Wikipedia:Reference desk/Computing

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Wikipedia Reference Desk covering the topic of computing.

Welcome to the computing reference desk.
Shortcut:
Want a faster answer?

Main page: Help searching Wikipedia

How can I get my question answered?

  • Explain what you need to know.
  • Provide a short header that gives the general topic of the question.
  • Tell us what part of the world your question applies to.
  • Type ~~~~ (four tildes) at the end – this signs and dates your contribution so we know who wrote what and when.
  • Post your question to only one desk.
  • Don't post personal contact information – it will be removed. We'll answer here within a few days.
  • Note:
    • We don't answer (and may remove) questions that require medical diagnosis or legal advice.
    • We don't answer requests for opinions, predictions or debate.
    • We don't do your homework for you, though we’ll help you past the stuck point.


How do I answer a question?

Main page: Wikipedia:Reference desk/Guidelines

  • The best answers directly address what the questioner asked (without tangents), are thorough, are easy to read, and back up facts with wikilinks and links to sources. Please assume good faith, especially with users new to Wikipedia. Don't edit others' comments and do not give any medical or legal advice.
 
See also:
Help desk
Village pump
Help manual


April 19[edit]

Another Heartbleed question[edit]

From what I understand, the designer(s) wanted a way for servers to check if the other party is alive. The most obvious implementation would be:

Server A - Are you alive?

Server B - Yes, I heard you

Yet the conversation seems to be:

Server A - Just checking if you didn't die yet. Can you say "Chicken"?

Server B - Chicken

The RFC says that it was designed to overcome the following limitation: "The only mechanism available at the DTLS layer to figure out if a peer is still alive is a costly renegotiation, particularly when the application uses unidirectional traffic. Furthermore, DTLS needs to perform path MTU (PMTU) discovery but has no specific message type to realize it without affecting the transfer of user messages."

Just "Yes, I'm alive" seems to be enough for this purpose. Why did they decide to ask the other side to echo a string in the first place? Are there other protocols that have implemented a heartbeat message that uses a "challenge-response" method like this, possibly making sure it's not a faulty router replying? Especially when the "challenge" is to reply with the exact same string instead of, for instance, a checksum of that string? Joepnl (talk) 00:11, 19 April 2014 (UTC)

DTLS is Datagram TLS, and people have argued that arbitrary payloads could have uses there (see sagemode's post in that thread especially). It was also added to the far more widely used TLS-without-the-D because, hey, why not. -- BenRG (talk) 01:10, 19 April 2014 (UTC)
This looks like an attempt to salt (cryptography) the correct reply, to make it harder for a Man in the Middle to fake valid replies. - ¡Ouch! (hurt me / more pain) 06:00, 24 April 2014 (UTC)
Server A – If you're still alive, say "Penis".
Server B – Error: Passphrase too short.

stop-frame animation and morphing[edit]

My 17-year-old daughter wants to make a video using stop-frame animation of Lego people. She is wondering if it would be faster to shoot fewer frames and use morphing software to go from one frame to the next.

Second, I think either approach will be very time-consuming. How long do you think it would take per second of video produced? Bubba73 You talkin' to me? 03:02, 19 April 2014 (UTC)

Whether morphing is quicker would depend on the speed of the computer versus the speed for each change in position. If only one figure is moving, that ought to be quick to adjust, versus say, having an entire football field move. And you can only do so much morphing, perhaps every other frame, or it will start to look bad. You also have to put some thought into which positions you show when doing morphing. While walking, for example, you would want to capture the right foot all the way forward, and the left foot all the way forward, because morphing will never move it farther than what you have captured. If you just capture a figure standing at one position, then standing at another, the morphed version would have him slide from one position to the other, not walk.
How long it takes will also depend on the frame rate. At 10 frames per second it would look "jumpy" but might only take 10 minutes to film a second, if she can adjust the scene in a minute. StuRat (talk) 03:11, 19 April 2014 (UTC)
I was telling her that it might take an hour to produce 1 second, all things considered. Bubba73 You talkin' to me? 04:08, 19 April 2014 (UTC)
I'm not exactly Pixar here, but I have a quad-core i7 and two quad-core i5s. I saw morphing done at Comdex in 1994, when the Pentium was new. Bubba73 You talkin' to me? 04:33, 19 April 2014 (UTC)
Also, one advantage of morphing is that you don't need to be there while the computer works. If you can set up a job to morph between all your captured frames overnight, it really doesn't matter if it takes all night. (If you don't need the computer for other things, you could even run morphing software 24/7.)
Unfortunately, it may be time consuming to define which point in one frame corresponds to which point in the new frame. It would be nice if the morphing software itself could figure out that his left elbow in one frame goes with his left elbow in the next frame, but I'm not sure if it can do that yet, reliably (especially if the arm goes straight in one frame and the elbow "disappears"). I would expect that each joint would need to be so defined. StuRat (talk) 10:40, 19 April 2014 (UTC)
She wants to do a scene from Of Mice and Men that way for extra credit in literature class (which she doesn't really need). I told her that could take 100 hours or more. She doesn't believe me. Bubba73 You talkin' to me? 18:51, 19 April 2014 (UTC)
I always estimate at least one minute of video editing for each second of final film for normal film projects. If you include shooting, things start going up from there. If you add visual effects - even stop-motion - things get incredibly time-consuming. You can see why professional stop-motion studios - like Wallace and Gromit, by Aardman Animations, estimatedly required about 10 to 24 hours per each second of stop-motion footage - as much as one hour per frame. Naturally, your project complexity is lower than a major motion-picture, but you should still not under-estimate the effort, the time, and particularly pay attention to the workload that is non-parallelizable. Nimur (talk) 19:34, 19 April 2014 (UTC)
For what she wants to do I'm thinking about 1 minute per frame. Bubba73 You talkin' to me? 20:13, 19 April 2014 (UTC)
Might I suggest the final scene, where George tells Lennie to think of rabbits, then shoots him ? Very little motion takes place, yet it's quite dramatic, so could give you a lot of bang for the buck. You might need to check if such portrayals of violence are OK with the school, though. I suggest showing them from behind, so you wouldn't see their mouths moving, to reduce the workload dramatically. The sounds of barking dogs from the search party would add to the effect. She could show George slowly raising the gun, and could cut to black, just hearing the sound of the gunshot, at the end. StuRat (talk) 04:36, 20 April 2014 (UTC)
she has a scene in mind, and it might be that one, since she demonstrated a arm moving down. Bubba73 You talkin' to me? 04:39, 20 April 2014 (UTC)
OK, but you might want to check with her, as she may have a far more ambitious scene (or treatment of that scene) in mind, and might then get discouraged when she sees all the work that's required in order to do it justice. She could also have him raise and lower the gun a couple times, as if he can't quite force himself to do it. This would have the practical benefit of reusing the same frames, so she'd get more motion per frame. StuRat (talk) 07:29, 20 April 2014 (UTC)
If you are looking for software tools, I suggest "key frame" or "key framing" is a better description that "morphing", e.g. Key_frame#As_applied_to_motion. As others have discussed above, it's not necessarily clear which way will be faster, there are too many variables and decisions. But, if you use some software to fill in between the key frames, then she'll learn another cool technique at the same time :) SemanticMantis (talk) 16:13, 21 April 2014 (UTC)
Here are a few threads and tutorials I've found dealing with your specific issue [1] [2]. There are reputedly iOS apps that "automagically" do interpolation between frames for you. That might be the easiest bet, if you have an appropriate iProduct and budget. SemanticMantis (talk) 16:25, 21 April 2014 (UTC)
I've also heard it called "tweening" at least in the case of Flash animation. StuRat (talk) 15:42, 22 April 2014 (UTC)

ASCII code of ″ ?[edit]

For instance, the article Eiffel Tower gives the tower's coordinates, aka 48°51′29.6″N 2°17′40.2″ or (in the 2nd page, when you've clicked the coordinates) 48° 51′ 29.6″ N, 2° 17′ 40.2″ E . My question is : what is the ASCII code and the Excel code of this character: ″ = a kind of quotation mark (the one I've got on my PC is " which is not the same).

