Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Shellshock a result of inappropriate use of bash (Score 1) 208

Shellshock does a good job of illustrating a fundamental security flaw in
bash but also in Redhat. Redhat, Fedora and CentOS are the most at risk
OSs because Redhat decided to make bash the default shell. This was a
deeply flawed system design decision driven by NIH (not invented here
syndrome). The problem is that bash was written and is maintained by
Redhat. As a result scripts that should have been written in the Bourne
shell are instead using bash. Even scripts that use Bourne (/bin/sh) are
executing bash on Redhat systems as sh is symlinked from bash. This is
not the case on Debian-based Linux (Ubuntu et al) as they don't symlink
bash to sh or specify bash as the default shell script interpreter.
Neither is it the case on the BSDs which don't even ship with bash.

So why then is bash an inappropriate choice for shell scripting? Bash is
designed to be an interactive shell. As a result it a much larger
program and has a correspondingly larger codebase than Bourne, most of
which is dedicated to auto-completion and other interactive features.
All else being equal (and it is in this case) more code correlates with
less security. Bash is also not POSIX-compliant. As a result it is not
cross-platform compatible nor are its features or design subject to
substantial design review. This and other reasons (like security) are
why all Unix and Linux distributions other than Redhat specify POSIX
Bourne as the default shell scripting language.

Redhat aside many third party shell scripts are written in bash that use
no bash features i.e., they would run with little or no modifications
under sh. So why are these scripts written in bash? The primarily
reasons are A) script authors don't understand or value cross-platform
compatibility and B) don't know the differences between bash and sh
(commonly due to familiarity with bash as an interactive shell). A third
but equally important factor is the lack of formal Linux or Unix

Just as shell scripts should not be written in csh (or tcsh) they should
also not use bash (or ksh). Shell script authors should A) keep it
simple, B) be aware of cross-platform differences, C) value
POSIX-compliance and D) value security. With these best practices bugs
like shellshock won't have such an impact.

Comment Re:A fork for old machines (Score 1) 330

deprecation model: break the code so it can't possibly work, wait two years with no bug reports, remove. This is literally how a lot of rubbish no actual users cared

If only... More often bug reports are removed for lack of a "more detailed explanation" or lack of a patch.

Horrible backwards compatibility is Linux' Achilles heel and the reason it has utterly failed to displace MS and Apple on the desktop.

Comment Re:I agree, but not with Ulysses... (Score 2) 121

What would you suggest Canonical do instead?

A) support Trinity.

B) fork Trinity if it goes the way of KDE4

C) KIS (keep it simple (and cross-platform compatible))

D) hire the right people (i.e., open at least one freaking office in SV/SF)

E) it's all about management

Management has to be well connected to end-users and end-user sysadmins. Management has to know how to review code (diffs) and do good QA (used to be Canonical's leg up on RH). This isn't rocket science. It isn't pur s/w development or pure sysadmin either. It is, findamentally, an issue of experience and good management. To be sure Canonical is the best placed company to be _the_ Linux desktop but they have not, of late, demonstrated a good understanding of how to get from here to there.

Comment Re:Don't really like where "Desktop Linux" is head (Score 1) 121

have to agree they suck at the moment

KDE4 and Gnome3 have set the Linux desktop back nearly a decade. All of our plans to convert desktops from Windows have been put on hold, indefinitely.

Question is why. Why have these two key window managers not only gotten worse but become worse than any window manager since CDE?

Part of it has t be a lack of design guidelines. It also has to be due to a lack of leadership, designed by committee, lord of the flies and all that. But that can't be all there is. I know this isn't all because a friend of mine is one of the contributors and I know he works for Microsoft on the side. Open source desktops won't be viable, if you ask me, until they've solved these 3 fundamental issues.

Comment Re:Google is history... (Score 1) 270

according to the evaluation metrics

Evaluation metrics, yea, that's the ticket. The reason Google sucks of late is partly because spam filtering is difficult but in this case it is especially difficult as they actually profit off of much of what we see as search spam. That is to say that our metrics (results) are different from theirs (profit and results). Of course they'll tell you that Adwords customers are shown no preference in search listing, but what else are they going to say...

This is no different than what happened at DEC's Alta Vista, whose search results used to be better than Google's are now. That was before the bean counters^H^H^H^H stock holders made a stink about the lack of "value appreciation". Sucks to have owners whose short term interests conflict with your (long term) business model.

Comment Re:Seriously? (Score 1) 275

I'm sorry to have to say this to you like this, but you have no idea what you're talking about.

Sorry but we do know. Whether the equipment you cited supports IPv6, well or otherwise, is irrelevant because 99.999% of the Internet is inaccessible to IPv6 nodes without NAT64 and NAT46.

Anybody who has tried to use IPv6 knows this. IPv6 will never reach more than 0.01% of the Internet without NAT64 and NAT46 and probably NAT66 as well.

