Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Best Practices For Starting and Running a Software Shop?

dskoll Ask these questions first (151 comments)

Before you think about how to run your shop, ask these questions:

Do you have a product?

Is there a market for that product? How do you know?

Do you have a business plan including a marketing plan?

Once you get past those questions, the rest is easy. Outsource anything that doesn't make sense (HR, accounting, payroll) and keep your core expertise in-house. Don't obsess about coding standards, etc. until you have cash flow. It's far more important to do your utmost to get the business making money thatn to worry about programming minutiae.

I did start a software product business back in 2000 and it's going strong. The very first person I hired was our VP of Sales and Marketing. I didn't hire another technical person until employee #5, so didn't have to worry about imposing coding standards on others. :)

yesterday
top

Canadian Police Recommend Ending Anonymity On the Internet

dskoll If the shoe fits... (231 comments)

I wonder how the OPP would react if they were required by law to stream video of all their officers' activities in real-time. Suddenly they'd like a little privacy and anonymity, thank you very much!

about two weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

dskoll DMARC and Mail User Agents conspire to FAIL (139 comments)

I was involved in some quite heated discussions on the DMARC list about one problem. DMARC is supposed to prevent someone from forging the From: header sender (and to a lesser extent if used with SPF, the envelope sender.)

The problem is that most MUAs (mail clients) do not show the full email address of the sender. They only show the full name. For example, a header that looks like this:

From: American Express Fraud Dept <bozo@example.com>

will be displayed in a typical mail client as just American Express Fraud Dept with not a single complaint from DMARC.

Even worse, a scammer can use a header like this:

From: "American Express Fraud Dept - fraud@aexp.com" <bozo@example.com>

and the mail client will display the fake fraud@aexp.com address with nary a DMARC complaint.

Mail sucks. User-interfaces suck. People suck. Bah.

about three weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

dskoll We use DKIM and SPF (139 comments)

My company (Roaring Penguin) uses SPF for outbound mail and we DKIM-sign our mail too. Our antispam software also supports SPF and DKIM. We don't yet support DMARC, but probably will at some point. The problem with fully supporting DMARC is the reporting component. It's a real bear to send DMARC reports, but obeying DMARC policies is much easier. We'll start by doing DMARC-policy-obeying first and then think about reporting.

about three weeks ago
top

Pope Francis Declares Evolution and Big Bang Theory Are Right

dskoll Finally! (669 comments)

He's (big) bang on! No more aping the creationists; Francis is a dinosaur no more.

about three weeks ago
top

Shooting At Canadian Parliament

dskoll Re:As a Canadian this makes me sad (529 comments)

This is what we get for blindly following the states^W^W^W^W being a Western democracy and refusing to be dhimmis to Islamist nutters.

FTFY.

about a month ago
top

Shooting At Canadian Parliament

dskoll Re:Possiblities (529 comments)

It is not time to panic. It is time to get serious about taking on and defeating the terrorists. That doesn't mean curtailing our civil liberties, but it does mean taking sensible precautions and not spouting Trudeau-esque bullshit about finding the "root causes" of terrorism.

There's a war on against Western democracies. We have to win it.

about a month ago
top

Shooting At Canadian Parliament

dskoll Re:Dear Canada.... (529 comments)

I bet the reaction of the "Muslim Community" will be to wring their hands about how they're now going to be subject to discrimination. I have very little time for that sort of bullshit woe-is-us attitude.

about a month ago
top

Shooting At Canadian Parliament

dskoll Re:Dear Canada.... (529 comments)

Recognize that the tenets of Islam are incompatible with Western Democracy. Then make it treasonous to promote those tenets.

about a month ago
top

Shooting At Canadian Parliament

dskoll Re:Dear Canada.... (529 comments)

I don't think this was a rare incident by an insane person. There have been shootings at at least three different locations in Ottawa and there apparently are multiple shooters. This is a planned terrorist attack.

