Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Good! 8 more years of time working correctly. (Score 2) 143

Good. 8 more years of time working correctly. The fundamental issue is that the Earth just doesn't care what our atomic clocks measure. If programmers want an exact time system without leap seconds, use TAI, that's what it's for. Most people in the world don't care if it's hard to code leap seconds. Instead, most people go outside occasionally, and they expect that 'noon' means approximately 'sun at highest point'. We can switch to some system other than leap seconds, but if we expect 'noon' to have its conventional meaning, then we need to agree on a system that does that.

Comment How can we encourage the FCC to consider this? (Score 1) 173

This makes the most sense of all the proposals I've seen. How can we help encourage the FCC to consider this? Is there an email address at the FCC for taking comments (e.g., to encourage it)? I'd like to send a "me too" so that the FCC knows to consider this proposal carefully.

Comment Re:Compromised hardware (Score 1) 130

If you're worried about compromised CPUs being used to compile executables that are used by others, then reproduceable builds are a great countermeasure. Just use reproduceable builds on many different CPUs, and compare them to ensure they are the same (for a given version of source and tools). The more variations, the less likely that there is a subversion. If what you're compiling is itself a compiler, then use diverse double-compiling (DDC) on many CPUs.

If you're worried that an INDIVIDUAL may end up with a compromised CPU, then yes, it's much harder to counter attack. On some systems, you can isolate the system (no network traffic, etc.). That said, an adversary has to send packets to subvert a specific system, then every time they do the subversion they risk being detected, so it's far less likely to be used for bulk surveillance... it would more likely be one well-resourced organization (e.g., a government) working against another well-resourced organization.

Comment Scientist != atheist (Score 1) 622

If scholar just means "one who studies", then obviously anyone who studies a religious text for a long time BECAUSE they're a believer is by definition a scholar. I don't think that's what you mean.

If we change "scholar" to "scientist", it's quite clear that scientist is not synonymous with atheist. Pew research found that "just over half of scientists (51%) believe in some form of deity or higher power; specifically, 33% of scientists say they believe in God, while 18% believe in a universal spirit or higher power". Besides, many would say that science requires repeatable experiments, and many truths simply aren't repeatable (e.g., history).

Comment Nothing to see here (Score 3, Insightful) 622

Most scholars don't think that the Talpiot Tomb has anything to do with Jesus. For exampel, Géza Vermes says the arguments for the Talpiot tomb are not "just unconvincing but insignificant" (see the Wikipedia page). Also, Christian theology does not depend on whether or not the shroud of Turin is real.

I'm not muslim, but even the summary notes a perfectly reasonable explanation - the parchment could be an old one. And frankly, I'm skeptical that the carbon dating is that precise; carbon dating depends on a lot of assumptions that can easily be false in specific circumstances. (Yes, radioactivity decreases at a fixed rate... but you have to make BIG assumptions about its starting value.) So while this article makes for a good headline, the current actual evidence is rather worthless.

Comment SwiftKey? (Score 4, Interesting) 126

What about the disastrous SwiftKey vulnerability? It makes Samsung Android systems vulnerable too. Samsung said they'd fix it back in June, but we still have no patch.

When buying an Android phone: Measure how many days it takes from the vulnerability report (at least publicly) until it's patched in phones already used by customers. Focus on phones more than 2 years old, since your phone will be that age someday. Then: Don't buy from unresponsive makers. I suspect that if a few buying guides included those numbers, some manufacturers and service providers would start paying attention.

Comment There are LOTS of projects with these problems (Score 2) 119

"How would an experienced developer get these problems in the first place?"

A lot of projects do not follow widely-accepted best practices... even if they are experienced... and that is a problem!

A remarkable number of OSS projects fail to have a public source control system (#2). That includes many established projects that everyone depends on. Actually, a number of OSS projects - and projects that people THINK are OSS but are not (because they have no license) - fail many of these points. It's not that Red Hat's internal processes are immature; Tom was trying to bring in software from someone else (Google in this case) and was fed up by the poor practices from people who should know better.

Yes, #7 refers to a best practice (let people pick their install directory) that's been around for at least 20 years and probably much longer, but it's still widely NOT followed.

Anyway, that's Tom's point; there are a lot of widely-accepted best practices that are NOT followed, and that needs to change.

Comment If you don't like it, send a comment! (Score 1) 126

If you don't like this idea, send an email (as they request) to Sharron Cook, Please refer to RIN 0694-AG49 in all comments and in the subject line of email comments. Explain why you think it's a bad idea, with reasoned arguments. Before commenting, you should read the proposal first: https://www.federalregister.go...

Comment Put away the bingo card (Score 4, Interesting) 138

Put away the bingo card. Some languages, like Lisp and Haskell, actually DO bring seriously different ideas to the table, and there are tasks where their ideas are useful. A few examples may help. Once a "variable" is set, you cannot change its value (though it CAN go out of scope). This has serious reasoning and optimization advantages, but it requires a different way of thinking. Haskell has lazy evaluation, i.e., it computes nothing until you ask for it. It's routine to define infinitely-large data structures, which is a non-problem because only the parts you need are calculated. If you're only familiar with the ALGOL language family (C, C++, Objective-C, Java, C#, PHP, Python, etc.), you'll need to do some real learning.

Comment Heartbleed - how it could have been found (Score 0) 53

My article How to Prevent the next Heartbleed lists in detail different ways that Heartbleed could have been found ahead-of-time. The point isn't to find it now, it's to learn from Heartbleed so we prevent a recurrence. There are many ways to detect vulnerabilities like this ahead of time... we need to start using some of them.

Comment Have a billion speakers (Score 1) 626

At one time a number of constructed languages were created and got some speakers (including Esperanto). But relatively few people learn a language just for fun (yes, I know about Klingon and Elvish, but they will not be replacing English). Most people will only learn a language if they have a strong need to USE that language to communicate with some large group of people. Esperanto is actually much easier to learn than English; it's a reasonable constructed language. I spent a little time learning some of it, and I appreciate its clever approaches to making it easier to learn (e.g., the "mal-" prefix). The problem is that you can only speak with other Esperanto speakers in it. English is a mess of complications, like all natural languages. In some ways English is easier; in others it is harder. But when you learn English, you can talk to the other 1 billion people who can speak English as a first or second language. For most people, THAT is what makes English worth learning. Again, you normally learn a language specifically so you can communicate with others. Chinese actually has more speakers than English, but they are concentrated in China; worldwide, it's easier to find an English speaker than any other specific language. If you want an easier-to-learn language than standard English, you might consider an English-based controlled language like "Basic English" or the "Special English" used by Voice of America ; these are more complicated than Esperanto, but you can talk with many more speakers. I can imagine "mostly compatible with existing English" could be a necessary criteria for "new" constructed language, if you need to create one at all.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!