Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Not so hard on Building Distributable Linux Binaries? · · Score: 2, Interesting
    Java and Python are only maybes - different versions of the engine may break the scripts. (Actually, if you're going to include scripts, then you can also include Perl, Tcl/Tk, Ruby and Scheme.) The only way to be 100% sure a script will run is to also ship a copy of the interpreter (statically linked) which you conditionally install if no interpreter is installed or is the wrong version.

    For regular binaries, a static build is pretty much guaranteed to work. Alternatively, all Linux distributions I know of do honor the LD_LIBRARY_PATH environment variable. Create a library directory on the target computer, then test the libraries already installed. If the ones you want are either not there or the wrong version, copy the ones you have on the CD into the library directory and have that directory searched BEFORE the default system library directories.

    If using custom versions of standard libraries, use a chroot jail to guarantee that the program cannot see the regular library directories.

    If you don't actually need standard functions at all, but use your own routines and maybe some system calls, then there's absolutely no problem - just remember that when you compile, you want to PREVENT GCC from linking in the C library. Rescue tools, installers and other components that have to run PRIOR to being able to check versions, etc, should either be statically linked OR not linked at all.

    If you want to avoid including stuff that might not be necessary, then you can use yet another technique. Write a "loader" program and include that as source. All the loader does is dlopen() the application (which is now written as a shared library, not an executable) and start it up.

    This technique works by linking to the installed libraries in the wrapper, and then when you dlopen() the application, the application can then access the linked libraries. The linking is entirely done in the wrapper, which would always be compiled for the local system.

    This technique would only work if all the required libraries are present, and the parts of the API that are used are present and the same. If you write to the libraries which are damn-near universal, then this will work. If you are writing to libraries which are not universal, then you would still have to do the whole process of checking and installing your own libraries, then setting the LD_LIBRARY_PATH. In which case, don't bother with the wrapper and just do that for all libraries.

    A final option is to provide TWO programs. The first program assumes nothing about the native system and doesn't do any checks at all. It just installs everything it needs in local directories, sets all the paths as needed, and runs in its own corner.

    The second program would be a clean-up program. It has a list of applications it knows about, what versions of what libraries are needed, etc. It would pull libraries that are not system-wide into a standard set of directories, then use symlinks or LD_LIBRARY_PATH to repoint applications to where the libraries are. It would also need two additional capabilities - deinstalling libraries when NO application still installed uses it, and updating records (and shuffling links as needed) when an application is updated.

    The reason for the second program is that many developers (especially commercial vendors) have the same problem. If a standardized mechanism existed for library tracking, with a well-known API, I believe it would become very popular very quickly. If such a program were developed, and was sufficiently widely adopted, you could abandon system-wide libraries altogether. Which would be no bad thing, as the existing system has problems with multiple versions and will also fail when libraries have the same filename. It's also slow when you've a lot of libraries installed.

    By creating virtual directories, in which the ONLY libraries present are ALL that the application needs, you eliminate not only the application/library issue, but al

  2. Re:You learn somthing everyday on Behind The Curtain On T-Day · · Score: 3, Interesting
    Given that much of the food had been brought to the Pilgrims, and what food the Piulgrims had had been grown only with Native American knowledge, you're essentially correct. I'd assumed that it had been a corruption of the English "Harvest Festival" and that the fetish with corn was related somehow to the ancient British tradition of making "corn dolls" out of the last corner of uncut crop.


    (I don't know how old the tradition was, but the idea was you chased the spirit of the crop into a corner of the field, by harvesting the rest, then trapped it in a figurine made from the stalks of what was left. The following year, you planted the figurine, so releasing the crop spirits back into the field.)


    Since Thanksgiving involves exactly the same basic elements, it seemed likely to me that the Pilgrims had borrowed from what they would already have known and merely shaped it to serve their purpose. I still believe there must have been some elements of that, but maybe nowhere near as much as I'd thought.

  3. Re:They used Linux 2.6 kernel on Bandwidth Challenge Results · · Score: 4, Interesting
    Already is. From the looks of Lightfleet, and some of the other people at SC2005 who didn't have tables but DID have information, Linux is being taken very seriously in the bandwidth arena.


