Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

itsdapead Re:Unit Tests are Not Optional Anymore (444 comments)

No production code without unit tests. Every possible type or class of input must be tested. All assumptions must be tested. All outputs must be verified for each possible combination of inputs. All failure modes must be exercised. No excuses, just do it.

Unit testing would only have caught this if someone had thought to test for an invalid payload length in the incoming request. Maybe OpenSSL would be a good candidate for full-blown formal methods that could mathematically prove that it matched the specification - however, then its important to remember that the proof only says that the code matched the specification not that the specification matched the real world, so all it really does is shift the complexity and scope for errors to the specification.

Thing is, for networking, those tests need to be right there in the code. Any data coming in off the web needs to be treated like a TSA officer treats a hippie in a 'Legalise Dope' T-shirt. Simple code review shows that OpenSSL wasn't doing that.

about a week ago

Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

itsdapead Re:Sloppy code (444 comments)

I glanced at some of the OpenSSL C code, in particular the new code that introduced this bug.

I don't disagree about the 'coding style' issue, but that kinda misses the point. The points are:

Theres a memcpy() - where is the bounds checking? Hello? Its not 1976. We all know memcpy is dangerous. Where there's a memcpy there should be a bounds check... even in a fart app. If the project has secure in the title there should be paranoid anal-retentive checking of both the source and destination buffers.

The code uses data that has come from teh interwebs, - again, where's the obsessive-compulsive validity checking on everything that comes in?

However, that's still not the point. Programmers make mistakes - and this bug was at least a bit more subtle than the usual one where the bad hat sends an over-length string.

The problem is with the oft-made claim that Open Source security software is extra-safe because the code is public has been seen by many eyeballs. That claim is dead. Possibly crypto experts have been all over the actual encryption/decryption algorithms in OpenSSL like flies on shit - however, clearly none of them looked at the boring heartbeat stuff. That shouldn't be the death of open source, though - Windows is proprietary and look at the sheer terror caused by the prospect of running Windows XP for one day after the security patches stop...

about a week ago

Scientists/Actress Say They Were 'Tricked' Into Geocentric Universe Movie

itsdapead Re:I believe Kate (639 comments)

That's a little harsh. Lawrence Krauss was also tricked into appearing in the documentary, are you going to claim he's stupid as well?

Its quite easily to believe that you could invite a scientist to be interviewed for a legitimate-sounding science documentary and then assemble a few soundbites that supported your cause by cherry-picking statements and using them out of context.

Its slightly harder to believe that someone could record the complete narration of such a film without getting some idea of what it was about - or at least getting suspicious. Nor does it pass the plausibility test that the makers would go to the time, expense or legal risk* of large-scale manipulation when there are plenty of real life Troy McLures out there would will read out whatever the hell they were handed if they needed money or lizards.

Of course, you'd really need to watch the film to make a judgement, and I don't propose to pollute my eyeballs with a single photon of it.

(* Yeah, its technically easy to change 'I do not believe that' into 'I do believe that' - but if you get caught you'll be slaughtered in the subsequent lawsuit. Better to take complete statements out of context and make it a question of interpretation).

about a week ago

Data Storage Pioneer Wins Millennium Technology Prize

itsdapead Re:Them Brits is smart (40 comments)

Yeah but they have ass breath and rotting, discolored teeth.

Only because our leaders keep taking advice from the Americans about how to run a health service (and for some reason, dentistry has taken a far worse hit than other services: even if you can find a national health service dentist you still have to pay non-trivial sums for treatment if you're not a child or OAP - c.f. Doctors where the worst case is max ~£10/month for prescriptions. I guess not enough babies die from toothache to motivate the opposition).

Anyway, once they all rot and fall out you can get dentures and enjoy unnaturally white, uniform, plastic-looking teeth just like an American.

Plus, we're much more reluctant to humiliate teenagers by forcing them to wear mediaeval torture devices to straighten their teeth just when they're most sensitive about their appearance.

about a week ago

Navy Creates Fuel From Seawater

itsdapead Re:Any chemists want to weigh in?? (256 comments)

An amp of current produces about a half a litre per hour of hydrogen gas. A 9V batter with 0.5-1 Ahr is not going to produce less than a litre of hydrogen gas, which wouldn't be a problem even in a small closet.

A litre? OK, you get to stick the burning splint into the collection bottle to test that it's hydrogen. I'm quite attached to my eyebrows. A few ccs in a test tube is enough for a satisfying 'pop'.

