Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:So close, so far (Score 1) 561

by FireFury03 (#48432141) Attached to: "Barbie: I Can Be a Computer Engineer" Pulled From Amazon

Well, it is pretty much like real life, but I'm not sure we want to be teaching kids "this is the crap you can expect fom life" rather than inspiring them to do more.

I did take a slight exception to this though:

But Steven and Brian are also everything frustrating about the tech industry. Steven and Brian represent the tech industry assumption that only men make meaningful contributions.

As far as I can tell from the story, Steven and Brian did nothing wrong at all - clueless Barbie fucks things up and then asks them to fix it, which they do. This bit of the story would probably be pretty similar if you replace Barbie with any clueless person (male or female) who's just infected a bunch of computers with a virus. What were they supposed to do in this situation?

Comment: Re:Opposition is from a small elite (Score 1) 550

An elite crowd trying to force on everyone else what they think is the right way? Thats one of the many reasons people are against systemd!

The maintainers (you call them "an elite crowd") of some distros have made the decision to use systemd because they think that's the right thing to do - someone has to make the decision, and if not the maintainers, who? Or would you prefer that the maintainers decide to do something that they think isn't right?

No one is forcing anyone to use systemd - the source is there for anyone to use as they see fit; Some distros have decided that systemd is the right way to go, some have decided to use other inits, you can either choose the distro (from a wide selection) that suits your purposes the most, or you can even make your own, no one is forcing you to use one particular distro.

Note: I don't really have any opinions about systemd, I currently use Fedora and it seems to work ok, but if I have problems then I can switch distros.

One thing I don't understand is how in the hell it is considered ok to have this in Debian STABLE? Maybe, in Fedora or OpenSuse but Debian stable???!

Why not Debian Stable? Red Hat Enterprise Linux uses systemd, so it must be good enough for enterprise use, so why it it not good enough for Debian Stable?

Comment: Re:Not resigning from Debian (Score 1) 550

"systemd does the right thing by stopping normal boot and just boot into a safe, minimal shell. A quick glace in the log file (journal) will instantly tell you (using red letters for emphasis) that fstab is broken in such and such a way. A quick edit with Vim can then solve the problem." - did you miss these lines in his comment? Just how "far" is "far enough" ?

Well that would depend... If its your desktop machine then popping a shell on the screen would probably work(*). If it's a headless networked device then you're going to need the NICs brought up and sshd started.

(*) This isn't especially user friendly though... how about firing X up and having a nice GUI thing to fix the problem?

Comment: Re:Not resigning from Debian (Score 2) 550

This kind of tight coupling is unheard of in Linux history.

Not true at all - stuff has been tightly coupled plenty of times in the past. Lots of stuff is very tightly coupled with udev these days, for example. And whilst I will agree that tight coupling is bad, its sometimes hard to see how it could be avoided.

Comment: Re:Not resigning from Debian (Score 1) 550

The use of System V init allowed Linux to be comfortablef for UNIX admins looking for a less expensive or more widely installable solution, and the end of the use of System V init means that Linux is starting to head away from the UNIX operating systems.

Linux has been heading away from Unix systems for a long time. As a long-time Linux user, on the odd occasion that I have to deal with the likes of Solaris I find it feels *very* backwards by comparison... It's almost like going back to the 1980s...

Comment: Re:How systemd became Debian's default init system (Score 2) 550

What if it was someone attacking your sshd and making it crash when it failed?

    By automatically restarting it, you just allow the attacker to continue trying to exploit it.

    By automatically restarting it, you don't solve the issue that makes it crashing.

    By automatically restarting it, you, most of the time, don't even see it restarted, so really not giving you any way to solve the real problem.

It's not that I don't find process monitoring interesting, it's just that automatically restarting can bring more problems than it solves.

As with any service, the "correct" action upon a crash is probably dependent on what the machine is actually supposed to be doing. Take for example, a dedicated web server - having Apache do down when under attack and not attempt to recover would be bad since the attacker will have successfully caused a denial of service with very little effort. Compare to a private telephone exchange, for example, which is running a web server purely for management purposes - a crashed web server is not a disaster, the whole thing keeps doing its primary job without it, so automatically restarting the crashed web service _may_ not be the best plan.

So I guess the answer here is "it depends" and therefore the administrator should be able to choose either option, so selecting an init system that doesn't support one of the options would be bad.

In the case of sshd, since it is potentially the only way to safely fix a broken server, allowing it to die permanently seems like a bad option to me. A better option would probably be to restart it and firewall off all but a few "safe" IP addresses. That way the administrator can still access the server from one of those IPs and the attacker can't cause any more damage.

