Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Predictive Modeling To Increase Responsivity of Streamed Games

mcrbids Re:bad name (119 comments)

FYI: The larger Geo Metro 1.3 liter engine produced 70 HP. Cars in the 3,000 lb range fit in the "mid sized sedan" range which typically have 150-225 horsepower.

Yes, it was under powered, but it was not a "Geo Metro".

2 days ago

Tor Browser Security Under Scrutiny

mcrbids Re:Why not work with Mozilla (80 comments)

My questions are thus... why not move to a model where the entire OS is forced through the tor proxy, This could be done with the use of a dummy network adapter and disabling the current adapter while tor is in use. Yes it would likely break certain OS features during that time, but there it is.

This is a bit like plugging a power strip into itself. It might seem self evident why that should work, but alas, it does not. /s

How do you think TOR communicates with the Internet at large, if not using the OS network stack? And if you coopt that stack, how, pray tell, do you expect TOR to be able to communicate with the TOR nodes?

about a week ago

Netflix CEO On Net Neutrality: Large ISPs Are the Problem

mcrbids Re:Big Data (181 comments)

Their own CDN site talks about putting Netflix gear out for free. So they are basically saying they want the free ride. No one gets rack space, power, and connections for free.

I know a guy who is a network engineer at a regional ISP. They are ecstatic about hosting Netflix gear "for free" because of all the money they save! Despite the consensus here, bandwidth isn't free, it's a huge expense. And their largest use case is Netflix. By hosting the Netflix servers at the data center, they cut their network traffic by something like half.

It's a pretty big deal for them.

about a week ago

Ballmer Leaves Microsoft Board

mcrbids Re:Microsoft is a spent force (142 comments)

Revenue for a company on the way out frequently looks really rosy right up to the last bit. Take a look at Nokia which was making massive profits by not investing in smart phones. They had massive market share in "feature phones" that overwhelmingly outsold smart phones. That is, until they became so passe that even the kids didn't want one. Now the pieces are being sold off to... wait!

You know, I didn't even mean to pick Nokia because of its relationship with Microsoft, but it just occurred to me... Whelp!

about two weeks ago

Munich Reverses Course, May Ditch Linux For Microsoft

mcrbids Re:Surprise? (578 comments)

Not all Linux fans. I'm a Linux fan. I recognize that it's not suitable for non-techie users. There is literally no focus on end user development - that's what I like about it!

It's sysadmin / developer oriented and I hope that never changes.

about two weeks ago

Is Storage Necessary For Renewable Energy?

mcrbids We already solved this one! (442 comments)

We solved this problem once before - with fossil fuels. The answer is simply to have more capacity on hand than demand. We can do the exact same thing with alternative energy.

The difference is only that alternative energy doesn't have an "off" button, so we simply have to assume that, given a source of alternative energy, EG: a windmill, that we won't necessarily use all of its capacity. If we built gobs and gobs of windmills and solar panels, and installed them in such a way that not all their potential output is used all the time, we have a stable power grid.

The only difference is that the "off" button has to work differently. EG: a solar panel installation could dump unused power to a heating element or something. If power companies were smart enough to "get out in front" of this problem, they'd switch to the business of transporting power, which includes managing demand.

Unfortunately, power companies are run by myopic trolls, so I'm not expecting this business transition to go smoothly.

about two weeks ago

Groundwork Laid For Superfast Broadband Over Copper

mcrbids Re:distance, please (93 comments)

As Dane has said before, if you're going to the neighborhood you might as well go to the home. The cost difference is minimal


While FTTN entails a fiber optic cable passed around public easements, coming to the home means setting up appointments for each home within the neighborhood. If it takes only 3x as much to do the houses too, I'd be surprised.

While the equipment involved might still be expensive, the cost of the personnel to install them is nothing to be trifled with.

about two weeks ago

Microsoft Surface Drowning?

mcrbids Re: It's a still a nice PC. (337 comments)

I *had* a tablet - a 7" Acer Android - that I loved and used daily until I upgraded my phone to a RAZR Maxx HD. I had an Android phone before but the screen was small and/or low resolution enough that I preferred the bright, sharp 7" tablet. The new phone, however, is big/bright/sharp/fast enough that I lost interest in the tablet, which I still have but haven't picked up ever since.