Half a litre of pure O2 is more than enough to do something inadvisable with, too. Pass the wire wool and the blowtorch please...

However, I wasn't suggesting that the hydrogen and oxygen were more of a deadly peril than the chlorine - just that its silly to single out one chemical because its been used in warfare and ignore the other potential risks. G.P. forgot to tell people not to drink the electrolyte, swallow the battery or get strands of copper wire stuck in their fingers.

about a week ago

Navy Creates Fuel From Seawater

itsdapead Re:Any chemists want to weigh in?? (256 comments)

Chlorine gas is toxic. It was used in shells to poison troops in WW1.

Whereas both hydrogen and oxygen are perfectly safe and have never been known to case any sort of problem whatsoever... well, ok, there was the Hindenburg, and Apollo 1, and...

So if you do the described experiment while locked in a badly-ventilated room, leave it running for long enough to increase Ever Ready's share price by 1%, ignore the eye-watering stink that even a whiff of chlorine will produce and then light a cigarette, you could be in real trouble. If only from all the crap in the cigarette smoke...

However, all this pales into insignificance alongside the experiment's reckless use of the liquid death that is Dihydrogen Monoxide!

Seriously, guys, when everything is described as dangerous, nothing gets treated as dangerous. If you're not sure what it is, don't wait for someone on the internet to tell you not to snort it.

about a week ago

British Domain Registrar Offers 'No Transfer Fees,' Charges Transfer Fee

itsdapead Re:Just refuse to pay the fee. (76 comments)

Of course the gaining registrar charges a fee for transfer -- which covers the domain registration.

Nominet aren't the 'gaining registrar'. They're the master register for all .uk domains - i.e. they record which domains are registered, who owns them and which registrar is managing them.

If you want to move your domain from 'CheapoReg' to 'WonderDomainz' then CheapoReg has to register the change with Nominet - or you can do it directly by paying £10 to Nominet.

I assume that registrars pay some sort of tithe to Nominet.

123-reg don't charge for a transfer in: you only pay when the domain next comes up for renewal.

If this is just on the .UK domain... then be sensible, and register a .COM or a .NET in the first place.

Except that ..org.uk or .co.uk domain registration costs ~ £4/year c.f. ~ £10/year for .com or .net, so unless you have nothing better to do than continually changing registrars, a £10 transfer fee if you decide to shift registrars is pretty much moot (...and that's £10 per batch at Nominet if you have multiple domains). More to the point, anybody getting hot under the collar about spending less per year to register a domain than they spend per month on mouse batteries (or whatever £4/month expense is more applicable to you), seriously needs to re-evaluate their priorities.

about two weeks ago

British Domain Registrar Offers 'No Transfer Fees,' Charges Transfer Fee

itsdapead Bit of perspective... (76 comments)

First, there's no doubt that 123-reg have handled this badly, need to change their advertising and probably need to eat a few £10 fees and apologies. So I'm not totally defending them. However, I do wonder exactly how much 'service' people expect for the few pounds a year per domain that these 'budget registrars' charge. I'd guess that straightforward registrations are a loss leader for them, and they rely on selling 'cherished' domains, ads on 'parked' domains and hosting sales for actual profit.

The 'IPS tag' change is an extra (at least c.f. .com/.org) step required for 'co.uk/org.uk' names managed by the UK central registry, Nominet. You can make this change yourself via the Nominet site, but they'll charge you £10 as well. That's more than 123-reg charge per year for a regular .co.uk. Even if they get a reduced rate it's going to eat their profit - in fact, without this change I could transfer in a domain, and transfer it out again before it expired without paying 123-reg a penny.

I notice that Nominet has just changed its contract for registrars and while life's too short for me to plough through 10 pages of legalese, so maybe the timing is not a coincidence.

about two weeks ago

Will Living On Mars Drive Us Crazy?

itsdapead If only... (150 comments)

If only there were documented cases of people living in confined, isolated conditions in, I dunno, research bases in the Antarctic, prisons, hospitals, tin cans under the sea for weeks at a time, or even tin cans in low Earth orbit... then we could learn all about the effects of isolation and cramped conditions.

Now, I'm full of the Wrong Stuff, and won't be volunteering to go to Mars anytime soon... but if I did, I suspect it would be because, whatever the discomforts and dangers, you got to explore strange new worlds, boldly go where no one has gone before and all that jazz. Doing that in a simulation strikes me as particularly depressing with no pay off beyond some psychology and physiology research - that could probably be obtained from existing data, and are unlikely to result in any high schools being named after you.

