Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:A more detailed proposal ... (Score 1) 336

Sure, I know and like DNSBLs including Spamhaus's, but this is a distinct application from XBL. Specifically, removal needs to be rapid in order for it to be useful for rejecting customer Web traffic. That's an engineering requirement that email anti-spam systems don't have, since SMTP is designed to retry for days if necessary to get a message through. Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests; and even though email admins are frequently dense, unresponsive, or victim-blaming, they're still a level above typical users in knowing what the fuck is going on with their computer.

One approach would be to have each DDoS victim continually (e.g. every hour) assert which addresses were attacking it, and only list those addresses which are currently attacking. This way, as soon as a host stops attacking, it will drop off the list. This has weaknesses — for instance, an attacker can use your host all night while you're not using it, without you noticing — but it's still an improvement over what we have today. And it still depends on each subscribing site having a good enough backchannel to the listing service to stay open during the DDoS. Back in the day we'd do it with a dedicated modem line — the bandwidth requirements are really quite minimal — but nobody knows what that is any more.

Comment A more detailed proposal ... (Score 5, Interesting) 336

Sites under DoS attack should publish (through a channel not congested by the attack) a list of the IP addresses attacking them, through some trustworthy third party. Then, other sites should subscribe to that list and refuse service to those addresses until they clean up and stop attacking.

For instance, consider your uncle who uses AOL. His computer is infected with botnet garbage and is participating in a DoS attack against (say) Slashdot. Slashdot sends a list of attacking IPs, including your uncle's, to Team Cymru (the third party). Cymru aggregates these and publishes a list, updated every three hours. AOL subscribes to that list. When your uncle goes to check his AOL email, he gets an error: "We regret to inform you, your computer has been hacked, and is being used by criminals to break the Internet. You can't get to your AOL email until you kick the criminals off by installing an antivirus program and running a full scan. Click here to install Kaspersky Antivirus for free. Thank you for helping keep criminals from breaking everyone's Internet. Sincerely, Tim Armstrong, CEO, AOL."

Then your uncle gets mad and calls up AOL and complains. They try walking him through using the antivirus program, but he just curses them out and says he'll go to Hotmail instead. He tries ... but Hotmail also subscribes to the same list and tells him the same thing: "Your computer is infected with malware and is being used to attack other sites on the Internet. You cannot obtain a Hotmail account until your computer is clean. Click here to install Microsoft Antivirus." He gives up and calls AOL back, and they help him get his computer cleaned up. Within half an hour, it's off the botnet; and within three hours, it's off the list of attacking hosts, and your uncle can get his AOL email again.

Comment IPv6 is all over BitTorrent (Score 1) 231

I have IPv6 through my ISP, Whenever I use BitTorrent, I see plenty of IPv6 hosts. The reason is pretty obvious to me: if you're passing IPv6 through your home router, you have an externally-reachable IPv6 address ... but you may not have an externally-reachable IPv4 address thanks to your home router's NAT.

Presumably, this means that one incentive for home users getting IPv6 is to get a better-connected BitTorrent network. BitTorrent is pretty popular, but ISPs are never going to tell you "Get IPv6 so you can download movies ... er, I mean, Ubuntu Live CDs! ... faster."

Comment Re:Killer App? (Score 1) 281

The easiest place to reach with the mouse is the current position. The second easiest is the four corners of the screen. The third easiest are the four sides of the screen. The hardest place is a square in the middle of the screen. Ancient UI guidelines are still relevant today.

Yep. This a corollary of Fitts's Law and while it's often associated with the design of the Macintosh menu bar, the underlying research dates to 1954, thirty years before the Mac.

Sadly, it hasn't been well learned on a lot of systems. Although Windows and Ubuntu both put a useful menu in a corner, few systems but the Mac make really effective use of the screen edge. Windows and many Linux desktops occupy much of one whole screen edge with a rarely used application switcher; but most users switch applications by pointing and clicking, or using keyboard shortcuts like Alt-Tab.

One big win that a lot of systems have benefited from, though, is contextual menus, which take advantage of the current position.

