Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:Define requirements (Score 1) 154

Boy, this is spot on!

I have a server that I use as a personal media server, and backups. I bought it at a yard sale for $10. Big box, lots of cheap, added several high capacity hard drives, performance is strictly irrelevant, and the several-generations-ago AMD Athlon 64 (remember those?) gamer board supports the 4GB of ECC DDR(1) RAM that is probably overkill for the need. I have no doubt that I could get at least another 5 years out of this ancient hardware for the need and be perfectly happy with it.

Not having requirements specified in a "is this sufficient?" question is a bit like asking "is this jacket warm enough?" without specifying where you're going to go in it.

Comment Watershed event (Score 1) 90

Dumb ideas that are cheap persist. That is, until there's a watershed event that puts all the stupid into sharp relief. We haven't had such an incident for IoT; give it time.

Thanks to movies and TV, people think that encryption is something you "bypass" by letting somebody who looks nerdly typing furiously in front of 3 or 4 screens in an office with lots of glass and neon lights. When it's exploited by thugs who downloaded an exploit and stole their stuff by using their security system to verify that they weren't home, the word will start to spread.

Comment The real reason (Score 1) 594

I will likely be downvoted, even though what I write is absolutely true.

Revolution was predicted at least 6 years ago, a result of public land policy changes made 50 years ago and yet nobody talks about it. In fact, if anybody brings it up, they are immediately dismissed as radical, or simply silly.

Starving people are dramatically more likely to revolt than well fed people. Somehow, mentioning this ridiculously obvious fact is universally dismissed.

Comment Re:I Bet This Article Will Do As Much Damage... (Score 1) 108

If the author hasn't been played in any way, then the damage is still done: the scammers just got a great idea they'll no doubt literally capitalize on.

If you think that anybody who's written or executed ransomware hasn't already thought about ransoming medical devices, you have an astonishingly low opinion of others. Just how smart do you think you are?

Anybody who's spent the time necessary to write ransomware and attempt to profit from it has had more than enough time to consider the all reasonable possibilities, even if it took somebody as *brilliant* as you 5 minutes to come up with this idea. This isn't some global super-conspiracy; this is as brilliant as banging chips off a rock with another rock.

Comment Re:yes, but directory traversal and buffer dos, so (Score 1) 74

HOWEVER, -all- of the "download.php" scripts I've ever looked at have at least two of the same three vulnerabilities.

1) Protection from directory transversal is harder than it looks,

2) fopen_url, and

3) memory depletion from failing to disable the output buffer before reading and writing chunks of the file.

I'm a PHP dev, and the first two are relatively straightforward to prevent. EG: Check that basename($file) == realpath(Basename($file)) kind of stuff. But #3 is interesting to me; how would the following cause any problem?

$fp = fopen($hugefile, 'r');
while ($line = fgets($fp, 1024))
      echo $line;

In this case, the buffered output will be spooled to Apache/end user as it fills. Or did you mean OOM errors from trying to load a 2 GB file into RAM?

Comment Re:I miss pgsql (Score 1, Insightful) 83

... and the replication systems are typically not worth much more than a dime, sadly.

We have a pretty beefy set up; 4x 16 Core Xeon DB servers with 128 GB of RAM each and Enterprise SSDs, serving hundreds of instances of like-schema databases, one per (organizational) customer, serving an aggregate peak of about 1,000 queries/second in a mixed read/write load.

And we've never been able to get replication to work reliably, ever. In every case we've ever tried, we've seen a net reduction in reliability. Every single time. Not that we've stopped trying, it has just never reached "just works" territory.

Replication is PG's Achilles's heel.

Comment Re:The difference is starting us in the face, yet (Score 1) 568

OK. So follow this through logically for a moment.

Engineering - Professional Engineers - is a tightly defined field, and is primarily required by government works. There are standards and specifications to which things must be built, based on known material strengths and capabilities.

