Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Dual Setup (Score 1) 520

When I'm writing code I have two modes: Planning/Collab and hardcore coding. When it comes to planning/collab having an open space is great. Easy to interact, easy to work with others and everyone is heard. For hardcore coding it's time to be segmented away from others. Half walls don't work. Wearing earphones isn't enough. To be as productive as possible I need to concentrate using the ideas and plans from the planning/collab time to write my code.

It's as simple as that. Either have a small team room and individual workspaces free of outside distraction or get a transforming workspace of some kind. No need to listen to the seating experts spout something that 5 years ago was bad but somehow became good again (and will be bad again soon).

I currently work at a place what 'proudly touts' open floor plan for all IT developers. The end result is people really want to work from home when coding to avoid managers interrupting, PM's being PM's, smells of lunch (or worse), people on conference calls, etc..

Oh, and no round tables. It's a waste of space and people still are crowded.

Comment Happens All The Time (Score 1) 113

For instance, SonicWall blocks phishtank. Yup, SonicWall blocks a site to help protect users against phishing by being able to check links against known phishing sites ( The less technical the data owners are the less helpful the the rule sets are.

To be honest, this site in question does look like a phishing site and thus, if someone went to the site and knew what phishing was, they would most likely flag it if they did not click through (aka it isn't a verified phishing site but it sure looks like one at first glance).

Comment Not Rocket Surgery (Score 1) 104

Surprise, a company released a hosted service (in this case 'cloud computing') where they did not have well thought through security support. AWS is a hot bed of bad activity. So are many of the other cloud providers (to lesser degrees related to popularity of the service). It's going to get worse before it gets better so make sure your own infra is ready to deal with the attacks through blocking on the edge, host firewalls, IDS, whatever you deem is helpful for your setup ... and don't be afraid to block outright and request the addition of the IP's to a public block list.

But that is just my $0.02.

Of course, someone *could* use an AWS account to send calls to her phone over and over .... but that would be bad :-).

Comment Think About It (Score 1) 214

There are number of people posting comments about how this isn't an issue since Apache's code is open. Let me outline a few possible issues even with the code being ...

1. If Apache keeps non-released security information in their bug tracker it could end up being disclosed. Great if you want to get your hands on security issues before patches are released.
2. Private comments can be leaked out which are probably not meant for general consumption. Probably not a huge issue, but it depends on the content.
3. Many people use the same passwords everywhere -- and the same usernames. Any cracked accounts could prove quite useful.

On the flip side it goes to show that XSS and CSRF are, as many security (open and closed) groups note, are a major problem -- and are pretty easy to exploit. While it is not fun to have this occur it may wake up some engineers into seeing that 'if it can happen to Apache maybe we should take it seriously'.

Then there is the whole thing of Apache using Jira instead of something Open ... ... :-)

Comment Right Tools For The Job (Score 1) 444

I think the frustration is actually in some people not using the right tools for the job. I like NoSQL databases (specifically MongoDB), but I have not used them with anything I've written. Why? Because it wasn't the right tool for the job. I tend to use MySQL, Postgres or sqlite because it's so widely available and well known in how to administer. There are times that NoSQL will makes sense, it's just not the area I work in.

I do think we are going to continue seeing an uptick in NoSQL related things since many companies are fixated on "the cloud" while not really knowing what "the cloud" is (heck, no one still really, truly has a common definition of what it means ...). Since NoSQL seems to be a popular tool, and "the cloud" is a popular buzz phrase CIO's/CTO's will likely be pushing their shops to utilize "NoSQL in the cloud". While large scale applications which don't require relational information and need fast syncing across many servers is good grounds for NoSQL, these "NoSQL in the cloud" instances will probably not actually fit that status.

I do agree that it will be a good thing when "NoSQL for everything" dies. Just like it was a good thing when "PERL for everything", "Java for everything" and "Ruby for everything" died, but let's not throw out the whole idea because a lot of people use it wrong.

Comment What about EULAs? (Score 1) 171

I assume some social sites require you to be you by way of their terms or EULA ... I guess they can get around that? I mean, it makes sense they would read public information but if they are using fake profiles without prior approval for a case it seems like something is going wrong ...
Open Source

Submission + - Lightspark, the modern OSS flash player (

alexp-sssup writes: Lightspark is a modern, high performance, open-source flash player designed from scratch to take advantage of the features of current generation hardware. It features a very robust support for Flash 10 scripting (aka ActionScript 3), an optimizing Just In Time compiler and OpenGL accelerated graphics output. The project is currently stable enough to load and execute simple applications based on the Flex framework. Moreover, the last release showcases partial support for the YouTube player!

As the main (and currently only) developer of the project I'd like people to try out the demo, take a look at the code and ask questions in the mailing list. Contributors are really welcome, as I think this project has a great potential, but it is way too big for me alone.


Submission + - MPAA pushes for HD-disabling SOC once again ( 2

Tyler Too writes: The MPAA is once again trying to badger the FCC into approving Selectable Output Control, which would plug the 'analog hole' during broadcasts of some prerelease HD movies. MPAA bigshots met with seven staffers from the FCC Media Bureau last week, calling the petition a 'pro-consumer' move designed to 'enable movie studios to offer millions of Americans in-home access to high-value, high definition video content.' At least the studios are now acknowledging that SOC would break the functionality of some HDTVs, an admission they were previously unwilling to make: 'What's interesting about the group's latest filing, however, is that it effectively concedes that the output changes it wants could, in fact, hobble some home video systems. "The vast majority of consumers would not have to purchase new devices to receive the new, high-value content contemplated by MPAA's" request, the group assures the FCC.'

Submission + - SPAM: Microsoft pushes for single global patent system

Xerolooper writes: What would the world be like if everyone could enjoy the same patent system we use in the USA?

From the article "A senior lawyer at Microsoft is calling for the creation of a global patent system to make it easier and faster for corporations to enforce their intellectual property rights around the world." CNET

They have already attracted opposition from the open-source community and the Pirate Party. According to the article The World Intellectual Property Organization WIPO will be meeting in Geneva on the 17th and 18th of September.
Link to Original Source


Submission + - All Humans Are Mutants Say Scientists

Hugh Pickens writes: "In 1935, JBS Haldane, one of the founders of modern genetics, studied a group of men with the blood disease hemophilia and speculated that there would be about 150 new mutations in each human being. Now BBC reports that scientists have used next generation sequencing technology to produce a far more direct and reliable estimate of the number of mutations by looking at thousands of genes belonging to two Chinese men who are distantly related, having shared a common ancestor who was born in 1805. To establish the rate of mutation, the team examined an area of the Y chromosome which is unique because, apart from rare mutations, the Y chromosome is passed unchanged from father to son so mutations accumulate slowly over the generations. Despite many generations of separation, researchers found only 12 differences among all the DNA letters examined. The two Y chromosomes were still identical at 10,149,073 of the 10,149,085 letters examined. Of the 12 differences, eight had arisen in the cell lines used for the work. Only four were true mutations that had occurred naturally through the generations. Impressively, it seems that Haldane was right all along because by looking at the number of differences between the two men, and the size of the human genome, the researchers were able to come up with an estimate of between 100 and 200 new mutations per person. "The amount of data we generated would have been unimaginable just a few years ago," says Dr Yali Xue from the Wellcome Trust Sanger Institute in Cambridgeshire. "And finding this tiny number of mutations was more difficult than finding an ant's egg in an emperor's rice store.""

Slashdot Top Deals

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984