Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:Typing passwords (Score 1) 338 338

Many SaaS vendors are moving towards new generation of logins. I see many vendors removing OpenID in general and we're seeing an equally high number of companies embracing SSO.

Ugh, unfortunately the SaaS vendor I'm working with right now isn't one of them.

OAuth2? Nope. Another password to remember/reset/etc.

Webservices? Nope. Drop a file onto an FTP site which is polled, and poll the site yourself.

XML? Sort-of - it is their least-preferred file format which they try to avoid at all costs. Oh yeah, they have failures to parse xml files that W3 validates (for syntax, not semantics). I'm sure that there are issues with their non-xml-file parsers for the majority of the files we're dealing with since they avoid xml, but since you can't just use validators/etc to check the files we just run into them from time to time in production.

But, hey, our internal IT group is just as brain dead as they seem to also be writing their own XML parsers judging by some of the failures I've seen.

Comment Re:A plea to fuck off. (Score 4, Insightful) 338 338

Password managers are essentially making a bet that the risk of your hard drive being compromised is far less likely than a website being compromised.

If your hard drive is compromised then your keystrokes are being logged and your cookies are being extracted, and any website you log into will be compromised. The password manager isn't really adding that much more risk here.

Comment Re:BBC / other state broadcasters? (Score 1) 131 131

I somewhat agree, but there is a tragedy of the commons element to this. I do think that it makes sense to encourage reciprocation, via things like cross-licensing. By all means make it free to countries that have low incomes and so on.

I feel similarly about drug patents. I think that governments should start doing end-to-end R&D and keep the patents. They should be licensed for free to any domestic manufacturer, to manufacturers in countries that make similar investments and reciprocate, and for local domestic consumption in the third world. That would make drugs dirt cheap (due to the tax-based funding and competition for manufacture), but also encourage other first-world countries to make similar investments which increases the value of the public domain.

When you just force countries that invest to make their content freely, then you encourage freeloaders.

And I'm fine with "cross-licensing" being cross-domain. Maybe one country makes lots of free movies, and another country has really amazing free museums with subsidized hotel rates, so the two countries make their services available to the citizens of the other.

Comment Re:Iranians with payload delivery ability (Score 1) 163 163

IMHO, one of the remaining hurdles to us getting past the Great Filter is the proliferation of technology and doomsday weaponry to all corners of the globe.

Honestly, I really only see the solution to this problem being the proliferation of humans to such an extent that warfare using the most powerful weapons available is not a threat to a substantial portion of the human race. If people colonized half the galaxy a nuclear war would take centuries to reach everybody simply due to the speed of light, to say nothing of effective countermeasures.

Obviously that isn't going to happen anytime soon.

The problem is that it is very difficult to put the genie back in the bottle. The design of a nuclear weapon is basically just information, and everybody can see just how hard it is to keep information under wraps. Over time we've seen increasingly more dangerous weapons coming into the hands of the general public. Maybe if the entirety of the human population could be kept under surveillance we could completely prevent the proliferation of such technology, but simply having an organization capable of such a feat is in some sense an existential threat of a different sort.

Comment Re:I'm all for it (Score 1) 394 394

Furthermore, refueling an airplane does not take less than two minutes. That's the time you need just to plug in the fuel line.

He said, "But it would make loading and unloading the plane a matter of two minutes or something which is less time than it takes to refuel the plane."

Ie, refueling takes MORE than two minutes.

Comment Re:What Were They Hoping For? (Score 1) 95 95

Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.

FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.

They are certainly the way the software industry thinks everybody should be operating, which is all I claimed. I did not claim that all of those laws/treaties/etc were products of the software industry. I'm not sure how you can claim that the Uniform Computer Information Transactions Act wasn't though.

Comment Re:'Open source' (Score 1) 46 46

Simple access doesn't count as distribution in this case. The GPLv2 applies to code distributed under the GPLv2. It isn't a property of the code itself, and the fact that you have GPLv2ed code doesn't mean you have to give it to me, nor do I get the right to the code by simply having access. If you deliberately give me the code, you have to do so under the GPLv2, and I have all the rights that grants.

You give your employee the code when you give them access to it. Before they couldn't see the code. Now they can. They gave it to you.

The FSF holds that having employees work on company code isn't distribution.

That's nice, but they aren't the authors of the code in question, even if they're the authors of the license. If the kernel authors intended the code to be copyable by the employee and the license says that it is, then it is.

