Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:and that's how we got the world of FIREFLY (Score 1) 261

by Ash Vince (#48664063) Attached to: Serious Economic Crisis Looms In Russia, China May Help

seriously though, the Chinese can destroy our country without setting a single boot on the ground simply through economic measures.

The problem is that would also destroy them economically at the same time as they require US consumers to buy all the crap they produce. China keep their own currency artificially low just to keep their exports going.

Comment: Re:About Fucking Time (Score 1) 435

by Ash Vince (#48628631) Attached to: In Breakthrough, US and Cuba To Resume Diplomatic Relations

You will note in the 2012 presidential election, the majority of Cuban Americans in South Florida voted for Obama; and he carried Dade, Broward, and Palm Beach counties with huge margins:
http://en.wikipedia.org/wiki/U...

The GOP's hold on South Florida is broken; it was primarily among older Cuban who came over during the revolution. This issue has been less polarizing for their children and grandchildren. Indeed, 3rd and 4th generation Cuban-Americans have real no intention of moving back to the island and view their grandparent's property claims as a lost cause.

Add to that they might like to visit the place for a cheap holiday.

Comment: Re:Under US Jurisdiction? (Score 2) 281

by Ash Vince (#48602145) Attached to: Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

Long ago for that AC to forget about it.

And in a related note: If we have to discuss if and how to avoid supporting law enforcement, something went really, really wrong.

Exactly.

Who gives a shit about storing your data with google or anyone else, at this point we should be storming the Pentagon / White House / Senate en masse to demand and take real freedom. There is no terrorist threat that actually warrants this level of intrusion, our own police seem to be better at killing defenceless citizens than terrorists anyway over the last year.

Comment: Re:I bet Infosys and Tata are dancing in the stree (Score 1) 186

The United States does not have a labor shortage.

It is not about a labour shortage, it is about the race to the bottom in terms of working conditions and pay.

It sounds like broadly speaking we agree with who benefits the most from immigration though. My take on it though is that no matter what you do people from Mexico are always going to try and flock from there to the US to work, and keeping them all out is an effort doomed to failure. We have a hard anough time in Europe stopping them crossing a fairly wide sea so the poxy river you have is no barrier at all, even with all the fences around it.

The only real option is making sure that when they get here they are not able to undercut our own labour force at the bottom of the market. The best way to do that is to shift the punishment to the people who employ illegal immigrants with no work permit. Also, minimum wage laws might help too providing the punishment for breaking it as an employer suitable outweighs the benefit of cheap labour (ie: prison time). The main thrust should definitely be though that if you employ someone and do not check their legal status sufficiently you get hefty fines for the first offence then prison for any repeats.

I also have no problem with outright denying things like foodstamps to recent arrivals, I just doubt it will do the slightest thing without the measures I mention above apart from make them more desperate and so willing to work for less.

Comment: Re:I bet Infosys and Tata are dancing in the stree (Score 1) 186

How would you know that, if the government deliberately does not maintain such statistics and explicitly tells applicants, they don't need to disclose their immigration status [breitbart.com]?

Other countries do, I doubt the US immigrants are too different to those trying to get to europe. Also, can illegals still get food stamps with no proof of residency? Here in Europe they can't but they come anyway.

It doesn't surprise me that most people believe the same way you do, as that is way it is often presented. The truth is though that is because the current situation of there being tons of people here illegally is actually better for those who want to pay as little as possible as illegal immigrants will work for less than legal immigrants as they are more desperate. That is the main reason that the parties like the republicans that represent the richest are also usually anti-imigration, they know that people will come anyway they will just work for less due to their desperation.

Comment: Re:I bet Infosys and Tata are dancing in the stree (Score 1) 186

What worries me are the very bottom — the folks, who come over here knowing, that they may be able to get foodstamps and other hand-outs, that our schools and hospitals will teach and treat them for free.

Of course is though that most recipients of footstamps and benefits are americans. Immigrants generally flock to first world countries like the US in order to work hard and lead a better life. They generally do the work that people born in the US feel is beneath them or agree to work for far less than them. They will live in smaller rooms, pay less in rent, work longer hours and generally put up with a ton of shit just because it is still better than the country they were born in.

The net result is that the people who suffer from immigrants, both illegal and legal are the sort of people who are also competing for the same dead end jobs, exactly the sort of people who feel they are entitled to those jobs just because they were born here.

Those of us who feel we are entitled to jobs because we are the best person to do the job generally have nothing to fear from immigrants, but we do have a net gain as we can get someone to work of our house, iron our shirts or do our cleaning for a fraction of what someone born in the US would charge. We also benefit from being about to go to the all night food mart to get beer or whatever at a time when most people would demand double time to go to work.

Even the H1B system is often a net benefit to us as the sort of people brought over here under those schemes often reach a glass ceiling pretty quickly and we ultimately get made their boss when they are passed over for promotion for the 5th time even though they work harder.

Comment: Re:Are you sure? (Score 1) 863

by Ash Vince (#48274409) Attached to: Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

Part of my concern is about SystemD is the scope for bugs. All the daemons that are replaced by SystemD have years of development under teams of developers. Can one expect a re-write of all these daemons by a small team with no history of working on these applications to be anywhere near free of bugs?

