Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Strange (Score 1) 57

by ledow (#49175389) Attached to: Linux and Multiple Internet Uplinks: a New Tool

LACP would, indeed, fulfill the purpose but relies on you being able to obtain LACP support on upstream connections from your ISP. LACP must be enabled and known about on both ends for it to do anything.

It's not always true that you could get support on upstream connection, but they are many, and multiple, types of bonding that provide similar facilities.

However, in terms of being able to get disparate connections that can be conjoined without specific support on the other end or high-end hardware, there are fewer - but non-zero - ways of doing that too.

Comment: Strange (Score 4, Interesting) 57

by ledow (#49174687) Attached to: Linux and Multiple Internet Uplinks: a New Tool


I was using routing patches to Linux nearly 7 years ago to do this (admittedly it wasn't in the stock kernel, but the patches weren't huge)... you were able to specify multipath and multiple gateways and if one route went down, the others were prioritised and would take over, and also your upstream etc. were balanced properly and took account of failing routes automatically without any kind of daemon etc. running.

I ran a school off multiple ADSL and even 3G connections with it - the only manual maintenance I ever had to do was to put the ADSL modems onto a SMS-controlled relay (SMS came in on the same 3G stick!) because our ISP would often give us "dead" sessions if they'd had problems (where you'd get PPP and an IP and a remote gateway but couldn't do anything across them) and we were then able to manually reset if necessary. My bursar and I used the system for five years like that, only ever resetting it to enable VPN when all the upstream routes had got dead sessions, and that less than once or twice a year.

And, no, we didn't have to do much. It was a stock Slackware install with one set of patches to a (2.6?) kernel to enable the multipath routing etc. Pretty well advertised at the time, one plain page of simple patches (I remember porting them myself to a newer kernel version, just before the new diffs came out), I'll try and dig it up.

And "RAID-0 for upstream"? Bollocks. It "just worked" whatever interfaces were up (proven by it would even include the 3G PPP interface whenever it came up, and that only came up when we manually instructed it to connect as it cost money).

Not saying this isn't good software, but it's by far not the problem the summary purports it to be, not a first by any means, and certainly not "new".

Comment: Re:Yes, I agree (Score 2) 437

by ledow (#49172855) Attached to: Why We Should Stop Hiding File-Name Extensions

There speaks somebody who's not managed other systems, presumably.

"My Documents" is stupid when it's not even a document-storing account. Local Administrators having My Documents is stupid. Plus, then, they aren't My Anything. They are Company Documents.

That aside, I rename My Computer (or, nowadays, create a shortcut to the same) to This PC. It just makes more sense, whether you are at home or at work.

On top of that, the My Document folder is full to the brim of "CompanyName" folders for every concievable software manufacturer on any PC you've used for more than a day. Most of "My Documents" isn't close to "My" at all - I'd rather they weren't in there whatsoever, because everything thinks it has the right to throw junk into My Documents under a folder all its own (because, at one point, My Saved Games, etc. didn't exist).

On top of that, My Documents INCLUDES My Pictures. They're both types of documents. But, oh no, one defaults to one location and one to another. Stupid. Microsoft's fix is indexing and collation of all these places into one huge globular - but temporal - mess where you can have multiple copies of the same document/photo appear.

On top of THAT, if you ever browse a newly-setup server and go to the User areas (I separate Profiles and Documents, but some people don't), you'll see a thousand "My Documents". Because it's a fake name applied by desktop.ini and the like to any document folder. Want to get into a particular user? You have to turn off buckets of options, type their username in manually, or show another column - the REAL name of the folder.

So now we're breaking stuff out of Documents and putting it in Pictures - is that part of the user profile (and thus needs to be downloaded to every client they log onto), or is that a storage area that can be pushed off with Folder Redirection to a network share? Okay, what about My Data Sources? What about My Videos? What about My Saved Games? What about My Third-party Things That Some Program Created In The Profile Folder?

Can you redirect them all? Not easily. And why is Downloads outside of My Documents? Surely that's a bulk-storage area that you don't need to download to every client every time you logon?

It's a damn mess. Yet, in base AD, we have two options - Profile Path and Home Path (not even called My Documents!). Everything else is GPO and Folder Redirection.

