backup 20TB of Data?

Zocalo Re:Hard drives + Robocopy (983 comments)

It's really either this or tape. Just be sure to verify your backups, make sure that you can actually restore, and keep a copy off the data off site at a suitably remote family member/friend's place. Personally, I use external USB3 disks as they are cheap and can be left copying data overnight, especially so if you structure the data so that it's easy to segment data on the RAID across multiple external drives, and replace them long before any MTBF kicks in. Also unlike some tape systems, don't require particular software to backup/restore - any directory copy/sync tool of choice will do, and for restoring specific files you can even use a file manager or command line copy.

about a month ago
top

New Mozilla Encoder Improves JPEG Compression

Zocalo Re:Seem Negligible (155 comments)

It also reduces the time it takes to write the file out to disk or memory card. That could have a small knock on effect in a number of areas like the burst length on cameras and battery life on mobile devices (assuming that the new codec isn't much more CPU intensive). If the extra 10% compression improvement mentioned in the summary is from photographic images rather than illustrations then that could be quite a significant difference.

about a month ago

Submissions

top

Star Citizen takes the crowdfunding crown, reboots the Space Sim genre?

Zocalo Zocalo writes  |  about a year ago

Zocalo (252965) writes "Star Citizen, Chris Robert's attempt to reboot the Space Sim genre, hit a major funding milestone earlier today, exceeding the previous record of $4,163,208 secured by the game Project Eternity and more than doubling the initial funding target set by the producer of the Wing Commander series. With Stretch Goals now being passed every few hours bringing new features to the planned game, and David Brabham annoucing a new installment of the classic Elite using a similar funding model at Kickstarter could this be a wake up call for the big game publishers to take another look at the genre?

There's still two days left of Star Citizen funding as well, so if you feel like being a part you can chip in either at the main RSI site or on Kickstarter."

Link to Original Source
top

A glimpse at piracy in the UK and beyond

Zocalo Zocalo writes  |  about a year and a half ago

Zocalo (252965) writes "The BBC has a fascinating look into the music download habits of the UK population based on stats compiled by Musicmetric. The stats, gathered through the monitoring of BitTorrent swarms and geo-locating the IPs, shows the hotspots for music copyright infringement across the UK and regional preferences for certain types of music. Some of the outliers are somewhat unusual though, suggesting some problems with the methodology or sample size, unless people on the Isle of Wight really do prefer trumpet-playing crooner Louis Armstrong to the likes of Rihanna and Ed Sheeran who top the lists nationwide.

Not in the UK? There are some global stats on the "Most pirated near you?" tab of the story. Better yet, if you want to crunch the numbers for yourself all of the data has been made available at the Musicmatch website under a Creative Commons license and a RESTful API to access the data (free for non-commercial use!) is also available."

Link to Original Source
top

CNet / download.com trojaning OSS tools

Zocalo Zocalo writes  |  more than 2 years ago

Zocalo (252965) writes "In a post to the Nmap Hackers list Nmap author, Fyodor, accuses C|Net / download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either.

Fyodor's on the lookout for a good copyright lawyer, if anyone has one to spare."

Link to Original Source
top

Free IPv4 pool now down to seven /8s

Zocalo Zocalo writes  |  more than 3 years ago

Zocalo (252965) writes "For those of you keeping score, ICANN just allocated another four /8 IPv4 blocks; 23/8 and 100/8 to ARIN, 5/8 and 37/8 to RIPE, leaving just seven /8s unassigned. In effect however, this means that there are now just two /8s available before the entire pool will be assigned due to an arrangement whereby the five Regional Internet Registries would each automatically receive one of the final five /8s once that threshold was met. The IPv4 Address Report counter at Potaroo.net is pending an update and still saying 96 days, but it's now starting to look doubtful that we're going to even make it to January."
Link to Original Source
top

Following protons on a trip to (& through) the

Zocalo Zocalo writes  |  more than 3 years ago

Zocalo (252965) writes "Ars Technica visits CERN and takes an in-depth look at the LHC, providing details on the extensive array of supporting technologies and science that don't get the same level of media attention as the main ring. The article details the various stages and sub-accelerators that protons go through in their roughly 6 million kilometer journey from CERN's proton sources, through to their entry into the LHC's main 26km ring and then onwards to an eventual high energy collision at one of the four detectors. Unsurprisingly, there is no mention of any of Dan Brown's outlandish super-jets and paragliding facilities, but there are plenty of fascinating bits of information about the accelerator and the high degrees of precision involved in its construction and operation."
Link to Original Source
top

KDE Software Collection v4.5 officially released

Zocalo Zocalo writes  |  more than 3 years ago

Zocalo (252965) writes "Version 4.5.0 of the KDE Development Platform, the Plasma Desktop and Netbook workspaces, and many applications are released today. The KDE team focused on the usability, performance and stability of many previously introduced new features and technologies — click on the relevant links for the full announcements. Ars Technica has already posted a quick look at the new release of the Plasma Desktop here."
Link to Original Source
top

Microsoft to pay providers to delist from Google?

Zocalo Zocalo writes  |  more than 4 years ago

Zocalo (252965) writes "Slashdot recently discussed Mark Cuban's plan to kill Google which was later revealled to be just a thought experiment, but has Microsoft been taking the idea seriously? According to Matthew Garrahan and Richard Waters of the Financial Times, discussions to achieve just that may already be in the early stages with News Corp., and probably with other providers too. Could getting search engine providers to pay for the "privilege" of indexing their sites be a means for old media companies to survive in the Internet era or does Matt Brittin's (Google's UK director) statement that "economically it's not a big part of how we generate revenue" indicate that Microsoft (and News Corp.) are grasping at straws?"
Link to Original Source

Journals

Zocalo has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...