Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Apache Commons Collections 3.x. (Score 1) 115

It was pretty darn hard to parse that article to understand what library the author was talking about, but after some research, the issue seems to be a vulnerability in the Apache Commons Collections library.

I don't understand why the OP calls it "Java commons" or why the author of the article goes out of his way to not mention the name "Apache", using it only when copying and pasting code lines but never stating it in prose. Sure, there are lots of people who may have Java, but if the security vulnerability is of the magnitude that is claimed, properly identifying where it is located would be the logical first step.

There is a somewhat better article at that parses out the original article and describes it more clearly.

Comment Is a candidate who plans to resign really serious? (Score 4, Insightful) 239

Much as I like his platform, it's hard to treat him as a serious presidential candidate in the context of what a debate is likely to cover when his stated position is that he cares only about passing campaign finance reform and then will resign.

From Lessig's own campaign page (
"He will serve only as long as it takes to pass the reforms necessary to fix our corrupt political system. Once passed, he will resign, and the vice president becomes president of a government that works."

That means if you want to have a debate about foreign policy, talk to the VP. Tax policy? Talk to the VP. There may be some people who like the single-minded focus this implies, but since we're talking about a 4-year term, that leaves a huge swath of debate issues left in an unanswerable state, especially since he hasn't named his VP yet.

Comment What are you "managing"? (Score 2) 152

I think we need to be more precise about the terms used when describing "manager". To a large extent, financial managers or portfolio managers don't manage people, they manage the finance or portfolio. Somehow, in the IT industry, we've developed a different terminology around the term "manager", where IT managers are people who manage IT "workers" rather than managing IT itself.

If we go all the way up to CIOs and CFOs, we see a similarity in usage. A non-financial CFO would be kind of a joke, a non-IT CIO would be the same. However, these "C" suite officers don't necessarily then have the entirety of IT or finance reporting into them. Sometimes they only manage small teams to provide "guidance" and "leadership" and the bulk of the workers report up to a COO or CEO.

I think across all industries, you do have conflicting notions as to whether people managers should be more skilled in the task that their people are doing, or more skilled in managing people and organizations. These are different types of specialty skills and while it would be great to want all managers to have it all, there are availability constraints that would make it difficult to source omniscient intellect for every position.

Comment Detailed DARPA Challenge Videos... blocked! (Score 2) 44

More detailed videos of how the challengers performed are available on the DARPAtv YouTube channel:

However, it seems that the most interesting one, the Main Program Feed, is blocked in the US due to some kind of copyright issue.

The DRC Finals Workshop is muted, also due to some kind of copyright issue (which makes it extra pointless since the video is just people talking on stage).

Comment Design vs. Implementation (Score 3, Insightful) 385

Head as far towards design and away from implementation as possible. As a designer, automation will make you more and more powerful. Design a house, run automated integrity checks on it, have it printed with the house-sized 3D printer. Even better, design the marketplace for trading house designs. Design the 3D printers that make houses.

On the other hand, applying a skill repeatedly, even if there is some judgement involved, is on a long term trend downward. Lawyers who repeatedly draft the same contract over and over again are already being automated out of existence. Those who can create new contract patterns, however, continue to be in demand.

Another way to think about this is in terms of creating the new vs. applying the old. I once got the chance to visit the Bauhaus archive in Berlin; the design skills and output they produced 100 years ago would still be applicable today despite the radically different consumer landscape.

Comment Re:I have a solution - H1B (Score 3, Informative) 110

There already is such a path. In the US, it's the L-1A to EB-1C track.

The L-1A visa is for executive transfers, which means an executive would need to first be hired as an exec in their home country, then transfer a year later.

The L-1A has a perk different from other L-1 classes in that it's eligibility is matched to the EB-1C green card (meaning their requirements are almost exactly the same), such that L-1A employees will go down the EB-1C path nearly automatically (you need only apply). The EB-1C will get you a full green card in about a year with no lottery and no labor certification (e.g. the part where the H1-B employer needs to go through the process of searching for a local candidate first for the same job).

The L-1B (which would be like H-1B, transfer for "specialized knowledge" workers) has no such feature and those who move to the US under L-1B need to go through the H-1B process to gain the ability to switch jobs, and then from their begin a long multi-year green card process.

The reality is that for those at the top, their market is already global.

Comment The RIver of Myths (Score 4, Informative) 83

Anti-corruption efforts are certainly important, especially in improving the economic conditions in a country. But focusing too strongly on just a single issue makes the problem seem unsolvable.

It is not.

World metrics have been improving steadily, some countries and regions faster than others, but systemic improvements have been dramatic.

Comment Not the money: politics (Score 4, Informative) 124

$151M or $337M is not such a large sum of money that the US, UK, or French government couldn't unilaterally pick it up. The issue is with the politics. Voters and politicians in a single country are more okay with joining an international effort than seeing that they're the only ones footing a big bill.

In this regard, the UK's strategy shows a lot of leadership combined with practical politics:

"As far as financing, the U.K. government contends that a “multi-donor club” should pay for the vaccine development in “the medium term.” But for now, the United Kingdom says it will “unilaterally” cover the costs for purchasing vaccines in Sierra Leone, and it asks the governments of the United States and France to make the same commitment for Liberia and Guinea, respectively."

