Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:LOL, what? (Score 4, Informative) 698

There should ALWAYS be a way to reset a boot loader to a default usable state, whether it's by holding down the power button for 10 seconds or some other hardware based override, or having the bootloader on a microSD card that you can take out and fix on any other computer, or a pre-boot-loader phase where a keyboard override routes to a low level interface where you can fix things, or a jumper or switch inside the case that does the same thing. There should also always be a backup firmware image that can be used.

I'd also think that having the efivar interface expose each variable as a separate file isn't a particularly good idea. Having a simple program to modify variables using another mechanism isn't all that terrible, the convenience of being able to use echo to change a variable isn't worth the risk.

An ARM system I use has u-boot variables at a fixed location on the SD slot boot device, which is hardwired (on the SoC with fuses) to be the only boot source (which can then boot something else either from the SD card or some other device, u-boot itself starts up in well under a second). You can take the microSD card out and put whatever bootloader you want on it, or modify the variable block from the OS by direct writes to a partition (or to a known location on the raw device). The block is checksummed, and u-boot falls back to a default configuration if it's trashed.

The program to read or write variables is quite simple and easy to use in a script.

There's no reason UEFI couldn't do something similar. Last I looked I didn't see an open UEFI implementation on ARM, it might be fun to try replacing u-boot with UEFI and see what it takes to get Linux to boot with it.

Comment Re:Converted into Obj-C? (Score 1) 67

Yeah, the "converted into Objective-C" doesn't make any sense.

What it seems to actually be doing is creating an interface between Obj-C and JavaScript so that JS can call out to any Obj-C method, and can override any method as well to call into JavaScript code. Combined with converting Obj-C code into JavaScript, you can effectively patch existing (compiled) Obj-C code with downloaded JavaScript.

This probably went undetected in the review process because it just looks like a call to execute some sandboxed JavaScript, not something that has full access to the dispatch tables of Obj-C classes.

Comment Re:Hanlon's Razor (Score 1) 180

I have not looked at the details of RemixOS licensing, I was responding to the comment regarding GPL requirements.

The document you linked is not accurate with respect to distribution of code licensed under the GPL. It may be accurate with respect to what you need to provide if you want to submit something to kernel.org to be included in what they distribute, but if you're going to distribute software that includes GPL code that isn't yours and isn't covered under some other license, you'd need to comply with the GPL, and that means providing source (or a written offer), not just identifying where you got it from.

Comment Re:Hanlon's Razor (Score 1) 180

That's not true. The source must be available "with the binary", it doesn't necessarily have to be hosted on the same server, but it needs to be available about as easily as downloading the binary. You could probably have a directory which, if you downloaded all the files in it (e.g. a bunch of tarballs for various pieces and a Makefile to build the whole thing), you'd have everything required. Telling you to use git to retrieve version torvalds-stable-3 from a kernel.org git repository, and another package from some svn server, and another only available using http, and one using rsync, and another using netcat (lol) is not sufficient.

You can use the "written offer" variant, or pass on a written offer if you got the binary from someone else who provided one, but very few people who distribute binaries take that route, since it requires maintaining any released version's source for 3 years.

Arch Linux binaries are built using scripts which specify where to retrieve a specific version of source code. The scripts (PKGBUILD shell scripts, plus files such as custom patches or config files) are all available, but the sources they point to aren't actually included, the script specifies where to get them from.

Arch was out of compliance with the GPL since "look in the PKGBUILD file, available through svn or git, to see where the source files might all be located, then use some other method to retrieve the correct version" doesn't satisfy the GPL requirements.

Arch supposedly now saves the retrieved source files for GPL packages (or maybe even all packages) and stores them, along with the PKGBUILD files, in a sources directory. However, I can't find any link to where that is now.

Comment Re:Oh give me a break (Score 1) 349

In this case, there's a serious question as to whether the copyright was renewed. The claim is that when the publisher renewed the copyright on the book, that had the effect of renewing the copyright on the song in the book.

That doesn't make any sense to me, to claim that the publisher was able to renew the copyright of the song, but then was not allowed to sell any rights to the song. I suspect that if they can't come up with proof of copyright renewal of the song itself, by the author, it will be found to be public domain.

Comment Re:Okay... (Score 4, Informative) 556

The reference to re-using primes is about Diffie-Hellman key agreement protocol, which is susceptible to breaking discrete logarithms for a given prime. This is currently feasible with 1024-bit primes, and it is true that a significant number of web sites share the same prime modulus, which makes the expense required to break that prime worth it.

