Forgot your password?

Comment: Re:One init (Score 1) 125

by satch89450 (#47406293) Attached to: CentOS Linux Version 7 Released On x86_64

Given the disconnects between the documentation and actual operation, it is a bad thing. At least that's true for Fedora's take on systemd. I tried to come up with a work-alike of a System V set-up script, and found some issues. Yes, I posted a bug report. No, nothing has happened with that bug report.

We'll see if Centos/RHEL did a better documentation job.

Comment: Yes, there is climate change, but... (Score 0, Troll) 725

by satch89450 (#47393205) Attached to: When Beliefs and Facts Collide

Anyone who says that climate isn't changing has their head in the dry dirt of the Oklahoma Dust Bowl. Recorded history shows clearly that there is climate changes over time. Indeed, climate shifts have influenced man's history more than any other single event source. Scientific evidence shows that climate changes constantly. The problem I have is the intensity which climate cultists point to humans as the cause.

Given that the magnetic poles have been shifting regularly, if slowly, means that the solar wind's interaction with the Earth will change as the magnetic field moves. ("Settled science"? I haven't heard any nay-sayers.) How about the argument that carbon dioxide has been "building up"? Yet one study I finally found, that looks at wider time periods than a century ( suggests that (1) temperature has no significant correlation with CO-2 content, and that we are coming out of a period of low CO-2 concentrations.

Does this mean that man is completely blameless? No. Temperature is a function of released energy, and the Earth had stored sunlight for millions of years. We are releasing that stored sunlight at an increasing pace, which eventually ends up in the atmosphere, one way or another, as heat. How much is due to technology, and how much is a by-product of man's actions such as the clear-cutting of Amazon rain forests and covering the land masses with asphalt and concrete, and how much is caused by other, non-man-made changes? So the question is whether the existing natural system for expelling heat are up to the task. More importantly, details are important. How much heat does technology dump into the atmosphere? Clear-cutting (and clear-burning) of land? Other sources? Without numbers, everything is just opinion. And when it comes to such "science", one option is equally as good as another, absent accurate and provable forecasts -- I believe that is why the climage deniers hold to their beliefs. Cultists haven't proven their case, or even shown their case has merit.

Are there other solutions than those proposed by the client cultists? One way to keep heat out of the atmosphere, if that is the goal, is to keep sunlight reaching ground level from being converted to heat in the atmosphere. Photovoltaics can help, although the energy would be released -- just perhaps in a different spot or a different time; the benefit would that such energy would displace energy released from fossil fuels -- current sunlight instead of ancient sunlight. Ditto solar thermal power plants -- using today's energy instead of million-year-old energy.

Sunlight that never reaches the ground can't contribute much to the heat load. How about reflection and dispersion? Some of the energy would be converted to heat by the air itself, but the rest would escape into space in the form of radiation (light, infrared). Another way to trap sunlight so it doesn't contribute heat is to increase the surface area of leaves, to increase photosynthesis -- and that has the benefit of eating up CO-2 as well as keeping heat out of the air. (Cultists: when did you re-roof your homes with grass? It would lower your air-conditioning bills, too, by keeping the heat out of your attic.)

But is that all there is? There is considerable heat trapped in the core of our planet. Further, there are energy sources in the ground that contribute to the atmospheric heat load...but I never see that heat source mentioned in the Climate Cultist literature. What is the effect of volcanos on the solar balance sheet? We know that ash can bring down airplanes, but what is the effect of that ash in the air? It could well be that geothermal power generation, replacing fossil-fuel generation, would be an excellent way to keep the atmosphere in thermal balance. Don't hear much about geothermal from climage cultists, do you...

I was part of the generation that "grew up with the Bomb" -- and I remember all those discussions about "nuclear winter" that would be brought on by The Ultimate War. Block enough sunlight, and you drop world temperature. But you won't like the side effects.

And so I come to the end of my thoughts on the subject. If you have faith that we "need to do something" about the problem, show us your work, your accurate predictions of change, your proofs. Instead of trying to make us "believers" by trying to evangelize your faith, show something that can be vetted by the scientific method.

Comment: DMCA process? (Score 4, Interesting) 148

I used to run the abuse desk at a web hosting company before I moved on to automation control. Our company developed a procedure -- and published it -- to handle takedown notices. First, the notice has to be sent to the contact on record with the copyright office, that's part of the law. That meant it came directly to my desk. Further, the person submitting the notice had to provide some proof of copyright. Finally, the notice author has to demonstrate that the infringement didn't fall under fair use, or some of the other exceptions.