And the battery life on this thing is just incredible. I will never again buy a phone that doesn't have incredible battery life - after having a decent screen, it's the next most important thing in a phone!

about two weeks ago

Cornering the Market On Zero-Day Exploits

mcrbids Proven to not be trustworthy (118 comments)

We have a well-funded government agency, tasked with securing its country, actively sabotaging the security frameworks of the nation it has been tasked with protecting, in the name of "security". Never mind that any back door left open to the NSA is also left open to other parties. (EG: China) And now we're supposed to *trust* this agency with even more unfettered access to 0-day exploits?

If the NSA was really about securing the United States, it would be auditing commercial security products to ensure the *lack* of back doors, not ensuring the presence of them!

about three weeks ago

Paint Dust Covers the Upper Layer of the World's Oceans

mcrbids Balancing skepticism (141 comments)

It's important not to accept any input as pure fact on its face. It's equally important to accept facts that are verified, even if inconvenient. Far too often, "healthy skepticism" is another way to say "inconvenient so LA LA LA LA LA (fingers in ears)".

Fact is that micro pollutants are just now entering the threshold of human understanding - and it's a bigger problem than just about anybody guessed.

about three weeks ago

Expensive Hotels Really Do Have Faster Wi-Fi

mcrbids Re:How much is due to Congestion (72 comments)

I've seen no such correlation.

I recently stayed at a "fancy" hotel in Reno, NV that charged $5 for the Wifi, only to get dreadfully slow speeds. I also recently stayed at a "Best Value Inn" or something like that near Moreno Valley and despite the clearly packed night and free Wifi, speeds were excellent.

Care to guess where I'll prefer when I'm back in either area?

about three weeks ago

Parallax Completes Open Hardware Vision With Open Source CPU

mcrbids Performance? (136 comments)

I wonder how this CPU performs? Does it compare to anything I'd care about, or is it more akin to something I'd build a wifi router out of?

about three weeks ago

Skype Blocks Customers Using OS-X 10.5.x and Earlier

mcrbids I see this rant from time to time... (267 comments)

... and it's pretty pointless. No bugs? You are certainly joking, or at the very least, clueless.

There are *always* bugs and always will be. So what? Many bugs just aren't worth fixing, and are even debatable as a bug. Bugs come in all forms:

A) The software doesn't do what it is specifically designed to do. (obvious, must fix)

B) The software does exactly what it's supposed to do in an insecure way that can be exploited in some fashion. (probably should fix, unless the "insecure" way is part of the assumed envelope of use. For example, the common practice of using an SSL reverse proxy got Google in trouble with the NSA yet using a reverse proxy isn't itself generally considered a "bug".

C) The software does what it's designed to do, but not in a way that the user expects. (Is this a bug? Or PEBCAK?)

D) The software does what it's supposed to but not when an unexpected environment is encountered. (Example: this product is incompatible with A/V $FOO)

E) The software interacts with other software in an unexpected way.

F) The software lacks a feature that some customers would find useful.

G) The software implements a feature in an unattractive or cumbersome way. ... and so on.

A PENCIL has bugs! Yes, a pencil. The lead breaks easily. The eraser doesn't remove *all* the marking when you use it. It requires a sharpener. You can't sign a contract with a pencil. They are horrible for lefties who end up with a dark stripe on the side of the their hand. The paint can sometimes discolor your finger. And on and on and on...

These are all "bugs" yet the design of a pencil hasn't been updated to fix them. There are few things as simple as a !@#$% pencil yet these obvious bugs have *never* been fixed. Oh sure, some have. There have been erasable pens. There are mechanical pencils. Pens can perform some of the duties of a pencil.

So if a bug-free pencil hasn't yet been made, how in the name of anything holy do you expect something millions of times more complex to be "bug free"?

about three weeks ago

Google Will Give a Search Edge To Websites That Use Encryption

mcrbids It's about time! (148 comments)

Expensive advertising campaigns engender trust because it shows that the advertiser has the resources to carry out the campaign. It's why online ads are so commonly ignored - people want to do business with "reputable" companies and expensive advertising is a way of establishing repute.

