Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Not complex; not broken; not meant for enterprise (Score 1) 86

IMHO, the only legitimate points in this gentleman's post are: (1) a compromised browser defeats OAuth, and (2) OAuth isn't mobile-friendly because it requires browser interaction to gain user consent to grant access.

While both of these are true, Web browsers are ubiquitous; OAuth is a Web standard. You can abuse it slightly to make it work with mobile devices (see "access code grant") but really, it not was intended to be a be-all end-all authorization mechanism.

Likewise, claims that the protocol isn't "enterprise-friendly" are somewhat silly. OAuth was not intended for fine-grained authorization within an authentication or trust domain. It's for cross-domain (cross-application) grants, between unrelated apps, under the assumption that all three parties in the transaction are basically unrelated.

If an executive wants to delegate calendar permissions to his secretary, he should *just do it* by clicking a checkbox on Microsoft Outlook or whatever product they use for scheduling, which no doubt has its own rich permissions system and obviously has its own authentication mechanism. There's no need for a Web standard to facilitate this use case!

As for claims that "there is no standard" -- that's entirely true. There is a draft standard, which presumably will eventually be ratified by IETF once we have all had a chance to play with the technology and suggest improvements. Standards are not an item of worship; they're just a way to ensure that a protocol has had a reasonable degree of scrutiny, has no undisclosed patent encumbrances, etc. I've heard people accuse OAuth of being complex or flawed, but never fundametnally insecure.

Frankly, anyone who thinks the OAuth draft RFC is complex, should choose a dozen or so documents from the SAML protocol suite, relax in a hot bath, and read through several hundred pages of THAT claptrap. Then we can talk about complexity.

(Disclaimer: yes, I do read security standards in the bath, and I create toy implementations of security protocols and algorithms for fun. That probably makes me mentally ill.)

Comment AMD's next CPU will crush protesters into rubble? (Score -1, Offtopic) 161

Rather unfortunate timing for the headline of this article, considering today's news item about a literal bulldozer that did not fall short...,0,4476903.story

Comment Re:no expectation of privacy (Score 1) 391

Cops are public servants working in public spaces; given that the justification for speeding cameras and CCTV has always been that there is no reasonable expectation of privacy for someone in a public space, why should the public-spaces rights of policemen be any different from those of the general public?

If you are in public, regardless whether you're on the job, you must accept the notion that you could be observed, by people or recording devices. Bear in mind that most COPS have recording equipment in their squad cars and frequently videotape traffic stops.

If the concern were merely about videotaping police work, police departments would be worrying about their own recordings. It seems to me that their concern is about OTHER people recording police work, when said recordings are outside of the police department's control.

Comment Re:Big buzzkill, over-dramatized (Score 2) 142

No doubt, cloud is a huge buzzword at the moment. No reason you can't use that to your advantage, however.

"Cloud computing" in common parlance means at least three things at the moment:

* A marginal-cost pricing model for compute resources (pay for only what you use)
* Making use of virtualization in one's app architecture
* Pervasive use of automation in the architecture and throughout the software lifecycle (dev/test/deploy)

#1 is a bit of a fad; some workloads can be shoved out into a public cloud with no risk to security or availability, but many workloads will never be suited for that.

However, #2 and #3 are here to stay for the next decade -- and even if computer architecture makes another massive swing (e.g. massive parallelism or quantum computing or some hooey) and virtualization is no longer as sexy as it is right now, automation always has been, and will always continue to be, a key component of successful IT operations. Automation = productivity!

Even a large part of what we call the "virtualization benefit" is actually due to automation-related productivity. The fact that I can take my pre-built OS + app stack and deploy it on whichever hardware I wish -- and in some cases even migrate it between two differently-capable host systems WHILE my guest is running! -- is all a flavor of automation. We've always been able to migrate servers, but it used to require a screwdriver and lots of patience.

So -- my advice is, don't look down your nose at the sudden cloudiness! Take advantage of this buzzword-laden atmosphere to justify your sound technical decisions to the businessfolk, in terms that their feeble minds can understand. ;-)

Comment Re:Cognitive dissonance (Score 1) 224

The quote, actually, is "information wants to be free."

There's no _should_ about it. It's not a value judgement; it's an expression of one of the natural properties of information: that it tends to replicate itself in any way it's able, subject only to the constraints of the underlying medium (and of course to any artificial constraints placed on it, though those have a track record of working badly).

Even "information wants to be free" is a bit imprecise because it anthropomorphizes the information. Data has no intent, there's no "want" there; it just seems that the natural state of information is to propagate, and to mutate as it propagate.

Also, keep in mind that "free software" doesn't necessarily mean free as in beer. If you have heard someone saying "software should be free," they may have been referring to the fact that the source code to the software that runs your life should not be a trade secret locked away in someone's corporate vault.

As numerous generations of software pirates, malware authors and hackers have shown us, to someone of sufficient skill, the machine code to a piece of software yields enough information to mutate or copy that software. Protecting source code is an attempt to create artificial scarcity -- or security through obscurity, if you prefer -- and it doesn't work very well.

Maybe my argument convinces you; maybe it doesn't. It's not really my concern. I'm employed by an open-source software company whose business is growing tremendously year-over-year -- in the middle of a recession, no less! -- and one of the main reasons for our success is that our products are _open_.

