×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

OpenBSD Team Cleaning Up OpenSSL

buchner.johannes Re:Okay, Go! (286 comments)

Obviously since OpenBSD is running their fork of OpenSSL 0.9.8 which essentially doesn't have this exploit, this is just a shameless plug.

OpenBSD 5.3 - 5.5 was affected: see their Security Advisories

2 days ago
top

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty

buchner.johannes Re:Do I get this right: (56 comments)

Still doesn't answer the question if the Akamai code was vulnerable to Heartbleed in the first place.

Everything is vulnerable to Heartbleed.

3 days ago
top

44% of Twitter Users Have Never Tweeted

buchner.johannes Re:Probably typical (120 comments)

No, what it means is that the majority of accounts are bots, created to increase follower-numbers.

3 days ago
top

German Wikipedia Has Problems With Paid Editing — and Threats of Violence

buchner.johannes Wow (55 comments)

One person said something mean in a comment thread. Shocking! This is not the climate of the family-friendly internet I grew up with!

Seriously, a death threat is only relevant if it was specific and realistic threat.

about two weeks ago
top

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks

buchner.johannes Re:Gee, that's worse than no encryption isn't it? (303 comments)

If only they had written OpenSSL in Java instead of C! I'm wondering how many friends I can get on Slashdot with that statement.

..., I think that we need to do three things:

  1) Pay money for security audits of critical security infrastructure like OpenSSL
  2) Write lots of unit and integration tests for these libraries
  3) Start writing alternatives in safer languages

Given how difficult it is to write safe C, I don't see any other options. ...

(from http://blog.existentialize.com..., someone else linked this below).

about two weeks ago
top

UAV Operator Blames Hacking For Malfunction That Injured Triathlete

buchner.johannes Re:Sounds like a RC plane not a drone (178 comments)

Never had anyone get hit by one. Now they're banned. Sad.

Over a period of eight years, lawn darts had sent 6,100 people to the emergency room. 81% of those cases involved children 15 or younger, and half of those were 10 or younger. The majority of injuries were to the head, face, eyes or ears, and many had led to permanent injury or disability.

http://mentalfloss.com/article...

And one was killed.

Just use plastic ones!

about two weeks ago
top

Microsoft To Allow Code Contributions To F#

buchner.johannes Wow ... just why? (100 comments)

"let" statements -- really?
And the selling feature is list comprehension? Looks like they are trying to go into Haskells direction.
Testimonials say it's better than C# for data analysis?
Well, that train has left the station, with R, Python (and Julia) being available. This can not be won by languages, but with high-quality statistics / visualisation / machine learning libraries.

License is Apache v2 by the way.

about two weeks ago
top

UN Report: Climate Changes Overwhelming

buchner.johannes Re:Projections (987 comments)

Nothing significant can happen unless everyone does.

Not true. If 20% do something, it will be significant.
Everyone blame everyone else, and don't do anything? No thank you. Try at least.

And here's the thing - most countries (especially poorer countries) don't give the tiniest bit of a fuck.

Not true. Countries are affected differently, and some poor countries are highly concerned.

If everyone in America did what I'm saying it would make an impact, but A) That will never happen and B) It would just delay the inevitable, because of china etc.

So scenario A It's true and we're all fucked and can't do anything about it. Thus we're arguing over..nothing.

Scenario B It's not true and we're arguing over..nothing.

It doesn't paint the greatest picture of humanity but I'm fairly certain it's an accurate one.

You are falsely blaming others. Even if not everyone contributes, change can be achieved, and it should be tried. Non-contributing countries could even be fined for not contributing to the common rescue attempt.

