Forgot your password?

Comment: Re:Unit Tests are Not Optional Anymore (Score 1) 445

by itsdapead (#46723505) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

No production code without unit tests. Every possible type or class of input must be tested. All assumptions must be tested. All outputs must be verified for each possible combination of inputs. All failure modes must be exercised. No excuses, just do it.

Unit testing would only have caught this if someone had thought to test for an invalid payload length in the incoming request. Maybe OpenSSL would be a good candidate for full-blown formal methods that could mathematically prove that it matched the specification - however, then its important to remember that the proof only says that the code matched the specification not that the specification matched the real world, so all it really does is shift the complexity and scope for errors to the specification.

Thing is, for networking, those tests need to be right there in the code. Any data coming in off the web needs to be treated like a TSA officer treats a hippie in a 'Legalise Dope' T-shirt. Simple code review shows that OpenSSL wasn't doing that.

Comment: Re:Sloppy code (Score 3, Interesting) 445

by itsdapead (#46723439) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

I glanced at some of the OpenSSL C code, in particular the new code that introduced this bug.

I don't disagree about the 'coding style' issue, but that kinda misses the point. The points are:

Theres a memcpy() - where is the bounds checking? Hello? Its not 1976. We all know memcpy is dangerous. Where there's a memcpy there should be a bounds check... even in a fart app. If the project has secure in the title there should be paranoid anal-retentive checking of both the source and destination buffers.

The code uses data that has come from teh interwebs, - again, where's the obsessive-compulsive validity checking on everything that comes in?

However, that's still not the point. Programmers make mistakes - and this bug was at least a bit more subtle than the usual one where the bad hat sends an over-length string.

The problem is with the oft-made claim that Open Source security software is extra-safe because the code is public has been seen by many eyeballs. That claim is dead. Possibly crypto experts have been all over the actual encryption/decryption algorithms in OpenSSL like flies on shit - however, clearly none of them looked at the boring heartbeat stuff. That shouldn't be the death of open source, though - Windows is proprietary and look at the sheer terror caused by the prospect of running Windows XP for one day after the security patches stop...

Comment: Re:I believe Kate (Score 1) 641

That's a little harsh. Lawrence Krauss was also tricked into appearing in the documentary, are you going to claim he's stupid as well?

Its quite easily to believe that you could invite a scientist to be interviewed for a legitimate-sounding science documentary and then assemble a few soundbites that supported your cause by cherry-picking statements and using them out of context.

Its slightly harder to believe that someone could record the complete narration of such a film without getting some idea of what it was about - or at least getting suspicious. Nor does it pass the plausibility test that the makers would go to the time, expense or legal risk* of large-scale manipulation when there are plenty of real life Troy McLures out there would will read out whatever the hell they were handed if they needed money or lizards.

Of course, you'd really need to watch the film to make a judgement, and I don't propose to pollute my eyeballs with a single photon of it.

(* Yeah, its technically easy to change 'I do not believe that' into 'I do believe that' - but if you get caught you'll be slaughtered in the subsequent lawsuit. Better to take complete statements out of context and make it a question of interpretation).

Comment: Re:Them Brits is smart (Score 1) 40

by itsdapead (#46706355) Attached to: Data Storage Pioneer Wins Millennium Technology Prize

Yeah but they have ass breath and rotting, discolored teeth.

Only because our leaders keep taking advice from the Americans about how to run a health service (and for some reason, dentistry has taken a far worse hit than other services: even if you can find a national health service dentist you still have to pay non-trivial sums for treatment if you're not a child or OAP - c.f. Doctors where the worst case is max ~£10/month for prescriptions. I guess not enough babies die from toothache to motivate the opposition).

Anyway, once they all rot and fall out you can get dentures and enjoy unnaturally white, uniform, plastic-looking teeth just like an American.

Plus, we're much more reluctant to humiliate teenagers by forcing them to wear mediaeval torture devices to straighten their teeth just when they're most sensitive about their appearance.

