Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Host it yourself (Score 1) 111

Right. Any cloud backup is reliable if you encrypt the data yourself before you give it to the service.

On the other hand, SpiderOak claims they encrypt everything before it leaves your computer, and if you lose your password they insist they can't help you recover your data. Big portions of their code are open source, but not all. You still risk that a hacker or government agency court order will release a revision to the SpiderOak software that transmits your password to their servers. There's also tahoe-lafs from Least Authority, which is fully open source and does encrypt everything before uploading to the service - but the last time I tried it, it was a little irritating to set it up.

Comment Re:Say what? (Score 1) 392

Privately owned individual vehicles are different from a commercial energy production facility. So I think having two different standards makes sense, and if the EPA does not require existing coal power plants to meet current emissions standards then that's foolish.

The problem with taking and crushing or otherwise recycling old cars is that most of the people driving them can't afford anything newer. It would be very difficult to create some kind of program to replace them without causing chaos and corruption galore. Note for example the Cash for Clunkers program in 2009 and the circus around that.

I'm not opposed to federal intervention in the economy in principle. I just think this is harder to do correctly. If there were to be direct government intervention for the sake of emissions, I think it would be simpler to administer if it was directed at power plants and not personal vehicles.

Comment Re:Say what? (Score 1) 392

Applying the same emissions standards to all vehicles regardless of age is impractical. The path the EPA has taken is sensible - strengthen emissions controls over time, so that as older vehicles are scrapped and newer ones enter service the average emissions level of the total of all vehicles drops. But that only works if the stronger emissions controls are followed.

And yes, that does mean that 500,000 Volkswagen diesels are emitting less pollutants of all kinds than millions of cars still in use from the 1980s and earlier with no pollution controls or weak pollution controls and carbureted engines that burn fuel much less efficiently than modern electronic fuel injection. But again, it would cost American drivers directly or indirectly through taxes many billions of dollars to retrofit every vehicle on the road. There isn't enough political will for that.

Comment Re:Hmmmm (Score 1) 181

I understand your point, but if you were in Mexico and didn't have any money, what then? I presume the answer is, "you're fucked".

So yes, we can drive the cost of our health system way down by cutting socialized and legally required health insurance. But the people at the bottom level will simply die. You may be happy with that, the rest of us are not.

And if you counter that people will not be refused at hospitals - that's only true because the hospital can offset the expenses from destitute patients with higher fees for everyone else. If you take that away with free market competition, the situation will turn south. The whole rest of the first world does not have socialized medicine because they're a bunch of looney communists.

Comment Re:Other bugs (Score 1) 409

The Android Open Source Project (AOSP) is free for anyone to adopt for any use they see fit, as long as they comply with the terms of the component open source software licenses (GPLv2 for the kernel, Apache license for the rest). Amazon used that to make their own fork. For a while, so did Barnes & Noble. So AOSP has no control over hardware.

But to use the Android name on the resulting products, the companies have to enter a legal agreement with Google. Google could place restrictions on features in those contracts, like requiring :
removable storage
removable batteries
guaranteed software security updates within three months of the disclosure of any bug for the product for a minimum of, say, three years after its release.

Those requirements would help users and slow the crazy planned-obsolescence cycle of Android devices. But Google does not impose those requirements.

Comment Re:Other bugs (Score 1) 409

Relax, it's you.

- The "systemd Titanic" has dozens of blog posts by Poettering and others explaining all of the design decisions behind it, and I can't fault anything. I've been using it since I switched to Fedora 18 from Ubuntu, and I never had a problem. git has dozen more complex integrated features in it than CVS, and I don't see anyone crying about that. I really don't understand the hatred. Do you want ext2 back, too? How about Linux kernel 2.2? Perl 4? Want to ditch vim and Emacs because they're bloatware compared to ed? Read your mail in alpine?

- Ubuntu Unity's market share is dropping, and GNOME 3 popularity started coming back as they added GNOME 2 UI features back. It was a blip on the radar, not some giant disastrous trend. Cinnamon, XFCE, LXDE, KDE 5, GNOME 3 Classic, and Mate are all very sensible and popular UIs.

- Android pretends to be open but mostly serves the profit engines of Google, Samsung, and the wireless carriers. Of course they're going to screw customers by dropping SD card readers or replaceable batteries. That drives customers to more expensive phones with more built in storage, or more expensive data plans, or newer phones. We should have never trusted the project in the first place.

- Making a mobile site that works as well as native code, even 'native' Java, on a small screen and limited resources is damn difficult.

- Hopefully and similar ideas make distributed cloud storage as cheap and secure as buying an extra disk and putting an encrypted volume on it.

- Mozilla has two goals with Firefox OS. First, to reverse the trend toward native apps on mobile - and you yourself were complaining about that, so I would think you like it. Second, the world has roughly twice as many smart phone users as traditional computer users, two billion versus one billion, and it's expected that in a few years there will be three or four billion smart phone users. Android and iOS are eating the consumer computing world, and Firefox OS is the best chance we have to prevent the consumer computing experience of the future from being a choice between a bunch of locked down proprietary alternatives.