I live in Ottawa and I'm aware of the security of Parliament Hill. The security there was completely inadequate to deal with this kind of threat; it really needs to be increased.

about a month ago
top

CSS Proposed 20 Years Ago Today

dskoll Geometry-based layout (180 comments)

The wonderful Tcl/Tk toolkit solved the layout problem in the 1990's with its excellent constraint-based geometry managers: The grid engine, the packer and the placer. I'm sure it would have been possible to express each of those layout engine's rules in something analogous to CSS.

That would have made page layout so simple it'd almost be fun.

about a month and a half ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

dskoll Some things are beyond the pale (993 comments)

I am not a big fan of systemd and I find Poettering pretty abrasive. But if what he wrote is correct: Recently, people started collecting Bitcoins to hire a hitman for me (this really happened!). Just the other day, some idiot posted a "song" on youtube, a creepy work, filled with expletives about me and suggestions of violence. then that's beyond the pale. IMO, threats of death and violence should be reported to the authorities and the culprits, if found, should be prosecuted to the fullest extent of the law.

The Open Source development community is not a friendly place. You do need a thick skin. But threats of violence or death go way beyond just "unfriendly".

about a month and a half ago
top

Internet Explorer Implements HTTP/2 Support

dskoll Binary format (122 comments)

Parsing out the binary format of HTTP frames will most likely open up a whole new class of client vulnerabilities as malicious servers feed them bad data. Yay.

about 1 month ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

dskoll Re:Suspicious screenshot (236 comments)

Didn't I just say that? You'd have to explicitly invoke #!/bin/bash. I know of very few scripts that do that; most use #!/bin/sh.

about 2 months ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

dskoll Re:Question about how this works (236 comments)

Apache passes user-supplied content to CGI scripts as environment variables, so any CGI written in bash or that invokes bash (via system(), for example, on an OS that uses bash as /bin/sh) could be used as an exploit vector.

about 2 months ago
top

First Shellshock Botnet Attacking Akamai, US DoD Networks

dskoll Suspicious screenshot (236 comments)

The screenshot in that article shows the shell prompt as "root@debian". But in reality, most Debian systems use "/bin/dash" as the default system shell instead of /bin/bash, which means most Debian systems are extremely hard to compromise; a CGI or system() call would have to go out of its way to invoke bash instead of dash.

about 2 months ago
top

Netflix Rejects Canadian Regulator Jurisdiction Over Online Video

dskoll Re:Funny how this works ... (184 comments)

Canada's not Russia. Russia has far more deeply-ingrained problems than socialism. Try "being run by a gang of criminals".

about 2 months ago
top

Netflix Rejects Canadian Regulator Jurisdiction Over Online Video

dskoll Re:Funny how this works ... (184 comments)

We as Canadians have a different approach to government and how we want to build our society.

Yes, but not all Canadians buy into the CRTC's approach. I am absolutely opposed to all the CanCon and related regulations imposed by the CRTC. I'm completely fine with the federal and provincial governments subsidizing broadcasters and the arts in general (TVO is a great example of this done well), but I'm utterly opposed to their regulating what private broadcasters have to show.

we're not too fond of an American company trying to wreck the system of local content production.

Speak for yourself. I'm fine with anyone wrecking the Canadian content production system. 90% of content producers will go under because they produce content no-one cares about. The 10% that survive will do so because they produce really good content and are competitive. Ultimately, it will lead to a healthier content-production industry that's not dependent on protectionist measures for its survival. Maybe we'll even be able to open up an export market for Canadian content.

about 2 months ago
top

Fork of Systemd Leads To Lightweight Uselessd

dskoll Re:Not a boycott but a confirmation (469 comments)

So lets say you do run syslog, but don't want journald. Is that possible?

If not, then it means systemd forces you to run software you don't want, increasing the attack surface for no benefit.

about 2 months ago

Submissions

dskoll hasn't submitted any stories.

Journals

dskoll has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?