Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: HTTPS and avoiding broken proxies (Score 1) 177

by bk2204 (#46319445) Attached to: Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

One of the benefits of using HTTPS currently is that it avoids broken proxies. There are all sorts of implementations that claim to support HTTP 1.1, but don't support 100 Continue, content negotiation, or other important features you might need to use. If you use HTTPS, it currently avoids all the breakage (unless the destination server itself is actually broken). Besides the security issues inherent in this model, you have to worry about all the cases in which somebody installed some broken proxy that doesn't actually implement half the standard, breaking all sorts of sites.

Comment: Re:Rule #1 (Score 1) 894

by bk2204 (#45700215) Attached to: How the Lessons of Columbine Saved Lives At Arapahoe High School

First, it's a lot harder to commit gang warfare with knives than it is guns. When's the last time you heard of a drive-by stabbing? How do you kill multiple gang members (and innocent civilians) when you have to walk up and stab them all without getting attacked yourself? Guns make killing and injuring people a lot easier than using virtually any other weapon.

Second, gun ownership is a risk to the gun owner. A gun owner is more likely to die by the gun (either through suicide or homicide) than to protect their family.

Third, you're considering only homicides. Firearm-related suicide attempts are the most fatal. Limiting gun ownership doesn't reduce the number of suicide attempts, but it does decrease the lethality of those attempts. Think about it: if you shoot yourself with a gun, you're at least going to the hospital, if not the morgue. And it's not just gun owners themselves, but their families. Morose teenagers should not have access to guns.

I don't actually have a problem with people owning guns, but I don't see them as trivial and harmless, and I certainly don't support unfettered access to them.

Comment: Re:Most Java shops I've worked automate code style (Score 1) 430

by bk2204 (#42365427) Attached to: Ask Slashdot: Do Coding Standards Make a Difference?

We're a Perl shop, and we also use automated tools (perltidy and soon, perlcritic) before committing. It's just easier if everybody uses the same tool to do the formatting and it's automatic. When you have to remember to do the style by hand, it's easy to forget.

Comment: Re:And what are you supposed to remotely?? (Score 4, Informative) 1134

by bk2204 (#40513519) Attached to: Has the Command Line Outstayed Its Welcome?

The problem is that the GUI interface to the network has moved to different locations in different versions of Windows. In an IT department, you probably know what version of Windows is running, but with the public at large, they may have not a clue what version of Windows is running and how to access that information. Running ipconfig works on virtually every version of Windows. And to my knowledge, Windows has not provided a GUI interface to ping or tracert. Sure, there are third-party versions, but most systems don't have them installed, and if you're trying to troubleshoot a network problem, you probably can't just download them then.

Comment: Re:What's wrong with GCC? (Score 1) 711

by bk2204 (#39987759) Attached to: FreeBSD 10 To Use Clang Compiler, Deprecate GCC

GCC optimizes much better than clang. Also, despite defining __GNUC__, clang doesn't offer all of the features that GCC does. For example, a deal-breaker for the kernel is that it doesn't support explicitly assigning a variable to a register. Until it is usable across the board (including the kernel) and doesn't regress performance, distros are going to stick with GCC.

Comment: Re:Why are governments in the business or marriage (Score 1) 678

by bk2204 (#38769294) Attached to: Microsoft Pushes For Gay Marriage In Washington State

The sociological and political reason for marriage is that it recognizes and endorses strong family bonds. Having strong family bonds promotes a stable society. That's the argument for civil marriage. Religious marriage is an almost entirely different institution. It's just that in the US, we conflate the two too often because we allow clergy to act as officiants for civil marriages. In much of Europe, civil marriage can only be performed by a judge or government official.

Comment: Mutual Unhappiness (Score 1) 210

by bk2204 (#38205098) Attached to: Facebook Denies Disputed Page To Both Mercks

I totally agree with this policy. It's the same one that Debian uses to decide disputes over the name of a given binary: if both sides can't agree, then nobody gets it and both packages have to rename. It reminds me of a Law and Order episode where the judge said, "I know I've made the right decision when both sides are unhappy."

Comment: Re:Why do standards use chaining modes? (Score 1) 80

by bk2204 (#37804494) Attached to: XML Encryption Broken, Need To Fix W3C Standard

CBC, the most common chaining mode, has been around for a long time and has been studied a lot. So people use it a lot in protocols and specifications, and so people think it's a good idea to use it more, and so on. This is the same reason RSA has been used a lot. The problem with counter mode is that without a MAC or MIC, it is trivial to modify the plaintext without detection.

Comment: Re:hmm.. (Score 1) 147

by bk2204 (#37585448) Attached to: Canadian Court Finds Website Scraping Infringes Copyright

Anything on the internet that was meant to be accessible by the public is automatically public domain.

Uh, I don't think that's a good idea. It means that all downloadable software would be in the public domain. It would effectively prevent anyone from putting any sort of creative work online (written, photographic, etc.). The same goes for documentation, news stories, comics, useful web apps, etc. It would probably result in a much more closed web where everybody had to sign up to every site in order to just access it.

Comment: Re:Good for insurance (Score 2) 380

by bk2204 (#37401500) Attached to: Medical Billing Codes For Injury Via Turtle Among Thousands Created by New Law

Actually, the ICD-10 is created by the World Health Organization. The goal is to have a code for pretty much any medical-related concept not to increase overhead but to have a language-independent way of discussing and improving health. Determining the existence and spreading of public health issues is a lot easier when you can simply search medical records with a code.

Comment: Re:Security theater a little (Score 1) 97

by bk2204 (#37249346) Attached to: Mac OS X Lion LDAP Vulnerability Emerges

Part of the problem is I've never seen a LDAP deployment without its buddy kerberos doing the password stuff. I guess its possible to use LDAP to do passwords, but I've never done it.

Debian uses LDAP and does not use Kerberos. I presume that they store the passwords in LDAP in the standard fashion.

Make it right before you make it faster.