Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. True, but confused. Mature and beta open to you on Survey On the Future of Open Source, and Lessons From the Past · · Score: 4, Insightful

    You bring up two points that are worth addressing. There's some truth to both, and there's good news on both - they are solved by using open source in a way that makes sense, not thinking it's exactly the same as proprietary software, except you get the source code. It's kind of like saying that dogs are better than cats because your cat won't play fetch. True, cat's don't play fetch, instead they play with laser pointers.

    You're right, you can find lots of beta level OSS. Both free and proprietary software have betas. With proprietary software, you're not allowed to see the betas (unless it's Microsoft, in which case your new computer comes preinstalled with Windows 8 alpha.) With free software, you can choose the beta version of a mature project (Fedora), the stable version of a mature project (Red Hat), or the beta version of a new project (FuSe). They are all available. That means you'll want to look at the status of that version before making a major commitment to it. Don't install FuSe if you want a mature system, install Red Hat. It's actually cool that you CAN choose FuSe, or a development kernel, if you want some new feature that's in development and not yet rock solid stable. You do want to check though, and that's why Sourceforge shows you right up front how much activity the project has, the version numbers, user ratings, etc., so you can choose maturity vs. bleeding edge, etc.

    You also mentioned documentation, which is sometimes important, and is actually entirely separate from the quality of the software. True, the programmers of OSS have less incentive to author well organized, newbie friendly documentation in the style you're accustomed to, unless you use a certain trick. There's actually MORE in-depth documentation for OSS. Every change to the software and the design decisions are normally documented three times: on the -dev mailing list, in git/svn, and in bugzilla or similar. If you have a question, you can email the list and the authors of the software will answer you, assuming you ask a Good Question (see ESR). So if you want to really understand how something ticks, you can find lot more information about how Apache works than how IIS WORKS, for example. That's not too newbie friendly, though. For comprehensive, newbie friendly guides, you need one of two magic words.

    HOWTO is the first magic word. Google _____ ______ HOWTO for any OSS topic and you'll probably find the documentation you're looking for. If not, the second magic word is "book". I work on a OSS project you've probably never heard of, Moodle. Moodle isn't a high profile project, yet Barnes & Noble has EIGHTY listings of Moodle books. That's EIGHTY versions of the comprehensive documentation you're looking for. (Could be 40 different books, B&N may have duplicates listed.) I know, you're shocked. I just suggested BUYING something related to open source software. I know it may seem strange, but compare $500 for a Microsoft solution versus $22 for the book to go with the free software option. I'll take $22 over $500 all day long if I really need 150 pages of illustrated documentation.

    So you're right, OSS projects don't prevent you from downloading beta quality code. And dogs don't catch mice. Consider this post as "Intro to Cats, a Guide for Dog Lovers".

  2. 3 pirate propaganda stories in 5 hours? We get it, on Records Labels Prepare Massive 'Pirate Site' Domain Blocking Blitz · · Score: -1, Troll

    ANOTHER one, really? You guys post more piracy propaganda than the pirate party does. We get it - dice REALLY enjoys intellectual property theft. Also, you're rabid global warming freaks. We know. Now how about some news for nerds, stuff that matutrs.

  3. My company insists on paying for training on Ask Slashdot: How Do You Deal With Programmers Who Have Not Stayed Current? · · Score: 1

    Where I work, it's the opposite. They onsist on training, and on paying (too much) for it.

    My natural tendency is to simply RTFM. If it's not covered in the manual, I normally read the code. If the code is unclear, I ask the people who wrote it. (I work with open source, meaning the developers of any product I use are an email away.) Yet, the organization insists that I find a conference or something for them to fly me to every year, and classes to take.

  4. PS - that's why you see SB on GirlsGoneWild, etc. on Honeywords — Honeypot Passwords · · Score: 1

    BTW you may be familiar with it from when you log in to GirlsGoneWild.com or whatever. Have you ever noticed the "protected by Strongbox" message on any of the sites you visit late at night? Maybe you also noticed that yur credit card statement doesn't show the charge as being from "GirlsGoneWild.com", but from some billing company. The billing company creates and hashes your GGW.com password. The owners of GGW.com use Strongbox to watch over the passwords that are managed by Paypal or whichever billing company they use.

