Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:The system isn't very good (Score 1) 66

You realize this sort of attack was entirely expected, and that the system is engineered to withstand it, and did, trivially?

Expected, yes. Engineered to withstand - no. Bitcoin Core nodes accept as many transactions as they can with no memory limit until eventually they bloat up so much the operating system kills them. The official "solution" for this is to babysit your node and if you see it running out of memory, change a command line flag to make it ignore any transactions with lower than the given fee. Unfortunately of course, this also ignores all end user transactions paying lower than that fee as well.

I maintain a fork of Core called Bitcoin XT. It has a flag that lets you set a maximum number of transactions to keep in memory at once (and in a future version it'll change to be a max number of bytes, as that's the actual resource that's limited). The node will randomly remove a transaction from the pool to make room for a new one when out of space. As during an attack the memory pool is mostly full of spam, obviously this logic mostly involves kicking out spam to make room for {more spam, actual legit transaction} as opposed to just falling over and dying.

Comment Re:Hmmmm (Score 4, Interesting) 920

And from the other Slashdot discussion, a picture of Linus and Greg sitting together. Wow, Linus wasn't kidding. Greg KH is enormous! I don't mean fat, I mean, literally he does appear to be a giant. Unless there's something weird about that camera perspective it's not totally surprising that Linus may have made a joke along the lines of "you should be scared of Greg".

Comment Hmmmm (Score 5, Interesting) 920

It took a hell of a lot of digging, but it seems to have started with this thread, way back in 2013.

Now, I'm all for professional communication, and emails can be easy to misinterpret, but this looks like a bit of an over-reaction. Someone commented that they send patches to Greg KH because Linus scares him, but added a winkey smiley afterwards, i.e. not really all that scary. Then Linus made a joke about Greg being big and squishing people that may or may not be playful or insulting, without knowing much about the relationship between these guys it's hard to say. Squish is hardly a word you use when you're really angry though.

And then Linus and Ingo gently tick off Greg and says he should be tougher, Linus says Greg is acting like a "door mat" and says "You may need to learn to say no to people". Ingo says "be frank with contributors and sometimes swear a bit". Probably this discussion would be held off list in a more traditional corporate environment to avoid embarrassing Greg (though "you are too nice" is not that embarrassing), but he takes it in his stride and agrees to be tougher.

OK, so far, just another day in open source land? Well, then Sarah Sharp flies off the handle and says:

Seriously, guys? Is this what we need in order to get improved -stable? Linus Torvalds is advocating for physical intimidation and violence. Ingo Molnar and Linus are advocating for verbal abuse.

Not *fucking* cool. Violence, whether it be physical intimidation, verbal threats or verbal abuse is not acceptable. Keep it professional on the mailing lists.

What the heck? The only thing she could be referring to this thread so far has been Linus talking about Greg being a giant who might "squish you without even noticing". Nobody could seriously interpret that as advocating for violence unless you were so unbelievably literal you'd be unable to handle ordinary conversations.

And then there's the conflation of "verbal abuse" with "violence". These are two words that mean very different things. And finally the assertion that by trying to make jokes (perhaps not very well), Linus and Ingo were being unprofessional. Not surprisingly, Linus had a problem with this claim.

Now I don't know, probably this could have been avoided if the discussion with Greg had been private. But it seems Sharp would have let rip at some other point if someone else made an off-colour joke. I can believe LKML is a tough environment, but this isn't the best evidence possible. Perhaps there have been other incidents, but as Sharp doesn't list any, it's hard to say.

Comment Re:Before anyone bangs on about bedallions and so (Score 1) 239

You've fatally misunderstood Uber's business model and why they do what they do.

Uber is not anti-regulation and does not engage in a "race to the bottom" where they ignore the fact that some cab drivers are crappy.

Rather, Uber is the regulator and prevents the race to the bottom in entirely different and more modern ways. Instead of using the (literally) steam-era approach of forcing cab drivers to memorise street maps, they use GPS. Instead of setting high and constant fees with mandated pickup to make prices predictable, they use global knowledge of supply and demand to show you a price ahead of time. Instead of attempting to judge a cabbies integrity and character through some bullshit interview process they gather real time feedback from actual riders.

To see Uber as anti-regulation is to miss the point. They are merely a much better regulator that uses 21st century tools.

Comment Re:Against the law (Score 1) 239

The correct process for Uber and the like to take is to challenge the unjust, anti-competetive laws first, potentially citing public demand for their services

How do they demonstrate public demand for their services if they haven't got any customers yet? And why do you think the taxicab regulators in each jurisdiction where they do this would care even one tiny bit?

It'd be great if all you had to do to get dumb regulations dismissed was 'challenge' them. I used to think this way too - surely these people are just reasonable and they can just be talked to? Then they'll see the light?

But if it was so easy, it'd have been done years ago already. It's not. You can't simply change laws by arguing in front of a court that the laws are dumb, especially not against entrenched interests. Only massive public support can change these things, and to get that, you need happy customers.

Comment Re:This is why you call your bank before tourism (Score 4, Informative) 345

Instead of rejecting the payment outright and freezing the card, text message my phone IMMEDIATELY and I can read a 6 digit code to the cashier to allow the transaction

How about an even better solution - insert your card into a reader, type in your PIN and that's the two factors right there. You know...... the system that's already used everywhere in the world except for America? It works pretty well. I think the USA is starting to roll it out now, albeit a slightly crippled form of it (they managed to take the 2-factor system everyone else uses and make it 1-factor).