I then investigated the claim, and if I felt there was reasonable cause for the claim I would take down the site and notify the allegedly infringing customer of the notice and our analysis. The customer could then deal with the copyright owner and then the two parties would let us know how it's resolved. Or the customer could remove the infringing material (they still had access to the data even when the site was shut off), let me know, then if I was satisfied that the infringement was removed I'd turn the site back on, and let the complaining party know what had been done.

There was the case of a person whose site sold knock-off watches. The original manufacturer took exception to the pictures on the site, claiming trademark infringement (which was pretty obvious). The customer took the pictures off. Case solved.

Then there was the customer who posted MP3s of music. That was a no-brainer. We terminated him for violation of the acceptable use policy.

There were some trolls, too. One customer had material under copyright, but the customer's use of the material fell under fair use. The troll could not demonstrate how the infringement went beyond fair use. He threatened to sue. Our lawyers took that threat and ran with it -- replied with a threat to counter-sue.

So different companies have DMCA policies and procedures. It helps to look what they have in place.

Comment: Update in haste? (Score 1) 74

by satch89450 (#47297507) Attached to: Over 300,000 Servers Remain Vulnerable To Heartbleed
How critical is the bug for the particular server? That will vary. For example, my little mail server is running CentOS 4, and does not have the HeartBeat "enhancement" because the updates to that particular distribution stopped before that little throb was introduced. (Sometimes is pays to stay away from the "bleeding edge" of progress!) Yes, it's time to upgrade, but I'm taking my time and doing it slow, because I want to use CentOS 7 when it's released. I'm replacing hardware, too, and I'm testing that hardware before I place all my marbles there. (Not that it matters much.)

Also, I have SSH locked down to specific IP address, no Web service of any kind -- indeed, it's a "mostly closed" system with public-facing holes only for SSH (limited by tcpwrappers), SMTP (not SMTPS or SUBMISSION), DOMAIN (severely rate-limited and with blocks for ANY), NTP, and TRACEROUTE. This effectively blocks any access to heartbleed.

When the first alerts came out, the first thing I did was run the web-based exploit detectors. They didn't get through. At that time, I reviewed the services not blocked by the firewall, and to the best of my knowledge, none of the services I list above use the Secure Shell library. So I satisfied myself that my mail server was tight.

Everything else on my network is behind the same firewall, using NAT to gain access to the outside world. There is no open path to my desktop computers or internal-only servers.

I'm very much of the school "if it ain't broke, don't fix it in a hurry." In my case, I'm rebuilding servers (some celebrating 10 years of service or more) with the latest proven software one at a time, with the mail server being last in the chain. I'm replacing hardware as well as software, one by one. (I'm probably going to update the old hardware so I have standbys if the new hardware experiences infant mortality, but that's a detail.)

So, in come cases carefully researched, there isn't any need to take action against Heartbleed, because the exploits are blocked upstream.

Comment: Re:Cue the radical activists (Score 2) 387

by satch89450 (#47211391) Attached to: Geothermal Heat Contributing To West Antarctic Ice Sheet Melting

I will believe the science is settled when the journals that carry articles about climate stop rejecting articles that are not "in line" with the alleged settled science, especially those articles that are brought forward by scientists who don't put the word "climate" in front of "scientist" or "researcher" when they describe themselves.

"Science" is about exploring boundaries and ideas, and a "memory hole" has no place at all in science. "Science" is about evaluating the data and resulting theories, not the person bringing the data and theories forward. "Science" is about recognizing new facts and incorporating them into existing theories...or throwing out the old theories when the new facts require those theories to be stretched all out of shape to shoehorn in the new facts, much like politicians gerrymander the boundaries of voting districts to achieve a desired result.

Why have the various predictions been so drastically wrong? That says the science is not settled. If it were, the results would better match the predictions. Especially the doomsday predictions. Not to mention the flip-flops between "global warming" and "global cooling" -- how does the settled science square with those changes in view? I'm reminded of the boy crying "Wolf!"...