If it is exploratory work, it's not engineering, it's science. No PE is going to sign off on "clean room" type materials which haven't been subjected to a battery of tests. The materials available for common structural construction are fairly static and change very, very slowly - it's merely in how they're assembled which really changes, but their properties and interactions are largely static.

Consider how that doesn't apply to software, at all. And even if it did, how exactly are you going to scope the exams for being eligible to design a steering servo's control software? Whereas you need a single PE for a bridge design, sometimes a couple depending on the size of the project, the code for that steering servo is going to be reviewed by a team of software people. It's a very different approach.

Comment Here we go again (Score 3, Interesting) 568

Look, 'software developers' are, to a large part, engineering software. They're making a machine, an engine designed for a specific purpose. I don't personally think MOST 'software engineers' qualify as actual engineers, they're neither bright enough nor especially forward thinking enough. But you're not going to hoist a regulatory body on an industry like software... we don't want it, and it won't help the industry. (Though, that's never stopped government before...)

The fact that so, so many software developers are shitty engineers is besides the point. There are many, many shitty "real" engineers out there, too. The difference is that the damage of a single bad software 'engineer' is negligible compared to the damage of a single bad real world engineer.

Knowing quite a few of both, I would say the biggest mindset difference between a software developer and an engineer is whether they're conservative or liberal. Software developers, for whatever reason, almost invariably seem to be very politically liberal, which I feel is the same mindset reflected in a lot of the disastrous "cleverness" so many developers inflict on people, but also in the ability to write extremely useful tools. Licensed engineers almost always seem to be fundamentally conservative (as are most good systems people), if not necessarily culturally or socially. Now, there are definitely exceptions to those rules, but for the most part they seem to be true - desire for pushing their own ideas, versus desires for order.

Now, there are definitely people in the field who should be called "engineers", though they're typically not developers. They're the ones who are finding design, implementation, or use case issues - and those disciplines almost never fall under an 'engineering' title. (Though, Senior Software Engineers or whatever are often doing this, as well.)

Comment Too many benefits to name (Score 2) 428

I've been dealing with metabolic syndrome for years, and so far, my blood sugar remains in normal range, weight, cholesterol, etc. is normal, though I do still take some pills to reduce hypertension. I started with The Diabetes Diet by Dr. Bernstein which laid out the relationship between sugar, blood sugar, and diabetes decades ago. Bernstein is literally the guy who changed the treatment of diabetes in the 1970s and at least doubled the life expectancy of diabetics.

If I keep my diet to simple meats and vegetables, I feel far better, sustaining much higher energy and work performance levels, even as my blood sugars stay down (A1C of 6.0) and "all the numbers get better".

Starch, simple sugars and saturated fats are just death. Just stay away. Granted, that means that you can't eat at least half of what the grocery store sells, but are those deep fried starch crackers really all that great?

Comment Lazy approach (Score 1) 236

I'm cheap, and always have been, so it's an easy choice. Google has made this immeasurably easier.

There are a number of TVs in the house, and I have this thing called "wifi".

I picked up a couple of the Google Chromecast dongles for $25 each, and they go in the TV. We have Android phones in the house, so we use Chromecast to stream pretty much everything to the TV - Amazon Prime, Netflix, or the local Plex server.

Local media (movies and audio) are kept on a FreeNAS box, and Plex is one of the trivially configured plugins available (through the FreeBSD jail system).

I also have wireless HDMI adapters, so that solves the "I want an extra monitor while I'm working from the living room" problem.

I also have a rooted Wii (with eg. dlna client) and a Blueray/DVD player, so there are alternative means of streaming if an Android phone isn't available... but there are at least 6 in the house...

If I had a stereo to speak of, I'd just use something like the Chromecast Audio dongles for the same functionality (or maybe, this:

Conveniently, all my media is also available through Plex wherever I go with Internet access.

Really, the only limit for full home automation is your budget, at this point. it's trivial to do with ubiquitous home automation kits... My favorite is Ubiquiti brand.

All Finagle Laws may be bypassed by learning the simple art of doing without thinking.