Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Illustrating the Socioeconomic Divide With iOS and Android

dwheeler Screenshots are built into Android (161 comments)

There's no "app" for screenshots because it's built into Android itself, and has been since 4.0 (which was released many years ago). It's volume down + power button. Just Google for "Android screenshot".

about two weeks ago

New Apache Allura Project For Project Development Hosting

dwheeler Nonsense (43 comments)

This makes no sense. If you want to search for code, the obvious way to do it today is use Google or some other search engine. Tomorrow, the obvious way to do it... will be to use Google or some other search engine. You don't need a "federated search", you just need a good search engine. There are a number of code-specific search engines that already work today too, again, there's no need for one system to rule them all.

I think there's great advantage in having an OSS management system for managing OSS projects.

about two weeks ago

St. Patrick's Day, March Madness, and Steve Jobs' Liver

dwheeler Just make organ donation the default (129 comments)

One big improvement would be to make organ donation the *default* when obtaining a driver's license in the US. That way, people could opt out, but most people just "accept the default"... and then far more organs would be available to save the living.

about a month ago

Ask Slashdot: Linux For Grandma?

dwheeler Re:Chromebook (287 comments)

I've had better luck with Chromebooks. Cloud printers are now very common, and in many cases buying a new printer costs little and is a big improvement anyway. For a list of printers that can work this way, see: http://www.google.com/cloudpri... I hate trackpads anyway, and I've had excellent success with normal mice on a Chromebook. Apple components often don't like working with non-Apple components, that may be the problem there. And all built-in laptop speakers are bad; if it matters, get speakers, they're cheap.

about a month ago

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

dwheeler It is VERY common (572 comments)

This is very common in the military and in defense contractors, and it happens elsewhere too. There is a reason for it. Many of these organizations are worried about malicious stuff going in and/or exfiltration of non-public data going out. Employer MITM makes it easy to examine every packet for these kinds of things (to counter them). In the US, at least, it's generally accepted that employer equipment is owned by the employer, and thus they expressly have the authority to examine what goes over their own network... and as a condition of employment or computer use you probably signed something agreeing to this. I'm not a fan of this approach, but it certainly happens.

Open source software that implements crypto protocols (e.g., SSL or SSH) will (correctly!) report that there's a MITM attack. So if you want to actually *use* the software in such settings, someone has to configure the software to trust the MITM. Some admins will do this automatically. If not, you may need to do it yourself. E.G., on Firefox, install the organization's certificate.

You configure Linux systems to work in these environments, but since the certs are often files in Windows aka DOS aka CP/M format, you need to convert the files as well as put the into somewhere useful. Here's one way to deal with it.

On Fedora, given a bunch of .crt files, you can do this:

dos2unix *.crt ; cat *.crt >> /etc/pki/tls/certs/ca-bundle.crt

On Ubuntu, you can do this given a bunch of .cer files:

dos2unix *.cer ; rename 's/.cer$/.crt/' *.cer ; ca=/usr/share/ca-certificates ; mkdir -p $ca/MYORG ; cp *.crt $ca/MYORG ; cd $ca ; ls MYORG/* >> /etc/ca-certificates.conf ; update-ca-certificates

You could avoid appending to the file if you want to, but I'll leave that as an exercise for the reader.

about a month and a half ago

DARPA Publishes Tons of Open Source Code, Data

dwheeler Good start!! (39 comments)

This is a good start. If "we the people" pay to develop software, then it makes sense to ensure that "we the people" can use it, improve it, and distribute those improvements by default. See http://freethecode.org/ for others who think that makes sense too.

The URL http://www.dwheeler.com/govern... has a longer list of software released by US governments (federal, state, or local) as open source software. It even identifies a few meta-lists like this one. I'm sure it's incomplete, but it shows that US governments do release open source software. I'd love to hear of other examples of such software (with URLs that prove that the government paid to develop or improve it).

about 2 months ago

GNU Guile Scheme Gets a Register VM and CPS-Based IL

dwheeler Parentheses matching not required (42 comments)

GNU guile's built-in reader includes support for SRFI-105, so you can use infix expressions directly. In particular, you can use {...} instead of (...) and put the operator in the EVEN position, e.g., {n https://www.gnu.org/software/guile/manual/html_node/SRFI_002d105.html

If you want to eliminate more of the parens, you can use guile with SRFI-110, which provides support for indentation-sensitive semantics. An implementation is available with an MIT license. See more here: http://readable.sourceforge.net/

about 3 months ago

Why Do Projects Continue To Support Old Python Releases?

dwheeler Because it must be useful (432 comments)

It's not complicated. It's simple. Upgrading a production system is a *big deal*, and in many places there is a long delay between updates. Enterprises will often pay big $$$ to NOT upgrade (other than security patches), because they want rock-solid stability much more than the latest hotness.