Consider that I've got a lot of company-owned proprietary code on my work computer. If that counted as distributing it to me, I'd own one copy of the code.

Well, you do have one copy of the code in your possession - the one on the server. That doesn't mean that you can make another copy of the code without permission from the copyright holder.

Similarly, putting copy of GPLv2ed code on a work computer is not distribution, and the programmer doesn't have a copy under GPLv2.

The wording of the GPLv2 isn't terribly helpful here. It uses phrases like "copy or distribute" in some places and "distribute" in others and doesn't define either term. If nothing else it really seems open to litigation. It would be sensible to make stuff like this explicit in a license.

It would be an interesting case - no doubt an expensive one if there were deep enough pockets involved. Ultimately the law is whatever the courts say it is, and there is only one way to find out...

Comment Re:'Open source' (Score 1) 46 46

But there's another aspect of this. Say my company downloads the Linux kernel and we internally make some changes to it and use it on our servers in its modified form. Jim is one of the coders. Linux is released under GPLv2. Does that mean that Jim can take our changes home with him?


The GPLv2 kicks in only when the company redistributes the code along with the modifications, and those modifications are available to the recipients that we've specified.

This is a common argument but I'm not convinced that it is airtight. How about this:

But there's another aspect of this. Say my company buys a Windows DVD and we install it on 47 of our servers. Jim is one of the coders. Windows DVDs are not licensed for multiple installations. Does that mean that Jim can call up MS and pocket a reward?


The Windows License kicks in only when the company redistributes copies of Windows, and those copies are available to the recipients that we've specified.

The problem with this argument is that copyright applies anytime you make a copy of anything. Copyright says you can't install Linux anywhere. What lets you install it is the license. The license for Windows says you aren't allowed to copy it at all except to install it once. The license for Linux says you're only allowed to copy it if the copy is GPLv2 along with any modifications you've made, and you make the source available to any recipients. So, your modifications MUST be GPLv2 the moment they're installed with the kernel. Since they are GPLv2, you've given permission to anybody with access to them to redistribute them already, and that includes Jim.

Now, you can still tell Jim not to redistribute it and fire him if he does and blacklist him so that his kids don't have any kind of future as is fashionable in the US, and I'm not sure that a court would take issue with that. However, I'm not convinced that a court would hold up an employer's right to sue an employee for redistributing Linux kernel modifications if you could argue that a kernel was copied anywhere at all. Keep in mind that the software industry has been pushing for super-conservative interpretations of copyright such that simply loading a copy of a portion of the program into RAM to execute it is covered. Under that kind of interpretation (which is the basis of any kind of end-use licensing) you're copying the kernel the moment you open the source in an editor.

But, you do expose the general weakness with GPLv2 in that it was really designed with a world of software sold in boxes (ie the 90s). The wording really needed cleanup and licenses like GPLv3 and AGPLv3 do much of that.

Comment Re:This is a GODDAMN DISASTER! (Score 1) 179 179

And the original point stands... have you audited the source code? Have you compiled / built the product from the source code? If not, then have the alleged source code isn't any better than trusting the Windows source code.

I have done both. So, I guess you'd say I'm fine then?

Most people who use FOSS audit it in the same way that any major corporation does due diligence for stuff they buy. They make sure that people they trust are looking into it.

Sure, you can sneak stuff into reputably-distributed FOSS just like you can sneak stuff into Windows CDs. The fact is that there probably still are a lot more people checking the integrity of something like RHEL than Windows, simply by virtue of it being FOSS.

Comment Re:This is a GODDAMN DISASTER! (Score 1) 179 179

Sure, but having the bitcoin sitting in the bitcoin wallet doing nothing makes it kinda worthless, yah? The whole idea is to use it for commerce, at which point you are vulnerable to all sorts of scams and theft that you would normally be protected from.

The design is similar to cash. When you give $20 to the fast food joint down the road and decide you didn't like the food, your only recourse it to ask them for the money back. You can't phone up your credit card company and ask them to cancel the charges.

Sure, that is a model with pros and cons, but nothing prevents people from doing legitimate commerce in bitcoin.

Then there's liquidity. Most transactions are off-block-chain (as in one block-chain transaction per every ~400 or so off-block-chain transactions). They have to be, because putting a transaction on the block-chain takes too long.