Similarly, putting out the modicum of effort to perform basic security like SSL is a signal that the website is reputable. I mean, if you can't be bothered to buy a $50 SSL certificate and install it, are you *really* trustworthy?

SSL should be a basic signal of trustworthiness.

about three weeks ago

Ask Slashdot: Datacenter HDD Wipe Policy?

mcrbids Re: Physical destruction (116 comments)

Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.

about three weeks ago

HP Gives OpenVMS New Life and Path To X86 Port

mcrbids Re:Not in visable uses... (136 comments)

The most bad-ass server I've ever had the pleasure of working with was a Digital VAX 11/750 generations ago. It was *built* to be reliable from the very first rivet.

Oh sure, my pocket phone has far more power, memory, and storage. Despite the ample square footage of my "McMansion" house, It would not have fit in my kitchen. It ate power like global warming really was a myth. But as a server, it was in its own class.

It would automatically detect memory that was failing and rebuild from memory (like ECC) but then would remap that address so it would no longer be used.

You could upgrade its CPUs one at a time without shutting it down.

It was like a hoover with data, versioning files was intrinsic to how the O/S worked.

One time, the A/C in the computer room went out. It mapped *everything* in RAM to disk as the temperature rose and the chips became unreliable. We literally pulled the plug on it because it was completely unresponsive, as all operations were working directly off HDD. When the A/C was fixed and it was powered up late that night, it spooled all of RAM out of the HDD swap, and everybody's workstation resumed exactly where they had left off that afternoon - we couldn't find any data loss at all.

I will forever bow in deference to the greatest server I have ever had the pleasure of working on. How HP managed to acquire such a legacy and turn its back... part of me cries inside.

about a month ago



Comcast blocking DNS for BitTorrent users?

mcrbids mcrbids writes  |  about 2 years ago

mcrbids (148650) writes "It appears that Comcast is killing BitTorrent use by blocking DNS to BitTorrent users.

For the past week, I've been having issues with my Comcast cable where everything "works fine" except DNS. Even setting up my own caching name server did not work since UDP port 53 was a black hole as far as the public Internet was visible to me. Resetting the modem/router fixed it, only to have the problem reoccur anywhere from a few hours to a day later.

Last Friday I noticed BitTorrent running on my Mac, sharing only a CentOS ISO image, and killed it. I haven't had a problem since. Can anybody corroborate this apparently new tactic being used by Comcast to censor BitTorrent use?"

Apache webserver vulnerable to "slow get", too

mcrbids mcrbids writes  |  more than 3 years ago

mcrbids (148650) writes "About a month ago, a story broke that http (apache, IIS and everything else out there) was susceptible to a "slow post", where a malicious client starts a connection to a web server, sends headers indicating a very large upload via POST, and then sends that upload very slowly, starving resources and eventually causing a DDOS.

Well today, doing some research to see how effective this attack was (hint: VERY EFFECTIVE) I tried the same thing using http GET as well, and saw very similar results. With a simple, 20-line PHP script run from my laptop, I was able to take a fairly beefy internal webserver (8 core, 12 GB RAM, CentOS 5) offline in just under a minute, and keep it that way for as long as I wanted to. The technique was simple: send "GET /" and then append letters, 1 or 2 every second or so. After several hundred simultaneous connections were achieved, the web server was no longer responsive. I don't have an IIS server to test against, and don't feel like using any "unwitting volunteers".

It doesn't take a large botnet to take most hosts offline. It takes only a single, relatively low-powered laptop and a 20-line script hacked up in PHP 5.Given that the "slow post" attack is already well known, it's only a matter of time before a black hat discovers that even disabling form post won't protect anybody, either!"

Disable Advertising? No way!

mcrbids mcrbids writes  |  more than 4 years ago

mcrbids (148650) writes "Dear Slashdot,

This is the only way I can think of to actually send a communication to you. I noticed tonight a checkbutton labelled: "As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising."

