Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

UK Organization Set Up To Encourage IPv6 Adoption Closes

ace123 Re:DD-WRT Replacement? (100 comments)

It's been a while since i've used DD-WRT. Last I checked, it was still using the 2.4 kernel with the closed-source drvier on many broadcom devices. Linux 2.6 has been out for 9 years, and the open source broadcom drivers have stabilized much since then.

I highly recommend OpenWRT with its Luci configuration interface. You're going to find it a worthwhile replacement for DD-WRT, including native IPv6 support (provided you go with the broadcom-2.6 kernel). You don't need to know much about using the command line to get things to work (and even if you go this route, there are many people who can help).

I've been using OpenWRT Kamikaze without issue on my WRTSL54GS (very similar in hardware configuration to the WRT54GL), and all the computers in my house have native IPv6 (with "radvd" autoconfiguration) using a 6to4 tunnel on Comcast. If you need details on how I got it set up, just let me know or start a post on the forum. The openwrt community is very friendly with a lot of knowledgable folk. I've loved OpenWRT and not had any reason to look back.

about 2 years ago
top

Meebo Discontinuing All Services Except for Meebo Bar

ace123 Re:Any good Web alternatives? (121 comments)

I don't think the UI is that much of a problem. Still, I usually use imo.im, since it syncs unread messages with their mobile app.

more than 2 years ago
top

NTT DoCoMo Asks Google To Limit Android Data Use

ace123 Re:NTT DoCoMo is the standard gold of mobile netwo (160 comments)

Yes, if I had mod points, I'd mod you up.

I'm an app developer, and I've had to deal with countless network problems (usually NAT's dropping connections without RST) that ended up being resolved by stupid strategies like "f it, lower the keepalive interval to 5 minutes", and killing a connection if it was not ack'ed in X seconds (you can be more agressive with killing TCP connections by adding protocol-level acks on client&server).

But despite this, I've managed to reduce bandwidth greatly by making my protocol independent of TCP connection -- in other words, I connect, tell the server who I am, and keep going with my connection, slowly making forward progress even if my layer 3 connection is killed every few seconds. At this point, TCP port 443 becomes basically a heavyweight datagram protocol (with a SSL handshake) because you can't rely on anything.

I'd rather use push notifications, but they have two glaring holes: 1) You can't rely on messages arriving on time. This means it's useless for a VOIP app where you expect it to ring within a few seconds. 2) Google C2DM requires that you have android market installed. This means your app won't work on half the phones around the world.

more than 2 years ago
top

NTT DoCoMo Asks Google To Limit Android Data Use

ace123 Re:NTT DoCoMo is the standard gold of mobile netwo (160 comments)

It's funny that you say that, because based on (admittedly half year old) data that an app developer collected about reconnect rates, Japan was by an order of magnitude the worst country with regards to number of reconnects that this app had to perform (DoCoMo was the second-to-worst carrier around the world).

Reconnects happen because the cell carrier closes a connection or times out--a good cell carrier won't change your IP address or RST your connections when you switch towers, but a bad one might decide to assign a new IP address each time. On some apps, reconnection may consume up to 1MB of bandwidth each time as they attempts to resync data (Yes, good apps shouldn't do this, but I have seen it happen.)

The problem is not Android -- the problem is the shitty QoS that most mobile carriers put on their networks, combined with the fact that they often kill connections at the NAT layer without notification, time out connections over unwanted ports and block protocols that they don't like.

The end result is that everything on a cell network has to happen over port 80 or port 443, with the SSL negotiation overhead that involves, combined with sending keepalives every 4 minutes. Yes, Android is unoptimized. DoCoMo might be doing everything right, but they bear the price of all of the terrible cell carriers that go out of their way to block data (AT&T, T-Mobile, I'm looking at you). Android 4.0 has a Data usage monitor that helps a ton in debugging misbehaving apps, but data is a fact of life.

