×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

First Phase of TrueCrypt Audit Turns Up No Backdoors

rdnetto Re:memset() is bad? (171 comments)

But the program performs functionally the same.
That's the rule followed when doing compiler optimisations.

memset has nothing to do with Heartbleed by the way, nor does any compiler optimisation.

The program will generate the same output yes, but the security implications are not the same.
This is actually tangentially related to heartbleed - if the memory had been zeroed when freed, the scope of the exploit would have been greatly reduced, as only currently allocated blocks would have been vulnerable. Furthermore, the most common reason for using custom mallocs in security-critical applications is to do exactly that - to zero all memory immediately upon freeing.

Zeroing memory like this is a common practice in such cases.

You also don't guarantee the original data is overwritten. If your application is paged out of RAM before the call to memset, when it gets loaded back in to RAM it can be pointing to a different physical memory location. You're now overwriting.... something completely different.

This is completely incorrect. Until it is freed (or realloc'ed), the address returned by malloc will point to the same data, regardless of whether it is in the L1 cache, RAM, or paged to disk. Were this not the case, each program would need to implement its own MMU.

Now, what is true is that additional copies of the data could be made, but you'd need to have escalated to root to access anything in a pagefile (at which point your system is completely compromised anyway), and I'm not even sure if direct access to L1 cache is possible.

yesterday
top

First Phase of TrueCrypt Audit Turns Up No Backdoors

rdnetto Re:memset() is bad? (171 comments)

If you call memset on some allocated memory and then free that memory, what (apart from clearing sensitive data from physical RAM) functional difference does removing the call to memset make? None?

The longer the data remains in memory, the wider the window to read it via some other exploit. (Also, anything running as root could potentially access it.) This is precisely what happened with Heartbleed.

2 days ago
top

The GNOME Foundation Is Running Out of Money

rdnetto Re:I'm disapointed in people (677 comments)

See, that's the thing. You got used to changing your fonts around because in the old days fonts sucked. We didn't really have a good font system. All the other non-free desktops had a great font rendering system. Now we have something decent, you shouldn't have to screw around with fonts. It should just work. That's why GNOME doesn't have that many options for fonts. Neither does OSX nor Windows. You can still do the same kind of font fiddling before, you just have to use gsettings or tweak tool to do it. But they exist, but we need to build something greater. What we're doing is much harder, making things work for the general case.

People change fonts when the defaults don't suit them, and there is no one choice that will suit everyone. The logical conclusion of this is that you need to have some method by which people can change the setting, or your software will not be suitable for a significant number of people.

Sane defaults do not remove the need for configuration. Look at KDE - their defaults are perfectly fine for most people, but Plasma is /way/ more configurable than Gnome 3. This one-size-fits-all attitude is the primary reason people have responded poorly to Gnome 3.

GNOME offends people who use computers as a creative extension of themselves. ... I used to be one of those people, but life is too short, I prefer to take what I am given and work on the things that really matter to me.

False dichotomy much? Changing the font size should be a trivial task doable in under 5 minutes (including the time taken to Google it).
Furthermore, has it not occurred to you that people who use computers as extensions of themselves are actually the majority of Linux users? Minor changes that make our tools easier or more efficient to use are the norm for us. If we weren't interested in changing our tools, we wouldn't have installed Linux in the first place.
It's all well and good to target other demographics, but if you alienate your userbase and focus on a minority, then it should hardly be surprising when your users (and their funding) disappear.

It definitely comes from an older era where you can spend hours tweaking conf files.

I disagree. Spending hours tweaking conf files was the norm back in the 90s out of necessity, but the idea of customizing your tools to suit yourself is not specific to that era. I'm young enough to not remember most of the 90s and have used Linux for less than a decade, but I often spend time customizing my setup to suit myself better.

2 days ago
top

Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

rdnetto Re:Not malicious but not honest? (444 comments)

If they were using a custom malloc, then they should have been memset (or similar) to zero the blocks when debugging. That way, use-after-frees still manifest as crashes when testing (it could be disabled in release builds to improve performance).
I'm in no way an experienced C programmer, but if I were reimplementing something as core as malloc/free I would include a ton of sanity checks and safeguards to make sure that, at least on debug builds, this sort of bug was obvious.

5 days ago
top

.NET Native Compilation Preview Released

rdnetto Re:It produces performance like C++ (217 comments)

But wanting a GC has nothing to do with "brain dead idiots". It has been established decades ago that manual memory management is simply prone to errors, as program size increases. That includes expert programmers. This is a settled empirical question. If the overhead is acceptable, there is little reason to not want a GC.

