Slashdot Mirror


User: jc42

jc42's activity in the archive.

Stories
0
Comments
6,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,784

  1. MIT vs RoC on Vint Cerf Talks About Internet Changes · · Score: 0, Flamebait

    ... Massachusetts Institute of Technology (MIT) got more addresses than The Republic of China alltogether.

    Yeah, well, this is appropriate, because MIT has more computing devices than China does. ;-)

    And we won't have to reorganize it; we've already done that. It's called IPv6. If the Chinese would have the brains to use it, they wouldn't have any address problems.

  2. Re:Hardly news ... on CERT: Sendmail Distribution Contained Trojan Horse · · Score: 2

    > By that definition, most linux software is a trojan

    Well, yeah; I often tell people that all the programs that I write contain THs. For example, I usually include a number of debug hooks that jack up the verbosity. Most users don't want to know about these things, so I only document then down at the end of the man page, where it won't be seen. So to most users, my programs can suddenly start writing huge log files that they weren't expecting.

    I also often include code that isn't quite working yet, and only enabled via some command-line flag that isn't documented. I can tell a few select beta testers about it. To everyone else, such things are TH code.

    People do write a lot about such things without ever making their definitions clear. It can be fun to make up a "reasonable" definition and see if you can argue that it applies to your own stuff.

  3. Hardly news ... on CERT: Sendmail Distribution Contained Trojan Horse · · Score: 5, Insightful

    Let's see, a Trojan Horse is basically defined as an undocumented chunk of code hiding inside a program, which does something that you don't know about or understand.

    Sendmail is such a complex beast that, no matter how much you personally know about it, there are always things in there that you don't know about or understand.

    So it has always been full or Trojan Horses.

    This is the fundamental thing that's wrong with building a hugs program that tries to do everything possible. Pretty much all the other mail tools are better at sendmail in this respect, because they only try to be a mail tool.

    Sendmail, OTOH, is an emulator for a rather complex sort of machine language. Some time back, someone demonstrated that it was possible to emulate a Turing machine with a sendmail.cf file. Impressive as this may be technically, it's way overkill for the task, and it shouldn't be any surprise to anyone when problems turn up in sendmail and aren't discoverted for a while.

    It's guaranteed that there are others lurking inside that monster.

  4. Re:"It's already in the Xeon" on Ars Technica on Hyperthreading · · Score: 4, Interesting

    > developers have to make their programs multithreaded. In the Windows world, this happens already, far less so in the Linux world.

    There's a good reason for this. The biggest problem with debugging multithreaded code is preventing the threads from shooting each other in the foot. On unix-like systems, there's a simple, elegant solution to this: processes. If you use independent processes with shared memory, you can limit the foot-shooting problems to only the shared segments, and the rest of the code is safe. You also have several kinds of inter-process communication that are easy to program and fairly failsafe.

    On Windows, you don't much have these things. Developers don't much take advantage of multiprogramming, because the inter-process communication tools are so complex. So the model is a single huge program that does everything. The natural development is toward an emacs-like system, in which everything is a module in one huge program. In such a model, it makes sense to want to use threads, so that some tasks can proceed when others are blocked.

    One way to get unix/linux developers adopt threads is making it more difficult to use the basic unix multi-processing and IPC tools. If they can be made more complex than threads, then people will adopt the Windows model.

    Alternatively, the threads library could be made as easy to use as the older unix approach. But so far, there's little sign of this happening.

    Threads are a debugging nightmare, and a programmer who has lost months trying to debug a threadized program, and finding that the end result runs even slower than the original, is going to be shy to do it again.

    Also, calling the developers dummies isn't very persuasive. They mostly hear such insults as a euphemism for "It's too complicated for your simple mind." When I hear things like that as answers to my questions, I tend to agree with my critic, and revert to things that I can understand and get to work right.

  5. Re:What about credit card numbers? (HUH?!) on SA Government's Crypto Registration Up And Running · · Score: 2

    > Where does this leave a free OpenSSL mirror (not selling anything)?

    Well, I'd bet that they would consider this a "sale" that requires registration.

