Slashdot Mirror


User: tlambert

tlambert's activity in the archive.

Stories
0
Comments
5,097
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,097

  1. Parent post is underrated - Funny on How Do You Land a Nuke-Powered Mini-Cooper On Mars? · · Score: 1

    Parent post is underrated -> Funny

    The Viking landers in 1976 established that the atmosphere on Mars is 95.3% CO2.

    -- Terry

  2. Have you ever had your ID stolen? on US Lawmakers Eyeing National ID Card · · Score: 1

    Have you ever had your ID stolen?

    Mine was. Then they put a vacation hold on my mail at the post office, with the intent of collecting credit card and other information later.

    It turns out that there is no revocation mechanism for the ID cards we have today. The DMV desk might as well have a sign printed on it that says "This Side Toward Enemy", as you're not going to get a different ID number out of them so they can tell the difference between you and someone who has stolen your ID and used it in the commission of a crime. That might be as simple as check fraud at a supermarket; there's no way your local supermarket is going to have a biometric identification system to verify that the card belongs to you. But the fraud will be tagged to you with the same presumption of guilt that red light cameras have today.

    Luckily I got the person caught and got my ID back before it was successfully used to take out a line of credit at a bank. And if you think a bank will have a biometric scanner, either, you are mistaken, since they don't even have a way to verify that a drivers license isn't fake, and all they would technically need for that is a mag stripe scanner (which they have), and an internet connection (which they have).

    There's absolutely no benefit to this thing to you, and there won't be until and unless there's a revocation mechanism, and a local verification mechanism, which includes validation and revocation.

    And that means the central database they keep claiming we're not going to have.

    -- Terry

  3. To reply to your specific points... on Simpler "Hello World" Demonstrated In C · · Score: 1

    To reply to your specific points...

    I'm going to paraphrase for brevity; forgive me and correct me if I misrepresent your points:

    (1) The majority of compilation happens at the distribution level

    I think this is addressed by my point about whether or not your platform has a lot of commercial software, or not. Commercial software comes from a huge variety of vendors, not a single vendor. In the "BSD distribution" or "Linux distribution" model, yes, the distributor will likely be compiling up all the packages they can possibly make work. The problem with this is that the vast majority of these are not going to be commercial packages.

    You can maybe argue that commercial software doesn't have value to you, but that is simply not true for the majority of computer users. It's almost universally true for non-technical computer users, or you would be seeing greater desktop penetration of a BSD or Linux distribution, and some hardware vendor wanting to drive down either their COGS (Cost Of Goods Sold), to increase their profit margin, or to lower their price point. Other than a few luke-warm toe dipping by a couple of vendors who have not followed through with jumping into the water wholesale, this simply hasn't happened.

    (2)(a) Commercial software could provide source code, but does not because of paranoia

    This is false. Commercial software exists because there are margins in it. I've been in commercial software since the 1980's. Source code has always been available for a price, it's just not a price the market will bear. I've been party to a large number of contracts, such as my company being a designated vendor for AFCAC (Air Force Computer Acquisition Center) contract 451, where source escrow was a requirement. Source escrow is surprisingly easy and cheap to add to contracts between vendors and end user organizations.

    The other factor here is that a vendor can not trust a third party to do the necessary due diligence with regard to compiling other code correctly, or testing it to make sure it meets specification. It can't trust that there will be timely security and other updates to the software when the vendor mandates them. It can't trust that the third party will have the necessary capitol resources, such as machine rooms full of machines, necessary for long term testing for the software and hardware combinations they intend to release on.

    Again, you can maybe argue that if the vendor did test automation development at an order of magnitude higher than most vendors currently do (with the associated increase in cost to the consumer), that they could provide the necessary testing resources. And you could argue that mandating ISO 9001 certification for the third party, and doing compliance audits to make sure that the quality assurance model isn't breaking down anywhere, could cover the potential quality issues for the third party on which the vendor is taking their reputation. The costs involved would drive the software costs to the consumer far higher than single-source. This would not only put the vendor at a competitive disadvantage with regard to other vendors, it would fail to address the increased latency in the supply chain for things patches for zero-day exploits.

    (2)(b) Binary compatibility issues can be addressed by recompilation if commercial software houses just fixed their methodology

    With respect, I disagree. I addressed the process latency issue and affirmative quality requirements in my response to (2)(a), above, so I won't repeat myself on those points.

    In regard to "fixing the development methodology" to enable supporting multiple platforms (and I take that to mean incompatible versions of the same platform, not just cross-platform), you're wrong. Correct software development methodology in that environment requires that you establish interface contracts between components and software, such that recompilation is easily accomplished.

