Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:Open Source Branding (Score 1) 95

by organgtool (#49684667) Attached to: 'Venom' Security Vulnerability Threatens Most Datacenters
How did this straw man argument get modded up? I never suggested anything of the sort. I was implying that maybe these clever names for vulnerabilities aren't coming from within the open source community and that closed source software seems to be getting off easy when it comes to the level of effort in having their vulnerabilities named for them.

Comment: Re:Open Source Branding (Score 1) 95

by organgtool (#49684637) Attached to: 'Venom' Security Vulnerability Threatens Most Datacenters
I should have made my statement more clear. I didn't mean to imply that all open source projects have bad names (although I still believe that many do) but I was more focused on the fact that it seems to be only open source projects that have vulnerabilities with marketing-friendly names despite the fact that closed source software has had many vulnerabilities just as severe and I can't recall one closed source vulnerability with a memorable name. The point is: who is responsible for naming these vulnerabilities and why aren't they just as clever in naming closed source vulnerabilities as they are for open source?

Comment: Open Source Branding (Score 4, Interesting) 95

by organgtool (#49681099) Attached to: 'Venom' Security Vulnerability Threatens Most Datacenters
Not to get too far offtopic, but as a long-time user of open source software, it bothers me that open source software seems to have inferior names for its applications (GIMP, Yakuake, etc) but very marketing-friendly names for its vulnerabilities (Heartbleed, Shellshock, Venom). If you look at closed-source software it is the complete opposite - applications have marketing-friendly names while vulnerabilities are called something like "KBstringofnumbersnobodywillrememberorcareabout". So are open source developers just much better at naming vulnerabilities or are the marketing departments of closed software companies quietly assisting with the naming of open-source vulnerabilities?

Comment: What Does Edge Have to Offer? (Score 1) 133

by organgtool (#49673159) Attached to: Microsoft Is Confident In Security of Edge Browser
So Chrome offers great speed, stability, and separate processes per tab and Firefox has a huge selection of add-ons. But Microsoft has done very little to divulge what Edge has to offer to differentiate itself from the other browsers and become more than just the best browser to download Chrome or Firefox.

Comment: Time To Give It a Try (Score 3, Interesting) 80

by organgtool (#49595915) Attached to: OpenBSD 5.7 Released
I was going to upgrade my servers to Ubuntu 15.04 until I learned that they integrated SystemD into that release, so now is a great time to evaluate OpenBSD in a virtual machine. Maybe OpenBSD could create a section on their web site that provides documentation on the advantages of BSD over Linux as well as some advice on how to avoid common pitfalls that Linux users typically make in BSD. Just for fun, they could call that section "Because of SystemD". In any event, I'm curious to see what I'll miss coming from the Linux world after spending some time in OpenBSD.

On a semi-related note: what's with replacing nginx with their own http daemon? Is the NIH syndrome spreading to OpenBSD as well?

Comment: Re:Only doubles?! (Score 4, Insightful) 160

by organgtool (#49591129) Attached to: US Switches Air Traffic Control To New Computer System
And were those projects for safety-critical systems? Were they replacing 20 years of development where the new system was required to perform every task almost exactly as the original using an entirely different architecture or did you get to make your own requirements from scratch and adapt them however you pleased? Was that system so heavily integrated that a basic task was way too complicated for unit tests which means that all testing had to be performed manually in an integrated environment or using a vast array of virtual machines to push the test data? Did that project require extremely tight security with many different clients in the private and public sectors (requiring drastically different security checks) as the system processed data from those sources and sent custom-filtered data back? I could go on and on, but again, it probably wouldn't matter because it's not something you can appreciate until you've actually done it.

Comment: Re:Only doubles?! (Score 5, Informative) 160

by organgtool (#49591083) Attached to: US Switches Air Traffic Control To New Computer System
You are insanely naive. You have no idea just how hard it is to build a safety-critical system on this scale. These systems have to be up nearly 24/7/365 and balance a ridiculous amount of data from redundant data sources while avoiding deadlocks and other sources of data contention. In addition to that, they undergo way more testing than you can imagine to ensure that the system handles those large volumes of data correctly and doesn't crash along the way. I used to think like you until I actually worked on an air traffic management system, so I can tell you that you can't possibly imagine how difficult it is until you actually do it.

Comment: Re:Uh, only doubled? (Score 3, Interesting) 160

by organgtool (#49591033) Attached to: US Switches Air Traffic Control To New Computer System

The rate limiting step of the Airway Traffic Control system just might be somewhere else so there would be no need to do anything else.

Just off the top of my head, major limiting factors are runways to get the flights into and out of the air, passenger demand, and the number of air traffic controllers. And like most projects, the cost and effort to scale rises dramatically with the amount of scale you target. Besides, if the system is anything like the air traffic management system I worked on, then it should scale much better than the system it replaced.

I do find it concerning that the system comprises of 'two million lines of code'.

The software on the plane has more lines of code than that and some of that code actually controls the plane, auto-negotiate collision avoidance, etc. I'd be more worried about that - if ERAM goes down for a brief period, controllers wouldn't be able to see flights, but those aircraft would be able to maintain control of their aircraft until ERAM came back up. If the flight's control system went, then the traffic controller would only be able to watch the flight as it hurtled out of control.

Comment: Test of Time (Score 5, Insightful) 181

by organgtool (#49513639) Attached to: Swift Tops List of Most-Loved Languages and Tech
It's easy to love Swift now since it's relatively new. Enough time hasn't gone by yet for projects to grow big enough to discover all of its shortcomings. I did like many of the core concepts behind Swift when I first heard about it, but I'm not a fan of its low type safety as well as the fact that it only works on one platform.

Comment: Re:Or a simple solution. (Score 5, Insightful) 95

by organgtool (#49437317) Attached to: Microsoft Creates a Docker-Like Container For Windows
How was this modded insightful?!

The shared library is an out of date concept

No, it is used by every major system today for very good reasons.

Some will say that is how Macs do it

Macs do have shared libraries - the files have a .dylib file extension.

sounds good when storage was expensive

Statically linked apps don't just take up orders of magnitude more storage, but also significantly more memory. Not only that, but a critical security update to one library requires recompiling and redeploying ALL of the apps that use that library.

today we are virtualizing full platforms just to prevent version incomparably

There are tons of reasons to virtualize that have nothing to do with version compatibility or network security.

Since you seem so committed to statically linking apps, I suggest you go through the Linux From Scratch project and statically compile everything. Then, deploy it to an enterprise environment that requires five-nines uptime as well as all security updates. Be sure to set up a video camera so that I can watch with a bug bucket of popcorn.

Some of my readers ask me what a "Serial Port" is. The answer is: I don't know. Is it some kind of wine you have with breakfast?