Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: Aging and Orphan Open Source Projects?

ray-auch Re:software (74 comments)

It's: Project who must not be named.

[probably Bash :-)]

1 hour ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

ray-auch Re:American Exceptionalism Strikes Again (279 comments)

Thomas Duncan, the ebola patient, wasn't sent home because as you put it, "poor Nigger, not gonna pay his bills." He was misdiagnosed. That isn't hard to understand. It isn't hard to get right.

Timeline details missteps with Ebola patient who died

From WSJ: “Princess Duo, a niece of Ms. Troh who lives in Dallas and spoke with her following the ER visit, said Ms. Troh recounted being specific in the information she gave nurses that night. “They asked him for ID, and whether he had insurance. And she told them he did not because he had just come from Liberia,” Ms. Duo said."

Sure he was "misdiagnosed" (or more realistically, not diagnosed, unless you have information as to what he was positively diagnosed with) , but only because they did not take the travel history properly or act on it.

1 hour ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

ray-auch Re:Politics (279 comments)

Nigeria overall has less resources than US, sure, but compare the what they actually did and the resources they actually _used_.

First, in Nigeria patient zero hit a good observant doctor with a clue, and instead of being sent home with antibiotics, was kept in hospital and restrained to prevent him leaving - all (I believe) before any official quarantine order or similar. The doctor that did that paid with her life. That action probably prevented an epidemic across Lagos, nothing to do with amount of resources and everything to do with one doctor being on the ball and prepared to fight the system to do the right thing.

The official response included tracing close to 1000 primary and secondary contacts, 18,500 personal visits and 100s in isolation / quarantine. They had emergency presidential decrees, overriding the rights people would normally have (probably a lot less than in the US to start with) and extensive use of law enforcement agencies. Widespread advertising campaigns, banning shaking hands, kissing etc., Changing holy communion practices in churches. Closure of _all_ schools.

The US doesn't appear to have done anything like that, despite its greater resources. Maybe Nigeria over-reacted, maybe US under-reacted and got lucky.

2 hours ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

ray-auch Re:Can we stop trying to come up with a reason? (582 comments)

It is because women are smarter than men, and are making more informed career choices.

Back in the days of punched cards and computers the size of a whole data centre now, and memory that didn't got away when the power went off (yeah, I know, that one's come around again now), programming was a 9-5 family friendly (as much as any job was) day job. Programmers and operators were often women (my mother was one), if not mostly women - seriously, just do a google images search for "mainframe operator 1960s" (just for one example), those images reflect the number of women working with computers that you'll see in printed material from that era too.

Somewhere around the 80's - 90's with the personal computer revolution, and gaming, and continuing with the dotcom boom, programming turned into an aggressive deadline-driven first-to-market ship-it-yesterday career, with a long-hours work-till-it's-done culture that spread from startups out to entire parts of the industry (see gaming...). And the women stopped coming.

To pick a couple of other industries / careers I have some (UK based) knowledge of: in roughly the same time scale, in medical and veterinary, professionals went from being on-call all-hours (junior doctors infamously worked a standard 120hr week) to having out-of-hours contracted out and on-call hours counted into the limits under EU working time directive. Every programming job I've had has required me to opt out of the working time directive, but doctors don't. Now take a guess on two professional careers in the UK which are (or soon will be) majority female... medical (doctors) and veterinary. That is where all the smart women went, and if you want to know why just look at the culture changes in those professions and in programming.

yesterday
top

Apple Doesn't Design For Yesterday

ray-auch Re:Apple's take on Windows 8 (368 comments)

least you had rocks. You have no idea how hard it was to get the women back to the cave when all you had to hit em over the head with was grass...

2 days ago
top

Apple Doesn't Design For Yesterday

ray-auch Re:Apple's take on Windows 8 (368 comments)

If hyperbole is your argument, you have no argument.

Hyperbole ? We didn't have hyperbole, we were lucky to get kilobole let alone megabole.

Oh yeah, get off my lawn.

