Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

arth1 Re:So close, so far (447 comments)

I recently paid a visit to my sweet friend Helen Jane and was excited to find this book at her house.

She was excited to find a Barbie book at her friend place ? and she's excited because it could inspire her daughter ?

No, she was excited because that would likely be ammunition for another sexism rant.

8 hours ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

arth1 Re:So close, so far (447 comments)

Where do you find actual chemistry sets with actual chemicals in them that can actually make interesting things?

At junk/antique stores. Those made in the 1960s and earlier, generally haven't been crippled for safety.

The set I had came with both lead strips, acids and a burner.

9 hours ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

arth1 Re:LOL ... w00t? (447 comments)

Someone who should be fired, not for being misogynistic, but simply for being stupid enough to not understand what he/she was doing.

We cannot really accuse the woman who wrote this booklet of misogynism.
Of being of the same, ehrm, intelligence level as Barbie, no doubt. But not misogynism.
A little bit of sexism in how boys are portrayed, perhaps.

9 hours ago
top

"Barbie: I Can Be a Computer Engineer" Pulled From Amazon

arth1 Re:I know this! (447 comments)

To be fair to that scene, it actually takes a bit of awareness to realize that fucked up 3d UI was a filesystem wrapper.

fsn (file system navigator) for IRIX was not universally known, but if the girl used IRIX at school, it is not unfeasible that she was familiar with it.

(Most people knowing fsn would have used it to start a real shell, instead of continuing to use the slowest file system navigator in existence, just because it was pretty. But her role in the movie was to be a Barbie, so pretty counts.)

9 hours ago
top

WhatsApp To Offer End-to-End Encryption

arth1 Re:Telegram (83 comments)

How can something in the public domain NOT be open source?

Open Source depends on copyrights.
Public domain depends on there being no copyrights.

9 hours ago
top

WhatsApp To Offer End-to-End Encryption

arth1 Re:Telegram (83 comments)

Telegram. It's open source, uses end to end encryption, and, unlike whatsapp, supports multiple connected clients at a time - including desktop clients for all platforms.

It's public domain, not open source.
End-to-end encryption is easy - you just need to send a courier with a one time pad.
And yes, there are telegraphs supporting multiple concurrent connections by using pitch shifting and filters so the receiver will only hear one set of beeps. But not more than a few.
Sure, there are desktop clients for all platforms - wooden, metal and marble top desktop can have clients, and there are even keys that mount on tilted desktops.

Of course you'll be hard pressed to find anyone on telegram

Indeed. Even Her Majesty The Queen stopped sending telegrams a few years ago. A shame, really.

11 hours ago
top

WhatsApp To Offer End-to-End Encryption

arth1 Re:FBI Director James Comey may not care. (83 comments)

This is the same company that lied about the capabilities of its photo app, as well as stored the photos insecurely.

Why would they have to? All they need to do is present Whatsapp with a hush order to hand over keys.
When Whatsapp generates and maintains the keys, there's no real security here.
I even think it's not unlikely that they have implemented this in cooperation with the three letter agencies, in order to lure people into thinking it is safe. And the great unwashed masses will be fooled, as always.

12 hours ago
top

WhatsApp To Offer End-to-End Encryption

arth1 Re:Not really secure (83 comments)

This is the same company that lied about the capabilities of its photo app, as well as stored the photos insecurely.

Don't forget storing conversation logs unencrypted.
Or requiring a personally identifiable marker (a phone number) in order to work, even when everything goes over IP and supporting anonymous users would be trivial.

12 hours ago
top

WhatsApp To Offer End-to-End Encryption

arth1 Re:FBI Director James Comey may not care. (83 comments)

If it is really END TO END, then WhatsApp can't see the data either.

True, but anyone sniffing the traffic can, if they have access to a decryption key. Not that we know of anyone who would possibly do that...

In my view, this encryption is not to be trusted unless and until it can accept keys that are generated outside the WhatsApp product. Otherwise, how much would you want to bet that the three letter agencies aren't getting a master key under a hush order?

