Forgot your password?
typodupeerror

Comment: Re:USB? Excellent! (Score 1) 169

by Short Circuit (#42412837) Attached to: Ouya Dev Consoles Ship, SDK Released

My chief complaint was that in the original announcement, they were only going to support wifi for networking, yet it was supposed to be useful for gaming and streaming video.

The problem is that wifi is terrible for both of those use cases. It's bad on its own for latency purposes, and then there's spectrum contention. I raised these points in response to their Kickstarter drive, and it looks like they turned around and added those features. If I'd known they would, I would have donated on the Kickstarter.

Comment: USB? Excellent! (Score 2) 169

by Short Circuit (#42411391) Attached to: Ouya Dev Consoles Ship, SDK Released

When their Kickstarter began, I sent them a message (along with many other folks, I'm sure) that it needed _some_ means of getting a wired internet connection and/or access to by-wire accessories. USB was one of the possibilities I offered.

Now devs for Ouya can turn around and leverage that USB port to allow the Ouya device to latch on to a PC's network connection. Excellent.

(Page doesn't seem to show if it's USB2 or 3. At this point, I sure hope it's USB 3...)

Comment: Re:Sure but.. (Score 1) 596

by Short Circuit (#40777005) Attached to: App Developer: Android Designed For Piracy

Now how can we apply this to software. Well some precautions can be taken but they generally aren't very effective. It only takes one person out of billions to figure it out and share it. So you have to weigh the costs of implementing copy restrictions which includes the man-hours to develop that code and the inconvenience to paying customers. The shrinkage rate needs to be taken into consideration. Software shrinkage would be unsustainable if you actually lost product every time but you don't. There is opportunity costs but no costs associated with replacing the product.

I have three or four apps on my Android devices which implement DRM features. Some of them are 'phone home' features. Some of them are 'buy a crypto key to activate this app instance' features. You know what? That's fine. I like these apps enough that I'll pay for them. I also like Android's "broken" model enough that I'll stick with Android; Android's "broken" model let me root my phone, clean the ROM's crap out and integrate the Dalvik cache. I can't hope to explain how much this has improved the phone's performance for me.

Given the choice between something like Android and a feature phone, I'd probably go back to a feature phone. Thankfully, Google opened the barn door, and even if Android stops being produced, alternatives like Cyanogenmod and WebOS will take its place. Given the rate hardware's getting commoditized, we're not that far off from someone like BeagleBoards coming out with devices with CDMA, WiMax and GSM modems.

Comment: Re:wow (Score 3, Insightful) 158

by Short Circuit (#40667141) Attached to: Torvalds Bemoans Size of RC7 For Linux Kernel 3.5

I doubt Linus is getting more bitchy than normal. He's just had more 'popular' exposure and attention of and to his rants than normal. It's easy to guess why: Google+ gives him a lot more exposure and spread. Prior to his posting the rant against the root password requirement on Google+, I don't think I'd seen any of his opinions outside of near-fluff interview pieces or, possibly, LKML emails.

Certainly, people didn't care as much until they saw him lambast OpenSuSE developers. That got their attention and interest, and so folks like Slashdot and NetworkWorld are more likely to cover it. Heck, this kind of story is even out of character for /..

Linus only seems more bitchy because people are looking at him more.

Comment: Re:Who has a good VPS for $10/mo or less? (Score 1) 136

by Short Circuit (#40645281) Attached to: Varnish Author Suggests SPDY Should Be Viewed As a Prototype

After trying for months to keep ahead of spam using a regex extension called AbuseFilter, I ended up realizing that Google's ReCAPTCHA was broken.

I'm still on top of SPAM, but mostly by requiring email confirmation, and by having three or four people who watch the RC feed, block bad users and delete bad content.

I switched my MediaWiki to QuestyCaptcha. Each of about a half dozen questions about classic literature links to a Wikipedia article that contains the answer.

I'll have to check out QuestyCaptcha, but I've got a lot of non-English users. Thanks for the tip!

Successful spammer registrations dropped to zero. Someone using a wiki farm wouldn't have this sort of story to tell to an interviewer.

Honestly, the story of managing load spikes and such in a VPS environment is a far, far more interesting story to tell than anti-spam techniques. Believe me, I've walked the entire path.

In other words, the "warn" method [pineight.com].

Sure.

Comment: Re:Who has a good VPS for $10/mo or less? (Score 1) 136

by Short Circuit (#40644897) Attached to: Varnish Author Suggests SPDY Should Be Viewed As a Prototype

SSL is considered a subscriber perk.

Ah. I thought I still had subscriber credit. I got one of those 'as thanks for...you can now use Slashdot without ads' emails. Only other time I'd seen that kind of behavior was when I was a subscriber.

For one thing, what sort of anti-spam mods and specialized markup mods do MediaWiki and phpBB farms offer?

Beyond captchas? Very probably things like mod_security, firewall rules blocking bad netblocks from accessing the server. (Doing this was the single most-effective anti-spam mechanism I ever saw.) Using DNSRBLs for realtime tracking of bad source IPs.

For another thing, it might be a custom web application, other than a popular blog, forum, or wiki, that still needs user accounts. Such an application might form part of a job seeker's portfolio to present to prospective employers who "don’t interview anyone who hasn’t accomplished anything" [techcrunch.com].

If you're building a site as part of an operating portfolio with a user base, you can certainly afford an extra IP if you need it. Right now, it doesn't cost very much. If you're merely showcasing a web application, you don't need SSL. If the potential employer is going to ding you for being vulnerable to Firesheep on a site where it doesn't matter, either you're applying for a security-related job, or the guy doing the analysis is a pedantic dick.

And if you do user accounts without TLS, you're vulnerable to Firesheep.

I've never argued otherwise. That said, there are ways to cope with things like Firesheep. Such as tying operating profiles to browser fingerprints. (There's a lot more identifying information in each HTTP request than just your User-Agent string.)

Most shared web hosts that I've looked at don't even offer SNI hosting because they cater to the IE-on-XP demographic.

Then either educate them, use a different provider, or school them by running a shared web host that does offer both SNI and IPv6, and advertise like crazy on Slashdot and Reddit.

An optimist believes we live in the best world possible; a pessimist fears this is true.

Working...