×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

buchner.johannes Re:Mod Parent Up (298 comments)

Here's my website. I invite anybody to look at the source code, and compare it against your run-of-the-mill WordPress website.

It doesn't do comments on blog posts, it does not have an interface to post new blog entries, it does not keep track of which articles have been viewed. You might as well generate your pages from templates and serve them statically, 0 lines of python needed on the webserver.

4 days ago
top

Ask Slashdot: Has the Time Passed For Coding Website from Scratch?

buchner.johannes Re:Choose a CMS you like (298 comments)

I know all the php/wordpress snobs on /. will dismiss this and laugh but personally if i'm building a site for someone (usually for no money and limited time) I just install wordpress, 'secure it',

I dismiss this and laugh because you think you can secure WordPress.

If you're using WordPress for clients, you better budget in the time you/they will spend upgrading WordPress to fix its latest security vulnerabilities.

Actually you can upgrade Wordpress with the click of a button on the Admin panel. You can even delegate that to your users. Or have Wordpress.com host you. Yes, there are more secure frameworks (your hand-made one is not among them), but few that receive as much auditing as the widely deployed Wordpress.

Building websites based on Wordpress is super-easy, there are extensions for everything, and you can let other people design and integrate the layout/template. Also, other people can take over what you leave behind.
Your other options are things like Drupal or Joomla!, but they take significantly more effort to adapt and hack.

4 days ago
top

Jim Blasko Explains 'Unbreakable Coin' (Video 2 of 2)

buchner.johannes Re:ok. i'll play. "my experience is... (39 comments)

enduring complaints concerning crypto-currency." yeah, i bought BitCoin back in the day. sold it soon, too. made a little coin. kinda like betting in Vegas. for the lulz.

I suspect that there is an enormous selection bias in that people who made a lot of money with BitCoin are featured in (online) newspapers, those who made a little money comment in discussions and the other 80% who lost a little or a lot of money do not comment.

Also, many people invest a lot in hardware to mine BitCoins (and other Coins), which is where their profits go entirely. That seems like a hamster wheel to me. Those people like the experience of learning about hardware and crypto-currencies. Then again, some people like running in hamster wheels too for fitness, so I think the comparison is not off by much.

4 days ago
top

Jim Blasko Explains 'Unbreakable Coin' (Video 2 of 2)

buchner.johannes Re:ok. i'll play. "my experience is... (39 comments)

"Are you up to loaning bitcoin or something less popular for 10 years?" Confidence in any given currency can be tested with the terms current holders are willing to accept to make loans payable in that same currency. (On the other hand, if large companies will accept it in payment, they've probably got an idea that a given currency will be around next month or next year.)

That does not follow. A large company can accept Bitcoins and convert immediately to their local currency. That does not require faith in a long-term forecast.

4 days ago
top

US Senate Set To Vote On Whether Climate Change Is a Hoax

buchner.johannes Re:They already have (661 comments)

Sadly not true. The fashion for some scientists to make names for themselves by producing misleading headlines for their supposed evidence has yet to fizzle.

Was 2014 the warmest it has ever been globally? No.

The satellite records (either one) show no special warmth for 2014 and the BEST record shows no statistical significance to the claim that 2014 was the hottest. Why? Because the tiny increase was well within the error bars of the mean temperature statistic

(The report can be found at http://static.berkeleyearth.or...)

Your argument is misleading. It is true that the question "which was the hottest year since recording in 1860?" Has three possible answers within the uncertainties, 2014, 2010 and 2005. But to the question "which was the hottest decade since recording in 1860?" has a clear answer: the last one. Of course there will be year-to-year fluctuations. But to look at the plot on page 3 and say "oh global warming has stopped just now" is wishful thinking. Also look at the "Ocean Surface Averages", page 5.

4 days ago
top

Oracle Releases Massive Security Update

buchner.johannes No secure download (79 comments)

There is still no way of authenticating Java downloads? Either a download through HTTPS or a hash fingerprint of the file, accessible via HTTPS? This used to exist up until ~2 years ago, but now it is all insecure (the download can include drive-by malware).

4 days ago
top

Gender and Tenure Diversity In GitHub Teams Relate To Higher Productivity

buchner.johannes Re:tl;dr version (103 comments)

They are 6 male authors from the Computer science departmentIt, one female (not a professor). Your stereotyping misled you.

4 days ago
top

Book Review: FreeBSD Mastery: Storage Essentials

buchner.johannes Re:What a crock (75 comments)

why disk encryption might *not* be the right choice:
recovering data can be difficult or impossible,

I was concerned about this as well, and frequent crashes on my laptop (battery empty) can ruin a file system (I have made some bad experience with reiser4 in that regard).

However, I tried it, including forced poweroffs while writing, many crashes, etc., and it is fine. You mount the encryption, and recover the file system as usual, and the encryption layer does not influence the recovery at all.

