Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Caring, more or less (Score 1) 765

I know you are correct, but I have decided to hear it as "I could care less (but that wouldn't be worth the effort)".

Alternately: "It might surprise you to know, seeing how little I care, that I could care less than I appear to, but it would take quantum observation to discriminate between how much I care and the theoretical zero point."

So it's wrong but it's not wrong-wrong.

This is hand-in-hand with "It's not 'apathy' per se, I just don't think I care."

In english the ironic is normative. 8-)

Comment Sample Code is often unimpressive (Score 1) 286

They didn't declare the same variable twice. They declared two independent variables with the same purpose to use the same name. If the second one said "d" instead of "c" it wouldn't break the pattern but it _would_ confuse the point that the two ifs create two scopes with no bleeding through.

Your comment seems to miss that point.

The real goal is to create an initializer that is valid for both the "then" and the "else" part but that DOES NOT introduce variables beyond the scope of the liftime of the if. That's why the full comparison text include the outer braces {thing c=stuff(); if (some_status(c)) okay(c); else no_bueno(c); } implies printf("%p",c) error because C is out of scope.

Using the same variable name twice was exemplary of the common closure of scope in the suggestion.

Alos note that the particular example was to bring it into line with the okay=complex_function(); if (!okay) return error; okay=next_complex_function(); if (!okay) return error;

Programmers _suck_ at stringing conditionals and making sure that the whole stop and exit at first error paradigm is met. The above monad can already be done as a number of graceful or degenerate cases.

if all your success states are boolean true, and failure is boolean false then a simple "return co1() && co2() && co3();" series continues until one fails or all succeed. But larger cascades from less boolean series can get "interestingly decorative" depending on how the programmer likes to arrange this sort of thing.

Of course the "Real Answer" is exceptions, but only if you don't then screw that up...

So the solution is a "not bad" attempt to deal with the horror that is "in-band error reporting", a horror that most languages make us blind to due to ubiquity alone.

Comment You don't know what a "chargeback" is... (in U.S.) (Score 1) 194

A dispute is a request to get a charge "investigated". A "chargeback" is an instruction to the bank/credit company take the money back and make it my problem.

Most people don't know that (in the United States) these are completely different things.

If I dispute a charge then the credit card company may contact the vendor and ask them what happened and generally do a resolution where I may, or may not, get a refund. A dispute takes days, weeks, or even months to run its course.

A chargeback tells the credit card company to suck the money back out of the payee's account right now and debit it back to me unconditionally. There is no investigation. There is no delay. Once a chargeback has been issued the credit card issuer is no longer involved in the transaction. They payee may sue the payor or otherwise deal with the financial dispute by legal means. A chargeback is the "nuclear option" for dealing with a credit card transaction that's gone bad.

But understand that a chargeback isn't magic. If you buy something through an intermediary, the credit card bank is taking money from that next step in the chain, from that intermediary. That intermediary may then choose sue you or never do business with you again. So issuing a charge-back to ebay might get you a lifetime ban from ebay or a lawsuit from ebay and leave ebay holding the bag, unable to get the money back from the seller.

I've disputed several charges in my lifetime, but I've only ever once issued a chargeback. A local scaffolding company didn't properly log in the return of the scaffolding I'd rented. So they kept on billing me monthly rent for it. I tried to work it out with them, but they just kept saying they'd be charging me forever unless I showed up with the scaffolding. The individual pieces aren't serialized so it was impossible to coerce an audit to support my claim. I'm a home owner, not a business, so it's not like I could misplace that much stuff.

So I called the credit card company and issued a chargeback. The guy on the phone was all "what charges do you wish to dispute?" and I said "_NO_, I am issuing a chargeback for (amount) and blocking all further charges from (company)." I had to go several rounds and get a manager involved because the phone monkey didn't know what I was talking about. Finally I made it happen. Then I contacted the scaffolding company that I'd charged back everything they'd charged me since the date of the equipment return. With the money back in my hand and the door closed they became way more responsive and we agreed to go our separate ways.

They cold have sued me or whatever, but they would have lost since all of their records were messed up and their procedures were lax at best. So they decided (amount) and whatever equipment they thought I still had wasn't worth going to court.

A full chargeback is the last milestone before a resolution or a law suit, and if you issue (or receive as a business owner) more than a couple a decade you are likely to be dropped by the card company. It would _suck_ for a business to be banned by, say, all of Visa Corp. It wouldn't be fun for a consumer either.

But the full "chargeback" is a guaranteed protection to credit card holders as enshrined by law. The "dispute" is a contract term in your card and/or vendor agreement and subject to civil terms and other sections of law.

Chargebacks exist because the buyer and the seller are the actual involved parties, so either party can say to the payment processors "get out of this dispute completely" but to do that, to get out of the middle, the money must be put back into the hands of the original people.

It's twisty, and you shouldn't ever take legal or financial advice from the internet, but "disputing a charge" and "issuing a chargeback" are _totally_ different things.