In Excel, my problem is: when I use the function =CODE(″) I get 63 as the answer but when I reverse it, =CAR(63) gives ? and not ″ . Thanks in advance. 178.199.181.217 (talk) 16:07, 19 April 2014 (UTC)

I believe the double quote is as close as you will get in 7-bit ASCII codes. Some 8-bit ASCII code pages use character 211 as the closing double quote (with a different character for the opening double quote), so that might work.
I assume you meant CHAR(63), and I guess the problem is that it's using the returned character as a string terminator, which confuses things. Are you forming a string like this:
PRINT CHAR(63) 
? If so, try wrapping single quotes around it, like this:
PRINT ' // CHAR(63) // '
or maybe this:
PRINT "'" // CHAR(63) // "'" 
(Fortran syntax, but hopefully similar to Excel). To specify a different character, you'd likely need to go to Unicode instead of ASCII. Does Excel support Unicode ? StuRat (talk) 16:20, 19 April 2014 (UTC)
The characters referenced are the prime (′) and double prime (″) represented as Unicode values 2032 and 2033 (hex) or 8242 and 8243 (decimal). There is no direct equivalents in the 128 character ASCII character set, so the single and double quotes are commonly used as substitutes. In Excel 2013, these characters can be inserted in an expression as =UNICHAR(8242) or =UNICHAR(8243). The codes themselves can be extracted as =UNICODE("′") or =UNICODE("″"). (The latter string literal is a double quote, double prime, double quote sequence.) Earlier versions of Excel do not support the UNICHAR() and UNICODE() functions, but you can still paste unicode characters into a quoted string. The CHAR() function only supports 8-bit characters. Any other characters are first converted to the question mark, which is why =CODE("″") yields a 63. -- Tom N talk/contrib 18:12, 19 April 2014 (UTC)

There are Wikipedia articles linked from most printable Unicode punctiation: in this case, the info you want is at which redirects to prime (symbol). 70.36.142.114 (talk) 04:50, 20 April 2014 (UTC)

Thanks for all your comments. ALT-8243 in Word writes the searched "double prime" - great ! - but ALT-8243 does not work here with the Wikipedia editor and that does not work in Excel either. The function UNICAR is not available in my Excel 2007 but seems to come with Excel 2013. 178.192.217.219 (talk) 15:10, 24 April 2014 (UTC)

export list of people categorized by some criteria[edit]

Hi, In the previous century Michel Gauquelin created statistics relating people occupation and their zodiac sign. He did this manually, without a computer and Internet. Now we have a wiki and all these data are here. So I'm looking for a way (bot/script) that can export the list of people categorized by their occupation or other criteria + their birth date. I will import this in excel which will calculate the zodiac sign and will draw a nice graphs. Any idea will be good for me. Thanks in advance!

Nikolay — Preceding unsigned comment added by Jamezx (talkcontribs) 17:00, 19 April 2014 (UTC)

I can't directly answer your question but, rather than reinvent the wheel, you should know there are lots of astrological databases out there already (for example this one, and an astrological forum might be able to recommend one suited to your requirements.--Shantavira|feed me 08:48, 20 April 2014 (UTC)

Mutual friend in facebook[edit]

When I log in to facebook and type fist letter of the person to whom i have sent friend request and is yet to accept the rquest appears his picture and name appears below search box and also " 1 mutual friend " though i have none such presently.What does this mean.When i type an alphabet or a few letters in search box a list around 4 peoples picture appears in list form .How is people you may know list generated. Are they at random ?117.194.242.150 (talk) 17:59, 19 April 2014 (UTC)

Part of it seems to be location. Apparently they assume everyone in the same postal code must know each other. As far as "mutual friend" goes, I assume that means that both you and this guy have a common "friend". StuRat (talk) 18:42, 19 April 2014 (UTC)
No I have no mutual friends.117.194.242.204 (talk) 03:49, 20 April 2014 (UTC)
The suggestions I get for "you may know" are friends of friends (that is, they have a mutual friend with me). - Purplewowies (talk) 21:38, 19 April 2014 (UTC)

How to really remove Savings Bull[edit]

A friend of mine got the malware Savings Bull installed on her computer either from installing Skype or visiting a travel website. I have uninstalled it for her and cleaned it from her browsers and uninstalled every program that shows as installed on her computer this year, but it keeps coming back. I followed the online instructions that said to use a command prompt to look for associated files, but was not able to identify any. Does anyone have advice where to look at this point? I rand these instructions, but found nothing I could figure out should be removed at the regedit step: http://blog.qisupport.com/remove-savings-bull-filter-remove-pesky-adware/ Thanks. μηδείς (talk) 20:40, 19 April 2014 (UTC)

One thing to watch out for is Chrome auto-syncing settings. My wife accidentally installed something she shouldn't have a few days ago, and cleaned it up right away, but some of the less dangerous bits like the home page and search provider change got synced to her account. After logging back in, the settings came back, including on her android tablet. It was easy enough to clean up, but at first it made it look like the infection had come back on her PC even though it was only the browser settings.
What OS is she running? If she has Windows 8, then a system reset is simple and will almost certainly clear it up, but she'll have to reinstall her programs. All of her files will be safe. Katie R (talk) 12:33, 21 April 2014 (UTC)
  • It's Windows Vista. She doesn't use anything other than her browser and a printer. She's an 85 y/o travel agent so her needs are simple. The problem seems to have happened when her d-in-law installed skype. She always does the automatic install and imports a load of crap. Can I do a system reset for her without any risks? μηδείς (talk) 17:58, 21 April 2014 (UTC)
System reset is a Windows 8 feature that makes restoring the OS to its original state without hurting files very simple. Vista doesn't have something like that, but the system probably has a recovery partition that can be used to reinstall the whole system. There is usually some way to tell the system to boot to it at startup, but it varies from system to system. I would just back up any files she needs to a flash drive and try to figure out how to reinstall. The malware can probably be removed some other way, but it probably isn't worth the time to figure it out, especially since it doesn't sound like it will take much to get the fresh system working how she needs it. Just make sure to run Windows Update once you're done. Katie R (talk) 12:23, 22 April 2014 (UTC)
Hmm. My friend does still have all her original restoral disks. I am leary of reinstalling everything, but I will present it ot her as a possibility. μηδείς (talk) 21:34, 23 April 2014 (UTC)

Garage door switch (update and thanks)[edit]

Resolved

See Wikipedia:Reference_desk/Archives/Computing/2014_April_8#Name_that_electric_switch. I got the device to solve this problem, as you guys suggested, and it works great ! I've now disconnected the extension cord I had coming from the garage door light to power all my exterior lights, and I'm powering them from mains power, instead, but still triggered off the power pulled down by the garage door opener and lights (the garage lights are enough to trigger it). Special thanks to Vespine, who came up with the winning suggestion. StuRat (talk) 20:31, 19 April 2014 (UTC)

That's great! It's rare an answer on the help desk actually has a real world application :) Happy I could help.Vespine (talk) 22:57, 21 April 2014 (UTC)
Maybe more common here than on other desks. Thanks again ! StuRat (talk) 15:43, 22 April 2014 (UTC)