There is also a third option: manual memory management with compile-time guarantees of safety. You get the performance of manual memory management without the risks, and the code ends up being more concise because heap allocation is implemented as a syntax feature. Rust is the most well known example of this.

about two weeks ago
top

.NET Native Compilation Preview Released

rdnetto Re:It produces performance like C++ (217 comments)

Then again, you could just pick full C++ 11, which has the advantages of both the higher level of abstractions like C#, and the low level capabilities of C.

Speaking as someone who has worked with both C++11 and C#, C# is a much nicer language. C++11 improves things somewhat, but it's an old language and the cruft shows. The obvious example is generics: C#'s generics are quite straightforward to use, support constraints (base classes of type parameters), and can even be annotated to handle inheritance correctly. C++'s templates are notorious for their poor usability, to the extent that even Stroustrup recognizes that they fall short. A future version of C++ is supposed to implement Concepts, which provide the ability to add arbitrary constraints to type parameters (but not by using inheritance*, for some reason.)

It's quite telling that even though I've been using Linux as my primary OS for a few years now, I still haven't found a language that's as pleasant to use on it as C# was under Windows. (Qt is much nicer than the .NET Framework though.)

*To be fair, inheritance has the problem that once a class is written, you can no longer add base classes to it. But this is not insurpassable; C# supports extension methods that could be used to fix this in a manner similar to Haskell's type classes.

about two weeks ago
top

A Third of Consumers Who Bought Wearable Devices Have Ditched Them

rdnetto Re:I avoided bluetooth for years... (180 comments)

I avoided bluetooth for years becuase it was unreliable and awkward. The headsets were expensive and uncomfortable. Some didn't work in that they required pairing every time you turned it on. (Both the phone and the device completely forgot about each other.) Buying a corded headset was far cheaper, had far better quality, and was far more comfortable.

But times change, as do needs. Most bluetooth devices now have just enough non-volatile memory to remember what they were last paired with and most bluetooth hosts will quite happily keep a list of every device it's ever pair with. Other than the initial setup (which can still be awkward and annoying) it's quite simple to use now. Hold the button for a few seconds until the light blinks and/or the sound chimes. Now I have a whole host of bluetooth devices.

It's funny you mention this, given that just a few days ago I struggled and eventually gave up on getting my laptop to pair with a Bluetooth ODB adapter that had previously paired with a different laptop. (In the end I gave up, took it apart, and soldered some wires directly to the serial interface inside it, as I had a USB UART adapter on hand).

The problem was that the device kept disconnecting after I connected to it, and there was nothing I could do to convince it otherwise. The more complex a technology is, the harder it is to get the interface right. This goes doubly when you have an embedded system without a second, more powerful interface (compare this to how Linux supplements the GUI with a terminal). Wearable devices take this to an extreme; the interface is more limited than that of a phone, so it's even harder to get right.

about two weeks ago
top

Ask Slashdot: What Do You Consider Elegant Code?

rdnetto Re:Minimise state (373 comments)

For various reasons, functional langugaes are not always a realistic option in you project (especially if you're not starting from scratrch)

The same could be said about elegant code. :P

about three weeks ago
top

Ask Slashdot: What Do You Consider Elegant Code?

rdnetto Re:Minimise state (373 comments)

So in other words, most code written in a functional programming language. e.g. Haskell

about three weeks ago
top

Neovim: Rebuilding Vim For the 21st Century

rdnetto Re:Certainly as a fork... good luck (248 comments)

The shift to Lua and coprocess model will be pretty significant improvements. You can easily max out a Core 2 Duo with certain ctags or git plugins, and having an easier way to identify the guilty party will be rather helpful.

about three weeks ago
top

Amazon Hikes Prime Membership Fee

rdnetto Re:As an Australian (276 comments)

You're missing the context. Currently, shipping from Amazon is about $15-$30 to Aus, and can be as high as $50 for larger packages. So even at $99/year, you'd break even quite easily. Not to mention the amount of stuff (especially electronics) that only ships to the US...

about a month ago
top

Stanford Researchers Spot Medical Conditions, Guns, and More In Phone Metadata

rdnetto Re:Outed? (193 comments)

Therefore, you don't hate guns. You hate average people having guns. And that speaks higher volumes about your hypocrisy than anything else
--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.

