Forgot your password?
typodupeerror

Comment: Re:Android is not always Java (Score 1) 577

by jonabbey (#45095189) Attached to: If Java Is Dying, It Sure Looks Awfully Healthy

Yes, I have too - IntelliJ itself is written using Swing and it's quite appealing on all the platforms I've used it on. But I guess that they had to develop custom themes for it and be very careful to achieve that.

JFX8 looks great out of the box

Agree about the difficulty with Swing. Swing permits different look and feels to differ too much in essentials like ordering of operations, focus, and etc. It makes it very hard to adjust the styling of individual components and expect it to do anything reasonable in different look and feels.

JavaFX sounds really good, but I've not yet developed against it. Thanks for the link to SceneBuilder, I look forward to playing with it.

Comment: Re:Apparently, applets only (Score 1) 282

by jonabbey (#44964207) Attached to: Will New Red-Text Warnings Kill Casual Use of Java?

Yes, you could do that, but then you'd have to distribute the updated cacerts to all desktops that need to run your app, and keep it updated whenever a new JVM comes out.

Oracle did implement a runtime configuration file that could be used to whitelist certain hosts, but the distribution problem remains.

Comment: Re:Apparently, applets only (Score 4, Informative) 282

by jonabbey (#44962547) Attached to: Will New Red-Text Warnings Kill Casual Use of Java?

This would not affect Eclipse, no, but it does affect locally produced applications that are distributed from an intranet web server with Java Web Start / Java Network Launch Protocol.

Previously, we could just self-sign our app and users could choose to accept the app once and for all and not be bothered so long as the signing cert didn't change. Now, all of our users running Java 1.7.0_40 are given the threatening dialog each and every time they run our internal app, and they can't get rid of it.

We're going to pony up for a code signing cert from a (Java-recognized) certificate authority to make the dialog go away. It's a hassle, but probably still the right thing for Oracle to do at this point.

Operating Systems

Linux 3.12 Merge Window Closes With Release of Linux 3.12-rc1 47

Posted by timothy
from the just-in-time-for-the-next-big-thing dept.
hypnosec writes "Linus Torvalds has released Linux 3.12-rc1, marking the first major development in over two weeks for the forthcoming successor of the Linux 3.11 kernel. Announcing the closure of the 3.12 merge window, Torvalds said in the release announcement that the window was fairly normal. Dissecting the updates, he noted that 73 percent of them are related to drivers, 12 percent related to architecture updates, and 6 percent related to file systems. ... Torvalds liked the 'scalability improvements that got merged this time around.' Torvalds also mentioned the tty layer locking getting resolved, and work on dentry refcount scalability."
Biotech

The Cryonics Institute Offers a Chance at Immortality (Video) 254

Posted by Roblimo
from the never-ever-refer-to-me-as-a-corpsicle-you-room-temperature-bag-of-bones dept.
Do you want to be frozen after you die, in hopes of being revived a century or two (or maybe ten) in the future? It can cost less than an electric car. That's what the Cryonics Institute (CI) offers. David Ettinger, today's interviewee, is both the son of CI founder Robert Ettinger and CI's lawyer. In this video, among other things, he talks about arrangements that were made for his father's demise, and how they were able to start the cryopreservation process almost immediately after he expired. Is Cryonics the best chance at immortality for those of us likely to die before the Singularity arrives, and gives all of us the tools we need to live forever? David Ettinger obviously thinks so. (This is Video #1 of 2. The second one is scheduled to run tomorrow. It's an interview with CI Director Andy Zawacki, who takes us into the facility where the frozen bodies are stored.)
Encryption

More Encryption Is Not the Solution 207

Posted by Soulskill
from the more-cowbell-still-in-the-running dept.
CowboyRobot writes "Poul-Henning Kamp argues that the 'recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: "More encryption is the solution." This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.' His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: 'There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and "whatever-as-service" providers and make them an offer they couldn't refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'"
Earth

What's Stopping Us From Eating Insects? 655

Posted by timothy
from the there-will-never-be-a-fast-food-place-called-thoraxes-etc. dept.
Lasrick writes "Scientific American has a really nice article explaining why insects should be considered a good food source, and how the encroachment of Western attitudes into societies that traditionally eat insects is affecting consumption of this important source of nutrients. Good stuff." Especially when they're so easy to grow.
Oracle

