Forgot your password?

Comment: Re:The silence is deafening (Score 1) 236

by grcumb (#47999929) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

Time to put on some pants, UNIX/Linux geeks: ain't no operating system out there immune to error.

No fucking kidding, software has bugs. And this is a doozy. It's not the first WTF moment we've seen, and it probably won't be the last.

As with the Y2K problem, though, the proof of the pudding is in the tasting. The real test will come when we look back and measure the impact. Will we see a digital wasteland, a web devastated by shellshock-ing predators? Will we find ourselves living in an online New Jersey of the soul, wretched, empty bit-badlands stretching out to the horizon in every direction? Will the Evil Bit finally be flipped? Or will this be like the day when the public library almost burnt down, but we saved all the books by forming a bucket brigade? It's too early to say, right now. But my guess is that, unlike Microsoft's legacy, the fall-out from this event will be the stuff of a cautionary tale for young systems developers, explaining how all the cleverness in the world won't save you from stupidity, so the only really good system is one that can be patched quickly, effectively and simply.

Kant might also have admitted that, while no straight thing was ever made, quite a few bent things were subsequently straightened.

Comment: Re:Question about how this works (Score 5, Informative) 236

by grcumb (#47999493) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

inputs getting into environment variables which wind up eventually inside of bash.

So we agree. Good-o.

No, you twit. Bash will read the environment variables sent to it by CGI, which populates the environment parameters before you can sanitise the inputs. By the time you're ready to begin parsing and sanitising, the damage is already (potentially) done.

The implications of this are far-reaching, and the only way to be reasonably secure is to patch the bash executable.

Comment: Re:Good response to the Systemd fight... (Score 1) 221

by grcumb (#47970939) Attached to: Outlining Thin Linux

"Servers" is not just that instance of node.js that you run in your VM. Servers in general do need hotplug (for example, a RAID array of hot swappable hard drives), and there are benefits of using DHCP for networks of servers too.

I think the point was that either udev could be forked or an older version of it could be kept kicking around for servers, and that network-manager wouldn't be needed at all. Device and network client configuration can be done via conf files with minimal effort (especially in context of a managed deployment via Puppet or the like). I agree, by and large. I'd argue that we could even do without udev, if it didn't take more effort to live without than to live with it.

Comment: Re:Summary is Troll Rant (Score 1) 794

by grcumb (#47970175) Attached to: How Our Botched Understanding of "Science" Ruins Everything

Super short version:

Philosophy addresses questions of truth.

Science addresses questions of observation.

Er, No. Science is Natural Philosophy.

If you think philosophy (literally, the love of knowledge) is any less exacting or evidence-based than science, then you have another thing coming....

Comment: Re:Summary is Troll Rant (Score 1) 794

by grcumb (#47969971) Attached to: How Our Botched Understanding of "Science" Ruins Everything

How is being scientific at all comparable to nihilism, such that you ceded that point in your head?

Heh, this is a bit like that moment when you explain null vs empty/zero values to a junior programmer. :-)

You seem to be falling victim to the misapprehension that lacking belief is the same as nihilism. But nihilism actually requires a degree of belief in order to be fully achieved. It's the active rejection of religion and morality. In other words, you kind of have to believe that there is nothing. (Absence of evidence vs evidence of absence, and all that....)

Failure to believe in anything is a workable modus vivendi that doesn't imply the explicit rejection of morality. It simply posits that there are no articles of dogma, while accepting that the best available evidence is thus and so... until new evidence arises.

Failure to believe doesn't lead inevitably to despair. It may give rise to constitutional skepticism, but that in itself doesn't have to become unhealthy or drown one in nullity. I experience wonder, poetry, rapture when I hear good music and see good art. I embrace absurdity and humour. I love food, many flavours and smells. I also experience a constant sense of novelty because I have very little certainty about how each day will turn out. The mere possibility of alternatives is often enough to keep boredom and depression away.

Nihilism rejects purpose, meaning and ultimately, hope. It's a nearly impossible condition for most human beings. Failure to believe can likewise be quite upsetting, because it humbles you utterly if you really allow yourself to experience it. I expect it's part of the release that the Buddha talked about. But there's a perverse intensity to the joy that you feel when you're laughing in the face of the void.

Comment: Re:Dial up can still access gmail (Score 1) 334

by grcumb (#47933627) Attached to: Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives

Gmail optimizes for low bandwidth links.

I didn't know that! Is it something I need to configure?

