Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:Democrats, not the "Electoral System" (Score 1) 210

The UK has a first-past-the-post system had had a coalition government between 2010-2015. It has also seen the complete wipeout of the two main parties in Scotland in favour of a third nationalist party.

The idea that a two-party system under FPTP is inevitable, is not backed by the facts.

Comment Re:This is ridiculous (Score 1) 747

People rage about it because it is an idiotic waste of valuable time.

Yes, in this case changing a file extension of a new file format is not a big deal, and three more letters won't kill anyone. Heck, I'd rather have a command be called "brotli" than "bro" just due to fewer chances of random conflicts.

But the justification is completely illogical, and once engineering decisions start being made on the basis of stuff that doesn't even TRY to be logical but is purely emotional, the amount of wasted time can become unreal.

As an example, I am familiar with one case where a company had an internal tool for mapping internal dependencies called "Octopussy". You know, like Octopus but with James Bond connotations, because the graphs it drew looked a bit like an octopus. Well, guess what happened next .... someone threw a hissy fit and demanded it be renamed. Only problem was, the tool wasn't maintained anymore. And over time it had become an internal data source for other tools, which at that point had the name hard-coded into them (network endpoints etc). Some of those tools were also only sporadically maintained. So people had to be dragged off existing projects to spend time on "fixing" a non-existent problem that existed only in someones mind. Many, many hours were wasted and of course all the people who had to work on that learned an abiding hatrid of radical feminism.

THAT is why people get mad about shit like this story. Give an inch and suddenly the amount of money, time and mental energy being burned can become insane.

Comment Re:The North American culture-sphere? (Score 4, Informative) 747

Hunch correct. I've met Jyrki. He's a great guy. Also - a Finn who lives in Switzerland, not an American.

Jyrki is very smart, not prone to bullshit or nonsense. He surely knows this issue is ridiculous, which is why they moved on so fast with only a minor comment about "not understanding why people are upset". There are more important things to do in life than argue with people who are wrong on the internet.

(irony of me posting this to slashdot well understood)

Comment Easily? (Score 4, Insightful) 36

Let me summarise the key findings of the paper. The headline figure is stunning: over 70% of all sites they tested leaked their origin IP in some way.

But. It's not quite as simple as that. Virtually all websites that are DDoS protected are using CloudFlare, probably because it's a free service. The vast majority of the times they were able to find the origin IP address, it was due to basic oversights by the website admin, typically, having subdomains that resolve to the origin IP or simply never moving the server after signing up for CloudFlare at all. The most common subdomain that leaked the IP was called "ftp".

Who the heck actually still runs an FTP server as part of their website, in this day and age? No big websites do that's for sure.

And sure enough the paper concludes, not surprisingly, that bigger more important websites are much less likely to leak their origin IPs than smaller ones.

I think all this paper really says is that CloudFlare have a lot of small non-paying customers who aren't really playing in the big leagues and aren't being attacked by sophisticated attackers ... or possibly aren't being attacked at all .... and as a result are more likely to have made simple errors.

So when the headline says these protections are "easily" bypassed, all it's really saying is that if someone using a defensive system makes mistakes, they can still be attacked. That's not really news and doesn't tell us anything about the efficiency of these services when the people using them have done their homework.

Comment You don't understand much (Score 1) 3

Laser guns are fine for shooting down missiles, but on the ground? This isn't Star Wars; lasers don't stop after a short distance, and you evidently are ignorant of the maxim to know your target and what is behind it.

You also don't understand the first thing about self-defense, as evidenced by "legitimate hunter". The Second Amendment is all about self-defense, not sport, not hunting, and that self-defense includes not just bears and wolves, but also criminals and governments.

You seem completely ignorant about the changes 3D printers are making. Pretty soon, it will be utterly irrelevant what governments want to do about guns; anyone will be able to make guns and ammo from raw materials which are used for vacuum cleaners, pots and pans, cars, houses, and everything else people want. Government will only be able to confiscate guns when they are used, and considering how many criminals, even in hoplophobe-friendly places like Britain, Japan, Russia, and elsewhere, have access to guns, this prohibition won;t be very effective either.

