Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Apple Yet To Push Patch For "Shellshock" Bug

r7 Shellshock a result of inappropriate use of bash (208 comments)

Shellshock does a good job of illustrating a fundamental security flaw in
bash but also in Redhat. Redhat, Fedora and CentOS are the most at risk
OSs because Redhat decided to make bash the default shell. This was a
deeply flawed system design decision driven by NIH (not invented here
syndrome). The problem is that bash was written and is maintained by
Redhat. As a result scripts that should have been written in the Bourne
shell are instead using bash. Even scripts that use Bourne (/bin/sh) are
executing bash on Redhat systems as sh is symlinked from bash. This is
not the case on Debian-based Linux (Ubuntu et al) as they don't symlink
bash to sh or specify bash as the default shell script interpreter.
Neither is it the case on the BSDs which don't even ship with bash.

So why then is bash an inappropriate choice for shell scripting? Bash is
designed to be an interactive shell. As a result it a much larger
program and has a correspondingly larger codebase than Bourne, most of
which is dedicated to auto-completion and other interactive features.
All else being equal (and it is in this case) more code correlates with
less security. Bash is also not POSIX-compliant. As a result it is not
cross-platform compatible nor are its features or design subject to
substantial design review. This and other reasons (like security) are
why all Unix and Linux distributions other than Redhat specify POSIX
Bourne as the default shell scripting language.

Redhat aside many third party shell scripts are written in bash that use
no bash features i.e., they would run with little or no modifications
under sh. So why are these scripts written in bash? The primarily
reasons are A) script authors don't understand or value cross-platform
compatibility and B) don't know the differences between bash and sh
(commonly due to familiarity with bash as an interactive shell). A third
but equally important factor is the lack of formal Linux or Unix
training.

Just as shell scripts should not be written in csh (or tcsh) they should
also not use bash (or ksh). Shell script authors should A) keep it
simple, B) be aware of cross-platform differences, C) value
POSIX-compliance and D) value security. With these best practices bugs
like shellshock won't have such an impact.

about three weeks ago
top

Google Pulls Support For CDMA Devices

r7 Re:Arm Twist Google Style (272 comments)

Given Google's collusion with AT&T on wireless network neutrality you have to wonder whether AT$T influenced this decision as well.

more than 2 years ago
top

Linux Support Fades For 3Dfx Voodoo, Rage 128, VIA

r7 Re:A fork for old machines (330 comments)

deprecation model: break the code so it can't possibly work, wait two years with no bug reports, remove. This is literally how a lot of rubbish no actual users cared

If only... More often bug reports are removed for lack of a "more detailed explanation" or lack of a patch.

Horrible backwards compatibility is Linux' Achilles heel and the reason it has utterly failed to displace MS and Apple on the desktop.

more than 3 years ago
top

Linux Desktop Summit Program Announced

r7 Re:I agree, but not with Ulysses... (121 comments)

What would you suggest Canonical do instead?

A) support Trinity.

B) fork Trinity if it goes the way of KDE4

C) KIS (keep it simple (and cross-platform compatible))

D) hire the right people (i.e., open at least one freaking office in SV/SF)

E) it's all about management

Management has to be well connected to end-users and end-user sysadmins. Management has to know how to review code (diffs) and do good QA (used to be Canonical's leg up on RH). This isn't rocket science. It isn't pur s/w development or pure sysadmin either. It is, findamentally, an issue of experience and good management. To be sure Canonical is the best placed company to be _the_ Linux desktop but they have not, of late, demonstrated a good understanding of how to get from here to there.

more than 2 years ago
top

Linux Desktop Summit Program Announced

r7 Re:Don't really like where "Desktop Linux" is head (121 comments)

have to agree they suck at the moment

KDE4 and Gnome3 have set the Linux desktop back nearly a decade. All of our plans to convert desktops from Windows have been put on hold, indefinitely.

Question is why. Why have these two key window managers not only gotten worse but become worse than any window manager since CDE?

Part of it has t be a lack of design guidelines. It also has to be due to a lack of leadership, designed by committee, lord of the flies and all that. But that can't be all there is. I know this isn't all because a friend of mine is one of the contributors and I know he works for Microsoft on the side. Open source desktops won't be viable, if you ask me, until they've solved these 3 fundamental issues.

more than 2 years ago
top

Google Fires Back About Search Engine Spam

r7 Re:Google is history... (270 comments)

according to the evaluation metrics

Evaluation metrics, yea, that's the ticket. The reason Google sucks of late is partly because spam filtering is difficult but in this case it is especially difficult as they actually profit off of much of what we see as search spam. That is to say that our metrics (results) are different from theirs (profit and results). Of course they'll tell you that Adwords customers are shown no preference in search listing, but what else are they going to say...

This is no different than what happened at DEC's Alta Vista, whose search results used to be better than Google's are now. That was before the bean counters^H^H^H^H stock holders made a stink about the lack of "value appreciation". Sucks to have owners whose short term interests conflict with your (long term) business model.

more than 2 years ago
top

Protect Your Pre-1997 IP Address

r7 Re:Seriously? (275 comments)

I'm sorry to have to say this to you like this, but you have no idea what you're talking about.

Sorry but we do know. Whether the equipment you cited supports IPv6, well or otherwise, is irrelevant because 99.999% of the Internet is inaccessible to IPv6 nodes without NAT64 and NAT46.

Anybody who has tried to use IPv6 knows this. IPv6 will never reach more than 0.01% of the Internet without NAT64 and NAT46 and probably NAT66 as well.

more than 3 years ago
top

Protect Your Pre-1997 IP Address

r7 Re:Seriously? (275 comments)

NAT works

Everyone knows NAT works because everyone uses NAT, most of us aren't even aware of it. The only people who have a problem with NAT are ILECs like ATT, aggregators like Google, and wirters of trojans, viruses, spambots and other P2P malware. These groups know that access to us and our data would be much easier with NAT out of the way, and they think IPv6 is a way to make this happen. Claims that NAT is harmful only exist because the ATTs and Googles of the world have a lot of money to spend on astroturf.

more than 3 years ago
top

Protect Your Pre-1997 IP Address

r7 Re:Seriously? (275 comments)

Upgrade your systems to IPv6 already

Is this a rhetorical question or what? Considering that no equipment currently on the market does IPv4 to IPv6 NAT any IPv6 device would only be able to contact at best 0.001% of the Internet. Give me a break is right, just not a broken Internet. IPv6 is still a long way from being usable.

more than 3 years ago
top

PayPal Withdraws WikiLeaks Donation Service

r7 Wells Fargo harassment as well (794 comments)

Not just Paypal but Wells Fargo as well. When I heard about Paypal and Amazon I went to the wikileaks website to make a donation. Not only was my charge denied but they put a hold on my card! Talk about harassment. It's bad enough when your own government breaks the law, worse when vendors decide to run a protection racket when they disagree with a customer's purchases/donations.

more than 3 years ago
top

Anxiety and IT?

r7 Re:Relax.. Take a deep breath.. (347 comments)

You cannot "think" yourself out of stress

It's true you can't "think" yourself out of stress but you can meditate on your stress, its effect on your body and your thinking, and come to terms with it in that way. Meditation does not involve thinking i.e., internal dialog, but it does involve taking the time to sit quietly for a half hour or more and just focusing on what exactly the"stress" is. That's the only way to achieve real understanding of it, to come to terms with it, to live with it, and to mitigate its negative effects. It's the same for other types of pain.

If, like most people, you deal with stress by trying not to think about it, by staying busy, by drinking, taking drugs, watching TV, even by exercising (alone) you'll still suffer from it.

If you want to see what meditation is about download a few lectures from audiodharma (to your smartphone or PC) and listen to them while commuting or before bed.

Meditation techniques are even taught in hospitals in the US thanks to unequivocal research showing its beneficial effects. See also books/audiobooks by Jack Kornfield, Lama Surya Das, the Dalai Lama, or Alan Watts among many.

more than 3 years ago
top

Mazda Claims 70 mpg For New Engine, No Hybrid Needed

r7 Re:Diesels already do this. (576 comments)

* Car-1 gets 27 MPG running gasoline. I pay $3.19 per gallon. $0.12 per mile
  * Car-2 gets 40 MPG running diesel. I pay $3.79 per gallon. $0.09 per mile

Would be nice if that were the sole measure of cost per mile, but it fails to factor-in the cost of higher compression ratios, which A) will experience blow-by earlier than engines with lower rations. When that happens pollution will increase substantially and efficiency will drop until B) the engine gets a ring job, costing big bucks.

more than 3 years ago
top

Mazda Claims 70 mpg For New Engine, No Hybrid Needed

r7 Re:Diesels already do this. (576 comments)

Diesel's actually not that bad. It gets a bad rap because it's used in a lot of truly awful applications, but it's not much worse than regular gasoline when combusted reasonably efficiently

Efficient or not Diesel exhaust contains a lot of particulate matter. The stuff accumulates in the lungs where it is far more damaging to human health than gasoline's non-particulate components.

Other than that, and the need for high compression ratios Diesel is pretty good. High compression, OTOH, is hard on piston rings and other parts of the drivetrain and kills efficiency when the inevitable early wear starts in. Replacing piston rings is also very expensive.

more than 3 years ago
top

Oracle's Newest Move To Undermine Android

r7 Re:Check, But Not Mate (342 comments)

I'm not an expert on Android internals or anything, but I think this story is being significantly overblown.

Seriously understated... The problem with Oracle and Google is simply licensing. If Google had licensed Java like every other company doing a port like Android perhaps Sun would still be a viable company today. Perhaps it is unfortunate that Sun did not want to litigate, but you can't expect Oracle to drop the same ball.

about 4 years ago
top

There Is No Plan B, the Ugly Transition To IPv6

r7 Re:The IPv6 nightmare begins with it's design... (717 comments)

The problem with the approach is that it's very difficult to do in a way that doesn't break backwards compatibility, and if you're going to break compatibility then you may as well fix other things at the same time.

Didn't have to be that way. We could have had an IPv5 with all the addresses and none of the backwards compatibility issues if not for special interests in the IETF:

    http://bill.herrin.us/network/ipxl.html

Gets my vote for IPv7...

about 4 years ago
top

There Is No Plan B, the Ugly Transition To IPv6

r7 Re:NAT (717 comments)

NAT is only a problem if you are a Google, a Government, or some other entity who is effectively prevented from
monitoring someone because they do not have a unique IP address. NAT is the most effective privacy tool on the
Internet. The only people calling it evil are ILECs, doubleclicks, and spies.

Of course NAT is also good when you want to switch Internet providers, or have more than one ISP. Without it you
would have to renumber all your internal hosts to change or fail-over. ILECs have so far blocked NAT in IPv6
because it will provide such good vendor lock-in.

NAT is also incredibly effective in firewalling outside hosts from getting a free pass to internal networks. Of
course spies, "aggregators", and spyware vendors don't like this.

The sad part is that few will adopt IPv6 until it has a standardized NAT. ILECs don't really care if this never
happens because they will make a bundle reselling addresses in the resulting IPv4 bubble. Not just ILECs of course,
but companies like Cisco, HP, and even Allstate Insurance who registered millions of IP addresses decades ago,
before the advent of CIDR.

I guess all this is not really so sad when you consider that what's really sad is our (US) government, who can't
even see what's coming down the pike.

about 4 years ago
top

Obama Highlights IPv6 Issue

r7 Re:NAT (442 comments)

NAT is only evil if you are a Google, a Government, or some other entity who is effectively prevented from monitoring someone because they do not have a unique IP address. NAT is the most effective privacy tool on the Internet. The only people calling it evil are ILECs, doubleclicks, and spies.

Of course NAT is also good when you want to switch Internet providers, or have more than one ISP. Without it you would have to renumber all your internal hosts to change or fail-over. ILECs have so far blocked NAT in IPv6 because it will provide such good vendor lock-in.

NAT is also incredibly effective in firewalling outside hosts from getting a free pass to internal networks. Of course spies, "aggregators", and spyware vendors don't like this.

The sad part is that few will adopt IPv6 until it has a standardized NAT. ILECs don't really care if this never happens because they will make a bundle reselling addresses in the resulting IPv4 bubble. Not just ILECs of course, but companies like Cisco, HP, and even Allstate Insurance who registered millions of IP addresses decades ago, before the advent of CIDR.

I guess all this is not really so sad when you consider that what's really sad is our (US) government, who can't even see what's coming down the pike.

about 4 years ago
top

Today's Children Are Officially Potty Mouths

r7 Re:Don't blame the media.. (449 comments)

The media just reflects what is acceptable to society

No it doesn't. The media reflects what sells. Any correlation with social values is purely coincidental.

