Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Apple and Samsung Already Working On A9 Processor

mcrbids Confuzzling! (114 comments)

So, the cheapest TV stick imaginable has a Cortex A9 processor, so reading about the A9 processor in development by Apple is something that doesn't inspire much in the way of excitement up front for me. But it looks like Apple's A5 is more / less the Cortex A9 with some tweaks, so now we literally have two similar products with the same name that are generations apart.

I know of their technical strength in the low-power scene, and the MIPS/Watt race, ARM still leads by a mile, but ARM could also really stand to have some standards for naming the variants in a semi-consistent way so that the merely technically proficient have a chance of keeping up. And, (dare I say it?) this is what trademarks are for and why they exist.

5 days ago

Waze Causing Anger Among LA Residents

mcrbids Re:Sympton of a bigger problem (594 comments)

Buses do nothing when they're stuck in the same traffic everyone else is.

I would take exception to this!

1) Time spent on a bus is time not spent concentrating on traffic. Relax, read a book, maybe do some work.

2) Every person on a bus is a car not on the road, and that results in sharply lighter traffic.

I honestly have no idea why buses aren't free. Putting a bit of economics behind the problem can make a dramatic difference, even eliminating traffic jams completely.

5 days ago

The Sony Pictures Hack Was Even Worse Than Everyone Thought

mcrbids Re:Good God! (528 comments)

Note the modifier "business data".... Not videos, not apple pie recipes sent by Aunt Bertha... If you are talking about strategically stored data and not user home folders, the signal/noise ratio is significantly better.

about two weeks ago

Ask Slashdot: Convincing My Company To Stop Using Passwords?

mcrbids Job security vs System security (247 comments)

I've found that there's a sweet spot to balancing system security and job security: recommend better practices than currently in place without becoming adamant about it.

If you get the attention of a caring boss, you'll get your implementations, so make sure it's really a good idea and will work well before recommending it. But, more importantly, if they decide not to do it, then you are basically off the hook for responsibility for *any* breaches that occur afterwards. "I recommended a two-factor authentication to prevent data breaches over two years ago, and every quarterly IT review ever since!"

What's odd for me as a developer is how many times I've talked to a tech guy who really "needs" us to add security feature X in our software, and we send over the information to turn it on after we write it, and they *still don't do it* even after they paid for the modification.

about two weeks ago

Ask Slashdot: Convincing My Company To Stop Using Passwords?

mcrbids Re:Every 30 days. (247 comments)

There are a few minor tweaks that significantly increase entropy will still not being hard to remember:

1) Don't capitalize the first letter in a word used in a passphrase. Instead, capitalize something in the middle.

2) When adding numbers, add somewhere in the middle of a word rather than between words.

3) If security is really important, spell one longish word backwards before apply 1 and 2.

4) Another trick I've used many times (as a touch typist) is to type words with your fingers slid over one key, left, right, or upleft/upright. Thus a simple, common word like "login" becomes ";phom", "kifub", "o9t8h", or "p0y9j" .

Use of these tricks add tremendous amounts of entropy to otherwise crappy passwords while still being very easy to remember.

about two weeks ago

The Sony Pictures Hack Was Even Worse Than Everyone Thought

mcrbids Good God! (528 comments)

Folks, this is 100 TERABYTES of data. At an organizational level, this could represent nearly all business data that makes Sony relevant as a company.

At my company, we have in the neighborhood of 50 million documents stored and, after compression, it still doesn't pass 10 TB of data.

about two weeks ago

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

mcrbids Re:Life Everywhere out there? (334 comments)

Planets can't be too close to other stars

This is most likely the biggest one. Being too close to more than one star means higher range of fluctuation.

As a point of reference, a significant number of solar systems are binary systems, making them subsequently less likely to support life.

6. Planet needs to have a core preferably iron to deflect electromagnetic radiation.

Or life exists in gas giants which have thick atmospheres, or beneath the crust.

Although it's tough to consider the possibility of structured life existing at 10,000 atmospheres and 2,000 degrees F, I would imagine it being possible. But, such a life form is *far* less likely to be reaching out into space than we would, as the problem of keeping a "livable environment" in a space ship is at least 10,000 times more difficult. Are there even solid elements at 2,000 degrees F and 10,000 atmospheres?

about two weeks ago

Windows 10 Adds Battery Saver Feature

mcrbids Re:triggering below percentage is dumb (96 comments)

Maybe I just avoid horrible "battery saver" apps but I've never seen any particular tendency to have them actually further drain the battery. What kind of horrible "battery apps" do you torture yourself with?