    If not, then the law is pointless. As a vendor, I could just say "I'm only selling the hardware; the encryption is free." Sellers love to give things away "for free", if you only get the free things by paying for something else.

    Whether they could actually impose a registration fee on openssh.org isn't obvious. Who would they extradite and toss in jail?

    There's still the prospect that a clueless SA computer user will use encryption without realizing the fact. How many people realize that when you order a CD or a shirt from a web site, you are using encryption? But you can be sure that the software installed at the ISP will notice your encrypted messages.

    Unless you can present a receipt for the registration fee for your encryption library, what defense do you have when they come knocking on your door?

  6. What about credit card numbers? on SA Government's Crypto Registration Up And Running · · Score: 5, Insightful

    The obvious intent of all this is to make people pay the registration fee for every browser they may have on any machine. Otherwise, if you even accidentally download an encrypted page, i.e., you make a credit-card purchase over the web, you are risking a jail term.

    Of course, the obvious thing is for vendors to supply Windows machines that don't have any encryption installed, so that the vendors don't have to pay the registration fee for every sale. This is likely to lead to a situation where credit-card orders are sent unencrypted. The SA spammers will love this.

    People keep talking like encryption is some military or law-enforcement topic. But the main use of encryption these days is to prevent the interception of commercial information. The fact that restrictions on encryption will make financial data easily available is not necessarily accidental. The goal could very easily be a desire on the part of the government to have easy access to everyone's financial transactions. Such information has a lot of political uses.

  7. Re:I was there on Hearing on Hollywood Hacking Bill · · Score: 2

    > Boucher was great when he brought up the letters referring to the harry potter book report (again a stupid RIAA response: "our members would not do that." ...

    I've seen a couple of other oblique references to this topic, but none of the usual search sites seem to be able to find any real information.

    What book report was this? Where was it reported? What does Harry have to do with it?

    Inquiring minds want to know ...

  8. Re:Who's got the bombs on Hearing on Hollywood Hacking Bill · · Score: 2

    > RIAA can probably buy the techs though, this evens things somewhat.

    Probably not. It'll work only until the techs realize that the RIAA is being true to form, and is deducting "expenses" from the paychecks. These will rapidly amount to more than the paycheck itself, and the techs will end up owning the RIAA money.

    This works with musicians. It won't work with us techs. Then we'll see the start of the real attacks on the RIAA, by the people they thought they'd hired.

  9. Re:NO on Hearing on Hollywood Hacking Bill · · Score: 2

    You're right; it's "boxen". There's absolutely no excuse for doubling the 'x'. That makes it look like one of those brand names, like Exxon or Nixxon or ...

  10. Re:More Chestnuts? on Microsoft's Vision Of Future Workplaces · · Score: 5, Interesting

    > ... the pen copy and paste from computer to computer is interesting.

    Hmmm ... What they describe requires the computers to be next to each other. With my X-windows screen I regularly use a mouse and copy-and-paste to transfer stuff between apps on computers hundreds or thousands of miles apart. I've been doing that for 15 years or so, and it doesn't seem like anything special.

  11. Re:Contamination from Earth on New Scientist: Venus' Atmosphere Implies Life · · Score: 2

    > ... for the microbes to seed the galaxy, how fast would they have had to be moving, and in which direction?

    It's been a few decades since I read that article, but as I recall, the author went into quite a lot of detail about the force of the solar wind and the velocities that it imparts to the Earth's dust tail.

    The effect isn't trivial. The solar wind varies over a wide range, but the speed of particles as they pass the Earth are comparable to the Earth's orbital speed. Most of the time, the solar wind is above escape velocity. The Earth's dust tail rapidly accelerates to solar-wind velocity. This was the crux of his calculations.

    The direction is easy: The dust tail starts off pointing away from the sun. The Earth is in a nearly circular orbit, so the dust tail is a spreading spiral. So the junk is heading out in all directions (though it's mostly close to the plane of the ecliptic).

    At the time in the Earth's orbit when it's leading the sun (in our galactic orbit), the dust tail is blowing ahead at more than escape velocity, so that part will spread outward ahead of us at speeds comparable to our speed around the galaxy,
    plus solar escape velocity. This is higher than galactical orbital speed in our neighborhood.