Good News: No, you don't need to configure anything.

Bad News: Yeah, it's as bad as you remember. The biggest difference is this really condescending message at the top of your screen, saying, "Hi! You're a second-class citizen, so we're sending you to a second-class interface using second-class bytes! NOM NOM!!"

... Or something - I can't remember the exact text; I just remember promising myself I'd find the developer who wrote that and emasculate him with rusted baling wire.

A decent mail client with GMail over IMAP is probably best. Only downloads headers unless you actually load the message.

Comment: Re:Ya, but... (Score 1) 392

by grcumb (#47922129) Attached to: Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?

English lit. grads can do a variety of jobs, but wouldn't be my first choice for a programmer, unless they could demonstrate strong programming skills.

How very condescending of you. But I would say the same about engineers, CS grads, science and math majors as well. Mostly because I find them generally closed-minded, with a strong tendency toward binary thinking. It is a rare person indeed that is capable of writing truly good code. Those who are capable typically can maintain a balance between left and right brain, holding a wide range of possibilities in their head, visualising very complex models and fluid scenarios, and only in the last instance reducing them to computer logic.

It may seem paradoxical, but the only useful test of a good programmer is whether they program well.

The best team I ever worked on featured an ex-veterinarian, a chemical engineer, a Classics major, one who switched majors from music to sociology, one who did half a law degree, and myself, a theatre/English lit. double major.

The half a lawyer now helps to manage Google's international network. The chemical engineer manages the systems of a globally known company. The musician/sociologist is CTO of a successful SaaS operation. The vet is a senior application designer, and I'm Chief Technologist at a think tank. I'm sure you've done far better, but we haven't done so bad either.

Comment: Re:Ya, but... (Score 1) 392

by grcumb (#47921963) Attached to: Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?

... employees with STEM degrees have critical thinking skills *and* STEM degrees. Just sayin'.

So... your point is that STEM degrees are intrinsically better prerequisites for all aspects of software development? Or that STEM degrees are intrinsically better in some way than liberal arts degrees? If either of those is your point, I suggest you check your assumption that completion of a STEM degree implies the presence of critical thinking skills. Because NO.

And if you think for a moment that a smart liberal arts major isn't capable of complex abstraction, conceptualisation and its expression in formal logic, then... well, once again, check your assumptions.

Comment: Re:Dual degrees (Score 3, Interesting) 392

by grcumb (#47921895) Attached to: Ask Slashdot: Any Place For Liberal Arts Degrees In Tech?

There's certainly a place for people with dual degrees in tech and liberal arts -- people who truly understand the tech they're discussing, plus have the experience in communication and argumentation to explain it, push for it, and lead it.

Hi there. I'm the Chief Technologist of a thinktank and do a lot of technical work, from application & systems design and development through to legislation, policy and regulation. I did a double major in Theatre and English Lit. when I went to university. It amazes me that the majority of 'engineers' or science geeks show such disdain for liberal arts majors. Do they not realise that smart people are everywhere?

The thing that really makes me chuckle, though, is that they don't seem to believe that someone with strengths in the arts could ever be an autodidact, in spite of the fact that most good geeks have this capability as a defining trait. In theatre, I had to learn basic electronics, electrical circuitry, technical design, how to build weight-bearing structures, basic colour theory, linguistics, aesthetics (which, scoff as you like, requires pretty heavy thinking about the nature of human consciousness) and about a dozen other disciplines. And English taught me a little humility about the power of expression. It taught me to harness it as well.

As my colleagues will tell you, I have a significant lack of mathematical ability; my brain is simply not wired to read equations (or musical notation - another great failing). I can do it, but I expend a great deal more effort than my math whiz friends. This puts some programming work outside my competence - algorithms especially. I understand perfectly the concept of big O, though, and with assistance, I can write highly performant code.

But... I can design, create palettes, do layout and describe workflows a fuck of a lot better than most engineers. I know enough typography to be dangerous, and I can outperform most people when it comes to interfaces.

I know the value of a good engineer. I learned it at my father's knee. But if anyone ever suggested that I fill my software shop with nothing but STEM grads, I would laugh them out of the room. No offence, all you engineers, but there's a whole raft of software design and development issues that you guys suck at.

Comment: Re:When the cat's absent, the mice rejoice (Score 5, Insightful) 286

The criminals here worthy of being described as scum and deserving confinement are the people involved in child pornography, not the investigator. At worst he seems to have exceeded his statutory jurisdiction in pursuit of actual crimes.

