Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:The Dragon launch may be rescheduled... (Score 2) 108

by WuphonsReach (#49582465) Attached to: Russian Cargo Spacehip Declared Lost
Not that long. Depending on what the solar cycle does, Earth's atmosphere expands out far enough to drag this stuff down within weeks/months. Not years/decades.

Even at 250 miles above sea level (which is around the orbital altitude of the ISS), you have to regularly boost your orbit or get dragged down for reentry.

Comment: Re:Don't forget legacy BROWSERS. (Score 1) 218

by WuphonsReach (#49567111) Attached to: JavaScript Devs: Is It Still Worth Learning jQuery?
Customers who are running old, outdated, and insecure systems like WinXP are generally too cash poor to be good customers. They are going to nickel and dime you for any project that you do for them because they are either too cheap to invest in newer technology or too poor to do so.

Latest statistics indicate that Internet Explorer has less then 15-20% of market share, with versions older then IE 10 being just 2.5% of the market. Looks like IE 6 is under 1% now.

A year ago, you'd be a fool to cutoff support for IE on WinXP with 10-12% market share. Now? Not so much and it's not worth development time to support a 1% market share for IE 6.

Comment: Re:Misleading (Score 1) 77

by WuphonsReach (#49467839) Attached to: SpaceX Launch Postponed
Those four towers are the lightning protection system.

For more details, search for "rolling sphere" lighting protection system design. The idea is that if you roll a sphere of size X (usually 150ft or 45.7m) across the points of the masts, the area below the ball will be ~95% protected against a strike of power level Y. That is, any leader passing through the sphere will be more attracted to the mast, then to something below that point.

Comment: Re:Why a one-second launch window? (Score 1) 77

by WuphonsReach (#49467815) Attached to: SpaceX Launch Postponed
Yes there is margin.

But not launching on the exact instant when the ISS inclination is properly aligned with the launch site is expensive. The shuttle launches had to sacrifice 1100kg of payload in order to have a 10 minute wide launch window.

For a robotic launch where you can easily safe the vehicle after a scrub and don't have to unload passengers from the capsule, delaying 23h37m is not a huge deal. So you go with a much shorter launch window and gain a lot more payload to orbit. And if things don't go as planned, you scrub for a day and try again.

Comment: Re:One second launch window? (Score 1) 77

by WuphonsReach (#49467801) Attached to: SpaceX Launch Postponed
+/- 5 minutes was the shuttle's window and it cost 1100kg of payload to have a window that large (reference link).

The dog-leg cost of slipping into the proper inclination orbit with a launch that is mistimed can huge. On the order of hundreds of dV required to fix the issue.

So for robotic launches, where you don't have crew sitting in a capsule / vessel, and scrubs are relatively cheap as a result, it's better to go for a very small launch window (~1 second) to maximize payload.

Comment: Re:HTTPS is a pox, necessary or not (Score 1) 89

by WuphonsReach (#49423115) Attached to: The Problem With Using End-to-End Web Crypto as a Cure-All
If that's the opinion that you hold, then why don't you go do business with a bank that doesn't lock its vault, or use HTTPS, leave your door unlocked when you go away on vacation or to the office every day, and leave all of your mail open and stapled to your front door?

After all, since the big guys can read your mail or bust down your door, it doesn't make sense to take basic security precautions.

Comment: Re:And yet, no one understands Git. (Score 1) 203

by WuphonsReach (#49421601) Attached to: 10 Years of Git: An Interview With Linus Torvalds
SVN's strengths are:

- Centralized repository model, which is simpler and for less technical users makes it less likely that they will screw up. Once something is committed to the SVN server, you can back it up and not worry that you have portions of your data not covered by backups. Plus you get monotonically increasing version numbers, which non-techies find easier to digest.

- Excellent at handling binary files. Like MSOffice files, or LibreOffice, or images, or other binary assets. We have a few repositories that are 5+ GB.

- Only bring down what you need locally, not the entire repository. SVN has the concept of "sparse" checkouts where you only bring down the folders that you need, not the entire repository.

The downside is poorer merge support (an ongoing battle which they work on in each release) and there is no way to do commits if the link to the server is down.

Comment: Re:Cost of an IPv4 address for SNI-ignorant client (Score 1) 48

by WuphonsReach (#49393953) Attached to: EFF: Wider Use of HTTPS Could Have Prevented Attack Against GitHub
Eh... why support such out of date clients?

WinXP went out of EOL about a year ago. Usage is down to about 16%. And they can use alternative browsers or SSL libraries to deal with SNI. At this point, anyone left on WinXP is not worth the cost of support.

Android 3.0 came out in 2011. Only 7.3% of Android devices run a version older then 4.0.

At some point, you have to draw a line in the sand and say "we will not support that". Those older devices are insecure, don't support modern features, and increase your support and development costs by a large amount. If you can reach 90% of your audience for X cost, trying to reach 99% for X*10 or X*100 is not worth it.

It's the same deal as HTML5. Two years ago? It would have been near-suicide to base your website solely on HTML5. Today? There's no reason not to go 100% HTML5.

SNI support is now widespread enough that you don't need to worry about it.

Comment: Re:HTTPS? (Score 1) 48

by WuphonsReach (#49393859) Attached to: EFF: Wider Use of HTTPS Could Have Prevented Attack Against GitHub
HTTPS (SSL) alone will not stop attacks like this where any registrar trusted by the browser can issue certificates for any site that they want to.

HTTPS combined with DNSSEC + DANE would stop attacks like this. Because now the domain owner can say a few things:

- This is the only CA allowed to issue certificates for my domain
- My certificate is X, and not anything else

In short - admins need to put pressure on their DNS providers to provide DNSSEC for their domain records, after which DANE can be used to provide security for the SSL certificates associated with your domain.

Comment: Re:Memorizing site-unique passwords isn't possible (Score 1) 267

by WuphonsReach (#49352023) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess
For sites where you don't care if you get locked out for a few hours or days - password managers are just fine. (Just like anything else -- keep backups in a different format / location / etc.)

I belong to maybe 2-3 dozen forums (or more). All of them use random 20-30 character passwords and I just let the browser remember it (with a backup copy in a GPG encrypted text file). There's no point in my trying to memorize those passwords - and using a password manager means I don't have the same password in use in multiple places.

Use them for high security things like your primary email or bank accounts? Eh, better to rely on paper records stored in a fire resistant safe.

Comment: Re:It supports it just fine, article is BS (Score 1) 166

Typical NTP from the public pool seems to be anywhere from 0.5ms to 2.5ms. Which is good enough for practical purposes for most things.

With luck, good components, and good climate control, you can usually manage to keep an internal LAN within about 1/5th of a millisecond. Maybe 1/10th if everything is well behaved.

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde