Become a fan of Slashdot on Facebook


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Wait, what? (Score 1) 346

What is worse, is that those who work in health research often do not grasp what happens to structured logical reasoning when even one 'falsehood' creeps in. All papers whose conclusions depend upon papers with these errors must be considered suspect until checked, for example. Otherwise you are simply gambling that no errors are present. This is playing Russian Roulette with patients' lives when done in the context of the health system.

Comment Re:It's not Linux (Score 2) 313

It is software written assuming the APIs a linux machine exposes. Microsoft wrote a clean room implementation that did what colinux did on 32bit windows, and cooperated with Ubuntu to make it work better. That Microsoft have seen the need for a more positive attitude towards Free Software, Open Source, and Linux is a good thing. That Ubuntu Bash on Windows would not have happened without the success of Linux based operating systems is, I think, certain. Don't knock the penguin, he doesn't like it.

Comment Failure of OS design. (Score 1) 87

A process should not, by default, have access to any syscalls except self-termination. Likewise hardware virtualised operating systems. This should not just be within the OS itself, but within languages like Python and Javascript. Restricting what functions can be called to a minimum, and wrapping important ones in 'computational condoms' is something that, now we have LLVM to compile things on the fly, be considered mandatory. AOT compilation like on modern Android, combined with a well thought out API where what part has access to what is, to me, where to go. Your program comes in in LLVM bitcode, with special permission required to run binaries (esp. outside a VM), and based on information as to what syscalls are needed, a custom syscall interface is compiled on the fly, folliwing ideas such as in synthesis os, though for security rather than speed. Importantly, you want a non Turing complete layer in there somewhere.

Comment Re:Wayland bashing (Score 1) 151

Just because something is possible 'in principle' with X11 is not enough. Doing security the right way needs to be easy and obvious, as does doing away with security, as does knowing which of these is the case. Possible but not easy means most won't do it; easy and default means most do, which gives a kind of 'herd immunity' where speculative attacks are likely to fail rather than succeed. This 'herd immunity' makes it more expensive for attackers to target, since the population of viable targets is small, diverse, and sparsely distributed. Part of security comes from making it harder for an attacker that it's worth. Another comes from structuring things so that one breach can't lead to too much damage. Making it too hard for the average user to do these makes good security the preserve of a small elite, which is not a good thing unless you are in the elite (and even then, to me, is not a good thing).

Comment Re:Eye Candy v Functionality (Score 3, Insightful) 151

These are nothing to do with Wayland, but upon what you build upon it. Wayland provides a protocol for local programs to render to client buffers and efficiently pass these to the compositor, and to pass event information back to the application, and essentially little else. All additional functionality is a matter of how you design your compositor (of which Weston is just a sample implementation), and your compositor does not _only_ have to talk Wayland. It is important to understand the software engineering concept of coupling, namely what happens when the design of one component mandates behaviour and design of another component. Minimising this maximises flexibility, but perhaps gives you less 'for free'. An extremely lightweight compositor designed for getting work done is not out of the question, and most likely there will be a proliferation of compositor designs as there was for window manager designs in the earlier days of Linux.

Comment Use string manipulation and hashes (Score 1) 148

I wrote a toy demonstration at and explained at

Obviously you can use something slighly more elaborate, and given either bash and standard hashes (e.g. sha256), or javascript and cryptojs, you can roll your own string manipulation.

You basically have a secret phrase or two, something obvious related to the website in question (e.g. pw://, combine it to produce e.g. 'mypwmachine(SuperSecretPhrase-pw://', and them bung that through e.g. sha256 (or bcrypt with high cost if paranoid), take the binary output, convert to base64 and take the first 16 characters as your password. Unless you're rich or a terrorist, it isn't worth the effort to crack. Importantly the difficulty of reversing a hash means one compromised password isn't too dangerous, since unless they can reproduce your string manipulations, they can't easily generate passwords for anything else. I find it fun when a website deems the output of this process unnaceptable for e.g. not including punctuation.

Comment Driving PS from python (Score 1) 400

With the bash on windows and ps on Linux, being able to drive ps from python will be looked forward to. As a replacement for bash or python it sucks, and works completely differently. On the other hand, a python module permitting one to programmattically generate and run ps scripts, and receive what comes back would be welcome.

Comment The Tech Lawyer Zombie Apocalypse is upon us! Run! (Score 1) 181

First SCO, the Lawsuit-That-Never-Dies, and now this: Oracle trying to turn Oracle vs Google into another one. The disease is spreading, infecting the minds of greedy businessmen and tech lawyers. The number of people susceptible is that large, and they have masses of resources at their disposal to accelerate the spread of the ObsessiveCompulsiveLaunchATechZombieLawsuitThatNeverDies disease. Run for your lives! Were all doomed! Doomed, I tell you! Doomed!

Slashdot Top Deals

To do nothing is to be nothing.