Comment Re:Google (Score 1) 99

One problem is that as the size of a corporation increases, the influences on its behavior may become dominated by principal-agent problems and specific motivations of individuals within the corporation. It's easy for the members of a ten-person startup to keep "increasing shareholder value" in mind, but in a ten-thousand-person company, a middle manager or mid-ranking engineer may be much more interested in his or her next quarterly review or promotion.

Furthermore, the internal economy of a large corporation is a command economy, not a free market. In a free market, decision makers can count on prices to show them which goods are the most efficient choices, or which products may be the most lucrative. But within a large corporation, management is expected to know how best to apportion budgets, wages, investments, etc. â" all without the benefit of a pricing mechanism that accurately reflects (internal) needs. And as the corporation gets larger and more heavily capitalized, it becomes more and more different from the outside world, so external signals (such as the prevailing wages in the industry) become less relevant to internal decision-making.

Comment I give it a "Sigh..." (Score 1) 429

I saw it about a week ago. Overall, my biggest impression was one of missed potential.

(Note, here I'm talking primarily about the story and the world-building, not about the cinematography.)

The overall structure was a weakness from the start. Sam Flynn turns out to be yet another Prince Harry character: the heir to the throne who goofs around and avoids his inherited position until he's handed a confrontation that forces him to prove himself, at which point he rises to the occasion as a True Prince. We've seen this before; it's the usual aristocratic nonsense: worth is not achieved, but inherited and then revealed.
      Contrast the original: Kevin Flynn was an honest working hacker who was forced to go rogue when he was screwed over by a yuppie coworker. Kevin's triumph was to prove himself as a creator. He set out with the aim of showing that he and not Ed Dillinger was the author of Space Paranoids; and in the end, he accomplished that goal, but in a way that -- through his creative "User power" -- changed the Programs' world for the better.
      Sam isn't a creator. He sets out with no particular goals of his own; he is handed all his goals by his inheritance. Kevin Flynn was a creative adult seeking justice; Sam Flynn is an irresponsible rich boy growing up. And that's a story that's been played out far too many times.

One of Legacy's few big world-building ideas is the emergence of the Isos: Programs evolved from the System itself, rather than being created in the image of a User. This could have been huge. But instead it is presented merely to give Sam's love interest a tragic backstory. The war is over; the Isos lost, here's the last surviving princess of a dead race. Give her a hug.
      The political vision of the System in Tron is more complex. There are old powers in the System that defy the MCP's regime at personal risk to themselves: Dumont at the I/O Tower. The MCP's assimilation of the whole System into itself is not complete; it can be resisted. In Legacy, CLU's genocide of the Isos is over and done with ... and nobody even bothers to say, "Sam, you dickhead, if you'd logged in yesterday, you could have stopped the fucking Holocaust."

Another new world-building idea is the possibility that a Program could use the laser terminal to escape into the real world: that the laser wasn't limited to objects that originated in the real world (oranges or Kevin Flynns), but could also play back a Program into human form. Thus Quorra's escape; thus CLU's threat to invade our world with armies of Programs.
      Well, Tron's MCP didn't need armies to take over the world. The MCP could just hack the Pentagon. In Tron, the deep entanglement of the real world and the System is made clear: the MCP can threaten Dillinger not with armies materializing in ENCOM's laser bay, but with the legal and political forces native to our world.
      Ironically enough, the 1982 vision has more in common with today's Internet-enabled reality than the 2010 version. As far as we know, the System in Legacy isn't even on the Net: it's a dusty minicomputer sitting in the basement of Flynn's Arcade with barely enough connectivity to reach Alan Bradley's pager.
      Ultimately, CLU is much less of a real-world threat than the MCP. The MCP had taken over the System that ENCOM used to do its business, and was extending tentacles into banks, major governments, and who knows what else. CLU's domain is that one minicomputer; the big threat would be shut off if Alan or Sam had just unplugged the laser terminal.