It's a good play that let's the more xenophobic groups feel that the UK isn't propping up the whole world, but also allows hawks to see this as the UK exercising leadership/dominance internationally.

Comment $6.5M and $10M are small peanuts (Score 2) 273

Given the citation that an "earlier $5B education reform effort" didn't really do much, are we to believe that two small grants, $6.5M to David Coleman's company and $10.75M to Khan, somehow means that Gates single-handedly rammed the common core down everyone's throats against their will?

That seems hardly likely. Bill Gates may support the common core, but the notion that it's somehow a conspiracy that he masterminded with his wealth seems farfetched. If you look at reporting on the common core like this recent NPR article (, you'll see quite a complex list of entities for and against common core. The Chamber of Commerce is for it, Glenn Beck is against it. There's a lot more in this fight than the Gates Foundation's $17.25M.

Comment The Hasselblad H2D cost $30K... (Score 1) 103

That was no ordinary camera they used for this...

If you read the original paper (, buried in the detailsis the one where they used a Hasselblad H2D, which is a medium-format digital camera with an enormous 36.7mm x 49mm CCD.

This camera is about 7 years old (, so it might be possible to find it for cheaper on the secondary market. The current version, the H5D, also retails in the $30K range.

What makes these cameras special is not just the huge CCD, but also the incredibly precise (and multi thousand dollar) lenses.

A Lumia, or even a pretty nice DSLR in the single-digit thousands of dollars range won't pull in detail like this camera does. If with the amount of megapixels that lower end cameras claim to have, their sensors are too small and paired with inferior optics compared to what was used for this paper.

Comment Re:Editors: Check Your Sources (Score 4, Insightful) 365

The fact that there was a court case filed on this topic is not much of a news story. If you went through court filings, you can find any number of bizarre and conspiratorial lawsuits filed against the government everyday, all over the place.

The real mystery is how a run-of-the-mill everyday nutcase filing gets to the front page of Slashdot. The answer to that has everything to do with the Washington Times, and guttentag's comment.

Comment I'm betting it's almost all travel (Score 4, Insightful) 202

Engineers rarely need to travel anywhere, whereas sales people need to be on the road all the time working with and at customers, even in technical (e.g. "sales engineering") roles. Travel is very costly, when I was in sales engineering doing on-site proof of concept deployments, demonstrations, etc... I was easily racking up travel expenses equal to or greater than my annual salary. And this wasn't particularly glamourous travel; customer sites where the technical guys are tend to be out in the middle of nowhere. As a ballpark, that $250K number you cite would be enough to support around 3-10 sales people depending on how on-site intensive your product and sales model is. I presume you know how many engineers you have, so you can compare and decide for yourself.

Comment Re:Poor misfigured HTML, hateful and hated all aro (Score 5, Insightful) 181

I can make pixel perfect feature rich cross-platform native application for Linux, Win, BSD, OSX, Android, iOS in 1/3rd the time it takes me to ensure the same "web app" works in all the browsers and OSs.

I want whatever development tool chain you're using. Just dealing with the different installer mechanisms on those platforms makes my head spin. What's your secret?

Comment Re:Hmm. (Score 4, Informative) 55

You'll see these kinds of large-scale columnar stores like Cassandra or HBase being used a lot in metrics and log management projects.

For instance, if you want to generate a histogram of login processing time over the last 90 days, you'll need to record the times of all of your individual logins to do that. If you have millions of logins per hour, that single metric alone is going to generate a lot of rows. If you're also measuring many other points throughout your system, the data starts getting unmanageable with B-tree backed databases and not of high enough value to store in RAM.

in the past, you might deal with this by adding more sophisticated logic at the time of collection. Maybe I'll do random sampling and only pick 1 out of every 1000 transactions to store. But then, I might have a class of users I care about (e.g. users logging in from Syria compared to all users logging in around the world) where the sample frequency causes them to drop to zero. So then I have to do more complicated logic that will pick out 1 out of every 1000 transactions but with separate buckets for each country. But then every time your bucketing changes, you have to change the logic at all of the collection points. I can't always predict in advance what buckets I might need in the future.

With more log-structured data stores and map-reduce, it becomes more feasible to collect everything up front on cheaper infrastructure (e.g. even cheap SATA disks are blazingly fast for sequential access, which B-tree DBs don't take advantage of but log-oriented DBs like Cassandra as specifically architected to use). The data collected can have indexes (really more like inverted indexes, but that is a longer discussion) up front for quick query of data facets that you know you want in advance, but still retains the property of super-fast-insert-on-cheap-hardware so that you can store all of the raw data and come back for it later when there is something you didn't think of in advance, and map-reduce for the answer.

Comment batch != patch (Score 1) 55

I'm not sure if it's a typo or a misunderstanding, but the statement in the summary about atomic batching is hilariously incorrect.

Atomic batching has nothing to do with "patches can be reapplied if one of them fails", but rather the more pedantic yet common case where you want a set of data updates to be batched atomically, where all or none of the changes occur, but nothing in between.

If it's worth hacking on well, it's worth hacking on for money.