12 hours ago
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

Because you're engaging in a stupid political pissing contest, and you chose not to do your job and learn a new technology that's being adopted by the platform your employer has chosen.

You are so wrong you don't even know. What platform to use is my choice, and it has to be one that supports the software created by the developers working for the company and the environment they need to work in. RHEL7 is not it.
It is not my job to redesign in-house and 3rd party software so it will work with the peculiarities of systemd - it's my job to make sure I provide systems that work and stays working, 24/7, five nines.

12 hours ago
top

Court Shuts Down Alleged $120M Tech Support Scam

arth1 Re:Why... (117 comments)

It amazes me both that people fall for this, and that the credit card companies allow these services to operate under merchant accounts.

The latter shouldn't amaze you. The credit card companies get a cut, I mean transaction fee.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Systemd works OK in Fedora (519 comments)

Yeah, pretty ridiculous then that a Linux distro will start exhibiting that sort of behavior in 2015, don'tcha think?

It's rather telling that systemd introduces and relies on MSDOS .ini files from the 80s-90s era.
In ten years time, the systemd will probably introduce the registry too.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

I'd say it was more about price point than complexity. Its free and good enough vs expensive and full featured.

I don't think that's entirely true. People switched (and still switch) from Solaris to Red Hat, despite Red Hat not being exactly cheap.

I think compatibility and availability of software are the main reasons. The toolbox approach facilitates that, while the kitchen sink abstractions hinder it.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

I guarantee you that if I could have gotten a Solaris workstation for $2k while the Linux workstation was $7k no one would have cared about upgrading components on Linux more easily.

You'd be surprised. People bought expensive workstations with IRIX and changed them to run Linux. Primarily for compatibility reasons, but there were also people who did it because they liked Linux and the concept of a larger toolbox instead of larger tools.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

BS. During the early 2000s the discussion of complex scheduling like existed in Solaris came up again and again. There was general agreement that while Linux was fine for simple Linux servers and workstations that the lack of advanced features made it unsuitable to replace big box Unix. Linux induced a financial collapse in big box Unixes now it needs to replace their complexity and functionality.

What you say doesn't hang on a pitchfork.
If the big commercial unix versions (Solaris, AIX, HPUX, IRIX) failed due to their complexity, the solution for the winner, Linux, is not to increase complexity. It's because of the toolbox approach where you can always upgrade one component without touching others that Linux won. Going back to smit-like administration abstracted five ways from hell and with tentacles into everything and its godmother isn't going to make people flock to Linux.

Splitting sysv init into a couple of even simpler and lower level components might.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

There are long term non-systemd distributions. Crux and Alpine for example. The mainstream distributions are having it foisted on them by upstream because open source developers do think it is that good. This isn't about system admins.

The sysadmins are the meal ticket of developers. For years now, we've been saying we don't want systemd unless it can be made compatible and standalone. Now Red Hat calls me and wonders why I choose to install RHEL 6 on new systems, given that RHEL 7 is out. Why? Because we told you in advance what we wanted, and you chose not to listen.

Sysadmins are in a position to choose their operating systems. The developers are not in a position to choose their customers.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Systemd works OK in Fedora (519 comments)

Systemd works OK in Fedora

In the same way as ketchup works ok on dinner.
It depends on what you eat, and whether you want diversity or accept ketchup-compatible slop served on fancy plates.

Systems that cater to 90% of the users isn't good enough for Unix-like systems. Because the 10% provide 90% of the innovation.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Re:Go back in time 5 years (519 comments)

Tell me why any of that is necessary? It's exactly like how Windows manages network interfaces.

Don't worry - systemd will handle that for you, and bring your interfaces up whether you want them up or not, using hundreds of sensible MSDOS .ini files. And if you run into problems, you can always check the systemd-journald binary logs through a suitable systemd secret decoder program. Unless, of course, the system went down before the non-transactional logging went to disk.

yesterday
top

Debian Votes Against Mandating Non-systemd Compatibility

arth1 Kum-ba-yah (519 comments)

some developers are already trying to mend the community and soothe the wounds.