In my experience software with years of development has no fewer bugs that a new project if the people working on the project are good and it is not rushed.

Often software needs a rewrite every few years just so the current developers are 100% comfortable with every aspect of the code. If you have a huge legacy application it can often be more prone to bugs as the code becomes so convoluted, and often new developers to the project are scared to refactor crap out as some of the crap is important and it takes a horrible process of trial and error before you know what can be removed.

Comment: Re:Why so high? (Score 1) 223

by Ash Vince (#48234265) Attached to: Passwords: Too Much and Not Enough

In PHP 5.5 they introduced the password_hash [php.net] function to replace this, but it has a mode that generates backward-compatible crypt() style hashes, so if you pass the wrong arguments to it, you will be generating md5 (or worse) hashes.

It might generate crypt style hashes, but it will not ever use MD5. It always uses Bcrypt at present until something better comes along. You should have read the link you posted more closely.

There are probably ways you can screw it over though so it doesn't add any security, but the defaults are pretty secure and the php manual steers you toward not changing them unless you know what you are doing.

I don't mean to sound rude (even though you did say you thought I knew "fuck all") but you really need to understand what you're doing.

Your right, but I have the advantage that all my code is peer reviewed nowadays and we also get free pen tests and advice from a really top notch security team who are world leaders in this stuff. That does mean that if I screw up this sort of stuff it is generally noticed and I then have to fix it, that certainly helps raise your game.

Comment: Re:Why so high? (Score 1) 223

by Ash Vince (#48231737) Attached to: Passwords: Too Much and Not Enough

Of course, you didn't mention salting, so I hope they told you about that too. Unsalted password hashes... about as useless as chocolate teapots.

I explicitly mentioned the password_hash function in recent versions of PHP. This does the heavy lifting for you, including generating a random salt as best it can.

That's why you do not rely on bcrypt as the only answer to the security of your passwords (I hope you use bcrypt, last time I saw PHP it still used MD5.....

What in PHP used MD5? The password_hash stuff has only been in PHP since 5.5 and only ever used bcrypt. Previously some PHP developers might have used MD5, but there was nothing built in to PHP that purported to hash passwords, it was left to developers to role that own and they often did it badly. That is not the same as saying that PHP "used" MD5 for hashing passwords though.

Comment: Re:Why so high? (Score 1) 223

by Ash Vince (#48230221) Attached to: Passwords: Too Much and Not Enough

If this is the level of comprehension of security in the web dev community, then I'm not only unsurprised at the number of hacks, but will be using a randomly-generated password for every website that asks me for a password.

As a php developer who works for a security company we generally do what the pen testers advise us to in regard to hashing passwords. Currently that is to use the password hash function in the latest versions of PHP.

Maybe the reason us dumb old web developers do not have your amazing knowledge at our disposal is because NOT hashing passwords is not exactly a recommended practice by any real security company.

Where I used to work we had a pretty crappy legacy product which did not hash the passwords in the DB. This was because the customer liked the fact that the system would mail out passwords if the user forgot them instead of making them reset it. When they got pen testing companies to test this product the pen testers always noticed this process and correctly deduced that the passwords were not hashed. This was then always raised as something that should be fixed, of course the customer always ignored this defect, they would make us fix anything else that was raised though.

We went through several pen tests over the years I worked there, by a few different companies, nobody thought have the passwords stored in plain text was a good idea. The fact that you think it a good idea suggests to me that either:

A) You are either some amazing outlier security guy miles ahead of everyone else on the planet.
B) You know fuck all

I reckon B

Comment: Re:Easy to solve - calibrate them to overestimate (Score 1) 398

by Ash Vince (#48216623) Attached to: Speed Cameras In Chicago Earn $50M Less Than Expected

You could also decrease speed limit to something unreasonable. For example, 15mph and issue tickets at 21mph.

You can also hide a max speed sign behind something, like a bush, and install it in otherwise higher speed zone.

You can also install speed trap on the down-slope road, where drivers would naturally speed up without any conscious input.

You can also offer "early payment" discounts on tickets, where if you pay and plead guilty your fine reduced to the point of not worth the time fighting it.

You can establish a ticket challenge procedure that would conflict with working hours, making it logistically difficult for people to challenge.

You can intentionally mail tickets to old addresses, then rake up late fees and interest.

Oh, all of these happened in one or another municipality at some point in time.

The truth is that very few speed limit signs are hidden in the manner you describe. Lets be honest, the vast majority of the time us drivers exceed the speed limit we do so knowing we are doing it, we just do not think we will get caught. We know what the speed limit is on most roads we drive down, we just sometimes push them as we are in a hurry. We are probably driving in a generally safe manner, we are just doing it too quickly.

The thing is though, speed limits do exist for a reason. They are there to force us to account for the unknown: children running into the road, morons pulling out of side streets and not looking, us getting a blowout due to something to small to see in the road. The chances of these things happening are all pretty minuscule but since we all drive everywhere so much these small odds multiple so it always happens to someone in the end and the fallout can be catastrophic and expensive for the city to clean up afterwards.