    No one in the Open Source world is willing to do this to any approximation of the r

  4. Apple defines system call APIs at the top of libc on Simpler "Hello World" Demonstrated In C · · Score: 3, Informative

    Apple defines system call APIs at the top of libc ...no static linking allowed.

    This annoys people who like to link things statically, and those who want to make their own libc equivalents for things like embedded language interpreters and don't want to have to figure out vtables and dynamic linking.

    But it also makes everyone else who likes binary compatibility, and Mac OS X historically getting faster with every release, extremely happy, by allowing the interface between the kernel and libc to be changed, without breaking their applications.

    If you statically link, you can't do that. That's great, if your OS has pretty much no real commercial application base, and you are a technical enough person to "just recompile everything from source", but it's not so good when you are talking about an OS where commercial software is very important to customers. Customers who are either non-technical, or who are technical, but think recompiling something that was working just fine before the OS update is a complete waste of time. Lump me in with these last people: I don't believe in "bit rot", I just believe in lazy engineers not maintaining their code or defining their interfaces properly.

    Yeah, if you want fast LMBench results on a null system call -- which keeps changing its definition so that it can't be gamed, exactly the same way you'd game it if you were a commercial application developer needing higher performance -- static linking seems great. But practically, most modern software is either CPU bound or I/O bound. If it's CPU bound, it spends all its time in user space, not making system calls. If it's I/O bound, it spends all its time waiting for whoever is on the other end of the network to send it more bytes. Either way, null system call performance is, frankly, unimportant to almost every possible application.

    So static linking, and writing your system calls at the trap/sysenter/syscall level (with no way to change them when Intel or another chip vendor introduce a "new! optimized method of making system calls!", as has already happened twice in the past) is generally a pretty useless exercise.

    -- Terry

  5. Wikipedia is reporting the FBIs estimated numbers on Yale Law Student Wants Government To Have Everybody's DNA · · Score: 3, Insightful

    Wikipedia is reporting the FBIs estimated numbers

    The actual numbers are much worse.

    http://articles.latimes.com/2008/jul/20/local/me-dna20

    Among about 65,000 felons, there were 122 pairs that matched at nine of 13 loci. Twenty pairs matched at 10 loci. One matched at 11 and one at 12, though both later proved to belong to relatives.

    Or just google: dna "arizona search"

    Also realize that for most crime scene samples, it's generally sufficiently degraded that you are only going to get 9 loci out of it. It doesn't matter if you have 13 loci in your database, if the comparison sample only has 9 that can be amplified out using PCR.

    -- Terry

  6. He was fired by Brenda Orth, CIO in the OA on Pennsylvania CISO Fired Over Talk At RSA Conference · · Score: 4, Informative

    Who fired him?

    According to public records having to do with reporting structure, he would have been fired by Brenda Orth, CIO (Chief Information Officer) in the OA (Office of Administration, Commonwealth of Pennsylvania). The reporting chain is easily verifiable using either the Google cached copy of their page, or the Internet Way Back Machine.

    She basically reports to the state Governors staff, so there's no telling how far up hill you'd have to go to find the source of the firing, but as his immediate supervisor, whe would have been the one to pull the trigger.

    -- Terry

  7. The same way Turkey took down YouTube on Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out · · Score: 1

    The same way Turkey took down YouTube

    By pushing bogus BGP packets to the backbone routers you have access to. Only the routers the people who dislike botnets have administrative control over are not just inside Turkey.

    -- Terry

  8. Fun facts on public transportation in the UK on UK Police Promise Not To Retain DNA Data, But Do Anyway · · Score: 1

    You are in a tiny, densely populated country. The state of Wisconsin is almost the same size as the entire U.K., and only has a population of 5,363,675. In that same area, the U.K. has 60,441,457 people, give or take. For non-water land, the UK is 241,590 sq km. The U.S. is 9,161,923 sq km. That's about 38 times the size of the U.K., and only about 4.9 times as high a population (U.S.: 295,734,134), or in plain terms, the U.K. has about 7.76 times the population density of the U.S..

    Some U.S. urban areas have very good public transportation; Washington D.C., Seattle, New York. But in general, except on the coasts where population is very dense (50% of all Americans live within 50 miles of a coast), there's no way public transportation, other than long distance, limited routes, makes any economic sense in the U.S..

    -- Terry

  9. Anyone else think anticircumvention is stupid? on Another ACTA Leak Discloses Individual Country Data · · Score: 5, Insightful

    Anyone else think anticircumvention is stupid?