Both of the above two problems point at a bigger problem with Legacy: it ultimately doesn't take Programs and the System seriously as an independent sort of intelligent existence rather than a mere imitation of our world.
      Quorra longs to see the sun; CLU wants to get out into our world to "perfect" it; the Programs have nightclubs and sports arenas imitating human ones. The way it's presented in Legacy, the best thing that could happen to a Program is to get out of the confining, artificial System into the authentic, sun-blessed, material world.
      That notion is alien to the original. Tron, Yori, and Dumont may revere the Users but they don't want to become Users. They want to free their own world and live in it pursuing their own purposes -- not escape into the human world. They aren't imitation humans who want to grow up to be Real Boys like Pinocchio -- they're Programs, and they know what their purpose is in life: it's to fulfill the goals their Users set up for them.
      (Extra bonus for real sf nerds: Tron's Programs may have something in common with C. J. Cherryh's azi: confidence of purpose. As Grant would put it, self-doubt is for born-men. Azi do not wish they were born-men; azi take refuge in the certainty that born-men lack.)

And speaking of lost story potential, how about Rinzler? Anyone who'd seen the original knows that Rinzler is a hacked-up copy of Tron from his very first appearance, thanks to the "T" insignia on his chest. Kevin Flynn mentions it once in passing, and at the end it's clear that Rinzler is "rebooting" back into Tron. But Rinzler hasn't had enough character development for us to care: he's a literally faceless killing machine. And as killing machines go, he's got less character than Darth Maul, and that's saying something.

All in all, Legacy came across to me as too circumscribed of a world, and Sam Flynn as too much of a True Prince cardboard character. Movie-wise, I wanted to see more of the Isos and a lot less of Dr. Frank-N-Furter.

Comment Your digital camera knows your location? (Score 3, Informative) 263

Your digital camera may embed metadata into photographs with the camera's serial number or your location.

Record your location? Sure, if it's a smartphone with GPS. For standalone cameras, GPS is not exactly a common feature. There are about two models of pocket digital camera on the market that have GPS, and not very many SLRs with it either ... go look. Those that have it make no secret of it; it's actually a big marketing point for people who want to record where they've been taking pictures.

As for smartphone models, I don't know about the Apple or Windows offerings, but Android's camera app exposes it as an option right on the main screen, next to the flash and focus settings ... and I'm pretty sure it defaults to off. People turn this on because they actively want it.

Rather than scaring people about what their devices might be recording, it would be a lot more useful to tell people how to find out what tags are on their photos. For instance, the Linux command line program "exiftags" will tell you this kind of stuff: (Picked from a random image file I had lying around on my laptop.)

Camera-Specific Properties:

Camera Model: C2500L
Camera Software: Adobe Photoshop CS Macintosh
Maximum Lens Aperture: f/2.6

Image-Specific Properties:

Image Orientation: Top, Left-Hand
Horizontal Resolution: 173 dpi
Vertical Resolution: 173 dpi
Image Created: 2004:02:27 18:52:21
Exposure Time: 1/5 sec
F-Number: f/6.9
Exposure Program: Manual
ISO Speed Rating: 100
Exposure Bias: 0 EV
Metering Mode: Center Weighted Average
Flash: No Flash
Focal Length: 20.70 mm
Color Space Information: Uncalibrated
Image Width: 736
Image Height: 767

Comment Re:What World Does He Live On? (Score 1) 1153

The problem isn't that math isn't important. The problem is that the math being taught isn't important.

Yes. Exactly.

Fuck calculus. You don't need it unless you're going into one of a few specific fields. But there are whole swaths of math that most folks completely miss, that are directly applicable to everyday life:

Probability and statistics. No, not for understanding the census, nor for gambling -- rather, for understanding what's meant by words like "evidence". Bayesian probability can be taught to anyone who can understand percentages and division, and it can be straightforwardly applied to reasoning about the everyday world.

Proof and logic. The notion of logical proof has been around since Aristotle, but symbolic logic is much newer. Nonetheless, the notion of logical validity of an argument, of conclusions following from premises, is directly applicable to all sorts of real-world decision-making. Logic is also an obvious point to dovetail math into the humanities, via the analysis of written arguments.

