Slashdot Mirror


User: dkf

dkf's activity in the archive.

Stories
0
Comments
3,983
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,983

  1. Not what I expected on Sony Guarantees Playstation "Home" Launch Before 2009 · · Score: 1

    I read the title on the story, and immediately wondered if the existing console was the Enterprise Edition...

  2. Re:30 years of Lego Mining on 30 Years of the Lego Minifig · · Score: 1

    Brings to mind visions of people hard at work, in secret underground Danish mines, toiling to harvest bricks for the children of the world.

    FYI, Danish mines contain cheese, not Legos. Everyone knows that legos are caught at sea.

  3. Re:ok how about... on Facebook & Myspace Taking Some Spammers To Court · · Score: 1

    Men are targeted by [...] products treating erectile function disorder and hair loss, and promoting penile enlargement.

    The spammers seem to have those things covered already.

  4. Re:Cheat code for even Sudoku?? on Solving Sudoku With dpkg · · Score: 1

    Second, I, and I'm sure I'm not alone on this, would rather write a program to solve sudoku than actually play sudoku. Some people love sudoku; I found it boring. Now writing software to solve a puzzle, that's interesting.

    Sudoku's only interesting at the very hardest level, where you have to apply real logic to take it on. But then again, I've always found only the hardest problems are ever persistently interesting; if you're bored, do something more difficult and stop wasting both time and braincells.

  5. Re:It hurts you to learn C++ is still being used. on Interview Update With Bjarne Stroustrup On C++0x · · Score: 1

    And I can say with a straight face that you are wrong.

    I'm glad I'm not playing you at poker.

  6. Re:Is Pascal grammar LR now ? on Interview Update With Bjarne Stroustrup On C++0x · · Score: 1

    If not, it can't do this:

        char * p, * q;

        while (*p++ = *q++);

    :-p

    IIRC, Pascal's got a good grammar (it's closer to Algol than C++ is) and so has an LR grammar. Also, Pascal can't do it with that syntax (well duh!) but copying strings is easy IIRC. (It's been a long time since I wrote Pascal.)

  7. Re:This is the RIGHT solution... on Firefox SSL-Certificate Debate Rages On · · Score: 1

    keeping your certificate legitimate and up to date should be no different than taking care of your insurance or other critical infrastructure

    I agree, though I note that for some organizations, this would still mean letting things lapse. I've heard some real horror stories with (non-)maintenance of critical infrastructure or relinquishment of insurance. Too often people aren't just cheap, but actively saving in one place only for the costs to jump right back at them elsewhere and massively larger. (This isn't a new phenomenon though; people have been stupid this way for thousands of years.)

  8. Re:...and They Were Thinking... What? on RIAA Exec Moves Over To Gaming Industry · · Score: 1

    Now you could argue that some effort towards warming said heart might be worthwhile, but then you run into /. mob justice. It's easier to lynch someone than to fix them.

    Of course. Central Casting has plenty more slimy swines where that one came from, so there's no real incentive to save.

  9. Re:I just don't get it.... on Interview Update With Bjarne Stroustrup On C++0x · · Score: 1

    ...what do people find so difficult about C++?

    The real pain in my experience with C++ is that it is difficult to maintain a stable ABI for libraries built with it. The issue is that too many details of the layout of library interfaces vary between different compilers on a single architecture (including different versions of the same compiler, alas) and too many details of the API get bound into the clients of the API, making it difficult to evolve that API without breaking the ABI contract.

    Umm, that sounds technical. To put it simply, it's nice to not have to recompile the world when you do relatively minor adaptations to a library. With C, that's fairly easy to achieve, but C++ makes life much harder and C++ compiler authors don't do much to help. This was a big enough issue that in the end we rewrote the library in question from C++ into C, which was not pleasant but gave us a better handle on maintenance.

    Of course, I'd much rather be scripting, where you can get a program written and your problem solved in seconds...

  10. Re:It's Downhill from Here on People On No-Fly List Can Sue In District Court · · Score: 2, Funny

    The chief threats to the US global hegemony are the Chinese government, the Russian gas firms, the European Central Bank, and peak oil. A bunch of fuckwits in suicide vests shouldn't even be on the radar.

    But that's enough about the ECB!

  11. Re:Modern Server Hardware on Six Questions To Ask Before Telecommuting · · Score: 1

    True, but since when does a corporate IT environment consist solely of servers. It's the client PCs, the printers, the photocopiers, the data projectors, etc. that need the loving touch of a support person.

    That's (part of) why corporate IT has multiple different support roles. Some things need people on-site, others don't. Some things are too important to out-source, others aren't.

