Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. Re:online forums software can be hard to update on Ubuntu Linux Forums Hacked -- IP Address, Username, Email of 2M Accounts Compromised (betanews.com) · · Score: 2

    online forums software can be hard to update if any mods / plug in's are in use.

    The thing is, you shouldn't need to update them. The biggest problem on the Internet today, IMO, is that so much of our user-facing infrastructure software was written before modern database access techniques, such as the use of parameterized queries.

    In my personal life, the very first thing I do before I install any piece of client-facing software is audit the thing top to bottom, making sure every single SQL query uses parameterized queries, and rewriting it when I see them. If the software is too big for this to be practical, it doesn't get installed on my server—a lesson I learned the hard way after a PHPBB instance got vandalized anonymously. As a result, I now use a custom fork of JXBD that replaces every single query with parameterized versions (available on GitHub). It is small enough to be auditable, and as an added bonus, I was able to integrate it more cleanly with my existing login infrastructure.

    If everyone would adopt that same level of caution, all this ancient cruft would get cleaned up pretty quickly, and folks wouldn't need to update their bulletin boards every few weeks to fix the latest SQL injection attack, because the BBSs' SQL access code would be secure by design. I would encourage Ubuntu to similarly systematically rework everything they run on their websites and then contribute fixes upstream so that everybody benefits from their effort.

  2. Re:How many accidents has it avoided? on Consumer Reports Calls For Tesla To Disable Autopilot (consumerreports.org) · · Score: 1

    I remember studying a law case in college where a woman activated the cruise control in her RV, wrecked, sued, and won. (Law school, not sit-com.)

    That's in large part because early cruise control was called "auto-pilot".

  3. Re: So just rename it then? on Consumer Reports Calls For Tesla To Disable Autopilot (consumerreports.org) · · Score: 1

    IIRC, most current-generation fly-by-wire craft can do so, but I think they all still require a human to taxi them to the runway.

  4. Re:Law and Equity on TOS Agreements Require Giving Up First Born -- and Users Gladly Consent · · Score: 4, Informative

    You are significantly mistaken. The courts don't throw out "unreasonable" contracts people willingly agree to.

    The legal term for this is "unconscionable", not "unreasonable", and yes, the courts do throw them out routinely—particularly in contracts of adhesion. Stanford Law Review vol. 63:869-906 gives a good summary of how the courts have fixed various unconscionable contracts and other unfair contracts.

  5. EBCDIC

    Extended Binary Coded Decimal Interchange Code[1] (EBCDIC[1]) is an eight-bit character encoding used mainly on IBM mainframe and IBM midrange computer operating systems.

    I have a feeling that the whole "Nobody ever got fired for choosing IBM" thing is about to become very untrue at Citigroup....

  6. Re:Law and Equity on TOS Agreements Require Giving Up First Born -- and Users Gladly Consent · · Score: 3, Informative

    The law would invalidate it because it isn't the sort of thing that a reasonable person would expect to find in a contract of this type, and because the contract term would probably be per se illegal anyway.

  7. If you're going to tether the drone anyway, wouldn't it be cheaper to stick it on a wooden pole and hire somebody from the Home Depot parking lot to hold it up for three hours? I mean, I'm being slightly sarcastic here, but this use of drones might be the most bizarre idea I've heard in a long time. I can't imagine they'd be able to keep the weight below the legal safety limits for drones flying over populated areas....

  8. Re:How about this on Telecoms Promise 5G Networks If EU Cripples Net Neutrality (theverge.com) · · Score: 3, Insightful

    Nah. Just tell them that if they don't set up 5G, they'll license the spectrum to someone who will. After all, this is just the prisoner's dilemma. I'm sure there are at least a few of those companies who would gladly stab the others in the back.

  9. Re:Sulu is George's character on George Takei Opposes Gay Sulu In 'Star Trek Beyond' (hollywoodreporter.com) · · Score: 1

    And I fully understand Takei's objections. It directly diminishes his acting career and other gays, by underhandedly suggesting that because he's gay, he's not a good enough actor to play straight characters convincingly.

    How does it suggest that? Mr. Takei played the straight Sulu, so clearly he was good enough to do so. And a straight guy is playing the gay Sulu.

  10. Re: This is sacrilege plain and simple on George Takei Opposes Gay Sulu In 'Star Trek Beyond' (hollywoodreporter.com) · · Score: 1

    I think a certain segment of the population wouldn't like him if he was credited under his full name, which is Siddig El Tahir El Fadil El Siddig Abderrahman Mohammed Ahmed Abdel Karim El Mahdi.