  5. Read it again on Honeywords — Honeypot Passwords · · Score: 1

    No, Marcospothead, read it again (either post). When you pay for a web site, Paypal or some other biller accepts your $5 so that you can access geektutorials.com or whatever. Paypal or CCBill or whichever biller creates your password for geektutorials.com. That has nothing whatsoever to do with your PayPal password.

  6. Apparently you completely missed the point on Honeywords — Honeypot Passwords · · Score: 1

    Apparently I completely failed to communicate the points.

    First, most often, the programmers choosing the algorithm are NOT employed by the owner of the site. The owner of the site wants to protect themselves from dumb decisions made by the billing company. Most sites use a third party biller such as Paypal, CCBill, Zombaio, etc. If you run geektutorials.com, billing through Paypal, you have no control over what algorithm Paypal uses to store your passwords*. You do, however, want to be notified when your passwords, which were hashed by Paypal, get compromised. So the person or company wanting the fix is not the person or company who made the bad programming decision.

    The other scenario is when the programmers DID choose a god, secure algorithm. Ten years ago, many good programmers chose MD5 or salted MD5, which were secure at the time. Millions of passwords were hashed with MD5 and salted MD5. Later, MD5 was cracked. Suddenly, the properly hashed passwords were at risk. Strongbox or another system with this feature would alert you when the code which was understood to be secure when written is later compromised.**

    * You actually CAN replace the biller's script, and we do that too. That doesn't fix the bad algorithm already used for existing users, though. So even if the biller's bad choices are fixed, an alarm is still required.

    ** MD5 is currently broken _for_certain_purposes_. _Salted_ MD5 _for_passwords_ is still secure today, assuming reasonable input validation. It might be broken next month, though, so an alarm is wise.

  7. So you're saying the longwinded code is broken on 450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up · · Score: 1

    Your "better code" is actually not equivalent (the first loop doesn't copy the nul terminator).

    So you're pointing out that the longwinded code doesn't even result in a valid C string. Ergo, the longer code is broken.

    <quote> Even if it was equivalent, I don't think I would necessarily call it "better".</quote>

    The authors of every major language library call it "better". That example is copy-paste from glibc and everyone from Stroustrup to Knuth has used the same code.
    Given that Knuth knows far better than anyone on Slashdot, I'll stick with what he uses.

  8. Here's why Strongbox does it on Honeywords — Honeypot Passwords · · Score: 1

    I can tell you two reasons to do it. Often, the billing company manages the password list. The top billing companies including Paypal, CCBill, etc. do not use strong hashes by default. Instead, they use DES, which was secure in 1972. Hundreds of thousands of sites use a third party security package like Strongbox to provide password security for those passwords which are generated by the biller(s). Strongbox or a similar third party solution can use "honeywords" to detect breaches even if they can't control the algorithm Paypal uses.

    Secondly, when SB DOES manage the passwords, it was designed to use a highly secure, yet highly portable hash. With glibc supporting crypt($1$), the best algorithm at the time was salted MD5. While still secure in THIS CONTEXT, salted MD5 could fall given the fall of MD5 in other contexts. In case salted MD5 is ever broken, this system would alert SB users if their list was compromised next year or in 2016 or whatever.

    Due to the popularity of untrained programmers writing web apps in an inherently insecure language, PHP, breaches are VERY common.

  9. HIgher defect density indicates BETTER code on 450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up · · Score: 1

    Counterintuitively, defect density is actually an INVERSE indication of quality - better quality code will have MORE defects per line.
    The reason I say that is because better code has fewer lines per problem. Consider strcpy(), a function to copy array of characters (a C string). You can't use strcpy() in your cd - you're supposed to create strcpy(), copying each element of the array.
    Take a moment to consider how you'd write that before looking below.

