×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Releases More Windows Bugs

dwheeler 90 days is really long (263 comments)

90 days is really long. The US CERT vulnerability disclosure policy is 45 days as described in http://www.cert.org/vulnerabil... (see that more more details). The problem is that you have to balance two conflicting needs; in the words of the CERT, "the need of the public to be informed of security vulnerabilities with vendors' need for time to respond effectively."

about two weeks ago
top

Extra Leap Second To Be Added To Clocks On June 30

dwheeler Leap seconds work just fine (289 comments)

Leap seconds work perfectly well for most situations. If you need precision monotonically-increasing seconds, use TAI time (or "GPS time", which is at a fixed offset from TAI). Leap seconds keep atomic clocks and the real world reasonably synchronized; any other approach will have its own problems.

about three weeks ago
top

Anthropomorphism and Object Oriented Programming

dwheeler Do anthromorphise! (303 comments)

Don’t anthropomorphize computers, they hate that notes that most developers do use anthropomorphic language. I think there are probably a variety of good reasons for it, too. Here's one speculation: When we communicate with a human, we must use some language that will be more-or-less understood by the other human. Over the years people have developed a variety of human languages that do this pretty well (again, more-or-less). Human languages were not particularly designed to deal with computers, but languages have been honed over long periods of time to discuss human behaviors and their mental states (thoughts, beliefs, goals, and so on). In any case, the problem isn't anthropomorphic language, it's the use of a bad analogy.

about a month ago
top

Critical Git Security Vulnerability Announced

dwheeler Case sensitivity is a good idea (148 comments)

Case sensitivity is a good idea. The problem is that trying to do "case insensitive" matching depends on the locale. If you send your files to someone else, whether or not they are the "same" depends on your locale if you're serious. For Turkish users, 'i' and dotted 'I' are the same if you're considering them as case-sensitive; for many other languages and users, the dots create DIFFERENT characters. And if you're trying to make this "easy" it doesn't go far enough; Latin "a" usually looks the same as Cyrillic "". So please don't say "users can't tell the difference" - they ALREADY can't tell the difference visually, and naive solutions do not begin to address it. At least you can visually see the difference betweeen "Picture" and "picture", and in any case, users typically just click on the item and move on.

I think it would be a GOOD idea to require that Unix-like filenames be legal UTF-8 sequences (since you then know how to display them), and then reject filenames that are not UTF-8. But that's much less intrusive than filename mangling.

That said, it's too late to fix Windows, so if you're going to run on Windows you have to deal with the problem as it is.

about a month ago
top

ODF Support In Google Drive

dwheeler Excellent! Finally, standard formats (40 comments)

This is excellent news. It's absurd that so many typical documents are stuck in proprietary formats. As stuff changes we should be able to read older documents using any tool we'd like. This is a major step along the way; there are now even more systems that support open document format. Congrats to Google!

about a month and a half ago
top

Kawa 2.0 Supports Scheme R7RS

dwheeler Parentheses (62 comments)

Most software developers will take one look at the excessive parentheses required for Kawa and Scheme and say "nuke it from orbit". Even Lisp advocates like Paul Graham admits that syntax like "(* (+ 1 2) (- 5 4))" is painful to deal with.

Thankfully, there *are* solutions for Scheme: SRFI-105 and SRFI-110 (which I co-authored). These are extensions to Scheme that let you keep meta programming (and syntax tree editing in an editor) with readable syntax. To my knowledge Kawa doesn't implement them, but they could be added.

about a month and a half ago
top

Judge Rules Drug Maker Cannot Halt Sales of Alzheimer's Medicine

dwheeler Because patent still applies (266 comments)

My understanding is that currently a patent is still valid EVEN IF the drug is taken off the market. But I think that's the right solution: Change the rules so that if you take a drug off the market, the patent is immediately declared abandoned, and anyone else can make it.

about a month and a half ago
top

Judge Rules Drug Maker Cannot Halt Sales of Alzheimer's Medicine

dwheeler "Stop making" should equal "patent expired" (266 comments)

Stopping to make the original drug should cause immediate expiration of its patent. A patent is a government-created monopoly to encourage people to make the stuff. Clearly, if the company won't make it, there's no need for the patent. Requiring a company to make something they don't want to make is absurd; instead, just let others make it. And if they raise the prices substantially, perhaps require patent licensing in those cases (just as we did for music).

about a month and a half ago
top

81% of Tor Users Can Be De-anonymized By Analysing Router Information

dwheeler Anonymity is HARD (136 comments)

I'm not surprised. I wrote a paper back in 2003, Techniques for Cyber Attack Attribution, that listed a LONG list of ways to do attribution. This sounds a like a variant combining "modify transmitted messages" and "matching streams" via timing (see the paper).

Real anonymity is HARD. If someone wants to attribute you, it's hard to prevent.

about 3 months ago
top

Creationism Conference at Michigan State University Stirs Unease

dwheeler Re:We NEED more public discussions at universities (1007 comments)

noun: censorship: the practice of officially examining books, movies, etc., and suppressing unacceptable parts. So if MSU, a public university, officially examines and suppresses the speech of certain ideas, then (by definition) that is censorship. If MSU censors ideas because they receive a lot of grant money in opposition to the ideas, that is even worse. No one is asking for MSU to endorse these ideas, merely for space to present them to a willing audience. I agree that MSU should not be required to endorse every speech made on its campus, but that is not what is happening here.

I agree that you can't just do an emergency broadcast at the White House. But that is irrelevant. No one has to show up at their event, or listen to it. They're being allowed to present a point of view, and those who WISH to hear their point of view may listen to it. That's nothing like an emergency broadcast.

The university sees this as a free speech issue too. The article says: "University officials say they have no plans to interfere with the event. “Free speech is at the heart of academic freedom and is something we take very seriously,” said Kent Cassella, MSU’s associate vice president for communications, in a statement. “Any group, regardless of viewpoint, has the right to assemble in public areas of campus or petition for space to host an event so long as it does not engage in disorderly conduct or violate rules. While MSU is not a sponsor of the creation summit, MSU is a marketplace of free ideas.”

about 3 months ago
top

Creationism Conference at Michigan State University Stirs Unease

dwheeler The interview question (1007 comments)

No. If the prevent the presentation, an interviewer might ask, "Oh, you went to that pro-censorship university?"

about 3 months ago
top

Creationism Conference at Michigan State University Stirs Unease

dwheeler Disagree (1007 comments)

I disagree. There may not be any discussion in that room, at that time. But that does not prevent discussion, which will continue in many venues. I suspect there will be many other presentations, where opposing points of view will be aired. Debating over valid sources of evidence is nothing new, either.

Preventing the airing of unpopular ideas is its own problem.

about 3 months ago
top

Creationism Conference at Michigan State University Stirs Unease

dwheeler We NEED more public discussions at universities (1007 comments)

I am saddened by these sudden cries for censorship. I should note that I believe in evolution. I believe that most Christians do, too; for example, the Catholic church in the 1950 stated that there was "no intrinsic conflict between Christianity and the theory of evolution". But if someone has a belief that is different from the mainstream, let them present it. If it's convincing, others will believe if. If it's not convincing, they will convince no one else.

about 3 months ago
top

Rite Aid and CVS Block Apple Pay and Google Wallet

dwheeler Patents and standards (558 comments)

There are absolutely no laws that keep standards (or anyone else) safe from patent claims.

Some standards organizations try to require members to license patents under "Reasonable and Non-discriminatory" terms, but the whole thing is nonsense. What is "reasonable"? The answer is, "as much as I can get from you!". And what is non-discrimantory? By definition most RAND terms discriminate against FLOSS, and they also always discriminate against organizations without the patents (since they have to pay for the patents, while others do not). In addition, for software patents and business patents, in general no one (not even the patent author) actually knows what the patent covers and what it does not, for a variety of unfortunate reasons.

I actually think that patents have their place in the physical world, but not at all in the software world.

about 3 months ago
top

India Successfully Launches Region-Specific Navigation Satellite

dwheeler Re: How many GPS systems are there? (86 comments)

I know of at least the following systems that exist or are being built: GPS (United States), GLONASS (Russia), Galileo (planned, European Union), Indian Regional Navigation Satellite System (India), and the Beidou Navigation Satellite System (China). GPS and GLONASS, in particular, have been around a long time.

about 3 months ago
top

Ask Slashdot: How Many Employees Does Microsoft Really Need?

dwheeler Binary prefixes: Use them (272 comments)

By standard and by law, a "k" is x1000, an "M" is x1,000,000, and so on, and NOTHING else. Standards groups like IEC and IEEE are unanimous: they ALWAYS mean a power of 10. There have already been a number of court cases where someone used "K" etc. to mean binary prefixes, and every time they have had to concede (and typically end up paying up in out-of-court settlements). Examples include Willem Vroegh v. Eastman Kodak Company and Cho v. Seagate Technology (US) Holdings, Inc.

