Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Books (Score 1) 238

I can suggest two books.

"The World of Mathematics" is a four-volume set edited by James R. Newman. This might be somewhat dated, but it should still be relevant. Besides mathematical essays, the set also contains biographies of mathematicians and histories of mathematical concepts.

Any book by Martin Gardiner, who wrote the monthly "Mathematical Games" column for "Scientific American" magazine for 25 years. See and

While some of the contents of either recommendations might be beyond the understanding of your nephew, he will still understand some of each and find them interesting.

Comment It Depends on Why You Are Using Hash Codes (Score 3, Informative) 87

For use in encryption or for verifying that a file is authentic, SHA1 and MD5 should definitely be avoided.

When transmitting a file over a LAN, WAN, or the Internet, however, SHA1 and MD5 are still useful to ensure that the file has not been corrupted (e.g., packets lost). Also, those two hashes can be used to determine if two files in the same system are the same.

Comment Users Can Make Tracking Difficult (Score 2) 127

I use the Mozilla-based browser, SeaMonkey. Anyone using Firefox should also be able to do the following:

1. On my PC, I marked cookies.sqlite as read only. Web sites might think they are setting cookies, but those cookies disappear as soon as I terminate my browser. For sites where I want to keep cookies, I terminate my browser, change cookies.sqlite to read-write, start a new browser session, visit only the one site, use the Cookie Manager to delete unwanted cookies, terminate my browser, and change cookies.sqlite back to read-only.

2. I installed the AdBlock Plus extension for my browser. I do not use any of the subscription sets of filters. Instead, I create my own filters.

3. I installed the Secret Agent extension from for my browser. This sends ever-changing request headers when I request a Web page. Each time I request a new Web page or reload the current page, the Web server thinks I am a different user. This often makes Web sites respond as if I were in a different nation.

4. I occasionally capture the response headers when I request a Web page. If I see responses from unrelated domains, I check the Web site's privacy policy. I successfully made a bank and a credit union remove hidden responses to Facebook that violated their privacy policies. For the credit union, I had to file a formal complaint with their federal regulatory agency to get a satisfactory response.

5. I often use anti-malware applications to scan for tracking cookies, deleting any that are found.

Comment Clear Out Files You Do Not Want Exposed (Score 1) 324

1. Backup the data files to a single backup file.

  2. Encrypt the backup file using an OpenPGP application (e.g., PGP, Gnu Privacy Guard). Software should not have sensitive data so it does not need to be encrypted.

3. Upload the encrypted backup file to a cloud service whose servers are in a nation that will not respond to a police warrant from the nation whose police worry you.

4. Use a strong eraser application to erase the original files, the backup file, and the encrypted backup file on the laptop.

Comment Leap-Seconds Existed More Than 45 Years Ago (Score 5, Insightful) 291

Leap-seconds were properly handled in computer software before most of today's software engineers and programmers were born.

Back in 1969, I started working on a software system that already handled leap-seconds quite smoothly. At that time, keeping UTC aligned with the rotation of the earth involved introducing fractional seconds and also having UTC seconds NOT the same duration as atomic seconds (TAI). In 1972, this was simplified by having UTC seconds exactly the same duration as TAI seconds and (after an initial fractional leap) introducing only leaps that were full seconds. The software in the system on which I was working DID NOT HAVE TO CHANGE!!.

Internally, the system on which I was working -- which evolved and continued in use to operate military space satellites for over 20 years -- kept all time in TAI, which never has leap-seconds. A relatively small routine converted in either direction between UTC for displays and TAI for internal time. Another small routine converted from UTC to UT! to sidereal time, the latter more closely reflecting the rotation of the earth, which is gradually slowing and also has predictable periodic fluctuations. The purpose of all this was that we needed to know very accurately the spot on the rotating earth directly under the orbiting space satellite. The position of the satellite was known in TAI while the surface of the earth was rotating very closely to sidereal time.

Also note that the network time protocol (NTP) also accounts for leap-seconds and has done so for decades.

I can only conclude that the current attempt to do away with leap-seconds is a result of lazy software "professionals" trying to shift blame for their ignorance about leap-seconds.

Comment Re:Not for Windows? (Score 1) 132

I only use those stratum 1 servers that (a) either serve my geographical area or are worldwide, (b) that have "open access", and (c) do not require me to notify them that I am using them. Also, I only use those stratum 2 servers that meet the same criteria.

The "Rules of Engagement" state: "There are many scenarios where the above rules may not apply, especially ... clients with intermittent connectivity ..." Given that I disconnect from the Internet whenever I walk away from my PC and I shut down my PC whenever I leave my house or go to sleep, I am indeed a client "with intermittent connectivity".

Comment Re:Not for Windows? (Score 2) 132

The Windows capability to synchronize my PC clock depends on a single time server. The default is Microsoft's own, which is not always up.