That said, Apple may have made a good decision by forcing app developers to use push notifications when the app is in the background. Android messed up push notifications by tying them to Google Talk and Android Market -- this means apps that require push will not run on a large fraction of android devices around the world (including the Kindle Fire). The result is that apps don't use push and implement their own (often buggy/wasteful) push system.

Finally, if DoCoMo doesn't want users to send/receive data, then limit their bandwidth for crying out loud. Don't whine when you provide fast service and people use it. What is complaining to the OS manufacturer going to do? They provide a platform, not the apps or the service they run on.

more than 2 years ago
top

Ubuntu 12.04 LTS Won't Fit On a CD

ace123 Re:Why? (488 comments)

Why did this article make slashdot? Who cares that a distro with all the default packages enabled won't fit on a CD? Does Windows Vista fit on a CD if you include all the default packages and a word processor? Does OS X?

If you have an old system, you can use the https://help.ubuntu.com/community/Installation/MinimalCD and download packages off the net.

As long as they continue to support PXE boot, USB boot and other minimal bootstrap images that require network support, I'm fine. Heck, you can put your harddrive in another system and debootstrap ubuntu onto it if you are in a bind with a bad net connection and no DVD drive.

more than 2 years ago
top

Google Not Reciprocating On IFrame Usage?

ace123 Re:Aren't iframes part of the HTML standard? (115 comments)

Yes, and the original standard allowed any site to frame any other site and access any data from it... This isn't 1999, and you shouldn't be quoting a 12-year-old spec to talk about security issues that weren't even known at the time. Read the HTML5 spec and maybe you will start to see just how many nuances there are in keeping things working while having security on top. Not even the HTML5 spec explains all the complicated shit that browsers have to do... Mozilla's documentation is the best resource for this stuff because they describe what a real browser does. Here you go, first google result:
https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header

X-Frame-Options is a standard header (despite the "X-" part, it is a standard security feature built into *all* modern web browsers, including IE), and it is up to a site owner to choose to use it. This is the only guaranteed way to solve clickjacking attacks. Other methods require javascript enabled and some nasty hacks. See this page if you don't believe me:
http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed

That said, it's like using a hammer to put in a staple, way overkill. Problem is, there is no way to guarantee that your page is not being clickjacked -- there are so many ways to do a clickjacking attack that browsers simply can't guard against all of them, for example, plugins, opacity, ...

Yes, users shouldn't be stupid enough to input confidential information when the address bar has an untrusted URL... but the clickjacking attack works by showing users confidential information that only a trusted site could possibly know and giving them a familiar login form... It's very difficult for all but the most trained user to distinguish this type of site from the real thing.

Not all sites use this, but Google decided it was worth adding the header to protect themselves. That's their decision to make. For my web page, I'm considering the javascript-based solution because it allows a more clear message and lets users override the check if necessary, but this may compromise security in one or two cases, so it's a tradeoff.

more than 2 years ago
top

Ohio Supreme Court Drawn Into Magnetic Homes Case

ace123 Re:Why replace? (462 comments)

Evidently, the coercivity of the media who reported on this story was high enough to be affected by these magnetic homes.

(Sorry, it was only until after I read your comment that I discovered which type of media you were referring to.)

more than 2 years ago
top

Teach Your Router New Tricks With DD-WRT

ace123 Re:Open-Source my ass! (257 comments)

DD-WRT is open source in the same sense that the original Linksys firmware was open-source. Clearly, the GPL parts are open source, including all kernel modules and command line tools based on BSD/Linux. And yes, it must be possible to compile a bootable image with minimal shell support (otherwise they wouldn't be complying with the GPL). However, (this was true two years ago--haven't checked sense) DD-WRT has several binary blobs and closed-source components that handle higher-level tasks (for example, at the time I was looking into this, it was not possible to extend the webserver.)

