Forgot your password?
typodupeerror
The Almighty Buck

Journal: More evidence of /.'s secret, hypocritical user tracking/ad

Journal by gzipped_tar

This is a follow-up of a previous journal entry "Ads Disabled, or Not". In that post I revealed how Slashdot tracked you and gave your reading behavior profile to ad companies even if you had "ad disabled" selected AND NoScript blocking those 3rd-party spying companies.

I never tried to discover the exact mechanism of NoScript-bypassing by reading the /.'s SNAFU javascript code. I guess the reason of NoScript not working is /. uses its own (and its corporate overlord's) javascript, which is whitelisted, to send the tracking information, rather than just inserting the vendor-hosted javascript in the page source like you next-door blogger.

OK, apparently some of the customer-spying mercenaries has pissed off the corporate overlords. coremetrics.com, a user tracking service once used extensively by /., has been replaced by scorecardresearch.com.

Or perhaps it's the other way around, that /. has pissed off coremetrics because too many tech-savvy readers here knows about /.'s hypocritical user tracking and has blocked those attempts successfully, thus preventing coremetrics from reaching the goal of mining enough data from /..

Anyway, who cares. Let n00bs be tracked and spied on by those filthy mercenaries. Real Slashdotters(TM) has already given up the last little trust on Slashdot, if any.

Censorship

Journal: SLASHDOT ATE MY JOURNAL!

Journal by gzipped_tar

I just now wrote a journal entry about the new "Admin" link in the user page (http://slashdot.org/~$USERNAME/admin). The link is right next to the "Achievements" link. In the same journal entry I jokingly said the mysterious link could be a "leaked" handle of admin-only functions.

After that, my journal entry appeared in the Firehose even if I didn't check the "Publicize" box. It was voted Green, and then disappeared from Firehose and my own Journal section.

Data loss, Slashcode SNAFU, or some Editor trying out his new nuke-the-user-from-orbit "Admin" tool? You decide.

And I for one welcome our journal-eating overlords.

EDIT: Oh, it's back: http://slashdot.org/journal/241922/User-page-Admin-link

But explanation?

User Journal

Journal: User page "Admin" link?

Journal by gzipped_tar
http://slashdot.org/~$UID/admin

Currently points to the user page but the link is there on the user page, right next to "Achievements".

Some leaked, Editor-only, I-can-do-whatever-I-want-to-smite-you handle? ;)

The Almighty Buck

Journal: More on ads

Journal by gzipped_tar

Following this story: http://tech.slashdot.org/article.pl?sid=09/11/30/166218

Let the Q & A begin:

Q: There's no free lunch. You view ads so that the content producers are paid. Are you a Chinese commie zombie hacker Muslim terrorist?

A: We're talking about bandwidth here. I'm a geek and by definition I'm smart enough to block the ads so that I'm able to enjoy faster, less annoying Web experience. However, most people aren't, and they are served ads. Those ads traffic eventually makes everyone else's link slower (and more expensive), including mine, because it eats up the ISP's bandwidth. So I suffer because someone else's not doing something. That's ungood.

Q: Commie terrorist confirmed. You paid for your bandwidth and they paid for theirs. That's it.

A: If I use BitTorrent, I'll be throttled down so the good non-filesharing subscribers can have a reasonable bandwidth. Same thing should happen to them when they're wasting bandwidth on ads and I'm actually using the Internet. Just wait until the ads traffic volume grows to have a non-negligible impact on normal web usage.

Q: You don't seem to like the idea of using the hosts file as a blacklist like everyone else. What's your problem?

A: The hosts file should be used to do what it is supposed to do: tell facts about hostnames, aliases and ip addresses, not lies. Don't use it to cheat the OS even if you don't run your own Web server on your localhost. Use a firewall, NoScript, proxy server, anything.

Q: Is this write-up a rant or a flamebait or are you simply trolling?

A: Yes.

The Almighty Buck

Journal: Ads Disabled, or Not 1

Journal by gzipped_tar

I've noticed this since day one but I decided to write about it only now.

On the index page of Slashdot there's a checker-box with the option "Ads Disabled" and a short note "Thanks again for helping make Slashdot great!" for me. I'm not a subscriber but I'm still awarded with this nice option. I guess it would be automatically available for all regular users with "a good karma". Well that's good, except it isn't. Or worse.

Before the appearance of such an option, I use NoScript to block everything on Slashdot other than that from slashdot.org or c.fsdn.com which hosts scripts that serve the normal malfunctioning of the site itself. After I accepted the no-ad offer, Firefox's status line began to show messages saying it was retrieving content from google-analytics.com and coremetrics.com, two ad servers. I haven't delved into the page source for the cause of this but I don't want it. It seems the (no-longer-)new "Ads Disabled" switch is designed to do the opposite of what we think it does: rather than a kill switch for ads, it does nothing to stop the ad servers from sniffing the readers' online activities, presumably even playing some role in bypassing readers' contermeasures.