Topo maps for apps[edit]

If I wanted to make a smartphone app that required topographic data, would there be somewhere that I could get that data for free? I'm basically thinking of lat/long and elevation of various peaks. Thanks, Dismas|(talk) 23:21, 19 April 2014 (UTC)

Data from Shuttle RADAR Topography Mission is available at no cost. Nimur (talk) 16:41, 20 April 2014 (UTC)
There is also OpenStreetMap, if it covers the area you are interested in. Looie496 (talk) 17:06, 20 April 2014 (UTC)

Thank you! Dismas|(talk) 10:42, 21 April 2014 (UTC)

April 20[edit]

qusquestion SAMP[edit]

Good day, I think you can talk with developers SAMP-A (samp.com And I want to ask, if there are bugs about desynchronization. Us players SAMP say that there is a Bug SAMP about desynchronization , shows that the player under cheat GodMod Here's the video https://vk.com/video248294157_168450846 tell me it's a bug or not a bug? is there any such Bugs? Thank you sincerely team administrators Advance RolePlay (project SAMP). — Preceding unsigned comment added by 178.123.86.107 (talk) 17:47, 20 April 2014 (UTC)

I don't believe this is a genuine question, it looks like spam, SAMP dot com is some sort of ad website. I don't know how to do the fancy formatting thing, can someone mark or hide this section please? Vespine (talk) 23:04, 21 April 2014 (UTC)

I want detail[edit]

In Windows (7) file and folder listings I prefer to see file size and date information, but somehow something changed so that I see only the file names. How can I change it back? --Halcatalyst (talk) 21:48, 20 April 2014 (UTC)

There should be a small icon with a black triangle below the title bar at the right. Click on the triangle and select Details. That should do it. -- Toshio Yamaguchi 22:22, 20 April 2014 (UTC)
Thank you! I would say they did a good job of hiding it in plain sight. --Halcatalyst (talk) 03:39, 21 April 2014 (UTC)

USB 2 device on USB 3 port[edit]

When I plug a USB 2 external drive into a USB 3 port, I was surprised to get 25-40% better performance. Will plugging a USB 2 printer or scanner into a USB 3 port increase the speed the data gets transferred? Bubba73 You talkin' to me? 21:49, 20 April 2014 (UTC)

April 21[edit]

name of power cable[edit]

Is there a name for the type of detachable power cable commonly used in the US for computer and audio/video equipment, with a three-prong plug like the one on the right and the other end is like this and goes into this type of connector? Bubba73 You talkin' to me? 05:23, 21 April 2014 (UTC)

In the UK (with a different plug) it's called a "kettle lead", which led me to IEC 60320 Rojomoke (talk) 05:40, 21 April 2014 (UTC)
While I can't speak specifically for the UK, kettles from my experience and from my expectation from the standard and as per our article, should generally be C15/C16. That used in computers etc generally C13/C14. A C15 plugged power cord should generally fit and be safely used in a C14 socketed appliance like an ATX PSU, but a C13 plugged cord would generally not fit in a C16 socketed appliance which is by design for safety reasons. So while they may be called kettle leads because the often aren't distinguished, in reality while they are similar to they are not the same as most real kettle leads. BTW, the article on the connector is linked to from the images above as these are used there. Nil Einne (talk) 14:25, 21 April 2014 (UTC)
I had seen references to "IEC cable", and I thought they were referring to this type. But there are a lot of IEC connectors.
I had looked at the IEC 60320 article, but I didn't go down far enough to this IEC 60320#C13/C14 coupler section. Still, they are so common that it seems like there would be a nice name for them. Bubba73 You talkin' to me? 02:22, 22 April 2014 (UTC)

connection to database using php and mysql[edit]

<?php
$username = "root";
$password = "tiger";
$hostname = "localhost"; 
 
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) 
  or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
?>

i'm trying above piece of code to connect to mysql database but it always shows server error, both of php and mysql are successfully installed and configured. versions are php-5.2.17-Win32-VC6-x86, mysql- 5.6.17.0. any help is cordially welcomed14.139.187.94 (talk) 06:47, 21 April 2014 (UTC).

Formatted the code for you. --Canley (talk) 13:19, 22 April 2014 (UTC)
I take it you don't see the "Unable to connect to MySQL" message in the code? Does your php.ini file call the mysql extension (it should include "extension=mysql.dll")? And check if libmysql.dll is in the System32 folder. --Canley (talk) 13:32, 22 April 2014 (UTC)
Is the MySQL server actually running? I've wasted a bit of time trying to find similar bugs when mysqld was not running. Running mysql from the command prompt should tell you. Calling phpinfo(); from php should be able to tell you if php and mysql are talking to each other.--Salix alba (talk): 16:50, 22 April 2014 (UTC)

PGP decryption[edit]

When a disk encrypted with PGP is decrypted using the program on the hard drive, it takes a few hours to decrypt a 500GB hard drive. But if there is a drive problem and a recovery disk is used to perform the decryption (the CD can be removed once decryption has started), it takes about 3-4 days. Why is this? Dismas|(talk) 10:40, 21 April 2014 (UTC)

I don't know the answer, but it's possible that the barebones OS on the recovery CD is limited to one CPU core, or to a slower method of hard drive access. -- BenRG (talk) 05:32, 22 April 2014 (UTC)

samsumg tv volume problem[edit]

My Samsung lcd tv volume is very loud when i turn it on, and a black white rectangle bar appears on the bottom right next to the volume bar and does not go away the volume is over 100 and the bar becomes longer as you turn down the volume till it reaches 100 then it does not change but stays there the whole time i watch the tv, i have tried everything like turning off autovolume, factory reset, removing the power supply for 5 minutes and reset from the secret menu but nothing worked.Please help!!! click here for visual — Preceding unsigned comment added by 113.199.212.143 (talk) 11:52, 21 April 2014 (UTC)

I don't think we can fix your TV remotely. Have you tried the Samsung support website? If that doesn't help you will need to return the TV to your supplier if it's still under warranty, or else take it to a TV repair shop.--Shantavira|feed me 16:22, 21 April 2014 (UTC)

Good to know that you can't fix it remotely, you don't need to be so rude, i was just asking if anything could be done to solve it, or is it in some kind of mode, i don't need your stupid answer. — Preceding unsigned comment added by 113.199.212.143 (talk) 16:48, 21 April 2014 (UTC)