Comment: Re:Any chemists want to weigh in?? (Score 2) 256

by itsdapead (#46704987) Attached to: Navy Creates Fuel From Seawater

An amp of current produces about a half a litre per hour of hydrogen gas. A 9V batter with 0.5-1 Ahr is not going to produce less than a litre of hydrogen gas, which wouldn't be a problem even in a small closet.

A litre? OK, you get to stick the burning splint into the collection bottle to test that it's hydrogen. I'm quite attached to my eyebrows. A few ccs in a test tube is enough for a satisfying 'pop'.

Half a litre of pure O2 is more than enough to do something inadvisable with, too. Pass the wire wool and the blowtorch please...

However, I wasn't suggesting that the hydrogen and oxygen were more of a deadly peril than the chlorine - just that its silly to single out one chemical because its been used in warfare and ignore the other potential risks. G.P. forgot to tell people not to drink the electrolyte, swallow the battery or get strands of copper wire stuck in their fingers.

Comment: Re:Any chemists want to weigh in?? (Score 4, Insightful) 256

by itsdapead (#46702989) Attached to: Navy Creates Fuel From Seawater

Chlorine gas is toxic. It was used in shells to poison troops in WW1.

Whereas both hydrogen and oxygen are perfectly safe and have never been known to case any sort of problem whatsoever... well, ok, there was the Hindenburg, and Apollo 1, and...

So if you do the described experiment while locked in a badly-ventilated room, leave it running for long enough to increase Ever Ready's share price by 1%, ignore the eye-watering stink that even a whiff of chlorine will produce and then light a cigarette, you could be in real trouble. If only from all the crap in the cigarette smoke...

However, all this pales into insignificance alongside the experiment's reckless use of the liquid death that is Dihydrogen Monoxide!

Seriously, guys, when everything is described as dangerous, nothing gets treated as dangerous. If you're not sure what it is, don't wait for someone on the internet to tell you not to snort it.

Comment: Re:Just refuse to pay the fee. (Score 1) 77

Of course the gaining registrar charges a fee for transfer -- which covers the domain registration.

Nominet aren't the 'gaining registrar'. They're the master register for all .uk domains - i.e. they record which domains are registered, who owns them and which registrar is managing them.

If you want to move your domain from 'CheapoReg' to 'WonderDomainz' then CheapoReg has to register the change with Nominet - or you can do it directly by paying £10 to Nominet.

I assume that registrars pay some sort of tithe to Nominet.

123-reg don't charge for a transfer in: you only pay when the domain next comes up for renewal.

If this is just on the .UK domain... then be sensible, and register a .COM or a .NET in the first place.

Except that or domain registration costs ~ £4/year c.f. ~ £10/year for .com or .net, so unless you have nothing better to do than continually changing registrars, a £10 transfer fee if you decide to shift registrars is pretty much moot (...and that's £10 per batch at Nominet if you have multiple domains). More to the point, anybody getting hot under the collar about spending less per year to register a domain than they spend per month on mouse batteries (or whatever £4/month expense is more applicable to you), seriously needs to re-evaluate their priorities.

Comment: Bit of perspective... (Score 1) 77

First, there's no doubt that 123-reg have handled this badly, need to change their advertising and probably need to eat a few £10 fees and apologies. So I'm not totally defending them. However, I do wonder exactly how much 'service' people expect for the few pounds a year per domain that these 'budget registrars' charge. I'd guess that straightforward registrations are a loss leader for them, and they rely on selling 'cherished' domains, ads on 'parked' domains and hosting sales for actual profit.

The 'IPS tag' change is an extra (at least c.f. .com/.org) step required for '' names managed by the UK central registry, Nominet. You can make this change yourself via the Nominet site, but they'll charge you £10 as well. That's more than 123-reg charge per year for a regular Even if they get a reduced rate it's going to eat their profit - in fact, without this change I could transfer in a domain, and transfer it out again before it expired without paying 123-reg a penny.

I notice that Nominet has just changed its contract for registrars and while life's too short for me to plough through 10 pages of legalese, so maybe the timing is not a coincidence.

Comment: If only... (Score 1) 150

by itsdapead (#46660757) Attached to: Will Living On Mars Drive Us Crazy?