    I don't know about the general population, but I'm pretty sure the poor guy/gal trying to make his name fit onscreen in the credits would have been positively homicidal. :-)

  11. False claims that were not verified. And because they did this, they'll never be able to use that tactic if that happens for real next time, because the terrorist will see it coming. As I said elsewhere, even if you ignore the ethical questions, this was a bad move tactically. They showed their hand too soon.

  12. People overestimate the protection of a bulletproof vest. A vest will keep you from getting killed, but it doesn't change the laws of physics. If the guy runs out the one functioning door and gets simultaneously hit by a hail of gunfire, it is going to hurt like hell, and the shooter would likely end up on the ground. Also, once out in the open, a sniper can readily aim for the person's head.

    Either way, the biggest problem with doing this—even ignoring questions like whether police should be quasi-military, whether they should have expended more effort to bring the guy to justice instead of to the coroner, and any of the other various ethical questions it raises—is that this trick will work exactly once. Next time, when it's a real terrorist with real bombs hidden all around the area instead of just a nut with a gun pretending to be a terrorist, the terrorist will be expecting this response, and upon seeing the bomb robot, will trigger all the bombs at once and go out in a blaze of glory. So from a long-term security perspective, this was entirely the wrong move, IMO.

  13. Re:Really? on Using a Bomb Robot to Kill a Suspect Is an Unprecedented Shift in Policing (vice.com) · · Score: 5, Insightful

    If they could blow up a bomb, they could have blown up a tear gas grenade just as easily, and if he came out shooting, shot him then. Somehow, the police using a bomb just seems wrong.

  14. Re:blind spot on That Digital Music Service You Love Is a Terrible Business (fortune.com) · · Score: 1

    Pandora pays royalties to the PROs, so no, the order isn't wrong. That's the order in which the payments occur. It was not intended to be ordered by amount of dollars kept, but rather to show the flow of money downhill, starting from the company that takes the money (e.g. Pandora) and ending at the people who actually did the work to create the music.

  15. Re:blind spot on That Digital Music Service You Love Is a Terrible Business (fortune.com) · · Score: 5, Insightful

    No, IMO, the problem is that there are too many middlemen. The Internet service takes its cut, followed the the performing rights organization (e.g. ASCAP, BMI, or SESAC), the publisher takes at least half of what is left (and probably more), and the tiny crumbs that remain get divided between all the composers and lyricists. The artist probably gets nothing unless he/she is a singer-songwriter or there's some other specific arrangement with the publisher. Either way, the more middlemen you have leeching off your music, the less you'll make from it.

  16. I've been saying that Apple should buy Disney for years. Apple wants to stream their shows, and Disney/ABC wants to bundle things to prop up their sports franchise, ESPN, which Apple doesn't want to force upon everybody. Apple could buy them pretty easily, fire the upper management, make the deals, and spin them off again to avoid becoming another Sony.

  17. Re: We screw everyone. on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    Spotify should just move exclusivly to Android. Nothing shows the value of your convictions like slaming the door and walking away.

    That would pretty much be suicide for Spotify. I'd imagine that most of their paid subscribers come from iOS. After all, iOS users tend to have more disposable income than Android users, and tend to spend considerably more on electronic goods and services.

    Like it or not, Spotify has no choice but to have an iOS app available. They can choose to stop allowing in-app purchases, forcing users to figure out on their own how to buy subscriptions, but leaving the platform entirely would be a company-ending move.

  18. Re:Slashdot on Google Searches For 'VR Porn' Increase 10,000% (vrtalk.com) · · Score: 4, Funny

    Luckily, nobody ever makes Google searches after seeing a Slashdot post.

    Tomorrow's dupe: "Google Searches For 'VR Porn' Increase 1,000,000%".

  19. Re:Nothing to see... move along.... on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    And to put that in perspective, as of a year ago, there were only 2 million active Facebook advertisers. I doubt more than one percent of those use iOS to create or buy ads, but even if 100% of them did, Apple still created an exception for Facebook's 2 million advertisers and refused to create one for Spotify's 20 million paying users.

    I'll let you draw your own conclusions.

  20. Re:We screw everyone. on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    ... eBook delivery, where they had to conspire with 5 other companies ...

