Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Killed a project by ordering a code audit (Score 1) 375 375

I was brought onto a small web startup project as a co-lead. By this time the project was already 2.5 years old and had been rewritten at least three times by progressively less lousy developers. The final iteration was built on CodeIgniter (MVC framework), a decent choice in 2013.

My first day I'm browsing the codebase to see what's what, and a grep finds something like "UPDATE my_table set foo=" . $_POST['bar']. Not in a controller... not in a model... in a view.

So I immediately told the other leads that we needed to do a security audit on the entire codebase; it took a few days for the owners to consent. The audit revealed three different mechanisms for database queries (the standard CI driver and two other crude home-grown libraries, all used inconsistently) and that one of the devs, who not conicidentally had resisted the audit, was actually AFK for 20%-50% of the hours he billed every week. It took two months to do the audit and resolve the redundant code (no one was full time, mind you). Finally the owners told us "give us two weeks to decide whether or not we want to proceed". After six weeks of silence they pulled the plug and abandoned it entirely.

Comment: Ever clearer purpose (Score 1) 834 834

It's becoming more obvious that the purpose of the JSF program isn't to produce a next-gen fighter jet, but rather to waste money under the pretext of producing a next-gen fighter jet. If they skinned it with bacon weave and built the airframe from ribs, the plane would still be less porcine than the program itself.

The pilot can't turn their head? Dozens of people involved in the program should have identified that fundamental problem long before any component was physically built.

Comment: Re:Adblock vs. HOSTS (Score 1) 383 383

Speaking as someone who's primary machine runs Mint KDE with a hosts file that has ~130,000 lines of crap hosts mapped to 0.0.0.0, I say hosts is the better solution. Lots of adblockers still make the requests for mal-content and drop it on receive... hosts prevents the requests from being made at the system level.

It's too bad I can only use a fraction of it on my Win 7 laptop where it's more necessary, because modern Windows really doesn't like having a hosts file more than 768k in size. Took me months to figure out why it booted to a completely blank, unresponsive screen (background color and a mouse cursor that did nothing but move)... turns out it takes Windows about 45 minutes to process that 3.6Mb hosts file before it gets around to launching explorer and the desktop.

Comment: Re:what is this supposed to accomplish? (Score 2) 229 229

This saga illustrates exactly what the H1-B program is designed to accomplish: disenfranchise highly skilled US workers and replace them with cheaper foreign workers.

If corporations still treated employees as value-adding assets rather than cost liabilities, crap like H1-B wouldn't exist.

Comment: Re: Wait, what? (Score 2) 236 236

The list I use is the result of merging three separate adserver blacklists about a decade ago. It honestly doesn't require all that much maintenance... if I see an ad, I find the hostname it came from and add it to the hosts file. I think I've made 3 such edits in the past year or so.

Comment: Re:Wait, what? (Score 2) 236 236

But those only work in FireFox. If you really want to increase your privacy, add those hostnames to your hosts file. Mine contains ~131k tracker/adserver hosts mapped to 0.0.0.0 (there's even about a dozen for facebook). This doesn't just drop the served mal-content, it prevents requests to those hosts at the system level for all browsers or other software.

As a consequence I rarely see any ads on the internet and my browser ad-blocking/privacy plugins have a very light workload.

Comment: jQuery is not JavaScript (Score 1) 293 293

Stop trying to say that it is. It happens with Node, Angular, and other stuff to a lesser extent, but jQuery seems to be the de facto JS gap-filler that everyone insists is part of core JS skills.

But even worse are the feckless noobs who say they don't know JS, but know jQuery instead. That's like saying "I don't know English, but I know its verbs."

Comment: Re:Waiting on the Raspi (Score 1) 133 133

Yeah, I don't get why every Win10 post has to mention rPi. I understand MS wants a seat on the IoT hype train, but I don't see how the current Win10 rPi strategy will get them that. Especially since what they showed last month was basically useless.

I don't want Windows on my Pi's, I don't understand why anyone would. Unless Win10 rPi ends up being a headless, SSH-enabled PowerShell environment. I understand the draw of PowerShell for Windows people (because they know nothing better), but it seems morbidly bloated, heavy, and verbose to me.

Comment: Could, but not for most (Score 2) 170 170

Games could be prep for programming, but not for most of the very few who realize "Games are programs... I could write them, too".

Most of them will still lack logic, critical thinking, and math skills necessary for even most basic programming, let alone the often complex tasks required in modern games. Let's face it, we're not talking about simple games, we're talking about FPS games. Say "rendering engine", "frame buffer", "shader", or "vector" to them, and their eyes glaze over in sudden confusion and disinterest. The games they'd want to make don't give an accurate impression of what it takes to produce them, and the video card specs they obsess over are just numbers to them. Aside from that, there are many distinct roles involved with producing a game, which they could realize if they ever bothered to look at the game's credits.

Sure, there are "game programming" degrees available, but to me they sound pretty crap, with more focus on visuals than code. I know someone who got that degree from DeVry, and they didn't cover threading or networking. He came out as more of a digital artist than a programmer.

Comment: Re:Oooooold (Score 1) 108 108

And its comments. In the past few months there has been a dramatic rise in AC shitpost comments. Not the usual /. level of garbage comments, but 4chan level.

I also wonder if there is anyone left at /. that knows how to run a website... it seems to have some issue about every other day. Also, fuck autorefresh.

Your mode of life will be changed to EBCDIC.

Working...