Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Buggy Whip (Score 3, Insightful) 119

by Antique Geekmeister (#49333017) Attached to: GNU Nano Gets New Stable Release

The tiny editors do have their uses. They tend _not_ to require dozens of unrelated and bulky graphical packages to support them, the failure of any of which can disable the graphical editor. And they work well over poor bandwidth connections to remote servers, and even work well on overburdened, very lightweight virtualization servers for software routers or proxies.

So making them work really well can save work time and be very appreciated by people doing critical work with very real constraints.

Comment: Re:I fail to see how this is a bad thing (Score 1) 213

>> Knowing the physics of trebuchets offers no further insight into history.

>False, you're now missing the entire point of topical subjects, the core of what the whole thing is about!

The premise is also confused. The physics of weaponry provides _massive_ insight into history, warfare, and economics. The range of a trebuchet, and its cost to make, and necessary manpower to use, affects military planning quite critically in ways that translate well to modern project planning and modern warfare.

Comment: Re:The problem is the fuzz, not the swatters (Score 1) 568

Like bust and boom economic cycles, it happens at least once in every political generation. The most radical of the hippies were a target of police abuse and harassment in my youth: Communists and socialists were harassed in the McCarthy era, and the Japanese-Americans were put in American concentration camps during WW II. So police used to control perceived native, political threats is not a new problem: the recent "war on terror" is merely the latest instance of the understandable, but dangerous, desire to turn police from public servants to the enforcers of martial law.

Comment: Re:Define "Threatened" and "Unwelcome" (Score 1) 759

They said the TA's were mostly women, not the students. That's not that unusual: certainly when I attended college some decades back, women in computer science tended to be both poorer, and more driven to achieve, than the average male student. The result was a filtering that made the remaining women in the course notably more skilled, and less likely to be incredibly arrogant and abrasive, than their male peers.

Comment: Re:Schneier got it right a decade and a half ago (Score 1) 119

It's also aggravated by the "install the latest software, and build components, from arbitrary 3rd party repositories". I'm afraid that I just a long discussion with some Java developers who were accustomed to building their software on their desktops, pulling in arbitrary, unknown versions of components and their dependencies, and and using the resulting components to build the next round. .I'm afraid it's reminding me, forcibly, of Perl developers saying "just use cpan build!", and ruby developers saying "just install the gem".

If you don't pay attention to the components of your build environment, your qa environment, and your production environment, your testing cannot be reliable. That can be a very hard policy to teach, and to enforce.

Comment: Re:Schneier got it right a decade and a half ago (Score 1) 119

Unfortunately, unicode is now woven into various Java string handling and database interactions, and it is far too complex to test all the possible input and storage scenaries. I've also noticed a strong tendency among current QA engineers to test only the new feature, and to avoid testing old components interacting with new features without _amazing_ pushback from their managers who want to keep testing costs very small. The result is a fairly predictable string of failure modes, and of production failures, that can be avoided by discarding such expensive, complicating software features as Unicode.

Comment: Re:Where's the beef? (Score 1) 197

by Antique Geekmeister (#49299809) Attached to: NZ Customs Wants Power To Require Passwords

Or an invading foreign government can pull you out of your home and invent a new type of human called an "enemy combatant" and pretend that existing laws from both countries, , and international treaties and the US Code of Military Justice do not apply to them. It's difficult to tell the last estimate I saw said there are still more than 100 prisoners at Guantanamo Bay.

Let's be very clear that many governments, including that of the US, pick and choose what rules to follow for some quite inconsistent and quite dangerous reasons.

Comment: SSL is best for encryption, not authentication (Score 1) 29

by Antique Geekmeister (#49290501) Attached to: Microsoft Blacklists Fake Finnish Certificate

Let us be clear: SSL hs been demonstrated as vulnerable to top-down attacks, to signature authorities failing to protect or being willing to abuse their signature authorities. The classic example was DigiNotar, but there have certainly been other fake certificates published. If you combine this with the number of hosted web proxies and poorly managed websites with poorly protected wildcard SSL certificates on them, it's not safe to place too much trust in SSL certificates as a form of signature authority. It's too difficult to trace the "path of trust" for a certificate to have full confidence in it, especially with such carelessness in the market place.

So let's be aware that SSL is helpful against casual monitoring. But the certificates should not be considered sufficient for critical data: a separate verification channel, such as GPG signatures or checksum verifications presented on a different information channel, should be used for verification of the content of the most sensitive data, Even modest encryption practices such as "zip" encrypting a file and sending the key _separately_ can help protect data from casual man-in-the-middle attacks: I've found GPG to be more technologically robust with a very useful chain-of-trust model, but it's not well enough integrated for many of my non-technical clients to use well.

Comment: Re:Yes he's right (Score 1) 214

by Antique Geekmeister (#49282433) Attached to: The GNU Manifesto Turns Thirty

> He also pulls no punches when it comes to saying uncomfortable unpleasant things.

This is certainly true. I've met the man at a conference, and mentioned my attempts to bring client's and partner's work into the published, ideally free software and open source where necessary world. He considered my and their work with "software as a service" to be immoral, because all the software should be directly in their hands. We didn't have time to discuss it longer, nor to discuss the inability of most home users to maintain a robust or secure database.

I have to admire his effective technology and political leadership, even while I find myself fervently wishing that he would bathe more often.

Comment: Re:Not just for government. (Score 1) 155

> There's virtually no excuse to be running a website without SSL.

SSL key authentication for distant sites taking many small transactions is expensive, slows the transmissionf of the critical information, and actually presents an electricity and cooling cost on both ends. For content that is GPG signed separately, such as a bulk webiste mirroring thousands of software packages and update packages, it can be quite burdensome.

"What is wanted is not the will to believe, but the will to find out, which is the exact opposite." -- Bertrand Russell, _Sceptical_Essays_, 1928