  • User:StuRat may have something helpful to say. You might see if there's a way to reset the TV to factory settings. You can also check, if you have a cable box, to see if you can lower the cable volume, although a 100 output from the TV is still probably going to lead to some distortion. And, of course, call Samsung at the number on your user's manual. BTW, I have a Samsung Plasma, and it is absolutely wonderful, never had any problems, never seen a better picture. μηδείς (talk) 17:54, 21 April 2014 (UTC)
  • Indeed, I had the EXACT same problem. My big-screen TV behaved as if it was getting the "volume up" signal from the remote, constantly. I solved the problem by creating a FrankenTelevison. I happened to have another small, portable TV with a bad display, but decent audio, so I sent the audio output from my cable box there and the video output continued to go to the big-screen TV. I then had a working setup, with the only inconvenience being that I had to use the portable TV's remote to change the volume.
  • That portable TV later died completely, at which point I sent the audio to a set of $30 standalone speakers (unfortunately they lacked a remote, so I had to turn the volume dial directly on the speakers). Headphones/earbuds might work, too. Also note that even with no audio coming in, I still got an annoying hum coming from the big-screen TV on max volume, which I solved by opening it up and cutting the speaker wires. That shut it up for good. (Be careful when working on a TV, as even after it's unplugged the capacitor can hold a charge, at least in that old CRT model.) (If there's a prize for jury rigging, I'm definitely in the running.)
  • Another option,if you are getting your TV channels from antennas instead of a cable box, is just to use two TV's independently, one crappy TV for audio and your current TV for video. You would then have to change both channels separately to get the audio to match the video, and still might want to cut the speaker wires on the loud TV (I suggest you put electrical tape on the ends). Inconvenient, but it's an option. StuRat (talk) 23:28, 21 April 2014 (UTC)
Questions
  1. Are you using the original TV remote or a universal? Do you also have a cable box/receiver remote that controls the TV volume?
  2. Are any of the remotes RF or are they all IR remotes (if they are IR they'll have that little "eye" on the front that needs to be pointed in the direction of the TV)? Do you have any other RF remotes in the house, like a car remote starter, rf-based alarm system, etc.?
  3. When you reset it and turn it back on, does the volume start lower than 100 and go up or does it always start at 100?
  4. Are the buttons on the tv set responsive (channel/source/maybe even volume)?
I'm having trouble picturing the different on-screen elements and volume levels, but it sure sounds like it thinks its getting a steady supply of the "volume up" signal. Makes me wonder if there's a broken remote somewhere or a broken button on the set. If that were the case it would also account for why the volume bar doesn't go away. --— Rhododendrites talk |  19:05, 21 April 2014 (UTC)

I have a universal remote now but the tv had the problem way before i had the universal remote, cable box can turn down only it's own volume but not the Tv's, i have other rf and ir equipments but i doubt they are causing it as the volume is way over 100 from the start up, it does not go up it starts from 100+ and every button on the remote works.click here for visual — Preceding unsigned comment added by 113.199.241.206 (talk) 12:29, 22 April 2014 (UTC)

Again that sounds just like my problem. I believe the receiving unit mistakenly thought it was getting a "volume up" signal, even though the remote wasn't sending one. I suppose the proper fix would be to replace that component.
As far as implementing my workaround goes, how is the cable box connected to the TV ? Do you have separate video and audio cables (or the ability to use separate cables, if not currently doing so) ? If so, do you have another device (standalone speakers, radio, another TV, etc.) you can plug the audio into ? It looks like the volume bar will always be on the bottom of your screen, but I assume you can live with that. StuRat (talk) 15:08, 22 April 2014 (UTC)
It could be the volume up button on the TV. If it's jammed, then it's just a simple mechanical fix. If it seems to click fine, then there may still be an issue with the contacts in the switch itself, or something conductive got in the case and is causing a short near the switch on the circuit board. Katie R (talk) 15:24, 22 April 2014 (UTC)

I don't know how i can describe my problem clearly, no buttons are stuck, volume works just fine but there's another little volume bar next to the volume bar, the original vol bar goes away like in normal TVs but the tiny guy stays there, it grows longer as i turn down the volume to 100, then stops growing when i turn down the volume from 100.So it's like this i open my tv, it's too loud, i try turning the volume down, i notice the volume is way over 100 (like 200 or something) the second bar appears, it grows as i turn down volume, stops growing after it reaches 100.I have a speaker as part of this media player but the bar still appears even after it is disconnected. — Preceding unsigned comment added by 113.199.230.212 (talk) 17:20, 22 April 2014 (UTC) Ok i noticed something when i use the timer to turn on tv during a particular time with set volume, this bar never appears and everything works fine no loud volume nothing, but this method is too much work just to watch a tv. — Preceding unsigned comment added by 113.199.230.212 (talk) 17:33, 22 April 2014 (UTC)

If it's new enough, check the user manual to see if there is a firmware update procedure. If your TV has a USB port you can usually download the latest firmware from the manufacturer and install it from a flash drive. Obviously it may not fix the problem, but it's a good place to start when you're having bizarre issues like that. Katie R (talk) 18:45, 22 April 2014 (UTC)
Your diagram was helpful. If I understand your descriptions, the right "bar" stops its leftward growth when the volume number is under 100. Maybe your TV isn't properly erasing the right-most pixels of three-digit volume numbers. To remove the right "bar", try bringing up a full screen menu, then exiting it. This might overwrite the left-behind graphics and then properly erase them.
However, there's still the problem of your TV starting on a loud volume over 100 when you turn it on. When did the problem start? What is the TV supposed to do normally? (Does your TV normally max out at volume 100? Does it normally remember the last volume you used?)
What is the exact model number of your TV? If you search online for the model number, you may be able to find official information about the problem from a Samsung website, or else find out if other people are having the same problem and have any ideas how to solve it. --Bavi H (talk) 02:05, 23 April 2014 (UTC)
It sounds to me like you have two volume controls, one on the TV itself and one coming from some other device, like the cable box. I'm guessing the TV has a feature of auto-leveling the volume, so that it turns the volume up if it detects a low volume coming in. Unfortunately, it seems to think the proper setting is quite loud, so compensates to bring it up to that level. I'd look through the manual to see if there's a way to disable that auto-leveling volume. StuRat (talk) 19:43, 23 April 2014 (UTC)

April 22[edit]

What kind of quality control does open source software have?[edit]

At my job, in order to get code in production, we have these layers of quality control:

1. Developer unit-tests code
2. Second developer does code review
3. QA tester tests the code in our test environment
4. Users test the code in our test environment. QA approval is required before going to the next level.
5. QA tester retests the code in our integration environment.
6. Users retest the code in our integration environment. Both QA and UAT approval is required to go to the next level.
7. Change is presented to the Change Approval Board containing representatives from the development, DBA, QA and infrastructure teams). All coding changes must receive signoff from the board.
8. Immediately after going to production, either QA or users will retest the change. QA/UAT approval is required to keep the changes, otherwise, they will be rolled back.

In addition to the 8 stages of quality control:

9. Developers run automated JSLint code checks.
10. We hire an third-party vendor to perform yearly security penetration tests.

Despite all these checks, most developers don’t think we do enough quality control. We are currently working on adding an 11th layer of quality control using automated testing, and I am recommending to my boss that we use another automated tool (Resharper) for quality control.

My understanding is that open source only has the first two layers and possibly automated testing. Is my understanding correct? AnonComputerGuy (talk) 07:48, 22 April 2014 (UTC)