Additionally, DD-WRT was still on the age-old nvram model of configuration, rather than using a read-write overlay filesystem to allow editing any configuration files. This means that some things were a pain in the ass to change once you have flashed the router, and building a custom image requires compiling a 10GB svn checkout. I'm sure you got it to compile, but I'm just saying that compiling isn't as easy as it should be. I (as did many other angry slashdotters) wasted several hours trying to compile DD-WRT. This is why the words "open source" in the description gave such a backlash.

Anyway, I didn't bother to figure out the compilation process, and I just went over to OpenWRT for my Linksys WRTSL54GS (kernel 2.6 broadcom with b43 -- works really well), Airlink AR-430W, and D-Link DIR-615. They all work really well.

That said, DD-WRT is a fine firmware if you want something that works and does more than the default images--I have friends who love it. It does Client Bridging which is the one feature I sorely miss from openwrt. So in my opinion it's a good choice if you are the sort of person who wants things to work and doesn't plan to write scripts or tweak things from source. And because fewer things are configurable and Brainslayer tests it on a ton of routers, you can be sure that an image will work on your hardware without tweaking anything (if it's on the Supported Devices list).

more than 2 years ago
top

WikiLeaks Sues the Guardian Over Leak

ace123 Re:Password (289 comments)

This is why an encryption key is never "temporary" -- it shows no discretion on the part of the journalists to leak a key. This is not a password that can be revoked--it's a key. If you have a key for your previous house, you don't ever give the key away while telling people the address -- the lock has probably not been changed.

Honestly I don't know why he didn't use SCP or SFTP, giving the journalist the fingerprint+password over a second channel... It's easy to revoke a password, and hard to MITM the leap-of-faith while maintaining the correct fingerprint. But hindsight is 20-20... I wouldn't have thought of this issue either.

I know most people are complaining about the irony of a leak at wikileaks, but has nobody considered the fact that the gpg-encrypted file was publicly available on a "temporary server", probably for at least a few hours (it must have taken Leigh some time to drive home and start the download).

At the time, wikileaks may not have been as popular, but it's not a stretch to imagine somebody was randomly browsing the IP address of that "temporary server" at the time, and noticed the encrypted file. Wikileaks is not your ordinary file host with uninteresting data on it--every file on there can be considered politically sensitive, and it may have been downloaded by several governments the instant Assange started the http daemon.

So it's not a stretch to imagine somebody downloads the file and leaves it on his hard drive waiting for the password to come out. Heck, I may have done this once or twice to the "insurance" file--and the only thing more obvious than "insurance" is a file named "cables.gpg".

about 3 years ago
top

First Observational Test of the "Multiverse"

ace123 Re:in a galaxy far away (258 comments)

Actually, you were five minutes behind.

It would be kind of hard to send that message in five minutes in this universe. Perhaps the speed of light is different where you come from.

I think you meant five million years behind--but I'll excuse you, the keys are like right next to each other.

more than 3 years ago
top

Zediva Shut Down By Federal Judge, MPAA Parties!

ace123 Re:Zediva clearly forgot the Golden Rule (189 comments)

NO, that is not a solution! You're doing exactly what the RI/MPAA want. The RI/MPAA have a secret, and that is that they want people like you to pirate their movies, because some of your friends will then pay money to watch them (since they have convinced the public that piracy=murder).

If you really want to stop the movie industry from bribing our public officials and criminalizing us, you should boycott the movie industry. This means, *do not consume* music/movies covered by RI/MPAA--whether you paid for something legally or not is a moot point (unless you get caught).

If you squint your eyes at MPAA, you will notice that the last letter in the acronym stands for *America*. America does not have the only movies/music in the world, and there is nothing these corporations would fear more than American media becoming irrelevant. A boycott of american media (or election reform to prevent bribery of public officials through "donations") is the only way we can stop corporations from controlling our laws and controlling us.

