Forgot your password?

Comment: Re:Not that good (Score 1) 151

by dkf (#46790175) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

A site-license of almost any software will be a negliegable part of your operating budget.

It depends on what the software is. Some things are genuinely expensive, enough that while maybe a Fortune 500 can handle it, the many smaller companies out there tend to swoon at the prices charged. (These pieces of software tend to be in areas without major OSS competition.)

Comment: Re:So much nonsense in terms (Score 1) 236

by dkf (#46785851) Attached to: Criminals Using Drones To Find Cannabis Farms and Steal Crops

But a 400W LED fixture would produce nearly the same heat overall [as 400W HPS lights].

Well yes. Duh. All those watts have got to go somewhere, and that's virtually all going to be heat eventually. What matters is how much light you get for that power. And LEDs and HPS are fairly similar (enough that the details of exactly what you're doing and how they were manufactured matter; the luminosities per unit power are similar, according to Wikipedia).

Comment: Re:Not a surprise (Score 2) 131

by dkf (#46774849) Attached to: Code Quality: Open Source vs. Proprietary

Actually that was Eric Raymond, and it is evident that in fact there never are enough eyeballs (at least ones that can comprehend what they are looking at). The theory is sound but in practice it is not.

It's a fundamental truth that, the more of the system you have to comprehend to truly understand it, the harder it is to debug. Syntax problems? Trivial. Global liveness checking? Much harder. (There's just so many ways to screw up.)

Comment: Re:The Economist is British . . . (Score 1) 282

by dkf (#46774673) Attached to: Ask Slashdot: What Good Print Media Is Left?

The Economist is a *lot* more US-normative than most UK publications, yes. For one thing, a lot of their market is US; for another, they're generally proponents of the US and UK becoming more similar -- mostly by the UK changing.

Having bought the Economist in various places around the world, you should be aware that the apparent focus of the magazine is different in different places. The content is formally the same, the articles are identical, but the ordering is not; this changes surprisingly strongly how one feels it is centric towards one place or another. Always buy in the US? It will be US centric. It's quite different in France.

Comment: Re:Not a surprise, but no reflection of O/S vs Pro (Score 1) 131

by dkf (#46774635) Attached to: Code Quality: Open Source vs. Proprietary

First, we shouldn't confuse Coverity's numerical measurements with actual code quality, which is a much more nuanced property.

Yeah, but good quality might well correspond to some sort of measurable anyway. Provided you've got the right measure. Maybe some sort of measure of the degree of interconnectedness of the code? The more things are isolated from each other, across lots of levels (in a fractal dimension sense, perhaps) the better things are likely to be.

Maybe that would only apply to a larger project, and I'm not sure what effect system libraries (and other externals) would have. Yet the fact that it might be a scale-invariant approach makes me a bit more hopeful, as it wouldn't be so susceptible to the "ravioli code" problem, where the code's nicely packaged up into little pieces, but the pieces interconnect in a horrible mess of higher-level spaghetti code. Worked on a large project? You'll have probably seen it in the wild. (Yeah, I've had people argue to me that their code didn't use goto and so it had no spaghetti code problems, despite the fact that everything was so nastily interconnected that nobody else could understand it. If that's not indicative of a problem, what is?)

Comment: Re:But what is a militia? (Score 1) 1565

by dkf (#46773439) Attached to: Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thanks for the link. To summarize for everyone else, it essentially declares that all able-bodied male US citizens (or men who have declared their intent to become citizens) are automatically members of the militia if they are between 17 and 45 years old, and women are as well if they are US citizens that are members in the National Guard. For vets from the Regular military (i.e. Army, Navy, Air Force, and Marines), the age limit is extended from 45 to 64.

So... automatic conscription is basically in place already? Only needs a minor step, calling on militia members to formally defend their country, and you've got a fully-fledged military police state. Nice one, sheeple.

Comment: Re:Bush Vetoed this, apparently (Score 3, Insightful) 630

by dkf (#46755679) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt

And that's why having bills cover lots of things at once (rather than being automatically restricted to the principal subject area of the bill) is a truly awful practice. It's beyond corrupt as it specifically enables effectively sidestepping oversight of the legislative process. The pork-barrel politics the practice enables are merely the most visible and least harmful parts of this.

Comment: Re:Negligence (Score 1) 62

by dkf (#46754483) Attached to: Heartbleed Disclosure Timeline Revealed

Also, April 1st is the *WORST* day to notify ANYONE that there is a severe security flaw..

Major public holidays (e.g., Christmas) are much worse, as there's a really good chance nobody will even look at the warning, and may decide that their family time trumps fixing security problems.

April 1 is just the worst day to announce a major breakthrough or groundbreaking new product.

Comment: Re:A simple question - Can you provide simple answ (Score 1) 151

by dkf (#46745135) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

How do I become a trusted root certificate authority ?

You ask the browser vendors, who respond by asking some very pointed questions about how trusted you are. These sorts of questions include "do you have regular audits to ensure that you're managing your keys correctly?" and "what policies do you have in place for dealing with a security breach that compromises one of the keys you've signed?" Convince enough people that you're really trustworthy, and congratulations, you're a root CA. At least until the next time they ask those questions. It's only really recommended that you seek to become a root CA if you really like acting bureaucratically.

You can also become a root CA for a particular browser by just installing a self-signed certificate in its list of trust roots. This is disappointingly common, and often a marker of an untrustworthy organisation, as the main reason for doing this is to enable SSL sniffing. Not recommended at all (and totally does not make your site trustworthy to anyone else, which is the usual point of having HTTPS set up). It does work better for specialist applications.

Becoming a non-root CA is much easier. Just pay another CA enough money (or know the right people).

Comment: Re:From the parent article: (Score 2) 687

by dkf (#46740895) Attached to: The GNOME Foundation Is Running Out of Money

But that seems to be what a lot of people on Slashdot want. Look at the Mozilla and DropBox controversies. Lots of people posting and moderating support those.

Doesn't matter. If anyone or any organisation insists on doing things beyond their financial means, they've got a problem. If they keep on doing it, they've got a serious problem. Sometimes you've got to be unkind to someone and say "no" because otherwise you'll go bankrupt and get to do nothing at all with anyone. Being able to say "no" on the grounds that what people seek to do is too far away from your mission is a critical life skill. (It's why having an actual mission is important!)

Sure, sometimes you can restructure your finances to be able to do more, taking on more debt in the hope of being able to generate more income in the future to pay it off. Sometimes that even works. If you're going to take on significant debt though, you need to be darn sure about how it is going to improve your ability to get income. There's no room for wishy-washy thinking here, as getting debt wrong can really screw you over.

All of the above is without looking at the details of what the GNOME Foundation were supposed to do or actually trying to do. It applies to them and to everyone else.

Comment: Re:Apple Products never play nice with WIFI (Score 1) 80

by dkf (#46732601) Attached to: Wi-Fi Problems Dog Apple-Samsung Trial

I've had same issues when Apple items are on any mixed OS network

That's almost certainly the fault of using shitty access points. Anyone doing large-scale WiFi deployments is going to have to cope with lots of different client systems connecting all at once; there's no excuse for getting it wrong. Consumer grade stuff is definitely worse, but it only really hits home once there's a lot of devices loading everything up.

Machines that have broken down will work perfectly when the repairman arrives.