Forgot your password?

Comment: Re:Externalities (Score 1) 117

by ledow (#46779369) Attached to: Steam's Most Popular Games

With a laptop in idle? Pence.

10 hours with a 100W idle, even (nowhere close to screen-off usage, but let's over-estimate) - 1KWh. Unit price for that doesn't compare to even one trading card sold for penny-cheaper-than-every-other-similar-card for me.

Plus, I normally just have the game on in the background while I'm doing other things on the machine, so the actual "real" usage of electricity etc. is basically zero.

Comment: Re:Hours Played is a bad metric. (Score 1) 117

by ledow (#46777013) Attached to: Steam's Most Popular Games

I'm not a $1-kind-of-guy. But, yes, I have made profit on the bundles. Especially if you buy quick, get the discount, and get the cards into the market before it gets flooded by all the other sellers.

But I don't buy bundles that don't have at least something worth the money in them, and don't beat-the-average unless there's a game I really want on that side either.

Comment: Re:Don't keep vulnerable servers running! (Score 2) 151

by ledow (#46741373) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

When I looked into my server, I found out:

The OpenSSL library I'm using wasn't vulnerable.
Thus, my keys are as "safe" as they were before.

Also, to enable PFS, I would have to upgrade - to one of those OpenSSL versions that is vulnerable (but obviously there are "fixed" ones now).

I would also only be able to use EC cryptography with PFS with OpenSSL. I don't trust EC personally, yet. It's just not been around long enough for me. And I find it suspicious that every time something happens, the answer is "Let's go to EC!". If anything, I suspect it might well be something that people we don't want deciding algorithms are driving us towards.

Sorry, but until I trust EC, I can't trust PFS. And I can't use either until I upgrade to a version of OpenSSL that was vulnerable to this attack for a long time without anyone noticing (whereas my current version wasn't).

Ironically I "score" more on certain SSL test sites with old OpenSSL than with the newer one... and I get artificially capped because I don't support EC.

Until someone shows me that PKE is broken, then EC is not necessary for my usage. PFS is something I'd like but, as OpenSSL only supported it when using EC algorithms last I looked, I don't see it as any more secure.

Comment: What? (Score 0) 730

by ledow (#46738855) Attached to: Ask Slashdot: Are You Apocalypse-Useful?

I'm sorry? Why would "decades without computers ... render computer science and related professions useless"?

I don't think you get that "science" bit on the end of it. Nor that much of computer science goes back to extreme basics. Morse Code? That's coding theory. It's only if you take a narrow-minded view that it doesn't appear as computer science.

You can build a computer from the simplest of building blocks - it just so happens we prefer semiconductors - but as has been historically proven you can build a mechanical computer capable of just about anything (and that was proven how? Turing machines? Oops, that's computer science!). Maybe not fast, but accurate and useful when it comes to larger calculations. We had a need for such things several hundred years ago and, even big projects aside, we made them and used them (Abacus for thousands of years? Calculating machines were rife for centuries from the 1600's).

The fact is that computer science is, like any other science, not only useful as a nurturer of people with a logical mind, but also directly useful in any size society once it's settled a bit. Mostly because much of it is maths. And the rest of it is directly applicable to real-world calculations.

Sure, you can live without it. But you can live without an awful lot of things. But with it, you gain an advantage. Where best to site my defence towers against the pillaging hordes? How best to send a message asking for allies to appear without the enemy knowing what is in it? How to ensure we don't waste time dividing food equally with various random weights and measures?

It's the old fallacy - but it's wrong. You do not need a computer to perform computer science. And you do not need a computer to get useful data out of your computer science. It just helps, and speeds along the process.

Fact is, in any kind of apocalyptic even like this, you'll be glad of any academic, especially one that can provably solve practical problems like this. Hell, simple ballistics is a nightmare to solve by hand.

And, if it comes to it, you can build a computer out of blocks of wood (there are several examples of this), water-filled tubes (the Russians did concrete calculations on one), or pieces of paper. We're all taught how to do at least the last one of those in computer science courses, too.

A computer scientist may not be the immediate asset who scavenges food or heals the sick or welds defences. But you'll want one on your team before long, and they'll give you an advantage over any group that doesn't have one.

Comment: Re:Oh great (Score 1) 64

by ledow (#46722773) Attached to: Future Airline Safety Instructions Will Be Given By Game Apps

More importantly, please tell me what's in the pre-flight safety check.

Chances are that you've heard it so many times that you could give it.

Your belt clips around your waist. You undo by lifting the buckle. Your oxygen mask will drop down from the overhead compartment. Your exits are here, here and here, etc. etc. etc.

The danger of the pre-flight "safety" check is that it's nonsensical to do it. Emergency measures should not be designed that people have to learn to use them. They should be clearly marked, with - at most - one simple diagrammatic instruction. If you can't make them that simple, redesign them.

Same goes for nautical safety but there's a lot more to go wrong by your own hands on a ship. In a plane, well, you're just holding onto your own backside and hoping it all goes okay no matter what.

Honestly, I think it's about time we scrapped them. They tell us nothing we'll remember in an emergency, even though we've memorised every step. They talk about extreme situations that happen in extraordinarily rare circumstances. They scare passengers who are nervous. And yet, pretty much, studies show that in an emergency it's every man for himself and we'll all forget the briefing anyway.

Take the briefing away. Take the flight safety card away, Put simplified instructions everywhere (oxygen mask is here, pull to start flow, with a little diagram). Let people relax on their flight without being FORCED to sit through a briefing they are desperate to shut the hell up so they can sleep.

