Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:Mathematics (Score 4, Informative) 79

by Terje Mathisen (#48774659) Attached to: OpenBSD Releases a Portable Version of OpenNTPD

[Full Disclosure: I have been a member of the NTP Hackers team for ~15 years, so you could claim that I'm partly to blame for the recent security problems even if I have not personally worked on the crypto or monitoring code.]

NTPD is definitely more complicated that what you need for a leaf (client-only) machine, like all the server functions and the code that support locally attached reference clocks, this is the main reason PHK is working on a dedicated NTP client.

We have known for many years that the monitoring functions, in particular the "mode 6" UDP packets were a potential DDoS amplification vector, which is why we replaced them.

For the crypto stuff we did what pretty much every other project did, i.e. we imported the functions we needed from openssl, and like pretty much every other project we messed up a few buffer handling issues.

The important point here is that anyone running a public server with a recommended configuration (no crypto, no remote monitoring) would not have had any security problems, even if they insisted on using 10+ year old versions!

With any version from withing the last 3-5 years you would also have been secure against the DDoS vector even if you did allow remote status monitoring.

How many system-level sw packages are you using where this would have bee true?

Terje
PS. OpenNTP should properly be called OpenSNTP, since it implements the Simple NTP subset instead of the full NTP protocol stack which includes system clock time/frequency tuning.

Comment: There's a reason it doesn't work! (Score 1) 464

by Terje Mathisen (#48725383) Attached to: Ask Slashdot: Are Progressive Glasses a Mistake For Computer Users?

I am 57, I have used reading glasses for about 10 years, then switched to progressive (+2.75 to +0.75 on my right eye, +2.0 to 0 on my left) about three years ago.

I really love these glasses but have found like you that they are not at all suitable for my standard 3-monitor working setup:

Progressive lenses work by having a fairly large sweet spot (i.e. focus area) over the top half of the lenses, optimized for distance vision, then a much smaller bottom area which is optimized for (book) reading, i.e. with a focus distance of 30+ cm or about a foot. It is important to note that this lower area is significantly narrower than the distance-vision part!

The big problem is everything in between, i.e. the progressive part! When you blend two different lenses, the transition area will be very narrow, i.e. the area of good focus is shaped like a top-heavy timing glass with a narrow waist.

This will severely limit your normal sidewise focusing ability, and the narrowest slice seems to be close to the 60-100 cm distances typical of multi-monitor setups.

The only good solution I've found is to have a pair of dedicated programming glasses in the +1.75 to +2.25 range.

BTW, what I'm really waiting for is improved soft replacement lenses which hook into my eye muscles so that I can focus the same I did when I was younger, but the first generation of these only provide about +1.0 of adjustable focus range, and that is not enough to read fine print, or in my case: Detailed orienteering maps.

Terje

Comment: Permanent conduits are the only way to go! (Score 1) 279

Here in Norway all electrical cables are installed inside plastic tubing, so you can pull out/replace them if you need to, with no need to tear down any walls. (BTW, we also do the same for water pipes: They are always installed as pipes-in-pipes, with a central drain point for the external pipes: This way any leak will be contained and you can fix it by pulling out the broken (usually due to freezing in winter) pipe and replace it.)

When we built a new home a few years ago I specified that the electricians should put in spare conduits between the main breaker room and every other room in the house, except bathrooms, this way I could pull whatever cable I would need.

Terje
PS. The sad part of the story is that the installation company had never done anything like this in a residential building before and they messed up badly, omitting the spare conduits to important locations like the living room/entertainment center. They ended up giving me a substantial rebate but I'm still a bit pissed off. :-(

Comment: BT, DT... (Score 1) 129

by Terje Mathisen (#47823515) Attached to: The Frustrations of Supporting Users In Remote Offices

Many, many years ago (1986 or so?) we had a branch oil exploration office in Iran, surveying new oil fields close to the border with Iraq.

Getting any kind of computer gear in or or out of the country was "difficult", and the best possible data connection was an extremely expensive 256 kbit/s satellite line.

