Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Democrats, not the "Electoral System" (Score 1) 209

The UK has a first-past-the-post system had had a coalition government between 2010-2015. It has also seen the complete wipeout of the two main parties in Scotland in favour of a third nationalist party.

The idea that a two-party system under FPTP is inevitable, is not backed by the facts.

Comment Re:This is ridiculous (Score 1) 747

People rage about it because it is an idiotic waste of valuable time.

Yes, in this case changing a file extension of a new file format is not a big deal, and three more letters won't kill anyone. Heck, I'd rather have a command be called "brotli" than "bro" just due to fewer chances of random conflicts.

But the justification is completely illogical, and once engineering decisions start being made on the basis of stuff that doesn't even TRY to be logical but is purely emotional, the amount of wasted time can become unreal.

As an example, I am familiar with one case where a company had an internal tool for mapping internal dependencies called "Octopussy". You know, like Octopus but with James Bond connotations, because the graphs it drew looked a bit like an octopus. Well, guess what happened next .... someone threw a hissy fit and demanded it be renamed. Only problem was, the tool wasn't maintained anymore. And over time it had become an internal data source for other tools, which at that point had the name hard-coded into them (network endpoints etc). Some of those tools were also only sporadically maintained. So people had to be dragged off existing projects to spend time on "fixing" a non-existent problem that existed only in someones mind. Many, many hours were wasted and of course all the people who had to work on that learned an abiding hatrid of radical feminism.

THAT is why people get mad about shit like this story. Give an inch and suddenly the amount of money, time and mental energy being burned can become insane.

Comment Re:The North American culture-sphere? (Score 4, Informative) 747

Hunch correct. I've met Jyrki. He's a great guy. Also - a Finn who lives in Switzerland, not an American.

Jyrki is very smart, not prone to bullshit or nonsense. He surely knows this issue is ridiculous, which is why they moved on so fast with only a minor comment about "not understanding why people are upset". There are more important things to do in life than argue with people who are wrong on the internet.

(irony of me posting this to slashdot well understood)

Comment Easily? (Score 4, Insightful) 36

Let me summarise the key findings of the paper. The headline figure is stunning: over 70% of all sites they tested leaked their origin IP in some way.

But. It's not quite as simple as that. Virtually all websites that are DDoS protected are using CloudFlare, probably because it's a free service. The vast majority of the times they were able to find the origin IP address, it was due to basic oversights by the website admin, typically, having subdomains that resolve to the origin IP or simply never moving the server after signing up for CloudFlare at all. The most common subdomain that leaked the IP was called "ftp".

Who the heck actually still runs an FTP server as part of their website, in this day and age? No big websites do that's for sure.

And sure enough the paper concludes, not surprisingly, that bigger more important websites are much less likely to leak their origin IPs than smaller ones.

I think all this paper really says is that CloudFlare have a lot of small non-paying customers who aren't really playing in the big leagues and aren't being attacked by sophisticated attackers ... or possibly aren't being attacked at all .... and as a result are more likely to have made simple errors.

So when the headline says these protections are "easily" bypassed, all it's really saying is that if someone using a defensive system makes mistakes, they can still be attacked. That's not really news and doesn't tell us anything about the efficiency of these services when the people using them have done their homework.

Comment Re:The system isn't very good (Score 1) 71

You realize this sort of attack was entirely expected, and that the system is engineered to withstand it, and did, trivially?

Expected, yes. Engineered to withstand - no. Bitcoin Core nodes accept as many transactions as they can with no memory limit until eventually they bloat up so much the operating system kills them. The official "solution" for this is to babysit your node and if you see it running out of memory, change a command line flag to make it ignore any transactions with lower than the given fee. Unfortunately of course, this also ignores all end user transactions paying lower than that fee as well.

I maintain a fork of Core called Bitcoin XT. It has a flag that lets you set a maximum number of transactions to keep in memory at once (and in a future version it'll change to be a max number of bytes, as that's the actual resource that's limited). The node will randomly remove a transaction from the pool to make room for a new one when out of space. As during an attack the memory pool is mostly full of spam, obviously this logic mostly involves kicking out spam to make room for {more spam, actual legit transaction} as opposed to just falling over and dying.

Comment Re:Hmmmm (Score 4, Interesting) 927

And from the other Slashdot discussion, a picture of Linus and Greg sitting together. Wow, Linus wasn't kidding. Greg KH is enormous! I don't mean fat, I mean, literally he does appear to be a giant. Unless there's something weird about that camera perspective it's not totally surprising that Linus may have made a joke along the lines of "you should be scared of Greg".

Comment Hmmmm (Score 5, Interesting) 927

It took a hell of a lot of digging, but it seems to have started with this thread, way back in 2013.

Now, I'm all for professional communication, and emails can be easy to misinterpret, but this looks like a bit of an over-reaction. Someone commented that they send patches to Greg KH because Linus scares him, but added a winkey smiley afterwards, i.e. not really all that scary. Then Linus made a joke about Greg being big and squishing people that may or may not be playful or insulting, without knowing much about the relationship between these guys it's hard to say. Squish is hardly a word you use when you're really angry though.

And then Linus and Ingo gently tick off Greg and says he should be tougher, Linus says Greg is acting like a "door mat" and says "You may need to learn to say no to people". Ingo says "be frank with contributors and sometimes swear a bit". Probably this discussion would be held off list in a more traditional corporate environment to avoid embarrassing Greg (though "you are too nice" is not that embarrassing), but he takes it in his stride and agrees to be tougher.

OK, so far, just another day in open source land? Well, then Sarah Sharp flies off the handle and says:

Seriously, guys? Is this what we need in order to get improved -stable? Linus Torvalds is advocating for physical intimidation and violence. Ingo Molnar and Linus are advocating for verbal abuse.

Not *fucking* cool. Violence, whether it be physical intimidation, verbal threats or verbal abuse is not acceptable. Keep it professional on the mailing lists.

What the heck? The only thing she could be referring to this thread so far has been Linus talking about Greg being a giant who might "squish you without even noticing". Nobody could seriously interpret that as advocating for violence unless you were so unbelievably literal you'd be unable to handle ordinary conversations.

And then there's the conflation of "verbal abuse" with "violence". These are two words that mean very different things. And finally the assertion that by trying to make jokes (perhaps not very well), Linus and Ingo were being unprofessional. Not surprisingly, Linus had a problem with this claim.

Now I don't know, probably this could have been avoided if the discussion with Greg had been private. But it seems Sharp would have let rip at some other point if someone else made an off-colour joke. I can believe LKML is a tough environment, but this isn't the best evidence possible. Perhaps there have been other incidents, but as Sharp doesn't list any, it's hard to say.

Comment Re:Before anyone bangs on about bedallions and so (Score 1) 239

You've fatally misunderstood Uber's business model and why they do what they do.

Uber is not anti-regulation and does not engage in a "race to the bottom" where they ignore the fact that some cab drivers are crappy.

Rather, Uber is the regulator and prevents the race to the bottom in entirely different and more modern ways. Instead of using the (literally) steam-era approach of forcing cab drivers to memorise street maps, they use GPS. Instead of setting high and constant fees with mandated pickup to make prices predictable, they use global knowledge of supply and demand to show you a price ahead of time. Instead of attempting to judge a cabbies integrity and character through some bullshit interview process they gather real time feedback from actual riders.

To see Uber as anti-regulation is to miss the point. They are merely a much better regulator that uses 21st century tools.

Comment Re:Against the law (Score 1) 239

The correct process for Uber and the like to take is to challenge the unjust, anti-competetive laws first, potentially citing public demand for their services

How do they demonstrate public demand for their services if they haven't got any customers yet? And why do you think the taxicab regulators in each jurisdiction where they do this would care even one tiny bit?

It'd be great if all you had to do to get dumb regulations dismissed was 'challenge' them. I used to think this way too - surely these people are just reasonable and they can just be talked to? Then they'll see the light?

But if it was so easy, it'd have been done years ago already. It's not. You can't simply change laws by arguing in front of a court that the laws are dumb, especially not against entrenched interests. Only massive public support can change these things, and to get that, you need happy customers.

Comment Re:This is why you call your bank before tourism (Score 4, Informative) 345

Instead of rejecting the payment outright and freezing the card, text message my phone IMMEDIATELY and I can read a 6 digit code to the cashier to allow the transaction

How about an even better solution - insert your card into a reader, type in your PIN and that's the two factors right there. You know...... the system that's already used everywhere in the world except for America? It works pretty well. I think the USA is starting to roll it out now, albeit a slightly crippled form of it (they managed to take the 2-factor system everyone else uses and make it 1-factor).

Comment Re:This is why you call your bank before tourism (Score 1, Interesting) 345

Yeah, it is completely broken. This is a problem more or less specific to America.

I have several cards. I travel constantly. I have never, not once, told my bank where I am going and I have never, not once, had my card declined.

How do they achieve this witchcraft? Well,

1. The cards are all EMV. The magstripe can be cloned, but you can't use it in most countries (other than America)

2. Many online purchases are protected by 3D-Secure, which basically just lets your bank put a login/ID verification screen after the card number is entered

3. Their fraud models expect people to travel whereas lots of Americans don't

Comment Re:I can understand the change in motto (Score 1) 247

It dates from the really early days when Google was basically just a bunch of engineers doing R&D. It was cutesy, the brand they went for was cutesy, it fitted.

The problem with it IMO is that, basically, too many people can't handle it. "Evil" is a really high bar. It's a word that smells objective. But not many business activities really qualify for such a strong word. Drone striking a wedding is evil. When Microsoft tried to take over and then kill off the web (or rather, progress in the web) because they wanted everyone to write Windows apps instead of using open infrastructure, that was roaming around in the general area, maybe, if we want to be hyperbolic. Though it's debatable.

Changing the colour scheme in Gmail is clearly not evil. Attempting to integrate social features of products together is not evil, even if you didn't like it. But unfortunately as Google got big enough it reached the point where basically any change resulted in this motto being thrown back in their face. So it ended up being meaningless. Someone saying "don't be evil" just became some sort of trite cliche. Worse, internally some of its own employees would tend to describe any action they didn't like as "evil" which of course wasn't great for team building and morale (I used to work there so I saw this problem in action many times).

I'm not surprised they have eventually changed it, although even that change will itself be described as evil in a sort of implosion of recursive irony. "Do the right thing" might seem watered down, but by taking out the cartoon emotive character assassination words, it sets a probably more realistic goal by accepting that "the right thing" is inherently subjective and debatable.

You are in a maze of UUCP connections, all alike.