Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:Ubuntu (Score 1) 86

But in practice the applications don't update this base OS, so the copy of openssl that is loaded into memory when the app launches will be vulnerable since there is no practical way to automatically keep them updated. The app vendor would have to basically rebuild the image every time a single package would have to be updated.

First of all, there's often little reason to even include OpenSSL in your container. You can attach to it through Docker. And only expose ports your app uses. The attack vector is reduced. Secondly, practices around containers are definitely evolving, so what is "in practice" now isn't necessarily the way it will always be.

Comment Re:Doesn't exist yet (Score 3, Interesting) 165

This is true-- there is no home 3D printer that can print a reasonable LEGO brick.

However, LEGO makes a lot of other ancillary pieces that you CAN print. Replacement heads for mini-figs, clip-on attachments to things, little flowers, buckets, etc. In addition, the LEGO Technic straight brackets (the long ones with the holes and plusses) are not too hard to print, and you can create your own configuration of those holes. (I have a customizable one up on ThingiVerse here:

So a 3D printer is not going to keep you from buying LEGO, but it might make playing and building with LEGO more fun.

Comment Re:Strengths and weaknesses (Score 5, Insightful) 510

The senate bill says what it says. You have the complete text. Show me where it says what you claim.

What I see is a trap for evolutionists. If you can't challenge a theory then it isn't science, it's doctrine. The author is trying to trick you into treating science exactly as he would treat religion.

Part of the problem here is that there is no competing scientific theory. We don't consider alternatives to gravity, the atom, germ theory, electromagnetism, or the rest of the well-established scientific foundations in grade school, either. Despite the fact that there are nuances to them that may hint at exciting new science, the core systems are supported by so much evidence, that it is appropriate to just state the prevailing theory, the supporting evidence, and the implications. Teaching a "controversy" is itself a lie, because there is no controversy on evolution within science. This is just science vs. not-science, and that's for philosophy class, not Biology. As soon as you mandate that teaching a lie is protected and immune from discipline, you're not teaching science anymore.

Comment Re:Will there always be an acceptable competitor? (Score 1) 440

there is no law of any kind that requires me to do business with any specific store of business, either

Specific business? No. Specific kind of business? Yes. Zoning laws require you to buy food rather than growing it. Indecency laws require you to buy clothing. Sit/lie laws require you to buy or rent housing rather than sleeping on public property. And shared responsibility laws require you to buy health insurance or face drastic tax hikes.

If the grocery store I habituate decided tomorrow to start taking plastic only, I'd find somewhere else to shop on principle alone.

So what happens once all grocery stores within walking distance go cashless?

Not to mention registering cars, getting licenses, and other state and local government activities which often no longer accept cash.

Comment Re:Sounds like an MBA plan! (Score 1) 216

This back and forth is ignoring a critical point: that not all bugs are created equal, and not all systems fail in the same ways or have the same risk profile and scale. What if your REST service returns 500 for a user because of something you just released? Ok, that's bad if you just rolled it out to all your servers and it happens to all users. But what if the client always does 3 re-tries (as REST clients should do), and you only rolled it out to 5% of your servers? Now most clients are unlikely to see anything wrong at all, and it's obvious you should immediately pull back the release. In fact, the pull-back should be automatic as soon as it's observed that the failure profile is worse.

And regarding risk and scale, what if you have a banking application that is only used thousands of times a day, and compare that to a social network used thousands of times a minute? The risk of getting something wrong and tripping regulator ire is great in one case, while the risk of seeing some entries missing on your wall ranges from a little annoyance to unnoticeable. And the likelihood you'll actually see the problem quickly is huge on the social network, while it may not be so on the less-used app. The social network is obviously a good candidate for devops-style continuous-release systems, while the banking app would need more evaluation to see where the line is drawn.

Comment Re:They can't lead in market numbers forever (Score 1) 239

You'll have to define "fail". I have iPad 2's from four years ago which still have many hours of battery life and have seen relatively heavy use. Perhaps not the 10 it had originally, but then neither does a Microsoft tablet. I think Apple considers a battery eligible for replacement if its capacity falls below 80% during warrantee or Apple Care period. Otherwise you have to pay $99 to have it swapped out.

