×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

david.emery Re:*nix Version Not Yet Discovered. (141 comments)

It's possible there are other versions. But that's not my point. The version that has been discovered and documented runs on Windows, a fact that is probably deliberately not made clear in the articles.

3 days ago
top

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

david.emery How far do you have to read? (141 comments)

To discover this is a Windows-only virus? That was the first thing that crossed my mind, what platform(s) are vulnerable? It sure as hell isn't clearly stated in any of the articles I read, you have to dive into the details of the Symantec white paper to notice that all the attack vectors were specific to Windows.

And how much does the tech journalism community and the security products & services industry, from Ars to The Verge, to Symantec, get paid to hide the fact this is Yet Another Windows (only) vulnerability?

3 days ago
top

Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

david.emery Write your Congressman/Senator (159 comments)

I contacted Senator Warner's office about this, and frankly was blown off. That being said, I think we need a -law- that requires the Telcos to work out how to make Caller ID unforgeable. I've been challenged to 'show the RFCs and related standards that would support this,' but since the industry has shown no interest in solving the technical problems, I reluctantly believe that it'll take legal action (either law, regulation or legal liability) to force the issue.

On a related note, I also asked about the impact of all those CallerID violations I've filed over the years, and got no response back from that. In both cases, I was forwarded a letter from the FCC that basically quoted from their website.

about two weeks ago
top

The Effect of Programming Language On Software Quality

david.emery Too Bad Ada wasn't included (217 comments)

This is a language that of course was designed very differently from the common C based languages in wide use today, and one for which there is a very large amount of publicly available code (but not on GitHub.) I've seen studies from large volumes of Ada code, both with respect to error rates and with respect to development and maintenance costs, that show a significant advantage for that language.

about three weeks ago
top

The Effect of Programming Language On Software Quality

david.emery Re:I have just one word for you (217 comments)

My personal mileage varies significantly. I still prefer Ada, which is a language that you'd probably characterize as having a lot of "boilerplate". An experience Ada programmer learns how to use that to his advantage in several ways:
    1. When you're on a large or long-lived project, readability of code (even your own, years later) is more important than writeability,
    2. The compiler checks consistency, and as you get better with the language you learn how to maximize what the compiler can check. (This is particularly true for strong typing, where in my experience the bugs caught by typechecking are caught on scalar types. You're a lot more likely to add 'count-of-apples' to 'count-of-oranges' than you are to actually try to add apples and oranges.) Thus as a designer, I'd concentrate on the algorithm, logic flow, etc, and let the compiler check things like parameter names/types. When the compiler and I both agreed that the program was right, it usually was correct.
    3. Syntactic error recovery. This is a big deal when first learning a language, and later when doing significant changes (e.g. refactoring). On a lot of compilers, a single syntax error made all the subsequent error messages both numerous and confusing/worthless (usually because the compiler made an incorrect assumption.) Ada compilers, particularly the hand-craft GNAT parser, got really good at providing meaningful error messages for the rest of the compilation after detecting (and recovering from) a syntax error.
    4. Better optimization. The more info the compiler can get and depend on, the better job the optimizer can do, mostly by limiting the assumptions about how data or control flow is used.

"boilerplate" can be your best friend, when you and the compilation system take advantage of it.

about three weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

david.emery Outsource email companies are terrible (139 comments)

A lot of the mail I get that goes into quarantine or marked as spam comes from outsourced senders, where Domain.com uses some 3rd party to send mail on behalf of it. This can be ISPs, companies like Constantcontact.com or God-only-knows what else. Of course, the company who bought this service probably doesn't know or want to understand what the problem is, and the company that's doing the outsourcing has no real incentive to make sure their hosts (including SPF, etc) are configured properly.

about three weeks ago
top

It's Time To Revive Hypercard

david.emery Let's go back to 'requirements' (299 comments)

HyperCard combined three aspects: (1) A easy-to-assemble set of graphical/user interface components; (2) a simple (simplistic) database; (3) a quirky programming language.

Possibly VB with Access provides a similar set of functions.

We should be able to produce something that allows end users to do some development for themselves, while acknowledging this is not a production-quality tool, but no matter what, people will take prototyping systems and try to deploy them to production usage.

I've used it for several different things, including catalog/library "decks", user interface mock-up with a bit of back-end semantics (for a system configuration function, to understand user requirements and usage models), and a potential front-end controller to a very simple 'robot'.

about a month ago
top

Phablet Reviews: Before and After the iPhone 6

david.emery Re:Meh, anything Apple does is considered "cool". (277 comments)

Good points.

