Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Not that crap again (Score 1) 256

since it is much harder to hide nefarious features inside code that can be publicly inspected

Not THAT crap again.

Heartbleed should put that right to bed.

I don't understand your point here. It was found and then fixed in a few days, and the patches were widely released to anyone willing to update. The system worked exactly like it was supposed to: the fact that a single critical bug garned that much attention should give you an idea of how uncommon it is.

Well the Heartbleed bug was introduced in OpenSSL 1.0.1 (March 2012) and wasn't fixed until 1.0.1g (June 2014). So the bug sat there for 2 years (and through 6 OpenSSL releases) without anybody noticing it.

Don't get me wrong, having open access to source code is great. But simply assuming open == safe/secure is naive. If few people actually look at the code or (in areas like cryptography) if the people looking at the code don't have the specialist knowledge and experience required, then bad code can slip through.

Comment Re: Trump just says stuff (Score 1) 875

How do you think _anybody_ gets rich? It's by gambling with other people's money If you win the bet, you get paid off big time, if you lose, you pass off your losses to some other poor sucker (usually the bank that lent you money), or simply declare bankruptcy. Do this enough times, eventually you get rich. What I can't understand is, giving the number of times Trump-controlled businesses have gone bankrupt and screwed their creditors, why does anyone still lend him money? Other than lucrative bribes, I can't think of any logical reason.

This is an excellent point. It is ironic that the economist Adam Smith (who is held up as a poster boy by proponents of the "free market") was utterly opposed to the concept of limited liability. He foresaw that a system that allowed corporations to reap huge profits from success while avoiding any of the negative consequence of failure would inevitably lead to a culture of "gambling with other people's money".

Comment Re:SO's own answer says "CC"...or not... (Score 1) 303

Here's an actual debate on this topic on SO:

Accepted answer: Anything that you post to Stack Overflow will be under the terms of the Creative Commons license

Top comments seems to be about using "Unlicense" (instead of "Public Domain") and to just avoid cut-paste (good luck with that if you're dealing with an offshore team). I pretty much use #2, renaming everything and usually swapping some of the decision logic to create something that looks original enough to pass a smell test when I cut/paste. It's work, but it's still significantly less work than writing it from scratch.

There's a quote from Jeff Atwood in that debate that I think is very relevant - "I would hope that people are not posting giant blocks of code at SO, making it more of a quote / fair use type situation.".

That's the way I view anything I post on SO; they are just code fragments to illustrate a concept or a language quirk and not something I feel the need to claim ownership over. And that's also how I read SO; I'm looking to learn, not copy/paste big chunks of code. If folks are really posting blocks of code big enough to be copyright-able then they probably shouldn't.

Comment Re:Holy shit this is the first I've heard of this! (Score 1) 296

I had no idea David Bowie died until I read it here on Slashdot! How come the mainstream media didn't report on this at all in the last 16 hours since it was formally announced?

I don't know where in the world you are. But in my part of the world the media have been talking about little else since early this morning.

Comment Re:NoScript or hosts: take your pick (Score 5, Informative) 84

What's Clarity Ray?

Honestly, I have no idea why people accept sites should by default be allowed to run scripts, or the 15 sites they cross link to should run scripts just because you loaded the page.

And, FYI, I've seen an increasing number of sites which render their content with javscript, and you only see a blank page without it. Of course, if you know how to view the page source and don't much care about the formatting the text is usually right there.

Me, I'd just as soon punch the average web site administrator in the nose as assume I have any reason to allow them to run scripts. My default position on scripts is "piss off", and I'll enable them if I think I care or trust you. But your third parties? They can always piss off.

ClarityRay is an Israeli "ad security" company, acquired by Yahoo last year - ClarityRay Battles Ad Blockers With $500K In Funding. Fun quote from TFA - “We believe ad-blocking today is a lot like how pirate MP3s were before iTunes: they point to a valid consumer need, but do so in an unsustainable manner business wise,” says co-founder and CEO Ido Yablonka. Though if you are also running NoScript it's hard to see how they can do anything meaningful.

And you are spot on about the whole transitive trust aspect. Just because I may trust "site x" that doesn't mean that I trust the dozen other sites "site x" have partnered with who are trying to send me ads and scripts.

Comment Re:Really??? (Score 1) 358

Note that the 'language' is not slow, inefficient, etc. It's hard for a language to be anything.