    Yes, Apple conspired with five companies. However, those companies were their suppliers, not their competitors. It was not the size of those five companies that made it an antitrust violation, but rather the fact that Apple caused an illegal horizontal price fixing to occur. Notice that this was found to be illegal without any consideration of whether Apple is or is not a monopoly. In fact, you will notice that the word "monopoly" doesn't even appear in the court decision except for a passing mention of the word in the context of copyright providing publishers with an inherent monopoly on their own content (which goes without saying).

    So as I said, Apple is large enough to have an effect on the market sufficient for antitrust laws to kick in, because as I said before, antitrust law violations do not require a monopoly or even a near-monopoly.

    Second, you're assuming a fungibility of goods across ecosystems that does not exist. As an iOS user, I cannot simply download the Android version of the app and run it on my phone. Instead, I have to spend several hundred dollars on new hardware, and replace all of my existing software, which could potentially cost hundreds or even thousands of dollars more.

    Nothing to do with anti trust at all. Your choice to buy an iPhone doesn't factor into anything.

    Actually, yes it does. You see, the iOS App Store is what is known in antitrust law as "tying". Apple explicitly prevents you from being able to buy apps for their devices except through them. This could be held to be per se illegal, as the purchase of an iPhone is essentially conditional on purchasing apps for it exclusively through Apple, but that's a somewhat challenging legal argument to make, as it would only be illegal if Apple had either a monopoly or a substantial amount of control over the app market as a whole. However, the cost of switching from one operating system to another does impact their control over the app market, so in that context, customers' choice to buy an iPhone could, in fact, factor into any decision about whether Apple has sufficient control over the market.

    Secondarily, if Apple can exert sufficient influence on, for example, the market for streaming audio subscriptions, it can potentially be held unlawful under the rule of reason. That also does not require a monopoly. It merely requires the contract (in this case, the development agreement) to be a restraint of trade (and requiring the use of their payment service instead of a competitor most certainly is) that significantly impacts the viability of a market. And again, in that context, the cost of changing operating systems does factor in to how likely customers are to switch to Android to gain access to services like Spotify if Apple makes it impractical for them to continue doing business on iOS. So again, it could factor in.

    Now I know you're an idiot or a poe's law troll. CNet had to start adding malware to its downloads in order to make money.

    Dude. I never said that CNet's site was the epitome of quality. I just said that other review sites do exist, and that there's nothing magical about Apple's ability to provide that service. If Apple hadn't done it for their mobile devices, somebody else inevitably would have, because inherent to the nature of the Internet is a rule that if there's a need, someone will eventually fill it.

  21. Re:We screw everyone. on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    "Sticking your software on a webserver" is equivalent to Apple's app store, for a developer? Sure...

    The answer is "it depends". For some random developer that nobody has ever heard, of, no it isn't. For somebody whose service is as well-known as Spotify, with an advertising budget as big as Spotify, etc., yes, it is. For the most part, people don't discover Spotify on the iOS App Store. They go explicitly to the iOS App Store to download Spotify because somebody told them about it.

    If the iOS App Store did not exist, assuming the same code signing functionality did exist, and assuming Apple provided some mechanism whereby clicking on an app installer package in Mobile Safari would download it and install it, then the iOS App Store would provide no additional benefit to companies like Spotify beyond what a Google search would provide. It is just another unnecessary layer of bureaucracy between the developer and the customer.

    You'll notice that Adobe provides almost all of their OS X software directly, rather than using the Mac App Store. You'll notice that BBEdit tried the Mac App Store and then left. So clearly, for many companies, sticking your software on a webserver is actually preferable to Apple's Mac App Store because there are fewer restrictions, you have more flexibility, and your customers can still get your content just as easily (at least on open platforms like OS X). You've offered me no reason to believe that the story would be different on mobile if Apple changed their policy to allow distribution of apps outside the iOS App Store.

    And for a farmer, dumping your produce in a heap in the middle of a public park is the same as getting it onto supermarket shelves, and getting a check at the end of the month.

    Huh? Spotify et al are highly advertised businesses with well-known websites. They're the Internet equivalent of companies with their own storefronts. And yes, having your own storefront is the same as getting it onto supermarket shelves, assuming your customers know where to find you, and assuming that traveling to your own storefront isn't too burdensome. In fact, many people avoid the middlemen at farmers' markets every day, because they get better quality produce without the extra expense.

