Forgot your password?
typodupeerror

Comment: Hack it (Score 1) 480

1. Find a bug in your own server-side code (easier than doing it on somebody else's unknown code, and that's usually doable.)
2. Exploit the bug to put all your copyrights back in the source files (don't disrupt service or do other unethical deeds.)
3. Show the live code to your new employer, saying: "Here, they fixed it."
4. Bonus points if you install a rootkit to periodically re-patch the files :-)

Comment: Rube Goldberg (Score 1) 77

by Tobia Conforto (#43625263) Attached to: Epic and Mozilla Bring HTML5 OpenGL Demo To the Browser

Let me get this straight.

They (the asm.js nutjobs and the vendors who trot along) are proposing to take programs written in C or C++, "compile" them to the fascist brother of Javascript (I won't call it a "subset" of the language because it actually works by adding boilerplate code) so that supported implementations can recognize that the Javascript source has all the boilerplate cruft in place and try to compile the damn thing back to machine code.

Rube Goldberg would be proud.

Besides, I can see the security chasms opening as we speak

Comment: The Flying Pulpit (Score 1) 96

by Tobia Conforto (#43508319) Attached to: Hyundai's Flying Car Flies For an Audience

Posting this because too few people know about it.

There is such a thing as a personal flying device, it has existed since the 70s. It's called the Williams X-Jet or WASP (Williams Aerial Systems Platform), and also known as the Flying Pulpit.

Here's a video and its Wikipedia page. Other videos: one, two, three, four.

It's basically a manually controlled 3D Segway in the way it operates. You just lean in the direction you want it to move and adjust the power output. There's a separate control for yaw (turning left and right) because you can't do that by leaning in some direction (just like the one in the Segway) and that's it.

I won't go into a political tangent, but you've got to ask yourself why it's not being sold to the public. Even if it cost a lot (which I don't think it would: a small jet turbine is not that expensive), I'm sure there would be enough rich people interested in buying one.

Comment: Re:No Shit (Score 5, Interesting) 157

by Tobia Conforto (#43456225) Attached to: Memory Effect Discovered In Lithium-Ion Batteries

Yes shit. People who "use Li-On[sic] batteries and have to charge them frequently" are simply incurring in an unfortunate characteristic of Li-ion batteries, namely that they have a finite number of recharge cycles, or equivalently, that each recharge cycle diminishes the total charge the battery can hold.*

This has nothing to do with a memory effect.

For comparison, Ni-Cd batteries (as seen for example on power tools) have a strong memory effect, meaning that if you plug them in before they are exhausted, they "remember" the smaller capacity you've used them for, and it takes a number of complete discharge and recharge cycles to restore their full capacity. Of course, all that's needed to fully utilize Ni-Cd is a slightly more expensive charging circuit that fully discharges the battery before switching to recharging, which is why they are widely used in professional applications.

_____________
* Battery-savvy users always keep their mains plugged in on Li-ion devices such as laptops, so that the battery undergoes few recharge cycles and still performs as if it were new when they need it to, even after years of usage. But not after too many years, because Li-ion also have a limited timespan, or equivalently, the total charge they can hold diminishes every second since they leave the factory. Yes, it's a complex world.

Comment: OpenVZ (Score 5, Insightful) 62

by Tobia Conforto (#43456025) Attached to: Xen To Become Linux Foundation Collaborative Project

OpenVZ is very much like jails for Linux. I introduced it at my job four years ago and we've been using it ever since. I can attest to the savings in hardware overhead and in sysadmin time, compared to the alternatives of either full-blown VMs or all-services-in-one-Linux-box.

Nowadays there is also LXC, which supposedly is the future for Linux jails, seeing as their patch-set got into the mainline kernel—something OpenVZ failed to achieve. But IMHO LXC is not as stable and reliable as OpenVZ, nor as well-isolated by default, which is an aspect that is too often neglected.

Comment: Re:Why does this VM have so many vulnerabilities? (Score 5, Interesting) 193

by Tobia Conforto (#43054329) Attached to: New Java 0-Day Vulnerability Being Exploited In the Wild

AFAIK all these issues are not in the VM.

The JVM has been stable for many years and is the foundation of countless information systems: websites, money exchange, traffic control, you name it they all run server-side software on the JVM, which by itself is rock-solid.

The issue is with the "sandboxing" feature of the Java browser plugin. The plugin was engineered to allow executing arbitrary, untrusted JVM bytecode, which would include outward calls to Java's extensive standard library, while still preserving some high-level definition of isolation between the untrusted code and the host OS. Given that Java's standard library is full of classes that do very insecure things by design (including running native code, opening network sockets, and so forth) this security model has proven to be a complete nightmare. They will keep finding sandbox-related bugs in the Java standard library for as long as it exists.

Oracle should do one of these things:

  • – just dismiss the damned plugin altogether, or
  • – severely restrict it to running signed code or some other kind of host-based whitelist, for the few companies that still need it, or
  • – write a new standard library from scratch that does not include any unsafe code.

Comment: High Contrast Google Chrome extension (Score 1) 195

by Tobia Conforto (#42629667) Attached to: Ask Slashdot: Best Tools For Dealing With Glare Sensitivity?

As has already been said, most large desktop applications can be put into reverse video with some suitable combination of OS settings and application themes or color schemes.

Not the web. Unfortunately, most websites employ a complex layout made of text, CSS, and images, not to mention Javascript, that makes it very hard to enforce any kind of user CSS rules.

For this reason I've found the High Contrast Google Chrome extension a godsend. It allows you to invert the colors of the entire website, not just the text. It does so by applying a visual filter to the entire rendered page. You can choose among a few builtin settings (grayscale, full color invert, black and white inverted, and such) and set site-specific preferences, for example to leave alone sites that are already white on black.

With a bit of tweaking you can even create your own settings, by editing the extension's CSS file. On my Mac the file is found at ~/Library/Application Support/Google/Chrome/Default/Extensions/djcfdncoelnlbldjfhinnjlhdjlikmph/0.4_0/highcontrast.css. I've edited its default "Inverted Color" settings so that it only inverts the luminance: I want red things to stay red and green ones to stay green (think red flags and green checkmarks) but with the luminance inverted, so that light things become dark and the other way around.

Here is my patch, if you'd like to try it out. You'll have to remove the main a3 rule and the ones dealing with jpeg files, and put this in their place:

html[hc="a3"] { -webkit-filter: invert() hue-rotate(180deg) brightness(20%) contrast(130%); }

You've been Berkeley'ed!

Working...