If only there were documented cases of people living in confined, isolated conditions in, I dunno, research bases in the Antarctic, prisons, hospitals, tin cans under the sea for weeks at a time, or even tin cans in low Earth orbit... then we could learn all about the effects of isolation and cramped conditions.

Now, I'm full of the Wrong Stuff, and won't be volunteering to go to Mars anytime soon... but if I did, I suspect it would be because, whatever the discomforts and dangers, you got to explore strange new worlds, boldly go where no one has gone before and all that jazz. Doing that in a simulation strikes me as particularly depressing with no pay off beyond some psychology and physiology research - that could probably be obtained from existing data, and are unlikely to result in any high schools being named after you.

Doing this in the Antarctic, or in some deep-sea habitat and combining it with some exploration or research that would motivate the non-psychologist members of the team seems like a better simulation.

Comment: Re:Can someone explain this to me? (Score 1) 353

I get the idea about maxing the RAM out - faster speeds and all that. What I don't understand is how moving to an SSD drive saves the cost on a new computer?

What the headline meant, in its English-mangling way, was that adding a SSD to your existing computer will give it a new lease of life, saving you the expense of buying a new computer.

An SSD has faster read/write times I've heard, but doesn't that still leave the bottleneck of the CPU? Is it supposed to act as RAM or a pagefile location or something?

Reviewers and online nerds tend to obsess about how many hundreds of megabytes a second they get in sustained-transfer disk benchmarks - figures that you'll rarely hit in real usage unless you're into editing and copying 4k video, or something similar data-intensive.

What they gloss over, is that virtually any SSD will have order-of-magnitude lower seek times than a conventional hard drive - put crudely that's the time your HDD spends laboriously dragging the read/write head to the right position and waiting for the bit of data you want to spin around to it. That makes a huge difference when your computer has to access lots of bits of information scattered over the disc - particularly when booting, loading applications or if your drive has got fragmented. Running multiple tasks? Tasks no longer have to play tug-o-war with the drive head to get the data they need.

Watch your HD activity light sometime and see how much time your computer spends faffing around with the HD.

And yeah, if you do run out of RAM and your machine starts paging to disc, a SSD will speed that up no end - although in that case upgrading RAM is probably going to be cheaper.

I don't have any vested interest in selling SSDs, but I'll vouch that putting a SSD in my laptop made it feel like a new machine.

Comment: Re:Amazing (Score 1) 400

If you want to factor in fixed costs like printer cost and maintenance, please kindly include cost of factory in china, salaries of factory workers, cost of trans-atlantic ship and crew, tractor trailer, etc.

If I buy a soap dish at the store, I don't have to buy a factory in China.

Even saying that the price of that soap dish includes a contribution to the cost of the factory is pretty naive - the factory was probably government subsidised, paid for by a loan secured on the manufacturers share value rather than their turnover, and the price of the soap dish is determined by the state of the international plastic-soap-dish-futures market.

If I 3D print a soap dish, I pretty much need a 3D printer.

If I bought the 3D printer entirely or partially for the purpose of making my own small plastic household goods and saving money, then I absolutely need to take the cost into account when calculating my 'savings'.

Also remember that the business model for home printers has, for a long time, been to sell the printer as a loss-leader and then make money on the supplies. So, really, the initial cost of the printer is likely to be built-in to the consumables cost.

I do get your argument - e.g. if you absolutely need a car to get to work every day, there's no point factoring the fixed costs into an argument about whether its cheaper to get the bus for your weekend daytrip. However, this whole thread implies that making your own goods will be a Unique Selling Point for 3D printers and that typical households will buy them to print items from pre-defined templates. Only a small proportion of users, with the creative skills and inclination to produce their own unique items for hobbies and entertainment, will have another justification for the cost.

Comment: Re:I went for it. (Score 2) 161

by itsdapead (#46647473) Attached to: App Developers, It's Time For a Reality Check

I now have almost $150,000 in debt, ruined credit, and no job prospects. What should I have done different?

Not run up $150,000 in debt.

If developing your world-beating software cost more than a chunk of your spare time (while continuing in college), a hundred bucks or so for developer subscriptions and the use of a PC that you would have bought anyway, you did it wrong.

