Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Direct3D 9.0 Support On Track For Linux's Gallium3D Drivers

c0d3g33k Re:Only usefull for wine? (54 comments)

You make no sense, since having only the proprietary driver available sounds to me like "require you to have a specific driver installed". The Gallium3D driver, which supports Radeon cards since the R300 series (Oct 2002), offers an alternative to the required proprietary driver. And since AMD regularly drops support for older hardware in the proprietary driver, the Gallium3D drivers supports a wider variety of hardware, and will continue to do so. Seems like writing for the proprietary driver is the more risky approach with a smaller potential audience.

5 days ago
top

Microsoft Partners With Docker

c0d3g33k Re:made for each other. (104 comments)

Yeah, that helps, but I'd like to hear from the original poster, to be honest.

about a week ago
top

JP Morgan Chase Breach Compromised Data of 76 Million Households

c0d3g33k Re:So essentially... (76 comments)

Don't trivialize this by ignoring the true nature of the breach.

This is more like obtaining an exclusive unlisted client list detailing who exactly is doing business with a given organization. The phone book doesn't provide that connection - knowing names, addresses and phone numbers doesn't tell you which crucial and vulnerable businesses are associated with a household. Obtaining the same information from a business of interest is a different story entirely. Metadata is crucially important.

about three weeks ago
top

JP Morgan Chase Breach Compromised Data of 76 Million Households

c0d3g33k Re:Security through obscurity - useful but inadequ (76 comments)

Well, that's hardly comforting. So even spending an ENORMOUS amount of money on IT and security can't prevent your system from being breached in a big and spectacular way? Then either that enormous amount of money was spent poorly, or that information should not have been exposed to the internet in the first place until it was properly secured. They were breached, in a big way. So their systems were exactly as weak as I think, enormous expenditure aside. I fail to see your point. "They tried REALLY hard" doesn't count for beans if they don't succeed.

about three weeks ago
top

JP Morgan Chase Breach Compromised Data of 76 Million Households

c0d3g33k Security through obscurity - useful but inadequate (76 comments)

The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan's computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application

I find this interesting because it shows both the usefullness but ultimate inadequacy of security through obscurity. Had the hackers been unable to obtain this information, the implication is that the breach would not have happened, or at least not happened as soon. Without the ability to create a road map, they would have had to take the less efficient approach of randomly guessing and probing with the hope that something worked. So keeping that list of applications and programs a secret has some value.

On the other hand, it underscores the importance of the point that people have been making about security through obscurity for decades: it's very weak security, and once that layer of the security onion is breached, there had better be stronger security layers underneath. Like patched and updated programs and web applications that close known vulnerabilities. I'm guessing that didn't happen, because the JP Morgan Chase management has probably acted like many other management teams I've had the "pleasure" of working with - they placed higher value on the secrecy than actually fixing stuff, because the former costs less, and it kind of works until it doesn't (and then that policy fails in a big way).

I sincerely hope that these breaches light a fire under the asses of lax management at these large companies and they realize that spending the time and resources to *really* secure their systems is worth it in the long run.

And then I laugh sadly, because that's wishful thinking.

about three weeks ago
top

Ask Slashdot: Is It Worth Being Grandfathered On Verizon's Unlimited Data Plan?

c0d3g33k Re:How long is a piece of string? (209 comments)

The data bits go by pretty fast when using one's phone as a hotspot to RDP to a work computer...

Yep. I've done that too. And that's kind of the point. The benefit of the unlimited plan isn't about the constant baseline level of usage - it's more about when you need more data than normal. If you don't approach the capped limit, Verizon comes out ahead because you used "less" than your alotted limit (if you were capped). but when you exceed the capped limit under the new plans, you pay dearly, because you likely don't just go over a little bit, you go over a lot for the time when you are solely relying on that 4G data stream. And you probably really need it, so there isn't the option of just not using your 4G connection.

I personally find the concept of data caps problematic because unless you consistently exceed them, you can't really be considered to be "abusing" the network when your usage spikes on occasion.

So why the big focus on data caps? Probably because they know that data usage is only going to go up, so what used to be excessive data usage becomes the new normal. And then your risk of exceeding the data cap becomes even greater, and the framework is in place to catch you doing so in order to extract the requisite fees.

One thing I've never heard is the data caps being raised as a function of the average use across the entire customer base so that overages continue to represent spikes of excessive use rather than just evolving with the increase in streaming everything. As more people stream, the idea of what constitutes excessive use should increase.

about three weeks ago
top

Ask Slashdot: Is It Worth Being Grandfathered On Verizon's Unlimited Data Plan?

c0d3g33k How long is a piece of string? (209 comments)

Stupid analogy, that.

Useful answers to this should take into account the problem with the question of "How long is a piece of string?" Give some context about how much you pay, and how much you use -- and how much that would change if the price were different.

The second half of the commentary in the summary is a bit easier to digest. Yes, it all boils down to math. The key is, Verizon has probably calculated how the math will benefit them in the long run, and customers effectively can't, so the game is rigged from the start.

