Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:A Language With No Rules... (Score 2) 667

by gdshaw (#49265113) Attached to: Why There Is No Such Thing as 'Proper English'

Yes, but the ultimate goal is communication, and to that end some change is useful, some is harmful - and almost any change will have the effect of making older texts less readable.

Think of descriptivists as scientists and prescriptivists as engineers (albeit, it must be said, not always very good ones). I think there is a role for both.

Comment: Re:So.. what? (Score 1) 255

by gdshaw (#47628581) Attached to: TEPCO: Nearly All Nuclear Fuel Melted At Fukushima No. 3 Reactor


Any difference looks a lot smaller than the markup I've ended up paying for things like going through an energy co-op instead of straight from the generating company.

[...] We do need to talk about cost but we need to talk about ALL the costs not just the operating costs but all the externalized costs as well.

Not just the costs, but also whether the energy is dispatchable.

Power sources which can be turned on and off at short notice - such as gas and hydro - are economically more valuable than ones which can't - such as coal and nuclear. (Some nuclear plants can be ramped up and down, but the capital costs are so high and the fuel costs so low that it doesn't win you much.)

Any of the above are considerably more valuable than sources which are both non-dispatchable and intermittent, such as wind and solar. (How much more valuable depends on factors such as the shape of the demand curve, and how much of the rest of your capacity is gas and/or hydro. Intermittent sources can work quite well in some locations, others not so much.)

Comment: Re:headed in the wrong direction (Score 2) 230

by gdshaw (#47493465) Attached to: EPA Mulling Relaxed Radiation Protections For Nuclear Power

Background levels are around 1 mS/year. So why advocate thresholds more than two orders of magnitude lower than what people normally get in a year? I just don't think science has much to do with your choice of thresholds.

This is a fallacy. The threshold should be set on the estimated benefits of a higher threshold vs the estimated harm from the additional radiation. The background radiation has nothing to with it.

It would be a fallacy if background levels were fixed and unavoidable. They're not. So long as people are allowed to and choose to travel by air, and live in areas with above-average background radiation, it is reasonable to argue that nuclear power should be held to a similar standard.

(Granted that medical imaging is different because you would normally be doing it for a good medical reason.)

Comment: Re:About time (Score 2) 230

by gdshaw (#47493411) Attached to: EPA Mulling Relaxed Radiation Protections For Nuclear Power

Nuclear plants don't emit an even level of radiation in all directions. They emit radioactive particles that then move around on the wind, in the soil and in the water. These particles can accumulate, so the level needs to be kept very low so that they can keep dispersing.

0.25 mSv is a measure of the dose received, not the radioactivity emitted. A given amount of radioactivity inside your body will result in a larger dose than the same amount outside, so the effects you describe should already have been allowed for.

Besides, if you believe in the LNT model (which current standards are based on) then it makes little difference whether you give 0.25 mSv/yr to ten people or 2.5 mSv/yr to one person (both being well below the level at which acute effects become significant). Bioaccumulation is an issue, but merely having an uneven distribution should not be.

Relaxing the rules may in theory be safe. The problem is that if you give people an inch they will take a mile. We knew that in the 1970s, but despite Fukushima the EPA seems to have forgotten it now.

Bear in mind that the safety precautions needed to prevent very low level emissions are different to those needed to prevent catastrophic meltdowns. Focussing attention and resources on the former rather than the latter isn't necessarily in the best interests of safety.

Comment: Re:Why? Is it really necessary? (Score 1) 187

by gdshaw (#46675919) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

In any event, this only protects against internal incompetence rather than external malice, so is not a necessary part of running a secure system.

You forgot to mention internal malice.

Let's put my comment back into context. I was talking about forgetting to bind a private network service to the loopback interface. That would normally be done by an administrator. If an administrator is acting maliciously then you have fairly serious problems with or without a local firewall. In fact, this is a pretty good demonstration of my point that if you are going to use a firewall to protect against that kind of threat then the firewall wants to be on a different box (eg. a router or dedicated firewall), not the one that you are expecting to be compromised.

To be clear: I'm not saying that firewalls should never be used on Linux-based hosts (that would be ridiculous), only that they are not a necessary part of running Linux securely in the way that they are for Windows.

Comment: Re:Why? Is it really necessary? (Score 1) 187

by gdshaw (#46674709) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

That's fine as long as you are sure there are no bugs in the services you run and the TCP/IP stack, and you keep them all up to date, and you don't mind kiddies hammering on your door 24/7 trying to guess your passwords.

