Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Ask Slashdot: Unattended Maintenance Windows?

upuv Re:Puppet. (265 comments)

This pattern only works for single nodes.

if you have a complex infrastructure you can't rely on this pattern alone.

about two weeks ago

Ask Slashdot: Unattended Maintenance Windows?

upuv Re:Puppet. (265 comments)

Puppet is not orchestration. This problem is an orchestration problem. A very simple one but still orchestration.

Puppet is declarative which can mean it has no order to events. Most people make use of some screwball dependency chain in puppet giving the illusion of orchestration.

Use something Ansible if you want to orchestrate a change

about two weeks ago

GoDaddy Files For $100 Million IPO

upuv Go-Daddy Bottom Feeder (110 comments)

This company has been a lowbrow bottom feeder since the beginning.

At first glance the pricing looks OK. But soon you realize you are fenced in. You find out your domain is held hostage by lack of features. Features that are ransomed off.

Buying Go-Daddy is purely a speculative exercise that is not backed by history or sane projections.

about a month and a half ago

Perl 5.20 Released, and Mojolicious 5.0: the Very Modern Perl Web Framework

upuv Post Fix dereferencing about time. (126 comments)

I was very active back in the early days of 5.0 development. I fought for this and lost.

I always struggled with the non-nonsensical @{} ${} ..... style. It was difficult to mentally process. Long chains of dereferencing would be especially complicated.

I'm very pleased to see this finally make it in.

about 2 months ago

Cisco Complains To Obama About NSA Adding Spyware To Routers

upuv Re:Hypocritical (297 comments)

Can't help myself here. Using ridiculous reverse logic of a TV intelligence interrogator.

So you are admitting that you are aware of Chinese back doors that are not currently known about by legitimate parties?
Tell me what you know of these back doors.
And tell me how we can use them.

about 2 months ago

Cisco Complains To Obama About NSA Adding Spyware To Routers

upuv Re:Hypocritical (297 comments)

How do you think the NSA found the Chinese back doors?

Kinda of a duh moment don't you think?

about 2 months ago

Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

upuv Re:bleh. (350 comments)

And that just teaches the kid that there are no consequences. Dumb kids need to be punished. They need to be seen paying for the crime themselves. Their peers need to see that Jimmy in their class went to jail for a year because he was acting like a twit and caused some serious harm.

I also feel that the US would over penalize the kid.

about 3 months ago

Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

upuv Re:Good, but... (350 comments)

If it's something like a bomb threat of a hostage taking with weapons you don't really have much choice. It's clear the area ASAP.

People don't call in a SWAT saying. "I''m having bad day and I'm slowly filling my house with water till I drown." giving the Police ample time to make decisions.

about 3 months ago

Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

upuv Re:Autoimmune disorder... (350 comments)

911 is not only accessible via standard phone lines and cell/mobile phones. Location tech only has 3 basic methods of locating you. Generally only the first is ever used. Most often however the 911 operator asks, "Where are you right now?"
1. Land line billing / install address.
2. Mobile phone GPS location. First the police must have authority to activate GPS remotely. Second the phone needs to have GPS. Not all phones do.
    2.1 Kind of a third method. Cell tower location that the caller used. This takes a hideous amount of time to determine despite laws that say telcos must provide the capability. So generally not used. And this is horribly inaccurate.
3. Geo location of IP address of user. Horribly inaccurate and police forces around the world are very slow to use this tech. Also for example if you have a 3/4G phone your IP address is usually geolocated at the telco company headquarters. This is not generally used for 911 type locations.

Remember the operator only has a few seconds to establish your location during an incident call. They tend to only fall back on location tools when the caller is unable to provide the address them selves. So if the caller says they are at a location then generally that is the accepted location for the incident.

In many jurisdictions around North America and the world for that matter you can place an emergency call via any number of means. You can text, email, tweet skype, use a web form, etc. Note that most of the new forms of emergency notifications come over the internet. Since it is painfully simple these days to make it appear as if you are coming from basically any spot on the globe with internet communications a person can spoof their location with ease.

Note all of this does not mean they can't find the location of the caller. After the incident a wealth of information can be investigated and fairly precise locations can be determined. So don't take what I have said as a open ticket to SWAT. This case proves it's only a matter of time before you get nabbed.

about 3 months ago

China Using Troop of Trained Monkeys To Guard Air Base

upuv Re:180 nests gone, at 6 nests/monkey/day? really? (119 comments)

You forgot that from the total number of monkeys you must subtract those monkeys involved in:
Project Management

Once we do this it's clear that the actual number of Monkey's involved far exceeds those quoted. The Chinese are clearly fudging the numbers to make the project appear to be viable.

about 3 months ago

Not Just a Cleanup Any More: LibreSSL Project Announced

upuv Re:Please don't (360 comments)

SSL is the standard.
OpenSSL is an implementation
LibreSSL is an implementation

The standard isn't forked.

In this instance the standard mostly applies to the protocol. The on system interfaces will most likely mutate rather quickly. Most specifically at the user interaction level. The library interfaces will most likely remain steady.

This isn't a bad thing.