And don't tell me that computers "always" use base 2 measurements. Hard disk drives, clock cycles, and bandwidth are typically measured using base-10 prefixes (multipliers of 10^3). Yes, RAM has been traditionally been measured using prefixes that imply powers of 2, but the errors have been getting worse and worse as the numbers get larger.

Technologists should care about being precise. If you can't tell what a number means, that is a problem. The binary prefixes are a nice solution to a widespread problem. If you don't care about precision, use whatever term you want. But when you want to measure accurately, use the right units.

about 6 months ago
top

With New Horizons Spacecraft a Year Away, What We Know About Pluto

dwheeler What do you call objects orbiting stars? (128 comments)

The practical problem is a difficulty of communication. The purpose of words is to help us communicate. If we have no word for a common idea we want to express, then we usually create a new word or phrase.

Let's say we observe an object, with mass less than a star, that is orbiting a star other than our Sun. What, exactly, do you call it? Under the IAU rules, you cannot call it a planet, because we generally cannot know if it has cleared its orbit. The standard solution in English is to call it a "planet". But if we call it a planet, then we should use the same definition everywhere.

about 7 months ago
top

With New Horizons Spacecraft a Year Away, What We Know About Pluto

dwheeler Pluto=planet, because there are other stars (128 comments)

As I commented years ago, the worst problem with the current IAU definition of "planet" is a practical one: we can't practically use it for objects orbiting other stars.

We are too far away to observe small objects around other stars, and I think we will always be able to detect larger objects but not smaller ones in many faraway orbits. So when we detect an object in another galaxy with the mass of Jupiter, and it’s orbiting a star, is it a planet? Well, under this current definition we don’t know if it’s a planet or not. Why? Because we may not be able to know what else is there in orbit. And that is a real problem. I think it’s clear that we will always be able to observe some larger objects without being able to detect the presence of smaller ones. If we can’t use the obvious word, then the definition is useless - so we need a better definition instead.

I think a much better definition of "planet" is "orbits a star, enough mass to become round". Yes, that means that Ceres and some Kuiper Belt objects become planets. That's a GOOD thing. A lot of people don't know of Ceres, yet that one object has about 1/3 of the ENTIRE mass of the asteroid belt.

Of course, none of this affects reality; this is merely a definition war. But clear terminology is important in any science.

about 7 months ago
top

India's National Informatics Centre Forged Google SSL Certificates

dwheeler Internet Explorer IS vulnerable though (107 comments)

This is a big deal. If you use a browser on Windows that does NOT counter this, such as Internet Explorer, then you ARE vulnerable. I imagine Microsoft will come out with a special-purpose patch, but still, this is a pretty nasty issue.

Untrustworthy CAs have been a problem for a long time; we need mechanisms to address them. The terrible cert revocation system makes it even worse; you can't be sure that the certs are checked in many cases. Chrome's CRLSets are not the answer; they are not even the beginning of an answer. We need to fix the whole revocation system. Sadly, there hasn't been enough work or enough urgency on these problems; maybe this will light a fire under those efforts. I doubt it, but it's worth hoping.

about 7 months ago

Submissions

top

New DoD memo on Open Source Software

dwheeler dwheeler writes  |  more than 5 years ago

dwheeler (321049) writes "The U.S. Department of Defense (DoD) has just released "Clarifying Guidance Regarding Open Source Software (OSS)", a new official memo about OSS. This memo is important for anyone who works with the DoD (including contractors) on software and systems that include software, and may influence many other organizations as well. The DoD had released a memo back in 2003, but "misconceptions and misinterpretations... have hampered effective DoD use and development of OSS". The new memo tries to counter those misconceptions and misinterpretations, and is very positive about OSS. In particular, it lists a number of potential advantages of OSS, and recommends that in certain cases the DoD release software as OSS."
Link to Original Source

Journals

Slashdot Login

Need an Account?

Forgot your password?