Speed limits are also actually a way of us being more flexible with other driving rules, like paying attention to where you are going. Sometimes people do some really stupid crap on the roads. Like trying to find a CD to put on and veering on to the wrong side of the road, answering the phone in our pocket that is awkward to get to, looking at maps, turning round and shouting at the kids in the back, this list could go on for ever. As it is we can do this with a certain degree of impunity as the worst that would happen is we wrote off our car and someone else's the vast majority of the time. If everyone could drive everywhere as fast as they liked the police would have to be far more ruthless at enforcing other aspects of the traffic laws, maybe even down to banning persistant offenders until they got the message.

Sometimes I actually think this might be a better idea, then I catch myself doing some of the stupid crap I describe :)

Oh what a surprise, the fucking moron mod crew disagree.

Comment: Re:Easy to solve - calibrate them to overestimate (Score 1) 398

by Ash Vince (#48198939) Attached to: Speed Cameras In Chicago Earn $50M Less Than Expected

There are traffic lights on dual-carriageways in the UK, so a 70mph limit. Rarely on the motorways, although technically there are traffic lights used on some entry slip roads at rush hour, although you'd be lucky to be doing 70 on them then...

I have never seen a set of traffic lights on a 70mph dual carriage way. Usually they have a reduced speed limit to 40 or 50 in the run up to the lights. Actually a hell of a lot of dual carriageways have a limit much lower than 70 even though that is the standard national speed limit for them.

And very few motorways have traffic light on the main bit of road where you can do 70mph. On the exit slip road you should actually be stationary or nearly stationary when you get to where the lights are so you can give way to traffic already on the roundabout.

The reason you are not supposed to run red lights, ever, is because if you could not stop in the UK then you must have been exceeding the speed limit in the approach. The duration of the amber light is tuned with this in mind.

Comment: Re:Easy to solve - calibrate them to overestimate (Score 0) 398

by Ash Vince (#48198233) Attached to: Speed Cameras In Chicago Earn $50M Less Than Expected

You could also decrease speed limit to something unreasonable. For example, 15mph and issue tickets at 21mph.

You can also hide a max speed sign behind something, like a bush, and install it in otherwise higher speed zone.

You can also install speed trap on the down-slope road, where drivers would naturally speed up without any conscious input.

You can also offer "early payment" discounts on tickets, where if you pay and plead guilty your fine reduced to the point of not worth the time fighting it.

You can establish a ticket challenge procedure that would conflict with working hours, making it logistically difficult for people to challenge.

You can intentionally mail tickets to old addresses, then rake up late fees and interest.

Oh, all of these happened in one or another municipality at some point in time.

The truth is that very few speed limit signs are hidden in the manner you describe. Lets be honest, the vast majority of the time us drivers exceed the speed limit we do so knowing we are doing it, we just do not think we will get caught. We know what the speed limit is on most roads we drive down, we just sometimes push them as we are in a hurry. We are probably driving in a generally safe manner, we are just doing it too quickly.

The thing is though, speed limits do exist for a reason. They are there to force us to account for the unknown: children running into the road, morons pulling out of side streets and not looking, us getting a blowout due to something to small to see in the road. The chances of these things happening are all pretty minuscule but since we all drive everywhere so much these small odds multiple so it always happens to someone in the end and the fallout can be catastrophic and expensive for the city to clean up afterwards.

Speed limits are also actually a way of us being more flexible with other driving rules, like paying attention to where you are going. Sometimes people do some really stupid crap on the roads. Like trying to find a CD to put on and veering on to the wrong side of the road, answering the phone in our pocket that is awkward to get to, looking at maps, turning round and shouting at the kids in the back, this list could go on for ever. As it is we can do this with a certain degree of impunity as the worst that would happen is we wrote off our car and someone else's the vast majority of the time. If everyone could drive everywhere as fast as they liked the police would have to be far more ruthless at enforcing other aspects of the traffic laws, maybe even down to banning persistant offenders until they got the message.

Sometimes I actually think this might be a better idea, then I catch myself doing some of the stupid crap I describe :)

Comment: Re:Let me get this right (Score 4, Insightful) 839

by Ash Vince (#48161685) Attached to: Bill Gates: Piketty's Attack on Income Inequality Is Right

Instead of paying interest, money should have an expiration date. Use it or lose it.

So people never get to retire?

It depends. If you made the expiration date something like 50 years then people could certainly retire.

It is worth remembering that the vast majority of the top 1% were born into tons of money, they have just got richer during their lifetime.

I was watching the UK version of the apprentice the other day and it occurred to me that at least Alan Sugar made all his own money. Donald Trump from the US show was born rich, then just leveraged his daddys cash to make more cash in the same line of work. He did not even need to set up a business as he was just given one to play around with.

Ok, you can say that these people did well not to lose all their cash but that is not really much of an achievement if you are born with more money than you will ever need in your own lifetime anyway. You can afford to take risks that most people cannot over and over again until one of them pays off.

It is this inherited money that skews the system so massively.

BASIC is to computer programming as QWERTY is to typing. -- Seymour Papert

Working...