A well behaving daemon shouldn't be restarted (except maybe for rereading config files), it should start and stay that way. If it crashes randomly, then you might try to find the bug.

Whilst I agree that you should fix a crashy service rather than restarting it each time it breaks, there are nver the less reasons why you may want to auto-restart the service:
  - In the real world, you can't just shut down a service until a bug has been fixed; you need to continue running it as best you can while the problem is being looked into and fixed. So a stop-gap measure may be necessary.
  - Whilst you may believe some software to be bug-free, this may not be the case, and in some cases it would be disasterous to discover that thre is a bug by finding a service permanently go down. Far better to restart it and log the error.
  - Bits _do_ occasionally get flipped in memory or registers, so software may well occasionally crash through no fault of its own. It is reasonable to have something in place to mitigate this should it ever happen.
So yes, I agree, if a service is crashing all the time then it needs to be fixed, but that doesn't mean that you should abandon all possibility of recovering from an unexpected crash.

Comment: Re:Comcast tried to steal $50 from me (Score 1) 223

by FireFury03 (#48378581) Attached to: Overbilled Customer Sues Time Warner Cable For False Advertising

Comcast offered a $50 cash card if we signed up for internet service with them. We signed up in May, and the card never came. We called and they denied that they ever offered the card. A few more calls later, they agreed that they offered it and said they would send it. It never came. Last month, five months, a final call was made and the card arrived.

Clearly they have a strategy of screwing customers, either through intentional scripting or extreme negligence.

Not just telecomms companies - I'm currently being screwed over by Npower. I was a customer for 18 months, during that time I got a single correct bill and had to spend hours chasing them to get the others corrected. My original contract gave me a discount on the billing anniversary (January) - they never credited the discount, so I raised a dispute in January and they agreed to credit it. Except it never got credited. In the summer I left them as a customer, filed a complaint (about the shiteness of their service and about the unpaid discount) and refused to pay the final bill as it was incorrect. They responded to my dispute, replying to my complaint about the poor service but ignoring my points about the incorrect bill. I re-raised the complaint and got an automated "we'll respond in under 10 days" reply - never got an actual response so I followed it up 10 days later, again no response. The billing department are now threatening to take out a court summons against me for the unpaid (incorrect) bill. The billing department say they can't do anything about the disputed bill or the threatened court action and that I will need to raise a complaint with the complaints department, completely ignoring the fact that I've already tried to raise a complaint several times and the complaints department won't respond.

So now I've sent 50MB of paperwork and telephone recordings to the regulator in the hope that they can beat some sense into Npower before I have to waste yet more time defending myself in court.

I'm left wondering if this is actually incompetence, or if their corporate policy is to conveniently "forget" to pay discounts that were promised a year ago in the hope that most people won't notice.

Comment: Re:Real-time market approach (Score 4, Interesting) 488

by FireFury03 (#48366969) Attached to: Denmark Faces a Tricky Transition To 100 Percent Renewable Energy

It's somewhat like buying a last minute airline ticket. If people were unwilling to pay more for a last minute ticket, all tickets would cost more (fine) but it would be impossible (because the airlines would price tickets to insure every seat was sold - or oversold - many hours before wheels up to minimize the risk of a single empty seat) to get a ticket on a commercial airliner to get to mom's bedside 1500 miles away before she expires.

Airline tickets are an interesting one; and other products that have a relatively inflexible supply - i.e. the costs of flying the plane are basically the same whether or not that seat is sold, and similarly you can't sell more seats than you have, so the supply is inflexible. There are two opposing forces at work here:
1. The airline wants to ensure that every seat is sold, since filling a seat at the last minute increases profit, even if it is sold for below cost (the plane is flying anyway, the costs can't be avoided, selling the seat rather than flying with it empty is beneficial no matter how cheaply you sell it). This is going to tend to push the prices down for "last minute" sales as the airline tries to attract sales.
2. The passengers that need to get somewhere at short notice are willing to pay a premium. This is going to push the "last minute" prices up as the airlines cash in on this willingness to pay over the odds.

Figuring out which of these forces wins is certainly a non-trivial exercise.

By increasing prices when demand approaches the absolute maximum supply, consumers will reduce demand quickly (good, since supply can't be increased quickly). When power gets expensive enough, they will shut off rooms, wear more sweaters, turn lights off, instead of cooking a fancy dinner they will nuke something in the microwave and use disposable utensils (or, just wait to wash them until the next day), they will sit around in a single room and talk instead of playing on their computer or watching TV in individual rooms. Demand is extremely elastic, supply is inelastic at the top end. In extreme cases, they will shutdown their entire house (using winter shutdown procedures as needed) and gather in friends and neighbor's houses (perhaps, splitting the cost of the very expensive power during those times).