There are other countries that produce music and movies, and some of it is as good or better than our mass-produced hollywood media. If everyone watched half as much American media and watched some movies from other countries, that means 50% less money going to the RI/MPAA, and 50% less bribes to our representatives.

more than 3 years ago
top

Ubuntu 11.10 Down To 12-Second Boot

ace123 Re:HDD -- SSD (221 comments)

1. Yep, just run tune2fs and enable the ext4-specific features (google for 'upgrade ext 3 ext4') Then, make sure to edit your /etc/fstab. -O extents is the magic that makes them incompatible, but you don't need to use extents to get the benefits of ext4.

2. The rename issue was about bad assumeptions made by some gnome/kde programs about when to call fsync(), and those have long been fixed. I think it was that ext3 used low time to sync, so it was almost impossible to run into this, and ext4 set the *default* sync delay much higher--it is easy to change this in /etc/fstab, so google about this if you want.

I've been using ext4 since before it was supported in most distributions (soon after the announcement that it was marked stable in linux) and I've had no such issues (or I've never noticed). My /home partition has survived crashes due to the faulty seagate drives of 2.5 years ago (on RAID 1) and survived an abnormally high number of daily motherboard/psu-related crashes with no data loss (of stuff synced to disk).

more than 3 years ago
top

Ubuntu 11.10 Down To 12-Second Boot

ace123 Re:bootloader (221 comments)

Saying Slackware doesn't support GRUB is like saying Dell doesn't support Linux. It's a bootloader, and aside from installing it, it's completely unrelated to the OS. They probably kept LILO as the default since it's works easily out of the box.

Just grab a copy of grub2, make, make install, install it to the bootloader, and set up a linux64 menu.lst to load into your OS. Unlike LILO, you can actually type in commands at the boot prompt and tab complete to get a list of OS's, so it's kind of hard to mess up if you have the documentation handy.

That said, there's not much point in changing something that works--unless you're intent on booting on new hardware that uses EFI or something.

more than 3 years ago
top

Ubuntu 11.10 Down To 12-Second Boot

ace123 Re:HDD -- SSD (221 comments)

Make sure you're using EXT4 for your filesystem... it's really simple to upgrade, and you can basically change /etc/fstab, and optionally run some tune2fs parameters to enable extents if you are happy with making it permanent.

Just changing fstab to say "ext4" instead of "ext3" alone cuts fsck time by about a factor of 10 (but make sure your version of grub supports ext4 before turning on extents). My 900GB ext4 raid partition will fsck in roughly the same amount of time as my 20GB ext3 root partition

more than 3 years ago
top

Ubuntu 11.10 Down To 12-Second Boot

ace123 Re:HDD -- SSD (221 comments)

That's mostly true -- however, my MSI motherboard seems to spend 5 seconds in each of the AHCI controllers, with the annoying "Press Alt-F2 for RAID setup" message (and switching to IDE emulation makes ubuntu's Disk I/O roughly 25% slower in terms of boot time). Aside from that, I can hardly see my BIOS boot logo--it flashes and goes to GRUB.

Unfortunately Ubuntu seems to have poor support for UEFI at the moment... not too long ago, apt-get dist-upgrade was forcing me to remove grub-efi-amd64 in exchange for grub-pc, and I had to do some nasty dpkg hold to avoid that.

I find this number pretty surprising--my 11.04 boot isn't anywhere near 12 seconds, even with UEFI. Even if you leave out the time to start the ubuntuone and nepomuk I/O heavy processes, my system spends roughly 10 seconds before anything prints out (ureadahead and kernel modules).

LightDM should help a fair amount, so I'm happy about that... but I'm worried that's just offloading the gnome libraries to later in the boot process, so I don't think this will help much for time to a usable desktop...that is, unless you use strictly Unity WM and no kde/gnome apps whatsoever. I guess this might not be for me.

more than 3 years ago
top

Security Consultants Warn About PROTECT-IP Act

ace123 Re:Doesn't have to conflict with DNSSEC (298 comments)

Why aren't search paths disabled by default? They seem like a huge security hole. I don't want to be getting "google.com.mitm.comcast.net" when I type in "google.com".

