Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Laser Eye Surgery, Revisited 10 Years Later

fluffy99 Re:Astronomy, and general poor night-time results. (535 comments)

Also the fact that it won't prevent future changes to vision. I'm thirty now, and my vision still continues to slowly get worse. I fear I'd be paying for a 5 year reprieve from glasses and then be back to wearing them with side effects I also have to live with for the rest of my life.

I had PRK since I had too much correct to do normal lasik. Its essentially lasik but they don't cut a flap first, has a longer recovery time, but is actually more accurate than lasik. I went from a -10.5 diopter prescription with contacts (pretty thick if I wore glasses) to 15/20 vision without. The only noticeable side effect was a very slight halo effect around bright objects at night. This is caused by the edges of the laser correction area becoming visible when the iris is fully dilated. For heavier corrections the max diameter of the correction area depends on the prescription and how much material they can take off in the center of the correction area, and for lasik how big they can cut the flap.

I made it about 10 years without glasses after that and now use very light prescription glasses mostly for driving and reading. I still don't need glasses for most things, and its awesome to see the alarm clock in the middle of the night without having to fumble for glasses first. I also don't worry about losing a contact and having to drive home with very impaired vision. I don't regret the decision at all even though I'm back to wearing glasses.

4 days ago
top

Man Booted From Southwest Flight and Threatened With Arrest After Critical Tweet

fluffy99 Re:Why did he roll like a pussy? (873 comments)

What the fuck does the 1st amendement have to do with this? The airline is a business and they have every right to decline to do business with you and refuse to fly you anywhere. The airline is obligated by FAA rules to disallow disruptive passengers on their planes, so yelling at the agent or refusing to comply with their reasonable instructions means they are legally require to remove you from the plane. If you yell at the McDonalds counter jockey, don't be surprised when they refuse to sell you a burger and ask you to leave.

4 days ago
top

Man Booted From Southwest Flight and Threatened With Arrest After Critical Tweet

fluffy99 Re:Customer service? (873 comments)

You might find the Mythbusters testing information. They found Front-to-Back to be the worst as well. The best seemed to be back corner windows moving forward and in to the aisle as I recall.

4 days ago
top

Man Booted From Southwest Flight and Threatened With Arrest After Critical Tweet

fluffy99 Re:Customer service? (873 comments)

I would fire the agent for starters, and whoever was involved.

The gate agent was correct in telling him he could move back in the line to join his kids, but they couldn't cut in line and move up to join him. That's the policy and they tell you this when asking you to line up. The guy was in the wrong and then whined on twitter about how they didn't bend over to kiss his ass. His tweet naming the person could be construed as harassment or slander.

Pulling him off the plane was a poor reaction, even if the intent was just to just to ask him to delete the tweet or at least revise it to delete the persons name. I suspect the agent threatened to call security and have him removed because he continued to be an ass, but that would be a one-sided opinion just like the guy claiming they were rude and threatened him.

4 days ago
top

Can Thunderbolt Survive USB SuperSpeed+?

fluffy99 Re:So in other words, it will be just like Firewir (355 comments)

This is exactly what I came here to post. It's a shame, because FW400 was far superior to USB2.0. The problem lay with the peripheral manufacturers who didn't want to put in more expensive controllers and dual-ports on their enclosures. Heck, wasn't the iSight the only webcam for Firewire? No demand=no supply=high prices. FW800 was pretty much the same. Better tech, limited market, high prices, bang, whimper. I love that my old Mac Mini can transfer data between 3 daisy-chained FW400 drives much faster than it can transfer to a single USB2.0 drive, but the fact that enclosures are expensive and basically non-interchangeable with any of my other devices makes it a pretty niche market.
Thunderbolt will probably follow the exact same progression, right down to the "new" faster Thunderbolt. Sure, its PCI-E, but 95% of consumers don't know, care, or need that capability. They buy on price and availability, plain and simple.

One of the security failures of firewire was that it provided direct access to memory. In other words a malicious external device could gain complete control of the computer. Having your peripheral interface be PCIe is just as bad. USB for all its overhead is still more secure (assuming you finally fix some of the stupid windows autoexecute bugs)

about 2 months ago
top

OpenSSL: the New Face of Technology Monoculture

fluffy99 Re:Apples and oranges (113 comments)

With open-source software, a monoculture isn't that bad a thing, as the Heartbleed exploit has shown. ... How fast was a fix available for Heartbleed?

Heartbleed showed that a monoculture, particularly one relying on poorly written and barely reviewed code is a bad thing. OSS or not. That the source code was fixed so easily just highlights to me how the heartbeat feature it was never properly reviewed or tested, and how people using openssl or incorporating it into their products never questioned it. The many eyes argument fails when you realize how few qualified programmers looked at the code. Given how wide spread openssl is, getting that fix rolled out to all the s/w and h/w that have it embedded is a nightmare. Just think of the Billions being spent to audit and test across enterprise networks, and update all that software.

Sure openssl will get more scrutiny for a while, but it doesn't fix the underlying fallacy that OSS automatically means quality code regardless of whether its commercial, free, or otherwise licensed. Or that OSS projects quite often have a shoestring budget, lower quality programmers, and less far less review than closed, proprietary software.

about 3 months ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

fluffy99 Re:Wat? (582 comments)

You seriously think that black hats bother with reading millions of lines of code in the hope of finding an exploit when all they have to do is play with the data sent to services/applications and see if it misbehaves. Which is why exploits are equally found among closed and open softwares.

This is true, and exactly how this was found by Codenomicon. Having access to the source code actually makes it far easier to turn the bad behavior into a working exploit, particularly for something like buffer overflows. Although in this case, there wasn't much work needed as the bad behavior was returning the contents of memory in response to a bad parameter.

about 3 months ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

fluffy99 Re:Open source was never safer (582 comments)

I think this says more about the prevailing view of security. Every programmer is told "NEVER roll your own encryption". The default result is that most programmers never even look at the code and instead assume it MUST be safe since the infallible "experts" wrote it. What we are seeing here is not the fault of open source vs closed source; it is about voodoo programming being considered good security practice.

I'm not saying that everyone should be rolling their own encryption, but people should be looking over the experts implementations instead of assuming they are perfect (this bug could have been caught by any number of "normal" programmers had they simply taken the time to looked).

The irony is that the openssl authors chose to roll their own malloc implementation instead of using the default, trusted one which would have likely crashed instead of facilitating the leakage of memory. (I still blame the fundamentally flawed nature of C for even allowing this)

about 3 months ago
top

More Than 1 In 4 Car Crashes Involve Cellphone Use

fluffy99 Some real statistics. (367 comments)

http://www-nrd.nhtsa.dot.gov/P...

An NHSTA sponsored study says at any given moment during the day, 5% of Americans are driving while using a cell phone.. The study has some caveats - it relied on phone surveys, visual road-side observations, and only goes up to 2011, so may be significantly under-reporting cell phone usage. I estimate that number is closer to 10% based on casual observation while driving. So in a two -car accident that gives a 10% chance of a cell phone used in one of the cars. If the real cell-phone usage number is closer to 15%, then the 26% number is meaningless as it's typical of the overall population regardless of cell phone use.

When I see a stupid driving move, the person is invariably holding a cell phone to their face, talking and gesticulating wildly while they're the only person in the vehicle (hands-free), looking down at something (texting or dialing), or it's a woman putting on makeup while driving.

about 4 months ago
top

Linux May Succeed Windows XP As OS of Choice For ATMs

fluffy99 Re:heartburn in the industry? (367 comments)

Fortunately, our equipment is not internet-connected (though it is networked), so security isn't really a principle concern.

Didn't the power industry say the same thing? Never, ever, assume the network is safe and not internet accessible if you don't own the network.

about 4 months ago
top

Bitcoin Exchange Flexcoin Wiped Out By Theft

fluffy99 Re:When are the bank runs going to happen? (704 comments)

And then, how many people are keeping the bitcoins themselves without adequate off-site backup?

In the general population maybe 5% of people have off site backups. Do they suddenly become wiser when they have bitcoins? Maybe a bit. But I'll bet it's still far less than half that have a proper backup system.

How exactly do you "backup" a bitcoin to protect it from theft? Backing up the coin info does zero good if someone already managed to effect a transfer of that coin. It's no more helpful than having a copy of your last bank statement after someone cleaned out your account (expect perhaps for FIDC insurance might payout on the loss).

Certainly, you're an idiot if you only keep the information in one place and risk losing it due to a simple HD crash. Safety of the coins from accidental loss was the allure of these exchanges. No-one really considered the theft aspect hard enough.

So has anyone tracked those coins to see where they went? The good (or bad) aspect of bitconis is their traceability. Did they eventually end up buying goods or getting cashed out somewhere?

about 4 months ago
top

Bitcoin Exchange Flexcoin Wiped Out By Theft

fluffy99 Re: When are the bank runs going to happen? (704 comments)

PCI compliance.

Citing PCI compliance don't do much. After all, look at how badly the credit card companies are doing with intrusions and compromises.

about 4 months ago
top

U.S. Aims To Give Up Control Over Internet Administration

fluffy99 Re:RFC 2468 -- I remember IANA (279 comments)

Sixteen years after Jon Postel attempted to bring DNS root zone control authority under IANA, finally, the dream of internationalization of the root DNS/internet infrastructure is becoming a reality. A moment of silence please, for Jon Postel, IANA.