I'd like to re-emphasize the GP post: the rate of drain is what a battery app should be focusing on, not battery life remaining.

about two weeks ago

Kiva Systems Co-Founder: Drone Delivery Could Be As Low As 20 Cents Per Package

mcrbids Re:Still not legal, right? (92 comments)

The FAA is all about protecting the commercial use of the air.

It's so one-sided that pilots don't even have a consistent right to appeal punitive actions, and the rules around "non commercial" (private) flight are so ridiculous that merely sharing the cost of a ride in a small plane with a buddy can be considered a commercial flight, if your buddy does anything work related at all. It is truly just silly.

As soon as the drones have progressed technologically to the point where they are reasonably safe *and* profitable, the FAA would be all over that. Their biggest concern is making sure everybody knows that *they* regulate it.

about two weeks ago

Study: HIV Becoming Less Deadly, Less Infectious

mcrbids Re: Then again, maybe it _is_ good news. (172 comments)

Viruses mutate much faster than humans.

The truth of this statement really comes down to the definition of "mutate".

People don't exist in "bare form". We have a complex and growing plethora of decidedly human artifacts like clothing, houses, governments, and technology. Subsequently, people have evolved to respond very quickly and intelligently to a myriad of environmental threats, ranging from viruses and disease to climate change. That these responses are exobiological doesn't mitigate the fact that they function as evolution of the human collective presence.

I would argue that this collection of exobiological factors are as much a part of evolution for mankind as a purely biological evolution. By this definition, a quarantine is every bit as relevant as a new gene.

about three weeks ago

Alva Noe: Don't Worry About the Singularity, We Can't Even Copy an Amoeba

mcrbids Exponential growth (455 comments)

Assume for a second, that you have a pond. And a new type of algae has been introduced into the pond. Algae grows quickly, so let's assume a doubling time of a day. 24 hours. The concern is that this new algae is gross and smells bad and nobody wants to have a pond full of this disgusting algae. Unfortunately, treating the algae is expensive and nobody wants to treat the entire pond.

The question is: One week before the pond is entirely covered in algae, would enough have appeared that you would even notice? At a "gut instinct" level, we'd guess that perhaps a quarter or a third or at least a tenth of the pond would be covered in algae, but that gut level instinct would be completely wrong. Just 1.56% of the pond would be covered - right about the point where it becomes noticeable at all.

The point is this: information processing capabilities, globally, aren't just growing exponentially: the rate of growth is itself also growing exponentially. Just about exactly at the time where we notice actual, verifiable intelligence of any kind is just about exactly the time where we have to assume it's ubiquity.

Previous discussions talk about the number of cross connects and how far away we are from the mark without commenting that the Internet itself allows for an infinite number of cross connects - my laptop can connect directly to billions of resources immediately with an average 10-25ms delay. Now, it's very likely that what is meant by "cross connects" in the context of AI is substantially different than the "cross connect" capability that global networking enables, but it's equally true that people generally fail at understanding exponential growth. It's why 401ks are so universally underutilized, why credit cards are such big business, and why the concept of the "singularity" seems like such hocus pocus at the gut level.

about a month ago

Coding Bootcamps Presented As "College Alternative"

mcrbids Lovin' that smell of BIAS (226 comments)

See, anybody who has a CS degree will be motivated to HATE boot camp guys. Employers who want more (cheaper) labor will be motivated to LOVE any force that lets them hire more people at less cost.

As a self-taught programmer myself managing a 10+ year project that's highly profitable, you'll probably guess which side of that divide you'll tend to see me on.

about a month ago

Data Center Study Reveals Top 5 SMART Stats That Correlate To Drive Failures

mcrbids Re:The measurements in question: (142 comments)

Your later comments about ignoring RAID controller warnings for a *year* strike me as callous. But we all have our standards, and standards vary greatly from place to place as the needs the drive the standards also vary greatly. (financial institutions care much more about transactional correctness than reddit)

After months of testing, our organization has wholeheartedly adopted ZFS and have been finding that not only is it technically far superior to other storage technologies, it's significantly faster in many contexts, it's actually more stable than even EXT4 under continuous heavy read/write loads, and brings capabilities to the table that even expensive, hardware RAID controllers have a tough time matching. Best of all, since it actually runs off JBOD, the cost is somewhere between insignificant and irrelevant.