    And obviously, the Internet is not equivalent to a physical presence, because I don't have to spend hours driving somewhere to get to your website. It is the great leveler, making it irrelevant whether a particular company's page is in Kansas or Uzbekistan. The entire notion of a centralized store as the sole means of getting apps onto a platform is completely and fundamentally antithetical to the decades of technological progress on which the Internet was built.

    Except for the part where you turn your own argument on its head by stating, "there are tens of thousands of different grocery stores, from large chains down to one-store shops. By contrast, there are basically only two viable mobile operating system platforms." I'm sorry; weren't you just saying an app store is the same as dumping your software on a website? By that score, there are an infinite number of them.

    You're confusing two different stores on two different devices with two different content origin policies here. I was saying that on OS X, the app store provides no benefits over putting the app up on a website, and that on iOS, it would provide no benefit if it were possible to install iOS apps from websites.

    The critical fact that you're apparently failing to grasp is that Apple actively prevents installing applications on iOS devices except through its own app store and has threatened legal action against anyone who has tried to circumvent that restriction. So no, those websites are clearly not competitors to the iOS App Store, because Apple has deliberately made it impossible for the device to obtain apps f

  22. Re: older employees won't put up with abuse on Age-Discrimination Suit Against Google Seeks Class Action For Engineers (dailymail.co.uk) · · Score: 1

    This is a societal issue. Either we take care of families or we don't.

    We need to take care of people that can't afford to eat. We don't need to take care of an engineer who insists he "needs" a salary $150k when a 25 years old with more relevant skills will accept $90k.

    Of course, the reality is that they don't have more relevant skills. The young folks are better at the details because their skills are more current, but they lack the experience at architecting things for robustness and extensibility. A healthy organization needs a certain percentage of experienced people. If you don't have that, eventually everything starts to break, and the longer you go without good architects, the more likely you'll end up throwing it all out and starting over....

  23. Re:Your shitty product kills jobs? on Security Researcher Gets Threats Over Amazon Review (techcrunch.com) · · Score: 1

    You can probably achieve that with 802.1X. Set up a Raspberry Pi as a RADIUS server, and configure your real devices (laptops) to authenticate over 802.1X. Make it so that non-authenticated devices can send out mDNS advertisements (and be sure to route the mDNS advertisements to the authenticated netblock), but cannot talk to the Internet as a whole unless you explicitly tweak the policy to allow access to some specific server or port for some specific reason (e.g. unblocking NTP).

    Or, for that matter, since IoT devices aren't likely to try to send out traffic with random VLAN tags, you could probably just enable VLAN tagging (802.1Q) for your real machines, and do the same sort of network configuration that way.

    Note that if any of your devices are running OS X, unless Apple has fixed the bug recently, you'll have to create the VLAN manually in Terminal, because System Preferences only allows you to set up VLAN tagging on a hardwired Ethernet connection. It also may not be possible to manually configure a VLAN on mobile devices, which means RADIUS is probably a better choice if you have anything running iOS or Android.

  24. Re:We screw everyone. on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    That is the original text of the Sherman Act. The law that basically makes it illegal to monopolize a market by position. Apple do not have this position. Android is a larger OS by market share, which Apple can not influence.

    You're wrong on several counts, as I pointed out elsewhere. First, Apple has already been busted for antitrust violations, which means that yes, they do have a large enough position to be subject to antitrust limitations.

    Second, you're assuming a fungibility of goods across ecosystems that does not exist. As an iOS user, I cannot simply download the Android version of the app and run it on my phone. Instead, I have to spend several hundred dollars on new hardware, and replace all of my existing software, which could potentially cost hundreds or even thousands of dollars more.

    Third, the Sherman Antitrust Act is the foundation for a complex system of antitrust laws. It is not the only law. It is not even a tiny fraction of the statutory law and relevant case law involved in a situation like this.

    Apple does have costs associated with running the App store, and they have disproportionally levied fees on payments in order to subsidize their costs to provide the App Store services to free apps.

    And they can do that. That's fine. That doesn't change the fact that their own app doesn't pay those disproportionate fees in any meaningful way. In fact, Apple pays even less for distributing their own app, because it is bundled into OS updates instead of being a standalone download.

    That also doesn't change the fact that the only reason for most of those operating costs for the store is that Apple chose to require distribution through only their store. They could have let developers distribute their apps on their own websites using the same signing scheme. And the notion that small developers can't afford a web server is laughable. Almost 100% of them already have a web server to advertise their apps anyway. Without that, nobody would ever find their app in the giant black hole that is Apple's iOS App Store. The App Store absolutely does not make apps discoverable. If anything, it hinders discoverability very badly, from what I've seen.

    And the only reason updates are hard is because Apple has chosen to make it hard. Their software update mechanism talks only to their servers. It would take almost no additional effort to allow developers to put an extra URL in their Info.plist file where Apple's autoupdater could fetch the current version info, etc. for that app. Apple chose to use their store infrastructure for handling that metadata, but that was Apple's choice. They don't get extra brownie points for their store having to handle that extra download traffic unless they give app developers another option. Sorry, but no.

    Similarly, Apple wasn't by any means the first to have a means for reviewing apps. Cnet and others have had similar services for arbitrary downloads since just about the dawn of time. Now to be fair, I'm not saying that I don't appreciate having a source where I can trust that all the apps are likely vetted. What I am saying is that having such a source does not require banning obtaining apps through any other sources as Apple has done. There's no benefit to that from my perspective as a user. For that matter, there's very little benefit to Apple doing the actual distribution of the apps at all, other than perhaps download speed. Again, Apple's choice, so they don't get brownie points for doing what they forced themselves to do through something that was entirely their own decision.

    If the benefits of the App Store didn't make it worth-while for app developers, the App Store would be pretty barren of apps. Its not. Apple do not have a monopoly on phones, phone OS's, and therefore can not have a monopoly on anything contained therein.

    You're bordering on begging the question here.

  25. Re:We screw everyone. on Apple Slams Spotify For Asking For 'Preferential Treatment' (buzzfeed.com) · · Score: 1

    Apple's app store has become a victim of its own success, in a way, because it has made the process of app distribution on their hardware so effortless for the end user that it is now widely assumed to be trivial.

    I assume nothing. I've done it on many occasions through many different mechanisms. Distributing applications is trivial. A mere web server can provide the same functionality that the App Store does. In fact, the App Store app basically just downloads the application package from a web server.... The iOS App Store, mind you, is insanely complicated, largely because WebObjects is, at this point, a steaming pile of legacy code with horrible limitations that they have to constantly hack around. IMO, it basically needs to be gutted and rewritten, but that's another rant for another day.

    But the complexity of the store itself is almost entirely irrelevant to the question of whether distributing apps is complex in much the same way that saying that Amazon's website is complex is entirely irrelevant to the question of whether distributing books through bookstores is complex. Those are orthogonal. If you were distributing an app outside of the iOS App Store, you'd be using an ordinary web server, and discovery would be through Google. The only infrastructure from Apple that you'd be using would be the certificate signing machinery, where Apple signs your deployment cert (similar to the way Developer ID works on OS X). And everything would "just work", because under the hood is just basically an OS X Installer package (give or take).

    It has also vastly simplified the process for the developer as well. I know I'm going to get flak for saying this from developers with short memories, but it is true. In the worst (hardest) case you were distributing boxes on store shelves containing stamped CDs - which you then had to support through other means. In the best (easiest) case you were distributing a shareware download on a website, and begging your users for purchases like a street performer with a hat on the sidewalk. Either way your profits were undercut by rampant software piracy. Let me emphasize that - _RAMPANT_ software piracy.

    Um... no, for many reasons:

    • We're talking about free apps here where you pay for a subscription to a data feed. People can pirate the app all they want to. It's free anyway.
    • The App Store does nothing to prevent pirating access to the server. If anything, speaking as someone who has dealt with this indirectly, the App Store is much harder to support than a standard, web-based payment system, for a number of reasons that I'd be happy to go into if anyone cares, often resulting in angry customers who you have to mollify with free service.
    • Rampant piracy does not actually decrease sales. It increases it. This has been shown in study after study. The more completely an app developer controls piracy, the more poorly the app does in the market. The reason is that software sales are driven heavily by network effects. Without piracy, sales actually suffer. That's one reason why everybody on iOS has moved to the freemium model. It turns out that without piracy, it's hard to get good word-of-mouth advertising for games and stuff on iOS.
    • Even if I did accept that piracy is a net negative, there would still be dozens of companies that do a much better job of preventing piracy than Apple does. Apple's code signing scheme actually actively prevents most of the techniques that would make their platform more robust against piracy, such as encrypting parts of the program and tying it to a hardware dongle, requiring constant-on access to a server, hiding files in various weird places in the filesystem, doing magic with those files' inode numbers server-side and storing the resulting token so that copying the key files won't work, tying the product to a specific hardware ID, etc. All of these things fail for various reasons in Apple's ecosy