I agree that there are trends in temperature change that needs to be watched closely, but I disagree that there is one "magic" solution. Indeed, I look at reduced industrial CO2 emissions as only one of many things we should look to do. For example, have you considered growing grass on the roof of your house, and on the body of your car? How about roofing over car parks, and growing plants on them? Have you looked into dense, CO2-consuming flora on the top of your office building? How many trees have you planted on your property, especially large-leaf ones?

"Climate change" is not a "Someone else's problem" -- it's YOUR problem, too. Why do I see lots of talk but little personal action? Show us how to solve the problem, don't just say "you do it."

Comment: Re:Accoeding to arsonists (Score 1) 379

by satch89450 (#47034483) Attached to: Studies: Wildfires Worse Due To Global Warming
Clearing the underbrush can *reduce* the amount of CO2 to be produced. Pull and chip that brush, don't burn it. Use the chips as ground cover to better protect seeds and hold water, both which promote good tree growth. Chips can be used in playgrounds instead of sand or dirt, particular chips from softwood brush. When my father was in the forest service, they cleared out brush "by hand"; the only time they lit any fires was when they needed to set a backfile to halt or steer a moving path of flame.

Comment: Re: I thought weather was not climate... (Score 1) 379

by satch89450 (#47034419) Attached to: Studies: Wildfires Worse Due To Global Warming
I suggest you increase your range of research. Specifically, find the study for the Tahoe Basin showing how the suppression of forest fires has increased the fuel load in the forests of the basin for the past 30 years. More fuel means hotter fires. Also, add "fire ecology" to your search parameters. In this one respect, man *has* affected the ecology, by suppressing limited fires that eat up the excess fuel that can lead to large crown fires and "firenados."

Comment: Re:I thought weather was not climate... (Score 1) 379

by satch89450 (#47034399) Attached to: Studies: Wildfires Worse Due To Global Warming
And where do you get your information? A wildfire may not be burning above-ground, but the fire can continue underneath the topsoil. Forest fires are not considered "out" until they have been thoroughly soaked with water over a period of months. In the Sierras, that's after the first big snowstorm of the season. Snow captures the heat and melts, and the resulting water will go into the root tunnels and snuff what's left of the fire. And the loss of coverage *can* affect climate, but only in a local area and not on a continent, let alone the planet. But that doesn't affect your premis: a single fire does not "climate" cause.

Comment: Re:KNF can wait (Score 1) 379

by satch89450 (#46799181) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week
It's most annoying, and couter-productive, to audit code when the lack of formatting gets in the way. The first thing I do when I get a piece of messy code is run it through a beautifer first. In one case, that one action made the bug shine like the sun on a clear day. Who audits using diffs? The audit needs to cover ALL the code.

Comment: Re:Worst thing possible (Score 1) 379

by satch89450 (#46799171) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week
You've looked at the "code changes"? I did, and found many of the alleged changes to be reformatting, to make the code easier to audit. Some of the changes are to pull out portability cruft on long-dead platforms. But you go ahead and view OpenSSL as dead to you -- that's your choice. As for "untested code changes", are you sure? This appears to be part of a process, not a rush to release.

Comment: Re:No Good. (Score 2) 379

by satch89450 (#46799159) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week

Mr. Anonymous Coward:

What changes are you referring to? The changes I see are good re-factoring: clean up formatting, remove dead code, add missing bounds checks

Are you volunteering to do the code audit?

Massive rush? Evidence, please.

Security testing clearly hasn't been done before? Evidence, please. The counter-evidence is that the security testing tools were found not to work in this one particular case, and that problem has been patched. Security testing costs money; how much have you donated to the project?

Heartbleed exposes a problem, it doesn't invalidate the concept of Open Source. For one example that made world-wide news, there are hundreds of examples of open-source "wins" that never rose about the journalistic "noice" because it worked properly, and didn't make any waves. The mainstream says "who do we blame, who can we sue?"

And how do you manage projects, particularly open-source projects? Does early disclosure bother me? Yes, as the admin of a group of servers. Would I be comfortable if this were done behind a wall? No. We need all the eyes we can get looking at the problem. And you need to be more explicit: are the bugs that you are complaining about being exposed exploitable in some bad way? Examples, please.

SUMMARY: It's bad, but not as bad as you make it out to be.

Comment: Re:I want to know... (Score 2) 379

by satch89450 (#46799085) Attached to: OpenSSL Cleanup: Hundreds of Commits In a Week
  1. clean up
  2. tighten up
  3. inspect
  4. test
  5. field test

In a clean-up operation, you don't vet each change, especially when the change is reformatting instead of a real code change. It's clear from the commits I've looked at that the people doing this are working to eliminate the cruft that inevitability builds up in any project as it matures. See -- you take baby steps, and check your work as you go.

In the process of clean-up, of re-factoring, one may find and fix subtle bugs, such as the missing bounds check that is at the heart of, um, heartbleed. Elimination of the custom memory management in favor of the native OS code (particularly when the OS takes pains to clear out free memory -- which would have stopped heartbleed cold on some platforms) decreases the complexity of the code, and -- arguably -- makes it easier to read. Replacing clumsy code with better-crafted code that does the same thing but far more clearly makes it easier to read. Removing out-dated portability hacks removes a lot of chaff so the wheat is easier to see. But you can't do this all in one commit and expect not to stub your toe.

Repeat as necessary

When the clean-up tighten-up passes are complete, and the cruft is mostly gone, the developers then need to comb through the code looking for issues missed in the first pass, and brokenness caused by unfortunate re-factoring. It happens. Also, error patterns will pop up when the code is reformatted to a single standards. Further, because people are looking not just at syntactic content at this point, but semantic content, comments can be added to document any awkward or un-obvious constructs.

An integral part of examining the code is the development of test cases for the scaffolded version of the code. This needs to check for conformance to the RFC, and also explore what happens with intentionally malformed packets. This is the crucial step which appears to have been missing or incomplete with the pre-heartbleed OpenSSL code. Code inspection will catch stuff; test cases will expose those problems that were missed during the inspection. This process assumes that the program is structured in such a way that scaffolding is possible from a library of the code base, so each function, or small set of functions, can be tested in isolation. I find, in my own work, that I typically write several thousand lines of code during development to ensure that each major function works as expected -- and that code lives on as scaffolded test code so that when I make a change I can test it against a known set of test cases. (Sometimes, you have to change the test , or add tests, because the function changes or a bug sneaks through, but then you have a check-and-balance to minimize issues.)

You ask "Who is watching the watchers?" The answer is an easy one: as usually happens, management will work to solve yesterday's problems. I fully expect, when the work is finished, that the security researchers will pounce on the "new and improved OpenSSL" to find the bugs and holes that didn't get fixed during the current round. They struck gold once -- and like most gold bugs, they will mine the same hill until they go broke, just like the 49ers did.

One interesting effect is that Coverity [] made improvements in their code-scanning product. (See comments above this one.) The net effect is that all the products scanned by Coverity products will benefit. Which further answers your question: we now have improved computer watchers, too.

Comment: Re:A simple solution (live sports) (Score 2) 97

For the times I want to watch live sports, I go where there is no cost to watch: a sports bar. Living where I do, another possibility is the sports book. The only disadvantge is I have to share the bathroom, and the drinks cost more. I've been off cable for more than ten years. Really haven't missed it.

Comment: Re:Y2K (Score 1) 92

by satch89450 (#46257693) Attached to: 200-400 Gbps DDoS Attacks Are Now Normal

But I am not thinking some nice gradual switch over, but a nice 'if you don't upgrade by X time you loose your insurance and can no longer peer'. If nothing else we could kill at least two birds with one stone... think about the massive economic fallout from the Y2K update, all the money that flowed into tech and job for that had a ripple effect through the economy. Requiring a complete upgrade of the internet would put a real dent in the current economic downturn.

Another benefit: we can see the sequel, Office Space 2, and see how Initech inflates the work needed to solve the spoofed-source problem. Will it end in another fire? Will Milton come back?

Comment:'ll be able to scream, 'fire the lasers!'" (Score 1) 376

by satch89450 (#46227969) Attached to: Laser Headlights Promise More Intense, Controllable Beams

just remember to turn them off before cresting a hill, because otherwise you will be fined and/or imprisoned for firing lasers into the sky in an effort to down aircraft.

You need to look up how laser-pumped headlights work. The light isn't coherent outside of the bulb assembly. The laser fires into a phosper, which then generates the wide-spectrum illumination. So the FBI wouldn't be interested, although I would watch using high-beams on a hill.

Oh, wait, this is slashdot. Where facts get in the way of a good joke...

"Pascal is Pascal is Pascal is dog meat." -- M. Devine and P. Larson, Computer Science 340