Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



US Nuclear Missile Silos Use Safe, Secure 8" Floppy Disks

gregmac Re:Penis jokes aside... (481 comments)

The perception of old things being better is also highly influenced by survivorship bias. In short: the crappy old things have already broken and been thrown away and forgotten about. All the old things around that we still see are the ones that survived.

about 3 months ago

RCMP Arrest Canadian Teen For Heartbleed Exploit

gregmac Re:Mischief in Relation to Data (104 comments)

That's an interesting wording. It does seem like a pretty flimsy charge for what actually happened. A copy of the data (SIN numbers) was read from memory. CRA could continue to use that data to process tax returns (or whatever other purpose) regardless of if the data was read or not. The language is around "denied access to a person entitled" as opposed to "granted access to a person NOT entitled" (which is really what happened).

Analogy.. Going into your house and stealing your TV interrupts your ability to watch TV, and alters the state of your house. On the other hand, peeking through your window and taking a picture of your TV does not prevent you from watching TV, and does not change the state of your house. In fact, if you didn't catch me in the act, you'd never even know it happened (just like Heartbleed), and if you didn't know cameras could take pictures through windows you wouldn't even think about this happening (just like before Heartbleed was disclosed). It does not make it right at all, but it also doesn't even remotely seem to align with the definition of "Mischief in Relation to Data".

about 3 months ago

AMD Unveils the Liquid-Cooled, Dual-GPU Radeon R9 295X2 At $1,500

gregmac Re:here's how stupid this is (146 comments)

My last CPU upgrade in my desktop came with a fan that about doubled the noise from my system, and more when the CPU got cranked up. At suggestion of a friend, I installed a closed-loop water cooler on it (which cost me ~$70 IIRC). Night and day.

It actually runs cooler all the time (I was monitoring the temp before/after because I was curious) and the whole computer now makes less noise than before. When the furnace comes on, the sound of the air coming from the vent is actually louder, to put it in perspective.

Also, my computer has no 'window' in the case, extra lights, or any of that 'enthusiast' crap that you'd probably associate with liquid cooling and people that brag about it. In fact, aside from recommending it to another friend once, this is the most I've ever said/typed on the subject.

TL;DR: liquid cooling makes your computer nearly silent, is very effective at cooling, and you don't have to be a fanatic to use it.

about 4 months ago

New Home Automation?

gregmac Re:Z-Wave (336 comments)

make sure you include a neutral to all of your wall switch boxes

This is actually required by electrical code now (NEC 2011, 404.2(C)), specifically because of these smarter switches, and even many of the non-communicating switches/dimmers/timers on the market that have LED indicators and such.

about 7 months ago

Google Buys Home Automation Company Nest

gregmac Re:It's a Google aquisition (257 comments)

That would beat how long it took them to discontinue selling SageTV by "a few years".

about 7 months ago

RSA Flatly Denies That It Weakened Crypto For NSA Money

gregmac Bruce Schneier in 2007 (291 comments)

Bruce Schneier had a good write-up on this in 2007:

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias.


This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.


What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.

We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise.

This is scary stuff indeed.

about 7 months ago

Google Ends Internet Explorer 9 Support In Google Apps

gregmac Re:We're stuck on 9 (199 comments)

Why do you have *restrictions* on using IE9? If your sites/app are built correctly (using standards), then your users should be able to freely upgrade and even use other browsers. If the people that build your sites/apps are not supporting the current versions of browsers, or are doing things that are against standards and only work in IE9, then they're idiots. Or the person preventing testing of anything other than IE9 is an idiot.

It's fine for you you have a requirement of IE9+ support, but ignoring current versions is dumb. You're just recreating the mess of IE6-only apps that the world-at-large is only just getting over. Did you not learn the lesson?

It's slightly more expensive to support more versions today, but it's anywhere from much more expensive to complete-rewrite expensive when you have no choice a few years from now.

about 9 months ago

If Java Is Dying, It Sure Looks Awfully Healthy

gregmac If there's such a market.. why the Ask toolbar?? (577 comments)

It definitely doesn't help that the JRE installer tries to also install the Ask toolbar. Seriously? Even Microsoft doesn't try to install Bing with the .NET installers, and that's their own property they're desperately trying to push on everyone.

How am I supposed to take a platform seriously if the fundamental piece that has to be installed by all developers AND users to use it is doing the same sneaky things that half the crappy freeware on the internet is doing?

Just how much revenue does Oracle make from Ask anyway?

about 10 months ago

Students Hack School-Issued iPads Within One Week

gregmac Re:Just proxy it out at the router. (375 comments)

On this note.. I'd like to thank the administrators from from I was in high school for going through this. Their (ultimately unsuccessful) attempts at blocking everything gave me one heck of an awesome crash course in TCP/IP, DNS, firewalls, VPNs, and reverse proxies, etc .. knowledge which I've used to some extent at every job I've had for the past 15 years.

about 10 months ago

Writing Documentation: Teach, Don't Tell

gregmac Wikis are not magical, but they are not bad (211 comments)

I think the author's tirade against wikis is that many people use a wiki as a magical tool that allows them to forego writing documentation in the hopes it will suddenly appear, written by users that want to write documentation. This obviously isn't what typically happens.

However, I think wikis can be (and often are) a great format for documentation. The author(s) of the software should still be the primary and/or only contributors, but even so good wiki software serves to lower the barrier to writing documentation: creating/editing as simple as clicking edit, and you instantly see the results. You can link between pages, reducing duplication. Some software forces a hierarchy of pages, leading you to create things in a logical, structured way (of course, you can lead a horse to water...).

The key to this of course is that the person/people writing the software must write the bulk of the documentation (eg, like you would without the wiki as well). Don't allow random edits, or at least subject edits to a review process.If your project is big and successful, just as it lowers the barrier for you to write docs it may encourage others to contribute -- but don't rely on this.

Think of the wiki more like a publishing platform or format; not like a way to absolve yourself of the responsibility to write documentation.

about a year ago

Australian Bureau of Statistics Doesn't Like Direct Downloads of Census Data

gregmac I can see the conversation that happened.. (136 comments)

From the code:

// Also, generate a random number, which we append to the URL, to make it appear as if a complex
//key is required. This is a pathetic attempt to discourage someone from downloading the ZIPs
//directly (ie. without having to login), if they deduce the URL pattern.


Coder: "Here's the census web application."
PHB: "Great. But wait..I can just type in these other names and download them really easily! People will hack us and we'll be out possibly a COUPLE THOUSAND DOLLARS! "
Coder: "It is Creative Commons data, so of course we added no protection. Changing that now will be a massive rewrite and take months."
PHB: "So let's add some random numbers to the end so it looks really complex and people can't guess how to get in."
Coder: "But they still will eventually see the links because they do actually have to download it, so this is not really doing anything."
PHB: "Psh, no one is smart enough to figure that out. I read about this GUID things and they're really hard to guess. It will work. This is your job today."
Coder "..Ok, fine. I'll do it exactly the way you asked."

about a year ago

Ask Slashdot: How To Convince a Company Their Subscriber List Is Compromised?

gregmac Re:Depends... (247 comments)

Many, many years ago when I got my first domain, I set up * to forward to me. And about 5 minutes and several spams/garbage from the owner of the domain before me later, I turned it off.

However, I did end up making a subdomain and forwarding everything (*, and I've been using it exclusively for signing up to sites ever since (I've probably been using it for ~13 years). I can think of about two occasions where I have actually got spam to any of the addresses I used, both were from shady companies that turned on a 'share my address' setting without prompting (or it was so buried that I missed it, I usually spot those). I've never gotten any dictionary-style spam attacks to the subdomain or mail to an address I didn't explicitly use.

about a year and a half ago

Ask Slashdot: Are Timed Coding Tests Valuable?

gregmac Re:No undergraduate level stuff for me (776 comments)

You've obviously never been involved in hiring developers.

There are a *lot* of bad developers out there. So many it's sickening. Bad developers that have resumes that look like they can do stuff. They may even call themselves senior. They've worked on a team that has successfully produced a product (or at least at a company that has).

One of the memorable interviews I did with was via a referral, and it worked out that I went straight to an in-person interview (skipping my usual weeding-out process). This person had a decent CV. They worked on a project designing a military helicopter training simulator, which basically involved wiring a game (written by another team) up to a 4-person helicopter mock-up that included pieces of real equipment (radios, navigation, etc) so the actual equipment displayed and could interact with the game. I've always had a personal fascination with interfacing real-world hardware with software (and have done lots of industrial control integration), so I had a ton of questions.

Well, despite trying for ~15 minutes, I could not figure out what this person actually had specifically accomplished. The team had successfully built this thing from what I could tell, but this person could not explain to me what *they* actually did. I asked in many different ways, including very bluntly like "What was some piece of functionality/code you wrote yourself?" and the person "could not remember" (they worked there for over a year, and had left less than a year prior). The most technical thing they could say about the integration was that it "involved UDP".. Seriously.

about a year and a half ago

Firefox 18 Launches With Faster IonMonkey-Enabled JavaScript, Built-In PDF Viewer

gregmac Re:Honestly? (220 comments)

I've been using Chrome for well over a year, and have had this discussion many times. Yes, Chrome uses more ram. But I can close a bunch of tabs, and it frees it up. Firefox, every time I try it and despite that it's memory management is "getting better", still eventually uses several GB of ram and requires that I completely exit and restart before it's freed.