I can recommend ext4 with LUKS (cryptsetup). It is very easy to set up for a single partition. You can choose AES or TwoFish (512 bit key).

The other thing I was worried about was read/write throughput. There is a benchmark utility that will tell you how how different cyphers perform. However I have never noticed any difference when working with encryption, probably because data comes in blocks and is cached efficiently by the kernel. Today, I do not see any obstacles for encrypting some partitions.

about a week ago
top

Why Run Linux On Macs?

buchner.johannes Re:To escape the walled garden (585 comments)

No it's not because you can add your own, or third-party repos, without needing authorisation.

about a week ago
top

Why Run Linux On Macs?

buchner.johannes Re:To escape the walled garden (585 comments)

To install python libraries like scipy, matplotlib, etc. Apparently that is such a pain in MacOS, and there are so many half-assed distributions methods that you can really botch your system. It makes sense to run a Virtual Machine with Linux on it.

about a week ago
top

The Free Educational Software GCompris Comes To Android

buchner.johannes Re:That is *not* "free" software (75 comments)

Requiring fees based on the deployment platform used does not constitute "free" software under any open source definition I have ever read.

So you have not read any, and have no idea what you are talking about. Start with the open source definition (opensource.org) and the Free Software Foundation (gnu.org).
https://www.gnu.org/philosophy...
http://opensource.org/faq#free...

You are making, unintentionally, an excellent point that one should refer to gratis software and libre software.
https://en.wikipedia.org/wiki/...
GCompris is always libre software, but sometimes not gratis. That is OK with both the FSF/GNU and OSI.

about a week ago
top

Obama: Gov't Shouldn't Be Hampered By Encrypted Communications

buchner.johannes Re:No. (556 comments)

The president on Friday argued there must be a technical way to keep information private, but ensure that police and spies can listen in when a court approves.

If the court approves, they can just go and obtain the computers. That is already solved.

If the hard disk is encrypted (very rare I suspect), the expectation of legal costs or indefinite holding at Gitmo without any trial are already there as motivation to comply.

No, better spying is not what we need. It destroys our freedom of speech and quality of life. We need due process. We need protection of all those not proven guilty yet, because it could be any one of us.

about a week ago
top

LAPD Orders Body Cams That Will Start Recording When Police Use Tasers

buchner.johannes Re:why start after the fact? (219 comments)

They probably try to avoid torturing with Tasers. This happens when the Taser is activated multiple times or for extensive durations (e.g. 3 minutes, causing death)

about two weeks ago
top

LAPD Orders Body Cams That Will Start Recording When Police Use Tasers

buchner.johannes Re:why start after the fact? (219 comments)

They should do what traffic cams do and keep a constant feed that overwrites itself, then if it triggers that it needs to keep the recording it has the last 30 seconds already. Seems stupid to start recording after they're already suing a taser...

That would be great, but it is currently not possible to run a mobile recording camera 24/7 with the batteries available today.

about two weeks ago
top

Hubble Takes Amazing New Images of Andromeda, Pillars of Creation

buchner.johannes Re:Stars or noise (97 comments)

Stars... If you pan around the outskirts of the image you will see that the density drops off defining the shape of the galaxy.

Noise could also be proportional to the unresolved intensity. However, you can see that the dots are actually round, and thus resolved stars, and not simple individual pixel noise.

about three weeks ago
top

Argentine Court Rules Orangutan Is a "Non-Human Person"

buchner.johannes Re:Monkey Business (187 comments)

So someone without money, shopping, hygiene and a job is not a person. Wow, it doesn't take much to see that you are a hard-on capitalist.
Apes were doing their care and feeding just fine before humans came along. Why should they have to fit into our society if we didn't make an effort to preserve theirs?

about a month ago
top

TSA Has Record-Breaking Haul In 2014: Guns, Cannons, and Swords

buchner.johannes Re:And how many were terrorists? Oh, right, zero. (276 comments)

We can argue all we want to about the cannon (I'm with the anon who thinks if you manage to hijack a plane with it... congrats!)

You know nothing. You put the cannons at the windows, and shoot at the wings of the other planes. Once they are hit, you throw hooks to hijack and loot! That's how to pirate an airship.

about a month ago
top

Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

buchner.johannes Re:Huh? (221 comments)

Anytime you are afraid, the terrorists win.

about a month ago
top

Grinch Vulnerability Could Put a Hole In Your Linux Stocking

buchner.johannes As bad as ShellShock (118 comments)

So is ShellShock fixed now?
I gathered the basic variant is, but then people developed other variants.

about a month ago
top

BitTorrent Launches Project Maelstrom, the First Torrent-Based Browser

buchner.johannes Re:Private? (67 comments)

The point was more than any request for data my bittorrent client receives from a peer, I can also request from the network. So nothing is secret.