This carries big implications in NSA's spying/QUANTUM program, which use U.S. control of the DNS system to exploit systems.

Really? Tampering with the DNS root servers is something that everyone would notice. It's not something NSA would be likely to start tampering with. Manipulating DNS at local levels perhaps, but certainly not at the root.

I'm more concerned about US Govt manipulation of DNS at the behest of corporations for copyright enforcement by killing websites. We've already seen that happen

about 4 months ago
top

The Earth As a Gravitational Wave Detector

fluffy99 Re:LIGO is a money pit (70 comments)

LIGO is enormously more sensitive (~12 orders of magnitude), than this seismic measurement but in a different frequency band (~100Hz), so both are valuable measurements sensitive to different types of GW sources .

LIGO itself is a phenomenally difficult project, but with big payoffs. There is the basic physics of understanding how gravity works, but there are also technology spinoffs. The extremely low loss mirror technology developed for LIGO is not being used for other applications, including telecom. The high Q optical cavities are used in commercial measurement devices for measuring tiny concentrations of materials in gasses . There are likely many other spin-offs from the project.

Near as I can tell, most of the technology flow (at least recently) is in the other direction, i.e. now that extremely low loss mirrors, etc are available they are upgrading LIGO to use them. Obviously they have a special use case and deserve kudos for developing their own fabrication techniques and applications of the technology.

The "big payoff" hasn't happened yet and isn't clearly defined. What exactly would the payoff be? I can see how correlating an observed perturbance as measured by this large scale interferometer with xray telescope data from an observed cosmic event could lend credence to therories about gravity waves.

about 4 months ago
top

The Earth As a Gravitational Wave Detector

fluffy99 LIGO is a money pit (70 comments)

They've sunk over a billion into the Hanford and Livingston observatories. The LIGO observatories from 2002 to 2010 were only operational for a very small fraction of the time, plagued by equipment problems, never acheived the design sensitivity, and NEVER detected anything useful. Most of their data was contaminated by local noise, including the highway a few miles away. They blindly collected terabytes of raw data that has never been fully analyzed and they have minimal local data analysis capability.

Now NSF is pouring even more money into it in the hopes they can improve the sensitivity and actually detect something? At best they might record a perturbance that is correlated between multiple sites (they also partner with an Australian site I believe), of which the value of that data is still debatable.

I wish the NSF would pull the plug on this waste of resources and invest in something more useful like cleaner nuclear power.

about 4 months ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

fluffy99 Re:Yes they did. (572 comments)

You do realize that performing https proxying and packet inspection to protect against malware is not the same thing as actively recording the sessions right? Regardless of whether they are proxying via MITM, they can still record the urls visited.

Also, the exact situation that the OP was attempting (a VPN that could expose the internal network) is one reason for using https proxying and filtering.

about 5 months ago
top

Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

fluffy99 Re:AHAHAHAHAH (231 comments)

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Um no, code review didn't find this - at least not the people that are supposed to. The bad guys apparently found and have been using this bug for quite some time. So obviously the black hats are more motivated to review the code than the white hats.

about 5 months ago
top

Your Next Car's Electronics Will Likely Be Connected By Ethernet

fluffy99 Re:A little late (180 comments)

It wont' happen if you use a couple of switches and some relays for the wipers instead, and mechanics for the wheel/accel/brake etc....a lot cheaper too.

But then you can't have a smart car with a moisture sensor and rain detector to automagically turn the wipers on for you. Although, I have gotten spoiled by not having to remember to turn on/off the headlights. Same deal for interior lights, - you could go with the old school mechanical switches but it is nice to have them turn on at the appropriate times and turn them selves off if your toddler left the light on and you didn't notice.

Brakes and steering are still mechanical, btw.

about 5 months ago
top

Your Next Car's Electronics Will Likely Be Connected By Ethernet

fluffy99 Re:No (180 comments)

The only thing AFDX has in common with ethernet is the mac layer. It's incompatible with and looks nothing like standard tcp/udp you normally see running around on ethernet nowadays.

about 5 months ago
top

Your Next Car's Electronics Will Likely Be Connected By Ethernet

fluffy99 Re:Shared networking with user services? (180 comments)

There are multiple busses in vehicles already, separated by function. Engine controls are usually on a higher speed can bus, stuff like the speedo and body (lights, doors, etc) on a low speed can bus. I can see adding a third bus for entertainment type stuff such as the radio sat nav, wireless hotspot etc.

about 5 months ago

Submissions

fluffy99 hasn't submitted any stories.

Journals

fluffy99 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...