I think the ability to run Windows applications was more of a psychological than practical advantage, particularly with the growth of web applications. VirtualPC ran pretty well on PowerPC for limited/occasional use (personal experience). With the exception of some (so-called) Web applications that require Active X controls (the worst offender being the S/MIME PKI module for Exchange WebMail), I haven't had to either BootCamp or VMWare/Parallels for the last 2-3 years.

That being said, many companies (my current employer included) continue to be a Windows-only world, arguing cost efficiencies (and ignoring the investment in keeping Windows secure.) I worked around a problem with their corporate SharePoint by setting the Safari User Agent string to Firefox :-)

about 2 months ago
top

Phablet Reviews: Before and After the iPhone 6

david.emery Re:Meh, anything Apple does is considered "cool". (277 comments)

Well, for a long time the PowerPC had some real advantages over x86, particularly for floating point performance. However Motorola lost its edge there, and the big problem with PowerPC chips was their power consumption, making laptop design and battery life much more difficult.

But that kind of sophistication is beyond most of the tech press, and I suspect beyond a lot of the people here who emote their hate for specific brands. (I admit to a very strong bias against Microsoft, so include myself in that set at least to some degree.)

about 2 months ago
top

Mark Zuckerberg Throws Pal Joe Green Under the Tech Immigration Bus

david.emery It's not just the money! (261 comments)

What keeps someone at a job that might pay less than he could get for hopping?

1. Individual job satisfaction? (Yeah, laugh! That's a big part of the industry's problem! Proof: http://thedailywtf.com/ :-)
2. Co-workers, the company, the location
3. Benefits and incentives to remain

I guess as a Boomer, these might be old fart attitudes. But at least for many of the people I've worked with, they're significant considerations. Salary alone has rarely been the primary reason engineers change jobs. That's well-documented, here's one reference that tries to summarize the research: http://blogs.hbr.org/2013/04/d...

about 2 months ago
top

Mark Zuckerberg Throws Pal Joe Green Under the Tech Immigration Bus

david.emery Re:Mark Zuckerberg is a liar. (261 comments)

Mod parent up, please. In particular, the comment about industry being unwilling to invest in training is spot-on. I'm old enough to remember when it wasn't that way. (Example, how many remember getting training in Ada if you worked in the defense industry? Regardless of what you think of the language, 25-30 years ago that industry was willing to invest in its "human capital." )

dave

about 2 months ago
top

Russian Military Forces Have Now Invaded Ukraine

david.emery Re: At a Polish Passport Office (848 comments)

Arguably the Poles have known this since they routinely get invaded from both East and West, and in 1939, from both sides simultaneously...

about 3 months ago
top

Russian Military Forces Have Now Invaded Ukraine

david.emery At a Polish Passport Office (848 comments)

Hurghada - odprawa paszportowa:
-Nationality?
--Russian
-Occupation?
--No, just visiting.

(from a friend in Poland.)

about 3 months ago
top

Researchers Hack Gmail With 92 Percent Success Rate

david.emery "But we didn't test it on other platforms" (87 comments)

So I call "bullshit" on those claims. It shouldn't be that hard to test on iOS, and if you can find a Windows Phone, it should be easy to test there, too.

about 3 months ago
top

The Billion-Dollar Website

david.emery Re: Technical People (194 comments)

I don't know if anyone associated with this project adopted anything they called "agile" or not. What I was saying was that I have zero confidence in "agile" as I've seen it either defined or applied, for products that are (a) large, (b) complex and/or (c) have substantial infrastructure (versus user-facing) functionality. This project had at least (a) large, and probably (c) substantial infrastructure requirements (that might have been solvable by judicious selection of the right commercial products.)

It should be a feature that a waterfall project could be seen to fail early, but for the PM whose career is built on continuing the project past his tenure, there's no advantage to her/him to fail quickly.

about 3 months ago
top

The Billion-Dollar Website

david.emery Re:F-35 Joint Strike Fighter (194 comments)

...Witness the F-35 Joint Strike Fighter, an aircraft nobody needs, trying to fill too many roles, and was supposed to save our armed services money by having one plane replace many planes...

I'm not defending the F-35 (I'm a huge A-10 fan, and 2 F-35s would fund the whole A-10 fleet), but your comment here is self-contradictory. Either we don't need it, OR it's trying to fill too many missions (that do need to be done.)

I think it's the latter, and that's not just requirements creep, but a different phenomenon that is something like "requirements conbinatorics", where too many requirements get loaded onto a system (health care or weapon) and the result is either (a) not buildable as a violation of math or physics or (b) massively complex and therefore massively expensive.