Comment Re: Police? (Score 1) 370

Car Talk ( ) was a one hour weekly radio show broadcast throughout most of the United States for 35 years. It was about 50% customers calling in with car repair and car purchase questions, and 50% puzzles and humor. They ended every show with a fictional list of people that worked on the show, and all of the names I used and hundreds more rotated through the list.

Comment Re:Lies! (Score 1) 341

Good points. However, I think the JVM gives you things that might be difficult to add with cgroups and SELinux. But I may be wrong:

1. The JVM zeroes out all memory before handing it to an application, so your applications can't leak information to each other that way.
2. The javap disassembler makes easy decompiling of any Java application into a standard format that has specific references to APIs in the Java standard library, so I imagine it's straightforward to write code that disassembles each Java binary submitted to the Android store and then checks for illegal operations. Disassembling native binaries and scanning the code in an automated way for root exploits and malware is, I presume, technically more difficult. I would guess detecting code that, for example, mallocs a big buffer and then just reads the contents hoping to find a segment that cached your banking password would be difficult.
3. Require any code that your application loads dynamically have its digital signature checked first, and an absent or invalid signature blocks the load.

Otherwise yes, you can block file access and network access, constrain memory usage, constrain thread creation, etc... with security features native to Linux and not to the JVM. If I'm wrong, do correct me.

Comment Re:Lies! (Score 1) 341

Good points. I meant the code developers write for their applications, not popular libraries. Of course popular libraries get good security audits.

I use OpenJDK on Linux instead of the Oracle JDK, and "apt-get update" or "yum update" (or now on Fedora, "dnf upgrade") takes care of everything for me. For Windows, I just switched to the Azul Systems Zulu build of the OpenJDK for Windows. So far it works fine, but the only use it gets is running Minecraft for my kids. I do everything on Linux.

Comment Re:Lies! (Score 1) 341

Sure. Oracle has really goofed with the Java Virtual Machine security. Funny thing, though: the JVM is written in C++. So:
1. You're making my point for me.
2. The JVM today is under a lot of scrutiny for security flaws, and is no longer getting a new zero day discovered every 87 minutes. Your new C++ code, or my new C++ code, doesn't get that same level of scrutiny. If we write our new code in Java, we get the benefits of the security audits in the JVM and aside from JVM errors the JVM prevents buffer overruns, pointer arithmetic, etc...

Comment Re:Because it was written in Seastar or C++ (Score 1) 341

You're assuming that code spends most of its time computing. It spends an awful lot of time on I/O, and Python is every bit as fast at doing nothing as C is while either language waits for a file copy or data on a socket or the next user keystroke.

I wouldn't write Call of Duty 9 or video editing software or Bitcoin mining software in Python. But a blog? Software to tag mp3s? A media server? They're fine for slow languages. We developers spend a lot of time arguing about speed, but often we're working on projects where the differences are irrelevant.

Comment Re:Because it was written in Seastar or C++ (Score 1) 341

OOP is intuitive at the micro-level. I have an animal class, and mammal extends animal, and dog extends mammal, very simple and straightforward.

But OOP code in a complex project is, in my experience, always a nightmare to understand. I want my animal reference to a dog object to move. I look in dog and I see that it uses legged-animal-move, which might be from a trait or mixin (Scala or Ruby) or another parent class through multiple inheritance (C++) and it turns out that legged-animal-move needs a reference to the current position of the animal so I need to go back to dog and back up the inheritance chain to animal and grab the position reference, and it turns out the dog is on grass. Now I have to apply the visitor pattern on the grass object visited by the legged-animal-move mover class. As part of that visitor pattern function on grass, I need a reference to any other animals that might be in the same spot to detect collision. So I go up the grass class hierarchy to its great grandparent class generic-position and retrieve its instance list of animals at that position.... and before you know it, to figure out if the dog can move two steps forward I have sixteen files open in my IDE and the debugger is running and I'm looking at things like AbstractSingletonProxyFactoryBeanFactoryManager wondering what I did to piss off god.

To me, the real value of functional programming is that the data you want to understand and the code that's currently manipulating that data is right in front of you. My function takes as an input an attribute map (or associative array, or dict) named 'animal' with things like type->dog name->fido position_x->22, etc... and a second input map with a direction and a distance and as a third input a list of maps in sorted order by position_x. I get the position_x of the first input, use the second input to figure out the path of desired travel, and then use a binary search on the third input to find all possible collisions. There might be a few helper functions involved, but it all takes place right in front of me. One file.

Comment Re:Lies! (Score 1) 341

Also - Android was written in Java so developers could work on Windows, Linux, or OS X and so Google could attract the millions of existing developers that know Java around the world. Google didn't pick the language because they wanted the language, they picked the language because they wanted the ecosystem.

Also, arguably JVM applications are easier to audit for security and sandbox than native applications.

I'm always looking for a new idea that will be more productive than its cost. -- David Rockefeller