Comment Re:Seriously? (Score 1) 275

NAT works

Everyone knows NAT works because everyone uses NAT, most of us aren't even aware of it. The only people who have a problem with NAT are ILECs like ATT, aggregators like Google, and wirters of trojans, viruses, spambots and other P2P malware. These groups know that access to us and our data would be much easier with NAT out of the way, and they think IPv6 is a way to make this happen. Claims that NAT is harmful only exist because the ATTs and Googles of the world have a lot of money to spend on astroturf.

Comment Re:Seriously? (Score 1) 275

Upgrade your systems to IPv6 already

Is this a rhetorical question or what? Considering that no equipment currently on the market does IPv4 to IPv6 NAT any IPv6 device would only be able to contact at best 0.001% of the Internet. Give me a break is right, just not a broken Internet. IPv6 is still a long way from being usable.

Comment Wells Fargo harassment as well (Score 5, Informative) 794

Not just Paypal but Wells Fargo as well. When I heard about Paypal and Amazon I went to the wikileaks website to make a donation. Not only was my charge denied but they put a hold on my card! Talk about harassment. It's bad enough when your own government breaks the law, worse when vendors decide to run a protection racket when they disagree with a customer's purchases/donations.

Comment Re:Relax.. Take a deep breath.. (Score 2, Insightful) 347

You cannot "think" yourself out of stress

It's true you can't "think" yourself out of stress but you can meditate on your stress, its effect on your body and your thinking, and come to terms with it in that way. Meditation does not involve thinking i.e., internal dialog, but it does involve taking the time to sit quietly for a half hour or more and just focusing on what exactly the"stress" is. That's the only way to achieve real understanding of it, to come to terms with it, to live with it, and to mitigate its negative effects. It's the same for other types of pain.

If, like most people, you deal with stress by trying not to think about it, by staying busy, by drinking, taking drugs, watching TV, even by exercising (alone) you'll still suffer from it.

If you want to see what meditation is about download a few lectures from audiodharma (to your smartphone or PC) and listen to them while commuting or before bed.

Meditation techniques are even taught in hospitals in the US thanks to unequivocal research showing its beneficial effects. See also books/audiobooks by Jack Kornfield, Lama Surya Das, the Dalai Lama, or Alan Watts among many.


Do You Really Need a Discrete Sound Card? 520

crookedvulture writes "Integrated audio has become a common freebie on motherboards, causing many to question whether there's any need to have a sound card. Tech Report took a closer look at the issue by testing the latest integrated Realtek codec against a couple of sound cards: Asus' $30 Xonar DG and its considerably more expensive $280 Xense cousin. Everything from gaming performance to signal quality is explored, and it's the blind listening tests that prove most revealing. The integrated solution is obviously flawed, and in a bit of a surprise, the cheaper Xonar is the one most preferred. Discrete sound cards certainly have their benefits, and you don't need to spend a lot to get something that sounds a lot better than the average motherboard."

Hard-Coded Bias In Google Search Results? 257

bonch writes "Technology consultant Benjamin Edelman has developed a methodology for determining the existence of a hard-coded bias in Google's search engine which places Google's services at the top of the results page. Searching for a stock ticker places Google Finance at the top along with a price chart, but adding a comma to the end of the query removes the Google link completely. Other variations, such as 'a sore throat' instead of 'sore throat,' removes Google Health from its top position. Queries in other categories provide links to not only Google services but also their preferred partners. Though Google claims it does not bias its results, Edelman cites a 2007 admission from Google's Marissa Mayers that they placed Google Finance at the top of the results page, calling it 'only fair' because they made the search engine. Edelman notes that Google cites its use of unbiased algorithms to dismiss antitrust scrutiny, and he recalls the DOJ's intervention in airlines providing favorable results for their own flights in customer reservation systems they owned."

TSA Pats Down 3-Year-Old 1135

3-year-old Mandy Simon started crying when her teddy bear had to go through the X-ray machine at airport security in Chattanooga, Tenn. She was so upset that she refused to go calmly through the metal detector, setting it off twice. Agents then informed her parents that she "must be hand-searched." The subsequent TSA employee pat down of the screaming child was captured by her father, who happens to be a reporter, on his cell phone. The video have left some questioning why better procedures for children aren't in place. I, for one, feel much safer knowing the TSA is protecting us from impressionable minds warped by too much Dora the Explorer.

Mozilla Labs Add-On Provides Video and Audio Recording From the Browser 132

An anonymous reader writes "Mozilla Labs is working on an experimental add-on which enables video and audio recording in the browser. Anant Narayanan writes on the Mozilla Labs blog, 'The Rainbow add-on for Firefox is an early developer prototype that enables web developers to access local video and audio recording capabilities using just a few lines of JavaScript. The add-on generates files encoded in open formats: Theora (for video) and Vorbis (for audio) in an Ogg container. The resulting files are accessible in DOM using HTML5 File APIs, which may be used to upload them to a server.' Support for live streaming and WebM is planned for a future version of the add-on."

Slashdot Top Deals

Quark! Quark! Beware the quantum duck!