Now the de-factor *runtime* implementation of said language... Actually isn't that bad either for most people. Yes, if you are an idealized developer writing the most efficient code possible, there is more absolute potential in a C implementation, however in practice the potential delta is extremely small compared to doing a 'good' implementation, regardless of which runtime is executing. A lot of code out there can see an order of magnitude performance improvement through improvements to the code in-place.

Java gets *particularly* a bad rap by being the first language to popularize the runtime as a 'performance friendly' strategy when their runtime was particularly bad, but mostly because by virtue of its popularity, all the less than best programmers are turning out code for it.

Of course, while I recognize that the usual criticisms are not as bad or not JRE's fault, I still hate the wrangling of java runtimes on a system...

Agreed. I think most of the people who bitch about Java haven't written a line of it in years (if ever). Java today is plenty fast enough for high volume web sites, high throughput transaction engines and more. It runs on pretty much every OS platform that matters. And it's not even particularly verbose these days.

Can a poor programmer write sucky code in Java that performs badly? Sure. But the same is true of any language. I've seen a lot of guys in startups who were using Ruby, or some other language-de-jour, who couldn't code a scalable, stable web application if their lives depended on it.

Comment Re:Balance of power (Score 2) 55

The shareholders would blink first. The chairman would be replaced about 30 seconds after suggesting doing something so reckless.

Not necessarily. At the moment the companies have generic products they can offer worldwide. If the UK manages to establish a precedent for getting special treatment, then other countries will be quick to produce their own wish lists. That means a lot of extra cost (and lower profit) when they could simply pull out of the UK and keep offering services to UK residents from beyond the British legal jurisdiction.

The UK will hold a referendum later this year on whether or not to remain in the EU. A lot of big companies have already indicated that they will do exactly that; i.e. pull out of the UK if the UK pulls out of the EU. The UK government don't have as much clout as they think they do.

Comment Re:No rational arguments (Score 1) 421

One thing I *haven't* seen is a rational explanation of why a temporary ban on Muslim immigration isn't a common-sense response to an immediate problem

Well try this then. One good way of testing the reasonableness of a proposition is to substitute other groups for the proposed one. So how about...

"One thing I *haven't* seen is a rational explanation of why a temporary ban on Jewish immigration isn't a common-sense response to an immediate problem"

Still OK with that? Then how about...

"One thing I *haven't* seen is a rational explanation of why a temporary ban on [fundamentalist] Christian immigration isn't a common-sense response to an immediate problem"

Still OK? Because if you say "all Jews/Christians aren't crazed killers", well guess what; neither are the vast majority of Muslims. No US politician would make the same sweeping generalisation about Jews or Christians, so why should Muslims be fair game?

And, at the risk of invoking Godwin, your reference to Hitler is interesting as there is an eerie similarity to Trump's rhetoric.

Hitler rose to power by pitching similar rhetoric at a similar demographic. "None of you problems are your own making. It's those foreigners who saddled us with debt. It's those Jews who are working to undermine our society and our natural racial superiority. It's those people who weakened our military and are trying to make us small, instead of the world leaders we should be. Vote for me and I'll get rid of those pesky Jews. I'll give the foreigners a bloody nose and show them who is boss. I'll build up our military and make Germany great again."

Sound familiar? They were bad arguments then and they are bad arguments now.

Comment Re:Close the f'ing borders already! (Score 1) 275

Over the last couple of centuries Britain and France (particularly) and latterly the US have ridden roughshod over national sovereignty and human rights in the middle east whenever it suited their political or economic purposes.

Do you imagine the MIddle East had liberal democracies before the US and Europe came in and destroyed it? The Middle East has been a totalitarian shithole for a long, long time. It never had "human rights" in the Western sense. And the whole point of many of these Islamic movements is to get rid of "national sovereignty" and restore an Islamic empire. And creating that Islamic empire isn't for the good of humanity, it is to take revenge for the fact that Europe successfully defended itself and kicked out the first few Islamic empires.

Now, I disapprove of the US and European governments meddling in the Middle East. It is clearly not very effective, it is very costly, and it just riles up the people who live there. But the West does not bear any moral responsibility for the plight of the people in the Middle East, and it isn't our responsibility to ensure that they have "national sovereignty and human rights". In fact, the Middle East probably has achieved more "national sovereignty and human rights" with US and European meddling than without, it's just that the price we are paying for it is too high for us.