It's a combination of no discipline on the part of the users/managers who develop the specifications or needs statement, and the problem that the number of major system starts (whether DoD or commercial) is limited, so each user/stakeholder needs to get -His/Her Requirement- in place on this system, because they won't have a chance for another 10 years to get that requirement into their/their user's hands.

dave

about 3 months ago
top

The Billion-Dollar Website

david.emery Re:Technical People (194 comments)

PLEASE Mod Parent up! I've been working on large government funded systems (defense and commercial) for 35+ years, and in my view programs are screwed from the beginning by overly-aggressive schedules for the up-front work. When the incomplete/absent requirements/architecture/design results in coding, or more often test and integration delays, they'll find more money and time. By then, it's too late.

Back when we had explicit waterfall milestones (requirements review, preliminary design review, etc), we could tell at PDR a program would fail as a result of incomplete or even incorrect requirements & architecture.

Unfortunately, the adoption of "Agile" in these organizations has reinforced the culture of "We don't need no stinking requirements! We can draw an architecture on a whiteboard in an afternoon", resulting in systems where you really can't say anything intelligent about how long it will take to complete them, because you have no fscking idea what "complete" actually is.

And this -should not be a revelation-, at least to anyone who has read "Mythical Man-Month," which will be 40 years old next year. https://en.wikipedia.org/wiki/...

Thank God I'm getting ready to retire.

about 3 months ago
top

Ask Slashdot: Should You Invest In Documentation, Or UX?

david.emery Re:User docs, or developer/maintainer docs? (199 comments)

How often do you need to do that? As an "end user" when things work correctly, I'd assert it's infrequently.

But when trying to debug a problem, I agree this is frustrating, and the worst of all is "You are unable to log in at this time. A system error has occurred." and even if you know how to bring up the Console (/Applications/Utilities/Console.app) to look at the error logs, they're not particularly helpful.

So I'll put some words into your mouth and say, "It's important to have documentation available to support troubleshooting or 'power users', but the goal should be that 95% of the time you shouldn't need to RTFM to use the system." Agree?

And access to documentation is separable from existence of documentation. Most of the time, when I'm connected, using a search engine to find this kind of information doesn't bother me. But when disconnected (e.g. sitting on an airplane), not having the information local can be very frustrating.

about 3 months ago
top

Ask Slashdot: Should You Invest In Documentation, Or UX?

david.emery User docs, or developer/maintainer docs? (199 comments)

From a user doc perspective, Apple Mac OS X is a great example of what you can do with a minimum of user documentation, but with very mature and fully enforced user interface guidelines. In fairness, someone new to the platform does need some hand-holding, either training (including over-the-shoulder help from a family member :-) or a good book (I'm partial to the Pogue "Missing Manual" series.)

From a developer doc perspective, if you expect to maintain the software, some amount of documentation, that should capture (1) interfaces; (2) design intent; (3) full build/reconstruction directions (including configuration data, etc) is essential. And "Agile" that ignores these documentation/sustainment issues is just an excuse for write-only coding.

about 3 months ago

Submissions

top

Target's internal security team warned management

david.emery david.emery writes  |  about 9 months ago

david.emery (127135) writes "According to this story, Target's own IA/computer security raised concerns months before the attack: http://www.theverge.com/2014/2... Quoting a story in the Wall Street Journal.)
But management allegedly "brushed them off."

This begs a more general question for the Slashdot community? How many have identified vulnerabilities in your company's/client's systems, only to be "brushed off?" And if the company took no action, did they ultimately suffer a breach?"
top

Samsung's comparison of Galaxy S to iPhone

david.emery david.emery writes  |  more than 2 years ago

david.emery writes "In a document from the ongoing Samsung/Apple trial, provided in both English translation and Korean original, Samsung engineers provided a detailed comparison of user interface features in their phone against the iPhone. In almost all cases, the recommendation was to adopt the iPhone's approach.

Among other observations, this shows how much work goes into defining the Apple iPhone user experience."

Link to Original Source
top

"CdrTaco" on Internet immortality

david.emery david.emery writes  |  more than 2 years ago

david.emery writes "Rob Maida, founder of Slashdot.org and now working for the Washington Post, made it to the Op/Ed page of the Post with a piece on 'reblogging,' including some comments on the Slashdot.org community."
Link to Original Source
top

Least stressful jobs: programmer, SW engineer

david.emery david.emery writes  |  more than 3 years ago

david.emery (127135) writes "Time's "NewsFeed" Blog claims that Computer Programmer and Software Engineer are among the 10 LEAST stressful jobs. Guess they've never had to debug someone else's code to meet an impossible management deadline...."
Link to Original Source
top

Amtrak: 12 hours for 'computer upgrade'?

david.emery david.emery writes  |  more than 3 years ago

david.emery writes "Amtrak is warning its customers that its reservation and status system will go down at 03:00 Sunday morning "for an upgrade" and will be up by "early afternoon."