If you need a service to be publicly accessible then you will need to configure the firewall accordingly, in which case it typically provides no protection if the service is exploitable.

If the service doesn't need to be publicly accessible then either turn it off or bind it to the loopback interface. Why add extra software to protect against a vulnerability that you could have avoided creating in the first place? Note that operating systems that take security seriously do not install public-facing network services unless you ask them to.

Firewalls certainly have their uses, but they aren't a necessity on non-Windows machines in the way that they are for Windows.

Comment: Re:Why? Is it really necessary? (Score 1) 187

by gdshaw (#46674663) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

Firewalls are about keeping things in as well as out. One of the reasons that there are so many problems on corporate networks is that there's often times no firewalls once you get to the LAN. I remember when I was in college the set up in the dorms was dire. People would be sharing things read and write and you'd wind up will all sorts of nasty things on the network, and then there was the malware.

Yes, but I presume you are talking about Windows machines which run an SMB/CIFS server out of the box. Most GNU/Linux distributions rightly don't do that. Typically if you want to run Samba, or an FTP server, or an HTTP server on the default port then you need to be root to do that. Once you are root then you can also poke a hole in the firewall.

Granted you can run servers on high-numbered ports, but within a LAN all that does is allow two machines that had already been compromised to communicate with each other. For communication with the outside world I prefer to detect and/or block that at the boundary router (otherwise all it takes is a local root exploit to disable the firewall).

The same applies to outbound connections, although in a world where so many programs need network access that is arguably a lost cause for general-purpose workstations. In any event, a firewall isn't the right tool for controlling the capabilities of individual programs: you really need something like SELinux or AppArmor to do that effectively.

Comment: Re:Why? Is it really necessary? (Score 1, Insightful) 187

by gdshaw (#46671911) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

1997 called and wants its comment back...

For machines which are not routers the comment is just as valid now as it was then. If you use a GNU/Linux distribution that takes security seriously then it will not install any externally-visible network services by default. The attack surface in that condition is small enough that installing a firewall won't help much, and might even make matters worse. If you deliberately install any public-facing network services then you need to add matching firewall rules, so again no benefit.

A firewall does help if you install a private network service and forget to bind it to the loopback interface (unless you have one of those systems which automatically install a firewall rule alongside the network service, which totally defeats the purpose of having a firewall). In any event, this only protects against internal incompetence rather than external malice, so is not a necessary part of running a secure system.

Firewalls are useful on routers, and on servers where you want very specific control of what can be accessed from where (such as a DBMS that is only accessible from a single client machine), but for typical Linux-based hosts they add little.

Comment: Re:How does advanced CS have any tie to culture? (Score 1) 612

by gdshaw (#45765001) Attached to: Is Computer Science Education Racist and Sexist?

In other words, it's just the way people are. It affects all aspects of society including CS. If there's one black mark I'd give CS about this, it's that it tends to have a greater percentage of socially mal-adjusted people, and so tends to hang on to this sense of superiority more than other cultural blocks. Most regular people eventually figure out that it's not really important whether the football team is better than the basketball team, or whether you bought a Toyota or a Ford. But people in CS tend to defend and promote their preferred systems with almost religious fervor well into adulthood. This can be very off-putting to regular people thinking of getting into CS.

When they become adults, regular people often move on to zealous advocacy of their preferred political system, nationality, or religious denomination. This often descends into violence, sometimes over seemingly trivial differences between the two parties. Personally I find that very off-putting: give me Debian vs. Ubuntu any day.

Comment: Re:Externalizing the cost of maintenance (Score 1) 296

by gdshaw (#45673145) Attached to: Six Electric Cars Can Power an Office Building

This isn't a zero sum exercise: by flattening the peak you are lowering the underlying cost of generating the electricity -- because you can use more efficient methods -- which in a competetive market should reduce the average price.

(Obviously in an uncompetetive market all bets are off.)

Comment: Re:Control... (Score 1) 926

by gdshaw (#45385013) Attached to: Where Does America's Fear Come From?

Both July and August are named after gods

Minor correction - they were named after Roman emperors, not quite gods. Still not great role models, so point taken.

That's a matter of perspective: followers of the Roman Imperial cult would have considered them to be gods, followers of most other religions obviously wouldn't. Since their elevation to godhood would have been formalised by the senate, and since we have firm evidence that both individuals existed, you could argue that as deities go their claims are stronger than most.

(Granted I'm not sure which came first, month naming or apotheosis - quite possibly the former.)

"Most of us, when all is said and done, like what we like and make up reasons for it afterwards." -- Soren F. Petersen