SSL and it's related crypto cousins is all about trust, but paradoxically Crypto people don't trust crypto people so there is very little trust out there. So really powerful things like personal / corporate certificate authorities just don't exist in practice. Imagine the power of a CA for personal certs. It would change authentication forever. Good bye 300 passwords. But since no two people can build two independent systems that truly trust each other there really is no hope for personal certificate authorities. Maybe this reboot of an SSL implementation can move us one step closer. Or even an inch/2.2cm.

about 3 months ago

Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

upuv Unfortunately it only takes one to abuse this. (177 comments)

This is laughably a bad idea.

This will be abused the instant it hits code. The temptation is too great. This will sink the adoption of http 2.0 and 1.1 will live for a far greater time.

With all of the news around man in the middle attacks I just can't believe this will be a feature.

This needs to be amended. I can see trusted chains, Where you would trust a chain from end to end, but just the proxy? With each node in the chain being able to cache.

about 5 months ago

Ask Slashdot: Should Developers Fix Bugs They Cause On Their Own Time?

upuv It's outline in the contract. (716 comments)

There are a few types of basic contract.

If you are full time employee.
- The employer pays for time and materials. No matter what the cause of the bug was the employer absorbs the costs of it's own mistakes.

If you are a contract employee on a Time and Materials contract.
- This is virtual the same as full time. The customer in this case pays for everything including bug repair.

If you on a contract to deliver a service or product.
- Well now the Contract owner is responsible for paying for all errors that fit with in the bounds of error as outlined in the contract.

There are a few variations on the above. Usually there are caps on all contracts to prevent excess expenditures. Things like T&M that can only reach X amount ever.

about 6 months ago

Linux 3.13 Released

upuv Re:configuration languages (141 comments)

A firewall in a sandbox?

Do you see the issue here?

Sandboxes are good for consuming applications. The firewall is not a consumer. It's a part of the command and control chain. It's a the heart of the system. Sandboxing the kernel is self defeating. As it's the kernel and everything spawns from it. So you can't really protect your child processes if your kernel is compromised.

about 6 months ago

Linux 3.13 Released

upuv Re:Just my luck... (141 comments)

I'm with you on that one. I have to re-teach myself iptables each time I have to setup a configuration.

about 6 months ago

Linux 3.13 Released

upuv Re:configuration languages (141 comments)

The problem is overheads and security.

Embedding a language at such a low level is very tricky. It has to be blinding fast and user very very little resources. python, perl, ruby are all great languages. but ill suited for the task of network management tasks. The RAM overheads are huge. This is why we are seeing a relatively constant evolution, change of embedded languages at these low levels. This is a game of resource management on the host system.

Just imagine if this host was a web server. With thousands of socket requests per second. How would Python manage to keep up with that. Without crushing the system under load even before the traffic was passed off to a process like Ngynx to handle. Python would be a performance nightmare at this level.

Another way to look at this is. What if you hammered the system with a DOS style attack. If each request had to go through a python execution stack you are basically making the system far more vulnerable to DOS than it ever was before.

Now lets look at topics around these highly extensible languages. Here you have a system that in part is supposed to improve security. But by adding in a language like python you are adding in a very extensible lnaguage at a very low level. A kernel level to be precise. So higher than root. The security implications are enormous. You are basically exposing the kernel to a far higher risk. This would be a hackers dream come true.

So there are reason for these language syntax choices. They must be managed very carefully.

about 6 months ago

Incandescent Bulbs Get a Reprieve

upuv There's a Incandescent bulb Lobby? (767 comments)

I really can't understand this Rider!

I just can't understand what there is to be gained from the Incandescent bulb lobby?

Republicans are very very odd. What can be gained from this?

about 6 months ago

James Gosling Grades Oracle's Handling of Sun's Tech

upuv Re:An F- for the handling of Solaris (223 comments)

I completely agree. Solaris "was" a great OS. With some very notable monster issues. Oracle has effectively killed Solaris. I simple can't use it anymore. The licensing costs of it and the software that runs on it are more than my total IT budget. Despite it's fantastic attributes I can no longer afford to put this in my Datacenter. With on demand virtualisation I can not afford to have to worry about things like. "Am I going to violate my license conditions if I spin up X more?"

I had an Oracle sale rep try to sell my that ridiculous Oracle stack in a box Exadata/logic. I was almost crying in laughter by the end of the sales presentation. 2/3 of the way through I stood up and wrote on the white board "Tell me how this isn't vendor lock in?". I called time at the 1 hour mark. I ended the meeting with the simple statement. Everything you have shown me is all about "vendor lock in" every word out of your mouths just re-enforced this concept. I had one question for you the entire meeting and you simple could not in any way respond to it.

So I priced everything I might need on Amazon. Using free and commercial AMI's with the odd vendor SW package tossed in. My first year spend was 1/25th of the Exadata discounted opening price. Nothing on the EC2 list had anything to do with Solaris. This is how you kill something. Make it financially ridiculous.