One thing you have to keep in mind, when reading the OP, is that this is the perspective of someone who watches a lot of TV, and hangs out with other people who watch a lot of TV.

more than 3 years ago
top

PostgreSQL 9.0 Released

r7 Open Source Defined (344 comments)

Now that MySQL is owned by Oracle it looks like Postgres may, over time, become the only truly FOSS RDBMS.

When I read that there is a major FreeBSD replication bug that MySQL developers have not fixed for some time I have to wonder whether these are the same dirty tricks that Sun employed to advantage some OSs over others. If so this would tend to validate the rumor that Oracle may buy RedHat. Then the gloves would come off no doubt, and Oracle's preferred platforms would get all the bug fixes while other distributions and OSs would get crumbs, like they've done with the Oracle DB for years.

As always, software that is developed cross-platform, on multiple OSs, will be better than software that is developed on a single or smaller number of distributions and OSs. Oracle (and IBM's) efforts to secure vendor lock-in will only work short-term. In the long run their plans won't work out so well but until then I'm sticking with Postgres (and Ubuntu, Debian, FreeBSD, and OpenBSD).

more than 4 years ago
top

Criminals Steal House Thanks To Hacked Email

r7 Don't forget the real estate commission (227 comments)

Can someone really sell a property in AU without the owner's signature? Hmmm.

A more likely scenario includes the real estate agent as scam leader, and looking forward to the commissions.

more than 4 years ago

Submissions

top

Open Source Guidelines for local governments

r7 r7 writes  |  about 5 years ago

anonymous coward (409657) writes "I have been tasked with writing the IT recommendations for of a local Sunshine Act. It specifies the format of documents, audio, and video hosted by the municipal website. Problem I do not know where to ask for peer review. Anyone care to comment?

To ensure the accessibility of information provided in electronic media, the City shall, as soon as possible:
  1. Use open, non-proprietary, cross-platform, standards-based text, image, audio, video, and other data exchange formats on public-facing computer and information systems.
  2. Meet or exceed the guidelines for accessibility specified by the Federal General Services Administration *(Section 508, http://section508.gov./
  3. Make an alternate format available when commercial, non-standard, or otherwise platform-limited formats must be used.
  4. Avoid binary document formats *(such as image-based PDF or OOXML) when *(PDF/A) ASCII, ISO-8859-1 or other text-based formats are available. Rich-text documents should contain all fonts needed for their viewing. All document formats should be easily and entirely indexable for accurate searching.
  5. Make audio available for both download and streaming using only open, cross-platform, standards-based formats *(OGG, MP3) that can be listened to on any computer *(Windows, Mac, Linux, Unix) or portable device *(PDA or cellphone).
  6. Use only open, cross-platform, standards-based image formats such as those published by the ISO and W3C *(PNG, JPEG).
  7. Make video available for both download and streaming using only open, cross-platform, standards-based formats *(Theora, MPEG). Make the audio portion of video streams available separately.
  8. Maintain websites with fixed and logical tree structures that can be linked to, and URLs that do not change periodically. Keep all posted data, including Council and Commission agendas, minutes and related documentation online.
  9. Prohibit the use of tracking technologies *(such as cookies) which can be used to identify individuals accessing City resources unless A) it is required for authentication, or B) consent to such tracking has been previously obtained.
  10. Avoid web content-types that are not compatible across browsers, including older browsers *(avoiding Flash and platform or browser-specific HTML, CSS and Javascript).
  11. Make substantive website changes trackable by title and synopsis in an open, cross-platform, standards-based journal format *(RSS, Atom). Update these journals at least once each business day.
  * Standards, standards bodies, and operating systems will change over time and are noted here for reference only."
top

r7 r7 writes  |  more than 7 years ago

r7 (409657) writes "Internetnews is reporting Sun's introduction of JavaFX at JavaOne today. Looks like a combination Applet, Flash, Javascript, and AJAX with a friendly programming interface. Does this really spell the end of AJAX? I sure hope so. Nothing built on javascript will ever achieve the security, cross-platform reliability, and programmatic friendliness needed to enabled Web 2.0. Proprietary solutions and vendor lock-in are also dead-ends. This leaves an opportunity that JavaFX has the potential to satisfy even better than did Java over a decade ago. Along with AJAX let's hope JavaF also spells the end to Microsoft's viral Active-X and JScript, AND, perhaps more importantly, that it really is a web scripting language that developers can grok."

Journals

r7 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?