Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Statistics and R (Score 1) 144

by janoc (#49209483) Attached to: Go R, Young Man

I think that the logic is that a business professional will benefit more from what a specialized language like R can offer than from the general purpose stuff. The manager is not going to code a website or an accounting database (where the general purpose languages would be useful), however, they may need some sophisticated business analyses or reports that nobody else can do for them - and R is very good for that.

On the other hand, learning R without learning (and understanding) statistics is pretty much pointless and that is *much* harder task than learning the language. Lot of people buy SPSS (a tool similar to R, just with a nice UI) for a lot of money, then load random data and start pressing buttons following some sort of cookbook/cheatsheet. Random numbers come out and then they wonder why their "analysis" doesn't match the reality. Then they go and hire expensive business consultants - who do the same thing while spouting jargon, only charge for it a lot more.

R is a very powerful tool, but without a solid background in statistics and data analysis it is like giving a scalpel to hospital nurse and declaring her a brain surgeon ...

Comment: They still don't get it (Score 3, Interesting) 445

by janoc (#49182797) Attached to: Microsoft Convinced That Windows 10 Will Be Its Smartphone Breakthrough

"... and provide an experience very much like the desktop"

Which is exactly what people don't want.

Microsoft should finally pull their collective head out of their backside and stop making everything into a PC with Windows. A phone isn't a PC, it isn't used in the same way, so a "desktop experience" is very counterproductive on a phone.

One would think that they have learned something already ...

Comment: Re:Hashes not useful (Score 1) 324

by janoc (#49160783) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

The fact that this practice is widespread in the Linux world originates from the usage of insecure FTP mirrors run by volunteer admins. There it's possible for a mirror to get hacked independently of the origin web page.

Sorry, but that isn't how it works. The role of the MD5/SHA1 hash on the website is not security but the ability to quickly check whether or not the download was corrupted in transfer so that you don't waste time burning a corrupted ISO image, for example.

The real security feature are the cryptographic signatures inside the packages themselves. Both RPM and DEB formats allow the use of these and most Linux distros use them. There is both a hash and a crypto signature to check that the package comes from who it claims to be coming from and that it wasn't tampered with.

+ - Lenovo pre-installs malware injecting ads and spoofing SSL certs->

Submitted by janoc
janoc (699997) writes "Lenovo is pre-installing adware/malware called Superfish on their laptops which serves ads for products you may be browsing/shopping for, "but cheaper". Unfortunately it also breaks into SSL sessions by installing a false root certificate, allowing for potential snooping on secure sessions."
Link to Original Source

Comment: Classic DRM flaw ... (Score 2) 215

by janoc (#49048065) Attached to: New Encryption Method Fights Reverse Engineering

As this, by definition, requires that the encryption key is present in the clear on the machine where the decryption is happening in order to make it possible to decrypt the instructions (CPU cannot execute encrypted code), then it can be trivially circumvented. Finding where the key is stashed is going to be only a matter of time and then the encrypted code can be conveniently decrypted off-line, repackaged without the stupid performance-impeding encryption (caching will suffer badly with it) and released on a torrent somewhere, as always ...

Fundamentally this is not different from doing ROT13 on your code - code obfuscation.

Comment: Re:How can someone think that this is a good idea (Score 2) 157

by janoc (#49006709) Attached to: Automakers Move Toward OTA Software Upgrades

Having cars reflashed at a dealership is something different - the mechanic will usually do at least some basic sanity tests that everything works before handing it over to the client.

Anyway, my point wasn't that reflashing firmware is bad - it may be even required and I am fine with that. It needs to be done safely and securely, though!

And yes, Toyota had a big software problem too, even though it wasn't why they have lost that accelerator pedal lawsuit:

Comment: How exactly is this news ... (Score 2) 83

In particular, BMW has a history of similar cockups - just search youtube for various "iDrive problems", "Check engine reset" issues, "Engine stalling" issues, etc. Those software problems go back years. The first iDrive implementation from 2002 using Windows CE was a legendary lemon.