That is definitely a limitation of bitcoin. It cannot be used safely and quickly at the same time. If you're not in a hurry there is no need to compromise safety though. I personally wouldn't use it for anything where a transaction needed to be done in seconds.

And then of course there's the volatility of the buying power of bitcoin itself. It's one of the most unstable and volatile currencies in existence.

That is just the nature of low-volume financial instruments of almost any kind. Look at penny stocks and such - they're extremely volatile. If it were used in real commerce it would stabilize pretty quickly, since if the price went up significantly somebody would just sell 30 tons of steel for bitcoins and make a huge profit, and when the price drops significantly they'd buy back the 30 tons of steel. What keeps currency stable is the HUGE market full of stuff whose vendors don't adjust prices 3 times per minute.

The reality is that the value of the dollar goes up and down by pennies all day long and yet the price of a carton of eggs at Walmart stays the same all day long. That means that at different times of day the profit of selling those eggs actually changes. If everybody did with dollars what they do with bitcoins and dynamically priced based on the currency value then you'd see much larger swings in the value of the dollar, because it wouldn't have the weight of the entire economy pinning its value. Governments would also not be able to play the same games they do with inflation. The whole "Grexit" thing is about Greece not wanting to cut pensions and such, but one possible solution they talk about is switching to Drachmas, which basically amounts to just cutting pensions by paying the same number of currency units but devaluing the currency in the process.

Comment Re:This is a GODDAMN DISASTER! (Score 1) 179 179

No, this is exactly the reason why open source is having such a problem. 'You can always audit the source code'. Yeah okay buddy, because I have the time/money to spend on extra programmers just to audit the problem you created.

You do realize that you can purchase open source software commercially, right? Then you get the same level of support that you get with proprietary software, and you get the source code as well.

Comment Re:This is a GODDAMN DISASTER! (Score 2, Informative) 179 179

How many bitcoin banks have decided to cut and run at this point?

Bitcoin is cash. What you call a "bitcoin bank" is really just a "bitcoin wallet" in somebody else's possession, and it is about as safe as trusting somebody with a wallet full of cash.

The closest thing to a bitcoin wallet involving a bank is putting cash in a safe deposit box. If you do that in the US it isn't protected by the FDIC. If you want to be protected by banking regulations you have to deposit your money.

Bitcoin was never designed around letting others hold your money. The design was really for individuals to hold their own money.

Comment Re:Drone It (Score 1) 843 843

That's pretty much the same sentiment they had just before the Vietnam war. And then took a big bloody nose from the inferior Migs.

Very true, but just because missiles weren't ready to take over in Vietnam doesn't mean that they aren't ready today.

Vietnam also suffered from a lot of other problems. For one ROE - aircraft had to make visual identification before engaging, which basically negated any advantage the US aircraft even had. That and the general limited warfare thing which turned the whole theater into a meat grinder. Nobody was seriously bombing the bases the enemy aircraft were based at.

Vietnam was a LONG time ago now, much longer ago today than WW2 was back during Vietnam. People were quoting Vietnam this and that in the first Gulf War, and it wasn't remotely like Vietnam.

That said, unless the air force has some tricks up its sleeves that nobody knows about, the long-range missile capabilities of the US aren't really all that much better than anybody else's, which seems a bit crazy when they are relying on blowing up the bad buys before it comes down to a dogfight.

After the debacle with the F-22 and the F-105 I can't believe they bought another single engine fighter.

Well, the whole idea of the F-35 was that it was supposed to be the cheap replacement for the F-16, and hence the single engine. The problem was that they just tried to do too much with it, because heaven forbid that it isn't the absolute best in every category. By the time they really get it operational everybody will be using drones for this sort of thing anyway. Think about it - the mission of the F-35 is to be the bulk of the force, but not the aircraft you send in on the most critical air superiority missions (that is the role of the F-22). I'd think that would be the sort of thing you could easily use a drone for - take off, drop bombs, come back, and if AWACS spots enemy fighters either engage if you greatly overpower them, or just run and let the F-22s deal with them. Just have lots of ground crew taking care of the drones and you could basically have those things up in the air most of the time.

I also don't think that dogfighting is the real threat here. I already mentioned long-range AA missiles, but SAMs are a big threat too. Russia has those SA-10s which as far as I understand are VERY capable. I have no idea how well stealth defeats them, but they're really bad news for aircraft in general. Maybe they're counting on cruise missiles taking them out.

Many people write memos to tell you they have nothing to say.