It's going to vary from project to project. A lot of small ones are run by one developer, using whatever process they want. Some larger ones are sponsored by corporations that have their own quality processes in place. The Linux kernel is controlled by one person, but tons of devs work on creating and testing updates before they get added. Here's a document describing the Linux kernel patch process: [3] Katie R (talk) 12:15, 22 April 2014 (UTC)
I think a different form of quality control exists in open sourced software. After a programmer writes and tests his code, he submits it and it goes on the list of available additions to the open-source code. Various people download and install it, test it out, and report the results on a wiki they've set up for such a purpose. If it gets good reviews, more people download it, and they might include it in a package with other bits of software that got good reviews. If it gets bad reviews, few people will, and they might even remove it from the list entirely. So, it's like what you'd call customer beta testing. The hope is that more testers will ultimately make for a better product. Also, the time pressure isn't the same with open-source code, so you can spend as long developing and testing as you want, no need to rush out some serious flawed code. StuRat (talk) 15:21, 22 April 2014 (UTC)
I've been a programmer for over 40 years. I earn exceedingly good money doing it - and I've worked for companies with spectacularly good records for producing solid, reliable code, so I hope I speak to you with some experience.
There are really many problems with the approach that our OP's company is taking here:
  1. It's horribly expensive. Programming is never cheap - but doing this level of scrutiny has to be making it ten times more costly.
  2. It's inevitably going to cause lots of delay. That will result in urgent bug fixes struggling through the ten layers of approval appearing weeks after they would ordinarily have been released. Depending on the business you're in - that could be a disaster.
  3. Programmers **HATE** it. Your company ideology may make it impossible to speak up and say it. You may say that they should suck it up and do it - or you may say that this would just be unprofessional - but the fact is that if you want to recruit the best of the best, you're going to have a VERY hard time doing it if you tie them up in ten layers of red tape and stomp any signs of creativity into the dust. The result of that is that you get crappy programmers on your team...and now you NEED all of those layers of oversight because they are writing awful code and making a ton of bad design decisions. Programming is a very unique field of human endeavor - the best programmers are easily 100 times more productive and 100 times more accurate coders than the worst...so by effectively rejecting those great talents, you're probably getting an error rate that's 50 times worse than it could be - and that's why you need all of those layers of red tape just to pull it back to something relatively sane. The biggest problem with programmers is communication between them - having ten grade A programmers instead of a hundred grade-C programmers reduces the inter-programmer communications a hundredfold...and that's going to drastically lower the opportunities for screwups.
  4. Your testing is only as good as the specification documents that describe what the software should do. Unless you have at least this much scrutiny on specifications, all of this is a complete waste of time.
  5. Making it this hard to get a change into code is a strong disincentive for your programmers to refactor code that's perfectly functional but inefficient or hard to understand. That means that your code will get harder and harder to understand - and this is by far the biggest cause of problems over the long haul.
The company I work for has one layer of QA testing and one layer of end-user testing. We employ the best programmers money can buy and spend the least we can on red tape. We have an excellent record for solid code and we can turn out changes rapidly and be very light on our feet - since our overheads are low, we are very profitable. I've also worked in shops with higher levels of red tape - and I've found it strongly counter-productive. The OpenSource model proves that. Most OpenSource code is extremely high in quality - despite having essentially zero of the steps you describe.
That said, it all depends on what you're doing. If you're writing video games, then a not-very-serious bug may be largely unimportant. If you're writing the flight control code for a 747 airliner or the control code for a nuclear reactor - then the kinds of scrutiny you employ is highly recommended because lives depend on there not being hidden bugs.
Consider the steps you've put in place here:
  1. Developer unit-tests code -- (To pick a ridiculously simplistic example...) If the programmer who is writing code to calculate the square root of a number doesn't realize that you shouldn't take the square root of a negative number - so he fails to put in an error check for that case - then he's not going to include the test that attempts sqrt(-1) in his unit test data...so this approach never finds the cases he hadn't thought of when he wrote the code...so this doesn't work very well. Basically, he only writes test cases for the error cases he knows about...and those (of course) work just fine. Ideally, test cases come from some requirements document - but you need to review your requirements with at least as much oversight as you review the code that implements that requirement. If the requirements for the square root code says "Shall produce an error message if the input parameter is less than zero" - then it'll get tested for - but if your requirements also fail to note that you can't take a square root of a negative number - then the error will likely go all the way through into production when some hacker with more brains than your team wonders whether you've tried that.
  2. Second developer does code review -- See Rubber duck debugging. Basically, the second developer falls asleep while the original author explains his code. Sometimes, in the course of explaining it, the first programmer finds his own bug...but it's far from certain.
  3. QA tester tests the code in our test environment -- This is probably very effective at finding problems, but only if you have really good QA guys. If you're paying your QA guys a third of what you're paying your programmers - then you probably don't have good QA guys.
  4. Users test the code in our test environment. QA approval is required before going to the next level. -- Who are these "users"? They probably do the routine operations they almost always do - and those (of course) work OK - the problem cases are in the unusual use patterns, which they probably won't happen until the software is used by people who are not in your focus group.
  5. QA tester retests the code in our integration environment. -- If these are the same people who did step (3), they'll probably run the exact same tests - so the odds of them finding a bug that wasn't there in round (3) is small. If your "integration environment" differs greatly from the environment that your programmers originally did their own testing in - then that's something you should urgently fix! Encourage people to commit early commit often so that integration isn't a big step. If you're putting code together that has never been together before on the programmer's desk then you should expect huge problems because the programmer (who finds more bugs than anyone else!) never got a chance to experience them. A model of continuous code improvement is FAR better than alternating development and integration steps. SCRUMM-based approaches where a usable, integrated codebase is maintained more or less continuously is the modern way to do this.
  6. Users retest the code in our integration environment. Both QA and UAT approval is required to go to the next level. -- Same problem as with step (5).
  7. Immediately after going to production, either QA or users will retest the change. QA/UAT approval is required to keep the changes, otherwise, they will be rolled back. -- Same problem as with step (5).
I very much doubt that you're getting more bugs than if you just did steps (1), (3) and (4)...and I'm certain that all of the red tape is shackling the best minds you have and scaring away the best you might have. I bet that encouraging code refactoring rather than discouraging it would yield massive improvements that layering on more red tape is going to prevent.
SteveBaker (talk) 18:26, 23 April 2014 (UTC)
My background is as a semiconductor engineer who mostly used code written by others and occasionally wrote code for which no off-the-shelf application existed. Also as a disaster volunteer who has to work in conditions of limited or no infrastructure. I think the comment by SteveBaker, 'Who are these "users"?' is critical. The "users" selected for testing new software typically work in well-equipped offices with the latest computers and operating systems. They are more likely than the average business user to have administrator privileges on the computer they use for testing (but not always). When the average or below-average user gets the released software, installs it on his personal XP laptop from 2005 (the one his teenage son set up and wisely did not give Dad administrator privileges), and hauls it to a brush fire that just burned down the local cell phone tower, that's when the software will get a real workout. Jc3s5h (talk) 19:00, 23 April 2014 (UTC)
As far as Administrator privileges go, they should have an Admin login where they can set up test data, etc., and a user login with no special privileges, which they use for the actual testing. StuRat (talk) 15:24, 24 April 2014 (UTC)

Changing new tab default page in Google Chrome[edit]

When I downloaded Yahoo Instant Messenger, it apparently snuck in some crap I don't want. It set Bing to be my default search engine, home page, and the page that pops up when I open a new tab. I was able to fix most of that, but it still comes up, via something called "Conduit", when I open a new tab in Google Chrome. How do I get rid of it, hopefully replacing it with Google ? O/S is Windows 7, 64 bit. StuRat (talk) 13:32, 22 April 2014 (UTC)

It's in: Options - Settings Click on the lines at the top right of the Chrome window to find these.217.158.236.14 (talk) 14:23, 22 April 2014 (UTC)
I went through the settings, that's how I fixed everything else. But I didn't find a setting for the page you get when you open a new tab. Where is that set ? StuRat (talk) 15:13, 22 April 2014 (UTC)
You've probably installed some sort of malware. My wife got hit with it a few days ago through a fake Flash update. It also blocked things like system restore and Windows Defender. After removing it (used Win 8 System Reset because we didn't feel like spending time fighting the infection), the home page and search provider settings came back becasue of Chrome's cloud sync, but since the infection was gone she could set it back. Katie R (talk) 14:41, 22 April 2014 (UTC)
StuRat, it's in Appearance / New Tab.217.158.236.14 (talk) 08:01, 23 April 2014 (UTC)
I have Google Chrome version 34.0.1847.116 m, and when I go to Settings + Appearance, I don't get a "New Tab" option. I get "Get themes" and "Reset to default theme" buttons and check boxes for "Show Home button" and "Always show the bookmarks bar". Under "Show Home button" is an option to change the web page, but I changed that to Google, and it had no effect on the page where a new tab opens. StuRat (talk) 14:03, 23 April 2014 (UTC)
Here are the settings I get http://i.imgur.com/jCVznPW.jpg It could be that your administrator has disabled this option, if you are on a work computer. Sorry I couldn't give you a definitive solution 217.158.236.14 (talk) 15:41, 23 April 2014 (UTC)
Those are the same options I get. I think you misinterpreted what they do, though. They allow you to specify what the Home Page button does, one option of which is to go to the New Tab page. So that's the reverse of what I want, which is to set the New Tab page to go to the Home Page. StuRat (talk) 16:23, 23 April 2014 (UTC)
There is a button that lets you just reset all browser settings. It's annoying because it will disable any extensions, clear saved passwords and reset your cookies, but it will definitely get rid of the setting. When I search for "new tab" the only hits I get are the option to open the new tab on startup and the reset button, which mentions changing the new tab page back in it's warning message. Navigating Chrome's settings has always annoyed me... Katie R (talk) 16:52, 23 April 2014 (UTC)
Yea, I was about to do that before I decided to post here first and see if there was a way to avoid the "nuclear option". StuRat (talk) 15:27, 24 April 2014 (UTC)