    Basically, they are saying:

    "We can't write working code because the only people willing to write this kind of code are incompetent morons. Skilled engineers think this type of code is a bad idea, and won't touch it. Rather than rethinking our position to be more in line with reality, we want laws that make illegal to circumvent the swiss cheese code that we can actually hire someone to write." ...and now we are trying to foist this stupidity off on the rest of the world?!? No wonder they get upset about their dirty underwear going public.

    -- Terry

  10. Nixon was also to blame for getting out of Vietnam on US Government Begins Largest IT Consolidation in History · · Score: 1

    Nixon was also to blame for getting out of Vietnam, normalizing U.S. relations with China, and ending the draft.

    -- Terry

  11. Dropped an iPhone 1.0 down a 4 story stairwell on What Has Your Phone Survived? · · Score: 1

    Dropped an iPhone 1.0 down a 4 story stairwell

    It now has a small case scratch near the ring/vibrate switch. Still going strong after 3 years on the same battery, too...

    -- Terry

  12. Inaccurate, it's Theora on Wireside Chat With Lawrence Lessig · · Score: 3, Funny

    http://openvideoalliance.org/

    "Tuning in -- The talk starts this Thursday at 6:00 PM EST (GMT -5) at openvideoalliance.org/lessig. We're streaming with the 100% free and open Theora codec."

    Of course, the need to install Theora killed it for me.

    -- Terry

  13. OH, forgot the elephant in the room... on Senators Blast NASA For Lacking Vision · · Score: 1

    OH, forgot the elephant in the room...

    The U.S., from a national security perspective, does NOT want people to have cheap and easy access to space.

    If every nation or nut-job movie star who liked flying toys (John Travolta, I'm talking about you, sorry...) or tin-pot dictator in a country that can currently afford to buy a Boeing 727 had easy access to orbit for about the same price, it would only be a matter of time before someone loaded up one of those ships with as much ceramic coated rebar as the thing could carry. http://en.wikipedia.org/wiki/Rods_from_God (the idea has been around since the 1950's).

    -- Terry

  14. Open Source designs, intellectual property... on Senators Blast NASA For Lacking Vision · · Score: 1

    Open Source designs, intellectual property...

    What exactly are you going to do with open source designs? Build it? Don't make me laugh.

    I for one would really like to see the DC-X pursued, rather than shelved. Preferably with a linear aerospike engine so it's not carrying around a heavy rocket bell, and a number of other improvements, which will remain encumbered and unobtainable because of patents and because of trade secret non-disclsure by areospace companies for information resulting from public funding.

    And you can bet your ass we would build it, because if we didn't, or even if we did, China and India would build it, and probably Russia, and possibly Brazil, and Hugo Chávez might have Venezuela do it just to piss the U.S. off.

    -- Terry

  15. I believe that working business plan is... on Aussie Film Industry Appeals ISP Copyright Case · · Score: 2, Informative

    They should change the law so that at least one business plan works for an in demand product.

    I believe that working business plan is called "sell DVDs".

    Their main complaint is that they want access to a new distribution channel without risk. This is the same thing that the credit card companies wanted when they successfully lobbied to change the U.S. bankruptcy laws to turn all the uncollateralized debt they had outstanding into collateralized debt. They could instead have refrained from offering credit cards to unemployed college students and other sub-prime credit risks, but instead they had the laws changed, and that led directly to the current credit crisis, which has impacted the world economy.

    Well, to heck with them; if they can't live with the facts of the current situation on line, they obviously can take their ball and go play elsewhere. This will leave a market opportunity for people to come in and displace them as content providers, but no one every guaranteed them that they wouldn't be commoditized at some point if they enetered that distribution channel (how different -- really -- is reality TV from some of the stuff people are posting on YouTube for free?).

    -- Terry

  16. Dan Dobberpuhl, the Alpha lead works for PASemi on The Future of OpenSolaris · · Score: 1

    Dan Dobberpuhl, the Alpha lead designer works for PASemi, which is o say Apple, now.

    -- Terry

  17. How many "accidental" undersea cable cuts in 2008? on US Unable To Win a Cyber War · · Score: 2, Interesting

    How many "accidental" undersea cable cuts in 2008? ...just saying...

    -- Terry

  18. Until we get a second Maunder Minimum... on Gates and MS Don't See Eye-To-Eye On CO2 · · Score: 1

    Space Based Solar/Beamed Microwave. Nukes are only worthwhile until we have the constellation of satellites built.

    Until we get a second Maunder Minimum... http://en.wikipedia.org/wiki/Maunder_Minimum and then your solar power satellites quit producing sufficient energy, and then you're back in trouble, but with means of introducing alternate infrastructure, because you've shut everything else down. I'd probably be OK, if you were lower down on the priority list for electricity for use in heating living spaces and growing food than I was... but you wouldn't.

