Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:Free Pool but no Wifi? (Score 1) 56

by tlhIngan (#48921381) Attached to: FCC Prohibits Blocking of Personal Wi-Fi Hotspots

You have to have a free pool to get a 5 star rating. Too bad the ratings companies around the world haven't required decent and free Wi-Fi. Major hotel chains would change their offers in a hurry when they are down rated to a 4 star hotel.

Then they give you free wifi with a paid upgrade.

I stayed at a hotel with free wifi. The "free" part was true, it was free, for 4 devices at 1Mbps each. Yes, 1Mbps.

Oh, they were more than happy to sell you different rate plans - perhaps you want 5Mbps for $20/day? Or perhaps if you want more devices on your account. (4 devices is a lot, if you're an individual traveller. But two people starts being limiting when you have 2 laptops, 2 smartphones and perhaps something else, and it's keyed to your stay - you can't shut down one and free up a slot - it's the first 4 devices to log in).

Oh yeah, there was competition too - hotels nearby that had pure paid wifi had free offerings as well, all similarly crippled.

Comment: Re:Not all code is vulnerable - getaddrinfo() is f (Score 2) 175

by tlhIngan (#48918719) Attached to: Serious Network Function Vulnerability Found In Glibc

However, it's not like gethostbyname() is a rare call. I suspect that well over 99% of net-aware applications are still using it. This affects just about everything that's talking over the internet.

True, but gethostbyname() is ancient and if the program wants to support IPv6, you can't use gethostbyname(). So I think the number of programs actually vulnerable is far lower. Remember, gethostbyname() only works with AF_INET - while getaddrinfo() works with AF_INET, AF_INET6 and any other protocol that uses sockets (since it returns

struct sockaddr*

making life really easy).

So a lot of older code is vulnerable, newer code less so. it's been around about 15 years or so.

Comment: Not all code is vulnerable - getaddrinfo() is fine (Score 4, Informative) 175

by tlhIngan (#48917689) Attached to: Serious Network Function Vulnerability Found In Glibc

The affected call is gethostbyname() and friends, which have been deprecated by the more protocol-transparent getaddrinfo()/getnameinfo() set of APIs. If you use IPv6, getaddrinfo() is the only way (gethostbyname() and friends are AF_INET (IPv4) functions only), but they're protocol transparent ways to do DNS lookups (they can return AF_INET, AF_INET6 and any other valid address supported by the system and DNS).

Deep down, if you look closely, they mention that code using getaddrinfo() is not vulnerable to the bug.

Shortly after learning about getaddrinfo() I stuck to using it - far easier to use than gethostbyname() and less messy in the end. The only complication is having to call freeaddrinfo() when you're done.

Comment: Re:So what will this accomplish? (Score 1) 144

by tlhIngan (#48914755) Attached to: Uber Capping Prices During Snowmageddon 2015

The purpose of the elastic pricing was to make sure that there was always a nice supply of drivers. Cap the prices, and you won't have as many drivers available to drive you around in the snow. Econ 101, right?

More like "don't piss off people".

More than one person has taken Uber only to be gouged in the end and realize that catching a regulated cab (who aren't allowed to charge more beyond what's posted on the pricing sheet) would save them half or more off the trip.

And considering Uber's business model seems to be to piss off as many people as possible, in the few areas where they've been allowed to operate it seems wise to not try to push one's luck and generate even more publicity that links them with the reasons why taxis were regulated in the first place!

I mean, news of people getting gouged from surge pricing is a nice soft story that'll make the nightly news and all over the web. And it'll associate rapidly "Uber == ripoff" in people's minds. Doesn't matter that they're normally cheaper or better than taxis, once people think Uber is a ripoff, that meme spreads far quicker than any effort to dispel the notion could.

And beyond personal safety issues, it was issues of gouging and markups that were the reasons taxis were regulated to begin with. Since Uber's business model relies on them skirting that part of the law, they don't want legislators getting wise to the history behind taxi legislation.

