Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:The point is he understands real science (Score 1) 394

No different than your appealing to "climatologists" who can't get ANY predictions right over many decades of trying.

Yes they can. The models actually work beautifully. Just because you say they don't doesn't make it true.

Why do you distrust a physicist / mathematician, who is far more apt at understanding statistics, chaotic systems, and the pure physics involved in atmospheric changes than a climatologist (with a much more shallow education in any of those areas) can possibly be?

Because he isn't. Just because you say so dosn't make it true.

That's the really puzzling aspect of people like you who believe deeply in people specializing in what is essentially a nascent filed; you are putting more stock in people who have less hard science training, and the results of their predictions based on what amounts to faith dressed up as science are telling.

What's really puzzling is how idiots like you, who have absolutely zero knowledge of the kind of education and expertice climate scientists have, can spout that sort of bullshit so confidently.

Comment Re:So says the religious guy. (Score 1) 1237

Actually, lack of evidence does lower the probability in a lot of cases, but only if you know what you are looking for already...

But you are still basically correct, as long as we are talking about a deity, a preternatural being of some sort, in a very wide sense. It is impossible to assign any probability to something that is undefined.

However, if by using the word god you mean one of the named gods of the major religions, I think it's pretty safe to say they are unlikely to exist, since the religious literature gives us clues to what to look for, and there appear to be no credible, verifiable findings.

You don't need to fudge the meaning a lot, however, to move it back to the undefined territory, though. Just say none of the holy books are 100 % accurate and there might be some truth to some of it...

Comment Re:Require a VPN connection (Score 1) 200

Do it right, require a VPN connection before you allow an RDP connection.

Why exactly do you think that increases security? Most VPNs that I've seen use the AD domain password which means once the attacker gains access to the VPN, they can access all the network shares, terminal servers whatnot. You are equally f'ed in both cases. Also, the current RDP implementation uses TLS which is stronger than e.g. PPTP's RC4, still a widely used because it's so easy to set up.

I see this stupidity all the time: you are required to connect to a PPTP VPN, with access to the company LAN to boot, before you get to ssh to a linux box in the DMZ or wherever. Admins also often refuse to open the ssh ports based on some false belief about how it all works. They don't understand the differences between cryptographic algorithms, they don't really understand why firewalls are used and are good for, and they only have a superficial understanding of TCP/IP and the layers on top of it. They just blindly follow some "best practices" that someone somewhere put into a ppt, and cite meaningless shit like the OSI model, never actually taking the time to really understand.

Comment Re:Screw vandalism, especially on "soft targets" (Score 1) 159

For example, a quick google search turns up this page on apache security.

There isn't really much there that will significantly improve security, except the suggestions to keep Apache up-to-date and maybe installing mod_security. For instance, hiding the Apache version number might actually decrease security since now you might miss yourself you are out of date. It's not going to prevent any attack from happening.

Comment Re:Needs economists (Score 3, Interesting) 262

The bitcoin effort needs the involvement of some economists with experience studying and understanding currencies, not just techies.

Have you visited the Bitcoin forums? Quite a few economists there. Also, high profile magazines, such as The Economist, have written about it from the point of view that Bitcoin is, in the very least, a highly interesting experiment. No mention of any built-in economic failures there.

I don't understand the knee-jerk reaction that everyone here gets each time Bitcoin is mentioned. Almost every time it's accompanied misconceptions about USD being backed or otherwise thinking that something which is currently valuable (such as gold) is somehow guaranteed to always be that way.

No, I don't have anything invested in Bitcoins, and I wouldn't want to store much value in it until it has stood the test of time, and the implementations are more robust. I was shocked when I found out the private keys are stored locally in an unencryped file - that's a f***ing travesty.

But I do find the concept fascinating.

Comment Re:Impact on bitcoins? (Score 1) 419

No, the difference is who's backing the currency: the government, or... well... nobody, since bitcoin's idea does not involve a central authority

Backing? How? I keep hearing this, but I don't understand what it means.

The way I see it, the value of money comes from the knowledge (or trust) that someone will accept a certain amount of it as an exchange for goods, or work, or whatever. How is any government "backing" that? I haven't seen any guarantees anywhere that my cash will be worth anything tomorrow.

Bitcoin is "backed" simply by the fact that there are enough people who will accept it as an exchange for goods, or work, or "other" currency (I'm still not sure it's correct to call it a currency).

Comment Re:PHP is a big part of the problem (Score 1) 162

You can still dynamically generate prepared statements.

You can't use a prepared statement to dynamically turn rows into columns. Or if you know how, by all means tell me.

since you're letting your application layer guess the behavior of the database, so any change to either side, and boom! Or do you think SQL injection is just about sneaking a second command to the first one by adding --, ;, or whatever terminator the database uses, like what most script kiddy attacks do?

Sounds like folklore to me. I suppose you could run into problems if you use, say, mysql_real_escape_string() to escape a string going to, I don't know, Pervasive SQL. But what can I say... just don't fucking do it! Or did you think sanitizing input means string.replaceAll("'","''") ? In that case you'd be the naive one, not me. Also, the database engine won't just change all by itself. Something like 99 % of apps work on a specific RDBMS, and for the most part they won't even begin to work on another one without major refactoring. You have the occasional small project which uses simple ANSI SQL, but anything in the least bit demanding usually only works on a specific system:

Comment Re:PHP is a big part of the problem (Score 1) 162

Thats why no amount of string escaping is 100% safe.

People like you think there is something mythical or mystical in programming. There isn't. Sanitizing user input is 100 % safe. It may not be the best way to do things most of the time, but there are times when it's the only way, like when the SQL statements are constructed from another SQL statement, which happens e.g. when pivoting a many-to-many relation.

Comment Re:Security is hard (Score 1) 162

As Flyerman points out, the 16 year old was posing as a man, and she social engineered a female within the organization.

The person who got scammed was Jussi Jaakonaho, who is male.

Her gender might still have something to do with it, though. Women are generally thought to have more social intelligence than men, which might make it a little easier for them to pose as someone else in an email.

Comment Re:Its been thought for decades... (Score 1) 385

it is always in the best interests for each country to lie about it (over stating their reserves).

If you are selling something, wouldn't you want what you sell be scarce so you get a better price?

I'd say it'd be in the interests of the oil industry to perpetually maintain an image of there always being a couple of decades of cheap oil left. You want a good profit, but you don't want your customers to move away from oil.

Comment Re:wrong on several points (Score 1) 385

. If you spend more energy than you get out of it, then the process will never be profitable.

This is a naive way to look at it. In reality, so long as you use cheap energy (wind, solar, tidal) to extract oil, it will be profitable. The main reason oil is valuable is its high energy density.

Slashdot Top Deals

Time is an illusion perpetrated by the manufacturers of space.