    The problem with latency is that everyone lies about the figures. I talked to some of the NIC manufacturers and got quoted the latency of the internal logic, NOT the latency of the card as a whole, and certainly not the latency of the card when integrated. There was one excellent-sounding NIC - until you realized that the bus wasn't native but went through a whole set of layers to be converted into the native system, and that the latency of these intermediate steps, PLUS the latencies of the pseudo-busses it went through, never figured in anywhere. You then had to add in the latency of the system's bus as well. In the end, I reckoned that you'd probably get data out at the end of the week.


    I also saw at SC2005 that the architectures sucked. The University of Utah was claiming that clusters of Opterons didn't scale much beyond 2 nodes. Whaaaa???? They were either sold some VERY bad interconnects, or used some seriously crappy messaging system. Mind you, the guys at the Los Alamos stand had to build their packet collation system themselves, as the COTS solution was at least two orders of magnitude too slow.


    I was impressed with the diversity at SC2005 and the inroads Open Source had made there, but I was seriously disgusted by the level of sheer primitiveness of a lot of offerings, too. Archaic versions of MPICH do not impress me. LAM might, as would LAMPI. OpenMPI (which has a lot of heavy acceleration in it) definitely would. The use of OpenDX because (apparently) OpenGL is "just too damn slow" was interesting - but if OpenDX is so damn good, why hasn't anyone maintained the code in the past three years? (I'd love to see OpenGL being given some serious competition, but that won't happen if the code is left to rot.)


    Microsoft - well, their servers handed out cookies. Literally.

  4. Education isn't just for schools on Recruiting IT Students? · · Score: 1
    If you learn, you learn. If you've learned off your own back, through work, through doing, then that's still an education. It may not have a piece of paper at the end, but only janitors get paid to pick up bits of paper.


    Generally, learning in a formal system has benefits to it - you get to see what a good answer looks like, even when your answer doesn't work. Further, if your instructor is a researcher, you get the benefit of learning where technology is today, not where it was the last time the accountants coughed up cash to buy some cheap COTS solution because they liked the color of the box.


    Furthermore, having been educated in Britain, I have the benefit of having had grant-funded education. If your parents pay directly for you to learn, don't expect to learn very much. For a start, parents don't have the kind of hard cash needed. Secondly, unless they are exceedingly generous, there is zero incentive for them to pay for more than it would take to get you out of their hair.


    Education benefits the whole of society - directly, by boosting what the skills available to the industry, indirectly by raising both the quality and the value of what is produced and so benefiting both the economy and the consumer, and even more indirectly by earning more thus paying more in income tax thus providing more funding for communal services. BECAUSE it benefits the whole of society (even those who are never able to go to school), it should be paid for 100% by the whole of society. If you or your parents have to pay for the priviledge of benefiting others, then you live in a sorry, ass-backwards society.


    (Sadly, since I finished at University, Britain went down that road. Many of us, as students, tried to stop that. The National Union of Students did everything short of declare war, in an effort to keep grants and stop loans. Even before the loans, the grants were suffering badly from not being kept in line with inflation and only helped in reducing the initial deficit those who went into postgraduate work had to suffer. Still, even today, I believe Britain has more University graduates per capita than the US, and if higher education targets are reached, will have more University graduates in absolute terms than the US.)


    But getting back to my main point - I care that people learn, not how. If some hermit from North Dakota, with nothing to do all day but beg for food and make crop circles, uses their time to learn something theoretical from first-princples - hey, it worked for the Ancient Greeks! - then they deserve every ounce of credit for learning that. In America, where awards are everything and skill is nothing, it might be tough, but that's just a broken system. It has nothing to do with knowledge, education or ability.


    If someone were to learn in industry (as per Einstein) or as a hermit in isolation (which is what some of the Ancient Greeks did), it is still learned. It is still knowledge. It is still education in the purest sense. There are many fields of endeavour where learning in the field is the ONLY viable way to learn - nobody ever became a chef, a painter, a racing driver or a deep sea diver by reading a textbook. Education is qualitative, not quantitative and it is by trying to quantify the unquantifiable that civilization is crippling itself.