Let's give an example. Verizon bases their "limited" usage caps based on the average usage of their aggregate customer base (plus a little wiggle room, I guess). So on average, the data usage of a given customer won't go over the limit. However, the usage of a particular customer might exceed the cap at particular times. Travel/vacation time is a good time for this. You use more data while running the GPS-based turn-by-turn navigation while driving to your destination. Once there, you want some entertainment during the evenings, but you're not at home where you can use your home-based internet via wi-fi, so you stream some Netflix via 4G. Since your phone can output 1080p via HDMI, you use that cable you bought to plug into the HDMI port of the television at the place you are staying. Depending on the length of your stay, that's a significant spike in your data usage.

Under the unlimited plan, you either get throttled at some point (but now you don't) or you just don't notice the fact that you wandered above the average usage for the week or two you were traveling, because unlimited. Under capped, metered data plans, you are subject to overage fees based on a cap that has been fine tuned to be just above the threshold of "normal" usage, so your bill is higher. It may be only for those few weeks, so easy to absorb, but add that up across the entire customer base and Verizon has made more money than they would have with the unlimited data plans in place.

*That* is what it's all about. So unless you absolutely have to, you might as well stick to your grandfathered unlimited plan, because once you give it up, you will be fleeced, even if just a little bit.

about three weeks ago
top

CloudFlare Announces Free SSL Support For All Customers

c0d3g33k Re:beta.slashdot.org sucks! (67 comments)

Mod parent up. /. needs to support SSL yesterday.

about three weeks ago
top

New Research Casts Doubt On the "10,000 Hour Rule" of Expertise

c0d3g33k Re:Gladwell (192 comments)

True that. Can't argue with you, Mark[something].

about three weeks ago
top

New Research Casts Doubt On the "10,000 Hour Rule" of Expertise

c0d3g33k Re:Gladwell (192 comments)

Clearly it didn't take you 10000 hours to learn how to dash off a snarky rebuttal with no detail or supporting evidence.

Bravo to you sir - you are a Slashdot commentor! The sky's the limit for you!

about three weeks ago
top

Bioethicist At National Institutes of Health: "Why I Hope To Die At 75"

c0d3g33k Re:Speak for yourself, Mr. Emanuel (478 comments)

I have a wife who is a board member for the local hospice, so I get to accompany her to a lot of functions. Many of the board members are approaching or have passed the age of 70 and still seem to be going strong. Note I said "board members" - those who are managing the entire affair (quite effectively from what I can gather), not those in need of care. Your friend may have experienced some selection bias because of his work. That doesn't mean his observations apply to everyone. In fact I'm sure they don't.

about 1 month ago
top

Bioethicist At National Institutes of Health: "Why I Hope To Die At 75"

c0d3g33k Speak for yourself, Mr. Emanuel (478 comments)

You lost me when you assigned an arbitrary number as your cutoff rather than defining the cutoff on reasonably definable measures of physical and mental health. I exercise, eat healthy, avoid smoking and drugs etc. because these activities provide *measurable* benefits to my health based on measurements made by my doctor. Not to mention that I feel better.

Does the fact that I do things that measurably improve my health and prolong my life as long as possible mean I am "obsessed"? Does "I don't smoke, overeat, take drugs or engage in dangerous life-threatening activities (extreme sports, for example)" mean I am obsessed? I find it completely rational, and my insurance company sure loves it because I'm a low risk according to their actuarial tables. Because science.

If I take your advice, I should just sit around and passively wait to die after reaching a certain age rather than doing things that measurably increase my ability to be "vibrant and engaged". Sorry, but no thanks. Save me a place when I get to the Pearly Gates - I might be a little late to the party. And when I get there, we're going to blow the roof off of that sucker.

about 1 month ago
top

An Open Source Pitfall? Mozilla Labs Closed, Quietly

c0d3g33k Re:what is this even talking about? (112 comments)

But it's not just about the source... it's about the community, the support from the original authors, the available knowledge and comprehension that transcends wiki docs, as well as having a team large enough to be able to realistically continue its development in the foreseeable future. To lose these things abruptly doesn't mean that all the source code was deleted but rather that the virtual ecosystem was.

Feh. Those things you mention (the original authors, the development team, the community, website and other resources) aren't guaranteed regardless of how badly one would like them to persist. The source and the freedom to do something with it are what the licence grants. Everything else is gravy. Without the source the virtual ecosystem is useless; with the source one person can continue the project, even if only for personal use. The virtual ecosystem can be recreated by anyone who wants badly enough to continue developing the software, just like it was the first time. So it is really just about the source.

about a month ago
top

Chinese City Sets Up "No Cell Phone" Pedestrian Lanes

c0d3g33k Waste of time (46 comments)

I haven't read all of the posts since the original story hit the front page, so I may be touching on something that's already been discussed, but ...

