Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Wow, that's very deeply insightful (Score 1) 594

by seebs (#48291931) Attached to: Space Tourism Isn't Worth Dying For

Similarly, the Internet has done nothing for science or human knowledge, since so much of the work of pushing it and promoting it has been done for profit.

This isn't people dying so rich people can have fun. This is rich people funding the fundamental research that will make space travel practical in time.

Comment: Sort of spammy, also not convincing (Score 1) 169

by seebs (#48232715) Attached to: Tetris Is Hard To Test

So, on the one hand, it's sort of a spammy/advertisey thing to begin with.

On the other hand, I'm also not entirely convinced that the code coverage tool really solves the problem, because a given line of code can have different effects under different circumstances.

If you read in an address from a text stream, and then write to the memory location denoted, that's just one line of code executing that dereferences the pointer, but good luck determining what it does on all future invocations based on watching it execute once. Similarly, consider a straightforward loop like "for (i = 1; i len; ++i) a[i] = 0;" where every line will be hit if len is at least 1, but the effect of executing the code is, to put it mildly, somewhat variable.

Comment: I don't think this analysis is right (Score 1) 170

by seebs (#48214445) Attached to: Ask Slashdot: Smarter Disk Space Monitoring In the Age of Cheap Storage?

While "only 5% of my disk" is now many times larger than it used to be, so are the things I'm moving around, so "95% full" is just as bad now as it used to be.

Basically, once we got past quotas measured in single or double-digit numbers of kilobytes, this stopped changing for me. 95% full on a 100MB disk and 95% full on a 500GB disk work the same for me.

Comment: That explains a lot. (Score 1) 213

by seebs (#48149917) Attached to: Microsoft, Facebook Declare European Kids Clueless About Coding, Too

People who didn't learn to code by the time they were 7 have never been able to program as adults. It sure is lucky a supply of people taught to code by ancient alien astronauts was supplied to us so we could bootstrap the procedure, because no one in the history of our species has learned new skills past age 7.

Comment: Re:The name (Score 4, Insightful) 204

by seebs (#48095063) Attached to: Ask Slashdot: Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?

I am impressed, I thought I had seen some bad legal advice before, but this is spectacular.

I am sure the vexatious litigants of the world greatly appreciate your suggestion that their victims lose on technicalities because they didn't correctly understand the legal process.

Comment: Re:Briefing for management - reuse with attributio (Score 1) 318

by seebs (#47997523) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Look at it this way:

Do you have full source to everything you run? No? Do you know whether any of them, ever, down any code path, call system() to run something? I bet some of them do. Now, could they ever do it in an environment where at least one variable has a value acquired from an external source?

If so, that's an exploit-in-waiting.

Keep in mind that "I don't call system, I use fork and exec" doesn't mean that the thing you exec doesn't perhaps call system(), or use the shell to execute some command. Or invokes something which is actually implemented as a shell script.

It's not just external exploits of servers; it's external exploits of clients which can ever run something with environment variables obtained from the environment.

Comment: Re:"could be worse than Heartbleed" (Score 4, Interesting) 318

by seebs (#47997457) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

For low-traffic stuff, development time is much more important. Furthermore, in some cases, the actual intended function of a thing is to run specific code. And prior to this bug, it was reasonably well-understood that system("/absolute/path --with --fixed --arguments") was pretty safe, since the absolute path prevented any PATH-related shenanigans, and you weren't including any user data. The environment's not executable. Usually.

Comment: Re:ELI5 please (Score 1) 354

by seebs (#47841733) Attached to: DMCA Claim Over GPL Non-Compliance Shuts Off Minecraft Plug-Ins

There is prior art in copyright cases for courts to conclude that if you didn't have a valid license to create the work you created (say, Bukkit, which was created without proper licensing for things without which it couldn't exist), that the answer is "haha no" and you don't get copyright protection at all, and cannot make or enforce license terms. That'd be my ruling; you can't use the fact that you stole someone's stuff to create obligations in them.

Comment: Re:Mod AC parent up (Score 4, Insightful) 354

by seebs (#47841671) Attached to: DMCA Claim Over GPL Non-Compliance Shuts Off Minecraft Plug-Ins

His code *always* violated this license in this way. That was his decision when he wrote and submitted the code. No one else is violating his license, he was violating theirs. So, yes, I expect him to roll over when people continue using his code exactly the one and only possible way it could ever have been used, which was unambiguously his intent in contributing it in the first place.

You scratch my tape, and I'll scratch yours.