×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

How Apple's Billion Dollar Sapphire Bet Will Pay Off

arth1 Re:Well. (188 comments)

I to am on the Gorilla Glass bandwagon as well, and a big big fan of Corning. But Gorilla Glass is under patent. Synthetic Sapphire has been around since 1902, and it was cheap back then. Sapphire is hard... 9 on the Mohs scale, and the only substance harder is natural and synthetic diamond. I find it difficult to believe... so...do you have any references that says Gorilla Glass is cheaper and harder than Sapphire?

I'm not the parent poster, but here's a ref claiming that Gorilla Glass is indeed both cheaper and far weaker than sapphire.

yesterday
top

How Apple's Billion Dollar Sapphire Bet Will Pay Off

arth1 Re:Should have gone with ruby.... (188 comments)

Scotty used an Apple Macintosh to enter the formula.

What struck me watching it was that
(a) My watch already had a transparent alumina crystal - sapphire.
(b) No real Scotsman would say aluminum, but aluminium.

yesterday
top

Administration Ordered To Divulge Legal Basis For Killing Americans With Drones

arth1 Re:Obligatory (307 comments)

The 21st century of "civilized countries" that are "permitted to kill its own citizens"?

Barbaric tribal practices, indeed. But since they're your tribal practices...

I never said that civilized countries are permitted to kill its own citizens. You're reading things I never wrote, drawing erroneous conclusions.

If the electorate of a country vote for a government that kills its own citizens, like the US does, that is up to them. That doesn't make it less barbaric, but at least they have the jurisdiction and the will of the people.
Most civilized Western countries have long since abandoned a revenge based justice system and capital punishment.

What countries don't have is jurisdiction outside its own border. Two countries tend to disregard this on a permanent basis.

2 days ago
top

Administration Ordered To Divulge Legal Basis For Killing Americans With Drones

arth1 Re:Obligatory (307 comments)

What about children, felons, and those who are not old enough to have a) voted

In civilized countries, children enjoy special protection, and the right to vote is inalienable, so there are no felons who cannot vote.
Quite unlike here in the US, where voter disenfranchisement is rampant and children are tried as if they were adults.

It's high time for 'Tis of Thee to join the 21st century and abandon her barbaric tribal practices and join modern Western civilization.

2 days ago
top

Venus' Crust Heals Too Fast For Plate Tectonics

arth1 Re:Carbon dioxide is *NOT* toxic. (131 comments)

Are there mountains on Venus?

Through first hand experience, I can verify the abundance of Venus Mons.

2 days ago
top

Administration Ordered To Divulge Legal Basis For Killing Americans With Drones

arth1 Re:Obligatory (307 comments)

So let me get this straight, it's perfectly OK to kill people with drones as long as they're not American citizens?

It should be the other way around. A country should only be permitted to kill its own citizens, not citizens of other countries.
The former is acceptable, given the citizens in question are part of the electorate who sanctioned the laws and government, giving them powers over their lives.
The latter is an act of war and trespasses on the sovereignty of other countries and its citizens.

2 days ago
top

Administration Ordered To Divulge Legal Basis For Killing Americans With Drones

arth1 Re:Obligatory (307 comments)

It'd certainly be a good border security method against Mexicans. In fact, they could start by just targetting drug runners and practically solve the drug problem overnight. Drug dealers cost America more money and kill more americans than terrorism by about 100000x

When did drug smuggling become a capital crime?
And when did suspicion (probable or not) of capital crime put aside the requirement for due process?

2 days ago
top

In a Hole, Golf Courses Experiment With 15-inch Holes

arth1 Re:...news for nerds.. (400 comments)

Darts is the weirdest thing to be honest. People will consider archery and shooting sports, but not darts. I think it's because it seems so random to a beginner, but when you get deeper into it, it becomes pretty clear that it's all about fine motor skill.

And maths and strategy. You're left with a score and need to get to zero with the last dart hitting a double, so you need to not only know what combinations will get you there, but also which ones will do the least amount of damage if you miss, and redo your strategy if you miss or a dart blocks your strike zone.
It's as much in your head as it is in your aim, arm and hand.

2 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:The commits are funny into themselves. (372 comments)

If decrementing and comparing to 0 is faster, then a modern optimizing compiler will do that automatically even if you use for(i = 0; i < 8; i++) instead of the other way around.

Do you have one example of a compiler that actually does that?

gcc for example, might unroll the loop, but not revert the look to use a more efficient comparison. A quick test with icc (older version, I admit) doesn't do it either.
Which compilers do you refer to that do this?