My browser is one of the first things I start up when I turn on my PC, and generally stays open until my PC has to reboot for some reason (which may be anywhere from a week to a month). This is really only possible now because I use Chrome.

about a year and a half ago

Ask Slashdot: How Often Do You Push To Production?

gregmac Re:Daily? (182 comments)

If your pushing code the production once a day, you have no QA cycle whatsoever.

That's not necessarily true. You can push code up once a day, where QA takes it a day (or whatever) later, and then it goes to staging and then goes to production. The code being pushed out today may have been in QA for the past two days, and actually written 3 days ago.

At the place I work at now, we're doing two week cycles like this. Once development is done, the code is pushed to QA, who then spends up to a couple weeks on it. If it passes, it can go out, but in the meantime, dev is working on new stuff. This works for any cycle duration, and even a per-issue basis, which is how >= daily updates (should) work.

Of course, there are places where there is no QA, and developers are pushing stuff to production immediately after writing it, and then spending the next couple days rushing fixes for all the bugs they just introduced into production. And then fixes for the bugs in those fixes... And the cycle ends when someone either wises up and realizes it's not sustainable, or all your developers burn out and leave and/or all your customers get sick of constant breaking and leave.

about 2 years ago

Teenager Arrested In England For Criticizing Olympic Athlete On Twitter

gregmac Re:Wow... (639 comments)

I'm offended by your suggestion that I or someone I know might ever say something mean in public and should be arrested. I demand you be arrested!

about 2 years ago

Why Microsoft Killed the Windows Start Button

gregmac Re:Why do users pin? (857 comments)

The folders could make sense -- it even appears they attempted that at the start, with "Accessories", "Games", and "Startup". But then presumably due to a default setting of an install tool, or perhaps just adopted convention, companies started using their names for the folders. Instead of "Internet" or "Web Browsers", you get "Mozilla". Instead of "Office and Productivity" you get "Microsoft Office".

The experience on most Linux desktops shows how much better this approach is. You don't need to remember the weird name of your favourite music player -- or worse, what company made it -- you pick "Music" and there it is.

The Vista start menu at least recognized having "Programs" featured so prominently was useless because the structure below was useless, unfortunately they "fixed" that by searching and pinning (which themselves, are not bad ideas) instead of enforcing a more logical structure.

more than 2 years ago

Ask Slashdot: How Do You Test Storage Media?

gregmac Re:Why? (297 comments)

Even if your storage passes the test, it could fail the next day. What you should be doing is designing your storage to gracefully handle failure, like RAID 5 with spares.

And then what you should test is that it actually notifies you when something does fail, so you know about it and can fix it. You can also test how long it takes to rebuild the array after replacing a disk, and how much performance degradation there is while that is happening.

more than 2 years ago

Laser Scanner May Allow Passengers To Take Bottled Drinks On Planes Again

gregmac Re:Unsafe Bottles (343 comments)

I've always been tempted to bring a half tube of toothpaste or drink bottle just so I can duck and cover when they take it and toss it into the trash behind them. I'm pretty sure they wouldn't see the humour in it though and instead I'd end up at the least being detained for several hours..

more than 2 years ago

Google Giving Google TV Another Shot

gregmac Re:Windows 8 wil be the real deal! (199 comments)

Will it finally support remote tuners? (or does it do that now?) One thing I love about my sage setup (and about Mythtv, before that) was that I could have one server in my basement with a few tuners and all the noisy drives, and then have a silent, tiny box sitting next to my TV with just power, ethernet and HDMI out, and an IR remote. I just pick a channel to watch and it figures out an available tuner to use (truthfully, I usually just pick a show to record, and never watch live tv nor even think about "channels"). It doesn't matter that I have an analog cable tuner, a digital OTA antenna, and a couple digital cable tuners -- there is a single guide, with a single list of channels, and when you watch a show you have no clue where it comes from. That's the way it should be.

On top of that, of course, I do NOT want the complication of a full PC on my TVs, such as security updates, fighting to ensure no other apps steal focus, absolutely never requiring a keyboard/mouse, etc. That's part of the reason I switched to Sage from Myth, actually (that, plus I could not even get close to building a silent, disk-less PC for the $150 that it used to cost for the Sage HD extender, not to mention getting it to play 1080p video or boot in 5 seconds).

more than 2 years ago



Smart home lighting with LEDs?

gregmac gregmac writes  |  more than 6 years ago

gregmac (629064) writes "I'm about to move into a new house, and will be doing a few renovations. As part of this, I want to install a controllable lighting system (eg, Insteon or X10), but I am also interested in low-power lighting, such as CFL or LED. From the research I've done so far, it seems most of the bulbs are incompatible with Insteon/X10 dimmers (either because they use low-voltage dimmers, or the load is too small for a normal dimmer to control). Apparently it is possible to hook a single incandescent bulb in with a series of LED and dim them, but this seems like a hack at best. Does anyone know a way to have both a "smart home" lighting system, and LED/CFL bulbs, or is the technology just not there yet?"


gregmac has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account