    Roughly how many lines of code did you use to copy an array? Here's what a typical corporate programmer might do:
    while (source[i] != '\0')
    {
        dest[i] = source[i];
        i++;
      }

    So one error in that code would be 1 defect per five lines or so.

    Here's all the code you need, what a better programmer would write:
    while (*dest++ = *src++);

    If the typical programmer and the expert both had exactly one error, the expert would have five times as many bugs PER LINE than the typical programmer! So you're better off with code that has a higher density of errors - better code will have fewer lines per error.

    This is the same reason LOC is an inverse indicator of productivity. Yesterday I fixed a junior programmers code tat looked like this:

    if ($category = 'rings') {
            $page = 'rings.html'
    }
    if ($category = 'necklaces') {
            $page = necklaces.html'
    }
    if ($category = 'bracelets') {
            $page = 'bracelets.html'
    }
    if ($category = 'loose_stones') {
            $page = ''loose_stones.html'
    }
    if ($category = 'charms') {
            $page = 'charms.html'
    }

    Of course I changed that code to, well, zero lines, I just used the $category variable where he had used the $page variable. Code which accomplishes a task in zero to one line is better software, written by a better programmer, than code that uses eightteen lines to accomplish the same thing.

  10. Next step? Keeping work and social life separate? on Hiring Developers By Algorithm · · Score: 1

    I'm not sure what you mean, why you think there needs to be "next step". It seems to work fine as-is. I suppose if you had to take it another step, though, you wouldn't go out with anyone from work.

    My boss and I work very well together. There's no need for us to hang out at happy hour after work. That isn't necesary in order to work together. Because she happens to be a smart, attractive woman, hanging out after work could possibly result in problems. She and I both understand that, so we don't put ourselves in a situation that could have bad results. That doesn't affect work.

    Hmm, I'm PRETTY sure she doesn't read Slashdot and won't see this post. :) By "attractive" I of course mean hardworking, smart, and skilled.

  11. Inviting opposite gender can look like flirting on Hiring Developers By Algorithm · · Score: 1

    What you said is right. Also, where I live, mengenerally hang out with men women with women, because a man inviting a woman can be perceived as flirtacious or similar. Also of course couples hang out with other couples. Outside of work, if a female friend gets married, a guy gets to know her new husband and then calls HIM to invite them somewhere, or my wife will call the female friend. I, as a man, don't call women with social invitations very often.

    Formerly, I didn't respect that tradition and I had many women's phone numbers. In time, I found the tradition is based on wisdom.

  12. Except most R&D IS done by companies on Canada Revenue Agency To Tax BitCoin Transactions · · Score: 1
    Yore post sounds plausible, but declares that the world's we live in cannot exist. For example:

    That's the nature of research and if the government didn't do it then no for-profit company that can't see past next quarter's profits is going to.

    Sounds good, but in fact companies actually do most research. 3M and Dupont are largely research labs, for example. Surely you're familiar with the contributions of Xerox PARC (Palo Alto RESEARCH Center). Everybody likes to beat up on drug companies, but they spend BILLIONS on research. The best research in the world was 20th century US, when Edidon's research labs were creating awesome new stuff weekly, without any taxpayer funds.

    In my experience, the difference between government R&D versus private R&D is that companies do research that might actually achieve something - a more effective lightbulb or a cure for a disease. Government researches the breeding habits of the Southern Maryland pond worm for "just because", for no apparent reason.

  13. Audit. Bitcoins aren't special on Canada Revenue Agency To Tax BitCoin Transactions · · Score: 4, Informative

    Tax laws are enforced through audits. The government notices you have a site selling T-shirts, for example . Based on hueristics plus a random chance, they may decide to audit you. At the audit, tney examine your books, comparing what you spend versus the income you report. Maybe they notice you have a car, a 2011 Camaro. They know how much a 2011 Camaro costs, they probably see the payments on your bank statement. There had better be income reported to cover that expense. Once all of the major expenses are covered, and everything that's shown on your bank statements, and any major assets are accounted for, they know roughly what you're probably spending in cash, on small things. (People with $150,000 houses and $35,000 cars spend about $x,000 on entertainment.) It needs to all add up with the income you report.