3 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:The commits are funny into themselves. (372 comments)

Ir's slashdot's wonderful messaging system that eats less-than signs even when they're not part of tags.

3 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Since when is every search engine Google? (155 comments)

Are you sure about that? I thought Kermit and ZModem were unrelated evolutions, more in parallel than Kermit being a predecessor (or successor) of ZModem. It becomes pretty obvious when you look at features, Kermit and ZModem send filenames to the other end, while XModem and YModem do not. XModem does show off that it is older since unlike the others it doesn't have any sort of error detection.

They're unrelated - X/Y/Zmodem share a heritage,but kermit is unrelated. However, it seems obvious that X/Y/Zmodem was attempting to provide the file transfer capabilities of kermit, making it simpler to both install and use. BBSes embraced it, and X/Y/Zmodem had its days of glory. Nowadays, kermit has overtaken Zmodem and Ymodem-g, so it has possibly gone full circle.

3 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:I would think (372 comments)

Also..OpenVMS has not been updated in almost 4 years. If you have native servers on these machines exposed to the internet, you get what you deserver regardless of the version of openssl you're running. Tell you what - you maintain the OpenVMS patches and I'm sure no one will stop you. Otherwise, stop complaining about it.

They don't need to be on the internet - they may be running back-end or internal systems. But if front-end systems or internal PC or midrange systems communicate with them using openssl, the versions have to be compatible. You can't just upgrade one end of the connection, at least not without extra testing.
Or, it might be a system that has to be accessible and visible to just a small part of the internal userbase, and you protect it from internal hacking.
So legacy systems sometimes need software upgrades too.

3 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:The commits are funny into themselves. (372 comments)

Comparing to zero is faster in most architectures and still is a valid optimization.

Indeed, and you might want to take it even one step further, and test for --i = 0.

There's also the fact that there are plenty of older archiitecture CPUs out there, being deployed even today, especially in the embedded world where product lifecycles are really long, and switching to a new architecture can mean dozen of man-years of work.
Do you want your water company and cable provider to install new meters every two years to keep up with the latest technology? Guess who would pay for that!
In critical infrastructure it becomes even more important to support old hardware. Would you feel safer in a plane running hardware/software that has shown itself to work, or one with bleeding edge computers that crashes as often as a typical desktop?

Optimization isn't bad. But you have to know what you're doing, and why. High level developers relying on magic abstractions layers need not apply. Their strengths lie elsewhere.

3 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:I would think (372 comments)

not necessarily - when I saw a commit that said "removed use after free" (ie still using a structure after it had been freed) then you've got to think the code is just generally sloppy.

Not necessarily - if they used their own allocation routines (which it appears they did), it could have an API allowing use after free until a new allocation occurred. If so, the bug would be replacing the memory allocation routines without also rewriting the parts that depended on the old functionality.
And before someone going on a rant saying that that's a brain dead thing to do, it's something that pretty much every compiler does when using the stack. The stack pointer isn't going to change until you change it. So if using a private stack for memory allocation, this is perfectly fine. It's a different API to what's common, but different doesn't mean wrong. It just means that those who use it have to understand it and not make erroneous assumptions.

3 days ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

arth1 Re:I would think (372 comments)

Yup. I can't believe that there were such dodgy trade-offs made for SPEED (at the expense of code readability and complexity) in openSSL.

At least a couple of reasons:
- First of all, OpenSSL was designed with much slower hardware in mind. MUCH slower. And much of is in still in use - embedded devices that last for 15+ years, for example.
- Then there's the problem that while you can dedicate your PC to SSL, the other end seldom can. A single server may serve hundreds or thousands of requests, and doesn't have enough CPUs to dedicate one to each client. Being frugal with resources is very important when it comes to client/server communications, both on the network side and the server side.

Certain critical functionality should be written highly optimized in low level languages, with out-of-the-box solutions for cutting Gordian knots and reduce delays.
A problem is when you get code contributes who think high level and write low level, like in this case. Keeping unerring mental track of what's data, pointers and pointers to pointers and pointers to array elements isn't just a good idea in C - it's a must.
But doing it correctly does pay off. The often repeated mantra that high level language compilers do a better job than humans isn't true, and doesn't become true through repetition. The compilers can do no better than the person programming them, and for a finite size compiler, the optimizations are generic, not specific. And a good low level programmer can take knowledge into effect that the compiler doesn't have.
The downside is a higher risk - the programmer has to be truly good, and understand the complete impact of any code change. And the APIs have to be written in stone, so an optimization doesn't break something when an API changes.

3 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Having to know the URL, what security! (155 comments)

DNS queries? Why didn't you simply search by IP address, which is what DNS queries resolve to?...

Because when web hotels arrived around the turn of the millennium, web servers commonly started serving several hosts from a single IP, and the Host header in the request would determine which site was served.
Scanning IPs would then likely only get you the hosting provider.

3 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Since when is every search engine Google? (155 comments)

zmodem was several generations newer.
kermit -> xmodem -> ymodem -> zmodem

I still use uucp, by the way. For communicating with faraway sites where the connection depends on a shaky cell phone connection that may or may not be up, it's a pretty good way of moving e-mail and logs.

4 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Since when is every search engine Google? (155 comments)

I take it there's not a whole lot of comments because everybody's on TOR browsing summary address.

Ah, in that case, don't worry.

They'll be back the day after tomorrow, when tor has returned results...

4 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Having to know the URL, what security! (155 comments)

Not entirely true. I wrote a search engine of sorts once that in stage one ran DNS queries on dictionary words, and in stage two attempted to fetch / from ports 80 and 443. The results were indexed and searchable.
Of course, the yield was pretty low, but still...

4 days ago
top

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

arth1 Re:Good. (155 comments)

Now the FBI and the Sheriff would be able to set up stings more efficiently.

FBI and the Sheriff? You have no real insight in how law enforcement works here in the US of A, do you?

There are dozens(!) of different police forces, and they seldom cooperate on anything, but try to not step on each others' toes. A sheriff is county police and would not be involved in any international or interstate crime sting. Speeding tickets, serving divorce notices, arresting the busker in front of the strip mall, signing reports of items stolen, sit in cars at local road work - that's the sheriff's department. Investigative work to catch internet facilitated high crime is not going to involve the sheriff.

4 days ago

Submissions

top

Blog pioneer WELL close to closing

arth1 arth1 writes  |  about 2 years ago

arth1 (260657) writes "One of the first Internet communities outside Usenet, The WELL (Whole Earth 'Lectronic Link) is in dire waters. The owners, Salon, have laid off the entire staff, and are looking for buyers.

The WELL started out as a BBS-like entity, and proceeded through telnet to also support web and e-mail. Its web interface may seem dated by today's standards, but it works quite WELL, and was an influence on many later online communities, including Slashdot.

Subscribers received an e-mail from Salon Media Group's CEO Cindy Jeffers, stating:
"[....]as part of the company’s review of its strategic objectives, we have determined that The WELL no longer aligns with our business plans and accordingly we are exploring transferring The WELL to new management."

This came as a surprise to the employees. Gail Williams, one of the (former) employees wrote in a newsletter:

"On May 30, 2012, the community department at Salon was disbanded, and the three employees who had been working from 30% to 100% on running The WELL were laid off. We were shocked, of course."

Now is the time to make an offer to save this historic landmark on the Internet."

Link to Original Source
top

arth1 arth1 writes  |  more than 7 years ago

arth1 (260657) writes "From the Bay City news wire:

"A friend of Nina Reiser, an Oakland woman police believe was murdered, has helped set up an education fund for her two young children.

Ellen Doren said people who want to contribute to the fund should make out checks to "Education Fund for Rory and Nio Reiser" and send them to Education Fund for Rory and Nio Reiser, 6114 LaSalle Ave #127,Oakland, CA 94611."


Sounds like a good idea; orphan kids are stuff that matter."

Journals

top

Letter frequencies in URLs

arth1 arth1 writes  |  about 10 months ago

Doing some maintenance on a few squid cache servers, I decided to look into the letter frequency distributions for URLs, and how it matches normal written text.
Four caches were scanned for the URLs of currently cached content only, constituting around 1.5 million URLs.

In short, the results have some of the same characteristics as normal text, but with notable exceptions. You don't get an etaoin shrdlu; there are a lot of h, t, p, colons and slashes in URLs which skew the results. I'm also surprised that w scored so low, given all the URLs that start with www.

If anyone else finds a use for this, here is the data. Each character in the URL is followed by the number of times it was used in each cache, plus the total for all four caches.

