Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Apple Pushes First Automated OS X Security Update

psydeshow OS X Server? Nope (115 comments)

Is my MacBook really running an ntp daemon? Huh, yes it is:

$ ps ax | grep ntp
32950 ?? Ss 0:00.26 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift

How about that. When I first read this, I kinda figured it only applied to OS X server, and that on a normal Mac there would just be a periodic script that updates the clock via ntpdate. But it makes sense to have a daemon running, clock has to be accurate on wake to access network shares and the like.

about a month ago

Hundreds of Thousands Turn Out For People's Climate March In New York City

psydeshow I marched (200 comments)

I marched. I took the subway to get there, not a private jet. I know exactly what I was protesting. I didn't see any celebrities, just a lot of people.

I also left early, and had the eerie experience of walking two blocks to Broadway, where life was going on as normal. There was no indication that less than half a mile away there were hundreds of thousands of protestors. It was amazing.

about 4 months ago

Unintended Consequences For Traffic Safety Feature

psydeshow Re:LOL No shit!! (579 comments)

Easy fix for this. Just make sure that as soon as the light turns red, big steel spikes come up from under the road to stop or pierce any car that might try to outwit the system. Oh, and on both sides of the street to ensure that real high-speed idiots will be caught on the other end.

There was a big increase in physical barrier installations around govt. buildings after 9/11, so the technology has had a lot of time to mature.

It's probably not a bad idea for problematic intersections, although you'd also have to have tow trucks on standby to clear the daily wreckage, and pedestrians would still get hit with flying parts or when cars jump the sidewalk to avoid impact with the barrier, or dash through the emergency vehicle gap that would need to be included.

Would be a LOT of fun to watch, until someone's kid died as collateral damage.

about 7 months ago

OpenStack: the Open Source Cloud That Vendors Love and Users Are Ignoring

psydeshow Re:it boggles the mind... (99 comments)

...that right now, in the midst of the NSA security nightmare and all the angst and FUD it's causing, that people are wondering why individuals are not deciding to throw their often-sensitive data into the cloud.

how could anyone think their data will be or stay safe, given the various threats that we hear about on almost a daily basis?

timing is everything (besides location of course...and sex appeal...and everything else) in life, and right now is not the time for cloud computing.

And you think, based on the revelations you've read, that your often-sensitive data is safer in a closet in your office? It's still accessible over the internet, and your CEO still logs in from any old airport wi-fi or coffee shop using his malware-riddled DELL.

I don't worry about Amazon, China, or the NSA sifting through my databases at night, because given the state of the State I don't think we can do much to stop them. I DO worry about power failures, water pipe bursts, exploding UPS batteries, dust, and clumsy janitors causing me to have to roll out of bed at 3am to go take care of an incident. If EC2 goes down, I send an email that says "EC2 is down, Amazon is working on it." and go back to bed.

At least with Amazon, you know you're being hacked by pros.

about 8 months ago

Silicon Valley To Get a Cellular Network Just For Things

psydeshow Municipal need is far greater than residential (42 comments)

Think for a moment about all the things that any medium to large city needs to keep track of. Lights. Traffic signals. Parking meters. Fire hydrants. Garbage trucks. Water flows, valves, drains. Sewerage flows. Air quality sensors. Weather sensors. Burglar alarms.

It seems odd to pitch this for household use, when most of the use cases you can imagine are somehow privacy invasive or creepy.

But a network like this could provide an amazing amount of transparency and insight into the web of things that is owned by the public.

about 8 months ago

Security Industry Incapable of Finding Firmware Attackers

psydeshow Re:Least interest (94 comments)

and internet banking becomes a memory.

That depends. No level of compromising your (general purpose) computer should be able to defeat the security of your manually operated hardware token/calculator.

Attacker has control of my computer. I read a number off my MFA device and input it into the bank's form along with my username and password.

Now attacker has a banking session they can do whatever they want with. How has having a hardware token prevented them from attacking me?

about 10 months ago

How Do You Backup 20TB of Data?

psydeshow Re: Crashplan (983 comments)

I'm really surprised CrashPlan hasn't added a premium feature (like Amazon S3 has) where you can ship them a hard drive for import or export into their storage cloud.

I mean, never mind the upload speed. If you have 1TB of data in CrashPlan and your home or office burns down, it's going to take you several days to get all of it downloaded again. They should just be able to FexEx you a drive for a $50-$100 fee.

about a year ago

Eric Schmidt, Jared Cohen Say Google Data Now Protected From Gov't Spying

psydeshow The human factor (155 comments)

I believe that Google has probably fixed most of the technical issues that allowed NSA (and presumably others) to eavesdrop on data in their systems.