    Secondarily, someone can rat you out. Maybe ypu have a partner or employee helping you sell "Fuck Taxes" T-shirts. If things go south, the former partner or employee could alert them to the fact that you sold $xx,xxx worth of T-shirts and didn't report the income. (Tax fraud.) Maybe the employee rats you out when SHE gets audited, or maybe she's unable to hide the income from the bysiness when she's audited.

    It's easier to just pay the taxes you owe.

  14. No, the audit system doesn't store passwords. on Mitigating Password Re-Use From the Other End · · Score: 1

    The audit system doesn't store passwords. It stores information about log-in events - who logged in from where, using what type of hardware, which browser, which version, etc. It then audits that information. Suppose for the life of your account you've always logged in from Kansas, US, on either a Mac using Safari or an iPad. Today, someone claiming to be you is trying to log in using a Windows XP machine in Russia, and also someone claims to be you logging in from a web server in China. The system would flag that, knowing the web server is probably a zombie. Adult sites have been doing this very successfully for years, using systems like Strongbox.

    That's a very basic overview of a fairly complex system, but if you've ever visited a site like members.GirlsGoneWild.com you've already had this type of auditing system protecting your account.

  15. Adult sites doing this well for years, Strongbox on Mitigating Password Re-Use From the Other End · · Score: 1

    The sites can only send new log entries to the third party server, not modify existing entries. Any bogus records would have the effect of locking down the accounts that the hacker is sending bogs data for. Adult sites have been doing this for many years using systems like Strongbox, and it works.

    To clarify something other people brought up, the remote audit system doesn't store passwords. It stores information about log-in events - who logged in from where, using what type of hardware, which browser, which version, etc. It then audits that information. Suppose for the life of your account you've always logged in from Kansas, US, on either a Mac using Safari or an iPad. Today, someone claiming to be you is trying to log in using a Windows XP machine in Russia, and also someone claims to be you logging in from a web server in China. The system would flag that, knowing the web server is probably a zombie.

    That's a very basic overview of a fairly complex system, but if you've ever visited a site like members.GirlsGoneWild.com you've already had this type of auditing system protecting your account.

  16. False. Only proved that teenagers like music on Ask Slashdot: Are There Any Good Reasons For DRM? · · Score: 1

    The "studies" you refer to found that teenagers are into music. Nothing more, nothing less. They then claim "the same 'people' (age group) that steals music also buys it. Some teenagers steal, others buy. It's not the same people. It's just that teenagers are the largest market for new music. Teenagers steal the most music, listen to the most music, and talk about music the most. That doesn't mean thieves are purchasers.

  17. Indeed. Are awk, sed, grep, vim dead? on Ask Slashdot: How Do You Assess the Status of an Open Source Project? · · Score: 5, Insightful

    Yeah you want to be careful with activity metrics. Awk hasn't seen many updates in the last two years. Mostly because it hasn't NEEDED much in the last ten or twenty years. That means it's already rock solid, not that it should be avoided.

  18. PARTS! PARTS of files on Ask Slashdot: Do You Move Legal Data With Torrents? · · Score: 1

    scp has a flag to transfer only the 1KB part that changed within a 100 MB log file? And FYI you're simply wrong about rsync. In fact, the default, when copying files over the network, is to not even copy modified files, only the modified parts. You have to use --whole-file to change that.

  19. Funny you should say that. Hope, after meniality on What's Actually Wrong With DRM In HTML5? · · Score: 1

    Funny you mention that. In a post last week I mentioned something I noticed while working with felons, which also applies to some other people. They'll spend two months looking for a job. Then when their parole officer says "get a job by Tuesday or I'm filing for revocation", they suddenly go get a job that same day. Don't worry, keep looking. Soon enough your parole officer or probie will put their foot down and you'll go get a job. One tip - do NOT lie about your felony. In fact, the best approach seems to be to address it right up front, before the potential employer finds out about it.

