Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Only addresses one side of the equation... (Score 1) 549

by TemporalBeing (#48136429) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct
Password security is only partially maintained through what the user does.

If you care about password security you also have to think about the server-side. And there we are doing things that are also just as bad as passwords are often stored using a single encryption algorithm if they are encrypted at all; and often that algorithm is a simple MD5 or SHA1 hash of the password.

In addressing the server-side, we must also make things more variable by introducing settings that the server administrators set. The password is split according to the rules with each part passed through different algorithms, and the results merged using rules as well. One part of the password might pass through scrrypt, while another may pass through SHA512, and only portions used to get what is stored on disk.
Patents

Interviews: Ask Florian Mueller About Software Patents and Copyrights 187

Posted by samzenpus from the go-ahead-and-ask dept.
Florian Mueller is a blogger, software developer and former consultant who writes about software patents and copyright issues on his FOSSPatents blog. In 2004 he founded the NoSoftwarePatents campaign, and has written about Microsoft's multi-billion-dollar Android patent licensing business and Google's appeal of Oracle's Android-Java copyright case to the Supreme Court. Florian has agreed to give us some of his time in order to answer your questions. As usual, ask as many as you'd like, but please, one per post.

Comment Re:Perl and VBA will live for a long while yet (Score 1) 547

by TemporalBeing (#48115457) Attached to: Goodbye, World? 5 Languages That Might Not Be Long For This World

Despite the superiority of C#, my experience is that VB.net is by far the dominant language in (enterprise) .net shops, and (enterprise) .net is about as popular as Enterprise Java in practice.

Two major reasons:

- People are very familiar with VB and can program in VB.net easily. - Lots of critical custom business apps were written in VB in the 1990s. As the software has been migrated to the web, VB.net allowed large amounts of source code containing critical business logic to be literally cut and pasted over.

The summary is completely absurd. VB.net will be around for another 25 years, at least.

I've done VB (VB5, VB6) programming and VB.net programming. There were so many subtle differences between VB6 and VB.net that a vast majority of the VB programmers continued with VB6. Code didn't get migrated in the sense that it did for VB5 to VB6 where all you had to do was reload and recompile - it got completely re-written going from VB5/6 to VB.net. It was a long standing complaint for 5 or so years after VB.net was released.

Now so much has been re-written, that it's probably not as a big a deal and VB.net may have taken over as a result. But I can certainly guarantee you that VB6 stuff is still out there and won't be rewritten for VB.net; probably will still be when VB.net goes away.

Comment Re:Really? (Score 1) 294

by TemporalBeing (#48106891) Attached to: Ask Slashdot: An Accurate Broadband Speed Test?

How are people not aware of DSLReports and their speed tests? And how could this possibly make /.?

Also, your wi-fi sucks. Get a cable if you want to know what your real speed is.

The ISPs cheat for the speed tests by temporarily increasing your bandwidth so that the tests detect a higher transfer rate than what they are actually giving you. They don't even prioritize just the DSL testing sites either; at least AT&T DSL doesn't.

Comment Re:ndt (Score 3, Interesting) 294

by TemporalBeing (#48106877) Attached to: Ask Slashdot: An Accurate Broadband Speed Test?

Won't work if it's widely known.

Speed test sites don't need to be in collusion. ISP's just prioritize their traffic. It's quite obvious with my ISP if I do speed test sites versus just finding something large to download from a cloud storage service.

The obvious issue with that thesis is that you can't prove that the cloud storage site itself is performing slowly due to a bottleneck where it peers with your provider (or many other possible reasons) and while some providers are generally better than others about managing internal bandwidth, none can be said to have ALL uncongested peering points to ALL local customers and this obviously will have the same negative impact on user experience as a locally congested network.

I've actually used the SpeedTest sites to help improve downloading of Linux DVD ISO images. When I started the download (FTP/HTTP download) the quoted time was well over 8 hours, and the transfer rate was abysmal (60KBps to 120KBps on a multi-MBps line). Out of curiosity I ran a speed test through DSLReports and then found that the download rate jumped to 300KBps. After a while it would drop back to down to the previous range; I'd run the speed test again and voila, but up it went. I ended up downloading the entire Linux DVD ISO in under 1hour.

FYI, that was on AT&T DSL - not uVerse, just plain DSL since that is all we can get in our apartment. So obviously the ISPs are padding the numbers; which is a natural outcome of the FCC wanting people to report the ISPs that are not holding up.

Comment Re:Perl and VBA will live for a long while yet (Score 1) 547

by TemporalBeing (#48104487) Attached to: Goodbye, World? 5 Languages That Might Not Be Long For This World

As for VB, it'll remain as long as Microsoft Office is used in companies. It's way too handy and there's no alternative.

VB != VBA != VB.net

They only said VB.net will go away (at least in the summary). Most VB programmers stuck with VB instead of moving to VB.net because it was such a substantial change to go to VB.net.

VBA will never go anyway so long as MSO doesn't add support for other stuff, but even then there's so much written in VBA that it will only die when MSO dies.