I don't understand how this is different from people just being unaware of their surroundings. I have been to many places in the last 20 years where people will just stop right in the middle of the sidewalk/thoroughfare/pathway to have a conversation or family dispute. The concept of stepping to the side out of the way so that the other 1000 people who aren't having a family issue doesn't seem to occur to them. Cell phones? Just the latest distraction. Oblivious people are forever.

about a month ago
top

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?

c0d3g33k Re:A WiFi router re-flashed with OpenWRT or DD-WRT (238 comments)

I'll second this - currently running OpenWRT flashed on to a TP-Link WDR-4300. It replaced a very old beige-box PC running IPCop and has been doing very well for the past year.

about a month ago
top

Kickstarter's Problem: You Have To Make the Game Before You Ask For Money

c0d3g33k Re:this is how most funding works. (215 comments)

When scientists write grant proposals, they are actually showing they've already done what they are asking for funds to do.

Not quite (though maybe that's more common now than a decade ago). If the work is already done, you can be sure it's being prepared for publication, since published work is even more valuable than grant money (because it gets you more, possibly bigger grants, plus tenure). What usually goes into a typical grant proposal are the obvious next steps following up on recently published work (used to illustrate why awarding the grant money is a good risk). Work that hasn't been done yet, but is likely to be successfully completed by a typical grad student. Then there are the more speculative "stretch goals" which are less certain, but probably the most fun if things work out. And by the time the next grant deadline rolls around, the scientist can describe how well that worked (to justify the next speculative leap) or how it didn't quite work out, but how this alternate theory ('based on what we have since learned') will likely yield good results (ie. the "new" obvious follow-on steps to the previous work).

Smart scientists generally have several somewhat boring but steady grants running (often funded by the government and possibly with eventual military applications) to keep the lights on, and use a little bit of that funding to support the more speculative, but more fun work.

Maybe long-term Kickstarter success will involve a similar strategy: get funding for less exciting but predictably do-able games that are turned out on schedule while diverting some time to work on getting a working prototype produced for the revolutionary game that was the real goal all along.

about a month and a half ago
top

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet

c0d3g33k Re:JAVA (230 comments)

The applications you mention are all Open Source, which people on here keep insisting are secure.

Nope. This is a varied community, so people here believe lots of things, but probably not as many believe this simplistic view as you think.

FLOSS applications have the *potential* to be more secure than proprietary/closed source. They also have the potential to become more secure over time if the community/contributors have more resources available to fix security problems than a proprietary vendor. Most importantly, FLOSS applications can be scanned by anyone for bugs and security problems, and fixed by anyone. Those activities are limited for proprietary code to those who have access to it and allowed (by privilege or managerial decree) to fix it or even publicise that there's a problem in the first place.

Depending on the situation (skillset of the development team, size of the team, interest in maintaining and fixing the code), this can either lead to a particular piece of FLOSS or proprietary code being more secure. *In general*, it seems that FLOSS code tends to be more secure because greater resources can be brought to bear, particularly over time as proprietary vendors stop supporting code for older products and move their teams on to something new (gotta keep paying the bills). In some cases that doesn't hold true and proprietary code is more secure.

about a month and a half ago
top

E-Books On a $20 Cell Phone

c0d3g33k Re:How short our memories... (116 comments)

Indeed. I first started reading ebooks on my original Motorola Droid (the backlit screen allowed me to read in bed without disturbing my wife with the bedside lamp on). It was a decent enough experience with the phone held in landscape position and using a reasonable font size. I had quite a little library on the microSD card. And plenty of apps and games too.

The only problem was not being able to have most or all of the text equating to a printed page on the screen at once, which prompted me later to get a tablet, which is a much better form factor for reading. But I still have books on my current smartphone (bigger screen than the Droid, but much smaller than the tablet) for those times when my tablet isn't with me.

about 1 month ago

Submissions

top

Glitch 2-D MMO released completely into the public domain

c0d3g33k c0d3g33k writes  |  about a year ago

c0d3g33k (102699) writes "Glitch, a collaborative, web-based, massively multiplayer game developed by Tiny Speck, Inc. (tinyspeck.com) has been released under the Creative Commons CC0 1.0 Universal License. I'm not at all familiar with this game, but it is rare that both source code *and* all game assets are released into the public domain, which makes this announcement noteworthy.

An excerpt from the announcement:

"The entire library of art assets from the game, has been made freely available, dedicated to the public domain. Code from the game client is included to help developers work with the assets. All of it can be downloaded and used by anyone, for any purpose. (But: use it for good.)""

Link to Original Source
top

Steve "CyanogenMod" Kondik contemplates "The Death of Root" on Android

c0d3g33k c0d3g33k writes  |  about a year ago

c0d3g33k (102699) writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits.
Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the "dangerous and insecure" abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."
top

Google Code deprecates Download Service for Project Hosting

c0d3g33k c0d3g33k writes  |  about a year and a half ago

c0d3g33k (102699) writes "Google Project Hosting announced changes to the Download service on Wednesday, offering only "increasing misuse of the service and a desire to keep our community safe and secure" by way of explanation. Effective immediately, existing projects that offer no downloads and all new projects will no longer be able to create downloads. Existing projects which currently have downloads will lose the ability to create new downloads by January 2014, though existing downloads will remain available "for the foreseeable future". Google Drive is recommended as an alternative, but this will likely have to be done manually by project maintainers since the ability to create and manage downloads won't be part of the Project Hosting tools. This is a rather baffling move, since distributing project files via download is integral to FOSS culture."
Link to Original Source

Journals

c0d3g33k has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?