Comment: Re:SIP Replacement? (Score 1) 260

by tlhIngan (#48914619) Attached to: EFF Unveils Plan For Ending Mass Surveillance

Would IPv6 not solve that? OTOH, why would providers go from IPv4 to IPv6 when soon there will be a shortage of numbers and they can charge (even more) extra for those who want a fixed IP with the excuse that they had with dial up.

IPv6 will, ironically, make the situation worse.

Because SIP assumes complete connectivity between hosts, but if you have a firewall in the way, that model breaks. And IPv6 firewalls will probably be the norm, so you'll end up with situations like the days of early NAT gaming - everyone will get on, they'd click "start", and either nothing happens, or a few people connect and the rest get stuck at the "waiting for host" dialog.

At least with NAT, you can generally assume if you have a private IP (or your external IP doesn't match the internal IP) that yes, connectivity is broken and you can display a message prior to actually trying to work. With IPv6 everything can SEEM to work (IP is seen by world? Check. IP is not private IP space? Check), but when it comes time to making or receiving a call, strange things happen. Like it rings, but doesn't connect. Or you can make outgoing calls but not receive incoming ones. Or calls aborting midway through.

And hell, you can be ISPs would do stuff like this - perhaps the first IP they see gets full access, while all other IPs are firewalled "for your safety". Oh, you can pay for additional prefixes, they're happy to sell you that...

Worse yet, you may not even know whose firewall is causing problems.

Comment: Re:yes, programming, like poetry, is not words, un (Score 1) 192

by tlhIngan (#48914533) Attached to: Why Coding Is Not the New Literacy

If enough people understood properly how to command their computer, productivity would would increase by orders of magnitude and our lives would change again. Most of the produced code would be very utilitarian, poorly structured, utterly mundane but incredibly useful.

So why do we treat "using a computer" specially?

Shouldn't we also teach them about say, cars? And we should add in the legal system. Perhaps IP law, since the majority of /.'s seem to be so intelligent about IT things but completely illiterate about basic IP law like the differences between trademarks, copyright and patents (both kinds).

Heck, I'm sure we should add shop skills (plumbing, basic carpentry, basic electrical, safety, power tools, cooking, finance) to the list. Truth is, there are plenty of skills we need that aren't taught - computers being just one of many. Hell, given it's the US, add guns to the list - doesn't matter if you're pro or anti gun control, providing a basic education in gun safety and handling will probably be extremely handy given the amount of rather idiotic gun accidents out there.

There comes a point where it's not really useful to give everyone the specialization because everyone then claims why their specialization wasn't part of the core education program in the end.

I mean, your mechanic doesn't need to know about how to compile a kernel - unless you really WANT to pay your mechanic $200/hr to muck around with his diagnostics machine when he's supposed to be fixing your car. (Today, said mechanic will say his computer is down, and hand it over to IT who will fix it, on the shop's dime, not yours).

Comment: Re:The solution is obvious (Score 5, Interesting) 551

Together, the others release dozens, and different companies share different responsibilities. Nice for consumer choice, but not so nice for support, since nobody wants to maintain a software stack nor wrestle with the politics involved in updating so many different devices.

You're off by an order of magnitude.

Samsung, in 2014, released about 3 smartphones per week. Yes, they have over 150 smartphones released in 2014. Tablet wise, I think it was over 1 tablet a week (it was over 50 around October).

It seems a lot of Android manufacturers see Android more as a "fire and forget" style of releases - just get a version of Android, stick it on, sell it, move on.

I mean, supporting 200 brand new Android devices (ignoring 2013 releases and prior) ...

Comment: Re: life in the U.S. (Score 1) 253

by tlhIngan (#48905781) Attached to: Verizon, Cable Lobby Oppose Spec-Bump For Broadband Definition

Hint, streaming is meant to be streaming. There is no point in downloading data much faster than what your viewing application can use up, per time period.
Especially as it's unclear if the user will be watching that stream in 30s anymore. No point maxing out the connection, especially as it might steal needed bandwidth from another connection.