I think expecting people to monitor electricity prices on a minute by minute basis and change what they are doing _now_ is (largely) not realistic - virtually no one is going to look at the electricity price before deciding to put the TV on, for example. What is realistic is getting people into a routine - if people know that it's always cheaper for them to put the dish washer / washing machine / whatever on over night, then a reasonable proportion of them will probably choose to do so. In fact we've had this in the UK for decades - you can subscribe to an "Economy 7" tariff, which gives you more expensive than normal power during the day and then 7 hours of cheap power each night. Unfortunately the "more expensive than normal during the day" bit tends to make it an unrealistic tariff for anyone who doesn't use electric storage heaters.

I can, however, see a possibility for automated algorithms deciding when to use power - e.g. telling the dishwasher "automatically do the washing up when it'll be cheapest" and having it sit there monitoring the instantaneous electricity prices and automatically doing the right thing. Or loading the washing machine with instructions like "this washing needs to be done some time in the next 3 days, do it when the power is cheapest". This is essentially the same as having computers doing stock-market trading. The interesting bit will be when many people have the same device and they all decide the power is cheapest at the same time, causing a surge in demand and raising the prices.

Comment: Re:There can be no defense of this. (Score 2) 184

by FireFury03 (#48333197) Attached to: British Spies Are Free To Target Lawyers and Journalists

I'm conflicted. On the one hand my initial response was like yours. Yet on the other I don't see why, if you were trying to stop a serious threat, spies shouldn't be able to monitor these communications in principle, with some clear restrictions:

Firstly we have the perennial problem that the security services are allowed to spy on anyone with very little oversight. If they want to spy on someone they should be required to get a court order, and that court order should be made public so that everyone can see what they are doing. If the court order cannot be immediately made public for legitimate security reasons then it should be made public as soon as possible (i.e. certainly within a year, preferably sooner). Furthermore, information gathering should not start until that court order is issued - i.e. there should be no requirement for ISPs/telcos to log and retain traffic "just in case" it is needed at a later date.

So given that we already have this problem, further extending the powers of the seucrity services seems like a bad plan.

Futhermore, this stuff is always justified as "to stop a serious threat", and yet there seems to be very little evidence that there are lots of "serious threats" that need stopping. And as always, this stuff is always spun as "to stop the criminals" and attention is diverted from the fact that not everyone who uses a lawyer is a criminal.

1/ If the information gathered by spying was specifically barred from being used in court

Even if you can't use the evidence in court, it can be used to influence a court case, either by directing a line of questioning, or helping with parallel construction of evidence.

2/ If additional authority had to be granted by the judiciary for the act

3/ If there were clear checks and balances in place to deal with abuse.

Except these things clearly aren't happening, or even intended to happen.

The whole point of communications with your lawyer being privalidged is that you can have a completely frank discussion with them in order to prepare your defense. This cannot happen if you are constantly having to avoid incriminating yourself - one of the reasons for getting a lawyer is that they can tell you when to stop talking to avoid that, so if you can't discuss this with them then that seriously harms your defense. If the authorities believe that there is no merit in allowing private legal discussions then this should be true on both sides - the prosecution should be required to make all their discussions public too. As it stands, the laws are very one-sided and stack the deck against anyone the authorities decide to attack, guilty or not.

Comment: Re:Well... no. (Score 1) 126

by FireFury03 (#48309011) Attached to: Flaw in New Visa Cards Would Let Hackers Steal $1M Per Card

It seems impractical because the transaction takes about a second at best

Not true - I can't find the link at the moment, but the London Underground has been working with card issuers for a few years to ensure the cards are quick enough to be used to pay for journies during rush hour. ISTR they required transactions to complete in under about 300ms.

so someone would have to shove up against you and hold their reader against your pocket for the full second to make it work.

Not uncommon in a crowded place. The article suggested performing the attack at an airport since foreign currency transactions would not be unusual - if you've ever waited in line while going through airport security you'd realise that an attacker would have ample opportunity to stand right next to you for many seconds if not minutes.

That is assuming you only have one NFC card in your wallet, otherwise interference as multiple cards try to respond will scupper the attack anyway.

Untrue. The protocol allows the card reader to enumerate multiple cards at the same time, select which to talk to and to freely switch between them. Multiple cards are not an issue here.