Our customers are free to inspect, modify, ask questions regarding, and contribute improvements to the tools we sell them. Because we try whenever possible to leverage open-source dev tools, we enjoy the same openness in our infrastructure and development toolset. We are able to adapt our tools to work well for us, and contribute the improvements back to the community when we're done.

"Free as in beer" is not "free as in freedom." If your industry ignores this fact, it does so at its own peril. Don't be surprised if a lightning-fast innovator comes along and disrupts everyone. And if they do, look for open source to be greasing the wheels of their productivity.


Submission Researchers discover that sand behaves like water->

Xeger writes: "University of Chicago researchers have found that streams of sand can behave similar to liquids, forming water-like droplets when poured from a funnel. To obtain these results they dropped their expensive high-speed camera from a height of several meters and observed the sand forming into droplets — something that shouldn't happen without surface tension! These findings suggest that conventional engineering wisdom about sand, dirt and other grainy materials needs to be rethought, and that it might be possible to apply fluid dynamics to some solids problems!"
Link to Original Source

Comment Re:You make a good point... (Score 1) 194

That's not the point of open source. The point is this:

- I'm an entrepreneur, or I'm being paid by an entrepreneur or a massive corporate entity, to create software that makes money.

- It is my duty as a professional to implement the most reliable, beneficial solution I can, and to do so at the lowest possible cost.

- With this goal in mind, I look around the ecosystem for existing tools, frameworks and applications that will help me achieve my goal. I will generally find any number of open-source products as well as some closed-source products.

-I choose the product (or most frequently, combination of products) that will best help me achieve my business goal. I make my choice irrespective of how the products are licensed.

And THAT, my friends, is the value proposition of open source. Day after day, software developers everywhere are awakening to the fact that the most reliable, most efficient, quickest-growing tools in the business are free of cost, community-supported, and ripe for the picking.

A very small fraction (perhaps 1%) of the people who adopt a given free software product will find that it doesn't quite suit their needs. Funded by their employer or themselves, they will tweak the product until it does what they want -- they then contributed their tweaks back to the community so others can benefit.

Can it ever be a disadvantage, being forced to contribute one's valuable IP back to the community? Of course it can! If your tweaking represents a key competitive differentiator, then by all means, buy a closed-source (or a dual-source) solution.

But, speaking as a software developer with more than a decade of experience and three patents pending, VERY FEW of the changes we make to our tools and frameworks are original or valuable in the business sense.

It is in our "business logic" where money is made -- the bits of code that sit on top of the frameworks and implement the user-relevant part of your application. And THOSE bits of the application are very seldom open source, nor should they be.


Colleges Being Remade Into "Repress U"? 527

The Nation has up a sobering article from its upcoming issue about how colleges and universities are being turned into homeland security campuses, in the name of preventing homegrown radicalization. Quoting: "From Harvard to UCLA, the ivory tower is fast becoming the latest watchtower in Fortress America. The terror warriors, having turned their attention to "violent radicalization and homegrown terrorism prevention' — as it was recently dubbed in a House of Representatives bill of the same name — have set out to reconquer that traditional hotbed of radicalization, the university."
The Media

Congress Creates Copyright Cops 533

I Don't Believe in Imaginary Property writes "Not satisfied with pitiful potential penalties of $150,000 for infringing upon a $0.99 song, Congress is proposing new copyright cops in the "'PRO IP' Act of 2007, specifically the creation of the Office of the United States Intellectual Property Enforcement Representative (USIPER). They also feel that the authorities need the authority to seize any computers used for infringement and to send copyright cops abroad to help other countries enforce US laws. MPAA boss Dan Glickman praised the bill saying that, 'films left costs foreign and domestic distributors, retailers and others $18 billion a year,' though Ars points out that it allegedly costs the studios only $6 billion."

Submission Merrill Lynch: 30% of U.S. Households to Own Wii b

njkid1 writes: "According to a report in the Financial Times, the Wii's sales momentum is so strong that some analysts have upgraded their long-term outlooks for the console. Nintendo's new console just came off a very strong performance in January, easily selling more consoles than either the Xbox 360 or Sony's PS3. 9&ncid=AOLGAM000500000000022"

Sony Set to Market Blu-ray as Winner of Format War 353

An anonymous reader writes "Citing the recent sales numbers, Sony exec David Bishop is claiming that the high-def format war can officially be declared over. With a movie sale ratio of almost 2:1 Blu-ray discs are being declared the victor over rival HD-DVD by Blu-ray supporter Sony. 'And yet while all agree that it was a strong month for Blu-ray, opinion is split on whether the surge in sales is an indicator of stronger user adaption of Blu-ray compared to HD DVD, or simply a reflection of the larger number of new Blu-ray titles that hit the market over the month -- 25 new Blu-ray titles were released in January, compared to just 11 titles on HD DVD for the same period.'"

Submission Former Take-Two CEO Brant Backdated Stock Options

njkid1 writes: "Take-Two's advisors to the Special Committee of its Board of Directors have completed their investigation into the company's stock options practices, and it would appear that founder and former CEO Ryan Brant was largely responsible for backdating. More within... 4&ncid=AOLGAM000500000000022"

One of the chief duties of the mathematician in acting as an advisor... is to discourage... from expecting too much from mathematics. -- N. Wiener