I was wondering if you had investigated ZFS at all, and if so, why you aren't using it?

about a month ago

Denmark Faces a Tricky Transition To 100 Percent Renewable Energy

mcrbids THIS problem solved long ago... (488 comments)

Large scale internal combustion engines are extremely efficient and can run on just about anything burnable: vegetable oil, powdered coal, agricultural dust, wood gas from trees, dried leaves, etc. Yes, you can literally run an engine on banana peels. The trick is to get the carburetor to get the balance right.

From the perspective of a generator for a hospital, it would be relatively straightforward to design a generator running an engine like this with whatever renewable fuel is most convenient and readily available locally. Large scale wood gas installations typically work with fuel pre-processed into pellets.

about a month ago

The Students Who Feel They Have the Right To Cheat

mcrbids Re:Ok... just turned two score, but... (438 comments)

You make it sound like it was paradise in the 80s. It had it's suckiness, just like we do today.

1) There was constant threats of terrorism in the media in the 80s. Take a look at the "Libyans" in "Back to the Future".

2) Helicopter parents were definitely a thing in the 80s.

3) There were plenty of poor example adults in the 80s.

4) I'll 100% grant that entry level jobs are *much* harder to find now.

5) NSA and FBI watched us in the 80s. Ma Bell logged every call ever made. What was that you were saying on the CB Radio, back when the FCC actually gave a damn?

6) Granted Massive student debt, partially offset by the relative ease of getting into school. Yes, debt is a problem, especially when you pick a lame degree. It was always a problem, more so now.

7) There was no "online", so no posting stupid stuff online, and no online bullying. Bullying back then wasn't some insult posted in a chat root, it was a broken jaw. I remember well facing my bully with a stick in my hand, and being knocked flat repeatedly by a kid with 30 pounds on me, while I cursed defiantly and got up to face him again.

8) Education system was "declining" then too.

9) I'd argue that the cold war and the constant threat of total, global annihilation far outweighs a few school shootings. Or did you forget that little detail?

about a month ago

President Obama Backs Regulation of Broadband As a Utility

mcrbids Re:They ARE a utility. (706 comments)

The only reason he airline industry is not a natural monopoly is because of the massive public infrastructure provided by the US Government FAA in public use airports and related flight control infrastructure. In every meaningful sense, an airport solves the "last mile problem" for airplanes. Why wouldn't we expect a similar investment in the "last mile problem" for Internet Service?

SouthWest doesn't own the Oakland Airport; they merely lease a terminal. Can you imagine what would have happened if Delta had owned the airports too?

about a month ago

Ask Slashdot: How Useful Are DMARC and DKIM?

mcrbids Re:Here we go again (139 comments)

I've seen this lame list for 10 years, pretty much trolling bait. But based on this, I wonder if you even know how DKIM works?

(X ) It will stop spam for two weeks and then we'll be stuck with it

Pretty touch to crack legitimate encryption.

(X ) Requires immediate total cooperation from everybody at once

Not at all. You can use it, or not. If you don't use it, you essentially give permission for black hats to spoof your identity. Also, if you are an admin, you can choose what you do with DKIM.

(X ) Many email users cannot afford to lose business or alienate potential employers

How is being able to protect your account from being spoofed going to affect business?

(X ) Lack of centrally controlling authority for email

Why would you need one? DKIM is done via DNS and is under the control of the record holder.

(X) Asshats
(X ) Huge existing software investment in SMTP
(X ) Armies of worm riddled broadband-connected Windows boxes
(X ) Eternal arms race involved in all filtering approaches

Do you actually know how DKIM works? Each of these points are either effectively made better with DKIM or are irrelevant.

(X ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical

Care to name one?

(X ) Whitelists suck
(X ) Countermeasures should not involve sabotage of public networks
(X ) Why should we have to trust you and your servers?
(X ) Killing them that way is not slow and painful enough

How is DKIM a whitelist? You really have no idea how this works, do you? Did you just fill in some boxes at random?