This is a different problem from factoring the modulus used in an RSA key, which is what you're talking about.

Breaking modern encryption algorithms without the key is infeasible, with or without quantum computers. The attacks are all going to be on the key agreement (often called key exchange) algorithms. RSA and DH are both vulnerable to quantum techniques, but there are other algorithms that appear to be safe.

Comment Re:They advertised it as unlimited (Score 1) 622

You aren't subscribed to a meal, it's a one-shot deal, worst that can happen to them is they refund your money and kick you out. Writing down the rules is generally unnecessary. I guarantee you that if you go in and start shoveling food into a bucket to take away, or try to fill a 50-gallon container with "unlimited refill drinks" you'll be stopped.

Since there are TRUE "unlimited data" plans, there's a different expectation when an ISP says "unlimited data" or "no data caps". Claiming that you get unlimited data, but they'll charge you more if you go over some limit, would be like saying you get unlimited refills, but you have to pay by the ounce if you go over 64 ounces (regardless of the size of your cup).

The problem with the ISPs isn't that they're writing down rules to prevent problems, but that the rules they're creating (data caps) aren't the solution to the problem they claim to be fixing. It's purely based on jacking up their profits, and the only reason they can get away with it is because of a lack of competition in most markets (and/or implicit or explicit collusion).

There are much better ways to control allocation of available bandwidth than data caps, but they aren't as ridiculously profitable for the ISPs.

Comment Re:They advertised it as unlimited (Score 1) 622

All-you-can-eat places do have rules. The food has to be put on a plate, you can only have one plate at a time, you can't share, you can't cherry-pick from the serving dish, you can't throw away too much of what you've taken before refilling. You can't fill up a 50 gallon bucket with "unlimited refill" soft drinks, and you can't stretch out one meal to cover the whole day.

I've never had anyone give me a problem when I ask for a 5th bowl if soup and 3rd salad on an "unlimited refill soup-salad lunch special". I've had no problems getting my 7th fried catfish refill or 6th order of unlimited shrimp. Usually I don't pig out so much, but sometimes I "save some room" for it.

Picking away the breading and throwing that away is violating the rules. If the rules weren't written down, they should have continued to serve her, and then written down the rules so it isn't a problem in the future.

ISPs don't pay for bits, they pay for bandwidth. They have a completely different business model than a restaurant. The analogy is inapt.

Comment Re:How can there be? (Score 1) 622

The resource they're selling is bandwidth, not bits. There are unlimited bits, crunch all you want, we'll make more.

Bandwidth isn't unlimited, and no one has ever sold "unlimited bandwidth".

There's no reason for putting a limit on the unlimited resource in order to control allocation of the limited resource, it's a very crude and ineffective method. When I didn't watch that Netflix movie at 3am Sunday morning, the ISP didn't save up those bits, so why should it affect how much it costs for the bits I'm using Wednesday morning at 2pm 3 weeks later? Throttling or charging more based on usage in a billing period simply doesn't make any sense.

Sell the bandwidth (say, by the Mbps), and at any particular point in time your connection from point A to point B will have a throttle of N% of your base rate. If you aren't trying to use more than that, you won't even see that there's a limit. N is determined based on current network congestion and your recent usage (e.g. last 15 minutes or something on that order). Very low recent usage (as a percentage of your base rate) would give a boost to your throttle level, e.g. 150% bonus. High congestion for a particular network segment would decrease N for any connection using that segment. I leave the algorithm for propogating congestion information as an exercise for the reader.

This has the effect of shifting usage to underutilized times/locations, which makes the network more efficient.

Such a method does need some transparency, with guarantees of percentage of time that you'll be able to get a certain percent of your base rate, perhaps as a function of time/day of week. If you can live with 5Mbps at peak usage, when the throttle might be at 60% for an hour, then you'd buy an 8-10Mbps plan, which might give you a short burst of 15-20Mbps even at peak, and 30Mbps sustained at 3am Sunday.

What do you care if someone is "wasting" bits when it doesn't impact anyone else? The actual marginal cost of transmitting data bits instead of idle/keepalive bits is a rounding error, the ONLY reason to be measuring data is to allocate the limited resource, which is bandwidth.

Comment Re:Why not lisp (Score 1) 91

So ELIoT compiled is about 2.9MB, plus the C++ standard library (which is another 1.5MB or so) - this is compiled for MacOSX.

The code to create an interpreter and have it run a file is about 1KB, and the Tcl library is under 2MB.

I'd have to look more closely at ELIoT to see how comparable the two are in terms of capability.

Slashdot Top Deals

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost

Working...