Comment Re:OK, I'll bite (Score 1) 195

Can you do tiny embedded projects with it ?

This is one I'm interested in, actually. The reference Swift compiler implementation uses LLVM as an intermediate layer then uses LLVM's final compiler and linker to generate machine code. The group making the LLVM back-end for AVR (the chip used by the Arduino-compatible ecosystem) is actually in the process of merging their work into mainline LLVM right now. Things could get interesting in the embedded space soon. But I don't know enough about Swift linking to know if small programs would carry a prohibitive library payload or whether it will be practical.

The answer to most of your questions, though, is "maybe" or "not yet", and "but there's probably someone on the Internet working on it".

Comment Re:Pittsburgh? (Score 1) 464

I second Pittsburgh. I moved away to be closer to family but miss it. You can buy a house outright for the down payment in many other tech locations, and there's a good diverse tech scene including CMU startups, biotech, and small labs connected to big companies. Museums, arts, short drive to the country, etc. It's not a "night life" town, but if your pace is a little slower it's a very comfortable place to live.

Comment Re:Bad practice. (Score 1) 242

I agree, but would point out that using a fingerprint to unlock a strong key on a phone, then using that to authenticate to a remote server is quite strong.

It gets even better than this with iOS 9. iOS 9 paired with any iPhone in the last couple years can generate a public/private key pair where the private key is stored in the Secure Enclave. (For those not aware, this is an area of the chip with write-only access and its own coprocessor. The only thing you get out of it is verification. It's physically impossible to read the data via software.) The secure enclave has existed since TouchId was introduced two years ago, but with the new public/private key system you can validate a challenge-response query from a server with TouchId. Basically, the server sends a packet, the phone unlocks the keychain with TouchId, signs it, and the server then verifies the signature with a previously-onboarded public key.

Yes, it is theoretically possible to lift a fingerprint from a glass and manufacture a fake finger to unlock a phone. But then you need the physical phone, and need to keep it from getting remote wiped. That's usually a state actor situation, so I guess it depends on who you're trying to protect yourself from.

Comment Re:They have a plan allright... (Score 3, Informative) 188

I live about 50 miles by road south of NYC. Closer as the crow flies. Nothing like this happened for Sandy (or Irene the year before). If anything, the event brought people closer together. Functioning power and cell phones were rare for a couple weeks, and gas got scarce fast (mostly due to lack of power for pumps). But we had a notable lack of marauders, and the neighbors showed a very strong preference for canned food over eating each other. People shared and generally acted like a right-wingers nightmare, coming together as a community to get through it together.

Comment Re: Far too late in the game...pun intended (Score 1) 174

The AppleTV can use third-party Bluetooth 4/LE controllers (See this link). I'm sure plenty of folks will come out with all kinds of controllers for it. The bundled one seems okay for a lot of casual gaming, buy buying more controllers isn't going to break the bank on a $150 console with $1-5 games.

AppleTV also has an interesting storage system to deal with the 32GB problem. The "core download" for any game has to be less than 200MB, with amounts above that loaded in 64-512MB chunks that are available on-demand over a network. The AppleTV will dynamically manage the on-demand area. So your old, less-used games will shrink if you never play them, then re-download when you use them again. (See this link for more.)

Comment Re:Far too late in the game...pun intended (Score 3, Interesting) 174

Nobody buys an apple for gaming

There are an order of magnitude more games available for iOS than all gaming consoles ever invented put together. Thing is, the games tend to be a different "sort" of game than your typical console gamer wants. Is that a bad thing? The Wii sold far better than expected due to its "casual" nature, but eventually ran into a problem of underpowered-ness. Now we have a device with the graphical chops, brand recognition, relatively open App Store compared to other consoles, and a huge existing base of code easily ported. I think they have a shot, but don't see it as an either/or thing.

Slashdot Top Deals

If at first you don't succeed, you are running about average.