Yeah, but if you have say, just 3 people streaming Netflix, that's easily 15Mbps right there. And perhaps someone wants to surf the web or something - at which point you really do want something like 20-25Mbps just to make sure the streaming doesn't stutter. (Yeah yeah, move to IPv6 with QoS blah blah blah - true, but you can bet ISPs will charge for that service. QoS was put in IPv6 so it could be a chargeable service in the end - want higher priority? Pay up).

And if not 3 Netflix streams, well, there's also online gaming where you want to have a few Mbps free to avoid congestion

Comment: Re:Bullshit (Score 1) 210

by tlhIngan (#48905183) Attached to: At Oxford, a Battery That's Lasted 175 Years -- So Far

I would not be surprised if a frequency component were also necessary, but clearly there will be some V/A threshold you have to cross before you do damage.

Basically what you need to do is breach the dielectric that separates your blood from the outside world - your blood is a rather excellent conductor of electricity thanks to all the ions dissolved in it. however, the insulator, your skin, has a conductance that varies depending on its condition - if it's wet, it conducts a lot better than if it's dry (by several orders of magnitude - easily dropping from the low megaohms to kiloohms). Once the current gets past your skin, it's really a straight shot to your heart which requires very little voltage.

It's why you usually don't get shocked by a 9V battery as the current doesn't get through the skin, but wet skin and you feel the tingle as it stimulates the nerves.

Comment: Re:Simple solution (Score 1) 421

by tlhIngan (#48897247) Attached to: Ask Slashdot: Where Can You Get a Good 3-Button Mouse Today?

What I've found is that the cheap mouses the click wheel works ok. The MS and Logitech ones, of course.

Got me the middle button gets used most for opening a link in a new tab, and also has it's uses in CAD apps.

I don't know about you, but 3 button mice I find limiting - I invariably get mice with extra buttons to get me the extra functions you need. Instead of zoom mapped to the wheel (which is annoying as hell), I map it to two buttons so I click it when I need it, and map the wheel elsewhere.

And hell, I can map Paste to a button that's less vulnerable to hitting than the middle click when scrolling fast.

Comment: Re:bitcoin is circling the drain, but.... (Score 1) 79

by tlhIngan (#48897217) Attached to: Winklevoss Twins Plan Regulated Bitcoin Exchange

If the Winkletwins want to hype it up long enough so that I can dispose of the last of my BTC stash while 1BTC is still over US$200, I'm game.

Having bitcoins kept in a US bank seems to defeat the purpose of bitcoin, but it it helps me with my previous point, then by golly, full speed ahead.

And that's the entire point.

The WInklevoss bought BTC when it was probably $500 or higher - and supposedly they own around 10% of all BTC.

And now that the price crashed from $1300 each to $250 or so, well, damn, they lost a lot of money.

The whole point of the regulated exchange is supposedly to keep the price up and give it more legitimacy - I'm sure they saw that BTC was used for Silk Road and other illicit transactions and when Silk Road got busted, well, the fact its value was propped up by illegal activities hurt them. So they want to transform it into a legitimate business whose value is driven by "legitimate" economic activity over say, criminal activity.

Comment: Re:Really? (Score 1) 190

by tlhIngan (#48897205) Attached to: WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users

I myself am wondering why whatsapp/facebook hasn't simply sued them for trademark infringement. I mean they're clearly using the whatsapp name in a way that confuses the end user as to who owns the app.

Probably because WhatsApp Plus is distributed outside normal channels (otherwise it would be quickly removed from say, the App Store or Google Play) and is one of those where the developer just doesn't make themselves easily known.

Plus, sometimes it's easier to just cut access to it than to try to launch a lawsuit which costs a lot of money with little to show for it since there will probably be 10 more clones after the lawsuit is over. Just cutting off access is easier and cheaper.