Comment Re:This is why you call your bank before tourism (Score 1, Interesting) 345

Yeah, it is completely broken. This is a problem more or less specific to America.

I have several cards. I travel constantly. I have never, not once, told my bank where I am going and I have never, not once, had my card declined.

How do they achieve this witchcraft? Well,

1. The cards are all EMV. The magstripe can be cloned, but you can't use it in most countries (other than America)

2. Many online purchases are protected by 3D-Secure, which basically just lets your bank put a login/ID verification screen after the card number is entered

3. Their fraud models expect people to travel whereas lots of Americans don't

Comment Re:I can understand the change in motto (Score 1) 247

It dates from the really early days when Google was basically just a bunch of engineers doing R&D. It was cutesy, the brand they went for was cutesy, it fitted.

The problem with it IMO is that, basically, too many people can't handle it. "Evil" is a really high bar. It's a word that smells objective. But not many business activities really qualify for such a strong word. Drone striking a wedding is evil. When Microsoft tried to take over and then kill off the web (or rather, progress in the web) because they wanted everyone to write Windows apps instead of using open infrastructure, that was roaming around in the general area, maybe, if we want to be hyperbolic. Though it's debatable.

Changing the colour scheme in Gmail is clearly not evil. Attempting to integrate social features of products together is not evil, even if you didn't like it. But unfortunately as Google got big enough it reached the point where basically any change resulted in this motto being thrown back in their face. So it ended up being meaningless. Someone saying "don't be evil" just became some sort of trite cliche. Worse, internally some of its own employees would tend to describe any action they didn't like as "evil" which of course wasn't great for team building and morale (I used to work there so I saw this problem in action many times).

I'm not surprised they have eventually changed it, although even that change will itself be described as evil in a sort of implosion of recursive irony. "Do the right thing" might seem watered down, but by taking out the cartoon emotive character assassination words, it sets a probably more realistic goal by accepting that "the right thing" is inherently subjective and debatable.

Comment Re:Huge presumption (Score 2) 146

Yes, their infographic lists "Dronecode" whatever that is, alongside node.js

The other problem with trying to calculate the value of the Linux kernel specifically is that it counts the costs of all the drivers as well and you end up concluding that building a kernel is infeasibly expensive (reality check: there are quite a few of them out there, made by non-huge companies). If Linux was developed from scratch commercially you wouldn't attempt to develop drivers for every piece of hardware known to man all in the same source tree. You'd do what Microsoft do and define a driver API. Then the costs of hardware support are spread out across industry and no one entity ends up paying the entire cost.

The Linux kernel guys don't do that because they prefer being able to refactor/redesign any part of the kernel at whim, even at the huge cost of having all driver development be centralised. But that's not the only way to do it.

Comment Re:There's an even greater flaw here. (Score 5, Insightful) 66


Gatekeeper is not meant to block any unsigned code execution. It's meant to stop you accidentally running malware. If you want to bypass it you can just right click on a .app and click "open", or you can disable it in System Preferences. The "attack" you just described is no attack at all.

It's not even clear to me that what's being described in the article is even an attack. OK, you can bypass Gatekeeper by finding an app that blindly runs code it knows nothing about. That's like complaining that if you run a signed browser and then it executes a malicious web page, bad things happen. That's not a bug in Gatekeeper. That's a bug in the browser.

Comment Re:What is the point of this article? (Score 2) 164

Need I remind you that had the U.S. signed up for the GSM standard, CDMA would've been stillborn and we would likely have 50-200 kbps data speeds today

Um, wat? You think the designers of UMTS were incapable of understanding the different radio technologies because they weren't born in America? CDMA was invented by the Soviets, you know.

GSM and its upgrades stomped the mobile phone system called CDMA for all kinds of reasons, one of them being that GSM had the concept of a SIM card and CDMA did not, so GSM users could pick their own phones and trade them. Another is that GSM was developed by an actual international standards process and industry consortium, whereas cdmaONE was basically an attempt to standardise a Qualcomm internal project and it showed. It was expensive, single vendor, etc. Wikipedia refers to the "immature style" of the cdmaONE standards documents. GSM had first mover advantage and international adoption.

Comment Re:How dare they! (Score 1) 166

ISDS doesn't do what you're claiming it does.

The point of ISDS is to handle the case where a company invests in a country and the country then changes its laws such that the investment is invalidated. This has a habit of occurring in some less well run parts of the world as part of e.g. attempting to advantage home grown companies, or appropriating their assets.

ISDS cannot force a country to change its laws. It's a voluntary mechanism by which countries agree to pay compensation to the investors that they just screwed. Whether the screwing is justified or unjustified doesn't matter, the point is to make the investors whole and therefore to reduce the risk of making foreign investments thus increasing their number.

Comment Re:Garbage collected virtual machines! (Score 5, Informative) 341

The headline is rather misleading. This isn't just a plain port of the code from Java to C++ to get a magical 10x speedup. Amongst other things they appear to be running an entire TCP stack in userspace and using special kernel drivers to avoid interrupts. This is the same team that produced OSv, an entirely new kernel written in C++ that gets massive speedups over Linux ..... partly by doing things like not using memory virtualisation at all. Fast but unsafe. These guys are hard core in a way more advanced way than just "hey let's switch languages".

What this country needs is a dime that will buy a good five-cent bagel.