China has about the same emissions as the US. And guess why China has so much emissions? Because of the outsourced productions (electronics, clothing, toys). The US could easily implement requirements that their outsourced products have to adhere to emission limits!

about two weeks ago
top

GNOME 3.12 Released

buchner.johannes Re: Meet the new boss: (134 comments)

I use it on two big monitors, and it works fine. It's just windows and a status bar, and two bars which get out of your way. I like it. It's not as clunky as KDE/XFCE, and more polished.

about three weeks ago
top

OpenSUSE 13.2 To Use Btrfs By Default

buchner.johannes Re:Beta testers (91 comments)

You can create a file system on a file on your disk (similar to a swap file).
Contrary to popular believe this is not slower than a partition, because if the file is mostly continuous, it can be mapped to disk directly by the kernel. Here I create a file system using a sparse file:
$ truncate +20G mylocal.fs
$ mkfs.btrfs mylocal.fs
$ mkdir -p mylocal; sudo mount mylocal.fs mylocal/

You can use such file systems, for example, to bundle directories with many files, which are deleted/created many times. This causes fragmentation in the file system. Contrary to another popular believe, yes, this is a problem on Linux file systems, and it slows down reads. None of the file system currently has a defragger implemented. Btrfs is actually developing one, but I think it is not in the release yet. The recommended solution is rewriting files (shake).

Sub file system containers can be easily resized, and with sparse files only use up the space filled with data. I use them for the linux kernel build directory (you shouldn't build in /usr/src), for portage (many files, changing frequently), and scientific data directories, to limit the fragmentation, and keep speed high. I use reiserfs for this -- find a managing script here: https://github.com/JohannesBuc...

about a month ago
top

St. Patrick's Day, March Madness, and Steve Jobs' Liver

buchner.johannes Re:Fortunately for Jobs (129 comments)

If it were GPL, every recipient would be required to pass his organs on upon his death. And the organ would perpetually be passed on, because organs want to be free.

Actually not just the organ he received, but all his organs, because the other components require the one received. Although I guess you can argue a generic API.

about a month ago
top

Measles Outbreak In NYC

buchner.johannes Re:MMR Outcry? (747 comments)

https://en.wikipedia.org/wiki/...

Hmm ...
1964 + 25 = 1990, first bump
1964 + 25 + 25 = 2014 new bump?

Maybe this is just the half-time of the shots, and it's time to refresh? I.e. "2014, third dose recommended"

about a month ago
top

How Do You Backup 20TB of Data?

buchner.johannes Re:reduce the amount (983 comments)

20TB is not out of the world. With a RAID of 4TB disks you can cover that at home, and it doesn't need to be on all the time. Maybe you can reduce the amount of disk usage by reducing duplicate content using bup or an appropriate FS.

about a month ago
top

Author Says It's Time To Stop Glorifying Hackers

buchner.johannes Re:Author is s twat (479 comments)

If she used webmail, or TLS/SSL-encryption when sending the email, that should be safe.

Unless the email account is hacked by other means. But usually, that will screw your passwords anyways, as all registrations either sent you passwords, or will allow you to reset them using the email address.

about a month ago
top

Glamor, X11's OpenGL-Based 2D Acceleration Driver, Is Becoming Useful

buchner.johannes Yay! (46 comments)

Cheers to the heros working on improving X. It's probably the most important piece of software on GNU/Linux. Real hackers working there on the most complex issues.

about a month ago
top

Type Ia Supernovae As Not-Quite-So-Standard Cosmological Candles

buchner.johannes Re:so how far off is this? (33 comments)

SN1a are only one of the tools astronomers use: https://en.wikipedia.org/wiki/...
The small distance measures have to match with the medium ones and those again with the largest distance measuring tools. Also on the same level, they should agree.

The benefit of SN1a is that they are abundant, and their method seems to have particularly small systematic uncertainties. Other methods for computing distances are for instance Baryonic acoustic oscillations, which also provide a scale.

about a month and a half ago

Submissions

top

Btrfs becomes stable, releases v3.12

buchner.johannes buchner.johannes writes  |  about 4 months ago

buchner.johannes (1139593) writes "Btrfs is the next-gen filesystem for Linux, likely to replace ext3 and ext4 in coming years and filling the space between ZFS and Reiser4. Btrfs offers many compelling new features but development has been a long time coming in the "unstable" status leaving many users unsure whether to entrust their data to. Since August, their web page declares Btrfs as stable. Have you tried it since? What has been your experience with Btrfs? Fedora users probably are already using it on a daily basis."
top

My primary work is

buchner.johannes buchner.johannes writes  |  about 2 years ago

buchner.johannes (1139593) writes "My primary work is
  [a] developing software for a company
  [b] developing software for a research institute
  [c] research
  [d] management or consulting (not coding)
  [e] I'm unemployed
  [f] something else"
top

WebM license made GPL and Apache compatible

buchner.johannes buchner.johannes writes  |  more than 3 years ago

buchner.johannes (1139593) writes "Google updated its licensing terms for WebM, which is now a pure BSD license, with a standalone patent grant.

Using patent language borrowed from both the Apache and GPLv3 patent clauses, in this new iteration of the patent clause we've decoupled patents from copyright, thus preserving the pure BSD nature of the copyright license. This means we are no longer creating a new open source copyright license, and the patent grant can exist on its own.

Here is the WebM license FAQ. Time to make a GPLv3 fork?"
Link to Original Source

top

Ethics of producing Non-malicious Malware

buchner.johannes buchner.johannes writes  |  more than 4 years ago

buchner.johannes (1139593) writes "I was fed up with the general consent that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help whitehat hackers point out that the system can be turned into a botnet client, by simply downloading BOINC and attaching it to my user account, helping scientific projects. It does not exploit any security holes, but loose security configurations and mindless execution of unverified downloads: I tested it to be injected by a PHP script (even circumventing safemode), so that the web server runs it, hell I even got a proxy server that injects it into shell scripts and Makefiles in tarballs on the fly, and adds onto windows executable for execution in wine (Z: is /). If executed by the user, it can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation).
But now I have a problem: I am unsure of whether it is ethically ok to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, can be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary.
Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
top

Common charger for mobile phones coming in the EU

buchner.johannes buchner.johannes writes  |  more than 4 years ago

buchner.johannes writes "The EU Commission and companies agreed on common charger for mobile phones:

Incompatibility of chargers for mobile phones is a major inconvenience for users and also leads to unnecessary waste. Therefore, the Commission has requested industry to come forward with a voluntary commitment to solve this problem so as to avoid legislation. As a result major producers of mobile phones have agreed to harmonise chargers in the EU.

Discussed before here and here. The text continues:

Industry commits to provide chargers compatibility on the basis of the Micro-USB connector. Once the commitment becomes effective, it will be possible to charge data-enabled mobile phones from any charger compatible with the common specifications.

"

Link to Original Source
top

Your average disturbance timescale?

buchner.johannes buchner.johannes writes  |  more than 4 years ago

buchner.johannes (1139593) writes "In your office, your work is disturbed or interrupted on average after (e.g. people walking in, calls, etc.)

  — less than 5 minutes
  — less than 15 minutes
  — less than 30 minutes
  — less than 2 hours
  — more than 2 hours
  — depends on how fast slashdot throws out stories"

Link to Original Source
top

Jake looking for developers

buchner.johannes buchner.johannes writes  |  more than 4 years ago

buchner.johannes writes "Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools."

Link to Original Source
top

Bittorrent reverse hash database

buchner.johannes buchner.johannes writes  |  more than 6 years ago

buchner.johannes writes "Story at: http://twoday.tuwien.ac.at/jo/stories/305252/
This is probably the first reverse hash database for torrent files.

When watching torrent traffic as an network administrator, you might want to know if the data is legal and complies to your policies.
On the other hand, if you see a torrent loading in your network as a user, if you know what it is, it might be _very_ interesting to join it, as the speed can be expected to be very high.
Database at: http://stud4.tuwien.ac.at/~e0625457/bittorrent/hostedsummary.html"

Link to Original Source

Journals

top

Jake looking for developers

buchner.johannes buchner.johannes writes  |  more than 4 years ago Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...