Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Killed a project by ordering a code audit (Score 1) 377 377

I was brought onto a small web startup project as a co-lead. By this time the project was already 2.5 years old and had been rewritten at least three times by progressively less lousy developers. The final iteration was built on CodeIgniter (MVC framework), a decent choice in 2013.

My first day I'm browsing the codebase to see what's what, and a grep finds something like "UPDATE my_table set foo=" . $_POST['bar']. Not in a controller... not in a model... in a view.

So I immediately told the other leads that we needed to do a security audit on the entire codebase; it took a few days for the owners to consent. The audit revealed three different mechanisms for database queries (the standard CI driver and two other crude home-grown libraries, all used inconsistently) and that one of the devs, who not conicidentally had resisted the audit, was actually AFK for 20%-50% of the hours he billed every week. It took two months to do the audit and resolve the redundant code (no one was full time, mind you). Finally the owners told us "give us two weeks to decide whether or not we want to proceed". After six weeks of silence they pulled the plug and abandoned it entirely.

Comment Ever clearer purpose (Score 1) 843 843

It's becoming more obvious that the purpose of the JSF program isn't to produce a next-gen fighter jet, but rather to waste money under the pretext of producing a next-gen fighter jet. If they skinned it with bacon weave and built the airframe from ribs, the plane would still be less porcine than the program itself.

The pilot can't turn their head? Dozens of people involved in the program should have identified that fundamental problem long before any component was physically built.

Comment Re:Adblock vs. HOSTS (Score 1) 383 383

Speaking as someone who's primary machine runs Mint KDE with a hosts file that has ~130,000 lines of crap hosts mapped to 0.0.0.0, I say hosts is the better solution. Lots of adblockers still make the requests for mal-content and drop it on receive... hosts prevents the requests from being made at the system level.

It's too bad I can only use a fraction of it on my Win 7 laptop where it's more necessary, because modern Windows really doesn't like having a hosts file more than 768k in size. Took me months to figure out why it booted to a completely blank, unresponsive screen (background color and a mouse cursor that did nothing but move)... turns out it takes Windows about 45 minutes to process that 3.6Mb hosts file before it gets around to launching explorer and the desktop.

Comment Re:what is this supposed to accomplish? (Score 2) 229 229

This saga illustrates exactly what the H1-B program is designed to accomplish: disenfranchise highly skilled US workers and replace them with cheaper foreign workers.

If corporations still treated employees as value-adding assets rather than cost liabilities, crap like H1-B wouldn't exist.

Comment Re: Wait, what? (Score 2) 236 236

The list I use is the result of merging three separate adserver blacklists about a decade ago. It honestly doesn't require all that much maintenance... if I see an ad, I find the hostname it came from and add it to the hosts file. I think I've made 3 such edits in the past year or so.

Comment Re:Wait, what? (Score 2) 236 236

But those only work in FireFox. If you really want to increase your privacy, add those hostnames to your hosts file. Mine contains ~131k tracker/adserver hosts mapped to 0.0.0.0 (there's even about a dozen for facebook). This doesn't just drop the served mal-content, it prevents requests to those hosts at the system level for all browsers or other software.

As a consequence I rarely see any ads on the internet and my browser ad-blocking/privacy plugins have a very light workload.

Comment jQuery is not JavaScript (Score 1) 293 293

Stop trying to say that it is. It happens with Node, Angular, and other stuff to a lesser extent, but jQuery seems to be the de facto JS gap-filler that everyone insists is part of core JS skills.

But even worse are the feckless noobs who say they don't know JS, but know jQuery instead. That's like saying "I don't know English, but I know its verbs."

You will lose an important tape file.

Working...