Which brings up the last ignorance -- history. History shows that prohibitions don't work. Prisoners make knives. Alcohol prohibition didn't work 90 years ago and doesn't work now. Drug prohibition has never worked. Some 25% of California drivers don't have insurance. All prohibition does is turn everybody into a criminal, which decreases respect for law.

Comment Re:The system isn't very good (Score 1) 71

You realize this sort of attack was entirely expected, and that the system is engineered to withstand it, and did, trivially?

Expected, yes. Engineered to withstand - no. Bitcoin Core nodes accept as many transactions as they can with no memory limit until eventually they bloat up so much the operating system kills them. The official "solution" for this is to babysit your node and if you see it running out of memory, change a command line flag to make it ignore any transactions with lower than the given fee. Unfortunately of course, this also ignores all end user transactions paying lower than that fee as well.

I maintain a fork of Core called Bitcoin XT. It has a flag that lets you set a maximum number of transactions to keep in memory at once (and in a future version it'll change to be a max number of bytes, as that's the actual resource that's limited). The node will randomly remove a transaction from the pool to make room for a new one when out of space. As during an attack the memory pool is mostly full of spam, obviously this logic mostly involves kicking out spam to make room for {more spam, actual legit transaction} as opposed to just falling over and dying.

Comment Re: ZFS is nice... (Score 1) 271

But it's combined by the user at runtime, not by canocal. The GPL allows an end users to do this.

This is a way that people kid themselves about the GPL. If the user were really porting ZFS on their own, combining the work and never distributing it, that would work. But the user isn't combining it. The Ubuntu developer is creating instructions which explicitly load the driver into the kernel. These instructions are either a link script that references the kernel, or a pre-linked dynamic module. Creating those instructions and distributing them to the user is tantamount to performing the act on the user's system, under your control rather than the user's.

To show this with an analogy, suppose you placed a bomb in the user's system which would go off when they loaded the ZFS module. But Judge, you might say, I am innocent because the victim is actually the person who set off the bomb. All I did was distribute a harmless unexploded bomb.

So, it's clear that you can perform actions that have effects later in time and at a different place that are your action rather than the user's. That is what building a dynamic module or linking scripts does.

There is also the problem that the pieces, Linux and ZFS, are probably distributed together. There is specific language in the GPL to catch that.

A lot of people don't realize what they get charged with when they violate the GPL (or any license). They don't get charged with violating the license terms. They are charged with copyright infringement, and their defense is that they have a license. So, the defense has to prove that they were in conformance with every license term.

This is another situation where I would have a pretty easy time making the programmer look bad when they are deposed.

Comment Re:ZFS is nice... (Score 1) 271

Uh, that doesn't work. The problem is that doing exactly what you've written down is contriving to avoid your copyright responsibility by deliberately creating a structure in someone else's work which you believe would be a copyright insulator. If you went ahead and did this (I'm not saying that you personally would be the one at Ubuntu to do so), I'd love to be there when you are deposed. Part of my business is to feed attorneys questions when they cross-examine you. I have in a similar situation made a programmer look really bad, and the parties settled as soon as they saw the deposition and my expert report. See also my comment regarding how Oracle v. Google has changed this issue. You can't count on an API to be a copyright insulator in any context any longer.

Comment Re:ZFS is nice... (Score 1) 271

I think you need to look at this in the context of the appeal of Oracle v. Google. We had a concept of an API being a boundary of copyright based on 17 CFR 102(b) and elucidated by Judge Walker's finding in CAI v. Altai. That stood for a long time. But Oracle v. Google essentially overturned it and we're still waiting to see what the lower court does in response.

Comment CDDL and GPL don't mix (Score 3, Informative) 271

Regardless of what Ubuntu has convinced themselves of, in this context the ZFS filesystem driver would be an unlicensed derivative work. If they don't want it to be so, it needs to be in user-mode instead of loaded into the kernel address space and using unexported APIs of the kernel.

A lot of people try to deceive themselves (and you) that they can do silly things, like putting an API between software under two licenses, and that such an API becomes a "computer condom" that protects you from the GPL. This rationale was never true and was overturned by the court in the appeal of Oracle v. Google.

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan