Please create an account to participate in the Slashdot moderation system


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Manage Outsourcing (Score 1) 157 157

You listed a bunch of strengths:
1) she has J2EE experience
2) she lives in Spain where the developer job market sucks
3) she has the talent
4) she'd like to move up to a better job

So, how about she goes and finds un/under-employed local programmers, sets up a syndicate, and manages outsourcing jobs for enterprises in areas where the labor market is tight?

That will gain her marketable sales and management skills which she can then parlay into better career opportunities. Maybe even sell the company once it's successful.

I'm assuming she can speak English about as well as you can, which is plenty good (I can't tell if you're native or not).

Here's the thing that bothers me most about your post, though: she's of child-bearing age, so I'll assume under 40, and you say doing IT is better than picking up a new career now. Don't fool yourself - she'll be working another 40 years (unless the AI's take over) and so she's less than 1/3rd of the way into her career. If you love her, you'll want her to be happy for the next 40 years, and you'll support her in finding/creating something that supports her passions and can pay the bills. So, if she really hates IT, ignore what I wrote above and work hard to help her find her purpose.

Comment: Re:That's not what the blockchain is for (Score 1) 36 36

The bitcoin solution is to sell the space to the highest bidder

'A', not 'the'. Sidechains are a much better bitcoin approach (the blockchain need only record the entry and exit points). Marc Andresson's company has been working on just this for a year or more.

Comment: Re:Apples and oranges (Score 1) 92 92

So then, aren't size comparisons between OpenSSL and s2n at best useless, and at worst intentionally misleading?

Possibly misleading, if one doesn't understand the true claims, but definitely useful.

If you're just using OpenSSL for running servers and s2n can provide all of the functions a server needs, and s2n is is 1% of openssl's size, then it's a much, much cheaper target for auditing, and so it's far more feasible to feel secure about it.

If you're doing something different with OpenSSL then the use case probably doesn't apply.

It may be that a machine analysis of the OpenSSL codebase, starting with the function calls from, say, mod_ssl, could produce a useful graph of the OpenSSL code that's actually in use by typical servers. I'm not personally aware of such an effort, but it seems obvious enough that probably somebody has done it.

Comment: Re: Above Congress? (Score 4, Insightful) 146 146

not sure if serious ... CIA people have been in the Whitehouse since 1980, out in the open (it's debatable before then). They spy on Congress, have their own secret kangaroo courts, and carry out overseas executions all admittedly. One could suppose that there's nothing worse behind closed doors but that would be generous towards spies. Who doesn't really think they're blackmailing anybody in Congress or other high elected office?

Politics remains the entertainment arm of the military-industrial complex. After all, people would be mildly non-plussed to learn that they were secretly ruled by spooks and banksters.

Comment: Re:Refill (Score 3, Informative) 181 181

Thanks for this. My experience with the refurb vendors has been fair to terrible. I wonder if I should just replace the caps on a leaky refurb toner I got. Brother makes good machines and sells their carts for a king's ransom. I was literally contemplating $50 more for a new Brother color laser than for a set of toner carts for my existing Brother color laser. The refurbs run 25% of the cost, but I'd rather refill them myself now that I know it's possible.

As to the OP - don't spend a gallon of gasoline to bring a toner cart in for recycling - just toss in the trash if that's your only option (for a brand without a mail-back program). Economics is hard, but recycling without considering economics is stupid.

Comment: Re:ipv6 incompetence is nothing new. (Score 1) 64 64

I don't like what you're saying, but it's true. For this reason I disable ipv6 wherever I care about security (vmlinuz ipv6.disabled=1), because I can't trust the existing implementations and I'm pretty sure there will be data leakage if I don't (this story doesn't help assuage my concerns). Therefore, I'm not engaged in filing bug reports very much, because I mostly have to avoid it. Quite a Catch-22.

Also my ISP doesn't offer it and most endpoints don't offer it, so it just adds latency for Internet operations. There are clearly incentives missing or the situation would be better. The recent move to monetize IPv4 space transfers might finally be the impetus needed for network operators to move their internal nets to IPv6, but look at Android 5 not even supporting DHCPv6 (which administrators seem to want) and you can see how far we have to go - whether Google or the admins wind up backing down, there are still fundamental philosophical disagreements about how v6 should be disabled and no amount of shouting "but I'm right" will solve it. That's in 2015 with at least a lead time of five years for everybody to get on the same page, *after* there is agreement. And even if monetization of IPv4 does start to work, the BGP community has had its head in the sand for two decades and really can't handle it.

IPv6 is necessarily more complex than IPv4 since it shifts the complexity of kludges into services (the tech schools aren't even teaching it so only alpha nerds even understand the stack) and fundamentally the transition plan was "we'll make a spec and then everybody will support it for altruistic reasons") which is such a monumental failure in understanding human action that it's socially embarrassing to be associated with the spec. The IPv6 transition will be a warning to future generations about how not to advance technology in society.

Yet we still need it.

Comment: Re:yeah yeah (Score 1) 53 53

It will display a warning and let you continue

No, it won't - and that's the whole problem. It prompted me to write this piece on re-enabling SSLv3 on Firefox which is probably the most heavily-trafficked post I've done on that blog.

Most of these devices will support HTTP and HTTPS. The posture of the browser developers is to blow up HTTPS support on SSLv3 everywhere, regardless of the risk profile.

There are very few people who are going to get $1100 to replace a PDU because the current one only supports SSLv3. As it currently stands, those people have to re-enable SSLv3 for the whole Internet on their browsers to admin their local devices. Pretty soon they will have to stop updating their web browsers entirely.

There are only two possible real world outcomes:
1) people will re-enable HTTP administration and start sending their passwords cleartext on their LANs
2) the very people in companies who do security work will be running outdated browsers, on purpose, to connect to their gear.

3) a million dollars will appear overnight in a company's budget to replace gear for highly theoretical risks

simply is not an option that exists concurrent with reality.

If the browser engineers had handled the situation the same way as self-signed certs, or even made a more complex UI to specifically whitelist certain hostnames or subnets, then we could have made a reasonable transition. But that would have been hard work with real analysis required, and why do that when flipping a switch and boldly posturing is more crypto-macho?

The very same people who jeered corporate people for staying on IE6 are creating exactly the same situation in regards to SSLv3. They may understand a narrow aspect of cryptography very well, but they completely fail to understand the security of complex systems. They are hurting the security and privacy we're working so hard to achieve. Jeers indeed.

Comment: Re:Just run your own (Score 5, Interesting) 141 141

Or be a better netizen by running your own and forwarding to your ISP's.

The whole reason OpenDNS even exists is because ISP's proved they cannot be trusted to run an honest DNS. And let's not pretend that DNSSEC is universally deployed.

Most people here can setup up a 99 cent VPS with an openvpn endpoint running a recursive resolver, limited to the openvpn net. That fits in the smallest slice of RAM available in 2015 and will work fine.

Most other people cannot, though. Google's DNS is honest, if you don't care about tracking - but most people care more about free stuff than privacy.

Comment: Re:no we can't (Score 2) 75 75

I find this an interesting statement. Running the numbers, I find that you'd have to be using a rocket burning something rather better than H2/O2 (we're talking Isp >500 just to reach escape speed, much less to reach the target rock) to allow two launches of a delta-IV heavy.


The fact that a Delta-IV Heavy has a LEO payload of over 27 tonnes is a fact. You don't need to "run the numbers". As for the kick stage, I didn't specify a propulsion system - for all we care (since we haven't established a timeframe), it could be an ion drive and not even take a rocket so large as a Delta IV-Heavy.

Meanwhile, the Falcon Heavy is to make its first launch this year, with double the payload of a Delta IV-Heavy. And as was mentioned, the Tsar Bomba was not optimized to be as lightweight as possible.

And this entirely ignores that noone actually has a Tsar Bomba sized nuke available to be detonated.

Oh, and you didn't allow for a backup

It's almost as if I didn't add "with enough advance warning" for that scenario and leave what "enough advance warning" is unspecified. But if there's another rock the size of the Chicxulub impactor out there and we don't see it until the last second, we deserve to get hit - we're no longer talking about a 50 meter spec (Tunguska-sized), rather a rock with a cross section 30% bigger than the island of Manhattan. We're talking about an impact of a scale that happens once every hundred million years or so.