    In 4 billion years, some of those dust particles will have left the galaxy entirely. Most, however, will end up in assorted galactic orbits, until something bigger stops them.

    At the time in the Earth's orbit when it's following the sun, the dust tail will be escaping the solar system with a galactic speed below local orbital velocity. That part of the tail will tend to drop toward galactic center. Its speed will be low, so it might not have got there yet. Some will be soaked up by passing nebulae.

    At other times in the Earth's orbit, the dust tail will leave the solar system with intermediate galactic speeds. On average, the speed will be comparable to the solar system's speed, but in different directions. In 4 billion years, the particles will have easily crossed the entire galaxy, unless something stops them.

    Remember that in a billion years, the solar system circles the galaxy roughly 4 times. The Earth's dust tail spews out in all directions in the plane of the ecliptic. It has a speed comparable to our galactic orbital velocity, but in different directions. Dust particles and spores will also orbit the galaxy roughly 4 times per billion years, but in assorted directions.

    Find a friendly local astronomer or a few good books and do your own calculations. Then start thinking up your own SF plots. But remember that it can take a long time for a bacterial spore to evolve into a Klingon, even on a hospitable planet.

    The main unanswered question is how long bacterial spores can really survive in interstellar space. If they're only viable for a million years or so, they could only reach a few nearby stars. The basis of this topic is that bacterial spores do seem to be inert and unchanging, and potentially viable indefinitely.

  12. Re:Contamination from Earth on New Scientist: Venus' Atmosphere Implies Life · · Score: 2

    > Not 250,000 Years, it's 250,000,000 Years ...

    Yeah; you're right. But what's a few zeroes among friends? The significant part of the astronomical calculation was the dozen or more orbits we've made since bacterial life arose on this rock.

    As I recall, the current estimate is more like 260 million years, but of course it depends a lot on what large masses we pass near during the orbit. And they don't have that good an estimate of the detailed mass concentration where we're headed even over the next 10 million years.

    Stick around and find out, I say.

  13. Re:Contamination from Earth on New Scientist: Venus' Atmosphere Implies Life · · Score: 2

    > Or perhaps the reverse: that galactic dust/comets have seeded the Earth with microbes ...

    Yup; that's the "panspermia" hypothesis that some astronomers (and some biologists) have discussed. In essence, all the places where life arose are busy contaminating the rest of the universe with spores.

    Now to collect some evidence ...

  14. Re:Contamination from Earth on New Scientist: Venus' Atmosphere Implies Life · · Score: 5, Interesting

    Several astronomers have written articles about the contamination (or colonization) of the rest of the planets by Earthly bacteria. They've known for some decades that bacterial spores are found throughout the Earth's atmosphere, including at very high altitudes. The Earth has a "dust tail" produced by the solar wind that very slowly strips off the outer atmosphere and blows it outward. This tail is something that interferes with some kinds of astronomy, so they must take it into account.

    The dust tail includes gases and fine dust particles, including things the size of bacterial spores. We've also known for decades that many such spores can survive indefinitely in space.

    The conclusion is obvious. Bacterial spores from Earth have been contaminating the outer solar system, probably for several billion years. Some of them will get picked up by meteoroids and comets and carried back to the inner solar system, so Mercury and Venus have also been colonized by these bacteria.

    Probably not many survive. But it's likely that some do. And, of course, their descendants will have re-colonized the Earth.

    The solar system is a pretty messy place, when you look at it on a microscopic scale.

    One article I read back in the 70's did a rough calculation on a larger scale. The Earth circles the galaxy in about 250,000 years. We've made more than a dozen orbits since bacterial life arose here, spraying spores most of that time. The author calculated that by now the entire galaxy has been contaminated several times over by Earthly spores. Of course, we don't know how many could survive interstellar space for the required millions of years.

    But it's fun to think about.

  15. Re:What I'd like to know... on Why Does Software Cost So Much? · · Score: 2

    > Why not just sell the full version to EVERYONE and reap the benefits of economies of scale?

