Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Comment: Re:Never finish (Score 1) 144

The Hugo Award Nominees reading package last year includes the entire Wheel of Time series (which I thought was a classy move by the publisher, and a nice contrast to Orbit Books including only excerpts for their three nominees.) (If you're a member of the appropriate Worldcon, you're eligible to vote for the Hugos, and in recent years they've provided an electronic package of most of the written and graphical works that are nominated.) The bad part about this is that the tablet I use for reading has the bloody entire bloody Wheel of bloody Time series on it, and I'm about 90% of the way through :-)

I hadn't read it before Jordan died, and probably that wasn't my birthday anyway, so for me it wasn't the worst birthday present ever; for that one I'll have to thank my little brother for giving me chicken pox when I was 10. There wasn't a vaccine for it back then, but there is now, and if your parents didn't give you the vaccine and other kids didn't give you the disease, trust me, it's one of the vaccines you want to get. (I also got measles the hard way, but I was young enough I don't remember it very well. Got the polio vaccine, though, unlike a neighbor's kid who was a couple of years older and had to use crutches.)

Comment: Re:And here's the patch (Score 1) 211

by billstewart (#48945165) Attached to: Serious Network Function Vulnerability Found In Glibc

Yeah, I probably should have blamed a different one of the non-length-limited strXXXX() functions, but strcmp() will still do Bad Things if you hand it one or two non-null-terminated pointers.

And yes, stderr would have been the better choice, but the important thing is to replace the implementations of dangerous functions with something that fails safely, and if you can't do it at compile or link time, it's still safer to do it at run time than to run the unsafe version.

Comment: Re:Periodic Re-copying, because format rot bit rot (Score 2) 250

by billstewart (#48920677) Attached to: Ask Slashdot: Best Medium For Personal Archive?

It took my friends months to find working 8" floppy drives they could take to Guatemala to decode the files the police and army had created during the dirty wars there. I don't want to have to buy a 9-track tape drive to read the one 9-track tape I have (if I find it again, and if it's still even readable.) (I gave away the Sun cartridge drive along with the Sun-2.)

Much more reliable to copy the data every couple of years to some current medium, knowing that Moore's Law means that it's not going to cost much and the only problems will be data formats, not media formats.

Comment: And here's the patch (Score 1) 211

by billstewart (#48918997) Attached to: Serious Network Function Vulnerability Found In Glibc

void *strcpy() { printf("Don't use strcpy, idiot! We told you that years ago!\n"}; exit(-37); }

void *strcmp() { printf("Don't use strcmp either, idiot! We told you that years ago too!\n"}; exit(-37); }

Also, according to the articles I've read about this, the somewhat more official patch came out in 2013, but wasn't marked as a "security" patch so it only made it into the newer OS versions, but wasn't retrofitted into the older ones. So it'd be fixed in Ubuntu 14.04, but not in the 12.04 LTS version.

Comment: Periodic Re-copying, because format rot bit rot (Score 2) 250

by billstewart (#48918163) Attached to: Ask Slashdot: Best Medium For Personal Archive?

Moore's Law is only partly your friend here - storage keeps getting cheaper rapidly, but that also means that not only do devices become obsolete, but the interface specs and data formats also become obsolete. You probably don't have an 8" floppy drive anywhere, or a working 5.25", or the right kind of cable to plug the 5.25" drive into, or a Bernoulli drive, or a 9-track tape drive (800, 1600, or 6250dpi), or the Sun cartridge drive, or anything to plug those MFM drives into, or SCSI-1, or probably SCSI-2. You might have something that can handle IDE / PATA, or an old laptop with PCMCIA, but even those are getting scarcer. If you can connect to that old disk disk drive, you can probably load a virtual machine running NetBSD that'll have drivers for the file system format, but maybe not; you certainly don't want to risk having Windows "update" the format. You might think that FAT 8.3 format will stick around for a long time (and maybe it will for reading, but it's rapidly getting replaced with FAT16, FAT32, ExFAT, NTFS, etc.

Leave aside the question of whether you can read a 20-year-old version of WordStar or WordPerfect format file (unlike my late-70s nroff files, which would be readable if they weren't on a 9-track tape I've probably lost.) You can probably read that 4-year-old TurboTax file, but if you need to get tax data back from when you bought your house, you'd better have everything on paper.

Just for physical format alone, you need to copy stuff every couple of years.

Comment: Re:Best Medium? (Score 1) 250

by billstewart (#48918005) Attached to: Ask Slashdot: Best Medium For Personal Archive?

Acid-free paper, otherwise you and your friends will just keep eating bits of your archives.

More seriously, paper's only good for some things, and only if you protect it well enough. Some years ago, my work hard drive crashed, and when I was driving to work a day or two later, my coffee cup bounced off the holder into my briefcase, taking out both the Palm Pilot and the dead-tree copies of my data. There were backups of some of my PC data, but my current calendar was gone.

GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 211

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.

Ask Slashdot: Best Medium For Personal Archive? 250

Posted by timothy
from the but-with-8-tracks-you-can-still-lose-7 dept.
An anonymous reader writes What would be the best media to store a backup of important files in a lockbox? Like a lot of people we have a lot of important information on our computers, and have a lot of files that we don't want backed up in the cloud, but want to preserve. Everything from our personally ripped media, family pictures, important documents, etc.. We are considering BluRay, HDD, and SSD but wanted to ask the Slashdot community what they would do. So, in 2015, what technology (or technologies!) would you employ to best ensure your data's long-term survival? Where would you put that lockbox?

Comment: Re:Farscape (Score 1) 476

by billstewart (#48890771) Attached to: Best 1990s Sci-fi show?

My local cable company didn't carry The Sci-Fi Channel until just about when Farscape went off the air (idiots! This is Silicon Valley, what did they *think* we wanted to watch? ESPN?) so I never saw enough episodes to really catch on, but it was kind of fun. And ST:TNG happened during the years I didn't have TV, so the few times I saw it were always the same annoying episode with Q in it for some reason.

I go on working for the same reason a hen goes on laying eggs. -- H.L. Mencken