Comment Fix the TPM... (Score 1) 664

The TPM is an _outstanding_ idea, but the implementation is flawed by the fact that the owner of the machine doesn't get the keys. It's not actually a "root kit", it's a self destruct that someone else has the key for.

I would _insist_ every computer I owned had a TPM _if_ I were in control of that TPM so that I could have it validate that my (linux) box has not been tampered with.

The technology is great. The implementation, however, is designed to work against me, the owner. Were it not _obviously_ laid out in a way intended to turn my computer into a gaming console or cable television set-top box, it would be outstanding.

There is absolutely no reason that the "publicized" goals of the TPM couldn't be realized while still allowing me my full rights.

But Microsoft et al wanted to make a copywrite tool instead of a true trustable boot experience. Signing keys are, after all, part of the public key not the private key. So I should be able to initialize my TPM with my own key pair, load microsoft's signing keys into it as I choose along with any other keys for my e.g. Linux boot system etc, and then get the security without the nonsense.

There is some rationality to wanting to protect the computer from it's operator. I've worked in tech support. There's more rationale to wanting to protect a computer from root kits and tampering. I've worked security. But there is no reason that the person who actually paid for the device should be denied access too it.

If I had my way in all things, every computer would have a TPM like device. And a little dongle plug. And it would have an SD card slot that the TPM can directly access. When the slot is occupied with a matched SD card, the computer will only do boot maintenance. When the card is not matched it's just regular storage. If you invoke the reinitialization system, the TPM will secure-erase _everything_ in the box then mint a new matched SD card. So now the machine _won't_ run normally if the boot stack is exposed, but it will run normally if it's not, so the average user is safe (they can't make the "leet" decision to leave the matched card in place and still have a working computer). The extreme tamper-evidence of having the machine blanked means that _nobody_ can sneak in a bios keylogger virtual machine layer without wiping the machine. And the owner would have the option to include-or-not the signing keys from the various sources like Microsoft or the Linux distro of their choice, or even signing their custom boot stack as they see fit.

Comment Not So Fast... (Score 4, Informative) 230

Nuclear Material in/near Reactors Secure's Itself.

Dry fuel pellets are harmless.

Fuel rods are made by welding dry pellets into steel I-Beams or similar big, heavy, structures.

Used (wet) fuel pellets are _fantastically_ _dangerous_ to handle, so much so that they have to kept wet at all times to keep them from roasting everything while they cool.

Back in the seventies my father (nuclear engineer) said he'd love to stage, and televise, a "raid" on a nuclear power facility... The _months_ necessary to get the stuff off the premises (let alone ground up into nuclear dust) would have probably lost its audience. But the "Fast As Possible" "Smallest Crew" version of the raid that the anti-nuke people were putting in movies and scare politics would be thoroughly disproved.

Even if I installed a pebble-bed reactor in your garage (and one _would_ fit), any attempt to turn it into a "dirty bomb" would fatal to the person attempting it. Someone could blow up the pebble-bed itself, but that would move a few of the "pebbles", if any, a short distance. Someone with a radiation counter and a radiation suit could then just go pick them up with tongs.

So the terrorists "want{ed} to build a dirty bomb" is about as likely to lead to that end as my personal desire to own all of Google _and_ Tesla Motors outright as a pure proprietorship.

Comment Too Easy To Find... (Score 1) 186

A public key block would flag a back door very obviously. The data has a unique look. It also has a unique profile of use, in that someone would have to initialize a cipher session or whatever. Even a trivial code review would find a fully encrypted back door.

Hiding the public key block within an obfuscation generator adds a huge block of code instead of data, followed by the same need to invoke the cipher system.

To function as a "back door" the door, by definition, has to be pretty damn simple and innocuous enough to go unnoticed.

So "creating a back door that only you can use" is actually creating a separate front door with all the trappings, which kind of moots the point of sneaking it in.

Back doors are, pretty much by definition, mechanisms that only implement security through obscurity.

Fully secure ingress is way too hard to sneak into place and remain hidden.

Comment You There! (Score 1) 296

Create a master key, keep it to yourself. We won't ask you to give it to us, we promise. We don't care how you do it, we promise. It's only this once, we promise.

But whatever it takes, you go ahead and do it.

As a bonus, you will perform this work using people and equipment you get to pay for all by yourself. I'm sure it will be no burden at all and you should be ready to pay these expenses now because you didn't have the foresight to compromise all your products proactively.

And of course we'll never use this a precedent to force you do to this for all other products you make, and we'll not be forcing all the other companies to do likewise. ... we promise.

It's such a simple request... and besides "Teh Terrorestors!"

Comment Proper Rules fix this (Score 1) 265

Sure, the kernel gets the packet. A trivial annoyance. If you put the drop rule in the prerouting table of a linux kernel you should be able to drop the packets before they trigger any alerts.

If you have nftables support in a 4.x kernel you can get the packet dropped long before it can reach any sort of analyzer.

The port scan alert is the complaint, not an incipient load from the packets themselves, so an early filter will stop the annoyance.

Comment A little off. (Score 1) 213

They don't understand that _any_ consultant could help them because the software source is available.

You are exactly correct that is a mind-set problem based in fear.

Business people are often not smart in the ways of "optional thought". They have game-plan mentalities based on team trimumph over all comers. (Next time someone tells you they are majoring in or have a degree in "business" ask them which sport they played in high school. No really, they act stunned and are all "how did you know?" in wonderment.

So they need someone to go to without thought. A vendor under contract is like the special teams in football. It doesn't matter how terrible your field-goal special team is, now is the moment you punt and it's then it's the punters fault we lost. Coach said so.

So business, particularly big business, is about apportioning blame (renamed "responsibility") because it's run like (and usually by) loss-adverse athletic reasoning.

There's a good reason that the entire tech explosion of the last fifty years happened outside of "normal business channels" and is full of geeks. What was done required non-linear thought by the drivers. Those companies all _hired_ MBAs to run the boring balls from legal to HR and back, but the innovation was done far away from the MBA's sight.

That's also why the Carly F.s of the world totally consumed companies like HP and turned them into "also rans" in their own fields. Get enough bankers and business men "on your team" and they'll crush the geeks before they realize they sold off or frightened away all the talent.

Innovation can be a team sport, but only a cooperative team sport like hakey-sack or "the floor is lava". 8-)

Comment Re:OSS is not compatible with businessmen. (Score 1) 213

Didn't read very closely. I said "selling software" was insupportable but selling experience (e.g. professional expertese) [which is "service"] does work.

I was complaining that a business man who was already in the job of selling service for a zero-markup product (windows) couldn't seem to understand how selling service for a zero-dollar-cost OSS operating system was identical. Said business man was mentally caught on the horns of the word "Free" rather than being open to the fact that its the exact same transaction for his bottom line (but without the licensing compliance hassle and cost).

If you couldn't figure out that the "few" who do understand the model and sell the service _included_ RedHat...

Well your "only an idiot" comment just lays there on your plate like a dead crow waiting to be eaten.

Comment Limited: the stupidist possible model for transit (Score 1) 622

There is zero "per-bit" cost for data transmission. The cost of a circuit is all physical plant. That is, the _actual_ cost is installation and maintenance and right-of-way and rent. All of which are dependent entirely on real wall-clock time. Metering something with a natural maximum capacity and no unit cost is the stupidest model _possible_.

When the various people decided to put a price on the data itself they created a bottomlessly hungry monster. That monster was the total cost of all the peering agreements that _also_ put a price on the data itself and a race between all the providers trying to claim their receptiveness was more valuable than their transmission burden.

So the current market is _boned_ because it isn't driven by any market force except greed.

In a rational world I could sell you an unlimited link to my backbone at a known fixed speed, with the understanding that your effective throughpt and potential delay to any destination is simply not something I can control.

Then the market force would be "Provider X is too congested, I'll switch to provider Y". The cost of the link and the speed of your first/last mile, and your best bet for a good provider with a good backbone would be your selling points.

So the problem with the internet here in 'merica is that it's become a Libertarian Ideal Toll Road... Its clogged up, over priced, full of unmet promises, and barely functional. People are all trying to over-burden "the best" roads because the normal roads have all fallen to shit. The service providers have had to limit the hell out of their points of connection because each one is metered so the mesh has become a set of inter-linked long-armed stars where my transmission of a packet to a business down the block may pass through several of these united states.

If the costs weren't inflated by the per-bit pricing and predatory nonsense then the connections between networks wold be much more open. People wouldn't be worrying about "who's data is on my network" and most routes would be much more direct. Each provider would see user uptick as a opportunity to shorten their net spans instead of a call to throttle their nets. The best networks would promise not a speed in megabits but shortest transit time off their net. Bulk providers (Goggle and Youtube, vs Netflix, etc) would be invited to make as many close-end and colocated insertion/service points as they could muster.

An "unmetered" internet just works. Ask most of the rest of the world. You pay to connect. You take your chances for throughput. And all the effort and human and monetary expense is spent to get your data to its destination by the best route possible. Then Open Shortest Route does the work so you don't have to.

NOTE: This doesn't hold for "unlimited data storage for free" models. It's _incorrect_ to conflate transit and storage, everything is completely different for storage. That's the difference between being able to use a road and needing to build bigger warehouses.

Comment Re:Except for... (Score 1) 213

Android: Control of market share (the software is given away for free)

Google: Control of advertising revenue (the software is given away for free)

Tesla: Sells cars and batteries, (software updates are free).

Most of the Internet: pay for services.

Kinda making my point.

Slashdot Top Deals

"If anything can go wrong, it will." -- Edsel Murphy