I'm not sure that giving people warm fuzzies should take priority over steering the ship in a direction that has proven successful for more than a generation, and which has allowed diversity to flourish.

yesterday
top

NYT: Privacy Concerns For ClassDojo, Other Tracking Apps For Schoolchildren

arth1 Re:Custody review? What! Huge red flag here. (66 comments)

Are you saying you don't think it should be allowed? Collectively, these teachers spend more time with the kids than the parents do. As long as the judge can deal with the context appropriately, it's very important data.

Important enough that it may be sold to the highest bidder 30 years later when the kid runs for president?

The main problem here is retention, and who possesses the data.

2 days ago

Submissions

top

Blog pioneer WELL close to closing

arth1 arth1 writes  |  more than 2 years ago

arth1 (260657) writes "One of the first Internet communities outside Usenet, The WELL (Whole Earth 'Lectronic Link) is in dire waters. The owners, Salon, have laid off the entire staff, and are looking for buyers.

The WELL started out as a BBS-like entity, and proceeded through telnet to also support web and e-mail. Its web interface may seem dated by today's standards, but it works quite WELL, and was an influence on many later online communities, including Slashdot.

Subscribers received an e-mail from Salon Media Group's CEO Cindy Jeffers, stating:
"[....]as part of the company’s review of its strategic objectives, we have determined that The WELL no longer aligns with our business plans and accordingly we are exploring transferring The WELL to new management."

This came as a surprise to the employees. Gail Williams, one of the (former) employees wrote in a newsletter:

"On May 30, 2012, the community department at Salon was disbanded, and the three employees who had been working from 30% to 100% on running The WELL were laid off. We were shocked, of course."

Now is the time to make an offer to save this historic landmark on the Internet."

Link to Original Source
top

arth1 arth1 writes  |  more than 7 years ago

arth1 (260657) writes "From the Bay City news wire:

"A friend of Nina Reiser, an Oakland woman police believe was murdered, has helped set up an education fund for her two young children.

Ellen Doren said people who want to contribute to the fund should make out checks to "Education Fund for Rory and Nio Reiser" and send them to Education Fund for Rory and Nio Reiser, 6114 LaSalle Ave #127,Oakland, CA 94611."


Sounds like a good idea; orphan kids are stuff that matter."

Journals

top

Letter frequencies in URLs

arth1 arth1 writes  |  about a year ago

Doing some maintenance on a few squid cache servers, I decided to look into the letter frequency distributions for URLs, and how it matches normal written text.
Four caches were scanned for the URLs of currently cached content only, constituting around 1.5 million URLs.

In short, the results have some of the same characteristics as normal text, but with notable exceptions. You don't get an etaoin shrdlu; there are a lot of h, t, p, colons and slashes in URLs which skew the results. I'm also surprised that w scored so low, given all the URLs that start with www.

If anyone else finds a use for this, here is the data. Each character in the URL is followed by the number of times it was used in each cache, plus the total for all four caches.