For me this issue is somewhat mitigated by my habit of browsing the Web via a proxy server configured on the localhost with a custom, host-based blacklist (yeah, I know blacklists are an illusion and I should have used whitelists instead, and I get off your lawn). Here is a snippet from my Squid log:

127.0.0.1 - - [22/Sep/2009:19:18:18 +0800] "GET http://www.google-analytics.com/__utm.gif? HTTP/1.1" 403 2795 "http://slashdot.org/" "Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.3) Gecko/20090909 Fedora/3.5.3-1.fc11 Firefox/3.5.3" TCP_DENIED:NONE
127.0.0.1 - - [22/Sep/2009:19:18:18 +0800] "GET http://data.coremetrics.com/eluminate? HTTP/1.1" 403 2657 "http://slashdot.org/" "Mozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.3) Gecko/20090909 Fedora/3.5.3-1.fc11 Firefox/3.5.3" TCP_DENIED:NONE

This is recorded when using Firefox with NoScript enabled and properly configured (using a whitelist).

Programming

Journal: Data safety is too important to be entrusted to FS alone

Journal by gzipped_tar

When I clicked on the "Write in Journal" link to write this ramblings down here, I noticed the pun in it, because this story is inspired by the recent posts on the EXT4 data losing matter.

There was a huge amount of finger-pointing, FUD, and groupthink-catering in the comments and I don't wish to repeat them here. Just some random points of interest I gathered by reading them.

  • Does fsync() cripple the system?

    I expect fsync() to be a heavy operation for all filesystems except tmpfs because, well, it's side effects include (usually) the spinning up of disks. The performance (more accurately, temporal performance) is expected to be affected. However, "performance" is too vague a point to be discussed in this manner, and in real world programmers are paid because they are supposed to make reasonable, case-dependent trade-offs between stability and speed (i.e. the "performance" you hear a lot among the comments).

    To be specific, since fsync() gains points in data safety by sacrificing speed, and this is almost the case for all FSes, the reasonable and cross-platform tactic should be separating out the "precious, need fsync() whenever possible" data away from the "non-essential, don't have to worry about crashes in the middle" data, and use whatever heavy operations to ensure the former's safety (fsync, transactional database, or whatever shiny gadgets out there) while leaving the rest to be taken care of by the FS. By nature, you don't write to the "precious" data's storage very often like you do with other data, so the performance hit could be limited within the minimum necessary.

    In a word, using fsync != peppering the code with unnecessary fsync, and if you find yourself in a situation where you have to fsync() a lot, don't worry, it's time to show off your optimization skills ;)

  • Are the KDE guys, and millions of app developers at fault?

    Probably yes, because their approach to the safety of the configuration file was not FS-independent, relying on undocumented features.

    However, to look at things the glass-half-full way, they stumbled upon this caveat just because they are trying to ensure data safety. Had they not even bothered with this "petty safety issue" from the beginning, they wouldn't be able to make this mistake, er, I mean discovery. After this affair we can expect the overall safety of user data under KDE improved, not degraded.

  • Are the EXT4 guys, particularly TyTso, at fault?

    Probably not, though I'm not sure.

    I admit I may be biased on this point. I'm a user of both EXT3 and EXT4, and I tend to defend my choice. I think TyTso and other EXT4 developers are brilliant guys to which I own a lot.

    I think the solutin from Tso is sound, albeit not perfect. They are offering an upcoming patch which provides backward-compatibility. It's not perfect because it's an ad-hoc plug in the leak, but well, I don't know better than they do so it's not up to me to comment further.

  • Is the POSIX standard at fault?

    I don't think so. The POSIX standard doesn't address this issue. Want filesystem transaction? Probably time for something else in parallel to POSIX (as long as it's an open standard not affected by corporate greed a la OOXML).

    Which, I think, renders Tso's "POSIX defence" more or less Chewbacca-like, but he did point out a technical problem which is taken for granted by many, and should not. By the "POSIX defence" he can't prove that EXT4 is feature-complete (but was he even trying to prove that?) while pointing out the problem of relying on non-standard features (see the KDE section above).

  • Is this the death bell of EXT4? Is ZFS putting the final nail into the coffin of Linux?

    No and no. Heck, how did I even bother to answer this one?

  • You don't have any bones. You are just keeping it moderate by using weasel words and a lot of "probably".

    Probably ;) but it doesn't matter that much as data safety ;)

It's funny.  Laugh.

Journal: Slashdot SP3 1

Journal by gzipped_tar

Slashdot no longer displays the number of comments on the "classic" index page. No matter how many there are, it's always zero.

This is a blatant move initiated by Rob and his minions to cripple the classic view and force us switching to the new view. Remember Windows XP SP3?

User Journal

Journal: I am an idiot, you insensitive clod.

Journal by gzipped_tar

http://news.slashdot.org/article.pl?sid=09/01/02/2254238

Most blatant summary-troll I've ever seen on Slashdot.