One day I was told to help, over a bad phone line, a guy down in Teheran whose PcDos computer had crashed:

I was able to figure out that his crash had modified/overwritten the Boot Block on his hard drive, but that he did have a bootable Dos diskette available, so I sat for about 45 minutes on the phone, talking him through the DEBUG commands needed to load the boot block and manually modify it back to how it should have been, then write it back.

It worked on the first attempt. :-)

Terje

Comment: Mastery has to be (at least partly?) subconcious (Score 1) 160

by Terje Mathisen (#47542005) Attached to: Soccer Superstar Plays With Very Low Brain Activity

When grading expertise on any given task/process, the top level ("Master") is usually defined to be when the person can not even explain how she is doing it, everything is automated to such a degree that "the solution was obvious".

Magnus Carlsen used to play even faster than he is doing these days, but he explains that this is not because to takes him longer to figure out the best possible moves, but because he has to take the time afterwards to do all the required calculations to confirm his instinctual choices.

He has also explained after some really complicated end games where he has kept on playing for small advantages, eventually turning "obvious draws" into wins, that "it was very easy, I just had to play the only possible move".

I believe the foot/leg motor skills of a Neymar is comparable to those of a world champion orienteer: The best orienteers can run cross-country, through rocks, stones, windfall & vegetation, while studying an incredibly detailed map in order to navigate, making it impossible to focus on the ground while looking at the map. This means that the actual broken field running must use a small amount of brain capacity, all the movements are fully automated.

I know that Petter Thoresen (former multiple world champion) once was told to do a training race in Germany while a champion Kenyan cross country runner would tail him to check his technique: Even while orienteering Petter could run fast enough that the x-c runner was dropped after less than a mile.

Terje

Comment: Re:"poor night-time results": I do Night-Orienteri (Score 1) 550

by Terje Mathisen (#47529589) Attached to: Laser Eye Surgery, Revisited 10 Years Later

Thank you!!!

This is exactly what I've been waiting for, even if this first version only supplies a single diopter of focal plane adjustment:

Since orienteering maps are _very_ detailed I normally require +2 or more bifocal glasses in order to see all the fine detail clearly.

There is also a potential problem with the size of the lens: The visual opening is smaller than a natural or fixed replacement lens so the problem with night vision would still be there.

OTOH, this also means that the research is ongoing, I'm hoping for even better options in a few years. :-)

Terje

Comment: "poor night-time results": I do Night-Orientering! (Score 1) 550

by Terje Mathisen (#47525489) Attached to: Laser Eye Surgery, Revisited 10 Years Later

I normally run around 75 orienteering competitions every year, 15-20 of them during late fall/winter/early spring when we have very little daylight here in Norway.

This means that those races are all at night, using a LED headlamp to read the map and to the see the ground in front of me. Since I got old enough for presbyopia I have been forced to use either bifocal glasses or a single contact lens: The glasses work OK under dry daytime conditions, but with any kind of moisture in the air they quickly become useless. The single contact means that I can only see the map with my right eye and the terrain only with the left, while distance perception suffers.

When I asked about lasik I was told that with my need for maximum night vision I would probably be very bothered by halos/diffraction spikes, the alternative is to do a multi-focal lens replacement surgery:

This uses a lens with two or three focal points, i.e. distance/reading. Most people can learn to disregard the out of focus image and only "see" the sharp version, but since more than half the light is lost night vision suffers significantly.

I'm still hoping they will be able to develop a real elastic replacement lens, i.e. something that allows me to regain the childhood capability to focus anywhere from the tip of my nose to infinity, in the meantime I'll try to make do without surgery.

Terje

Comment: Dual-income couples drive this! (Score 5, Insightful) 230

by Terje Mathisen (#47443213) Attached to: Geographic Segregation By Education

At least here in Norway this trend probably started even earlier, but we have a significantly larger proportion of dual-income university-educated couples. (This trend is supported by our one-year parents leave with pay, where the parents have to share this time, and by public kindergartens when the children are a little older.)

I suspect that a strong driver for this big city concentration is the fact that most couples meet sometime during their university studies, and when this switched from being men getting their MSc's meeting the girls from the nursing schools, to being men & women at the same university, they would have really strong incentives to try to settle in a city with a big enough employer base that both would have multiple job alternatives.