Well, I'm not going to check it. I've spent years writing my often +modded posts, and have enjoyed doing it! Your adveritising is subtle enough to not detract needlessly from the experience, you get a few pennies from my daily views, and I have purchased more than one item due to an ad posted on Slashdot. It's a win/win/win situation, and I will not be checking the button, nor do I steal content from websites by using products like Adblock. If a website has ads posted intrusively, then I avoid that site, rather than legitimize a website that is offensive in nature by giving it the benefit of my eyeballs.

Thank you Slashdot, for maintaining a high quality, highly relevant site for over 10 years now! I've not paid a thin dime for any of your content, and I have spent countless hours pontificating finer points; you have more than deserved whatever revenue you get from your classy, unobtrusive ad impressions!"

Root hole found in Linux

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids (148650) writes "Looks like a pretty serious hole has been found in Linux — affecting 32 and 64 bit versions of Linux with and without SELinux using a creative way to exploit null pointer references. You can check it out yourself. As of this writing, there are no patches available for this, making it a potential zero-day exploit."

Rockstar squelches connection to Michael Savage

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids writes "While poking around online I found this article which details an an easily verified connection between Rockstar Energy Drinks and Michael Savage the "shock jock" commonly found on ultra-conservative talk radio. Michael Savage has been banned from entering the United Kingdom due to the hateful nature of his monologues. Strangely, he broadcasts from the highly liberal San Fransisco on KNEW AM Rockstar has responded with the standard C&D route with lawyers, et al. Is this going to be another example of a company who hasn't discovered the Streisand Effect or is there legitimately no connection between Michael Savage and Rockstar Energy drinks, even if they are at the same address and share the same CFO? (Michael's wife, Rockstar CEO's mother)"

Best javascript framework?

mcrbids mcrbids writes  |  more than 5 years ago

mcrbids (148650) writes "For the past 6 years or so, we've been heavily developing a proprietary, custom vertical application based on Linux, Apache, PHP, and PostgreSQL in a home-rolled PHP framework based loosely on Horde. We've been quite successful in the marketplace with our relatively classic technology based on HTML 3.x.

After investing heavily in fully redundant server clustering over the past year or so, we're finding that we'd like to improve our look and feel, improve response time, etc. and the natural way to do this is by incorporating javascript/ajax into our product. We've already begun some using ajax(y) in a few areas where very large tasks need to be coordinated over a long period of time — EG: longer than a typical browser timeout.

But we don't want to re-invent the wheel. There is a bewildering array of javascript frameworks, and with any framework, there's the risk of getting stuck trying to do something not anticipated by the framework developers.

So, which is the best, and why? Which should be avoided? Here are some of the frameworks I've seen so far:

Dojo, Ext JS, Fleejix.js, jQuery, Mochikit, Modello, Mootools, Prototype, Qooxdoo, Rico, and Scriptio. So far, in my research, jQuery and/or Prototype seem to be front runners, Dojo perhaps a close second.

I'd be most interested in the opinions of people who have switched from one to the other, and why?"

Turbo-charging logging?

mcrbids mcrbids writes  |  about 6 years ago

mcrbids (148650) writes "I'm revamping our web-based application and am currently reviewing options as far as logging, particularly with redundant, clustered hosting solutions. I've run into a few problems that it seems no amount of online searching seems to have found.

My first concern is about scalability — our application writes directly to local log files. Unfortunately, many of the log entries are quite large and so cannot be piped over syslogd. Other options are much heavier, come with significant administration overhead, or bottlenecks. Is there a syslogd replacement that will allow for very large (tens of KB or larger) log entries?

My next question is about logfile integrity. A perfect log file is write-only, never rewrite. A one-way street, data goes in, gets saved, and never gets deleted. But any log file is essentially just a file, and a single # echo "" > /path/to/log will kill the log file dead. Yes, you can log remotely, but this increases complexity and therefore the chances of failure. Also, what if your remote log server is also compromised? I've been considering the use of a CD-R, especially the ability to recover from a buffer underrun during a write sequence. I've simulated a few, tying up the HDD with I/O while burning a CD-ROM. It under-ran, renegotiated, then resumed writing without incident. Why not use this capability, leave the drive in a sort of permanent under-run, and renegotiate for log entries? Wouldn't doing so create a file that could not effectively be erased, even if the host was compromised?"


Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>