That's an Awfully Long Time for a mission-critical reservation to be down."

Link to Original Source
top

AAPL - amateurs beat the pants off pro analysts

david.emery david.emery writes  |  more than 3 years ago

david.emery writes "Bottom Line: The pros suck at predicting Apple performance, particularly when it comes to Earnings per Share and Revenue, when compared to the amateur blogs that provide financial analysis of Apple."
Link to Original Source
top

Microsoft, Toyota to collaborate on smart cars

david.emery david.emery writes  |  more than 3 years ago

david.emery writes ""Microsoft and Toyota on Wednesday announced a $12 million partnership through which the companies will create an advanced digital information and communication system for the Japanese automaker's cars." Apparently it also includes connections to Microsoft's Cloud ("Azure") servers."
Link to Original Source
top

Another insider critique of Wikileaks

david.emery david.emery writes  |  more than 3 years ago

david.emery (127135) writes "WikiLeaks editor Julian Assange went from being "imaginative, energetic (and) brilliant" to a "paranoid, power-hungry, megalomaniac," a former colleague charges in a new book out Thursday. Further we read: Domscheit-Berg "damaged" WikiLeaks infrastructure and "stole material," WikiLeaks said Wednesday, and the website said it is taking legal action against him-- though Domscheit-Berg denied that. (I'm not clear on what it would mean to 'steal material' from something like WikiLeaks...)"
Link to Original Source
top

Assange on risks of informants

david.emery david.emery writes  |  more than 3 years ago

david.emery (127135) writes "From the story: The title said he told international reporters: 'Well, they're informants so, if they get killed, they've got it coming to them. They deserve it.' The book continues: 'There was, for a moment, silence around the table.' The allegations were made in a new book published today by the Guardian timed to coincide with another title released by the New York Times. It also reveals that Assange was so worried that he was being followed by U.S. intelligence services that he disguised himself as a woman, it has been revealed."
Link to Original Source
top

CNet Analysis on RIAA-Tenenbaum - appealbait?

david.emery david.emery writes  |  more than 4 years ago

david.emery (127135) writes "CNet's Greg Sandoval provides his analysis/spin on the Tenenbaum decision reducing statutory damages. Among other items, it claims the Tenenbaum decision will make negotiating settlements harder, and is likely to be appealed with an assertion that the judge exceeded her authority. As seems to be typical in these cases, the litigation can go on and on until one side drops out through exhaustion."
Link to Original Source
top

Affidavit for 'lost' iPhone unsealed

david.emery david.emery writes  |  more than 4 years ago

david.emery (127135) writes "Wired.com has obtained and published a copy of the search warrant for Jason Chen. This details some pretty funky behavior on the part of Brian Hogan (iPhone finder), such as tossing flash cards into the bushes, dropping off computers at churches, and some snarky emails from Brian Lam to Steve Jobs. This adds more detail to what increasingly looks like anything but 'innocent behavior' in this case. Regardless of what you think about publishing photos of the iPhone, it's really hard to view this behavior as "someone trying to return a lost item.""
Link to Original Source
top

Signatures for a zero-day webserver hack?

david.emery david.emery writes  |  more than 4 years ago

david.emery (127135) writes "I'm seeing the following in my server logs:

[Tue Feb 09 02:55:33 2010] [error] [client 96.244.84.154] Invalid method in request \x95\xba\xbc\x9f\xe3\xcd\xef\x959\xe1^@\x9fq\xa8

[Tue Feb 09 08:13:21 2010] [error] [client 24.211.249.162] Invalid method in request I\xfa\x9f\xf7FEq\xa14c\xd6\x82$\x89\x97z\xfbR<\xbb\xe0-\xb0\x7f=;z\xe3:\x0e\xc7\xd8\x92\x04\xc6C\xb9\xa5\xe0\xee\xc9\xfc\x84

Sure looks like some sort of "maliciously crafted" string to me. Anyone else seeing this? What is this targeted to?"

top

Intego issues 'Year in Mac Security' malware repor

david.emery david.emery writes  |  more than 4 years ago

david.emery (127135) writes "MacOS and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan Horses, often from pirated software."
Link to Original Source
top