Comment: Re:Correction (Score 3, Informative) 73

by FireFury03 (#48239671) Attached to: First Commercial Mission To the Moon Launched From China

Really? Considering normal moon missions need a significant boost to get to the moon, how did a commercial satellite do that?

Inclination changes are really expensive. By comparison, a Hohmann transfer orbit to the moon and back can be cheaper and can use the moon's gravity to change inclination. The Apollo missions used a free-return trajectory rather than Hohmann transfer orbit since they needed to get to the moon quickly (don't want a bunch of astronauts spending a few months in deep space), which is why they needed significantly more delta-V. Its worth noting that a commercial satellite generally has a significant amount of station keeping fuel since its expected to stay in service for many years - sacrificing a few years of service is reasonable if the alternative is to completely abandon the satellite because its in the wrong orbit.

I think in the incident in question, someone (Lockheed?) ended up patenting the manouver...

Comment: It's possible to beat good testing... (Score 1) 169

by Sits (#48234295) Attached to: Tetris Is Hard To Test

...but not without a price. If you can mathematically construct your program then you can prove that it is free from defects providing enough assumptions hold (the specification is correct, the tools used to build it are correct, the proof of correctness is correct, you had enough money/time/skill to do the process etc). For the time being, it's not possible to formally most programs that have already been written in mainstream languages so other techniques like testing will remain useful tools.

Comment: Re:You guessed it: It depends (Score 1) 224

by FireFury03 (#48184583) Attached to: Ask Slashdot: Handling Patented IP In a Job Interview?

I can't give anyone a non-GPL licence to this work, which is what they were demanding.

IANAL, but are you sure this is the case? I believe that in my country (Norway) at least, you're still the sole proprietor of your IP.

I am the owner of any code I sumbit to the Linux kernel, *but* it is also considered a "derived work" of the rest of the kernel (which means, legally, I'm not the *sole* owner) and therefore the GPL applies.

Did they want to gain exclusive rights to code you'd already published under the GPL?

The contract was non-specific on what code they were talking about - it was a blanket "you will give us a perpetual nonexclusive licence to do what we want with any IP in your ownership which you produced before, after or during your employment with us" (or words to that effect - I can't recall the exact wording).

I don't know how legal it was - as I mentioned, the company in question was already ignoring their TUPE obligations. However, legal or not, I saw no merit in signing it, so I didn't.

Does the GPL preclude that you grant, for instance, a BSD or Apache license for code which you wrote yourself?

The GPL doesn't prevent dual-licensing code for which you are the sole owner (i.e. you wrote it, or the copyright was assinged to you; and it is not derived from anyone else's code). This even extends to commercial licences - i.e. I can write some code and release it under GPL, at the same time as selling a paid-for licence with non-GPL terms to a few people. However, when you contribute code to an existing project, it is usually considered to be a "derived work" since it almost always makes use of existing parts of that project's code - therefore the writer of contributed code would seldom be considered the sole owner, so whatever licence it is released under would need to be fully compatible with the licence used on the rest of the project. This generally precludes dual-licencing code that has been contributed to a GPLed project.

Much like other copyrighted stuff like music - if you make a song that is derived directly from someone else's song then you can't just blindly release it yourself - generally to release a derived song you need to get a licence to do so from the owner of the original song.

Comment: Re:You guessed it: It depends (Score 1) 224

by FireFury03 (#48170923) Attached to: Ask Slashdot: Handling Patented IP In a Job Interview?

The obvious problem with that is that your past work may very well be someone else's property.

You may simply have no standing to grant a license to your past work.

Yes, one of the reasons I cited for refusing to sign it is that a lot of my past work is stuff like Linux kernel coding (which automatically inherits the GPL) - I can't give anyone a non-GPL licence to this work, which is what they were demanding.

But aside from that - if someone wants a licence to all the work I do over the entire course of my life outside of my employment with them, they can damned well pay me a salary for my entire life too! As far as I'm concerned, an employer is entitled to any work I do during my contracted working hours (usually 37.5 hours a week - 09:00 - 17:30, excluding lunch hour); if they want to claim ownership on anything I do in the other 130.5 hours a week then they are going to need to pay me 3.5 times as much for the same hourly rate.

FWIW, this was during a contract renegotiation after my department had been sold off - in theory the new owner needed to comply with TUPE legislation but they had issued a "sign the new contract or be fired" order (which is illegal). However, when I refused to sign, they did reword the contract to remove that clause, so I guess they were trying to do *something* to avoid getting sued.

If it's worth hacking on well, it's worth hacking on for money.