E.G., RHEL 5 and CentOS 5 are widely deployed, and will be used for some time to come as production systems. They only support older versions of Python2. Therefore, *useful* programs that need to run on these widely-used systems must be written to run on these older systems.

about 3 months ago

"Clinical Trials" For Programming Languages?

dwheeler Visual Basic (232 comments)

I believe this is for the Visual Basic 6 or less, not for "Visual Fred" which has the same name but mostly unrelated syntax and semantics. See: http://catb.org/jargon/html/V/Visual-Fred.html I think you have to take those measures with large grains of salt, but it's certainly true that languages affect productivity.

about 3 months ago

SourceForge Appeals To Readers For Help Nixing Bad Ad Actors

dwheeler Confused! DevShare *is* opt-in for developers (198 comments)

I actually read the article (I know, you can't do that on Slashdot). It says DevShare is opt-in for developers, not opt-out, and that's what inserts the additional stuff in the executables. So were the GIMP folks just confused? It sounds like GIMP left over something that was in their control in the first place. (No, I don't work for any of these folks.)

about 5 months ago

MELT, a GCC Compiler Plugin Framework, Reaches 1.0

dwheeler Lisp syntax is the problem (58 comments)

The problem is, in part, Lisp's syntax. Most people don't want to read code written in lisp, because (+ (* 3 4) 5) is a big pain. You might look into http://readable.sourceforge.net/ - it extends Lisp s-expressions with additional abbreviations, making it much easier to read.

about 6 months ago

Exoplanet Count Peaks 1,000

dwheeler There are no exoplanets. IAU says so. (116 comments)

The IAU has decided that a planet - at least around our Sun - has to "clear the neighbourhood" around its orbit. There will always be objects we can detect, without being able to detect if the neighbourhood is cleared (currently is all so-called exoplanets).

One solution is that "planet" has a different definition between our Solar System and everywhere else. But that is inconsistent. What we should do is have the same definition everywhere; I suggest "orbiting star" and "so massive it's round". If that means Pluto and Ceres are planets, well, that's just fine.

about 6 months ago

Ask Slashdot: Can Bruce Schneier Be Trusted?

dwheeler Missing the point (330 comments)

But how, exactly, were going to use those alternative compilers? If you just use an alternative compiler executable, maybe the original executable was okay and the alternative was subverted - so now you have introduced corruption into the compiler executable you cared about. Just using a different compiler in the obvious way simply moves the problem somewhere else, it doesn't actually solve anything. In DDC, you have to subvert both compiler executables, which is significantly harder.

Ken Thompson's trusting trust paper didn't describe how to solve the problem. The only proposed approach is to rewrite everything yourself, which is impractical.

about 6 months ago

Ask Slashdot: Can Bruce Schneier Be Trusted?

dwheeler Bruce Schneier connection (330 comments)

Oh, and a Bruce Schneier connection: In 2006 Bruce wrote a summary of my ACSAC paper on diverse double-compiling (DDC). Bruce's article is simply titled Countering "Trusting Trust".

Bruce completely understood the approach. He explained it very well in his blog, and he also did a nice job explaining its larger ramifications. His conclusions are still true: the "trusting trust" attack has actually gotten easier over time, because compilers have gotten increasingly complex, giving attackers more places to hide their attacks. Here's how you can use a simpler compiler -- that you can trust more -- to act as a watchdog on the more sophisticated and more complex compiler.

about 6 months ago

Ask Slashdot: Can Bruce Schneier Be Trusted?

dwheeler Diverse Double-Compiling (trust but verify) (330 comments)

Thanks for pointing out my Diverse Double-Compiling (DDC) paper!

My page on Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) has more details, including detailed material so you can duplicate the experiments and re-verify the proofs. Note that you do not have to take my word for it.