I'll address a single point on here, to show how DKIM works rather well even in the worst of the points:

(X ) Mailing lists and other legitimate email uses would be affected

One of the products my company provides for schools is a "mailing list reflector" that in practice works very much like your average mailing list. In order to ensure delivery, all outbound email is signed with DKIM, even though we're really just forwarding the original message to the mailing list recipients.

How is this done? Well, we use a dummy address for the "From" field like "originaluser@gmail.com " and then set the reply-to field to match the original sender. Thus, DKIM passes as we provide keys for mycompany.com, the user is "From" mycompany.com, and the end user is able to reply to get a message back to the sender without involving our mail server at all.

It's a compromise, but it works well and we've had virtually no complaints.

about a month and a half ago

Boo! The House Majority PAC Is Watching You

mcrbids Re:Here's why (468 comments)

Voters worry about irrelevant issues like abortion, gay marriage, inequality, and racism, while not worrying enough about the stuff that matters, like banking regulation, tax policy, nepotism, and crony capitalism.

And, in my opinion, that's largely because of the Centrally Controlled Media in the United States. And if you think "Main Stream Media" doesn't include Faux[sp?] News, you're also a victim of this control.

about a month and a half ago

Vulnerabilities Found (and Sought) In More Command-Line Tools

mcrbids For all the idiots (87 comments)

... to the masses of sarcastic "I though Open Source was more secure!" crowd: in an Open Source forum, when vulnerabilities are found, they are patched. Since it's a public forum, the vulnerabilities are disclosed, and patches / updates made available. The poor, sorry state of the first cut gets rapidly and openly improved.

With closed source, the vulnerabilities merely stay hidden and undisclosed, and you have no ability to know about it, or fix it yourself. the poor, sorry state of the first cut never improves. Yes, there are some cultures that take security seriously. You have no way of knowing.

This, right here, is what "more secure" looks like: public notification of the vulnerabilities and patches to distribute.

about 1 month ago



Comcast blocking DNS for BitTorrent users?

mcrbids mcrbids writes  |  more than 2 years ago

mcrbids (148650) writes "It appears that Comcast is killing BitTorrent use by blocking DNS to BitTorrent users.

For the past week, I've been having issues with my Comcast cable where everything "works fine" except DNS. Even setting up my own caching name server did not work since UDP port 53 was a black hole as far as the public Internet was visible to me. Resetting the modem/router fixed it, only to have the problem reoccur anywhere from a few hours to a day later.

Last Friday I noticed BitTorrent running on my Mac, sharing only a CentOS ISO image, and killed it. I haven't had a problem since. Can anybody corroborate this apparently new tactic being used by Comcast to censor BitTorrent use?"

Apache webserver vulnerable to "slow get", too

mcrbids mcrbids writes  |  about 4 years ago

mcrbids (148650) writes "About a month ago, a story broke that http (apache, IIS and everything else out there) was susceptible to a "slow post", where a malicious client starts a connection to a web server, sends headers indicating a very large upload via POST, and then sends that upload very slowly, starving resources and eventually causing a DDOS.

Well today, doing some research to see how effective this attack was (hint: VERY EFFECTIVE) I tried the same thing using http GET as well, and saw very similar results. With a simple, 20-line PHP script run from my laptop, I was able to take a fairly beefy internal webserver (8 core, 12 GB RAM, CentOS 5) offline in just under a minute, and keep it that way for as long as I wanted to. The technique was simple: send "GET /" and then append letters, 1 or 2 every second or so. After several hundred simultaneous connections were achieved, the web server was no longer responsive. I don't have an IIS server to test against, and don't feel like using any "unwitting volunteers".

It doesn't take a large botnet to take most hosts offline. It takes only a single, relatively low-powered laptop and a 20-line script hacked up in PHP 5.Given that the "slow post" attack is already well known, it's only a matter of time before a black hat discovers that even disabling form post won't protect anybody, either!"

Disable Advertising? No way!

mcrbids mcrbids writes  |  more than 4 years ago

mcrbids (148650) writes "Dear Slashdot,

This is the only way I can think of to actually send a communication to you. I noticed tonight a checkbutton labelled: "As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising."