Oracle Quietly Switches BerkeleyDB To AGPL 219

Posted by Soulskill
from the changing-licenses-loudly-is-just-rude dept.
WebMink writes "A discussion in the Debian community reveals that last month Oracle quietly disclosed a change for the embedded BerkeleyDB database from the quirky Sleepycat License to the Affero General Public License (AGPL) in future versions. AGPL is only compatible with GPLv3 and treats web deployment as a trigger to license compliance, so developers using BerkeleyDB will need to check their code is still legally licensed. Even if they had made the switch in the interests of advancing software freedom it would be questionable to force so many developers into a new license compatibility crisis. But it seems likely their only motivation is to scare more people into buying proprietary licenses. Oracle are well within their rights, but developers are likely to treat this as a betrayal. As a poster in the Debian thread says, "Oracle move just sent the Berkeley DB to oblivion" because there are some great alternatives, like OpenLDAP's LMDB."
Businesses

Ask Slashdot: Do You Trust When a Vendor Tells You To Buy New Parts? 156

Posted by timothy
from the don't-clench dept.
Nerval's Lobster writes "Roughly 85 percent of IT managers polled by Forrester said they would hold onto networking infrastructure longer, but vendors retire products prematurely in an effort to force customers to upgrade. In a response that may seem familiar to anyone who's ever been pressured into buying a maintenance contract—either by an enterprise vendor or a major electronics retailer—over 80 percent of the 304 respondents said they don't like the misrepresented cost savings, new fees, and inflexible pricing models—but buy the products anyway. One of the survey's interesting points is that IT decision makers aren't willing to contradict the vendor. The uncertainty seems to come from the fact that the vendor may in fact be right—and a customer who contradicts what they're saying may end up shouldering the blame if the equipment goes south. It's the 'you never got fired for buying IBM' argument, applied to the networking space. The problem, of course, is that the vendor often works for its own agenda. Do you upgrade when the vendor (or reseller) suggests you do so? Or do you stick to your own way of doing things?"
Hardware

Ask Slashdot: Building a Cheap Computing Cluster? 160

Posted by timothy
from the when-freecycle-just-doesn't-make-sense dept.
New submitter jackdotwa writes "Machines in our computer lab are periodically retired, and we have decided to recycle them and put them to work on combinatorial problems. I've spent some time trawling the web (this Beowulf cluster link proved very instructive) but have a few reservations regarding the basic design and air-flow. Our goal is to do this cheaply but also to do it in a space-conserving fashion. We have 14 E8000 Core2 Duo machines that we wish to remove from their cases and place side-by-side, along with their power supply units, on rackmount trays within a 42U (19", 1000mm deep) cabinet." Read on for more details on the project, including some helpful pictures and specific questions.

Comment: No, not SHA-256 (Score 1) 84

by jonabbey (#43037279) Attached to: Australian Tax Office Stores Passwords In Clear Text

You don't want to use SHA-256 by itself, because that's a high speed unsalted hash algorithm.

Ulrich Drepper created a good password crypt algorithm which incorporates SHA-256 or SHA-512, but the features that make it resistant to dictionary attack are the salt and the massive iterations over SHA to slow down the algorithm.

BCrypt uses the same techniques to slow down dictionary attacks.

Comment: BCrypt or SHACrypt256/SHACrypt512 (Score 1) 84

by jonabbey (#43037207) Attached to: Australian Tax Office Stores Passwords In Clear Text

The OP is right that there's no point in using a high speed naked hash algorithm, but BCrypt isn't the only good alternative.

There's also SHACrypt-256 and SHACrypt-512, which have been supported in GNU LibC since October 2007.

Wikipedia has a pretty thorough discussion of the various password hash routines that are in use on Unix/Linux systems, for that matter.

Comment: Re:NOT (Score 1) 105

by jonabbey (#42889333) Attached to: Oracle Open Sourcing JavaFX, Including iOS and Android Ports

I do know the difference between a Java stack trace and a VM which crashes with a dump of the CPU registers. Platform was Ubuntu 10 LTS and the Oracle JVM.

I also checked the PDF parser. I does not use any native stuff.

Well, I took you at your word about crashing the VM. I was just curious how long ago it was, whose VM you were using, etc.

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley

Working...