Comment: "IPv6 Leakage"??? Give me a break. (Score 4, Insightful) 64 64

The study of fourteen popular VPN providers found that eleven of them leaked information about the user because of a vulnerability known as âIPv6 leakageâ(TM).

No.... That has nothing to do with IPv6, it has to do with what those VPN's support. What that statistic really means is that 11 out of fourteen VPN providers don't really support IPv6 in the first place.

Comment: OMG - matti makkonen .fi sms pioneer dead (Score 0) 31 31

A more appopriate version of the BBC's article:

OMG - matti makkonen .fi sms pioneer dead!!!
WTF - mm just died @63! #txtpioneerdeath was father of sms & dvlped idea of txt msg with phones. @2012 msged BBC that txt would be here "4EVR".
shoutout 2 Nokia for spreading sms w/Nokia 2010. thought txt good 4 language. was btw mng. director of Finnet ltd and "grand old man" & rly obsessed with tech.
OMFG people!

Comment: Re:no we can't (Score 2) 75 75

It is not only possible, but the easiest option, to "blow them up Armageddon style" (minus the drilling and the like). There's a lot of simulation work going on right now and the results have been consistently encouraging that even a small nuclear weapon could obliterate quite a large asteroid into little fragments that won't re-coalesce, while simultaneously kicking them out of their current orbit. A few years ago they were just doing 2d calcs, now they've gotten full 3d runs.

Think for a second about what nuclear weapons can do on Earth. Here's the crater of a 100kt nuclear weapon test. It's 100 meters deep and 320 meters wide. You could nearly fit a sizeable asteroid like Itokawa inside the hole. And that thing had Earth's intense gravity field working against it and was only 1/10th the size of weapons being considered here. In space you don't need to "blast out" debris with great force like on Earth, you merely need to give it a fractional meter-per-second kick and it's no longer gravitationally bound. And the ability of a nuclear shockwave to shatter rock is almost unthinkably powerful - just ignoring that many if not most asteroids are rubble piles and thus come already pre-shattered. Look at the "rubble chimneys" kicked up by even small nuclear blasts several kilometers underground (in rock compressed by Earth's gravity). Or the size of the underground cavity created by the wimpy 3kT Gnome blast - 28000 cubic meters. Just ignoring that it had to do that, again, working against Earth's compression deep underground, if you scale that up to a 1MT warhead the cavity would be the size of Itokawa itself.

You of course don't have to destroy an asteroid if you don't want to - nuclear weapons can also gently kick them off their path. Again, you're depositing energy in the form of X-rays into the surface of the asteroid on one side. If it's a tremendous amount of energy, you create a powerful shattering shockwave moving throughout the body of the asteroid. If it's lesser, however, you're simply creating a broad planar gas/plasma/dust jet across the asteroid, turning that whole side into one gigantic thruster that will keep pushing and kicking off matter until it cools down.

The last detail is that nuclear weapons are just so simple of a solution. There's no elaborate spacecraft design and testing program needed - you have an already extant, already-built device which is designed to endure launch G-forces / vibrations and tolerate the vacuum of space, and you simply need to get it "near" your target - the sort of navigation that pretty much every space mission we've launched in the past several decades has managed. In terms of mission design simplicity, pretty much nothing except kinetic impactors (which are far less powerful) comes close, and even then it's a tossup. Assuming roughly linear scaling with the simulations done thusfar, with enough advance warning, even a Chicxulub-scale impactor could be deflected / destroyed with a Tsar Bomba-sized device with a uranium tamper. Even though it was not designed to be light for space operations, its 27-tonne weight could be launched to LEO by a single Delta-IV Heavy and hauled off to intercept by a second launch vehicle.

Comment: Re:Probably GPL, but depends on Apple (Score 2) 153 153

The GPL is "viral" in that if you use even a smattering of GPLed code, you are required to release ALL of your code as GPL as well.

Incorrect... Copyright says that you can't legally make a derivative work at all without permission from the copyright holder. The GPL gives people such permission when they agree to abide by its terms. If they don't agree, they don't have permission to do it in the first place, which is the default status for any copyrighted work, anyways.

What's viral about that?

What is now proved was once only imagin'd. -- William Blake