Issues with Solaris. That should have been addressed in the Oracle years.
- Package manager was brain dead. apt, yum are far better. ( Sorry Solaris 11 was too late. Too much legacy out there. )
- Patching made no sense. You have no idea what packages are patched with a patch. Patches were just binary disk vomit that spewed crud all over the system. Impossible in the real world to build any sort of verification around them. ( Sorry Solaris 11 was too late. Too much legacy out there. )
- Zones: Are a nightmare of security and privilege. I don't care what any says a zone is just a change root jail. Which means you will only every be as up-to-date as the host system. And it means you must be compatible and tested against the host system. Which is really no different than not having zones. Zones are a horrible horrible mess.
- No dependable only repository of packages that is robust or up to date. Far to much package hunting still required to locate software for solaris. Most packages are months to years behind there linux counterparts.
- Java performs better on x64 than Solaris/SPARC. This has boggled me for years. Only recent sparc architectures let java and other highly threaded applications stacks really perform well. Why do I even have to know about processor binding for processes?

about 6 months ago



Comcast bandwidth throttling, US vs Aus.

upuv upuv writes  |  more than 5 years ago

upuv (1201447) writes "Yet another chapter in the story of Comcast Throttling users.


Comcast is fighting back against what it calls excessive bandwidth users. The company confirmed that it has successfully deployed throttling technology to all its markets. Comcast claims that the technology is to help make everyone get the same experience and have equal opportunity to the bandwidth. ....

On top of this throttling technology Comcast has also placed a 250 GB monthly cap for all users. If you exceed the 250 GB monthly cap your account can be terminated and you can be banned for using the Comcast service for up to one year. ....

As an Australian I personally would love to be able to have a cap of 250Gig. Here we can typically only get at max 60Gig. ( Of course you can pay a fortune and get more ). I can't feel too bad for these customers. As the US bandwidth plans blow our plans down under away for value for your money.

Here is an example of the Plans we can get.

As you can see The Aussie plans suck in comparison to what we can get from even Comcast."



Virtual What the Who's it's?

upuv upuv writes  |  more than 5 years ago

I'm an IT professional for as long as the term IT professional has existed. I work in Enterprise. I work with Telcos, Banks, Entertainment the lot.

Can some one please fill me in on where the money is in virtual / cloud computing?

18 months ago if your project didn't have something VM it didn't see the light of day. I have yet to see a project that had a cloud component.

Now I'm making stupendous amounts of money de-constructing VM anything. Take the silly little app housed in a VM of flavor XYZ and replanting it on a native OS. Oh Gee Golly they run faster and more predictably. ( Sorry I don't take any work involving .net C# or anything MS. Yes I'm a bigot )

Seriously. Is the VM hype finally over? I bloody well hope so. It's as ill founded as Bush's economic policy.


Alien Life and it's mutual toxic effect

upuv upuv writes  |  more than 5 years ago

Just a random thought.

While looking at the stars tonight this came to mind.

If we were ever to encounter complex alien life does it not seem obvious that we would poison each other?

Given that we have evolve gradually or in spurts in order to improve our chance of generating future generations. Is it not natural to believe that we also evolve such that we are more resistant to threat by acquiring resistance and defense to threat? Such defenses would include those of a toxic nature. Since some of those defenses would also include a toxic component. For example we as humans have an immune system that aggressively attacks threat, thus toxic to the threat. Now our personal defenses would have evolved as a direct reaction to the threats presented to us over the eons. Thus the complexity of our defenses would both be quite elaborate and in it self aggressive. But at the same time would be a counter point to the other biology around us.

Now given an equally complex life form(s) had evolved in a completely alien environment. It equally is likely that these life forms would have evolved in a similar fashion. However most likely taking several evolutionary branches that our world did not or deemed evolutionary dead ends.

If those two complex biologies were to mix does it not seem likely that we would kill each other by simply coming into contact? Of course there would have to be sufficient amounts of each biology to result mutual death. An alien microbe has less of a chance of killing us in this manor as compared to a complex life form of such mass to be anywhere from mite size to elephant size. ( To pick two easy to relate to volumes. ) As the single microbe would have very little success against a comparative mountain of domestic biology attaching and consuming it.

To me this seems obvious at the moment.

If this proposition is true, then does it not seem likely the reason that we have not been contacted by alien life is that simply because our world is a big ball of plague? Thus why bother with taking to the sentient bags of salt water fresh from the primordial stew!


What will happen if Windows 7 Tanks as bad as Vista?

upuv upuv writes  |  more than 5 years ago

As it is clear to even the most remote Brazilian forest tribe Windows Vista is a public relations nightmare.

Will Windows 7 suffer the same fate?

Will Microsoft survive if Windows 7 results in a puppy skid mark on the carpet?


Why hasn't Firefox 3.0 been trashed in media?

upuv upuv writes  |  more than 5 years ago

Usually a highly public software release like Firefox 3.0 is trashed by someone somewhere.

With Firefox 3.0 I have seen very little bad press if any. Is Firefox 3.0 that good that it doesn't justify bad press?

I personally love it. Best software release of any product every. It works great on every platform I care about.

So is there any bad things about Firefox 3? Stuff that simply is wrong?

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account