Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:Define requirements (Score 1) 185

Boy, this is spot on!

I have a server that I use as a personal media server, and backups. I bought it at a yard sale for $10. Big box, lots of cheap, added several high capacity hard drives, performance is strictly irrelevant, and the several-generations-ago AMD Athlon 64 (remember those?) gamer board supports the 4GB of ECC DDR(1) RAM that is probably overkill for the need. I have no doubt that I could get at least another 5 years out of this ancient hardware for the need and be perfectly happy with it.

Not having requirements specified in a "is this sufficient?" question is a bit like asking "is this jacket warm enough?" without specifying where you're going to go in it.

Comment Watershed event (Score 1) 110

Dumb ideas that are cheap persist. That is, until there's a watershed event that puts all the stupid into sharp relief. We haven't had such an incident for IoT; give it time.

Thanks to movies and TV, people think that encryption is something you "bypass" by letting somebody who looks nerdly typing furiously in front of 3 or 4 screens in an office with lots of glass and neon lights. When it's exploited by thugs who downloaded an exploit and stole their stuff by using their security system to verify that they weren't home, the word will start to spread.

Comment The real reason (Score 1) 594

I will likely be downvoted, even though what I write is absolutely true.

Revolution was predicted at least 6 years ago, a result of public land policy changes made 50 years ago and yet nobody talks about it. In fact, if anybody brings it up, they are immediately dismissed as radical, or simply silly.

Starving people are dramatically more likely to revolt than well fed people. Somehow, mentioning this ridiculously obvious fact is universally dismissed.

Comment Re:I Bet This Article Will Do As Much Damage... (Score 1) 108

If the author hasn't been played in any way, then the damage is still done: the scammers just got a great idea they'll no doubt literally capitalize on.

If you think that anybody who's written or executed ransomware hasn't already thought about ransoming medical devices, you have an astonishingly low opinion of others. Just how smart do you think you are?

Anybody who's spent the time necessary to write ransomware and attempt to profit from it has had more than enough time to consider the all reasonable possibilities, even if it took somebody as *brilliant* as you 5 minutes to come up with this idea. This isn't some global super-conspiracy; this is as brilliant as banging chips off a rock with another rock.

Comment Re:yes, but directory traversal and buffer dos, so (Score 1) 74

HOWEVER, -all- of the "download.php" scripts I've ever looked at have at least two of the same three vulnerabilities.

1) Protection from directory transversal is harder than it looks,

2) fopen_url, and

3) memory depletion from failing to disable the output buffer before reading and writing chunks of the file.

I'm a PHP dev, and the first two are relatively straightforward to prevent. EG: Check that basename($file) == realpath(Basename($file)) kind of stuff. But #3 is interesting to me; how would the following cause any problem?

$fp = fopen($hugefile, 'r');
while ($line = fgets($fp, 1024))
      echo $line;

In this case, the buffered output will be spooled to Apache/end user as it fills. Or did you mean OOM errors from trying to load a 2 GB file into RAM?

Comment Re:I miss pgsql (Score 1, Insightful) 83

... and the replication systems are typically not worth much more than a dime, sadly.

We have a pretty beefy set up; 4x 16 Core Xeon DB servers with 128 GB of RAM each and Enterprise SSDs, serving hundreds of instances of like-schema databases, one per (organizational) customer, serving an aggregate peak of about 1,000 queries/second in a mixed read/write load.

And we've never been able to get replication to work reliably, ever. In every case we've ever tried, we've seen a net reduction in reliability. Every single time. Not that we've stopped trying, it has just never reached "just works" territory.

Replication is PG's Achilles's heel.

Comment Too many benefits to name (Score 2) 428

I've been dealing with metabolic syndrome for years, and so far, my blood sugar remains in normal range, weight, cholesterol, etc. is normal, though I do still take some pills to reduce hypertension. I started with The Diabetes Diet by Dr. Bernstein which laid out the relationship between sugar, blood sugar, and diabetes decades ago. Bernstein is literally the guy who changed the treatment of diabetes in the 1970s and at least doubled the life expectancy of diabetics.

If I keep my diet to simple meats and vegetables, I feel far better, sustaining much higher energy and work performance levels, even as my blood sugars stay down (A1C of 6.0) and "all the numbers get better".

Starch, simple sugars and saturated fats are just death. Just stay away. Granted, that means that you can't eat at least half of what the grocery store sells, but are those deep fried starch crackers really all that great?

Comment There will always be scarcity (Score 1) 563

Even the Star Trek world is forced to admit that scarcities exist. For example, if they truly were "post scarcity", why would the Enterprise have to negotiate for vaccine on Ligon II?

So let's do away with this "post scarcity" nonsense.

For all intents and purposes, we already live in a "post scarcity" world. Even homeless bums and mentally ill in the first world do not starve to death. I spend less than 30 minutes per day earning the food I eat - everything else pays for other stuff. And yet, scarcities exist, and money-based economy is still chugging away. I want the latest indie song. My clients need me to write a program to help solve a regulatory issue. Etc.

Comment Re:Cultural? (Score 1) 479

Depending on the corporate structure, you doom your career with the company if you ask for such orders in writing.

Note at all:

From: PropellerHead@vwtech.com
To: SupremeManager@vwtech.com
Subject: Smog modification clarification

Mr Smegbert,

I just wanted to clarify your verbal request to disable the backfeed loop on the emissions detector; did you want that to happen all the time or only automatically when the engine was not in drive? The possibility exists also to make this a button that the driver could push.


Smarty McSmartpants
Sr Propeller Head Engineer guy

Comment Re:It could work. (Score 1) 688

Well, the idea is solid, but there's so much revisionist history here....

Linux isn't a fork, it's a rewrite. FreeBSD was in no way derived from Win 85. MS-DOS wasn't a fork of CP/M, it was a hackish clone.

And those are the parts I'm somewhat familiar with...

16.5 feet in the Twilight Zone = 1 Rod Serling