Well, I'm not going to check it. I've spent years writing my often +modded posts, and have enjoyed doing it! Your adveritising is subtle enough to not detract needlessly from the experience, you get a few pennies from my daily views, and I have purchased more than one item due to an ad posted on Slashdot. It's a win/win/win situation, and I will not be checking the button, nor do I steal content from websites by using products like Adblock. If a website has ads posted intrusively, then I avoid that site, rather than legitimize a website that is offensive in nature by giving it the benefit of my eyeballs.

Thank you Slashdot, for maintaining a high quality, highly relevant site for over 10 years now! I've not paid a thin dime for any of your content, and I have spent countless hours pontificating finer points; you have more than deserved whatever revenue you get from your classy, unobtrusive ad impressions!"

Root hole found in Linux

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids (148650) writes "Looks like a pretty serious hole has been found in Linux — affecting 32 and 64 bit versions of Linux with and without SELinux using a creative way to exploit null pointer references. You can check it out yourself. As of this writing, there are no patches available for this, making it a potential zero-day exploit."

Rockstar squelches connection to Michael Savage

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids writes "While poking around online I found this article which details an an easily verified connection between Rockstar Energy Drinks and Michael Savage the "shock jock" commonly found on ultra-conservative talk radio. Michael Savage has been banned from entering the United Kingdom due to the hateful nature of his monologues. Strangely, he broadcasts from the highly liberal San Fransisco on KNEW AM Rockstar has responded with the standard C&D route with lawyers, et al. Is this going to be another example of a company who hasn't discovered the Streisand Effect or is there legitimately no connection between Michael Savage and Rockstar Energy drinks, even if they are at the same address and share the same CFO? (Michael's wife, Rockstar CEO's mother)"

Best javascript framework?

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids (148650) writes "For the past 6 years or so, we've been heavily developing a proprietary, custom vertical application based on Linux, Apache, PHP, and PostgreSQL in a home-rolled PHP framework based loosely on Horde. We've been quite successful in the marketplace with our relatively classic technology based on HTML 3.x.

After investing heavily in fully redundant server clustering over the past year or so, we're finding that we'd like to improve our look and feel, improve response time, etc. and the natural way to do this is by incorporating javascript/ajax into our product. We've already begun some using ajax(y) in a few areas where very large tasks need to be coordinated over a long period of time — EG: longer than a typical browser timeout.

But we don't want to re-invent the wheel. There is a bewildering array of javascript frameworks, and with any framework, there's the risk of getting stuck trying to do something not anticipated by the framework developers.

So, which is the best, and why? Which should be avoided? Here are some of the frameworks I've seen so far:

Dojo, Ext JS, Fleejix.js, jQuery, Mochikit, Modello, Mootools, Prototype, Qooxdoo, Rico, and Scriptio. So far, in my research, jQuery and/or Prototype seem to be front runners, Dojo perhaps a close second.

I'd be most interested in the opinions of people who have switched from one to the other, and why?"

Turbo-charging logging?

mcrbids mcrbids writes  |  more than 6 years ago

mcrbids (148650) writes "I'm revamping our web-based application and am currently reviewing options as far as logging, particularly with redundant, clustered hosting solutions. I've run into a few problems that it seems no amount of online searching seems to have found.

My first concern is about scalability — our application writes directly to local log files. Unfortunately, many of the log entries are quite large and so cannot be piped over syslogd. Other options are much heavier, come with significant administration overhead, or bottlenecks. Is there a syslogd replacement that will allow for very large (tens of KB or larger) log entries?

My next question is about logfile integrity. A perfect log file is write-only, never rewrite. A one-way street, data goes in, gets saved, and never gets deleted. But any log file is essentially just a file, and a single # echo "" > /path/to/log will kill the log file dead. Yes, you can log remotely, but this increases complexity and therefore the chances of failure. Also, what if your remote log server is also compromised? I've been considering the use of a CD-R, especially the ability to recover from a buffer underrun during a write sequence. I've simulated a few, tying up the HDD with I/O while burning a CD-ROM. It under-ran, renegotiated, then resumed writing without incident. Why not use this capability, leave the drive in a sort of permanent under-run, and renegotiate for log entries? Wouldn't doing so create a file that could not effectively be erased, even if the host was compromised?"


Slashdot Login

Need an Account?

Forgot your password?