  12. Re:Why can't the whole web be HTTPS? on A Good Reason To Go Full-Time SSL For Gmail · · Score: 1

    Because CA-signed ssl certs cost $$ for often no measurable (as in $$) benefit

    $20/year is "$$" these days? The recession must be really biting where you are!

  13. Re:Just for Google? on A Good Reason To Go Full-Time SSL For Gmail · · Score: 3, Informative

    You are mixing up security and identity.

    Not really. Had you said that he was mixing up encryption and identity, I'd have agreed, but for secure communication with some other party you need to both secure the channel (encryption) and verify that the other party is who you want to talk to (identity). Without that identity verification step, you're very vulnerable to man-in-the-middle attacks.

    There are many ways to handle the identity problem (e.g. by using a shared secret key) but SSL is elegant in that it uses public key cryptography to set up a secret session key and ensure that the other party is who you think they are. That all works great and is straight-forward if you know each other's public keys, but that really doesn't scale. Think about it: how do you find out my public key and ensure that it really is my public key? You've probably not got the time or resources to meet me in person.

    There are two solutions to this, both of which rely on adding cryptographic signatures to public keys to allow you to determine whether someone you trust knows the key is right. PGP and GPG use a "web of trust" scheme, and SSL uses "certificate authorities". When done properly, CAs are an excellent solution since they can require really strong proof of identities before signing anything, and there are CAs about who do this sort of thing for real. (HTTPS uses an additional check over basic SSL in that it requires the server to have its DNS name signed into the public certificate, which stops additional types of spoofing peculiar to some types of web interactions.) Web browsers are seeded with the public certificates of CAs believed (through analysis of their published policies) to be well-run.

    The problem is that not all CAs are scrupulous. OK, a black-hat operated CA will always be bad, but some others are looking more and more grey due to their pursuit of the almighty buck at all costs. In effect, they're breaking their own policies and hoping that nobody will notice. The only solution for this is to revoke the trust of those CAs who do this, either by getting their master CA to revoke the signature (why do you think CRLs/OCSP is important?) or by removing a particular trust root from browsers. That last option is very much the "nuclear option" since it will harm a lot of perfectly innocent bystanders, but I reckon that unless and until someone is publicly crucified like that, the siren call of the extra cash will win more often than it should.

    (Yes, I know I've simplified things a lot. This message is long enough!)

  14. Re:long story short... on Why One-time Passwords Suck For MITM Attacks · · Score: 1

    Even if all of the real CAs are fixed, how long before the blackhats start selling certs that are signed by their CA, whose certificate is added to people's trusted cert list by their trojan?

    That's a real weakness. But you have to start somewhere. The only workaround for this is to burn in a master "CA of CAs" certificate into the software in such a way that trojan's can't interfere with this. But I'm not sure that that's a great solution, even with the assistance of something like Trusted Computing, because it is too easy to use to lock out genuine small operators.

    Bleah. I don't have a solution to the combined power of stupidity and cute kitten screensavers. Best we can hope for is to be able to keep the blackhats out of our own systems.

  15. Re:Luxury! on Olympic Media Village – Most Expensive Internet In the World? · · Score: 1

    And every night our Dad would thrash us to sleep every time we got a NO CARRIER.

    Of course he did. Those carrier pigeons are expensive!

  16. Re:Uh huh ... on Medical Health Disclosure vs. Steve Jobs' Privacy · · Score: 1

    And in this case, the difficult part would be figuring out who has the keys and ensuring that only the right people got the right keys and they are used in the right situations ( at least part of that would have to be an automated system of verification).

    But that's primarily not a technical problem, but rather a problem of human processes. Which was my point after all.

  17. Re:Al Gore has some good ideas on What Gore Didn't Say About Solar Cells · · Score: 1

    Whoa there, this statement IS NOT a fact. Public works projects can help a slumping economy, but only if the public works project is needed, and absolutely helps expand the economy. There is more to it than that, but creating jobs does not necessarily expand the economy but can result in simple wealth redistribution. For example, if the government hired 10,000 people to dig a giant ditch, and than hired another 10,000 people to fill in the ditch, jobs would be created, but would it help the economy? The government doesn't magically have money, they need to obtain it somewhere. In this instance they've created 20,000 jobs, but added nothing to the economy. In fact, under such a situation, they've likely decreased the economy. Even if unemployment is really high, some of these people are likely not doing other (productive) jobs to dig a ditch and fill it in instead. This decreases the net value of the economy. Additionally, where is the money to pay these workers coming from? They either tax the people (reducing the money they have to create new jobs, and buy goods, decreasing the size of the economy) or print money, causing inflation, resulting in an inflation tax instead.