So now when you backup your home laptop, you have to get not only My Documents but My Pictures, My Videos, My DVD-Rips created by some freeware, etc. too. Or you have to backup the entire User folder, which is a massive waste and includes - amongst other things - your registry which isn't necessarily portable.

To you it's "just a name". To a sysadmin it's a bunch of junk that's slowly getting out of hand and there's few sensible ways to organise it.

And yet all the user cares about is "magical, mystical special settings I should never play with" (Profile!), and "all my stuff" (which they can arrange how they want into subfolders of their own choosing) (Home!).

This PC, This Network, Profile and Home. Universal, not personal/business specific, not unbelievably twee and unnecessarily humanising, and been the basis of user accounts for decades.

But no, "My CDBP Projects" or whatever the ones that keep reappearing in my profile/document folders (at random it seems!) whenever I run some bit of freeware are the way to go...

Comment: Re:file magic - use the content to determine type (Score 0) 437

by ledow (#49172655) Attached to: Why We Should Stop Hiding File-Name Extensions

Because something system-level with access to run the file (presumably) has to apply regexp's to almost it's entire contents to correctly determine the type of it (e.g. is it a ZIP or is it a JAR with the same compression?).

It'd be trivial to generate a DOS of some kind by just feeding it a malformed file.

Comment: Re:No, extensions are bad and evil (Score 1) 437

by ledow (#49172625) Attached to: Why We Should Stop Hiding File-Name Extensions

Which involves some system-level process opening every zip-compressed file, peeking into its contents and performing the equivalent of "file" regexp searches throughout its content to tell you that it is, in fact, an OOXML or JAR file rather than just a ZIP of the same.

The processing overhead and security requirements of the basic OS file-managing processes just went up an order of magnitude.

Comment: Filetypes (Score 1) 437

by ledow (#49172375) Attached to: Why We Should Stop Hiding File-Name Extensions

Because it's a stupid idea.

If the extension determines something that the user should be aware of (what program will open it), then it needs to be shown, and modifiable to correct mis-identified files.

If the extension is merely a nice name, then the user need not care about seeing it or knowing it and should be able to change it at will.

Sadly, in Windows, the extension determines what program is associated and therefore opens a file (and, in part, whether it's executable!). It's encoding a file attribute into the name itself, which is a "layering" violation as far as I'm concerned.

Ideally, the mimetype would be associated with the file metadata and be as easily changeable as the name (e.g. drop-down box to "change" the file type it's interpreted as whatever the extension), but that's a nightmare that no sensible OS seems to have tackled. It wouldn't be that hard to "default" the mimetype to whatever the "file" utility detects it at on introduction of a new file, but nobody seems to want to do that.

Similarly,the "dot-hidden" files of Linux suffer the same fate. Just the name determines a kind of file attribute, which is silly and potentially dangerous or confusing ("I renamed it .jpg and it disappeared!").

While we're still using OS that trust and encode the filetype into the filename itself, we need the facility to change the detected filetype, and the facility to view the detected filetype. Hiding extensions only achieves the later (with a separate file type column, "Adobe Reader Document", etc.). Any cleverness with showing the extension on rename where it wasn't showing before will mean the user will strip out the file attribute when they rename over the top, and not showing the extension makes it more difficult to change what it opens in.

We created this problem back in the 8.3 filename days and NEVER properly solved it. Encoding metadata into the filename is the cause. Removing it is the solution. But without the infrastructure for that in place in every app, it's pointless to attempt it on a commercial world-wide OS.

Comment: Re:Free Music (Score 1) 200

by ledow (#49166187) Attached to: That U2 Apple Stunt Wasn't the Disaster You Might Think It Was

I usually compare my computer desktop to my physical desktop.

In this instance, I think it's quite close to compare my smartphone to my pocket.

Sure, if I was walking along and someone handed me a free album, I'd take it. I'd probably put it in my pocket if there was room. But I would also reserve the right to say "No thanks".

What Apple/U2 did is tantamount to chasing you down the street trying to shove their product into your pocket. Sorry, you have no right to do that and it's damn rude, free or not.