Abstract algebra. Not the proofs, nor the deep abstractions, but rather the notions of properties such as commutativity, associativity, etc. and the idea that these can be applied to any sorts of operations, not just "mathematical" ones. Does it matter if you mix the eggs in before the butter? Do you need to do X separately to A, B, and C, or can you put A+B+C together and then do X all at once? The notion that some situations or problems have the same structure as others is itself pretty powerful. (And lends itself to comparison with the literary idea of analogy.)

XBox (Games)

Anatomy of an Achievement 157

Whether they annoy you or fulfill your nerdy collection habit, achievements have spread across the gaming landscape and are here to stay. The Xbox Engineering blog recently posted a glimpse into the creation of the Xbox 360 achievement system, discussing how achievements work at a software level, and even showing a brief snippet of code. They also mention some of the decisions they struggled with while creating them: "We are proud of the consistency you find across all games. You have one friends list, every game supports voice chat, etc. But we also like to give game designers room to come up with new and interesting ways to entertain. That trade-off was at the heart of the original decision we made to not give any indication that a new achievement had been awarded. Some people argued that gamers wouldn't want toast popping up in the heat of battle and that game designers would want to use their own visual style to present achievements. Others argued for consistency and for reducing the work required of game developers. In the end we added the notification popup and its happy beep, which turned out to be the right decision, but for a long time it was anything but obvious."

Comment I used to work at a college ... (Score 4, Funny) 285

... a small one. Here's what our policy to prevent piracy would have been:

Please don't pirate stuff too much. If we get notices saying that you're pirating stuff and asking you to quit, we'll call you in to the office and give them to you. If we get court orders telling us to give them your name, we'll probably have to do that, since we can't afford lawyers much.

If you really have to pirate stuff, please at least try to leech it off of your friends on the LAN rather than flooding our dinky little Internet uplink. Because if you do that, we'll probably end up blocking your IP address for a while so that email and our Debian updates can get in.

And while you're at it, here's the address of the porn server that some freshman set up. Get your porn over there, please don't mirror all of over our connection.

Comment Re:I don't know what the complaint is about? (Score 3, Insightful) 773

Check out the huge regex at the bottom of the RFC 5322 compliant validator from CPAN:

Honestly, this sort of thing is an example of overusing regex when it's the only parsing tool they know. Regex becomes unwieldy when you put too much of it in one place -- but this is because regex is unwieldy, not because the problem of parsing email addresses is fundamentally hard. Parsing email addresses is a case for a modular parser such as Parsec (or any of its ports and imitators) ... which will give you the added advantage of useful error messages on invalid input, instead of just a match failure.

Moreover, isn't it kind of silly to point at an example of someone already having written the code to do something as a way of saying that doing it is difficult? In code, once it's already been done once, correctly, it doesn't need to be done again. If you think CPAN's huge regex (or any other implementation) is correct, and you've tested it to your satisfaction, you don't need to reimplement it; just use it.

Comment The Gandhicam Project (Score 1) 1123

For folks who want to record the cops (or anyone else) and be sure that the footage will get to the world instead of being destroyed when they steal your camera phone: check out the Gandhicam project. This is an app for your Android phone that lets you take pictures or video and automatically send it to the net, either by HTTP upload or by email.

This doesn't stop them from filing criminal charges afterward, but that's why you donate to the ACLU and the EFF.

Comment Re:Seven years for eight hours work (Score 2, Interesting) 380

Really, the only way that SCO was going to recover was with a court victory, and while the probability of that wasn't 0, it was as damn near to it as possible for practical applications.

There are people who believe things out of spite. Remember when the SCO case got started? There were plenty of folks -- chiefly in the "open-source haters" end of the trade press, but I met a few in industry, too -- who dearly wanted to see the "upstart" Linux smacked down hard.

It may be hard to believe it now that Linux is everywhere in the industry -- from the datacenter to the cell phone, from the Oracle database server to the displays on the backs of airplane seats -- but just a few years ago, plenty of people would have called you an "open-source zealot" if you said that it was worth using anywhere at all in business. And lots of traditional business people really wanted to see Linux dry up and blow away. Plenty of those people would have put hope, and a few bucks, behind the SCO suit.

Slashdot Top Deals

"Go to Heaven for the climate, Hell for the company." -- Mark Twain