  5. Specialties are a weakness on Recruiting IT Students? · · Score: 2, Insightful
    The average person knows something about almost everything. A skilled person knows a lot about a few things. A specialist knows everything about nothing.


    That, sadly, really is the case. To be good, to be really good - not just mediocre - you have to be well-rounded. That is true in any field. However, IT isn't just another field. It is a study of the application of tools to enable others to study the application of data in other fields. But if you know nothing about how the other fields operate, how can you know what tools are appropriate or how to apply them to enable others to do their work?


    An IT person in a scientific environment should, therefore, understand science. An IT person working in a corporate environment should understand the basics of commerce. Don't expect to be told what is needed - the average dork in such places doesn't know the first thing about the underlying principles of technology, they only know about what is visible to them. The IT guys have to not only know their subject, they ALSO have to bridge the gap. And you can't do that from a position of ignorance.


    So, what does a real IT person need? They need a wide selection of transferable skills, for a start. That is an absolute must. They should have completed at least one degree-level course in the discipline in the area they wish to target their IT skills. They should ALSO have three to four years of theoretical training in IT and one to two years of internship - but where the internship is solid work. I wrote a matrix-based filesystem for a nuclear research center for mine, and I consider that to be about the MINIMUM level IT interns should be exposed to.


    A four-year degree program for IT really isn't adequate, if you want to get into sufficient depth in any of the subjects to do more than just confuse people. Six to seven years full-time (ie: 40 hours lecture time per day, 30 weeks per year) would be much more reasonable. It is also vitally important that lecturers be (a) on the bleeding edge - they should be doing research alongside their courses and should update the courses accordingly in real-time, and (b) good thinkers.


    The second of those is important - too much theory is taught at University that has no basis in reality. Anyone using a "Fat Tree" for high-performance networks is a thrice-damned fool, for example. The moment anyone (lecturer, student, outsider) finds a flaw in any of the thinking, that thinking should be acknowledged as flawed immediately, and replaced ASAP.


    Someone who had taken such a course would be qualified for work in many fields - not just IT - because they would have a great many transferable skills, a degree, some qualifications in other fields they could leverage and professional experience.


    Someone who has a degree that is isolationist and dead-brained has no market value if their profession bottoms-out, no matter what that profession is.

  6. Interesting. on Living Photos Use Bacteria as Pixels · · Score: 4, Informative

    For images that are essentially monochromatic, this is fine. Actually, a Russian photographer did some ingenious colour photography using monochrome film, but that was sensitive to all frequencies not just one.

  7. What is it with technology and cutlery? on MySQL to Counter Oracle's Purchase of InnoDB · · Score: 1, Interesting

    Microsoft wants to knife the baby, OSS projects do fork (though not as often as Microsoft would have you believe), and Slashdot postings invariably have spoon(erism)s. In that case, to produce good, clean technology, all we have to do is build a dishwasher the size of California.

  8. One solution, but many formulae on The Prodigy Puzzle · · Score: 1
    Even those cases need studying. The "dumb slacker" could probably do with coaching or remedial work to bring them up to speed AND want to stay there. The timid kid could probably benefit from some sort of confidence-building program. And so on. But until you identify that there is some sort of a problem, you cannot possibly begin the next step of identifying how to solve it. And until you know how to solve it, you cannot progress to the stage of actually doing so.


    So I would argue that looking for all deviations from the expected is helpful - provided that information is used to help people through their weakspots and encourage people to develop and push their strengths.


    Yes, it would cost more. Yes, it would mean you'd need a LOT of additional staff on hand and a MUCH broader skill-base, and you'd have to be realistic about how broad a base you could realistically provide the additional support for. In the end, from a purely financial perspective, education is an investment. Therefore, what you get out of it (through benefits to the ecomony, extra taxes owed through better incomes, etc) has to be equal or less to what you put in to be worth it. If a person has a 35-40 year working life and the difference in income between menial jobs and highly skilled jobs is $40,000+ per year, then you can see that you can actually invest quite a lot before it becomes unprofitable to do so.