The Flash Crash- the explanation.[edit]

Hi, Your explanation of the Flash Crash of May 6, 2010 is incorrect. There is no published work to use as a reference because all the answers from professors to media outlets, the sec, etc. are not true. I have sent our material to the sec, many professors, all the media outlets, investigative journalists and they all refuse to get involved. They don't want their government funding, jobs and careers to change. We have the entire explanation of the Flash Crash and the code that caused it. This is the time to clear up this issue. Many of the people who talk about the Flash Crash do not know what caused it and are just repeating what they've been told. It is a beautiful code written by a brilliant programmer.

I don't want to go into details about the code here because it's a public venue and I don't want our material stolen. One more thing, the stock market goes up and down everyday because of this code. The direction of the market is known 4-5 days ahead. The Flash Crash was broadcast to the insiders starting on Tuesday May 4, 2010.

The published papers on the crash are all incorrect and many do not answer the question. I have contacted some of these people and given them my material. Their papers are still on the internet.

I will reveal everything we have. Again we do not know who receives this information but we do know who controls the feed that delivers the code.

James Wales has a requirement on Wikipedia that your material must be backed up by published papers. That idea would be great if the published papers were reviewed by others and allowed to be criticized. It's not easy to get published. You have to know someone, have a PhD or be someone who has a respected position. I can tell you now that by doing that the public doesn't get a chance to question any explanation. If he/she said it it must be true. That's not what a free country is all about.

I look forward to hearing back from all of you. You will not be disappointed. Our documentation of the code is perfect. This information is not our original material. It is not our code so please don't use that as an excuse not to look at what we have. Also if you all don't understand the material then don't let that stop you. It's not baby food. It should be vetted out in the public by many people so the professors and all the others can't hide behind their positions.

Thank you, Patty

38.121.16.160 (talk) 15:51, 22 April 2014 (UTC)

The place for this is on the talk page for that article. However, I'm skeptical that you can consistently know the direction the market will take 4-5 days in advance, as that day's events will certainly have an effect. StuRat (talk) 16:14, 22 April 2014 (UTC)
Wikipedia may not be used for telling the world about your company, band, charity, religion or great invention. --ColinFine (talk) 22:46, 22 April 2014 (UTC)

Retro-Bit USB joystick still doesn't work on Linux[edit]

I downloaded the fix to the Retro-Bit USB joystick adapter on Linux from this page, but it doesn't work. The module builds OK, but attempting to install it gives errors:

# rmmod ./hid-atari-retrobit.ko; rmmod usbhid; insmod ./hid-atari-retrobit.ko ; modprobe usbhid
Error: Module hid_atari_retrobit is not currently loaded
libkmod: kmod_module_get_holders: could not open '/sys/module/usbhid/holders': No such file or directory
Error: Module usbhid is in use

The readme file talks about testing the joystick with jstest /dev/input/js0, but even though I seem to have the jstest program, no device /dev/input/js0 shows up. The joystick still works like before, I can only move right and down, not left or up. What should I do here? JIP | Talk 15:54, 22 April 2014 (UTC)

Why does Java hate me[edit]

Sometimes I use Java-based software online (e.g. games, and not just from one site). The thing is, it loves to crash. It happens on my desktop (64-bit Windows 7), laptop (32-bit Windows 8), and same desktop when it ran 32-bit Bodhi Linux on a different hard drive. I have used three different web browsers as well (Firefox, Chrome, Midori). All three of the computers use very current hardware. The weakest link in the current desktop setup that I'm writing this from is RAM at 12GB, but that should be far more than enough.

Each time I look for help it tends to involve uninstalling, reinstalling, or updating Java. All of these have been done multiple times so, since the problem has caused me grief for at least 2 years now, this has applied to several versions of Java, including the most recent.

It doesn't always crash, and once in a while I can make it a good 45 minutes to an hour without it happening, but it happens regularly enough to be a pain. I haven't been able to tie it to any other resource heavy programs or processes running at the same time, but it certainly happens more frequently when running more than one Java program.

The only thing I can do is to kill the Java process, close the browser, and reload the page that launches Java (or kill the process of the independent [downloaded] program and relaunch it).

When I run Java with the console open, the console just freezes up, too, without giving me any information.

Ideas appreciated. --— Rhododendrites talk |  17:18, 22 April 2014 (UTC)

It would significantly narrow down the space of solutions if you can distinguish between two types of crashes: a crash of the Java VM, and an unhandled runtime exception in the Java application or applet. Do you know how to tell these two very different problems apart? Once we know which is occurring, we can help debug your problem.
As an aside, I take mild exception to the question - because Java isn't terrible. Some of the brightest software engineering minds of the 20th century worked to create Java, but when Sun Microsystems became insolvent as a standalone business, those programmers found employment elsewhere; particularly when the Java technology platform was acquired by Oracle. A band of inept marauding hoodlums now occupy the hallowed ground of Sun Microsystems' headquarters, and they didn't even bother to take the sign down - they just painted over it like vandals. James Gosling barely survived for almost six months inside the evil beast, including a near-death experience with a P-51 Mustang, before he realized Google was awful and was killing Java, so he bailed and moved to Hawaii to program robot Java submarines. So, Java may be suffering from bitrot on your operating system, but Java itself is not terrible.
Nimur (talk) 04:08, 23 April 2014 (UTC)
Hmm. I don't know. What's the best way to tell the two kinds of crashes apart?
Also, fair enough. :) Heading changed. --— Rhododendrites talk |  05:40, 23 April 2014 (UTC)
Basically, we need to find the crash log. If you are running Java from the command line, this will be the last few lines printed to the terminal when your application "goes away." Essentially, if the error log looks like this, with a bunch of # hashmarks and a statement about "Java VM" then you've hit a VM crash. We'll definitely want the text of that message. If this occurs, the bug is in Java itself (or, in a native library used by the application, applet, or plugin container).
Alternately, if the last lines print out a Java backtrace, the crash happened inside the application. Java backtraces are very verbose, and include a lot of symbolic package names (you'll see exactly which piece of application logic failed).
If you don't know where to get the Java crash log, or if you don't run the program in a terminal, check your System Event Log on Windows. Nimur (talk) 14:55, 23 April 2014 (UTC)
The Java browser plugin was always bug-infested, even when Sun maintained it. The security model also has serious design flaws that mean that even a bug-free implementation would probably be unsecurable. It's a good idea to keep Java-in-the-browser disabled by default, if you install it at all.
Regarding Gosling's short time at Google (if that's what you're talking about), he said "I had a great time at Google, met lots of interesting people, but I met some folks outside doing something completely outrageous, and after much anguish decided to leave Google." Since he's a living person, we should probably leave it at that unless you have incontrovertible evidence that he's lying.
As an apparent supporter of open-source software you shouldn't have been rooting for Oracle in Oracle v. Google, the case where Oracle tried to assert control over Dalvik. Any ruling in favor of software patents tends to be bad for open source, and a precedent establishing copyrightability of APIs could have been seriously problematic for, say, Linux. -- BenRG (talk) 19:53, 23 April 2014 (UTC)
We're way off topic; but for the record, I was rooting for OpenJDK, an entity that remained unrepresented in the legal proceedings between Oracle and Google. But, there are nuances to the issue that are pretty complicated. And there is a reason why both I and Mr. Gosling reason that Oracle held the moral high-ground - which I will grant is a rarity - in this particular instance. Here's a direct quote: "Just because Sun didn't have patent suits in our genetic code doesn't mean we didn't feel wronged. While I have differences with Oracle, in this case they are in the right. Google totally slimed Sun. We were all really disturbed..." Nimur (talk) 23:27, 23 April 2014 (UTC)