Doing this in the Antarctic, or in some deep-sea habitat and combining it with some exploration or research that would motivate the non-psychologist members of the team seems like a better simulation.

about two weeks ago

An SSD for Your Current Computer May Save the Cost of a New One (Video)

itsdapead Re:Can someone explain this to me? (353 comments)

I get the idea about maxing the RAM out - faster speeds and all that. What I don't understand is how moving to an SSD drive saves the cost on a new computer?

What the headline meant, in its English-mangling way, was that adding a SSD to your existing computer will give it a new lease of life, saving you the expense of buying a new computer.

An SSD has faster read/write times I've heard, but doesn't that still leave the bottleneck of the CPU? Is it supposed to act as RAM or a pagefile location or something?

Reviewers and online nerds tend to obsess about how many hundreds of megabytes a second they get in sustained-transfer disk benchmarks - figures that you'll rarely hit in real usage unless you're into editing and copying 4k video, or something similar data-intensive.

What they gloss over, is that virtually any SSD will have order-of-magnitude lower seek times than a conventional hard drive - put crudely that's the time your HDD spends laboriously dragging the read/write head to the right position and waiting for the bit of data you want to spin around to it. That makes a huge difference when your computer has to access lots of bits of information scattered over the disc - particularly when booting, loading applications or if your drive has got fragmented. Running multiple tasks? Tasks no longer have to play tug-o-war with the drive head to get the data they need.

Watch your HD activity light sometime and see how much time your computer spends faffing around with the HD.

And yeah, if you do run out of RAM and your machine starts paging to disc, a SSD will speed that up no end - although in that case upgrading RAM is probably going to be cheaper.

I don't have any vested interest in selling SSDs, but I'll vouch that putting a SSD in my laptop made it feel like a new machine.

about two weeks ago

The 3D Economy — What Happens When Everyone Prints Their Own Shoes?

itsdapead Re:Amazing (400 comments)

If you want to factor in fixed costs like printer cost and maintenance, please kindly include cost of factory in china, salaries of factory workers, cost of trans-atlantic ship and crew, tractor trailer, etc.

If I buy a soap dish at the store, I don't have to buy a factory in China.

Even saying that the price of that soap dish includes a contribution to the cost of the factory is pretty naive - the factory was probably government subsidised, paid for by a loan secured on the manufacturers share value rather than their turnover, and the price of the soap dish is determined by the state of the international plastic-soap-dish-futures market.

If I 3D print a soap dish, I pretty much need a 3D printer.

If I bought the 3D printer entirely or partially for the purpose of making my own small plastic household goods and saving money, then I absolutely need to take the cost into account when calculating my 'savings'.

Also remember that the business model for home printers has, for a long time, been to sell the printer as a loss-leader and then make money on the supplies. So, really, the initial cost of the printer is likely to be built-in to the consumables cost.

I do get your argument - e.g. if you absolutely need a car to get to work every day, there's no point factoring the fixed costs into an argument about whether its cheaper to get the bus for your weekend daytrip. However, this whole thread implies that making your own goods will be a Unique Selling Point for 3D printers and that typical households will buy them to print items from pre-defined templates. Only a small proportion of users, with the creative skills and inclination to produce their own unique items for hobbies and entertainment, will have another justification for the cost.

about two weeks ago

App Developers, It's Time For a Reality Check

itsdapead Re:I went for it. (161 comments)

I now have almost $150,000 in debt, ruined credit, and no job prospects. What should I have done different?

Not run up $150,000 in debt.

If developing your world-beating software cost more than a chunk of your spare time (while continuing in college), a hundred bucks or so for developer subscriptions and the use of a PC that you would have bought anyway, you did it wrong.

If you're building a better mousetrap, you'll hit the unavoidable roadblock where you need to manufacture thousands of the things to get them into the shops, and you'll need finance. With software - that needn't happen. Even in the bad old days before the internet, blank floppies were cheap, the elbow-grease needed to make 100 copies was free and the mark-up on the first 100 would easily pay to get the next 1000 professionally duplicated.

Now, with the internet, you don't have to do anything in quantity - and Apple, google, Amazon et. al. will not only put them on their virtual shelves but also handle all the payment processing for a measly 30% commission. It always amuses me when I see developers whinging at that.

The danger is that, at the age of 17, a few thousand bucks falling into your lap seems like a fortune. It isn't.

