Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Bash To Require Further Patching, As More Shellshock Holes Found

dkf Re:Why is this a bash bug? (326 comments)

Why does bash have to worry about security?

Because if it is installed as /bin/sh (fairly common), it gets called in a great many places because of the OS APIs system() and popen(), which are both defined to use /bin/sh on Unix. Much of the reporting about it has been more than a little breathless, but that's journalists for you.

Not everything is vulnerable. CGI is not inherently vulnerable (it could use execve() directly) and the called code need not use bash ever. But it's still a serious problem as anything that explicitly requires bash is also definitely broken: we want it fixed ASAP. (A start would be to never process environment variables for function definitions during startup, especially when running as /bin/sh...)

2 days ago
top

Mobile Phone Use Soon To Be Allowed On European Flights

dkf Re:Hopefully data only (95 comments)

light up a ciggy

That's prohibited for everyone. Airlines' experience, and that of their insurers, shows that it's just too much of a hazard. (Not that I mind; I think the smell of smoke is awful at the best of times.) Nicotine addict? Remember those patches on longhaul flights!

3 days ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

dkf Re:"could be worse than Heartbleed" (317 comments)

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

To be fair, with a moderately competent CGI implementation, the subprocess will start just fine. The problem comes with whatever that subprocess calls, since environment variables are inherited by default. The deeper you go, the greater the likelihood that some programmer will have used system() or popen(), or even flat-out implemented the process as a shell script.

about a week ago
top

It's Banned Books Week; I recommend ...

dkf Re:Why is 1984 in this poll? (404 comments)

The American Library Association maintains lists of the most frequently challenged books (i.e. the ones people try to ban). Although 1984 shows up on the list of challenged classics, there is only one challenge listed -- someone in Jackson County, Florida in 1981 thought that it was "pro-communist and contained explicit sexual matter". The first part shows a massive failure of reading comprehension, not actual hostility towards the content. 1984 doesn't show up in the top 100 challenged books lists for 1990-1999 or 2000-2009.

However, the US isn't the only country that bans (or tries to ban) books. Works like 1984 are much more likely to be banned by totalitarian regimes precisely because they encourage people to think about the ways in which the regime is trying to restrict them. Banning books is basically wrong anywhere, not just in one country in one part of the planet.

about a week ago
top

'Reactive' Development Turns 2.0

dkf Re:Failure tolerance is a mortal sin (101 comments)

Now I'm building an app with Scala/Play framework and we don't have user sesssions or the web servers so scaling and server failures are not a problem.

If you don't have user state or session state, scaling is no problem. You just throw more hardware at it so you can have replicated servers with a simple load balancer in front. Job done.

It's scaling in the presence of (mutable) state that is hard. It's also what a lot of use cases need. Sometimes you even have to give up on scaling (boo!) in order to achieve other objectives, or think very hard to come up with an alternative approach such as spinning out processing to cloud-based slaves, which also doesn't truly scale, but can often go pretty large despite that (if you get the finances/business-model right).

about two weeks ago
top

Data Archiving Standards Need To Be Future-Proofed

dkf Re:Paper tape (113 comments)

Get the acid-free paper. Will last forever

Or until it gets wet.

about two weeks ago
top

3 Recent Flights Make Unscheduled Landings, After Disputes Over Knee Room

dkf Re:Anthropometrics (819 comments)

The solution is simple: load them up with tranquilizers/sedatives and stack 'em in like cordwood. ;)

A seemingly good idea that will fall apart as soon as someone overdoses on sedatives and their next-of-kin sue. Good luck with persuading a judge that some getout clause in a 3pt font prevents any liability attaching...

about three weeks ago
top

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

dkf Re:So 1024 Bits Not Enough Now? (67 comments)

You're confusing the cost of legitimate operations with the cost of searching the key space. You don't want legit users to bear too much cost since everyone ends up paying that over and over, but you do want the cost of searching to be high since that's not something that people should be doing.

about three weeks ago
top

Two Explorers Descend Into An Active Volcano, and Live to Tell About It

dkf Re:The last sentence of the summary is spot on (66 comments)

The trek itself was trivial compared to summiting Everest but the visuals were just a lot more impressive.

You don't need such fancy protective gear when doing Everest, which is just cold and lacking in oxygen, not outright chemically hostile and hot as hell. (Some volcanoes are even worse. The ones that spew fluorine gas (or hydrofluoric acid) are just awful...)

about three weeks ago
top

New HTML Picture Element To Make Future Web Faster

dkf Re:Kodak had the right idea decades ago (161 comments)

It's called JPEG2000, uses wavelet transformations instead of discrete cosine transformations that JPEG uses and has been around since over a decade ago. No one uses it.

You're wrong there. It's used quite a lot in high-capacity digital image storage. Libraries, that sort of thing. You might have the space and time to waste on using standard JPEG and you might not care too much about the compression artefacts, but libraries really do care. (A billion high-resolution images is only a medium-sized library...)

about a month ago
top

Islamic State "Laptop of Doom" Hints At Plots Including Bubonic Plague

dkf Re:Self-Inflicted Damage (369 comments)

Is d) going to be "Profit!"?

about a month ago
top

How the World's Fastest Electric Car Is Pushing Wireless Charging Tech

dkf Re:LOL (49 comments)

How about if could charge your car wireleslly a bit at a time at each stop light.