Comment: Re:Not news (Score 1) 123

by tlhIngan (#48897187) Attached to: Linus Fixes Kernel Regression Breaking Witcher 2

And if only MS had a similar "never break userspace" rule that applied to even the most unbelievably "casual" of software too.

Hell, I broke four apps just going to 64-bit Windows 8 from... 32-bit Windows 8.

If that happens (and Microsoft is one of the best at not breaking userspace), WIndows development would stop overnight.

Most developers are crap - and I'm sure "never break userspcae" is routinely violated by Linux as well, just it breaks little apps that no one knows about and someone either fixes it or codes some other workaround.

Yes, developers are crap who are more apt to take a shortcut "because it works" over doing it the proper way. On Windows, it's easy - if you run a non-English version of Windows, or put it anywhere other than C, you'll find yourself with a "Program Files" folder soon enough because it was hard coded in over using the system APIs to retrieve it. Or you might end up with a C:\Windows even though Windows is installed on D: purely because someone hardcoded a path there.

Plus, there's tons of legacy code out there - a surprisingly large amount of code is still 16-bit (which breaks on 64-bit), usually more bespoke applications used in specialized areas, but hey, if you ever wondered why there's a 32-bit version of Windows despite most processors sold being 64-bit capable...

And to be honest, a LOT of Windows bloat is due to the compatibility - Microsoft codes around applications that took shortcuts. Apple took the opposite tactic - they refuse to support anything but published APIs - if your program broke because you did something "the easy way" then Apple pretty much says "screw you - you took the shortcut, you profited, now you pay". (And yes, new features often broke poorly-written applications. On Windows, this would mean Microsoft wouldn't introduce the feature, or have to work around it).

And yes, moving to 64-bit Windows breaks stuff - remember what I said about hardcoded apps? "Program Files" for 32-bit turns into "Program Files (x86)", breaking all sorts of stuff.

Vista broke practically everything, which was why it was demonized, but mostly because it showed how poorly Windows apps were developed - all those shortcuts meant ground breaking changes like administrator not being enabled all the time broke a lot of apps that required admin just to run.

Comment: Re:Seriously??? (Score 3, Insightful) 467

by tlhIngan (#48891385) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

Yes. Because these tests are pure FUD generation. These "tests" are designed specifically to give high marks to AV kit that has its heuristics engine to produce as many false positives as possible and low marks to AV kit that has a reasonable heuristics engine that looks for realistic threats and doesn't spam user with "this is a potential threat, upgrade for 9.99 now to fix" advertisements.

Nevermind that most heuristics engines will at one point or another detect a standard (Microsoft-signed) required Windows file as a virus and promptly "quarantine" it for you. Which just means Windows will either bluescreen or render your system unusable.

And that's a problem - because now AV is interfering with your computer - and if it isn't a Windows binary that gets hosed, it's a file one of your programs you use.

No, MSE will not catch a 0 day. No antivirus can. So they use heuristics to bridge the time between it's in the wild and when they push an update that will detect it. But there's a tradeoff - too aggressive and there will be a TON of false positives. More conservative (Like MSE) and you'll be more likely to miss a threat, but less likely that you'll clobber a file you really need. And for most people, that's more than acceptable tradeoff.

Especially when you combine it with safe surfing that blocks questionable URLs - available on every browser now (either powered by Google or Microsoft) that prevent you from grabbing questionable files.

Comment: Re:Translation: (Score 1) 158

by tlhIngan (#48885457) Attached to: Surface RT Devices Won't Get Windows 10

Like they dumped CE

Windows CE is still around, actually.

Windows Embedded Compact is the new name for Windows CE - it's confusing as hell since it's similar to Windows Embedded (which is based off standard Windows), but the "Compact" (or "Automotive") version is Windows CE.

it was this way since Windows CE 7 which was renamed to Windows Embedded Compact 7. (Now they're at Compact 2013)

"Thank heaven for startups; without them we'd never have any advances." -- Seymour Cray