    Well, you're obviously no businessman. The answer is obvious: If people pay for both versions, you make more money.

    It's your standard bait-and-switch. Most customers don't know what they want initially. So they buy the one with the cheapest bottom line. When they find that this doesn't do the job, they buy the more expensive one. And you've made two sales rather than one.

    (What, me cynical? Nah ... ;-)

  16. Hey, read the title essay, folks ... on Why Does Software Cost So Much? · · Score: 5, Informative

    A lot of the replies here make it obvious that people haven't bothered to read DeMarco's title essay in this book. If you had, you wouldn't be trying to explain it all for the readers.

    His basic thesis is that software is in fact very cheap, compared to the alternatives. The complaint that software is expensive is really just a negotiating tool to try to get the price even lower. His description of how this works is pretty funny.

    Part of the story is why software is always late. He explains that this is also a management tool to get the most work out of programmers, and programmers train their managers to set the schedule so that it can't be met.

    Since reading his essay years ago, I've noticed exactly the process he describes over and over.

  17. Re:I believe they are wrong on FSF Issues GNU/Linux Name FAQ · · Score: 2

    > 2: Everything needed to get to the basic user experience - Linux + KDE, or windows. ...
    If we use the second definition ...


    It seems to me that it should be called KDE/Athena/Linux. (Athena was the MIT project where Jim Gettys started building X windows.)

    I don't know about your machine, but when I log into my linux boxen, I find very little actual GNU software running. There's the kernel, linux. There's the windowing system, X windows. There's the window manager, KDE (or sometimes Gnome). And there's an assortment of background tasks, maybe a few of them are from GNU, but not many.

    It's true that linux systems owe a great deal to the GNU and FSF folks. Everyone gives them a lot of credit (and code). But if you insist that the OS is more than just the kernel, the most reasonable other components to list are those that directly support the user and applications. GNU tools, for all their value, aren't a really big part of this.

    The proper place for "GNU" is in the many lists of attributions. The overall "system" name is properly the assembler and the OS name. This machine is properly called "RedHat Linux". Another that I use a lot is properly "FreeBSD" (and it also contains a lot of GNU tools in its libraries).

  18. Re:A few hopes... on New Linux Worm Found in the Wild · · Score: 2

    > It would be preferrable to let the security at the bank to know that your about to commit armed robbery so they can stop you.

    Exactly. Lots of organizations have security groups that do this sort of thing. "We're going to be testing everyone's security by staging several kinds of breakins. Our operatives will be carrying proper ID, which they will show you if you manage to apprehend them. But we won't tell you the time or place of our attack ..."

    There is a history of security firms doing this sort of thing, with the full knowledge of their customers' top management. There is also a history of accounting departments inserting dummy data as a test of the auditors. If the auditors don't find it, they flunk.

    Any organization NOT doing this sort of test of their security is vulnerable.

  19. We need a collection of Microsoft quotes on Ballmer: "We'll Outsmart Open Source" · · Score: 3, Interesting

    Does anyone have a good collection of copies of and/or pointers to good Microsoft quotes like Herr Valentine's? I've been thinking that it could be very useful in the coming FUD war to have lots of their own words to use against them.

    A year or two back, some MS exec was widely quoted as saying something like "Our products are designed for functionality, not for security." I've since been very sorry that I didn't keep a copy. Anyone know who, where, and when this was said?

  20. The big guys are fighting this already ... on Being Wireless: Viral Telecommunications · · Score: 2

    Note that the telco and cable monopolies are fighting this already. Most of the EULAs contain terms that ban reselling the service. They are actively searching for customers who install a wireless access point, and threatening them with legal action (or just terminating their service). They understand the challenge, and want to maintain their monopoly.

    One of the more entertaining aspects is the customers who fight back by pointing out that they
    aren't reselling the service, they're giving it away for free. The telco/cable guys aren't amused.

    This has already been reported on /. several times.

  21. Re:Well on Nokia calls Wireless Warchalkers 'Thieves' · · Score: 2

    Yeah, and on several occasions, I've seen people standing under a store's awning to get out of the rain. Not just on the public sidewalk, but even inside the store's entry way. This is blatant theft of the company's services and property, if you ask me, and it's gotta stop!

