Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Choose Your Side On the Linux Divide

tzanger Re:My opinion on the matter. (826 comments)

I'm sure I'm feeding a troll now, your post seems intent on twisting things around in order to make your convoluted point.

The whole "under 1024 is safe" is generally regarded for connecting *to* ports under 1024, not receiving connections from them. Yes, some services (NFS in particular) want to trust incoming connections from 1024 but they're in the minority. The most common case is trusting a service listening on ports less than 1024 as being set up by the admin and not some random user. But you knew this.

You also know that if you've got admin access, you *are* root. This also is not news, but you seem to feel that I'm concerned that you can sudo from your own system and make it look like you're trustworthy on my network. If I was so inclined as to trust port numbers alone (and for the record, I don't trust incoming port numbers at all), you can bet I'd also be whitelisting IPs and MACs at the switch level (i.e. locking MACs to physical switch ports) and have alerting whenever a non-sanctioned connection was made.

That would be, however, a very special network topology and not something I'd personally admin. Nice straw man, though.

about 2 months ago
top

Choose Your Side On the Linux Divide

tzanger Re:My opinion on the matter. (826 comments)

Wait: ejabberd wants my http and https ports in addition to running jabber on 5222? no thanks. It sounds like ejabberd breaks the entire UNIX concept as well. Give me some CGIs to run through my own damn httpd instead of inventing another one and get on with the business of running jabberd.

I know you didn't write it, but jeez... why not include a telnetd or sshd in the binary as well?

about 2 months ago
top

Choose Your Side On the Linux Divide

tzanger Re:My opinion on the matter. (826 comments)

I'm not sure what you're trying to prove here. sudo won't let you run anything it's not configured to let your user or group run. If you're allowed to sudo as a non-admin user then either your system or your admin is broken. It's not "cargo cult" security at all.

about 2 months ago
top

Choose Your Side On the Linux Divide

tzanger Re:My opinion on the matter. (826 comments)

Why are you running a jabberd on a port other than 5222 (and specifically below 1024)?

about 2 months ago
top

Choose Your Side On the Linux Divide

tzanger Re: My opinion on the matter. (826 comments)

No, I'm serious, ask "why does this have to be the way it is" other than inertia? The age of booting a tiny root disk and attaching /usr from a network are long, long gone.

No, no they're not.

Thin clients and network booting are still very much alive and well. Test systems are largely virtualized now, but network booting still has its place in homogenous networks or office/classroom settings where you want a unified filesystem layout. A common /usr is an easy way to do this.

I don't know much about systemd at all, but I do recognize how bad an idea it is to make such huge changes quickly and without much apparent thought at being able to continue to do the things that could have easily been done before.

about 2 months ago
top

Ask Slashdot: Professional Journaling/Notes Software?

tzanger Re:Redmine (170 comments)

I've set up my entire business around Redmine. There are some pretty impressive plugins to handle blogs, CMS, CRM and even a WYSIWIG editor to help "normal" people format tables, lists and text but who would normally be put off by trying to learn Textile. SCM and issue tracking is integrated, there are time trackers and forums, GANTT charting... it's a great resource.

Best of all, it's database agnostic and open-source.

about 5 months ago
top

OpenOffice: Worth $21 Million Per Day, If It Were Microsoft Office

tzanger Re:potentially worth... (361 comments)

Microsoft Office may be a lot of things, but comparing it to LibreOffice/OpenOffice and calling MS Office crap in comparison is ridiculous. I actually ended up buying MS Office (for my mac) because Open/LibreOffice is so shit. I've tried to love it for a long, long time, but it's slow, it's bloated, it's buggy as hell and I just got tired of trying to overlook its blemishes.

MS Office's blemishes are much more bearable, in my opinion. The price isn't cheap but not having to screw around and waste my time is worth something, too.

about a year and a half ago
top

Github Kills Search After Hundreds of Private Keys Exposed

tzanger Re:This is why developers are not sysadmins (176 comments)

There's absolutely nothing wrong with that. My question is why they're storing their home dir on a *public* git repo...

about a year and a half ago
top

Thousands of SCADA Devices Discovered On the Open Internet

tzanger Re:Security by stupidity? (141 comments)

I've lived in the industrial controls world for quite a while before striking it out on my own... "real-time global data reporting" doesn't require a world-accessible control interface, or even an open internet connection. It's much simpler than you're making it out to be. Hell a basic VPN connection back to HQ that puts the remote sites on the corp LAN (where all the data aggregation can take place and be accessed for "dashboards" and whatnot) would be a major step up.

about 2 years ago
top

Activists' Drone Shot Out of the Sky For Fourth Time

tzanger Re:Over private property? (733 comments)

I believe the closer imagery is from aircraft, not satellites.

about 2 years ago
top

Black Sheep Blackberry Blackballed By Business

tzanger Re:What about the iPhone... (349 comments)

There is also ZERO LAG for pressing the software button for answering the phone. You should have bought a faster device I guess.

I've owned a 3G, 3GS and 4; wife has a 4S. There is absolutely lag in the soft answer button from time to time. I am not sure what background task is causing it, and while it's true that it's nonexistent on a factory-fresh, no-apps-installed phone, that's not a realistic use case.

about 2 years ago
top

Ubuntu 12.10 Quantal Quetzal Out Now; Raring Ringtail In the Works

tzanger Re:lamest name ever (318 comments)

Please just install Ubuntu 12.04. If you're a developer or power user, you'll like it.