Comment Re:Chimps have rights, babies don't (Score 1) 385

by TemporalBeing (#48104427) Attached to: Chimpanzee "Personhood" Is Back In Court
Just playing devil's advocate, but you need to look at the medical information out there...

b) Rape babies should be aborted. Period. Why force someone to endure that, only to have them be reminded of their rapist, or have the baby put in a foster home/adoption.

Because as medical and psychological studies have proven it is healthier for the mother.

Abortion has a very nasty depression side-effect psychologically.

Abortion is almost always not safe to perform outside of the early cases like the morning-after pill.

Comment Re:Chimps have rights, babies don't (Score 1) 385

by TemporalBeing (#48104195) Attached to: Chimpanzee "Personhood" Is Back In Court

Now that babies are born to people who are poor

One problem...pro-lifers advocate giving the children up for adoption instead of killing the child in-utero. In other words, responsibility after birth as well.

On the other hand, abortions have nothing to do with the health and safety of the mother - it's medically proven that that is not the case, both physically and psychologically - except in extreme cases that most pro-lifers would still allow abortions to occur under. The big issue comes down the embroynic stem cells that are generated and the inability to get them from pretty much any other source.

Comment Re:I don't the big MPG/GPM deal (Score 1) 403

But then, we should be using gallons-per-mile instead of miles-per-gallon, too.

A car that does 50MPG is twice as efficient as one that does 25MPG. What's so hard about comparing numbers in MPG? It sounds like me like someone's got a case of the "technically correct"s.

Because they're all bad numbers.

Honestly, we should be doing it in gallons/minute or gallons/hour (or litre/minute, litre/hour respectively), and move to single-speed engines that operate at peak efficiency that simply power an electric drive train (measured in KW/mile and KW/km). You'll get much more meaningful information regarding the efficiency of the vehicle.

As it stands, MPG/KmPG doesn't take into account how long you idle at lights, in traffic, etc. A good chunk of driving is completely missed in the calculations, assumed to be accounted for by the accel/decel in the structure of the testing. Only reason we do MPG/KmPG is due to the variable speed ICE systems we deploy in the vehicles instead of systems like http://www.bbc.com/autos/story...

Comment Re:Overstated or misrepresented? (Score 1) 403

Most of those displays are MPG for all fuel through the system since the last time you reset the average mpg display not the trip odometer. There are times when you do a lot of in town driving and then are times when you take highway trips... If you reset it each time you fill up the gas tank it will be much closer to that actual mpg when you figure it up for that tank of gas.

FYI - they typically only average the last 500 miles; not sure if that means they only do 800 km (500 miles) or 500 km for those using metric.
They don't infinitely calculate it and in many (like my 2010 Dodge Grand Caravan) you can't reset it.

Comment Re:Outrage (Score 1) 60

I expect there to be outrage here on slashdot. But think about it. How is this really different from, lets say, Lockheed Martin designing the F-35 and storing all the design data associated with it. Sure, they're not a "private cloud vendor", but they're probably running a bunch of servers for this purpose. So "top secret cloud" is already happening.

Bingo. Amazon has been hiring people with sec. clearance for quite some time. These DoD clouds are not stuff deployed on typical heroku or AWS, but cloud infrastructure deployed on secured facilities.

I blame the term "the cloud", too amorphous of a term to mean just about anything.

Reality is that they're only replacing existing DoD contractors that are already providing theses services but at a much higher cost. This just opens the playing field up a bit more. That's all this is about - helping reduce costs on existing services.

Comment Re:Failure (Score 1) 60

Nothing like setting oneself up for failure.

Exactly. Secrets need to be kept in house, and even then they're not totally secure. Give it to a contractor and even the most idiot person in the world will understand that there is a 99% chance you'll find that info spilled on the internet. I guess nothing stands in the way of cost reductions to zero eh ? Stupidity all around.

That is stupid. The same can be said for disgruntled employees. When we are talking contractors in a DoD setting, we are not talking about Infosys handing over work to someone overseas, but:

  1. a bunch of US Citizens of different technical backgrounds already with sufficient clearance,
  2. that works for a defense contractor,
  3. for a very specific project
  4. under non-negotiable guidelines of security
  5. AT facilities physically vetted for the necessary clearance

Nothing on that list will prevent someone from leaking stuff out to the interweeds, but to presume that under those conditions there is a 99% change of that (as you said), that is just nonsense.

Not all cleared personnel are US citizens; but the higher the clearance the more likely that is the case.

Comment Re:Typical (Score 4, Informative) 293

by TemporalBeing (#48086777) Attached to: Former Infosys Recruiter Says He Was Told Not To Hire US Workers

Management doesn't know sh**.

No, actually they are often masters of BS, at least BS good enough for the short-term.

This isn't a matter of having a degree in BSing; it's a matter of racial prejudice and promotion. I've seen it at several other "Indian" firms as well; and typically the positions are written such that only people from their Indian offices qualify so that they can pump them into their US branches under H1Bs. There's a strategy to it; however subtle they may try to make it.

In TFA is true, then the recruiters are trying to call them out on it, and Good for them for doing so.

Slashdot Top Deals

Serving coffee on aircraft causes turbulence.

Close