    -- Terry

  19. microtransactions on Myst Online: Uru Live Returns As Free-To-Play · · Score: 1

    Any game can be opensource, with official servers having p2p or microtransaction.

    Except no one has come up with an economically viable microtransaction infrastructure. Even the phone company relies on measured time units and call completion charges, or counting your text messages and billing you at the end of the month, so even they don't have it worked out, for the closest thing that exists.

    -- Terry

  20. *** Mercury News Demographics? *** on Google, Apple Call Workers' Race & Gender Trade Secrets · · Score: 1

    *** Mercury News Demographics? ***

    Personally, I'd be very interested in knowing the demographics of the employees of the San Jose Mercury news itself. They are a Silicon Valley company as much as Oracle, Google, or any of their targets in this article. Apparently, they've been laying off staff lately, and it would be informative to know whether this was being done in an egalitarian way, or if their own initial and final demographics had something of a slant to them.

    -- Terry

  21. "When it's unreasonable, you DON'T pay for gas." on Cellulosic Biofuel Finally Ready For the Road · · Score: 1

    "When it's unreasonable, you DON'T pay for gas."

    I guess that same argument works for kidney dialysis, too, right? The people who aren't paying for it because they can't afford the prices are doing it out of choice... not because they live where they can afford to live, and work where there's a job available.

    -- Terry

  22. So, about the disorienting strobe lighting... on Armed Robot Drones To Join UK Police Force · · Score: 1

    So, about the disorienting strobe lighting...

    Q1: Does it only work on people, or does it also work on other drones?

    Q2(A): If it doesn't work on other drones, then my drone which I fly against their drones will be OK, right?

    Q2(B): If it does work against other drones, this means they will on be able to fly one at a time, right?

    -- Terry

  23. Amnesty International, on The Patriot Act on Iran Suspends Google's Email Service · · Score: 4, Insightful

    "Amnesty International is concerned that the USA PATRIOT Act:

    - Creates a broad definition of "domestic terrorism" that may have a chilling effect on the U.S. and international rights to free expression and association.
    - Allows non-citizens to be detained without charge and held indefinitely once charged.
    - Infringes on the right to privacy and removes many types of judicial review over intelligence activities."

    http://www.amnestyusa.org/war-on-terror/civil-rights/page.do?id=1108209 ...excuse me if I trust these guys more than your anecdotal experience with unidentified politicians.

    -- Terry

  24. Try replacing critical sectioning with data locks on How Do You Accurately Estimate Programming Time? · · Score: 1

    Try replacing critical sectioning with data locks

    In 13 million lines of Mac OS X kernel code. It's mostly an all-or-nothing proposition.

    -- Terry

  25. How to build a flawed API in Java... on Swiss Firm Claims Boost In Android App Performance · · Score: 5, Informative

    How to build a flawed API in Java...

    If a library's performance depends strongly on GC performance, then the programmers should refactor their code to reuse existing objects rather than building new ones all the time.

    The absolute worst thing you can do in an object oriented language, which is intended to be used in an object oriented way, is to instance objects without the instancing of them initializing them. The original Java Mail API did this, and it was a steaming pile because of that. I would probably go so far as to suggest that any object oriented language which permitted this was not designed correctly. To reuse the objects, you'd have to be able to reinitialize them, which is basically the same thing.

    The typical problem with Java programs and garbage collectors is chasing force-zeroing of pages because they release the memory back to the system, and their security model requires that the memory be zeroed before it is reused by the program. Being a little bit time lazy about doing your GC to reclaim the memory on behalf of the system rather than on behalf of the program you are running almost always results in significant performance improvements in things like Physics engines. In other words, you want a little intentional latency between the time you collect the garbage, and the time you deliver it to the dump.

    One of the most obvious recent offenders is Apache Lucene , specifically , which works just great, if you don't do the finalize() and cause the objects to be collected way too early.

    So the problem usually boils down to a greedy garbage collector, which is a problem in the JVM, not the library code.

    Of course on tiny platforms, the JVM footprint gets pretty large, so you'd also need to gather and LRU the freed heap to avoid it growing out of control from the latency; so you'd need a high water mark as well as a timed delay.

    Personally, I really hate garbage collection as a paradigm, especially the garbage collection in Objective C. It claims to be optional, but isn't: as soon as you have one framework that doesn't do an explicit release of an object, your program is forever after addicted to the garbage collector, and slowly accumulates leaks which are "fixed" by the garbage collector, until what you have left is code you can't reuse without also doing garbage collection, infecting any project you bring it into.

    -- Terry