You have to trust some things. But you can work to independently verify those things, to determine if they're trustworthy. I don't always agree with Bruce Schneier, but after watching what's he's done for years, I've determined that he's quite trustworthy. This is the same way we decide if we should trust anyone or any thing. In short: "trust, but verify".

about 6 months ago

GNU Make 4.0 Released

dwheeler Make scales just fine (see: Peter Miller) (179 comments)

Make scales just fine. Badly using make, through mistakes like using recursive make, causes scalability problems.

The paper "Recursive make considered harmful" by Peter Miller identifies common mistakes in using make, and how to fix them. The biggest mistake is using recursive make; this is a common mistake that is NOT required by make. Once you stop making this mistake, make is suddenly much faster.

Two other issues with standard make were not part of POSIX, but they are now:

Issue 1: Historically, standard make only implements deferred assignment (where values are calculated when referenced, not when set). This meant that as size grows, there was an exponentially increasing calculation effort (eek). Miller recommends using immediate assignment op, but although GNU make has one (as :=) that wasn't in the POSIX standard. He also suggests using an appending assignment (+=_, which wasn't in POSIX either. Since then, POSIX has added the immediate-assignment operator ::= and the appendix-assignment += (see http://austingroupbugs.net/view.php?id=330). GNU make 4.0 implements "::=", so you can now start using it. This gets rid of a major scalability problem.

Issue 2: The "obvious" ways to implement automatic dependency generation in make require the ability to "include" multiple from one line, and the ability to silently ignore errors when including, and those weren't in POSIX either. These have since been added to POSIX (in http://austingroupbugs.net/view.php?id=333 and http://austingroupbugs.net/view.php?id=518).

Just getting something into the POSIX spec doesn't cause anything magical to happen. But if a capability is in a standard, it's way more likely to be implemented, and people are far more willing to depend on it.

about 6 months ago

GNU Make 4.0 Released

dwheeler Lisp s-expression notation can be readable (179 comments)

Previous poster: "Being simpler for a computer means it is simpler to write evaluators for LISP expressions. Because of the simplicity of LISP an evaluator + applicator gives you a compiler or runtime environment. That is a huge huge advantage."

Yes, but that doesn't require using the old s-expression notation from the 1950s.

Check out http://readable.sourceforge.net./ This adds additional abbreviations to s-expressions, just like 'x currently means (quote x), so that people can produce much more readable code and data. It's implemented in Scheme and Common Lisp, and is released as open source software using the MIT license.

about 6 months ago

GNU Make 4.0 Released

dwheeler Replacing make with... make (179 comments)

There are a lot of build systems that provide more built-in features than straight-up make. Heck, GNU make itself has LOTS more features than POSIX make.

But many of those more-automated build systems run on top of... make. In particular, if you use cmake or automake/autotools, they *generate* makefiles, so you still need a capable "make" program. In fact, you *want* a "make" underneath with lots of capabilities, so the tool you use directly can generate better results.

Ant and Maven are nice tools... but usually they're only used with Java. Rake is great, but is typically only used with Ruby. I like Python (the language), but there are several articles showing that at least at the time Scons was *slow* (and thus had trouble scaling). Autoconf's syntax is still baroque, but if you follow certain conventions it's actually not too bad, and it's much easier to use now that a number of annoying bugs have been fixed.

For general-purpose build systems, the autotools or cmake are still reasonable build systems to look at (unless you're using Java or Ruby). And since they generate makefiles, it's important to have a great tool underneath to process the makefile, even if you don't use make directly.

about 6 months ago



New DoD memo on Open Source Software

dwheeler dwheeler writes  |  more than 4 years ago

dwheeler (321049) writes "The U.S. Department of Defense (DoD) has just released "Clarifying Guidance Regarding Open Source Software (OSS)", a new official memo about OSS. This memo is important for anyone who works with the DoD (including contractors) on software and systems that include software, and may influence many other organizations as well. The DoD had released a memo back in 2003, but "misconceptions and misinterpretations... have hampered effective DoD use and development of OSS". The new memo tries to counter those misconceptions and misinterpretations, and is very positive about OSS. In particular, it lists a number of potential advantages of OSS, and recommends that in certain cases the DoD release software as OSS."
Link to Original Source


Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account