If you're building a better mousetrap, you'll hit the unavoidable roadblock where you need to manufacture thousands of the things to get them into the shops, and you'll need finance. With software - that needn't happen. Even in the bad old days before the internet, blank floppies were cheap, the elbow-grease needed to make 100 copies was free and the mark-up on the first 100 would easily pay to get the next 1000 professionally duplicated.

Now, with the internet, you don't have to do anything in quantity - and Apple, google, Amazon et. al. will not only put them on their virtual shelves but also handle all the payment processing for a measly 30% commission. It always amuses me when I see developers whinging at that.

The danger is that, at the age of 17, a few thousand bucks falling into your lap seems like a fortune. It isn't.

Software sales back in the 90s and early 00s paid for my house but (and this is important) paid for my house while the day job was paying for everything else. Its not a very big house.

Comment: Re:Amazing (Score 1) 400

Let's break down the variable costs of your soap dish example (assuming the soap dish factory in China already built and 3d printer purchased)

3D printer costs: - 20 minutes of time my to find the design, boot printer and spit the item out. - Monetary cost: feeding in raw plastic and electricity should be negligibly cheap.

So, this is the 3D printer that you get for free and doesn't require any maintenance, replacement parts etc? Newsflash - even RepRap costs money for the non-printable components, and that's not exactly a consumer friendly solution. You'll have to make quite a few soapdishes to recoup the cost. I don't think I buy that much plastic tat in a year.

Meanwhile - here's betting that unless you use enough raw plastic to bulk-buy from a wholesaler, you're be paying $19.95 per quarter-pound spool to feed your printer. Or you could collect about half-a-dozen plastic bottles, wash them, cut them up, feed them into the extruder (add the cost of that to the equation) and enjoy your murky greeny-greyish-brown soapdish.

After that 60% of still unsold soap dishes go to landfill. This is where the real costs of mass production kick in. Shelf space aint cheap. Landfill is still free, but it should not be.

Of course, in the brave new world, those unsold soapdishes won't go to landfill - they'll be sold to 3D Printer Supplies Inc. who will recycle them and sell the plastic to home 3D printer owners at the bargain price of $19.95 per quarter-pound spool. In fact, this business will be so lucrative that entrepreneurs will be importing cheap plastic soap dishes, bypassing the pound store, and selling them direct for recycling into printer supplies. I mean, this is Earth we're talking about here, not Vulcan!

Comment: This is why its so hard to spot April Fools... (Score 2) 232

by itsdapead (#46628945) Attached to: Judge Overrules Samsung Objection To Jury Instructional Video

Whisky tango foxtrot?

I could understand it if the judge decided to show something she'd TiVOd of Discovery Channel the week before but this sounds as if it was made for this specific purpose.

What possible combination of misconceptions would lead the 'Federal Judicial Center' (the name suggests they might have the odd law degree to share between them) to feature any recognizable commercial products in an instructional video specifically made to instruct jurors in cases inevitably involving competing businesses?

Surely, any moron commissioning such a video would have 'Don't show any brands or recognizable products' on page 1 of the brief? With a footnote saying 'even if its arguably not in the context of patentability - we don't want to create excuses for objections or appeals when all those fellow lawyers are getting paid by the hou...

Oh, wait.

Comment: Re:Amazing (Score 4, Insightful) 400

So if I understand this correctly, thanks to the 3D printer we will soon have access to affordable items made of plastic.

Actually, make that less affordable items made of plastic, since buying and maintaining a domestic-size 3D printer and keeping it fed with raw materials is almost certainly going to cost more per item then buying mass-produced stuff. That's without factoring in the time needed to load up the printer, trim and assemble the output etc (So, how long is it going to take your home 3D printer to grind out a soap dish, shower nozzle, curtain rail, 20 curtain rings... and how much hand-finishing will they need?) When 3D printing technology evolves beyond making simple plastic widgets very slowly, you'll bet that factories will be installing industrial-strength ones that can turn out items at 1000 times the rate and at 1/1000 of the cost of your home printer...

Behind every great computer sits a skinny little geek.