    The good news is, the sky is the limit. The first job is hard to find / not the job you want. After that, it's amazing. The head of our county probation office is a friend of mine, and a multiple felon. Another friend, also a felon, is now now an assistant dean at a university.

  20. I agree with you, 25 cents / hour on What's Actually Wrong With DRM In HTML5? · · Score: 1

    For grocery shopping, you may well be right. But remember that minimum wage laws were originally enacted in a very different environment, where they immediately benefited huge swaths of the workforce (factory workers, miners etc) where the owners had much bigger margins.

    As another poster noted in reply to your comment, minimum wage laws can be both beneficial and detrimental. It all depends on the wage being set and other market conditions involved. Most certainly, the simplistic view that minimum wage is always bad and should be abolished is wrong.

    I don't see any other replies to my comment. You mentioned "when minimum wage laws were originally enacted". When federal minimum wage was enacted in the US, it was 25 US cents per hour. I agree, a minimum wage of 25 cents per hour is okay. :)

    Adjusted for inflation, that 25 cents is $4.02 in today's money. That's probably about what a stoned high school student who shows up 15 minutes late is actually worth. So $4.02 is about right - a minimum wage for a minimum employee. On the other hand, the gas station near my house starts people at $10.50 / hour because they don't want minimum employees, they want people who show up on time. That seems to be about the going rate to show up on time, sober.

    So what of the people not worth $10.50, the kids who haven't learned how to show up time, the helpless drunks, and the sociopaths? Should they be allowed to work for $8 / hour? Obama's proposal says no, if you're 17 and not ready to be responsible, you're not allowed to start at $8. His proposal is that if you're not worth more than $10.10 / hour, you're stuck on government handouts - you won't be able to work for less than $10.10. Is that a good rule? You decide.

  21. 1 RTT per GB? For a Maildir mail spool, yes on Ask Slashdot: Do You Move Legal Data With Torrents? · · Score: 1

    The GP referenced isos and "10s of terabytes of data". Unless those tens of TB are BILLIONS of tiny files, 1 RTT per file would be less than 0.01%. For lots of tiny files, like Maildir, yes SMB sucks. Of course SMB is Microsoft, so the fact that it sucks is assumed.

  22. TTI found the same thing today. Handsfree is unsaf on HTC Does What Google Wouldn't: Sell an LTE Phone That Sidesteps AT&T · · Score: 1

    The Texas Transportation Institute ran an experiment this week with the same result - hands-free devices significantly reduce safety, almost as much as hands-on.

    Taking to passengers is irrelevant. It's exactly like saying "since I can chop off my left hand, I should chop off my foot."

  23. Already 2-3%, not going any lower. Close the store on What's Actually Wrong With DRM In HTML5? · · Score: 1

    The typical net margin in the grocery industry is 2-3%. That's what a grocer makes if they are lucky enough to stay in business. It can't really go any lower.

    Bonds pay 1% - 7%, so if grocery margins were any lower store owners may as well shut down and just get bonds - they'd get the same return without the trouble of running a grocery store.

  24. Jump through hoops because it's not standard on What's Actually Wrong With DRM In HTML5? · · Score: 1

    The proprietary DRM requires a lot of jumping through hoops. Given that drm WILL exist, would it be better to have that DRM be as it is today, or to be standardized, so it works correctly on all platforms? I don't like DRM, but I'd prefer DVD-style standardized DRM, but openly discussed to avoid Sony dumbness, over proprietary plugins for each DRM scheme.

  25. No, it's not private. Who owns it? Who makes decis on Unanimous: Provo Utah Council Approves Google Fiber · · Score: 1

    it's a private entity

    Who owns it? According to UTOPIA.org, 16 city governments own and run it.