Follow Slashdot stories on Twitter


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Hangouts thrown out (Score 1) 62 62

When I got my Nexus 5 android phone last year the first thing I did was to send SMS messages to my kids to notify them that I had a new phone. Hangouts failed to send them. After several hours of messing around I installed 8SMS with no problems. How can the most basic of apps on a phone be somewhat broken out of the box?

As a general Google rant, I am security conscious and want nothing shared and nothing in the cloud. Automatically Google sucked my contact list out of my phone and stuck it in the cloud. The latest Google Photos app update said something like "click here to store all your photos in the cloud". Grrrr. I felt like I was one errant tap away from losing control of my photos. I nearly went ballistic.

I feel like they want to grab my wallet out of my pocket if I happen to turn in the wrong direction. "Here let us hold on to that for you. If you need some money just let us know and we'll get it out for you. Aren't we nice?".

Comment: Do the job now and later (Score 1) 298 298

The first thing is, most of us are coding as house painters rather than as Rembrandt. So it needs to do the industrial job. I tend to put as much effort into documentation and style for my personal code as for working code.

If the code is for a micro-controller in C then the emphasis might be more on raw efficiency and preciseness. A command line utility run ad hoc with low resource usage can afford to be a little less efficient and more readable. Code for an online transaction system needs the efficiency, perhaps as a tradeoff to readability but in most cases hopefully not.

I have written code and products and have had to go back to stuff I wrote 15 years ago. So I learned a long time ago to document as clearly as possible for the poor sod in the future (i.e. me) who will have to come back and make sense of everything. Mostly I succeed here but sometimes I fail.

I also supported other people's assembler code for a few years. That provides lots of what not-to-do's.

If you are coding examples for a book or website then the rules and aesthetics can be changed again. Maybe think more Rembrandt here.

Functionally, document everything, use meaningful and consistent naming conventions, catch errors, log, provide trace capabilities where needed, be as generic as possible and think about reusability but don't obsess over it (depends on the context as always).

Comment: Re:Ketchup was never a problem ... (Score 1) 172 172

We just mixed a little vinegar in to get the last of the bottle and slop it on our french fries.

I second this. As a kid when we went hunting and were down to the end of the only ketchup bottle, my uncle would add vinegar and thin it out to make it last longer.

Comment: Re:Are the CAs that do this revoked? (Score 3, Interesting) 139 139

I am annoyed that Firefox does not respect my choices for trusted certs when it does an update. Every time FF updates I go in an un-trust certs from CAs from foreign countries (China, Turkey, etc.). But after the next update, they are back. This is not a secure way to operate.

+ - Oct 25 is Root 2 day

Ted Stoner writes: The Unix timestamp (also used by Java) tomorrow (Oct 25) at about 1:04:16 AM GMT-4:00 DST (EDT) will hit 1414213456. Divide by 10**9 and square it and you get 2.

Root 3 day (timestamp 1732050808) does not occur until Nov 2024 so party now.

Visit the Epoch Converter site for more zany madness.

Comment: Re:Closed source won here (Score 1) 582 582

I would say that open source bugs are easier to exploit because you have the source. Closed source bugs rely on reverse engineering and should in theory be harder to find. So yes bad guys can focus on a high-value product or target whether closed or open source, but I think their job is a lot easier if it is open source.

To reiterate my point, I think that this argument is applicable to high value targets mostly. For non-security code or that without strong monetary implications tied to it, open source should still be better than closed source from a bug perspective.

Comment: Closed source won here (Score 1) 582 582

I've read the FOSS argument for years and I guess I have leaned in favor of it from a bug perspective. But in this case, I think closed source would have won, at least to the current point in time. If OpenSSL is truly behind 60-75% of the world's web servers, then the value in hacking it is enormous. Thus if I am a criminal organization, it might be worth spending $1M for guys to read that open source code and find problems that I can then monetize for a big profit.

I don't think you are going to get $1M worth of code inspection on the white hat side for OpenSSL. Maybe going forward it will, and companies may be willing to invest in the upkeep. Not out of goodness, but because it makes good business sense. For a large organization, how many soft and hard dollars have been chewed up in the last week doing analysis, patching, client communication and general PR for Heartbleed? Probably enough that a $10K donation in time or money to OpenSSL upkeep would be feasible.

There is also evidence that the bad guys have been exploiting this in the wild. So the usual argument of "we found the bug quicker with open source" is probably wrong here. The better-funded and more highly motivated bad guys found it quickest.

My guess is the bad guys have been working this bug against Yahoo for awhile. Yahoo told me a couple of months ago (and others I know) that someone was attempting to login to my account from Russia. I would now suspect Heartbleed here.

The logic for finding bugs on the black hat side is OR (find any bug and exploit). The logic on the white hat side is AND (prevent all bugs). The table is always tilted like this unfortunately in the security arena. Bugs will always happen and the good guys can't win every time, regardless of code access.

I know engineers. They love to change things. - Dr. McCoy