Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Also worth noting... (Score 1) 181

by DaveHowe (#48854547) Attached to: NSA Hack of N. Korea Convinced Obama NK Was Behind Sony Hack
Nothing the NYT links to says the NSA used the system to give early warning of Sony (or even after-the-fact analysis of Sony) - It simply says that the NSA had extensively penetrated NK in the late 2000's, and if that system were still in place, *could* have gained insight into the attack, either before it happened, or after the fact. However, given the FBI have raw access into the NSA's databases, its possible that this is why the FBI won't back up its claims with actual facts - it is relying on the database that the NSA have that is in breach of a LOT of laws, and use of which usually is subject to "parallel construction".

Comment: Amazon Store (Score 1) 405

Not seeing why, if a publisher doesn't want to sell though the Amazon store, they can't as easily sell though their own website or even though traditional brick and mortar stores. For that matter, I don't see why an author can't do that themselves and cut out the other middleman, unless they are tied into an exclusive contract.
kindle books are just files - you can sell them from anywhere.

Comment: Re:need to get over the "cult of macho programming (Score 1) 231

by DaveHowe (#46926275) Attached to: How To Prevent the Next Heartbleed
The reality was both more interesting and much worse than the above implies.

The OpenSSL project had one full time programmer as gatekeeper; he passed the code and added it to the tree, when in fact it missed a bounds check the RFC it implements says should be made.

As an OSS project that accepts patches from the community, the submitter could have been anyone, of any level of ability. In practice, the submitter was a student, who had written not only this patch but the RFC that describes the change, as part of his thesis project. The idea was to increase the efficiency of SSL *in UDP* for applications such as OpenVPN, by adding a "are you still there?" heartbeat exchange.

The final patch was submitted (and accepted) on the evening of Dec 31; I am at least slightly suspicious of the timing, as it smells of trying to meet some arbitrary deadline (and a student throwing in his work "under the wire") rather than the "when its as perfect as I can get it" criteria that should govern a submission to a security product.

Comment: Problem with that theory is... (Score 1) 241

by DaveHowe (#46339697) Attached to: With 'Virgin' Developers, Microsoft Could Fork Android
Nothing in Android prevents Microsoft just taking the existing core and putting it on as many phones as they want. There is no restriction, you can do what you want with it.
However, getting access to the play store and many of the "standard" apps requires signing an agreement with Google - that doesn't get you android, just the play store access and apps. No amount of cleanroom re-implimentation of android core will entitle MS to connect to google's play store - that's not a "feature" of android, its a contractual agreement with Google.

Comment: Re:Very True (Score 1) 533

by DaveHowe (#37934530) Attached to: Consumer Tech: an IT Nightmare
I have seen such high failure rates in the wild - cross batch, cross manufacturer even.
But invariably, they were proceeded by a thermal event - I have never, ever seen worse than 10% failure in a datacenter that has a clean aircon record, and would expect 5% or better unless there were power issues too.
if you are seeing that sort of failure rate, I would be giving special care and attention to any "service visits" the ups or aircon guys may have made in the two months prior to the problem starting.

Comment: Re:Same old thing... (Score 1) 137

by DaveHowe (#37526056) Attached to: Oracle May 'Fork Itself' With MySQL Moves

MariaDB is not much if any better - Ok, I can see his original point - he shared the source to MySQL so that he could get the benefits of community bugfixing, but retained the commercial rights so that he could sell commercial usage licences and still make money.

I can also see how, when offered a buttload of money by SUN, he could get up front and in one lump sum what he might make in years of normal trading - and SUN, having no db solution of its own to compete, was as good a new owner as any.

However, with MariaDB he is trying to have his cake and eat it too - he wishes to start a new "community" edition of MySQL so he can still steer the project, despite having taken his pieces of silver and ran once already. Despite (or even because of) his "experience" in running the MySQL project, I would not consider him a particularly good choice to control a fork.

Comment: Re:No shit (Score 1) 385

by DaveHowe (#36784652) Attached to: Belgian Newspapers Delisted On Google

You don't get to tell a search provider how they are supposed to use the content they index from you. I am ok with the idea that you should be able to tell them not to index you, if you don't want that done, but if you choose to be indexed you don't get to say "You can only do it in the way we specify, or using the terms we specify."

Actually, that plays to a second danger. If you can get a court order like this, then presumably at some point they can convince a Belgian judge that "Official Belgian newspapers" should automagically get a higher rating on news.google.be than foreign/unofficial ones... Google search results could end up ordered by lawsuit rank not pagerank :(

Comment: Re:Uh, tough? (Score 1) 385

by DaveHowe (#36784634) Attached to: Belgian Newspapers Delisted On Google
Google is a private, foreign, totally unaccountable organisation.

Clearly it is a private, foreign, but {within the jurisdiction of Belgian courts and accountable to said courts} organization, or this article wouldn't exist.

A Belgian judge has said "Remove all content from all your sites, but in particular, for google.com and google.be, for articles, images or graphic representations of the newspapers bringing this case"

Search engines work by indexing the content, comparing the index with the search terms, and using that to generate results. No content = no search = no result in the list. how is that hard to follow unless you are a Belgian landshark looking for cash damages not actual results (given robots.txt, as is repeatedly pointed out, can let you fine tune what google does or doesn't show)?

Comment: Re:First (Score 1) 176

by DaveHowe (#36208122) Attached to: Linux Gets Dynamic Firewalls In Fedora 15
This is largely an issue with the "front end" - dynamic changes to iptables don't auto-write themselves, but that is true also for (for example) Cisco IOS. it used to be that you couldn't even insert a rule in an ios access list (you had to append, or failing that, blank out the whole list and start over) but like IPTables, you can now insert and delete from the list on-the-fly.

A competent front end should write "hot" to the loaded list, but also update a static file so that they can be re-loaded on reboot. iptables has a built in "save" method that can generate such a file, but you don't always want to commit every change to the startup config.- but blaming the engine for the poor quality of coding involved in what is only a pretty front end onto a very competent packet filter is a bit unfair.

Comment: Asda price? (Score 1) 229

by DaveHowe (#35922020) Attached to: Wal-Mart Tests Online Grocery Delivery
Interesting. Walmart took over a UK chain called ASDA some years ago, who has a scheme for doing this - staff go and "pick" the goods from the shelves in a real store, just like a normal shopper would, bag them up, do a CNP transaction for the payment, then ship them out in a van to the homes.

Maybe some stuff does flow upstream?

FORTUNE'S FUN FACTS TO KNOW AND TELL: A giant panda bear is really a member of the racoon family.