2 days ago
top

Despite Patent Settlement, Apple Pulls Bose Merchandise From Its Stores

ray-auch Re:Bose is overpriced crap and always has been (326 comments)

But mainly, as I clearly stated above, what you are missing with other products is that you don't have the option of dual-booting AND, at the same time, running the SAME foreign OS install in VMWare or the like. If you want to do that you are stuck with 2 different foreign OS installs, and your files won't be in sync.

I didn't say dual-booting was unique to Mac. Read it again. What I wrote was that it's BETTER. Especially if you have VMWare. While that's a third-party product, it enables you to do what other OSes won't do, even with VMWare.

Without specifying which VMWare product it is a bit difficult to see what you are getting at - workstation or full ring-0 hypervisor like ESX ?

If you mean just the option of booting a virtual disk (vhd) which you can also use in an emulator, Windows has had that for 5 years (since 7) without needing a third party emulator (VirtualPC from MS).

If you mean having the option of booting a vhd and having also a full hypervisor that can run that vhd as a virtual machine, built into the OS, Windows has had that for six years on the server OS versions, and two on client (Windows 8) - Hyper-V is built in along with native-boot-from-vhd.

There are also Linux options for both boot-native-from-vhd and built in hypervisors.

So, struggling a bit to see what it is you think other OSes can't do ?

3 days ago
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

ray-auch Re:Article or link (109 comments)

The whole article is de-indexed. That is the only way it can work - the required form of complaint is that the information is inaccurate / irrelevant / etc., i.e. the complaint is that the information should be "forgotten", not that any particular search term should not lead to it.

3 days ago
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

ray-auch Re:Incomplete information (109 comments)

Wrong. Already there have been cases where the main subject of a removed article was publicly accused of having it removed, only for it to turn out to be a commenter on the article that wanted their comment forgotten. Since the ruling only affects the search index and not the actual page, the whole article will have to be de-indexed just to forget one comment. There could be a lot of different commenters on one page.

3 days ago
top

Ask Slashdot: Stop PulseAudio From Changing Sound Settings?

ray-auch Re:Bring Back the Soundblaster (282 comments)

Yeah, but the fact that you have to mess with and configure each component individually and manage all the dependencies yourself means you know what is going on rather than have some magic uber-daemon figure out what it thinks you want and then do something, but you have no idea what it actually did when it goes wrong.

[or is that systemd, i forget...]

3 days ago
top

First Demonstration of Artificial Intelligence On a Quantum Computer

ray-auch Re:A small vat of organic liquid? (98 comments)

we already have those - look at all the 'bots posting on here for starters...

about a week ago
top

Positive Ebola Test In Second Texas Health Worker

ray-auch Re:Just tell me (463 comments)

The rationale was probably to rack up charges, if the machine was not in use at the time, might as well use it.

CT _scanners_ of course are pretty expensive, be interesting to know how they decontaminated it, if they did.

about a week ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (264 comments)

If the numerous people reviewing Bash, from multiple companies, and disciplines didn't find the issue with the first patch, then how would Microsoft with a far more limited set of people looking at the code be able to get the same kind of patch correct the first time and get all the corner cases figured out and fixed before releasing the first patch?

Because they have a "far more limited" team full of security specialists. Some (maybe all) of the later bugs were found using standard fuzzing tools, which should have been part of the test process the first time, as soon as the parser was found to be broken once on non-standard input. In fact it should have been picked up, whilst under embargo, that the whole idea of parsing code out of untrusted input was a security hole that would need to be patched (as it eventually was), even not-security-experts with some idea about security could have predicted that (as I did - http://slashdot.org/comments.p...)

I'm not saying the Bash devs had 1 million eyes on this; but they certainly had a few hundred if not a thousand or so in total.

During the embargo, really ?

Agreed - kinda. The main point of the origin of this thread (article?) was that F/LOSS software could not deal as well as proprietary software; that somehow the proprietary vendors could do better with these kinds of bugs - both catching them and responding to them.

Actually the article doesn't say that proprietary is any better, just that FOSS hasn't turned out to be as good at it as people were assuming (many eyes bugs shallow etc.).

But here's the kicker - there is a similar exploit for cmd.exe. It's yet to be patched. ;-)

cmd.exe parser has a bug, or maybe a feature. bash parser had a bug, or several, or maybe a feature.