SocketWatch does not tie me to one particular time server the way the Windows capability does. SocketWatch has a list of servers, which I have edited. My list now has over 200 entries. Per my option settings, SocketWatch queries the top five entries from the list hourly, scoring each entry primarily on how quickly the server responds. The server with the best (lowest) score is then used to reset my PC clock. During that process, the servers in the list are sorted according to their latest scores with the lowest score at the top. Thus, a time server that was in the top five but has problems is replaced with a server that has a better score.

My list includes some stratum 1 servers, which are atomic clocks. Microsoft's is a stratum 2 server, which means it is not a clock but instead is a server that gets its time by synchronizing with stratum 1 servers. Thus, I can get synchronization more accurately than provided by Microsoft's default server.

Comment Not for Windows? (Score 3, Interesting) 132

It appears to me that all the NTP patches and all the NTP alternatives are for UNIX or Linux systems.

I use SocketWatch on Windows 7 to synchronize my PC clock with external time servers around the world. I have it set to run every hour. It warns me whenever an adjustment to my PC clock is excessive (using my definition of "excessive").

The questions are: How do the reported problems with NTP affect me. Or do those problems only affect time servers?

Yes, I know SocketWatch is no longer being maintained. The developer is going out of business and will soon stop distributing it. As long as it works for me, I hope to keep using it.

Comment 1024 DH Keys Are Not Current (Score 1) 217

The journal article cited addresses Diffie-Hellman (DH) certificates with 1024 bits. For browsers, such certificates are being deprecated. Certification authorities are not supposed to issue intermediate certificates or sign subscriber certificates that have less than 2048 bits, and Mozilla reserves the right to require even larger certificates.

Furthermore, the OpenPGP format allows even larger DH parts of the DH/DSS encryption keys. My own DH/DSS key is 4096/1024. The 4096 is the size of the DH part. The 1024 is the size of the one-time, temporary DSS key used to encrypt my files; that temporary key is then itself encrypted with my DH key and appended to the encrypted file. Since a new DSS key is generated each time I encrypt a file -- even for the same file -- the smaller size does not bother me.

Comment Re:This is why you call your bank before tourism (Score 1) 345

I have two Visa cards from my credit union. One I rarely use other than for purchases via the Internet; that one sits in my desk at home. The other Visa card I carry with me.

I always call my credit union before traveling. This past summer, we visited out daughter in Saskatoon, Canada. Going, we changed planes in Edmonton with a long layover. Returning, we changed planes in Calgary. Before the trip, I called my credit union and gave them the dates of travel and the three cities I was visiting. Treating my daughter and her family to dinner in a nice restaurant, the Visa card in my wallet was rejected. We had to use my wife's Master Card, for which I also called the bank before traveling.

Back at our hotel, I called my credit union. They had entered my "vacation alert" into my account only for the Visa card that was still sitting in my desk in California. During this phone call, they added a "vacation alert" for the Visa card in my wallet.

Interestingly, we traveled in France earlier in the year. For that, I also called my credit union and bank about my travel plans. I used the Visa card I had in my wallet and my wife used her Master Card, all without any problems.

Also, my credit union occasionally calls me about very large Visa charges when I have not even left southern California. Frankly, I am happy that they are monitoring my account. Once my pocket was picked in Washington, DC. My Visa credit limit was totally consumed in the three hours between when I last remembered handling my wallet and when I reported the theft to Visa. It took one day to get a replacement Visa card but several days to restore my access to the account, something I hope the current monitoring procedures would prevent.

Comment Just the First Step (Score 1) 40

Becoming a public-benefit corporation is the first step towards becoming a non-profit, 501(c)(3) tax-exempt corporation. A private-benefit corporation cannot be tax-exempt.

Of course, this means much more than Kickstarter merely avoiding taxes. It also means it cannot compete with for-profit companies; any profits unrelated to its public-benefit purpose are taxed at a higher rate than for-profit corporations. This also means that it cannot endorse any candidate for election to public office and severely limits its ability to lobby government officials and agencies.

Comment The Logical Conclusion of Opposing Ad-Blocking (Score 2) 351

Those who would prevent the use of ad-blockers need to consider where the logical path of their position leads. Advertisements also appear on television and radio, in newspapers and magazines, and on billboards along our highways.

Action to prevent ad-blockers must therefore also prohibit Mute buttons on TV remotes and prohibit me from running to the bathroom during long commercial breaks on TV. They must also prohibit me from switching radio stations or turning off the radio while driving They must force me me read every ad in my morning newspaper and make me stop my car to carefully read every billboard.

NO. I can choose to be deaf and blind to advertisements in other media. Why can I not choose to block advertisements on the Internet? What is it about the Internet that mandates its advertisements on me, something other media cannot do?

Comment Old News (Score 1) 527

The updates for the cited KB numbers appeared some time ago. I did not install them.

The best practice now is to set Microsoft Update to check for updates and alert you but not to download or install any updates. Note however that this is NOT an option with Windows 10, which is a good reason to avoid Windows 10. .

Then review the details of why each update should be installed. In Windows Update (Windows 7), select an update. At the right will be a link "More information". Select that link and read the Web page. If the information presented there does not tell you how the update will benefit you, the user, do not install it. In that case, the update most likely benefits only Microsoft.

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.