    (You'd need some extra-sharp pencils and a good afternoon's work to get a decent calculation for what is possible, but I am guessing that a school could probably double or even triple staffing levels to provide the extra support and drive necessary, so long as the gains were recycled into the educational system. My gut feeling is that you'd find that such an increase would have enough of a positive impact to offset the costs and complexities.)


    From a humanitarian perspective, a social perspective or just a "let's do the best we can" perspective, then what I'm suggesting is the absolute minimum you'd want to do. It's a starting point, nothing more. Its chief benefit is that it provides the best possible outcome that is self-sustaining. Better outcomes could be produced, but they'd cost more than they'd gain. I'm not going to get into the argument of whether that is worthwhile or not - I don't believe I need to, because I think the scheme I'm proposing is a massive improvement while not requiring one political or economic philosophy or another. Once you've raised the thinking ability of society, the new thinkers should (if they're so damn smart) be in a better position to determine where to go from there.


    I would throw in one other thought. Students, kids, etc, should be looked at from the perspective of their mental age in any given field. One famous mathematician got her first BSc when she was 13, another at age 15 and her PhD at age 18. She is now at the University of Israel. She was the youngest student to graduate from Cambridge University, she clearly hasn't burned out, and there is no evidence I know of that such an early education caused any harm whatsoever. I do not believe she is an isolated case in terms of ability, but rather an isolated case in terms of being listened to.


    Although you've got to be careful when biological, emotional and intellectual ages differ by such wide margins, I believe too many countries put stock ONLY in biological age and ignore when the others are advancing far faster. For that matter, they also ignore when the emotional or intellectual age progress much slower. Age is not just one thing and to group all such notions into a single, linear, calendar-based concept is just plain wrong. (Even biologically, it is wrong. Physical aging is not linear and does not respect the Gregorian calendar system.)

  9. Answer - We don't. on The Prisoner To Be Remade On U.K. TV · · Score: 2, Interesting
    You are correct that remakes are terrible, with NO exceptions to date. (The American version of Red Dwarf being the exception only in that "terrible" is far too nice a term.)


    There ARE other stories to tell, though, based on the series. What of the agent who faked his death in the first episode? How did he break in the end? Several Number 2s admitted to being prisoners themselves - was there a natural progression going on from prisoner to guard to authoritarian figure? How did The Village start in the first place and when? There were several prisoners under threat of death that Number 6 tried to save - were they really in danger and how did they resist so much as to be placed there?


    There are all the events prior to The Prisoner. For that matter, assuming no other prisoners excaped, there are all the events that occured to the evacuees afterwards. Was a new Village founded? Number 6's house had the automatic door - does this indicate that he was merely on parole from The Village? Or maybe that their techniques had improved so much that a physical prison was no longer required - a psychological one being quite sufficient.


    Oh, there is no shortage of things they COULD do, based on the series. So what do they do? Remake the episodes that have already been done, only minus all of the social context that made them meaningful in the first place. The biggest intellectual challenge here is to guess which versions they'll use. (There are at least two versions of the second episode and reputedly different versions of the first and third as well.)

  10. Hmmm. on The Equation That Couldn't Be Solved · · Score: 1

    What happens if you ferment a bunch of Abelian grapes in a Klein bottle?

  11. Re:SHA-1??? on MD5 Collision Source Code Released · · Score: 1

    That's strictly CPU time, not I/O time.

  12. Re:May already be solved for this type of system on Australia Pushes Geothermal Energy · · Score: 1

    The real reason for the animosity is that the All Blacks have a better war-dance at the start of rugby matches and New Zealand has cool parrots that walk(!) up the sides of trees, but the Australians have Rolf Harris and the wibble-board.

  13. Re:SHA-1??? on MD5 Collision Source Code Released · · Score: 2, Interesting
    It depends a little on the implementation, but using mhash I get the following results when generating hashes of a gigabit file from DVD: (Results calculated by using gnu time, and using the user time, not the real time, result)


    • SHA-1 - 16 seconds
    • SHA-512 - 1 min, 17 seconds
    • Haval - 27 seconds
    • Whirlpool - 1 min, 14 seconds
    • Tiger - 18 seconds


    And then, when generating hashes of a 5 gigabyte file on my hard drive (there's been a lot of good stuff on Freshmeat, recently):


    • SHA-1 - 2 seconds
    • SHA-512 - 3 seconds
    • Haval - 5 seconds
    • Whirlpool - 5 seconds
    • Tiger - 3 seconds


    I'm going to guess, on the basis of these results, that you want to try Tiger as a first choice, Haval as a second choice, and that the mhash implementation will probably be OK for Tiger but if you opt for Haval you're probably better with a different hashing engine.

