Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Someone claim (C) on something oracle depend on (Score 2) 205

The Open Group claims the copyright on the POSIX specifications. If APIs can be copyrighted and this copyright includes all implementations, then it would be problematic for all open source *NIX systems. Of course, they might decide to provide a license that's valid for everyone except Oracle (though writing such a license in a way that's GPL compatible would be very hard, so glibc might be in trouble).

Comment: Re:Important Question: WHICH DC? (Score 1) 502

by TheRaven64 (#49791213) Attached to: How Tesla Batteries Will Force Home Wiring To Go Low Voltage
The thing that killed DC in the war of the currents was that step up and step down transformers for AC are easy and cheap to build, but doing the same thing for DC caused a lot more loss (one of the simplest ways of doing it was to convert to AC, do the voltage change, and then convert back to DC). For long hauls on the grid, you want a much higher voltage than in houses. Now, however, it's relatively cheap (both in terms of convertors and in terms of loss) to produce DC-DC converters. USB-C supports 5V (up to 2A), 12V (1.5-5A) and 20V (3-5A). It's fairly easy to imagine 48V between rooms and then a converter in the sockets able to provide USB voltages. You wouldn't want to run a heater or a vacuum cleaner from it, but it would be nice for a lot of consumer electronics.

Comment: Re:Impractical (Score 2) 502

by TheRaven64 (#49791099) Attached to: How Tesla Batteries Will Force Home Wiring To Go Low Voltage
We're not talking grid back-haul though, we're talking a few tens of metres maximum within a house. I've wondered for a while if it would be more efficient to have moderately high voltage DC room-to-room and then low-voltage DC in rooms. Given the number of things in my house that would prefer a DC supply and so end up with (cheap and inefficient) AC to DC convertors per plug (and especially if you use LED lighting), it seems like it ought to be a win. And now seems like a good time to do it, as USB-C is a consumer connector that can provide up to 100W via something that's designed to be very cheap to produce in the lower power variations.

Comment: Re:Oh man (Score 2) 137

by TheRaven64 (#49789459) Attached to: Scientists Reverse Aging In Human Cell Lines
Top 10% probably. Take a look at a global rich list calculator. You can live very comfortably in a western country with 9% of the world's population being richer than you. If you're in some parts of central or eastern Europe, or a few parts of south-east Asia then you may be near the bottom of the top 20% and still living very comfortably. The '1%' that people talk about in the USA are well in the top 0.1% globally, but 'the 1%' makes a better soundbite than 'the 0.1%'.

Comment: Re:That poor man (Score 2) 268

I find it hard to consider anyone who owns a house (even with a mortgage), especially in one of the places with the highest property prices in the world, poor. This scheme seems very odd, because the poorest residents of California are renting, they don't own houses (well, the poorest are homeless), who can't just stick solar panels on top of a house that they're renting.

Comment: Re:Education vs. H1B (Score 2) 204

Does it really make sense to spend money on CS education while importing cheap H1B labor?

Yes it does. Unless you do a job that requires direct person-to-person interaction (medicine, nursing) or tied to regulation by necessity (law), or that requires hand-on work (utilities), you are going to compete with H1B and and global workforce no matter what.

Deal with it. That has been the norm for, what now, 15 years? For 15 years I've been told that my career is going to go poof because H1B labor or because some guy in Bangalore makes 1/5 of what I make, as if software/IT work can be directly compared to picking up fruits or something. In my first 5 years of work, I doubled my salary, and in the 15 years that followed, I've doubled it again.

And I've also been laid off a couple of times, one time 6 days before my first child was born. Tough shit, such is life. You adapt, you fight, you learn, you re-learn, you borrowed Teddy Roosevelt advise ("“Whenever you are asked if you can do a job, tell 'em, 'Certainly I can!' Then get busy and find out how to do it.")

We have to compete against H1B workers and a global workforce? Yes. End of the world? Yes if you suck.

To compete, you need to build your network, and you need to have specialized skills that are on demand. And that requires a baseline education, CS education or something comparable, or related experience.

This has been a fact like, forever. H1B workers and globalization are just a new constant in the polynomial.

Comment: Re:Seems reasonable (Score 5, Informative) 116

The hard part is indeed establishing what the right level of security is and how to evaluate companies against that. At least over here, the exclusions for burglary are pretty clear cut: leaving your door or a window open, and for insuring more valuable stuff there are often extra provisions like requiring "x" star locks and bolt, or a class "y" safe or class "z" alarm system and so on. With IT security, it's not just about what stuff you have installed and what systems you have left open or not; IT security is about people and process, as much or more than it is about systems.

I would disagree with you on this (somewhat). There are well established practices on how to build secure systems, for each major development platform (JEE, .NET, RoR, etc) and also for general decision-making.

Any organization, big or small, needs to be able to come up with scenarios and questions for things that need care, and for which it might need to provide evidence of attention. The important thing is to execute due diligence when it comes to defending your business against attacks, and to demonstrate providing evidence of such due diligence.