Microsoft says there's a 'tax' to use Macs

david.emery david.emery writes  |  more than 6 years ago

david.emery writes "A CNet column by Matt Asay cites an interview between Microsoft's Brad Brooks and CNET's Ina Fried (http://news.cnet.com/8301-10805_3-10064580-75.htmll). Asay points to the comments by Brooks to the effect that not using Microsoft products constitutes a 'tax' for alternatives. Here's a quote

There's going to be an application tax, which is if you want choice around applications, or if you want the same type of application experience on your Mac versus Windows, you're going to be purchasing a lot of software.

and Asay's analysis/commentary:

In other words, it's cheaper to continue paying the Microsoft tax, wherein companies give up any hope of future innovation or industry competition, than to try that dreaded, costly thing called "choice."

Particularly with things like Open Office, is there really a problem with alternatives to Microsoft? How much does choice really cost?"
Link to Original Source

top

Yahoo DNS poisoned???

david.emery david.emery writes  |  more than 6 years ago

david.emery writes "Yesterday I got a strange email bounce from groups.yahoo.com, and something didn't look right in the headers about where the message was going. nslookup on groups.yahoo.com yielded the following: ; > DiG 9.4.2-P1 > groups.yahoo.com a +multiline +nocomments +nocmd +noquestion +nostats +search ;; global options: printcmd groups.yahoo.com. 43 IN CNAME groups.yahoo3.akadns.net. groups.yahoo3.akadns.net. 68 IN A 209.73.164.118 akadns.net. 37394 IN NS use3.akadns.net. akadns.net. 37394 IN NS eur1.akadns.net. akadns.net. 37394 IN NS zd.akadns.org. akadns.net. 37394 IN NS usw2.akadns.net. akadns.net. 37394 IN NS zb.akadns.org. akadns.net. 37394 IN NS use4.akadns.net. akadns.net. 37394 IN NS za.akadns.org. akadns.net. 37394 IN NS asia9.akadns.net. akadns.net. 37394 IN NS zc.akadns.org. asia9.akadns.net. 33620 IN A 220.73.220.4 zb.akadns.org. 1087 IN A 12.183.125.5 zc.akadns.org. 608 IN A 124.211.40.4 zd.akadns.org. 1270 IN A 65.114.105.4 eur1.akadns.net. 32741 IN A 195.59.44.134 use3.akadns.net. 35723 IN A 204.2.178.133 use4.akadns.net. 29133 IN A 208.44.108.137

Today I did the same, and got something that looked a lot more correct: ; > DiG 9.4.2-P1 > groups.yahoo.com cname +multiline +nocomments +nocmd +noquestion +nostats +search ;; global options: printcmd groups.yahoo.com. 142 IN CNAME groups.yahoo3.akadns.net. yahoo.com. 66848 IN NS ns8.yahoo.com. yahoo.com. 66848 IN NS ns6.yahoo.com. yahoo.com. 66848 IN NS ns1.yahoo.com. yahoo.com. 66848 IN NS ns3.yahoo.com. yahoo.com. 66848 IN NS ns2.yahoo.com. yahoo.com. 66848 IN NS ns5.yahoo.com. yahoo.com. 66848 IN NS ns4.yahoo.com. ns5.yahoo.com. 154843 IN A 119.160.247.124 ns6.yahoo.com. 150553 IN A 202.43.223.170 ns8.yahoo.com. 62351 IN A 202.165.104.22 ns1.yahoo.com. 63924 IN A 66.218.71.63 ns2.yahoo.com. 63924 IN A 68.142.255.16 ns3.yahoo.com. 63864 IN A 217.12.4.104 ns4.yahoo.com. 63781 IN A 68.142.196.63

This wasn't just me. My ISP's sysadmin did nslookup yesterday and got the same weird results (akadns.net) last night. So, is this evidence of DNS poisoning? Did someone somehow get the wrong data into the larger DNS infrastructure? Enquiring minds want to know!... dave"
top

Google to invest in Geothermal energy

david.emery david.emery writes  |  more than 6 years ago

david.emery writes "CNN has a story about Google investing in geothermal energy: http://greenwombat.blogs.fortune.cnn.com/2008/08/19/google-invests-in-drilling-for-geothermal-energy/ Could we see data megacenters relocating to geothermal areas? But aren't those geologically sensitive, e.g. prone to earthquakes? How hard would it be to engineer an earthquake-proof "data bunker"? The story mentions an effort to map geothermal resources in the US, could this be the start of a new energy land rush?"
Link to Original Source

Journals

david.emery has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?