  14. May already be solved for this type of system on Australia Pushes Geothermal Energy · · Score: 1
    I believe New Zealand has been operating this form of geothermal power for over a decade, with success. If I am correct in this, then it would be likely that they are sharing any information/technology with Australia to help them get started.


    In fact, given that Australia probably has a larger R&D budget, it would not surprise me if they'd started some kind of geothermal tech exchange program. As much as each enjoys looking down at the other, this is an area they both know they stand a good chance of doing very nicely from.

  15. Re:SHA-1??? on MD5 Collision Source Code Released · · Score: 1

    I'm usually half-right. Only, not everyone agrees on which half. Gives them something to argue over, which means I get lots of replies to read. :) I get your point, though, and do agree with you.

  16. Re:Regarding security through obscurity on MD5 Collision Source Code Released · · Score: 1
    In some cases, I would completely agree with you. Where obscurity doubles the number of possibilities for a crypto or hash function that need to be examined, you increase the effective number of bits of that function by 1. Thus, in such cases you can use obscurity to increase the effective length of the cryptographic key.


    In other cases, it merely means that the code has been inadequately examined and (as such) cannot be considered totally trustable.


    The problem is in knowing which case applies, at any given time.

  17. Maybe. on MD5 Collision Source Code Released · · Score: 1
    At the moment, there are a million and one APIs for hash functions and many of the basic libraries (such as the shadow password kit, PAM and SSL) use their own internal code to provide these functions. In addition, you've a lot of kits out there providing hash functions by reference (each using their own method of referring to a function) and not all kits provide all functions. gcrypt and mhash seem to do the best at providing a decent selection, but I would not call them either comprehensive or truly transparent.


    I've been throwing around for a while the idea of doing the same for crypto references the same thing that OS groups have done with well-known port numbers - have a standard list of names/numbers that everyone can refer to, so that swapping between implementations is easier and multi-toolkit packages don't have to have lots of complicated mangling to figure out who refers to what how.


    I've also been throwing around the idea of getting popular toolkits (such as SSL, the shadow password suite, etc) to have the ability to use some popular crypto library as an alternative to their internal functions, precisely so that users can update to new algorithms quickly and easily. It would seem to make a lot more sense than the existing approach.


    Finally, I've been proposing a much more standardized internal API so that whenever NIST or NESSIE or someone else runs a crypto contest, the example functions can be directly uploaded into the crypto libraries so that people can experiment with them, so that we can see what happens when you REALLY turn a lot of eyes onto these algorithms.

  18. I can understand your opinion on Red Hat Listed Among 50 Top Tech Companies · · Score: 1
    I can't say I've ever been impressed by Red Hat's support or response time. I am also not confident in the use of Red Hat in an enterprise environment, but that is because of the point I mentioned before of failing to monitor dependencies correctly. It is NOT because there is anything inherently poor in their business model, although I have never been overly impressed by that, either.


    Gentoo is OK, but I've broken the ebuild system many times because (again) dependency checking on the part of the distro maintainers is not what it should or could me. OpenBSD is OK too, but I'd personally use MirBSD for most things. There is a risk, when using untested packages with an OS that is secure through audits, of opening security holes through unintentional interactions. I don't know how much additional checking MirBSD gets to keep the risks down, but because it is designed to be more extensive than OpenBSD - while being built on the same basic codebase - it could be more secure than OpenBSD in cases where you need those extensions.

  19. SHA-1??? on MD5 Collision Source Code Released · · Score: 3, Insightful
    SHA-1 has known attacks, although none have (yet) proven to be useful for an exploit. The SHA-2 family (eg: SHA-256) are "unproven" and not part of the FIPS-180 standard (so cannot be used for US Government work), but I would regard them as being "probably safer" than SHA-1 for secure work.