Big big big difference is that cmd.exe doesn't execute, or echo, or parse, all its environment variables at startup - that is the actual bash shellshock vulnerability (not the various parser bugs), and cmd doesn't have it. No one has yet found an exploit for this cmd.exe bug, let alone a remote one.

about a week ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (264 comments)

I didn't say MS was better, I said the bash response was poor, and the poster I replied to couldn't possibly have had fixes in place within minutes as claimed.

Oh, and in your argument "up to 30 days" suddenly becomes "taken 30 days" - actually if bugs come in uniformly distributed in the 30 day cycle then average would be 15 days, or lower since sometimes they do go out-of-band.

Plus, the second (and third and fourth and so on) patches are only needed if the first (and second and third.,.) one is inadequate and not properly tested. Maybe MS are just as bad at that too, but the developers of Bash were certainly not good at it.

about a week ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:somebody else's job (264 comments)

There aren't because:

1. no one is paying for them (or at least not enough to make a difference and catch stuff like heartbleed and shellshock)
2. auditing existing code doesn't "scratch an itch" for anyone on the hobbyist side

Closed source companies like MS have to weigh up costs of security auditing vs. cost of reputational damage of getting it wrong (i.e. if you think safety is expensive try having an accident). For a long time, MS was so secure as a monopoly that the reputational damage wasn't worth them worrying about - that isn't the case now, and they are better at security than they were, but they have a very large legacy mess still to clear up.

For open source companies, the reputational damage is spread or lands elsewhere (shellshock is a GNU bug not a Linux bug or a RedHat or Debian or...), so there is even less incentive. Your competition benefits equally from your auditing but you take the whole cost. Therefore it will need collective funding by competing companies - which is always a lot harder to organise.

about a week ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (264 comments)

How did you fix them in minutes when it took several days for correct patches to come out, for entirely predictable reasons (laughable approach of trying to find and fix all bugs at once in a parser never designed to be secure, when the real issue is that it should never be being fed untrusted input) ?

To my mind, that is the biggest failure of open source / free software in this case
- 20+ yr old bug / insecure-feature in an obscure corner of a system never designed for today's threat environment - forgiveable
- responsible disclosure, working with maintainers under embargo - good
- publication along with a patch that was broken again within hours if not minutes - fail
- everyone and his dog then panic-issuing further patches for one parser vulnerability after another before eventually someone (actually more than one different approach) fixes it properly the way it should have been done in the first place - spectacular fail

about a week ago
top

Ask Slashdot: Best Books On the Life and Work of Nikola Tesla?

ray-auch Re:Not a narcisisst (140 comments)

There is good engineering and engineering a successful product. Edison was much better at understanding the latter, he also understood and played the patents system. He was in the end by far the better capitalist / businessman, hence he won, financially, and winners write the history books.

Before writing Tesla down as always the great engineer who never got successful, it is worth remembering that he did make a fortune (tens of millions in today's money) from his AC patents before he gave up on the royalties, but he died a pauper because he blew his fortune self-funding research into ideas that were much less good - too confident in his own promised results, he sunk all his money into ideas that just didn't work.

about two weeks ago
top

MIT Study Finds Fault With Mars One Colony Concept

ray-auch Re:S[pace colonisation (269 comments)

Try page margins, there's lots of room and they don't interfere as much with legibility.

Tried that, I had a great proof of this colonization concept, but this margin was too small to contain it...

about two weeks ago
top

Hackers Compromised Yahoo Servers Using Shellshock Bug

ray-auch Re:Can someone explain... (69 comments)

Yeah and who exactly is this afflicted user? Right, normally apache or some other unprivileged user who has relatively little power though granted you don't even want unprivileged users logging in from the Internet

For some, the ability to run their own code on a server with high bandwidth outward connection to the internet is all the power they need/want.
If the server is an authorised mail source for a domain (e.g. spf) then so much the better.
If the user has access to some writable disk space that can be used to host some interesting files, then there are uses for that.
If the user can read the web site source or config files that may have value in itself or may lead to further penetration - but I'm sure you've never seen DB user/pw in the source for a production website, ever ?

about two weeks ago

Submissions

ray-auch hasn't submitted any stories.

Journals

ray-auch has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?