Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment The real reason (Score 1) 566

I will likely be downvoted, even though what I write is absolutely true.

Revolution was predicted at least 6 years ago, a result of public land policy changes made 50 years ago and yet nobody talks about it. In fact, if anybody brings it up, they are immediately dismissed as radical, or simply silly.

Starving people are dramatically more likely to revolt than well fed people. Somehow, mentioning this ridiculously obvious fact is universally dismissed.

Comment Re:I Bet This Article Will Do As Much Damage... (Score 1) 108

If the author hasn't been played in any way, then the damage is still done: the scammers just got a great idea they'll no doubt literally capitalize on.

If you think that anybody who's written or executed ransomware hasn't already thought about ransoming medical devices, you have an astonishingly low opinion of others. Just how smart do you think you are?

Anybody who's spent the time necessary to write ransomware and attempt to profit from it has had more than enough time to consider the all reasonable possibilities, even if it took somebody as *brilliant* as you 5 minutes to come up with this idea. This isn't some global super-conspiracy; this is as brilliant as banging chips off a rock with another rock.

Comment Re:yes, but directory traversal and buffer dos, so (Score 1) 74

HOWEVER, -all- of the "download.php" scripts I've ever looked at have at least two of the same three vulnerabilities.

1) Protection from directory transversal is harder than it looks,

2) fopen_url, and

3) memory depletion from failing to disable the output buffer before reading and writing chunks of the file.

I'm a PHP dev, and the first two are relatively straightforward to prevent. EG: Check that basename($file) == realpath(Basename($file)) kind of stuff. But #3 is interesting to me; how would the following cause any problem?

$fp = fopen($hugefile, 'r');
while ($line = fgets($fp, 1024))
      echo $line;

In this case, the buffered output will be spooled to Apache/end user as it fills. Or did you mean OOM errors from trying to load a 2 GB file into RAM?

Comment Re:I miss pgsql (Score 1, Insightful) 83

... and the replication systems are typically not worth much more than a dime, sadly.

We have a pretty beefy set up; 4x 16 Core Xeon DB servers with 128 GB of RAM each and Enterprise SSDs, serving hundreds of instances of like-schema databases, one per (organizational) customer, serving an aggregate peak of about 1,000 queries/second in a mixed read/write load.

And we've never been able to get replication to work reliably, ever. In every case we've ever tried, we've seen a net reduction in reliability. Every single time. Not that we've stopped trying, it has just never reached "just works" territory.

Replication is PG's Achilles's heel.

Comment Too many benefits to name (Score 2) 428

I've been dealing with metabolic syndrome for years, and so far, my blood sugar remains in normal range, weight, cholesterol, etc. is normal, though I do still take some pills to reduce hypertension. I started with The Diabetes Diet by Dr. Bernstein which laid out the relationship between sugar, blood sugar, and diabetes decades ago. Bernstein is literally the guy who changed the treatment of diabetes in the 1970s and at least doubled the life expectancy of diabetics.

If I keep my diet to simple meats and vegetables, I feel far better, sustaining much higher energy and work performance levels, even as my blood sugars stay down (A1C of 6.0) and "all the numbers get better".

Starch, simple sugars and saturated fats are just death. Just stay away. Granted, that means that you can't eat at least half of what the grocery store sells, but are those deep fried starch crackers really all that great?

Comment There will always be scarcity (Score 1) 563

Even the Star Trek world is forced to admit that scarcities exist. For example, if they truly were "post scarcity", why would the Enterprise have to negotiate for vaccine on Ligon II?

So let's do away with this "post scarcity" nonsense.

For all intents and purposes, we already live in a "post scarcity" world. Even homeless bums and mentally ill in the first world do not starve to death. I spend less than 30 minutes per day earning the food I eat - everything else pays for other stuff. And yet, scarcities exist, and money-based economy is still chugging away. I want the latest indie song. My clients need me to write a program to help solve a regulatory issue. Etc.


Disclosed Netgear Flaws Under Attack (threatpost.com) 17

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- The flaw allows an attacker, without knowing the router password, to access the administration interface.

Comment Re:Cultural? (Score 1) 479

Depending on the corporate structure, you doom your career with the company if you ask for such orders in writing.

Note at all:

From: PropellerHead@vwtech.com
To: SupremeManager@vwtech.com
Subject: Smog modification clarification

Mr Smegbert,

I just wanted to clarify your verbal request to disable the backfeed loop on the emissions detector; did you want that to happen all the time or only automatically when the engine was not in drive? The possibility exists also to make this a button that the driver could push.


Smarty McSmartpants
Sr Propeller Head Engineer guy

Comment Re:It could work. (Score 1) 688

Well, the idea is solid, but there's so much revisionist history here....

Linux isn't a fork, it's a rewrite. FreeBSD was in no way derived from Win 85. MS-DOS wasn't a fork of CP/M, it was a hackish clone.

And those are the parts I'm somewhat familiar with...

Comment Re:BTRFS is getting there (Score 2) 279

5 years ago, it seemed that BTRFS was rapidly getting there, and its inclusion into the kernel made it feel like a rather sure bet!


5 years later, BTRFS is still "rapidly" getting there. I've tried it numerous times and had horrible data loss events literally every single time, and this as recently as a month ago.

Meanwhile, we're using ZFS on Linux in a complex production environment in a worst-case mixed read/write use case and it's been absolutely rock solid bullet proof, demonstrably more stable than EXT4. Yes. More stable than EXT4. And this while bring so many incredible features to the administration table! Until you've lived with snapshots, replication, clones, pools, zvols, extendable pools, and dynamic resource allocation, it's like trying to explain Monet to a blind person.

I sincerely hope that ZFS finally becomes a first class citizen in the Linux community.

Take your work seriously but never take yourself seriously; and do not take what happens either to yourself or your work seriously. -- Booth Tarkington