A possible thing you could try is to give java a bit more memory to run in. There are switches which you can set when you run from the command line. I'm not quite sure how you would set these when its a browser plugin though.--Salix alba (talk): 15:24, 23 April 2014 (UTC)

Is there any desktop enviroment (for pc linux) without x window?[edit]

Is there any desktop enviroment (for pc linux) without x windows? 201.78.176.96 (talk) 17:45, 22 April 2014 (UTC)

See X Window System#Competitors. I believe that Maui is a Linux version with a full-featured desktop environment which does not use X. Unity in Ubuntu will have an option (or default) to not use X in a future release (version 8 of Unity).
It might not be what you were wanting, but Android uses a Linux kernel but not X. There are versions of Android for desktop computers.-gadfium 22:14, 22 April 2014 (UTC)
Also Chrome OS works on a standard PC and its desktop environment isn't X-based, but it may still ship with X and its desktop may still be drawn in a single full-screen X window (I'm not sure). -- BenRG (talk) 18:07, 23 April 2014 (UTC)

April 23[edit]

OpenSSL[edit]

Apropos of this "heartbleed" thing, how can it be that something so critical to the operation of modern society can be left to a group of "11 members, of which 10 are volunteers, with only one full-time employee", with development of critical functionality apparently left in the hands of some random developer, with obviously no proper checking whatsoever? How is it that major companies tolerate using a system developed in such a half-arsed and amateurish way? 86.128.2.169 (talk) 02:34, 23 April 2014 (UTC):To be fair, many people use alternative software products to implement secure transport (SSL and its ilk) that were not affected by the CVE-2014-0160 vulnerability. Many commercial operating systems do not use OpenSSL, and those software companies hire their own software teams to implement or integrate alternative versions of the SSL protocol. This obviously does not mean that such software is free of defects; but it's quite a mischaracterization to suggest that the volunteers at the OpenSSL team are the sole provider of this type of service. They are simply the most popular provider of a free software solution. Consider Dropbear, which is also free and open-source software.

OpenSSL is distributed under a license that expressly disclaims liability and states that the software is "as-is" with no guarantee of fitness for any purpose. This isn't just legalese nonsense - it means that any person or company who chooses to use OpenSSL is accepting the fact that its creators are not paid to provide support or to offer liability.
One advantage of commercial software - whether it is free software or not - is that a business arrangement can be made to assign liability. That means that a client can hold the software-provider accountable - and can bill them for financial damages - if the software has a defect.
Commercial software providers who accept such terms would be unwise if they started incorporating software that they can't be accountable for. Software companies hire experts, which categorically means there are more than a small team of volunteers who look over such projects.
As a perfect example: my credit union (in which I have obvious financial stake) performed a full internal audit in the wake of the Heartbleed bug; and they sent me a fantastic summary report replete with technical details. Their computer experts verified that OpenSSL was not ever used on any of our servers; and therefore our financial data was never jeopardized by the CVE-2014-0160 vulnerability. But here's the juice - as client, I don't need to care if my credit union screwed up, or if they used open-source software, or if an open-source-programmer screwed up... because if any of those screw-ups happened, then the finanical institution is liable, and I am insured (it is a federally accredited, NCUA-insured institution). If their misfeasance with software caused my money to get lost, I can legally get my money back.
But, as a stockholder in the union, though, I definitely care that they've done the right thing and taken precautions! I prefer that the credit union follows best-practices, provides transparency and accountability, and minimizes their liability, because that means that our group isn't losing money in the aggregate.
So, in this case, we have accountability at so many layers, from the financial transactions to the software vendor who provides the server infrastructure, all the way to the individual retail-banking-style members. We pool our resources to make sure we have the right technical and legal experts to protect our communal assets. Our credit union doesn't depend on ten or twelve open-source-software volunteers to watch our backs for us. I emphatically hope that everyone else's financial institutions are as diligent and transparent!
Long story short - whoever told you that "the whole world" is banking on ten or twelve volunteer open-source programmers has completely misled you.
Nimur (talk) 03:32, 23 April 2014 (UTC)
Most of the software that's powering the Internet was written (and donated for free) by unpaid programmers. Most web servers run Linux with Apache doing the web serving, MySQL doing database handling, PHP doing page generation (this is such a common combination, we use the "LAMP" acronym as a shorthand way to say it). A good chunk of people use Firefox and Chrome to view the resulting content. The software you're using right now to run Wikipedia ("MediaWiki") is entirely OpenSourced and written by volunteers.
Linux alone contains around 16 million lines of code - and it's estimated that for a commercial organization to rewrite it would cost them around $1.3 billion dollars. It is absolutely certain that there are horrible security breaches to be found there - and it's more than likely that new breaches are being created at about the rate that old ones are fixed!
But the sad fact is that software written by giant corporations is rarely much better. Recall the SPECTACULAR cost of the Y2K problem - scarcely any OpenSourced software fell vulnerable to that. Y2K cost the world around $300 billion ($400 billion at todays' money value) to clean up...heartbleed is scarcely a blip compared to that. The recent Target security breach caused 40 million credit cards to be compromised...and we're talking names, numbers, expiration dates, home addresses and the CVV codes - bad publicity lost Target 3% of their business for over a month - which is hundreds of millions of dollars in losses - other similar breaches in entirely commercial software have caused hundreds of millions of credit cards to be compromised! All of these dwarf OpenSSL's problems.
It's truly unfair to point to the authors of OpenSSL when the problem is more or less universal. Any piece of software more than a few thousand lines long is more or less certain to have bugs of some kind...many of which are remotely exploitable. The problem with commercial software is that the owner of the code may seek to cover up the problems and could take a very long time to come up with a solution. With OpenSSL, the bug was fixed within hours of being reported and the patch was available for people to download within less than 12 hours. The reason for that speed is that when the source code is available for anyone to look at and update, fixes get done rapidly and the need to upload the fixes is widely broadcast.
Consider this breach. The companies affected by the problem reported a problem with software that's used for around 40% of all VISA and MasterCard payments in August 2008 - it wasn't until they called in the US Secret Service and two companies who specialize in network security that they found the problem in mid-January 2009. In terms of potential damage, that's horrific.
Heartbleed has hit the news mostly because it's relatively comprehensible to the layman (Here is a cartoon that does a pretty good job of it: http://xkcd.com/1354 ) and it seems so obvious. But that's just 20/20 hindsight. There are millions of bugs out there just waiting for someone to exploit them - most of them would require nothing more than a one-line fix - and most could be found if only someone had the time, money and enthusiasm to seek them out. I very much doubt that any sizable piece of software that runs the web infrastructure is perfectly secure for that reason.
As security holes go, heartbleed is only patchily useful. When you write the exploit code (which is really very easy), all you get is a big pile of utterly random binary garbage back - you still have to recognize that some sequence of bytes is a security code or a credit card number or a password rather than (say) the partial contents of an image file containing a photo of the company's cat. That's decidedly not-trivial. Other bugs allow you more direct access into the target machine and are likely to be of more interest to serious bad guys.
SteveBaker (talk) 17:28, 23 April 2014 (UTC)
It's not hard to find credit card numbers or server private keys in data extracted via heartbleed. Both searches can be automated, and tools are in the wild now allowing script kiddies to do it.
Some buffer-overrun bugs are subtle. The check might be invalidated by integer overflow, or by a later change to seemingly unrelated code. Heartbleed was not subtle. It was a bare memcpy in brand-new code whose length was simply not checked at all against the size of the source buffer. If you're doing a security audit of C code that contains a memcpy, this is the first thing you look for (well, the second thing, after the destination-size check). The people who allowed this code into OpenSSL without checking it for buffer overruns shouldn't be responsible for security-critical code. This is "20/20 hindsight" in the same sense that the sudden bankruptcy of a financial institution makes you realize in hindsight that the people running it were never competent. -- BenRG (talk) 19:00, 23 April 2014 (UTC)
SteveBaker, most of Linux wasn't written by unpaid volunteers. Take a long, hard, un-propagandized look at the list of people who have commit access to the kernel. Take a look at how many of those people are on the payrolls at Intel, or IBM's Linux Technology Center, or are professors at universities who receive government grants to perform research and development on computer systems. Most of the hardware drivers available for linux, and built into linux, are produced by salaried employees at hardware vendors. A handful of projects actually are run by real volunteers - but "most of linux" is free software because certain companies believe that free software is good for business.
And even MediaWiki, which is now open-source free software - is now most actively developed by people who are salaried employees of the Wikimedia Foundation. Nimur (talk) 20:58, 23 April 2014 (UTC)
There is definite misfeasance at play here. It's irresponsible for developers to release anything to production without first having it tested by a separate group of QA testers. Developers are not QA testers anymore than they are UX experts. There's a serious problem in our industry. A Quest For Knowledge (talk) 23:59, 23 April 2014 (UTC)
The OP could equally have asked: How can a billion dollar company with thousands of employees, convince so many millions of people, to pay out good money time after time, for software that is defective by design. So globally costing its customers millions of dollars each month to mitigate its inherent vulnerabilities, only to find that then, they are then forced over to a new version and have to start all over again? Microsoft: Let’s Talk About Heartbleed® (Reported by Our ‘Former’ Security Chief) While the World Migrates From XP to GNU/Linux --Aspro (talk) 01:07, 24 April 2014 (UTC)