It isn't just BMW, though -

I had a Renault Clio and Renault's unreliable electronics is legendary too, even though there it was more a poor design than necessarily bad code. But you will never know - nobody has seen the source code of the firmware in many of the control units. Often not even the manufacturer has it - it is outsourced and subcontracted, even for critical systems like ABS or ECU.

And I am pretty sure that this is industry-wide problem - the same control units are in many cars, especially today with all those shared platforms and alliances between manufacturers.

If someone is thinking about drive-by-wire cars (Nissan, uses a safety clutch to be legal atm, but they have publicly announced a push to go fully by wire or the recent idea about the OTA updates in this sort of cesspit of horrid and unaccountable code, they must be insane.

Comment: How can someone think that this is a good idea ... (Score 4, Insightful) 157

by janoc (#49000101) Attached to: Automakers Move Toward OTA Software Upgrades

I am not against the ability to perform an OTA update in principle, but considering how abysmal record with firmware (and software in general) these companies have, this is a major disaster waiting to happen.

When Microsoft, Apple or Google botch an update, there will be a few dead computers or phones at worst. If someone like e.g. Toyota or BMW (both with a "proven" record of poor quality firmware - think "stuck" accelerators or the famous BMW video of stalling car spitting out its key at the driver) push an automatic OTA update and something unexpected fails, there will be *dead people* in addition to dead computers. And something *will* fail sooner or later - we are far far from the ability to write provably correct code as a matter of course. And embedded code is often one of the worst examples of both software engineering (non-)methods and quality, mainly because it costs money and time to do things properly instead of outsourcing the firmware to the lowest bidder somewhere in a sweatshop. Nobody will ever see that code anyway, right?

The only way this can work safely is with previous user's authorization - i.e. *never* automatically and unattended. In that way I can make sure that I am safely stopped and not going 130 kph on a motorway when my engine or brakes decide to go bust on me. That is, AFAIK, what Tesla is doing (a message pops up and the driver needs to accept the update). However, unless this mode of operation is made mandatory, some dickhead will for sure push an automatic update at some point. It is just too tempting to not to and I would be surprised if Tesla didn't have an option to push a "silent" update too already ...

The other point that nobody reacted on so far - do you really want an always-on, always phoning home wireless connection in your car? That's a wet dream come true for anyone who wants to track your car for whatever reason. Tesla is doing it for (ostensibly) performance tracking (and, conveniently, busting lying journalists), your insurance may start to require access to that data if you want to keep your premiums low and finally police and spooks will rejoice, because they don't even have to bug your car or bother with license plate cameras anymore ...

Comment: WindowsRT anyone? (Score 4, Insightful) 307

by janoc (#48958843) Attached to: Microsoft Announces Windows For Raspberry Pi 2

People are getting all excited about this, but they are forgetting that this is *not* going to be a full featured Windows able to run their Office and what not. First of all, it is an ARM architecture, so regular Windows apps won't work unless they have an ARM version (extremely rare). The OS is most likely going to be the cut-down WindowsRT and running on an underpowered hardware - the new Raspberry Pi 2 is still much slower and has less RAM than even the first Microsoft Surface RT, which wasn't exactly known to be a speed demon ...

Microsoft is pushing this as "Internet-of-Things" platform, but I honestly don't see how WindowsRT presents any advantages there over a dedicated OS without the unneeded GUI bloat. And for education? Yes, there will be perhaps Office RT and few Microsoft's apps available, but that's all. What are the kids going to run on this? Visual Studio?

Comment: Let's hope ... (Score 4, Interesting) 38

by janoc (#48907741) Attached to: Virgin Galactic Dumps Scaled Composites For Spaceship Two

That this isn't going to come back to them in the form of another smouldering crater, except with paying passengers this time.