To put it simple:
1. We are not judges.
2. "Idiot" is an insult. Insults are awful.
3. Self-proclaimed "intelligence" is awful, too.

I know this is Slashdot, but it doesn't matter. I think the attitude displayed in that summary is wrong and this has nothing to do with where it appeared or which audience group it targets at.

And I may be wrong.

User Journal

Journal: Wacky use of NMAP

Journal by gzipped_tar

http://books.slashdot.org/article.pl?sid=08/12/08/1443223

I would have posted my NMAP story there, but well, it's too long and off-topic.

The story goes like this. I was in a astronomical observatory for a short of time, carrying my Fedora Linux laptop with me. Most of the co-workers there use Windows though (the horror). One day I found myself in need of printing something and there's an HP LaserJet sitting there. I asked "Is this one connected to the LAN? What's the IP address?" Someone kindly dug the IP out of his Windows configuration and hmm, Fedora managed to download the relevant bits from its repository and set up a working printer given the IP address.

Some days later, I changed to another office. I was in need of a printer again, but this time almost everybody was out on a conference! I can't use the former one because that room was locked and I didn't have the key. There's another HP in the room thought, so I asked the same question "so what's the IP address of this one..." and the two remaining people (one guy and one gal) stared into my eyes, as if I was something of a defect on an astronomical image. They apparently never heard of things like "the IP address of the printer" while using it all the time. They allowed me to use their Windows computer for a while to find it out, but I couldn't. I tried everywhere I thought was possible but I couldn't find it.

Then I came up with an idea. I asked one guy to print a few pages. While he was doing this, I used Wireshark to sniff the LAN and see if I could find something out. Well, nope. Also, because everybody was out, the LAN was extremely quiet...

I knew I'd already bothered them too much so I went to the sysadmin and asked a list of printers. I explained the situation and he gave me one. The observatory's LAN was supposed to use static ARP and every machine has to be registered (MAC address, owner, type, usage, etc.) at the sysadmin's before gaining access to the LAN.

However, when I was back to my computer, I found the list was wrong. Considering their adopting of static ARP, I had no idea why this was happening. Anyway, the admin couldn't help more. I then came to my final resort, NMAP. With NMAP's port scan, I discovered a few hosts that looked like printers (port 80 wide open for web-based administration, a bunch of Windows SMB-related ports, suggestions in OS detection, etc.). Because most of them had the administration page open to the LAN, I was able to get the model numbers from the pages and see if they matched the one I was going to use, thus eliminated a few possibilities. I then sent the CUPS testing pages to all the rest IPs, one by one... I heard distant sounds of printer crunching and spewing... and finally came to the one in my office.

I never explained what I did to the admin, and he never came up with anything to me. I thought that was tacit agreement... or he just never found out.

User Journal

Journal: WP:OR

Journal by gzipped_tar

http://news.slashdot.org/article.pl?sid=08/11/29/1814222

Comments to the story linked above reminded me of this anecdote. I was writing up an WP article on a certain software library.

You know, there's a template specially designed for software products, where you can put info into text fields such as name, language, platform, version and release date, etc. To make sure it meets the standard of Wikipedia as closely as possible, I carefully organized my reference list before I set out to write it. I tried to make the list comprehensive: even facts like release date needed its citation.

However, the exact release date was only available in the comments in the source. The author's release-notes were not dated (horror). As I was not sure which template to use for citing source code, I pushed a question to the help desk. I asked it simply because which one was the best for *formatting* source code citation. I was pretty sure it would be OK citing source code. I've seen many books on computing doing that, and there are also published academic papers citing source code.

To my surprise, the first respond was something like this: "You don't do that. It's OR." Until then did I realize the real-life omnipresence of deletionism out there. I used to think it is a fictitious entity used to scare small children.

OK, I was not even trying to research anything. All I needed was to tell the reader "Package foo, version bar was released on XXX. Everybody knows it was *indeed* released on XXX because the author, who is after all sure about his own product, made it public in the source code in path/to/filename.c." Does that count as OR?

After all, I just ignored that opinion altogether. If anyone feels like taking down the article, be bold (WP:BOLD) and do it. Anyway, it's a small and "low traffic" article not notable enough to touch our deletionist overlords' egos. (And I think the whole "notability" stuff is a joke. Only the articles notable enough are caught by the trolls to be pushed to the deletion line.)

A note to deletionism zealots: look at WP:HORSE. Please don't mindlessly slap the OR tag on other's writings. If it *is not* OR and you *call* it OR, it is still not.

Disclaimer: I'm not attacking the Wikipedian who gave me the OR answer on the help desk. I'm not irritated by that comment, but by the various editor wars on other articles.

Posted in Journal because this is off-topic.

"Why can't we ever attempt to solve a problem in this country without having a 'War' on it?" -- Rich Thomson, talk.politics.misc

Working...