While I wouldn't describe myself as gun-hating, I think there is a strong argument to be made that gun owners should be held to a higher standard than the average person (in much the same way that pilots are).

about a month ago
top

Ubuntu 14.04 Brings Back Menus In Application Windows

rdnetto Re:OLD? Stupid crap still on 10.7 (255 comments)

ubuntu is a steaming turd because they tried to remove the scroll bars, I see freaking Chrome and Firefox also doing this stupid trick as well on all platforms.

It makes me want to beat developers with a sack of doorknobs.

On what platforms does Chrome not have scrollbars? I'm using Chrome right now and it has one.

about 1 month ago
top

Lenovo To Buy IBM's Server Business For $2.3 Billion

rdnetto Re:Too harsh... (160 comments)

Take a look at the T440p (i.e. the flagship thinkpad). They've removed the mouse buttons, but apart from that it meets all the criteria on your list. At the rate things are going, it's probably going to be the last model with physical function keys.

about 3 months ago
top

Why Do Projects Continue To Support Old Python Releases?

rdnetto Re:python sucks (432 comments)

It would probably have been less work to just change the default interpreter back to python 2.5, and edit only the 'one piece of software' that required python 3 to /usr/bin/python3

The second bit wouldn't even be necessary - as far as I'm aware, the only distro that made python3 the default was Arch. Because python2 is still the default on most systems and incompatible with python3, most programmers working in Python 3 explicitly specify python3 in the shebang. (Using /usr/bin/python only is considered poor practice for this exact reason.)

about 3 months ago
top

Why Do Projects Continue To Support Old Python Releases?

rdnetto Re:Wrong question (432 comments)

The reason is that Python 3 does not have a decent MySQL connector.

And that's precisely what this article is about - supporting pre-2.7 and 3.x are almost mutually exclusive due to changes in the language. Once written in 2.7, it's often possible to support 3 via a tool like six.

about 3 months ago
top

Who Is Liable When a Self-Driving Car Crashes?

rdnetto Re:Efficiency. (937 comments)

Even if a computer can't predict that as far ahead as a human, it can react much faster. Human reaction time is about 200 ms, but a computer could easily react within about 30 ms. That should be enough to compensate for the intelligence described in the vast majority of situations.

about 3 months ago
top

How To Create Your Own Cryptocurrency

rdnetto Re:Is he really a "sucker"? (203 comments)

On page 10, the inability to have reserve banking is discussed. Could you explain why reserve banking is useful? As far as I can tell, it simply inflates the perceived amount of money present in the system beyond that actually present, introducing a potential failure mode (a bank run).

about 3 months ago
top

Chinese Icebreaker Is Stuck In Ice After Antarctic Research Vessel Rescue

rdnetto Re:Wow (361 comments)

What'r the chances of getting stuck in ice in Antarctica during the summer months of 2013-2014, when global warming is at it's peak (tongue in cheek) - not once, but TWICE?

Not great.

However, if you asked "what are the chances of getting stuck in ice in Antarctica during the summer, given that it just happened to another ship nearby?", I'd say reasonably high. Conditional probability in action.

about 3 months ago
top

Emacs Needs To Move To GitHub, Says ESR

rdnetto Anecdote (252 comments)

I'm in my early 20s, and very much grew up with GUIs and Windows. Despite this, I now use Vim (cue flame war) as my text editor after seeing how fast proficient users could be with it. I have a friend who uses Emacs as his desktop environment - no KDE or Gnome, just Emacs.
Both are powerful text editors with niche uses. e.g. programming. While fewer people are learning them now that they are no longer the default text editors on most distros, they're hardly dying.

about 3 months ago

Submissions

top

Debian to Adopt New Init System

rdnetto rdnetto writes  |  about 6 months ago

rdnetto (955205) writes "Debian developers have been in a very polarized discussion recently about replacing their default SysVinit system with a more modern init system; namely, Debian developers are evaluating whether to use systemd or Upstart.

Debian wants to switch a modern event-based init system that is more robust and provides more features, provides stable support for advanced environments (e.g. SAN), being more similar to the likes of Ubuntu and RHEL, and modern open-source packages like GNOME 3.x are easier to package. Among other reasons, Debian hasn't been quick to switch init systems over lots of work needing to be accomplished.

In one of the latest init system discussions, it was stated "since the init system strongly shapes many other packages, there has to be only one and no other supported options.""