Possible software conflicts?[edit]

Can installing an add-on JDK or JRE on Windows 8 cause Microsoft Flight Simulator X to become non-operational? If so, are there any JDK's or JRE's out there that are known NOT to have this effect? Thanks in advance! 24.5.122.13 (talk) 04:53, 23 April 2014 (UTC)

I've never had a problem having Java installed alongside that game. Palmtree5551 (talk) 16:49, 23 April 2014 (UTC)
In my case, shortly after I installed Java in order to activate a chemical drawing program I needed, FSX crashed so bad that it wouldn't even uninstall or reinstall properly, much less run -- I had to nuke and pave my system to get this resolved. But I don't know if this was because of Java, or for some other reason. 24.5.122.13 (talk) 22:27, 23 April 2014 (UTC)

Looking for recommendations for a proxy server that runs on Windows[edit]

I want to run a proxy server on my LAN for the following two reasons:

  1. To block ads. If I can block ads at the LAN level, this saves me the trouble of installing multiple ad-blocking apps across all my browsers and computers. Also, if I block ads at the LAN level, this should also block ads on my mobile devices such as my iPad and my Chromebook.
  2. To monitor all network traffic. After reading that 40% of iOS and 41% of Android banking apps accept fake SSL certificates, I want to know which of my mobile apps are using SSL and which ones aren't.

I am looking for something that runs on Windows. And since I have no experience with proxy servers, something that has a good UI. Does anyone have any recommendations? I have never setup a proxy server so I'm not sure what's good or what's commonly used. A Quest For Knowledge (talk) 22:45, 23 April 2014 (UTC)

FWIW, the Microsoft solution would be Microsoft Forefront Threat Management Gateway, but I doubt that would be practical or necessary for what you want to do. Vespine (talk) 22:53, 23 April 2014 (UTC)
I use Privoxy, but it doesn't have a configuration GUI as far as I know; you set it up by editing text files, which is not too difficult.
It sounds like you want to avoid apps that use SSL. That's probably a bad idea because whatever they use instead is likely to be worse than SSL, even SSL without certificate validation. What you really want is a proxy that will (optionally) try to mount a MITM attack on all SSL connections, so you can figure out which apps detect the attack. Privoxy doesn't do that, but this thread mentions a bunch of proxies that do. I haven't used any of them, though. -- BenRG (talk) 04:48, 24 April 2014 (UTC)

April 24[edit]

Can't get my password[edit]

I have forgotten my password. When I click on the forgot password link and type in my email address, it appears to work, but I never receive the reset email. So I can't get logged in any more. — Preceding unsigned comment added by 76.184.156.59 (talk) 00:50, 24 April 2014 (UTC)

Did you register your email address when you created your account (Oh you haven't created one). If not, then probably only the NAS and GCHQ knows how to log in.--Aspro (talk) 01:24, 24 April 2014 (UTC)
Aspro, our queriant hasn't got access to his/her account, at present, so is posting anonymously. I take it, OP, that you didn't create a confirmed identity? CS Miller (talk) 12:31, 24 April 2014 (UTC)
  • ? The OP has been editing anon since 23 February 2014. Is it not reasonable to assume that they did not create and account in the first place? The anonymous OP 76.184.156.59 now appears to be up and running again, only as this time, he is anonymous 76.184.156.59 (do I hear an echo?). (Never mind. I created a new account.) [4] anonymous 76.184.156.59. Maybe an admin with more diplomatic skill than I can muster, may like to take him undertake their wing to guide him on how to create a proper account – should he so wish to. --Aspro (talk) 16:57, 24 April 2014 (UTC)
  • You are assuming they lost the PW on their Wikipedia account. They didn't say that. StuRat (talk) 17:01, 24 April 2014 (UTC)
  • Actually, the OP does say that on their talk page Palmtree5551 (talk) 19:00, 24 April 2014 (UTC)
Check your spam/junk folder, just in case. —Nelson Ricardo (talk) 01:44, 24 April 2014 (UTC)

Are you or your email provider using Yahoo? Have a look at this discussion. And this link explains it. - X201 (talk) 13:22, 24 April 2014 (UTC)

If you have more than one e-mail account, make sure that you're using the right one. You'll get that message regardless of whether you used the right e-mail address. A Quest For Knowledge (talk) 13:44, 24 April 2014 (UTC)

Google custom date range disappears[edit]

Forgive me if this has been covered before. In the last day or so I appear to have lost the ability to customize dates when searching for stuff on Google using Opera. The menus have changed with some of the options disappearing. Strangely though it still appears to be working through Chrome. Is there any way to get it back, or are Google making it even more difficult for researchers by dispensing with yet another useful tool? Thanks. This is Paul (talk) 16:28, 24 April 2014 (UTC)