about a month and a half ago

Submissions

top

Btrfs becomes stable, releases v3.12

buchner.johannes buchner.johannes writes  |  about a year ago

buchner.johannes (1139593) writes "Btrfs is the next-gen filesystem for Linux, likely to replace ext3 and ext4 in coming years and filling the space between ZFS and Reiser4. Btrfs offers many compelling new features but development has been a long time coming in the "unstable" status leaving many users unsure whether to entrust their data to. Since August, their web page declares Btrfs as stable. Have you tried it since? What has been your experience with Btrfs? Fedora users probably are already using it on a daily basis."
top

My primary work is

buchner.johannes buchner.johannes writes  |  more than 2 years ago

buchner.johannes (1139593) writes "My primary work is
  [a] developing software for a company
  [b] developing software for a research institute
  [c] research
  [d] management or consulting (not coding)
  [e] I'm unemployed
  [f] something else"
top

WebM license made GPL and Apache compatible

buchner.johannes buchner.johannes writes  |  more than 4 years ago

buchner.johannes (1139593) writes "Google updated its licensing terms for WebM, which is now a pure BSD license, with a standalone patent grant.

Using patent language borrowed from both the Apache and GPLv3 patent clauses, in this new iteration of the patent clause we've decoupled patents from copyright, thus preserving the pure BSD nature of the copyright license. This means we are no longer creating a new open source copyright license, and the patent grant can exist on its own.

Here is the WebM license FAQ. Time to make a GPLv3 fork?"
Link to Original Source

top

Ethics of producing Non-malicious Malware

buchner.johannes buchner.johannes writes  |  more than 5 years ago

buchner.johannes (1139593) writes "I was fed up with the general consent that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help whitehat hackers point out that the system can be turned into a botnet client, by simply downloading BOINC and attaching it to my user account, helping scientific projects. It does not exploit any security holes, but loose security configurations and mindless execution of unverified downloads: I tested it to be injected by a PHP script (even circumventing safemode), so that the web server runs it, hell I even got a proxy server that injects it into shell scripts and Makefiles in tarballs on the fly, and adds onto windows executable for execution in wine (Z: is /). If executed by the user, it can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation).
But now I have a problem: I am unsure of whether it is ethically ok to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, can be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary.
Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
top

Common charger for mobile phones coming in the EU

buchner.johannes buchner.johannes writes  |  more than 5 years ago

buchner.johannes writes "The EU Commission and companies agreed on common charger for mobile phones:

Incompatibility of chargers for mobile phones is a major inconvenience for users and also leads to unnecessary waste. Therefore, the Commission has requested industry to come forward with a voluntary commitment to solve this problem so as to avoid legislation. As a result major producers of mobile phones have agreed to harmonise chargers in the EU.

Discussed before here and here. The text continues:

Industry commits to provide chargers compatibility on the basis of the Micro-USB connector. Once the commitment becomes effective, it will be possible to charge data-enabled mobile phones from any charger compatible with the common specifications.

"

Link to Original Source
top

Your average disturbance timescale?

buchner.johannes buchner.johannes writes  |  more than 5 years ago

buchner.johannes (1139593) writes "In your office, your work is disturbed or interrupted on average after (e.g. people walking in, calls, etc.)

  — less than 5 minutes
  — less than 15 minutes
  — less than 30 minutes
  — less than 2 hours
  — more than 2 hours
  — depends on how fast slashdot throws out stories"

Link to Original Source
top

Jake looking for developers

buchner.johannes buchner.johannes writes  |  more than 5 years ago

buchner.johannes writes "Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools."

Link to Original Source
top

Bittorrent reverse hash database

buchner.johannes buchner.johannes writes  |  more than 7 years ago

buchner.johannes writes "Story at: http://twoday.tuwien.ac.at/jo/stories/305252/
This is probably the first reverse hash database for torrent files.

When watching torrent traffic as an network administrator, you might want to know if the data is legal and complies to your policies.
On the other hand, if you see a torrent loading in your network as a user, if you know what it is, it might be _very_ interesting to join it, as the speed can be expected to be very high.
Database at: http://stud4.tuwien.ac.at/~e0625457/bittorrent/hostedsummary.html"

Link to Original Source

Journals

top

Jake looking for developers

buchner.johannes buchner.johannes writes  |  more than 5 years ago Jake is the new kid on the block for team collaboration. Developed by students in Vienna, this serverless, open-source, cross-platform versioning tool is aimed for non-developers. What makes Jake unique is that the communication is done over XMPP, and that the look-and-feel is very native (unlike most Java apps).
We turn to Slashdot as we look for developers interested in picking up the work, forking it, contributing or reusing concepts in other projects. Slashdot already discussed the need for a painless, easy-to-use tool once. About Jake shows a small comparison to other tools.

Slashdot Login

Need an Account?

Forgot your password?