Allow me to quote the immortal words of Mr H.L. Mencken:

The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.

Now, on behalf of Mr Mencken, and all those who fight for human freedom, allow me to suggest you fuck off, and to remind you that just because there are a few scummy characters in the world, it still doesn't justify putting the entire state of Washington under surveillance, which is what happened here.

Comment: Re:Are you fucking serious? Tell me you aren't! (Score 1) 198

by grcumb (#47869187) Attached to: UK's National Health Service Moves To NoSQL Running On an Open-Source Stack

Why the fuck are you storing the data if you don't give a damn about keeping it consistent?

There are thousands (and thousands) of cases where it is simply not reasonable to expect homogeneity in your data. Of those thousands of cases, a very large number of them not only have extremely heterogeneous data, they still need to be stored and queried. NoSQL is a useful tool in such cases.

Is it 'safe' — i.e. does it do all of the data integrity stuff we've come to associate with RDBMSes? No. Emphatically no. If you didn't code it into the right logic in the right places, you are probably worse than shit out of luck.

BUT... there are still thousands of cases where the pain of living with NoSQL far outweighs the pain (and in many cases impossibility) of living with your data inside an enterprise RDBMS.

And yes, I say this based on years of work with exactly these kinds of data sets. They were my bread and butter for a long time.

So, uh, holy fuck: Believe it.

Comment: Re:No thanks (Score 3, Interesting) 326

by grcumb (#47848411) Attached to: Stallman Does Slides -- and Brevity -- For TEDx

Stallman is the crazy outlier. Where he stands, at the very edge, is exactly where we need him to be. You dont have to follow all of it, but there would be less of his ideas if he was more concerned with being central and accessible.

Just for the edification of the other readers here, which parts specifically do you feel you don't have to follow?

For the record, I know exactly which ones I would choose, but I'm interested to know what exactly you think makes Stallmann a 'crazy outlier'. Because, in my estimation, it would take a lot for someone to qualify for that kind of labeling.

I disagree with his statement that Linux distro maintainers allow non-free components because they're not sufficiently committed to freedom, but I don't think him 'crazy' for having said it. I think his blanket characterisation of profit motive as evil is too much of a generalisation, but tragically, I don't think he's entirely wrong in stating that the effects of profit motive on a lot of commercial organisations has been detrimental to our freedom - dangerously so. So yeah: same conclusion, more temperate language. That's not nearly crazy or even an outlying opinion, to my mind.

There is a point to Stallman being far out there, its so the rest of us dont have to. Let him do his thing.

I take your point, but I remind you that the same could have been said about Ghandi, or even Martin Luther King, when people were blaming him for the violence in Selma and the bombing in Birmingham.

See, the problem I have with this kind of rhetoric is that you seem willing to stand to the side at a witch-burning and say, 'Well, I would never cast a spell, but I can see why people bought magic services from her.' It's a little disingenuous, isn't it, that you would be willing to profit from someone's courage, when you're not willing to defend it?

Again, this isn't a case of 'My Free Software, Right or Wrong.' On the contrary, I'm arguing that you can quibble all you like with the arguments Stallmann makes, and the rhetoric he makes them with. But I have to ask: With an attitude like yours, how much have you actually done to promote freedom?

(Real question: I'm open to correction.)

Comment: Re:The last sentence of the summary is spot on (Score 2) 66

by grcumb (#47843965) Attached to: Two Explorers Descend Into An Active Volcano, and Live to Tell About It

I am so full of envy right now, with a generous side order of awe. Watch that actually brought a tear to my eye.

Well, if you can pay the airfare to Vanuatu (3 1/2 hours away from Sydney for about $US 750), only a couple hundred dollars more will get you a walking tour to the edge of the caldera. It's not really a mountain so much as a high plateau with two (yes, two) active calderas. It's a fucking amazing place, a lunar landscape emerging over the last rise after a morning spent walking through jungle. Pretty primeval.

But if you're not in an exercising mood, you can simply pay a pilot to overfly the volcano. I did this once. We were actually on our way to Pentecost island in a small twin-prop charter, when the pilot said, 'Hey, the visibility's really good - you folks want to see a volcano?'

We thought about it for, like, 0.273 seconds and said, "FUCK YES!"

So he took us over it. Right. Over. The Volcano.

Was it cool? Yes, it was cool.

"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison