Forgot your password?

Comment: Re:Overstating the case (Score 1) 527

by Zocalo (#46764499) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Heartbleed is a score for closed source. Those trying to spin it like this is open source working are delusional.

So, if this were to have happened in a closed source library, another company would have been looking at the code in order to discover the bug *how*, exactly? Even if the bug had been found by a white hat, the only recourse would have been to raise a bug report with the vendor and hope they actually did something about it. The failure for open source here isn't the development model, it's the fact it took two years for the vaunted "many eyes" to get around to looking at new code in a critical piece of the tool chain. As I noted, that's something that can easily be addressed by forcing commits be vetted before acceptance, and potentially other ways too, but again, you could also apply that approach in a closed source shop.

Comment: Re:Overstating the case (Score 3, Insightful) 527

by Zocalo (#46761381) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
This, and I suspect a lot of shilling by proprietary software vendors playing up the "many eyes make bugs shallow" thing. This wasn't so much a failure of the open source model as it was a failure to properly vet commits to the code of a project before accepting them into the main tree, and that could happen just as easily on a closed source development model as an open source one. That might be OK for small hobby projects, and perhaps even major projects that don't have quite so major ramifications in the event of a major flaw, but hopefully this will serve as a wake up call for projects that aim to form some kind of critical software infrastructure. For such projects requiring that commits be reviewed and "signed off" by one or more other developers would perhaps have caught this bug, and others like it, and could perhaps work very well in conjuction with some of the bug-bounty programmes out there. Of course, "Find a flaw in our pending commits, and get paid!" only works if the code is open for inspection...

Comment: Income taxes? I'm an expat you insensitive clod! (Score 3, Interesting) 380

by Zocalo (#46756925) Attached to: Slashdot Asks: How Do You Pay Your Taxes?
Some countries don't even have personal income tax, and apart from the U.S. I don't know of any others that require their citizens pay income taxes on wages earned overseas. Admittedly several of the countries on the list are not the best places to live, but for non-USians it's perfectly possible to avoid paying income tax altogether.

Comment: Re:SPF.. (Score 3, Interesting) 83

by Zocalo (#46708567) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists
A better solution might be to move the original sender's "From" to another header ("Return-Path", "Reply-To", - whatever works best for the list software/admin) and set a new "From" to an address that would feed any replies to the list's submission/moderation queue. If the address of the person replying is on the mailing list or the list accepts any submission address, it goes into the normal queue for remailing, if not it either gets discarded as a bogus reply that is probably spam or goes into a moderation queue, depending on the list.

This is still an implementation flaw in the way DMARC and SPF work with mailing lists rather than a problem with mailing lists though, so the onus really belongs with DMARC and SPF to better provide a way to support mailing lists. Including a way to specify in the DMARC/SPF configuration for the that the sender is a mailing list and that they need to validate the original sender against a different header instead - "X-Originally-From", rather than the mailing list's domain in the current "From", perhaps?

Comment: Re:Correlation is not causation. (Score 1) 1036

by Zocalo (#46675817) Attached to: How the Internet Is Taking Away America's Religion
It's a view point in the UK that has been around for years - at least a few decades - although where it originated from and when I have no idea. Quite possibly it was the Daily Mail or a similar rag going off on one of the their diatribes about "declining standards" or whatever they had a bee in their bonnet over that month. From comparing notes though it does seem C of E schools in the UK generally force much less dogma and indoctrination upon impressionable infants compared with church schools of other faiths, and even other christian denominations. I guess you really do reap what you sow... :)

Comment: Re:Correlation is not causation. (Score 4, Interesting) 1036

by Zocalo (#46674847) Attached to: How the Internet Is Taking Away America's Religion
The graphs certainly back up the idea that the best way to raise an atheist is to send the child to a Church of England school (in my case I was an atheist by the age of nine), but I suspect that the increasingly secularisation in UK education has something to do with that as well. When the only primary school in a small rural town is a church school (usually that would be C of E, but sometimes Catholic) and you have a typical rural UK demographic representing both major christian denominations plus a scattering of other faiths that school tends to get coerced into providing a more agnostic education if it wants financial support from the local government.

Comment: Re:unfiltered information will make people THINK! (Score 5, Insightful) 1036

by Zocalo (#46674805) Attached to: How the Internet Is Taking Away America's Religion
I think there's more to it than just being exposed to skepticism from existing atheists/agnostics too. You get much more exposure to people who are from different cultures and religions that you might in your own little neighbourhood, both knowingly and unknowingly, and when that penny drops, that's when the thinking part kicks in. Generally you are going to you realise that, hey, they are not that unlike us and we actually share many of the same views on life - most religions teach the same core principles wrapped up in some slightly different stories, after all. It's fairly well understood that major cities with cosmopolitan populations tend to be more open minded and their populations tend to have a less religious view than those from more rural communities, so I suspect this is just the same principle manifesting itself on a much grander scale.

Comment: Re:Good idea (Score 3, Informative) 175

by Zocalo (#46673081) Attached to: Linux Developers Consider On-Screen QR Codes For Kernel Panics
It might actually be more than that. Worst case, the screen in in 80x25 text mode (assuming a PC), which gives 2,000 binary bits, but if you start playing around with extended ASCII graphics characters you could probably encode a KB of data quite easily. Hardly a crash dump, but easily enough to get across the essentials.

Comment: Re:Touristy places will be in for a surprise.. (Score 3, Insightful) 148

That would be excellent if this happened, although unlikely given how much the local population that supports the tourist trade is likely to rely on that same mobile coverage. I go on vacation to *get away* from the daily grind, yet of late it has got to the point that you can't go anywhere without someone yakking on a mobile phone, and I go to some pretty out of the way places to try and make that happen. The absolute last thing you want to hear when you reach Everest Base Camp, slightly out of breath from the lack of oxygen and effort, and are just starting to take in the amazing view is:

*Latest naff ringtone*
"Yes, I'm climbing Mount Everest!"

It kind of ruins the moment, you know?

Comment: Re:How about (Score 2) 285

by Zocalo (#46574951) Attached to: I prefer my peppers ...
Not just tasty in their own right, but also not be so hot that you kill any chance of really enjoying the taste of whatever else that you are eating them with/in. I can manage peppers a fair way up the scale; a hot Piri Piri sauce doesn't bother me much, nor do habaneros, which are both around the 50-100K bracket IIRC, but all I can taste after a few mouthfuls is the pepper. I'd much rather have something like jalapeños or something even lower on the scale, so I can taste both the pepper and the rest of the meal for the entire sitting.

Comment: Re:Little disturbing (Score 3, Insightful) 491

by Zocalo (#46565313) Attached to: How Satellite Company Inmarsat Tracked Down MH370
Inmarsat managed to eliminate the northen arc based on differences in expected doppler differences of the signal pings, when the last ping was received, and assuming a conservative fuel consumption to that point, there would have been insufficient fuel left for the plane to make land, hence it went down in the ocean. It's important to note that Inmarsat is unable to say where exactly, only that it is within a given range of the location where last known ping was now known to have been sent from, which is where the search for wreckage is now centred. I gather this is the result of a highly unorthodox set of data analysis that is well outside normal procedures for determining location, hence the reason it's taken so long - some of the techniques they used probably haven't ever been done before.

Comment: Re:Flight recorder (Score 4, Insightful) 491

by Zocalo (#46565169) Attached to: How Satellite Company Inmarsat Tracked Down MH370
Still vastly better than what it was only a day ago, and there seems to be a lot more possible debris sightings in the search area which I take as a sign they might be in the right area and will hopefully pin it down some more. The race now is to find it before the black box transmitters go silent, a task for which the US is dispatching some specialist search gear apparently, because that's probably the only hope of giving the bereaved a chance at some closure left now.

Comment: Re:I think this is dangerous (Score 1) 100

by Zocalo (#46525735) Attached to: Oculus Rift Developer Kit 2 Ready For Pre-Order Today
I don't think it's going to be quite the VR nirvana that some people are expecting, at least not for some of the more involved games that would benefit the most from VR - simpler console based stuff will be fine, although I'd expect there to be a similar level of bandwagon jumping crap that we had when the first "Multimedia PCs" were all the rage. Having a device like the Oculus Rift strapped in front of your eyes is a double edged sword; yes, you are totally immersed in the virtual environment, but you are also much more limited in your interactions with the real one. You are going to need to have situational awareness of both worlds, and do everything in the real one pretty much by touch alone, and that's likely a more limiting factor than some people might be expecting.

There's a lot of people planning on using the Oculus to play Star Citizen when it comes out, yet this is a traditional old school style PC flight sim at heart which, as many old timers will attest, even with all the buttons and other controls on a HOTAS setup, you often still needed some controls on the keyboard. The game also has an FPS mode that many of those same players are planning on using with a mouse rather than a stick, so that most likely means that the left hand will be moving between throttle and keyboard and the right between stick and mouse. Sure, most PC gamers can touch type, but with the Oculus we won't even have the benefit of our peripheral vision to find the home keys and get our bearings to find the key(s) we want, and I think that might be harder to do quickly than some people expect, particularly when they are in the middle of a dogfight or attempted boarding. That's not to say it's an unsolvable problem, some extra thought on control to key mappings might be enough to avoid most mis-steps, and I expect to see a lot of work going into making input devices much more tactile to help with this over the next few years - braille keyboards for hardcore VR gamers anyone?

Never trust an operating system.