Software sales back in the 90s and early 00s paid for my house but (and this is important) paid for my house while the day job was paying for everything else. Its not a very big house.

about two weeks ago

The 3D Economy — What Happens When Everyone Prints Their Own Shoes?

itsdapead Re:Amazing (400 comments)

Let's break down the variable costs of your soap dish example (assuming the soap dish factory in China already built and 3d printer purchased)

3D printer costs: - 20 minutes of time my to find the design, boot printer and spit the item out. - Monetary cost: feeding in raw plastic and electricity should be negligibly cheap.

So, this is the 3D printer that you get for free and doesn't require any maintenance, replacement parts etc? Newsflash - even RepRap costs money for the non-printable components, and that's not exactly a consumer friendly solution. You'll have to make quite a few soapdishes to recoup the cost. I don't think I buy that much plastic tat in a year.

Meanwhile - here's betting that unless you use enough raw plastic to bulk-buy from a wholesaler, you're be paying $19.95 per quarter-pound spool to feed your printer. Or you could collect about half-a-dozen plastic bottles, wash them, cut them up, feed them into the extruder (add the cost of that to the equation) and enjoy your murky greeny-greyish-brown soapdish.

After that 60% of still unsold soap dishes go to landfill. This is where the real costs of mass production kick in. Shelf space aint cheap. Landfill is still free, but it should not be.

Of course, in the brave new world, those unsold soapdishes won't go to landfill - they'll be sold to 3D Printer Supplies Inc. who will recycle them and sell the plastic to home 3D printer owners at the bargain price of $19.95 per quarter-pound spool. In fact, this business will be so lucrative that entrepreneurs will be importing cheap plastic soap dishes, bypassing the pound store, and selling them direct for recycling into printer supplies. I mean, this is Earth we're talking about here, not Vulcan!

about two weeks ago

Judge Overrules Samsung Objection To Jury Instructional Video

itsdapead This is why its so hard to spot April Fools... (232 comments)

Whisky tango foxtrot?

I could understand it if the judge decided to show something she'd TiVOd of Discovery Channel the week before but this sounds as if it was made for this specific purpose.

What possible combination of misconceptions would lead the 'Federal Judicial Center' (the name suggests they might have the odd law degree to share between them) to feature any recognizable commercial products in an instructional video specifically made to instruct jurors in cases inevitably involving competing businesses?

Surely, any moron commissioning such a video would have 'Don't show any brands or recognizable products' on page 1 of the brief? With a footnote saying 'even if its arguably not in the context of patentability - we don't want to create excuses for objections or appeals when all those fellow lawyers are getting paid by the hou...

Oh, wait.

about two weeks ago

The 3D Economy — What Happens When Everyone Prints Their Own Shoes?

itsdapead Re:Amazing (400 comments)

So if I understand this correctly, thanks to the 3D printer we will soon have access to affordable items made of plastic.

Actually, make that less affordable items made of plastic, since buying and maintaining a domestic-size 3D printer and keeping it fed with raw materials is almost certainly going to cost more per item then buying mass-produced stuff. That's without factoring in the time needed to load up the printer, trim and assemble the output etc (So, how long is it going to take your home 3D printer to grind out a soap dish, shower nozzle, curtain rail, 20 curtain rings... and how much hand-finishing will they need?) When 3D printing technology evolves beyond making simple plastic widgets very slowly, you'll bet that factories will be installing industrial-strength ones that can turn out items at 1000 times the rate and at 1/1000 of the cost of your home printer...

about three weeks ago

Flash Is Dead; Long Live OpenFL!

itsdapead Re:Native Targets? (166 comments)

So, whats wrong with bundling a lightweight html 5 browser (or even a full blown one) with your HTML 5 webapp so it becomes a 'native' app?

Nothing much - apart from lack of simple (both for the developer and the end-user perspective) tools to do the job and some problems with security features in browsers (e.g. they won't recognise 'file://some/local/dir as a 'domain' when checking for cross-domain scripting and either just plain don't work or pop up scary security warnings). Actually, Adobe Air sorta did that, except that Adobe knobbled any of the webkit functionality that might have competed with Flash...

I still don't get what the OP's requirement with 'Native' that is a show stopper... with SVG and canvas, and even WEBGL, web RTC, etc. they pretty much have all the functionality and more that Flash can provide.

To duplicate Flash functionality in HTML5 you need an extensive graphics/animation library sitting on top of canvas or SVG, plus a decent timeline-based graphics editor/authoring system. All the bits exist (Inkscape, various HTML5 application frameworks and libraries) but nobody has yet put them together into a package quite like Flash.

As for the 'native' bit - for me it was more about providing an all-in-one bundle, with the correct versions of everything, that could be used by the sort of people who's answer to "What version of Internet Explorer do you have" is "Uh... XP, I think... or maybe Office 2010?".

Not that there aren't problems with Flash - notably Adobe/Macromedia's determination to completely re-invent the API and Actionscript language with every release and the mind-bogglingly stupid situation wherein Flash and Flex (the code-centric XML alternative to the visual/timeline-based Flash authoring tool) used completely different APIs...

about three weeks ago

Jimmy Wales To 'Holistic Healers': Prove Your Claims the Old-Fashioned Way

itsdapead Re:Too difficult to confirm (517 comments)

Even without a placebo effect, there are probably a few instances, statistically speaking, where scientifically, there are things going on that are beneficial to the 'patient'.

Sitting down with a cup of herbal tea and having a chat with a sympathetic person*, then lying down and listening to whalesong while someone gives you a massage is probably a lot better at reducing stress than a regular placebo... and while reducing stress won't cure anything serious it will probably at least have a palliative effect. If only doctors did all that and then, instead of getting out the Magic Healing Crystals, did Science on you, there probably wouldn't be such a demand for alternative medicine. Maybe hospitals should hire alternative therapists to get patients chilled out before and after treatments. I think thats the vacuum that alternative therapies fill. (* who, in the more respectable branches of alternative medicine, might actually know more about human physiology and diseases than, say, your mate at the pub, and might even give you some valid tips on lifestyle, diet etc.)

about three weeks ago

Jimmy Wales To 'Holistic Healers': Prove Your Claims the Old-Fashioned Way

itsdapead Re:The plural of 'anecdote' is not 'data' (517 comments)

An anecdote serves, at best, a rough start in forming a hypothesis. But an anecdote is utterly useless outside of that context.

My grandfather used anecdotal evidence every day, and he lived to be 95!

about three weeks ago

Flash Is Dead; Long Live OpenFL!

itsdapead Re:Native Targets? (166 comments)

Flash is no more native than HTML5. At this point it doesn't make sense to "place bets" on Flash at all, unless like the article author you've spent many years on Flash and are not interested in change.

Flash can create a 'native' PC or OS X app (OK, it consists of a standalone Flash player bundled with your flash App, but the practical upshot is the same unless some strange permutation of misconceptions has led you to expect 'bare metal' efficiency from something like Flash).

Flash was actually a great system if you wanted something to write relatively small, animated, resolution-independent applets that can be embedded on web pages and downloaded as pseudo-native PC/Mac apps (Java was obviously better at coping with substantial projects - but its been getting a bigger and bigger pain for non-techie end users to install). Of course, it got abused as a way to add gratuitous animation to websites, and its only merit as a video player was that it was less annoying than RealPlayer...

The real killer, though, is that it doesn't run on tablets... however, when it was briefly available on Android I tried some existing Flash stuff and it quickly turned out that Jobs was right - apart from the bloat and security nightmare, lots of existing Flash stuff just broke on a touch screen.

about a month ago

Apple Refuses To Unlock Bequeathed iPad

itsdapead Re:Why do they need to unlock it? (465 comments)

It's really one of those catch-22 situations - Apple can't contact the original owner to verify if that iPad really belongs to them and they're not just some criminal looking to change their $0 iPad into a $400 iPad on the stolen goods market. And they can't just take those documents because well, the family could come back again next week with another stolen iPad and do the same thing.

Nonsense. There's no need to make it literally impossible to unlock a stolen iPad (probably unattainable, and certainly liable to deprive legitimate owners of the use of their property) - you just need enough of a hurdle to make it unappealing to thieves. I'm sure that the value of a stolen iPad is much less than $400 - and equally that the value of a locked, stolen iPad is much more than $0 (just use a bit of sleight of hand to sell it to some mug and leg it - thieves don't generally do warranties).

A solicitor's letter (for US readers: Solicitor = Lawyer, and probably a notary public to boot) is easy to verify and should be more than sufficient to confirm the identity of the new and previous owner. No thief in their right mind is going to go through the risk and expense of obtaining a credible fake solicitor's letter for the value of a stolen iPad - and I'm sure that bent lawyers are even more expensive than real ones.

Requiring a legitimate owner to produce a court order is going to cost them more than the value of a legally acquired iPad.

about a month and a half ago


itsdapead hasn't submitted any stories.


itsdapead has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account