    That too is an oversimplification. The issue here is that people on welfare are (sadly) more likely to be law breakers of various descriptions. Sure make-work like you describe isn't great, but it keeps those 20k people from other mischief and that's cheaper overall in tax dollars than dealing with the consequences of criminality. (Prisons are flaming expensive to run; there's got to be a better way to use taxes than that!)

    Remember everyone: optimizing globally is better than doing peephole opts, and that applies to Real Life too.

  18. Re:Uh huh ... on Medical Health Disclosure vs. Steve Jobs' Privacy · · Score: 1

    I think the answer to some of the problems is encryption.

    Only the trivial problems, since encryption is a technical solution. (If there's a good technical solution, the problem's got to be trivial, yes?) The tricky bits are working out what (if any) legal or social changes are needed and desirable as well.

  19. Re:Sure, they have that right. on Medical Health Disclosure vs. Steve Jobs' Privacy · · Score: 1

    And surely the public/investors in view of a lack of a full disclosure have the right to sack/not elect politicians/CEO's who will not disclose potentially pertinent information about their ability to work in their role.

    I don't know about you, but when I invest, I'm not so worried by the health of the CEO but rather by the financial exposure and sanity of the other investors and brokers involved in the companies I'm thinking of investing in. Ergo, if I'm going to invest in a company you've invested in, I need you to give me all your bank details and undergo a psychiatric assessment. After all, it's so as to promote investor confidence, so it must be an absolute good, yes?

    Or maybe this is a case of "information about the health of the CEO is off-limits unless (s)he freely chooses to tell you". If you can't cope, take your money elsewhere; that's your only absolute right.

  20. Re:as per Stargate: on Scientists Find Trigger For Northern Lights · · Score: 1

    The Asgard went instinct

    Say what? They stopped reasoning for themselves and started going with whatever their gut response was for everything?

  21. Re:Three months? Ever hear of "google"??? on Yahoo! Music Going Dark, Taking Keys With It · · Score: 1

    You got some random page about the Internet Assigned Numbers Authority?

  22. Re:Why not just say ... on How To Deal With Internet Bullies? · · Score: 1

    Works beautifully until they get a second monitoring account.

    Persistent Trolls tend to have other stereotypical behaviors (e.g. particular patterns of searches after they log in) that make identifying them relatively easy (and, more to the point, possible to automate).

  23. Re:My dad can beat up your dad... on The Death of Nearly All Software Patents? · · Score: 1

    My apologies for being confrontational, I've met my fair share of egotistical 'computer scientists' who were so proud of their brand new' life altering' linked list logic... So usually when people pull out the "programmers are lesser than computer scientists" argument, I jump to the defensive side ;)

    Meh (and quadruply so at the idiots who get excited about linked lists; they're an extremely well understood area of DS&A). As a certified Computer Scientist[*], I have to note that it's a pretty broad field. There are those who study the physical devices that are computers, those who study the logical artifacts that control that machinery, and those who study the interaction of these things with humanity. This means that CS is founded on Engineering, Math, Psychology and Business (err, "Applied Sociology"). In other words, it's definitely its own major field! Which isn't to say that every computer scientist is good at all of these bits or interested in them; that would be ridiculous. But if you want to understand the field as a whole, you'd better be prepared to work really hard.

    Myself, I like making stuff that other people use and I like turning really complicated things into stuff that ordinary mortals can handle. I just wish that didn't involve so much damn project management though...

    [* Really. Not that certification means anything much on its own other than the ownership of a piece of paper. ]

  24. Re:2% Implies a known boundry on Google Blogger "Hosts 2% of World's Malware" · · Score: 1

    In order to determine that it is 2% means that they would have to know exactly how much is out there in the first place - how would they know that?

    There are statistical techniques they can use that were originally developed for working out how many members of an endangered species are in an area. The issue with endangered species is that not only are there not that many of the animals about, but they move around as well. So what you do is capture and tag a few, and come back later on and repeat, noting how many you catch twice. Repeat a few times and you can have a pretty good guess at how many are out there.

    I bet that sort of thing could be adapted to this stuff without too much trouble.

  25. Re:Losing Anonymity? on Google's Knol, Expert Wiki, Goes Live · · Score: 1

    which is why wiki is fucked in the long run. experts dont like taking out the trash.

    You have a citation for that, or does it represent original research? (In my experience, some people like being wikignomes and others don't; it seems orthogonal to subject expertise. YMMV.)