Link to Original Source
top

Australian Govt re-kindles office file format war Australian Govt re-kindles of

rdnetto rdnetto writes  |  more than 2 years ago

rdnetto (955205) writes "The Australian Government’s peak IT strategy group has issued a cautious updated appraisal of currently available office productivity suite file formats, in what appears to be an attempt to more fully explain its thinking about the merits of open standards such as OpenDocument versus more proprietary file formats promulgated by vendors like Microsoft.
Though a move away from a clear pro-Microsoft stance, a clear bias towards them remains present."

Link to Original Source
top

AI Releases Linux-based Hybrid Netboot/Tablet/MID

rdnetto rdnetto writes  |  more than 3 years ago

rdnetto (955205) writes "After 6 months of delays, AlwaysInnovating has released their newest device, a netbook with a touchscreen and detachable wireless keyboard. The screen also houses a secondary screen that can be removed and used as a mobile internet device. The device uses the TI Cortex A8, has 768 MB of RAM, and 19.5 Ah of batteries."
Link to Original Source
top

Software is Licensed, Not Sold

rdnetto rdnetto writes  |  more than 3 years ago

rdnetto (955205) writes "In a major blow to user rights, the Ninth Circuit Court of Appeals has issued a decision that will go a long way toward ensuring that software buyers will rarely be software owners.
In a triumph of legal formalism over reality, the Court held that the copyright’s first sale doctrine – the law that allows you to resell books and that protects libraries and archives from claims of copyright infringement – doesn’t apply to software (and possibly DVDs, CDs and other “licensed” content) as long as the vendor saddles the transfer with enough restrictions to transform what the buyer may think is sale into a mere license."

Link to Original Source
top

EFF Wins New DMCA Exceptions

rdnetto rdnetto writes  |  more than 3 years ago

rdnetto (955205) writes "The Electronic Frontier Foundation (EFF) won three critical exemptions to the Digital Millennium Copyright Act (DMCA) anticircumvention provisions today, carving out new legal protections for consumers who modify their cell phones and artists who remix videos — people who, until now, could have been sued for their non-infringing or fair use activities."
Link to Original Source
top

Pirate Party to Run Pirate Bay from Parliament

rdnetto rdnetto writes  |  more than 3 years ago

rdnetto (955205) writes "After their former hosting provider received an injunction telling it to stop providing bandwidth to The Pirate Bay, the worlds most resilient BitTorrent site switched to a new ISP. That host, the Swedish Pirate Party, made a stand on principle. Now they aim to take things further by running the site from inside the Swedish Parliament.

The party has announced today that they intend to use part of the Swedish Constitution to further these goals, specifically Parliamentary Immunity from prosecution or lawsuit for things done as part of their political mandate. They intend to push the non-commercial sharing part of their manifesto, by running The Pirate Bay from ‘inside’ the Parliament, by Members of Parliament."

Link to Original Source
top

POLL: Which continent do you live in?

rdnetto rdnetto writes  |  more than 3 years ago

rdnetto (955205) writes "POLL: Which continent do you live in?
        North America
        South America
        Antarctica
        Africa
        Europe
        Asia
        Australia
        I don't live on Earth, you insensitive clod!"
top

Pirate Bay Judge Accused of Bias

rdnetto rdnetto writes  |  more than 4 years ago

rdnetto (955205) writes "One of the biggest cases in file-sharing history ended last week with The Pirate Bay Four sentenced to huge fines and jail time. Today it is revealed that far from being impartial, the judge in the case is a member of pro-copyright lobby groups — along with Henrik Pontén, Monique Wadsted and Peter Danowsky. There are loud calls for a retrial.
http://torrentfreak.com/pirate-bay-lawyer-is-biased-calls-for-a-retrial-090423/"
top

Part of Copyright Act Ruled Unconstitutional

rdnetto rdnetto writes  |  about 5 years ago

rdnetto (955205) writes "From http://techdirt.com/articles/20090403/1619494384.shtml:
A year and a half ago, we were quite surprised when the 10th Circuit Court of Appeals actually sided with Larry Lessig, concerning how a part of copyright law that pulled foreign works out of the public domain was potentially unconstitutional. This was in the "Golan case," the third of three big copyright cases Lessig had championed. The appeals court had sent the case back to the lower court, and that lower court has now decided that, indeed, a trade agreement (URAA) that pulled foreign content out of the public domain is unconstitutional as it violates the First Amendment. While it may seem narrowly focused, this is the first case that has successfully challenged a part of copyright law as being unconstitutional. The ruling will almost certainly be appealed, so it's not over yet — but it's still a rare and important win for those who are fighting to keep copyright law from destroying the public domain."

Journals

rdnetto has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...