  22. Re:They're going to put this on a political road s on Federal Cyberspace Policy Draft Released · · Score: 2

    > "lock down the ports so nasty things don't happen"

    Oh, I dunno about that. I've been getting email for the past 15 years or so on an mit.edu account where I get several virii each day, and so far none of them has done any harm at all. Of course, I use a plain-text mail reader on a FreeBSD system, so they can't do any damage. The messages that contain a virus are usually pretty obvious. If they grow to hundredss per day, it'll be a problem, but so far it's less of a bother than the Chinese "big5" spam messages.

    The real public education should include pointing out that the "virus" problem is 99% due to Microsoft's insistence on delivering software that is susceptible to such things, despite the fact that we unix geeks knew how to prevent the damage before there was even a Microsoft.

    Publicising the fact that viruses are almost entirely a Microsoft problem would go a long way toward getting the problem fixed. We should be asking the media and the National Strategy for Securing Cyberspace people why they aren't pointing this out.

  23. Re:encouraging but superficial (and wrong) on New York Times Staff Editorial Promoting Linux · · Score: 2

    Despite the fact that my home machines run linux, I still have a major objection: Linux isn't nearly the only good alternative to Micro$oft. FreeBSD and OpenBSD are equally good (and about 99% compatible with linux). OSX is, by all reports, an excellent system, if somewhat pricey.

    Imagine the quality cars we'd have if people were afraid to drive anything that didn't have, say, the Ford dashboard layout. "The headlight control is on the wrong side; how can people ever possibly learn to handle that?"

    This is the reasoning we're hearing for why people can't learn anything but Windows. And we're getting the crappy computers that you'd expect in such a market.

    But I don't think that people are that stupid. They can learn to drive Toyotas and Hyundais and Volvos and Saabs. I think they are mostly smart enough to handle KDE or Gnome or OSX.

    Maybe we should be encouraging them to try something that just might be better than the worst system on the market.

  24. Re: seperation[sic] of church from state on Politicizing Science · · Score: 2

    Actually, if you do much reading of the American "Founding Fathers", it becomes clear that all of these ideas were alive and well at the time. Many people thought that such separation was needed to prevent the development of a theocracy. Others argued that separation was needed so that the state wouldn't play favorites, and would protect various sects from each other. Still others argued for the need of state protection from the followers of religions.

    None of these are new ideas at all. The American First Ammendment was clearly intended to provide all of these protections.

    And no, the US was not the first government to institute such religious protections. Not by a long shot.

    One of my favorite quotes was from George Washington, who supposedly said that a single lighthouse is worth a hundred church steeples.

    (Of course, we're now phasing out lighthouses. We need a new metaphor. "A single wireless relay tower is worth a hundred churge steeples"? Nah; it just doesn't work. Especially since a lot of wireless relays are installed inside church steeples to hide the ugly things from view. ;-)

  25. Huh? on Perens Pushes "Sincere Choice" for Software · · Score: 2

    What planet do you guys live on? On the one that I inhabit, all cars come with full shop manuals. You can simply order them, and for a few bucks you get one. They contain full schematics for the car. Ask your local mechanic; they'll show you a shelf of them.

    Whereever did you get the idea that cars are "closed" or that it would take something special for the government to get shop manuals? Government fleets order the shop manuals as a matter of course. Nobody would ever consider doing otherwise.

    The same thing would be a VERY good idea for computer hardware. It's not at all unusual for circuitry to contain undocumented sections that can be enabled or disabled in some subtle manner that's only documented in the diagrams.

    IBM is notorious for this, and I've personally seen it in all sorts of equipment from many vendors. Usually it's an innocent omission, or something that is only used for hardware diagnostics. But sometimes real functionality can be and is masked this way.

    If you don't believe this, you are incredibly innocent and naive.

    I would personally be very surprised if the proprietary voting equipment being used in Florida didn't have such hidden capabilities that can only be discovered by examining the circuit diagrams. This is VOTING hardware, folks. Biasing the results can determine the election. If you trust them, you might as well not bother voting.