    TIGER is good, as is Whirlpool. Whirlpool has the advantage that it uses AES as the basis, and AES is regarded as secure. It was also certified for secure work by NESSIE - a European group trying to do for the EU what NIST does for the US - which means that it's probably certified for use in secure environments in Europe.


    According to the Hashing Function Lounge, there are other hashing functions that have not been broken (eg: cellhash and fft-hash) but these are sufficiently obscure that a lack of a known exploit may be through lack of study and not through the presence of good security. It would make them good for beating skript-kiddies, as they won't have the skills to find exploits and those skilled enough at finding them aren't studying those algorithms much. (I don't like security through obscurity, but technically these aren't obscured as anyone CAN study the algorithm.)

  20. There is another perspective... on Bad Day To Be Sony · · Score: 1

    Can you imagine what other defects the DRM must have, in order for Microsoft to decide it is insecure?

  21. If they don't, they should. on Red Hat Listed Among 50 Top Tech Companies · · Score: 1
    BeOS "didn't compete" with Microsoft on the desktop or in multimedia, to avoid being squished like a bug. Bad mistake. Microsoft squished them anyway and, by having not competed, BeOS wasn't capable of surviving. Netscape also tried to avoid confrontation, but Microsoft "knifed the baby" (their words) with no remorse. No, the way forward isn't to run backwards. The giant WILL step on you, if you try. The best hope for Linux is for vendors to fight for every square inch of market space and mindspace that they can. Microsoft isn't about to "play nice". It doesn't want anyone - anyone at all - to be in the computer software industry. They want to be all, sell all, do all, and want the playing field utterly deserted of all others, even if there is no conflict at this time.


    The only way Linux - or any other OS - is going to survive is to play fair but play hard and never, ever give ground to Microsoft. When boundaries are not recognized and courtesy is not respected, the only hope for enduring is to throw caution to the wind and charge.

  22. Although on Red Hat Listed Among 50 Top Tech Companies · · Score: 1
    I would not be willing to agree that Red Hat are bad - they're no worse than any other distro I've tried, and the range of software is good - but I would be willing to agree that their QA isn't impressive (eg: they don't build their Fedora development RPMs when a dependency has changed, breaking updates), the "install everything" states that it includes stuff not listed (which means if you need those components at the very start, you HAVE to install everything), you cannot install using any filesystem other than EXT3 and the installer is not IPv6-compliant.


    There is room for a distribution which uses Fedora as a starting point and builds what you really want/need from that - much the same way Slackware grew out of SLS. Remember, nobody has ever assumed Open Source solutions to be perfect, or we'd still be using the MCC distribution, Shoestring for the boot-loader (hey, it was a damn good boot-loader!) and X10 for the GUI. (I dare someone to find a still-running, still-in-use X10 server.)

  23. Many, many RHEL rebuilds out there on Red Hat Listed Among 50 Top Tech Companies · · Score: 2, Interesting
    Scientific Linux is another. They're good for stability, but I wouldn't rate them much for performance (the builds are all pretty safe and have no obvious speedups anywhere), extensibility (very few RPM sites provide RHEL RPMs) or progressiveness (you can't update Enterprise-level software that rapidly, but RHEL is getting positively ancient in places).


    I'm hoping someone'll put together a "best of" compilation, using what's stable (and what can be made stable) from the RPM repositories - including Fedora - but optimized much more aggressively. I would, but I don't have the bandwidth or the disk space to carry a distro. If someone was interested in hosting, that would be another matter. I'd certainly be willing to compile the code and upload it to a host site.

  24. The updates aren't that impressive on Red Hat Listed Among 50 Top Tech Companies · · Score: 1

    But I've found Scientific Linux (another RHEL rebuild) to be better than Centos, overall. The problem with RHEL-derived distributions is that next to none of the RPM repositories will work with them, because many of the packages are archaic.

  25. Re:Any non-independent study on Red Hat Listed Among 50 Top Tech Companies · · Score: 2, Funny

    That should be sodium chloride. Though if you want to use sodium fluoride on bullshit (or indeed food), I won't stop you. I'll just not eat in the same restraunts.