/: 83198 130244 3028097 2929538 6171077
t: 73026 99729 2727455 2641930 5542140
e: 52801 95537 1746624 1753865 3648827
.: 35317 60175 1478231 1467006 3040729
o: 40941 86873 1423124 1448453 2999391
a: 43075 72450 1408451 1384211 2908187
c: 36078 64921 1308435 1295986 2705420
s: 41946 76684 1251987 1278493 2649110
p: 28248 44907 1214805 1190698 2478658
m: 29609 45768 1168769 1195505 2439651
h: 22543 41992 1029463 1019494 2113492
i: 37846 58586 974977 994693 2066102
n: 30006 51596 815477 795344 1692423
r: 26958 53239 801514 774606 1656317
g: 23689 57734 666533 790131 1538087
d: 23304 36637 746244 697523 1503708
:: 15442 27059 639115 649013 1330629
w: 25563 41061 622672 629215 1318511
1: 9697 12580 577523 561429 1161229
l: 21855 32824 560110 542960 1157749
2: 9890 13516 492565 514385 1030356
u: 11878 15246 440808 431176 899108
0: 10333 13106 404229 445998 873666
v: 7450 8415 328991 292590 637446
b: 9980 26743 280533 285767 603023
3: 6296 6905 299391 272352 584944
f: 9866 25830 265685 266037 567418
4: 4738 5931 273161 244104 527934
k: 4202 5641 235501 230456 475800
5: 5957 6920 212941 235172 460990
7: 6497 7333 230677 200956 445463
9: 4327 5215 206613 195295 411450
8: 5363 6697 210689 178565 401314
6: 5761 6487 209092 175203 396543
x: 3853 5755 168401 144265 322274
-: 3516 11325 124398 133481 272720
y: 4348 5272 114803 96971 221394
_: 2301 2683 87749 80901 173634
j: 4436 5058 89043 72567 171104
=: 1555 1437 37342 35214 75548
q: 1494 1538 32910 37861 73803
z: 741 907 29563 30037 61248
,: 3282 2848 21099 14688 41917
&: 493 413 12558 9222 22686
%: 220 460 9640 11420 21740
;: 2878 2254 8281 8281 21694
?: 322 294 4796 9264 14676
+: 45 35 1333 1758 3171
~: 31 7 996 735 1769
$: 0 0 425 670 1095
^: 6 0 420 228 654
*: 27 10 187 188 412
!: 0 2 282 122 406
[: 0 0 292 23 315
]: 0 0 272 23 295
|: 8 8 77 167 260
@: 10 0 113 38 161
(: 0 0 75 55 130
): 0 0 69 55 124
{: 0 0 75 0 75
\: 0 0 6 4 10
': 0 0 1 1 2

Does it have any practical use?
Perhaps. In proxy.pac files, a common method of load balancing based on URLs, known as the Sharp Superproxy script, is to sum the ASCII values of the cache entries, and mod it by the number of servers, to pick a server to use. .pac files are javascript, and javascript does not have an easy method to return the ascii value for a character. So what's generally used is a function like:

function atoi(charstring) {
    if (charstring=="a") return 0x61; if (charstring=="b") return 0x62;
    if (charstring=="c") return 0x63; if (charstring=="d") return 0x64;
//.....
}

This can be speeded up by ordering the list in the order of frequency, starting with "/", "t", "e", ".", "o", "a" - just moving those few to the front, reduces the latency of the script significantly.

Also, hashing in URL history handling can be sped up if the most prevalent buckets are created. This could also be useful for other URL collections, like AV software URL matching. I am unaware of any that work directly with character based lookups, but it is certainly one way to do it.

Other uses?
In pen testing, having a frequency table like this can greatly aid in URL discovery speed.

But all in all, it was a fun exercise. Note that the variations may be great, especially for the bottom half of the list. Also note that the low count for the letter 'x' in the URLs might not match your users.

top

Slashdot clandestinely scanning its users

arth1 arth1 writes  |  more than 5 years ago

I just discovered something I'm not sure I like.

Whenever I post something to slashdot, slashdot connects back to port 80 on the machine I post from, looking for an open proxy on port 80.
This isn't behavior I really like to see. It's unsolicited, and more to the point, it takes advantage of a local firewall possibly being temporarily open for traffic FROM an address for a short while after connecting TO it.
There might be a "good cause", like collecting a list of open proxies for the poor guy behind the Great Firewall of China or something similar, but it's still unsolicted, clandestine and not documented.

Here are a couple of web log entries showing this:
216.34.181.45 - - [10/Sep/2008:15:47:47 -0400] "GET http://news.slashdot.org/ok.txt HTTP/1.0" 404 271 "-" "libwww-perl/5.812"
216.34.181.45 - - [10/Sep/2008:20:32:18 -0400] "GET http://mobile.slashdot.org/ok.txt HTTP/1.0" 404 273 "-" "libwww-perl/5.812"

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...