Delays and problems notwithstanding, dumping a company that has essentially designed and developed the entire thing and handing the project to someone else who doesn't have the know-how about this particular system sounds really unwise, especially after the enormous amount of resources that were spent already. Probably the wealthy investors started to push on Branson and Rutan didn't want to compromise on something, so they decided to bypass them. Or Scaled isn't trusted to not mess something up again as it wasn't a first serious safety-related incident there.

One way or another, this isn't really a confidence inspiring move from an engineering point of view - I cannot imagine the motivation and morale of the people building the craft after being told that no, they won't be allowed to be involved in the testing, except as consultants.

Comment: This guy shouldn't be teaching (Score 0) 648

by janoc (#48857459) Attached to: Justified: Visual Basic Over Python For an Intro To Programming

This fellow has obviously no clue about Python and likely not much about programming in general when he can spout such nonsense about Python being "C-based" and "unable to do more complex things".

I read this more as - "I know Visual Basic so I will do everything in VB to save time". If he has said that, he could have avoided presenting himself as an ignoramus spouting techy mumbo-jumbo to get that parent off his back that doesn't really know much about the subject he is supposed to be teaching. I had colleagues who were teaching object oriented programming at a university using Max/MSP and dragging/connecting boxes - "These are objects in Max, so it is an object oriented programming!". But that is what you get when you have a music composer assigned to teach computer science (not kidding ...).

I am really sorry for those kids, because Visual Basic is a pretty terrible language to start from - it is very limited in what it can do and then anything more complex is directly linked to the Microsoft Windows idiosyncrasies, with little abstraction. They would have been much better off with something like Python & Pygame combination (I did teach a first semester programming class like that). Or even better some language actually specifically made for this purpose - like Logo. Or even start with Scratch, Alice or Lego Mindstorms kits for complete novices that have really no clue yet and then move on to Logo or Python once the basic concepts are settled.

People that are advocating C here have obviously never tried to actually teach it to complete novices (we are talking high school kids here!) - there you need to get the kids to first understand the abstractions like code, execution flow, the correspondence between real world objects and their modelling in a computer (variables, types, use of arithmetic etc.) Having to battle compiler errors, strict typing and stuff like pointers required even for printing a simple "Hello world!" message is really distracting and not helpful in that context. They will have plenty of time to learn about that later.

Disclaimer: I did teach undergraduate programming courses, both in Python and C/C++, including using those Lego Mindstorms kits.

Comment: Windows installer has a similar "feature" (Score 3, Insightful) 329

by janoc (#48831793) Attached to: Steam For Linux Bug Wipes Out All of a User's Files

The Windows installer has a similar issue and apparently it is not even considered as a problem (red box):


This reeks of serious incompetence or negligence, in my opinion - writing installers that blindly mass-erase files instead of tracking which files did the software actually install and erase only those on uninstall/move is not acceptable in my book. Whether or not it is documented in some disclaimer that nobody reads or not is irrelevant. This really is asking for a lawsuit if someone gets seriously bitten by it.

I really wonder what the devs at Valve were smoking when they consider this as acceptable.

Comment: Lets fight for the freedom of speech ... (Score 4, Interesting) 319

by janoc (#48791587) Attached to: Several European Countries Lay Groundwork For Heavier Internet Censorhip

... by censorship!

The governments will be busy chasing Facebook and Twitter "jihadists" while the ones with kalashnikovs will be killing people in the streets. *facepalm*

The hypocrisy of the politicians that "were Charlies" this weekend in Paris and at the same time are calling for more Internet censorship really is staggering.

Comment: In other words ... (Score 1) 219

by janoc (#48782679) Attached to: LAPD Orders Body Cams That Will Start Recording When Police Use Tasers

The cops will just shoot you or beat you senseless with a baton instead. Or even strangle you with bare hands ... How convenient is that taser-activated camera, indeed!

This is nothing else but a nice juicy piece of pork for Taser and some politicians getting contributions/kickbacks from them, "sold" to the public as a mean to improve the excessive force use.

User hostile.