Ubuntu in 12.04? No thanks. The last Ubuntu I took seriously was 11.04, and if I recall I started using Ubuntu in the 7.x or 8.x release cycle. I still have a couple of those 11.04 systems going. The rest have gone to Debian+XFCE. It seems with every new release of Ubuntu takes their desktop one step closer to a Fischer-Price toy, and I just got sick of it.

Yes, I can install Xubuntu (I was actually running Kubuntu for a number of releases until I finally gave up on KDE doing something serious about being a stable and well-connected desktop, and I've been a KDE fan since the early 3.x releases). Yes, I can tweak the shit out of everything and reclaim some sanity. Instead, I just install Debian and put up with some of its idiosyncrasies. At least I have a system that is constantly making me want to throw the keyboard through the screen.

I moved from Slackware (0.9something to 12) to Ubuntu, and now to Debian. Ubuntu was great; it was really, really great. I don't feel that way anymore. They seem to be chasing buzz and trying to out-slick everyone instead of focusing on a usable and useful desktop experience.

about 2 years ago
top

Ask Slashdot: Best Approach To Reenergize an Old Programmer?

tzanger Re:Embedded + Hardware + Math (360 comments)

No, I'm sorry. Horrowitz' "Art of Electronics" is *NOT* the best book. It's a big book, I'll grant you that, but it's actually pretty difficult to get started with such a book unless you are good at learning from textbooks. I sure as hell am not. It's far from practical.

It may sound like I'm being a little bit of an ass, but seriously... Forrest M Mims' "Getting Started in Electronics" followed with all of his Engineer's Mini Notebooks are an excellent resource. After that grab anything you can by Robert Grossblatt. Use AoE for a reference but not for a learning guide. the electronics.stackexchange.com site isn't too bad, either.

about 2 years ago
top

Ask Slashdot: Best Approach To Reenergize an Old Programmer?

tzanger Re:Are there really Python jobs? (360 comments)

You don't learn a language -- any language -- in 3 days. He may have started doing some neat things with it in three days, I don't doubt that... but learned it? No.

about 2 years ago
top

Ask Slashdot: Best Approach To Reenergize an Old Programmer?

tzanger Re:Modern Stack (360 comments)

It's also great for one-man shops. I love the fact that I have the entire repo on my laptop when I'm at an airport or stuck somewhere with shitty/no internet access. You can queue up all your commits, branch, merge, do whatever you need and push it back out when you're done.

You could do the same if you used a local cvs/svn/whatever server but it's not nearly as good when you have to start sharing code with the customer or with a larger team.

about 2 years ago
top

TextMate 2 Released As Open Source

tzanger Re:unexpected (193 comments)

Nah. I'm an old KDE guy who's moved on (xfce on linux, osx for my main computer now). I *loved* Kate. It was a perfect little editor for when I didn't want to be in vim.

more than 2 years ago
top

MSL Landing Timeline: What To Expect Tonight

tzanger Re:Not for any definition of "real time" that I kn (140 comments)

I agree; there is a massive opportunity here to capitalize on the synergy of Martian Control and lolcats. I sense an RSS feed in the making.

more than 2 years ago
top

Being Honest In Exit Interviews Is Pointless

tzanger Re:Easier headline... (550 comments)

I don't think that you realize who's paying HR's check. Hint: it ain't you.

HR is there to make sure the company is not open to lawsuits, and to make you feel like you're being heard. They *do* raise the issues you bring to them to management, but that's nothing you can't do on your own. HR is certainly NOT on your side. I'm not sure where you got such a naive idea.

more than 2 years ago
top

What's To Love About C?

tzanger Re:because - (793 comments)

It'd be a wonderful language that does prevent all of these things without sacrificing the ability to do something because you do in fact know better than the compiler. I disagree with you about relying on compiler warnings. Use -Werror and get used to it. Use a lint utility and develop good coding habits. It's not impossible to write solid code in C, and it's not (much) harder to do than in other languages, either. With the exception of ambiguous statements which I agree with you on, -Werror takes care of a lot of the "duh" problems, and decent code reviews take care of stupid logic, which is a problem in any language.

more than 2 years ago
top

What's To Love About C?

tzanger Re:Good habits (793 comments)

Problem is the diligence that is required. A C developer is a really good coder when they do their work in an other language. However for large projects, C doesn't make too much sense, because you need to expect your developers to be on their A Game in the course of the project. A developer is porting their proof of concept code into production, right near lunch time, and he is starving, and some of the other guys are waiting on him to finish up, because they are starving too, might mean some code got copied in, and put into the production set, without full though. Because the Proof of Concept code worked, it may pass many layers of Quality Check (and we all know most software development firms have very poor QA teams) Once it leaves and goes to the customer, it could be wide open to a security problem.

What you wrote has absolutely nothing to do with C and everything to do with human beings. If your code is not going through a review process where you have a team go through a module at a time, preferably over beer and pizza... you're already creating this problem. Diligence is required in any language, and I'd argue for any profession.

more than 2 years ago

Submissions

tzanger hasn't submitted any stories.

Journals

tzanger has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?