People don't have free downloads everywhere, and those that do may not want this crap - whether through playlist OCD of just not wanting to see something they have no interest in or, more likely, BECAUSE it was shoved into their pockets without any option.

If free stuff's so good, I'll ship you a bunch of "free" cardboard box to your house and fill it up (removing it is another issue entirely if we follow the Apple/U2 thing too closely!). Hey, it's free! Why don't you want it? You might like it. You might be a cardboard fanatic. If I offered you a bunch of free cardboard at some points in the year you might tear my arms off to get at it (e.g. moving house). If you'd asked for it, it'd be great. But instead some guy showed up, shoved a bunch of cardboard through your door and said "Hey, it's free, don't complain!".

It's not WHAT was done, it's HOW it was done.

Comment: Zombies (Score 1) 241

In a zombie apocalypse, all movies and games depict their being some kind of "safe-house" where all the uninfected will gather together.

This, it seems to me, is the most stupid idea ever. Heading towards that is certain death. The zombies only need to be able to read, or get lucky, for it to be game over - they know where the highest concentration of juicy victims will be. And that concentration will increase as everyone piles to go there.

Sure, that's where the firepower might be concentrated too, but that's not good enough when one breaking through is enough to create a game-over scenario.

It seems to me that when everyone is piling towards the safehouse, a prudent course of action would be to stay still / run the other way, unless there's something that stops you doing so.

If I was a zombie, I know exactly where I'd head first.

Similarly, when everyone tries to flee a city, the first thing they do is jam the motorways (freeways). It seems quite stupid to even try if there are really that many people headed that way. All you'll do is trap your vehicle in a queue that you can't escape and then have to get out on foot.

Go the other way, go down the backstreets and side-alleys, stay off the main paths is surely the intelligent thing to do (besides using a bike or other fast transport in the first place).

Comment: Re:Linux is secure right? (Score 1) 107

by ledow (#49157913) Attached to: Blu-Ray Players Hackable Via Malicious Discs

Claiming, or falling for, any argument that "open-source is secure" is a complete failure to understand. Security is relative, not absolute. To get this ass-backwards just makes you look like an idiot. Believing anyone who says ANYTHING "is secure" is utter stupidity (rather than "is more secure", for instance)

It's like saying "metal's secure". No it's not. I can walk around a sheet of metal just as easily as a pane of glass. However, a metal lock built to the same design as, say, a glass one is likely to be MORE secure.

As such, open-source is not "secure". It's considered to be "more" secure if everything else is equal.

Tell me, how many Windows-based Blu-Ray players can you buy in your local supermarket? Zero? Shocking. Why? Because Windows is not properly designed for embedded use at all really, certainly not until very recently. There were ATM's that run on XP Embedded, and there were a few cars that had Windows-based control systems (I remember a story of some ambassador being locked in a car by it).

As such, a complete install of Windows would be vast overkill and a huge attack surface for such things because it's just not ready for that. So it's not a fair comparison at all, as Windows is inherently "less secure" in such circumstances as it's just not designed to do that. However, Linux / open-source Blu-Ray players are "more" secure than many of the alternatives still, everything else being equal.

And why - because not only can you see if your player would be affected by the bugs but, by the same licence that grants you the ability to see the bug, you can CHANGE THE CODE if you so want. No waiting for vendor updates. One person in the world who knows how to code can look, see the problem, fix it, publicise it and therefore purge the world's devices of it.

Tell me, how many "security patches" do you think other commercial Blu-Ray players ever get given? Even the ones connected to the net 24/7 for their "extra media" functionlaity. There's even a facility to update Blu-Ray firmwares via buying new disks (not unlike the Wii games that bundle an update of the underlying OS before they'll let you play them). It's rarely used.

If you're going to pick arguments, have some vague understanding of what the real argument is, not some child on the Internet's poor re-stating of it.

Open-source is potentially MORE secure than closed-source, everything else being equal.

Those conditions and caveats make a HUGE difference to the intent, meaning, and truth of the statement.

Guess what, AES-128 isn't "secure" either. But it may be "more" secure than other algorithms, for example.

Badges? We don't need no stinking badges.