If you want to have the briefing, do this - hand out a little app that lets you do it on a personal basis.

Most importantly - SHUT THE HELL UP on flights. Let people relax, sleep and journey and then - when an emergency happens - they won't be so stressed that they do quite so stupid things.

Comment: Yep (Score 2) 301

by ledow (#46715779) Attached to: Theo De Raadt's Small Rant On OpenSSL

Can't say I'm surprised. OpenSSL is a pile of dung. It's nothing to do with being written in any language, it's just horrible.

There's not even any documentation. I mean, literally, none. Nothing vaguely useful. How do I programmatically load a certificate into the store, along with a chain of related trusted certificates, and then set my requirements (must be in-date, must be validly signed, etc.) and get out a "It's fine" / "Something's not right" response? The only answers I could ever find were to follow published examples and tweak.

And when it comes to working out where in the published examples structure X comes from, or how to convert it to structure Y, you're on your own unless you happen to have picked a comprehensive (and almost certainly not OpenSSL-supplied) example.

It's just that bad. I was writing a pseudo-DRM for a game / Steam-like distribution platform as a hobbyist project. It was literally horrible to even try to self-sign some certificate and then see if it all panned out later from another computer to guarantee integrity. In the end, I had to "imagine" every possible case and find a way to counter it (i.e. client cert expired, client cert invalid, server cert not signed client cert, server cert has bad chain of trust, client cert not signable for that purpose, etc.) - and almost always there was NOTHING to indicate what the recommended way to do it was.

There is no decent OpenSSL documentation at all. Not even a decent overview of the process of checking certificates. It scared me at the time, knowing how important the library is, and it can only lead to bad code.

In the end, I'm quite glad I don't have to program against it for a living. If I did, I'd be seriously looking for something else.

Comment: Re:On the same note, (Score 1) 240

by ledow (#46691483) Attached to: Ends Free Dynamic DNS

1) Why only bind (it's not the only nameserver)?
2) Why is there not a "install and go" version of it?

Every tutorial I see starts with some huge parenthesised section of a bind zone and several scripts to manually update other bind files (like the comment a few below this one).

Surely, if you're not caring about anything else on the domain you give it, there must be a zero-config version of it that saves someone having to cock up a bind installation.

Comment: On the same note, (Score 1) 240

by ledow (#46686413) Attached to: Ends Free Dynamic DNS

I'm a customer of old so I got an email to tell me that the promise to be "always free" back then holds for me, even if not for newer customers.

But when I was looking for a more modern replacement, I was expecting to be able to set up a Dyn-compatible service for my old domains using an external Linux server. There doesn't seem to be anything easy for that.

What I'd like is a Linux package which you can install on a server, and have it provide Dyn-like updating, without me having to play with BIND and all sorts (I don't do nameserving, so it's no particular fuss to install a nameserver JUST for this purpose). I thought DNSMasq might do it, as it's so powerful it tends to do everything, but that doesn't seem to offer it.

And if it's compatible in the protocol it uses to accept reports from clients, it's just a matter of hacking in your IP instead of's. But I couldn't find anything that wasn't a case of "install this series of Perl scripts in such a way that they play with the internals of your existing, perfectly working BIND setup, and basically get called from web-requests with permissions enough to do just that".

Anyone know of some software that works like the server-side of so I could host my own DynDNS service for my home accounts using a static, external server?

Comment: Religion (Score 5, Interesting) 1037

by ledow (#46674881) Attached to: How the Internet Is Taking Away America's Religion

Your friends tells you about this thing which he believes in and tries to convince you. But you're not sure.

Do you:

a) Go along with them, get absorbed, spend hours listening to their arguments, ask around a circle of friends that you share with him about their opinion? (i.e. imagine pre-Internet generations where if you didn't know someone personally, or were a part of a group, you didn't even get to meet them, let alone communicate extensively)

b) Go to your social network online, look up vast resources, have the arguments for and against in front of you, find out all the dirty secrets, cliques, etc. hear tell from friends-of-friends-of-friends about things they do and believe in?

It's just a product of information availability. And it works both for and against us now. It's now harder to quash rumours started by a random person with no basis from spreading but it's much easier for such rumours to reach the ears of the interested - even if subject to court order in some cases!

And it's not just religion. It's products, services, celebrities, charities, you name it. Before, you didn't have a source of information likely to know both sides and the in and outs of everything that you could consult confidentially and extensively and get THOUSANDS of peoples opinions in a matter of minutes. Now it's a click away and you're taught to use it for school research before you're able to write.

On a personal note, I'm agnostic, so it's no great surprise to me that the more facts people have available to consult, the less seriously religion is taken. "Faith" is something I see as laziness - "I don't want to check this fact, I'll just trust it's true" isn't the best principle to live by. In fact, it's that exact principle that is being eroded by the simplicity of fact-checking nowadays (even if not perfect, there are still good sources of actual fact rather than common belief out there).

Religion has been on a bit of a death-spiral for years. My country is pretty much turning churches into nothing more than pretty historical buildings that you visit and feel obliged to drop a coin in the box to pay for your nice photos of the stained-glass. My father-in-law is religious and bemoans the complete lack of religion in his local area - he visited dozens of churches before he found one with any kind of active services, and they didn't suit his preference.

By contrast, he says that the US is a much more faithful country and you can still draw crowds of tens of thousands at certain churches.

But I think that's more about celebrity, and the older generation, than anything to do with religion itself.

Religion is dying a little, but to be honest we were in a kind of renaissance of religion the last couple of hundred years anyway.

Lend money to a bad debtor and he will hate you.