If we are in e-business or are bound by PCI, HIPAA and/or SOX compliance, the following questions would come to mind (just an example):

  1. Are we addressing the top 10 risks identified by OWASP?
    1. If so, can we quickly identify how we address them?
    2. What other risks identified by OWASP do we address and how?
  2. How do we address CERT alerts and advisories?
  3. Are we on top of security patches?
  4. Are the underlying systems security patches up to date?
    1. If so, can we quickly provide evidence of this?
  5. If we are bound by HIPAA and/or SOX how do we address security concerns that might stem from these regulations?
    1. How do we quickly provide evidence (evidence of process and assurance)?
  6. Do we have a multi-tiered architecture, or do we run everything co-located?
  7. Are back-end databases on their own machines, in their own subnets outsize of a DMZ?
  8. Are "mid-tier" services on their own machines, separated from databases?
  9. Are they in a DMZ? Are they proxied by a HTTP server in different machines?
  10. Do we have firewalls? If so, do we keep an inventory of their rules?
  11. Are we up to date with patches for network assets (firewalls, SSL appliances, etc)?
  12. Are we still on SSL 3.0 or older versions of TLS?
  13. Do we specifically disable anonymous ciphers?
  14. If we use LDAP, do we disable anonymous binds?
  15. Do we use IPSec to secure all communication channels (even those internally, a requirement for banking in several countries)?
  16. If not why? How do we compensate?
  17. If we are in E-Commerce, how do we demonstrate that we are PCI-compliant?

In my opinion and experience, these questions present the starting point for a framework to determine the right level of security in a system. More should be piled on this list obviously, but anything less would open a system to preventable vulnerabilities.

And that is the thing. The right level of security is the one that helps you deal with preventable vulnerabilities that you, the generic you, should know well in advance, vulnerabilities that are well documented. How costly the prevention is, that is a different topic, and any business will be hard press to justify to an insurer that they forego to deal with a vulnerability because it was too expense.

Answers to those questions and evidence of such would constitute proof that an organization followed reasonable due diligence in establishing the right level of security. Moreover, it will have a much greater chance to disarm an insurer trying to find a way to avoid covering damages.

Notwithstanding the ongoing abuses done in the Insurance business, insurers have rights also. My general health and life insurance is not going to pay up my family if I kill myself while base jumping with blood alcohol levels up the wazoo.

Comment: Re:"What happened to the dinosaurs?" (Score 1) 436

by luis_a_espinal (#49781813) Attached to: Creationists Manipulating Search Results

Uhh...wut? Just because they looked like overgrown lizards in Jurassic Park, doesn't mean they're related to lizards.

Well, some of them actually do look like lizards.

Tuataras are neither dinosaurs (clade Archosauromorpha), nor lizzards (order Squagmata). They are Rhynchocephalia, distantly related to the Squagmata, both orders being Lepidomorphs. It is almost as comparing Marsumials with Eutherians.

Comment: Re:Like the companion app (Score 1) 65

by TheRaven64 (#49781067) Attached to: Microsoft Bringing Cortana To iOS, Android
Apple used to ship iSync with OS X, which could sync calendars and contacts with a wide variety of phones via bluetooth or a cable. It also had a nice plug-in architecture for adding new sync clients (and new kinds of data to sync). They also had some Bluetooth integration with the address book app, so when someone called your phone you'd get a pop-up on the screen of who it was and could send SMS directly from the address book. All of these features disappeared with the first OS X release after the iPhone and were replaced with cloud-base syncing that only worked with the iPhone.

Comment: Re:Just stick to the mantra (Score 1) 106

by TheRaven64 (#49773763) Attached to: No, Your SSD Won't Quickly Lose Data While Powered Down
Online copies are just RAID done at the file level instead of the block level. The reason that RAID is not considered a substitute for a backup is that user error or a compromise can damage all online storage. If your backups are online, they are not backups, they're just redundancy.

Comment: Re:Meanwhile OS/2 and Xenix existed (Score 1) 386

by TheRaven64 (#49761245) Attached to: 25 Years Today - Windows 3.0

enough ram to run without swap file thrashing. Price was high as well

These two are related. OS/2 needed 16MB of RAM to be useable back when I had a 386 that couldn't take more than 5MB (1MB soldered onto the board, 4x1MB matched SIMMs). Windows NT had the same problem - NT4 needed 32MB as an absolute minimum when Windows 95 could happily run in 16 and unhappily run in 8 (and allegedly run in 4MB, but I tried that once and it really wasn't a good idea). The advantage that Windows NT had was that it used pretty much the same APIs as Windows 95 (except DirectX, until later), so the kinds of users who were willing to pay the extra costs could still run the same programs as the ones that weren't.

Comment: Re:For me it's Windows NT 3.1 (Score 1) 386

by TheRaven64 (#49761223) Attached to: 25 Years Today - Windows 3.0
I never ran 3.0 on a 386 to try that. On Windows 3.1 it wouldn't work, because the OS required either (286) protected mode or (386) enhanced mode. Running 3.0 on a 386, the DOS prompt would use VM86 mode (yes, x86 has had virtualisation support for a long time, but only for 16-bit programs). Windows 3.0 could run in real mode, so would work inside VM86 mode. In real mode, it didn't have access to VM86 mode (no nested virtualisation), so probably couldn't start again.

You cannot have a science without measurement. -- R. W. Hamming