If you think that's viable, you're spending too much of your life waiting at stop lights.

about a month ago
top

How many devices are connected to your home Wi-Fi?

dkf Re: Phones + 1 laptop. (260 comments)

I've heard of power line adapters. They seem to work well if you're wiring us if the right type. Otherwise speeds can degrade quickly.

They still beat wireless through a 2' load-bearing stone (or brick) wall. Which is the GP's point.

about a month ago
top

UK Prisons Ministry Fined For Lack of Encryption At Prisons

dkf Re:As a former employee... (74 comments)

All built and supported by one of the most predatory firms in the UK, affectionately known as Twatos.

Don't worry. They're just as bad in many other european countries too.

Terry Gilliam must be laughing in his grave.

Fortunately for him, Terry Gilliam appears to be still alive. Terribly selfish that, not dying on you just so that you could lazily use a cliché like that.

about a month ago
top

Net Neutrality Is 'Marxist,' According To a Koch-Backed Astroturf Group

dkf Re:What's so American (531 comments)

Net neutrality isn't about what tier of service you have. It is about ensuring that you aren't getting purposefully manipulated speed for the tier you have.

Technically, it's about ensuring that you get what you think you have paid for and ensuring that you can use what you have paid for for whatever you want to. These things are absolutely fundamental to a free market even being possible.

about a month ago
top

Oregon Sues Oracle For "Abysmal" Healthcare Website

dkf Re:Reputation (212 comments)

Worst piece of enterprise software I've ever seen. I have physical pain any time I have to use it.

I know it's enterprise software, but you're really not supposed to shove it up your ass each time you use it.

about a month ago
top

Finding an ISIS Training Camp Using Google Earth

dkf Re:Time to build a cruise missile and send it over (134 comments)

I did and they have another hostage ready to chop his head off.

The way to deal with these people is to ignore whether they have the second hostage (assume he's already dead, even if that's technically premature) and to bomb the area, preferably with something like white phosphorous incendiaries. It also needs to be done soon, because people regard such actions less favourably when it is longer from the event which the punishment is being meted out for. Make it very clear that once someone starts killing hostages, reprisals will come. If you don't, the next damn terrorist group will think they can get away with this sort of thing too; you're not protecting those already captured, you're protecting everyone else.

It's a shame, but being this nasty is the only way of hammering home to idiots that fucking with is a seriously bad idea (unless you can act with more precision and kill just the terrorists). And it does work: it's been proved to work over and over throughout history. It probably needs to be accompanied with a full apology to any innocents caught up in the crossfire to mitigate incidental downstream trouble.

about a month ago
top

Is Storage Necessary For Renewable Energy?

dkf Re:Expert?? (442 comments)

Gravitational potential energy cannot be used as an energy source.

But you can use it to store energy, and this has indeed been done and it is an important part of how the Grid works. Look up pumped storage hydroelectricity some time.

about a month and a half ago
top

Are Altcoins Undermining Bitcoin's Credibility?

dkf Re: Self Serving Story? (267 comments)

Really ? you are kidding right ? It's clearly not backed by gold anymore. So what's it backed by ?

It's backed by the fact that the government can shoot people until everyone agrees that it is valid. We could beat around the bush a lot more, but the threat of force (together with the ability to pay taxes that follows from that) is a key thing in making a currency valid.

about a month and a half ago
top

The Technologies Changing What It Means To Be a Programmer

dkf Re:Yes, no, maybe, potato salad (294 comments)

There is no table, that I know of, that lists all the features versus all the paradigms versus all the languages.

That would be a very large table indeed, as there are a lot of critical nuances and a lot of languages (even if we exclude the ones without the ability to do a useful subset of all system calls).

about a month and a half ago

Submissions

top

Apple rapped over misleading iPhone ad

dkf dkf writes  |  more than 6 years ago

dkf (304284) writes "The BBC is reporting that Apple have been ordered by the Advertising Standards Authority to stop showing their current iPhone advert in the UK. The heart of the issue is that the iPhone does not support either Flash or Java, and this means that significant parts of the content of the internet were not available despite Apple's claims otherwise. It seems that Apple's determination to control their mobile platform has come back to bite them."
Link to Original Source
top

Tcl/Tk 8.5.0 Finally Released

dkf dkf writes  |  more than 6 years ago

dkf writes "OSNews reports that Tcl/Tk 8.5 has been released for all major platforms after 5 years of development. There are many new goodies in it, including significant speedups through an advanced bytecode engine, stronger localization of applications, integrated arbitrary-precision arithmetic, a whole bunch of brand new skinnable widgets, anti-aliased text support on all platforms, and a new code module management system to make maintenance of installations a snap.

A lot more in-depth information about the features of both this release and Tcl/Tk in general is available at both the official Tcl/Tk website and in Mark Roseman's blog."

Journals

dkf has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?