But a company with the size and scope of Google must be *riddled* with agents of various national intelligence services, not to mention corporate spies. Think about how many engineers they have hired and acquired in the last ten years. They are a big, juicy target for espionage. As is Amazon, Microsoft, Dropbox, and any other global-scale cloud provider with thousands of corporate, education, and government accounts.

Systems can be made resistant to attack from without, but can they also be made resistant to attack from within? Not likely. How many people on Google's payroll are also on someone else's?

about a year ago

Eric Schmidt, Jared Cohen Say Google Data Now Protected From Gov't Spying

psydeshow Re:Yeah right (155 comments)

Seriously is there anyone that would actually believe such a statement?

I do, but as a Google engineer involved in security and privacy infrastructure I'm in a position with much greater than normal visibility into exactly what is done and how.

And can you likewise assure yourself that even if one or more of your colleagues is an undercover government agent, then the statement is still true?

about a year ago

Interview: Ask Richard Stallman What You Will

psydeshow Re:Source Code vs Binary vs Service - Transparency (480 comments)

Thank you for your polite comment, but no I'm not looking for UEFI secure boot -- or at least, not JUST that.

With UEFI secure boot, the OS loader is signed, and that's a great start. But not necessarily the kernel, or OS drivers, or any other software.

So let's rephrase the questions: do you know of any Free Software toolchains that would allow developers to sign whole server OS configurations, and also make the signature and verification process transparent to end users of the server?

about a year ago

Interview: Ask Richard Stallman What You Will

psydeshow Source Code vs Binary vs Service - Transparency? (480 comments)

I write Free Software (GPLv3), and also open source software (Apache license) that implements various web services.

The servers where I deploy the software run vanilla Debian with no non-free packages. As a responsible developer and web host, I make all of the source code available to my customers and others.

The question is, how can my customers know that the code on my servers was actually built from the source code that I publish? Short of telling them to build it themselves on their own server, is there any way to guarantee that when they log into one of my web applications, they are using the same code that I have published?

I was intrigued on using a Chomebook for the first time that Google had managed to do something like this -- it wouldn't boot unless the kernel (and presumably all other software) was signed by Google. Do you know of any toolchains that would allow us to apply this to servers, and also make the signature and verification process transparent to end users of a service? Otherwise, how can we possibly trust any online service provider?

about a year ago

Interview: Ask Richard Stallman What You Will

psydeshow Free Firmware Movement (480 comments)

It has become increasingly difficult to purchase any general computing hardware that does not rely on proprietary software. Even if one installs a Free OS with 100% Free drivers, there is likely to be proprietary firmware all over the place: keyboard controller, network card, usb controller, video card, etc. -- that the OS doesn't have control over and the end user doesn't know about. To the best of my knowledge, there is no easy way to discover, verify, and manage these firmwares over time. And yet, there they are, just waiting to be exploited.

Do you know anyone who is working on this problem? How can we trust our computers when we have no idea what is lurking under the hood? Why isn't there a GNU Firmware tool that can ferret these things out and at least checksum them so that we can know if they've been tampered with, and/or replace them with Free editions?

about a year ago

Peanut Allergy Treatment Trial In UK "A Success"

psydeshow Re:Sorry (192 comments)

The actual "disease" here is affluenza, or perhaps it's anxiety that overprotective mothers project onto their children. I grew up in a small town, had pets, played in the dirt every day. Nut allergies were unheard of. It's also very interesting that farmers and dirt poor people in 3d world countries don't get these allergies.

I'm not saying you're wrong; I'm sure environment plays a part. But have you considered that one of the reasons why these things were "unheard of" until recently is that advances in communications have made it much easier for news of rarities to be widely disseminated?

The same kind of argument applies to cases of botulism from home canning. Prior to the 20th Century, if someone died from botulism due to home canning, it happened on a farm in the middle of nowhere and didn't have much effect outside of a family and some neighbors. It just wasn't on the radar unless you personally knew people who died that way. Even a doctor might only see a case once every 10 years, so it's not a big deal, right? Plenty of other things to worry about.

But when health records started being compiled for millions of people, it stood out as a problem. The government started programs to educate farmers and gardeners about proper canning methods. It wasn't that suddenly all the home canners got lazy, it was that information networks brought a relatively rare but deadly issue to light, and so we did something about it.

And look, there ARE more cases of allergies in cities. There's millions more people in cities than not, after all.

about a year ago

Peanut Allergy Treatment Trial In UK "A Success"

psydeshow Re:Standard practice... (192 comments)

However I could see a lot of parents trying this, to a disastrous effect, because it could be the kid who has extremely small tolerance, will get too much and hurt themselves. or increasing the dosage goes too fast for the child.

Do you know many parents? Everyone I know with kids is overly protective of them.

If my sister suspected her kid had a dangerous peanut allergy, there is NO WAY she would try this at home. It's not like bricking your favorite phone, the stakes are ever-so-much higher.

about a year ago

Google Launches Cordova Powered Chrome Apps For Android and iOS

psydeshow Re:Useful for developers (47 comments)

This makes me consider developing Chrome apps where previously I had not considered it.

Excellent. Please don't, though.

Well, that depends on the why, doesn't it? Sometimes a thing is only worth doing if it can be done on the cheap and easy.

Cordova gives app developers a fallback for clients who can't afford a native app, or who need to get a prototype up and running yesterday as proof-of-concept or to fund the next stage of development. It's also great for novelties and one-offs that just wouldn't exist if the development process was more expensive than coding a small website.

It also creates a business opportunity that shouldn't be sniffed at: "Hey, nice web app. Do you wish it was faster and better? Let us re-create it as a native app for you."

1 year,1 day

If I Had a Hammer

psydeshow Re:Isn't this the ultimate goal? (732 comments)

Yes, but growing your own food requires that you have land and water to do so - which you do not have if you're flat broke.

You don't need land, you need space with light.

You do need water, which often falls from the sky (or can be teased out of the air). It doesn't have to be drinkable water.

And you need nutrients for your plants, which can be made from recycled plants plus bacteria (which are free), aka compost.

The biggest problem is space with light. And I see a lot of parking lots around here that would be perfect if we switched to Johnny-cabs and don't need parking lots any more.

1 year,16 days

If I Had a Hammer

psydeshow Re:Isn't this the ultimate goal? (732 comments)

oh so food and shelter will be free ??? In which part of multiverse you live? How did you get here?

I live in a universe where food and shelter grow on trees.

Seriously, though, if you have a hard time imagining what an economy with free subsistence could look like, read _Diamond Age_.

Basic, bland, subsistence-level food and shelter are not difficult to create from infinitely recyclable materials once you can remove labor from the equation. There is still an energy cost of course, so maybe the price of your house is 1000 kWh on a stationary bicycle. Yes, it's a grind. But you can play video games while you generate, so it's actually kind of fun.

Just don't think about what was recycled in order to make your dinner...

1 year,16 days

If I Had a Hammer

psydeshow Re:Isn't this the ultimate goal? (732 comments)

Robots can't build real estate.

Build up. Dig down. Viola, built real estate. Robots can do that.

I live in a high-rise in NYC, built by human hands in 2009. It leaks like crazy, and I sincerely wish it had been built by robots. If we wait long enough to fix it, it may be fixed by robots! At least a robot would follow the engineer's specifications.

1 year,16 days

Lasers Unearth Lost 'Agropolis' of New England

psydeshow Re:True for Most of CT (105 comments)

Who do you suppose owns these tracts of land, now? I guess I'm just assuming that the 250 acres of woods wasn't literally your back yard, but maybe it was.

Anyway, there should be property records for all of the fields "discovered" in the LIDAR map. When the farmers abandoned their farms, were they purchased by the state as watershed or open space, or by developers who never did anything with them, or what?

1 year,17 days

Citizen Science: Who Makes the Rules?

psydeshow Re:Don't do electrical engineering (189 comments)

Own a cellphone? You own a 'remote detonator for an explosive device' - you terrorist!

And if you take pictures of your kids with that phone, you're a pedophile terrorist.

about a year ago



psydeshow psydeshow writes  |  more than 7 years ago

psydeshow writes "We're in the middle of an amazing Javascript renaissance right now. Unbelievable magic happening, like Ryan Johnson's Event.Behavior.

"A domain specific language for defining events in your JavaScript applications. It approximates how one would describe an event in the english language and allows you to extend it with your own verbs, conditions and events."
So you can write stuff like "show('state_field').when('country').is('United States');", instead of fooling around with connecting and listening and callbacks. Nice!"

psydeshow psydeshow writes  |  more than 8 years ago

psydeshow writes "Please post an update on the zero-day VML exploit covered earlier this week. It seems that no posters noticed that Outlook 2003 is also vulnerable (surprise!) unless all email is viewed in plain text. MS downplays this in their advisory by saying Outlook Express isn't affected, but for the rest of us who use Outlook and get spam, this could be serious indeed. Nothing like a remote exploit in your inbox, eh?"


psydeshow has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?