/: 83198 130244 3028097 2929538 6171077
t: 73026 99729 2727455 2641930 5542140
e: 52801 95537 1746624 1753865 3648827
.: 35317 60175 1478231 1467006 3040729
o: 40941 86873 1423124 1448453 2999391
a: 43075 72450 1408451 1384211 2908187
c: 36078 64921 1308435 1295986 2705420
s: 41946 76684 1251987 1278493 2649110
p: 28248 44907 1214805 1190698 2478658
m: 29609 45768 1168769 1195505 2439651
h: 22543 41992 1029463 1019494 2113492
i: 37846 58586 974977 994693 2066102
n: 30006 51596 815477 795344 1692423
r: 26958 53239 801514 774606 1656317
g: 23689 57734 666533 790131 1538087
d: 23304 36637 746244 697523 1503708
:: 15442 27059 639115 649013 1330629
w: 25563 41061 622672 629215 1318511
1: 9697 12580 577523 561429 1161229
l: 21855 32824 560110 542960 1157749
2: 9890 13516 492565 514385 1030356
u: 11878 15246 440808 431176 899108
0: 10333 13106 404229 445998 873666
v: 7450 8415 328991 292590 637446
b: 9980 26743 280533 285767 603023
3: 6296 6905 299391 272352 584944
f: 9866 25830 265685 266037 567418
4: 4738 5931 273161 244104 527934
k: 4202 5641 235501 230456 475800
5: 5957 6920 212941 235172 460990
7: 6497 7333 230677 200956 445463
9: 4327 5215 206613 195295 411450
8: 5363 6697 210689 178565 401314
6: 5761 6487 209092 175203 396543
x: 3853 5755 168401 144265 322274
-: 3516 11325 124398 133481 272720
y: 4348 5272 114803 96971 221394
_: 2301 2683 87749 80901 173634
j: 4436 5058 89043 72567 171104
=: 1555 1437 37342 35214 75548
q: 1494 1538 32910 37861 73803
z: 741 907 29563 30037 61248
,: 3282 2848 21099 14688 41917
&: 493 413 12558 9222 22686
%: 220 460 9640 11420 21740
;: 2878 2254 8281 8281 21694
?: 322 294 4796 9264 14676
+: 45 35 1333 1758 3171
~: 31 7 996 735 1769
$: 0 0 425 670 1095
^: 6 0 420 228 654
*: 27 10 187 188 412
!: 0 2 282 122 406
[: 0 0 292 23 315
]: 0 0 272 23 295
|: 8 8 77 167 260
@: 10 0 113 38 161
(: 0 0 75 55 130
): 0 0 69 55 124
{: 0 0 75 0 75
\: 0 0 6 4 10
': 0 0 1 1 2

Does it have any practical use?
Perhaps. In proxy.pac files, a common method of load balancing based on URLs, known as the Sharp Superproxy script, is to sum the ASCII values of the cache entries, and mod it by the number of servers, to pick a server to use. .pac files are javascript, and javascript does not have an easy method to return the ascii value for a character. So what's generally used is a function like:

function atoi(charstring) {
    if (charstring=="a") return 0x61; if (charstring=="b") return 0x62;
    if (charstring=="c") return 0x63; if (charstring=="d") return 0x64;
//.....
}

This can be speeded up by ordering the list in the order of frequency, starting with "/", "t", "e", ".", "o", "a" - just moving those few to the front, reduces the latency of the script significantly.

Also, hashing in URL history handling can be sped up if the most prevalent buckets are created. This could also be useful for other URL collections, like AV software URL matching. I am unaware of any that work directly with character based lookups, but it is certainly one way to do it.

Other uses?
In pen testing, having a frequency table like this can greatly aid in URL discovery speed.

But all in all, it was a fun exercise. Note that the variations may be great, especially for the bottom half of the list. Also note that the low count for the letter 'x' in the URLs might not match your users.

top

Slashdot clandestinely scanning its users

arth1 arth1 writes  |  more than 6 years ago

I just discovered something I'm not sure I like.

Whenever I post something to slashdot, slashdot connects back to port 80 on the machine I post from, looking for an open proxy on port 80.
This isn't behavior I really like to see. It's unsolicited, and more to the point, it takes advantage of a local firewall possibly being temporarily open for traffic FROM an address for a short while after connecting TO it.
There might be a "good cause", like collecting a list of open proxies for the poor guy behind the Great Firewall of China or something similar, but it's still unsolicted, clandestine and not documented.

Here are a couple of web log entries showing this:
216.34.181.45 - - [10/Sep/2008:15:47:47 -0400] "GET http://news.slashdot.org/ok.txt HTTP/1.0" 404 271 "-" "libwww-perl/5.812"
216.34.181.45 - - [10/Sep/2008:20:32:18 -0400] "GET http://mobile.slashdot.org/ok.txt HTTP/1.0" 404 273 "-" "libwww-perl/5.812"

Slashdot Login

Need an Account?

Forgot your password?