I.e. my wife & I have lived in Oslo for almost 30 years now, we have always had lots of employment options, while my youngest brother and his wife live in a far smaller town:

In their area it has significantly harder to locate alternate (and interesting) employment when bad times hit the company one of them worked at.

Terje

Comment: Re:Question... -- ? (Score 1) 215

by Terje Mathisen (#47334667) Attached to: Exploiting Wildcards On Linux/Unix

The real bug here is the same as in SQL injection attacks: A failure to safely distinguish between program and data!

I.e. when doing chown usr:grp *.php, the wildcard globbing should escape any special letters, particularly including white space and wild card characters.

This is the same idea as when you use prepare(... ?,?) on any sql statement with replaceable parameters, then execute() with the relevant dynamic values.

Terje

Comment: Special locations? Oh Yes! (Score 1) 310

10 meter below the sea surface, inside one of the legs of a semi-submersible drilling platform in the North Sea in winter (Dec 1981).

About 98% relative humidity, 10+ C, water dripping everywhere, including a pulsing spigot from the 10 cm long crack we were down there monitoring.

We had lowered a full lab worth of expensive HP gear into that environment and I did on-site programming (digital signal analysis) on an 8-bit HP-87 microcomputer.

The software worked and all the gear survived, even if we had to unpack it from the shipping boxes in order throw a rope around each unit and first lower them and then afterwards pull them back up the narrow manhole inspection ladders.

Later in the same decade I wrote what might be the ultimate executable ascii generator while on a skiing vacation in a mountain log cabin (no computers, just a notebook and a hex dump of all the x86 16-bit opcodes.

My version ran using only the 70+ chars that MIME specifies as not needing any form of encoding.

It used the minimum possible amount of self-modification in the bootstrap loader ( a single two-byte backwards branch).

It survived most common forms of reformatting, i.e. changing line terminators from CRLF to just LF (unix) or just CR (Mac), or merging all lines in a paragraph into one.

Terje

Comment: Not MIT but NTH (Score 1) 153

by Terje Mathisen (#47134991) Attached to: Ask Slashdot: What Inspired You To Start Hacking?

I started at NTH (currently called NTNU) in Trondheim (Norway) in 1977, so my first-year programming class was in Fortran 2, hand-punched on 80-column cards.

I can still recall my sense of wonder when I realized (during the second lab exercise or so) that "I can make this computer do anything I like!".

My first ever extra-curricular program used modulo 1e10 arithmetic on a 36/72 bit machine in order to calculate pi with as many digits as I could manage within the 60 cpu seconds which was my maximum allotment.

Since then I've done an awful lot of hacking, but almost exclusively in the old meaning of the term.

Currently I'm playing around with hardware/software codesign on the Mill computer architecture, writing fast & efficient fp emulation for machine models without full hw fpu.

Terje

Comment: Re:Q: Why Are Scientists Still Using FORTRAN in 20 (Score 1) 634

by Terje Mathisen (#46965467) Attached to: Why Scientists Are Still Using FORTRAN in 2014

Fortran has had "higher-order array operators" for _many_ years now (see FORTRAN 90), but even without this most Fortran code is written using simple iterative operations over arrays, with explicit multi-dimension indexing. This tends to make the auto-vectorizers job much simpler.

As the AC noted, Fortran has pretty much no aliasing issues at all, unless you go out of your way with COMMON blocks, this makes it far easier to optimize the code.

Terje

Comment: Fluke is indeed no fluke! (Score 1) 702

by Terje Mathisen (#46794353) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

My Fluke multimeter which I got from my new boss the day I started my first job outside university back in 1984 (i.e. 30 years ago) is still working just as well as on the first day.

I have to replace the 9V battery every 5 (3-10?) years, but otherwise this little gem has survived everything, including several accidental drops, some from more than 2m height.

Really good stuff.

The portable Fluke digital oscilloscope (Scopemeterl 123) which I got 10+ years later is also working well, the only problem here is that it uses an old-style NiCd rechargeable battery which I've had to replace once. Fluke seems to be selling it still, under the 123/S name. :-)

Terje

The way to make a small fortune in the commodities market is to start with a large fortune.

Working...