Search paths should be enabled explicitly, since I've only ever seen them legitimately used on corporate networks where they control all the computers anyway.

more than 3 years ago
top

Standards Make Rapid Software Releases Workable

ace123 Re:Chrome, Opera and Firefox (97 comments)

First to answer your question: I agree about using Opera in business--I actually think that makes a lot of sense for businesses concerned about stability. I'm sure Opera would sell support agreements, and they don't have an insane release schedule, though they manage to keep up with standards. I suspect Opera doesn't have brand name recognition, so no IT manager would bother suggesting it out of fear of a backlash. For example, what if an obscure version of Oracle's timecard crapware fails on Opera? Then you would need to tell people to use IE or Firefox to run internal apps -- and you're back to the same problem.

As for Chrome-- "Google Chrome" is not open source because it includes a version of flash player, a custom trademark, and PDF support, among other things. (Firefox has this distinction too--the difference between Firefox and Iceweasel.). But in general, the developers actually want to release as much as open source as they can. They need to have a really good reason before deciding to make something closed source (usually a result of legal requirements, as in Adobe Flash's redistribution license).

However, Chromium comprises most of the code (enough that most developers modify and test chromium, and wouldn't notice the difference). Chromium is what you should be using: it is shipped entirely under the revised BSD license (it's about the most liberal open source license out there), and you probably can't tell the difference with the exception of missing a few google-specific features like Sync (most of these are open source but disabled by default).

If you want to use the open source version, feel free to download nightlies here (updater is disabled here since it doesn't make sense):
http://build.chromium.org/f/chromium/snapshots/
Or, if you want--just compile Chromium yourself. It's a cakewalk on Mac/Linux -- and it's easy on windows if you have Visual Studio.

more than 3 years ago
top

DisplayPort-To-HDMI Cables May Be Recalled Over Licensing

ace123 Re:Easy (417 comments)

Captain Keming to the rescue! (Or, in this case, he may be called Captain Keiviing)

more than 3 years ago
top

Microsoft Launches Office 365 Cloud Suite

ace123 Re:Leap years? (200 comments)

What do we do on day 366? And is that February 29? Or December 31? Or January 1? Help me, Microsoft!

It's okay: we won't have another leap day until 2016, so Microsoft didn't need to code that logic into their software. 365 days is enough for anyone.

Don't worry: in 2015, Microsoft will release a new version, Office 366, which will offer you the full yearly experience for only one of the cheap monthly prices listed below (assuming you pick the right plan)!

  . /- $2/mo for Plan E
  / $4/mo for Plan K1
  \ $6/mo for Plan P
< $10/mo for Plan E1 or K2
  / $16/mo for Plan E2
  \ $24/mo for Plan E3
    \- $27/mo for Plan E4

Pick your plan today, before it's too late. The 366th day cometh!

more than 3 years ago
top

Video Games Expected To Drive 3D Mobile Phone Sales

ace123 Re:"Looks awesome" does not mean value (39 comments)

My title was misleading, sorry. I don't mean to say there is no value in stereo video. Just as stereo and 5.1 audio improve the experience, stereo video has the ability to improve the experience. But I'm tired of the media treating this as though it's a whole new paradigm. (Ever been to an IMAX movie and watched the beginning where they show off the 10 speaker surround sound system? My reaction usually is "That's really cool. But start the movie already")

Personally, I'd rather they spent their efforts on adding more resolution and better touch accuracy to cell phone screens. Hardware space/development time is finite, and 3D screens are going to draw effort away from things that affect my everyday usage of these devices.

The one good thing about this technology catching on is that people may start to record more data in stereo video, which could lead to interesting use cases in things like photosynth and 3D model scanning (this time I mean real 3D as in three axes, not stereo).

more than 3 years ago

Submissions

ace123 hasn't submitted any stories.

Journals

ace123 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>