You've just proved my point. The West has a history of supporting repressive regimes (like Saudi Arabia) because it's "good for business". The West talk a good game when it comes to democracy in the middle east but in reality they only want "friendly" regimes in place. They say they want free elections, but when there is one and the people use their votes to elect the "wrong" party there's suddenly a coup to restore the status-quo. Here's a recent article in this very topic from the BBC; Does the West want democracy in the Middle East? - BBC News.

Comment Re:Close the f'ing borders already! (Score 2) 275

Don't give up to the fallacy that Islam is the problem. The problem is that the middle east is a prime location for proxy wars and it happens that Islam is the dominant religion there. Should them have been Christians, Jews or even Buddhists that it wouldn't have been different.

This is exactly right. Over the last couple of centuries Britain and France (particularly) and latterly the US have ridden roughshod over national sovereignty and human rights in the middle east whenever it suited their political or economic purposes. People who wonder why there is so much anti-western feeling in the region need to read up on the history. If it was themselves and their families on the receiving end they would likely feel exactly the same way.

Comment Re:Seems legit (Score 1) 73

If you go to the infringing site you might get the impression that this is the Australian builder. It is not. Scroll to the bottom and the contact info is in India. The actual Simonds Homes is something else.

Looks like deceptive practice on the part of CHM Constructions. What can Simonds do to defend itself?

Yes, the CHM web site does look fishy. But this is _not_ a copyright issue. CHM (whoever they are) are claiming a business relationship with Simonds Homes. If no such relationship exists, Simonds Homes should be taking CHM to court under company law, not trying to get one small ISP to block CHM's web site.

This does appear like a stalking horse case for bending the new copyright law for other purposes.

Comment Re:Scrum Was Never Alive (Score 1) 371

If you have most of those prerequisites -- everyone agrees on a process, you have a good architecture, and the project staff are highly motivated and get along -- then basically any process will work. If you say that scrum only works when you have those, it does not speak well of scrum. The purpose of real engineering processes are to manage projects where not everyone sees eye to eye, you have a variety of per-worker productivity levels, and you probably have uncertainty about what you need or what is possible.

Well Scrum isn't a silver bullet. any process where all parties are not "on board" will likely fail. But Scrum (and more generally agile) does provide a good way to address the issues you mention.

The customer requirements are broken into "user stories"; a set of unambiguous features the solution must have. These are ranked in priority order by the customer. But they are also evaluated by the developers for degree of difficulty and likely effort. If there are genuinely impossible or really difficult requirements they are called out before any coding starts.

Subsets of the features are delivered in "sprints" lasting 2 to 4 weeks. At the end of each sprint the working code is demonstrated to the customer for feedback. This gives the customer confidence and ensures the team don't go too far off course -"fail fast, fail cheap".

Of course developers have differing levels of skill and experience. In scrum the team's "velocity" (the amount of work they can undertake in a given period) is determined by the skill and experience of the team members and is called out up front. If the customer wants top quality in the shortest possible time then he will have to pay for the A Team!

Team "velocity" should increase over time as members build up skills and experience. In my experience a relatively inexperienced developer who is motivated to learn and take on new challenges is better than a more experienced developer who won't step outside his comfort zone.

And people don't always see eye to eye. But in Scrum the team is responsible for delivery. So in a difference of technical opinion both sides make their pitch to the team and the team decides which one to go with.

If somebody just doesn't get along with the group, or isn't pulling their weight (which will be very obvious in an agile project), then that has to be addressed whatever project approach you are using. In Scrum it's the scrum masters responsibility to deal with issues that are making the team less effective.

Comment Re:Scrum Was Never Alive (Score 5, Interesting) 371

I can see where it might be useful in certain situations. However, when it gets used with other Agile fluff to simply produce a dirty snowball of design layers with no overall architecture produced, then it becomes a headless snake. It also tends to get misused by management who see it as a way to micro-manage developers thereby pissing off the very developers upon whom they are depending.

Well I've worked on a lot of successful scrum-based projects (full disclosure: I'm a certified scrum master). Done right it's a very effective and enjoyable way to work. But there are some pre-reqs if you are going to succeed.

  • Everybody has to buy into it; developers and customers. Some people like waterfall because you can fudge a lot in big rambling requirements and design documents! On an agile project the emphasis is on personal responsibility and accountability..
  • You need to have a basic usable architecture "blueprint" in place _before_ you start to code. If, on day one, everybody is scratching their heads wondering how they are going to build then you're in trouble. If everybody understands the blueprint then the discussion moves on to delivering the actual customer requirements. And you can always tweak the architecture as you go, if you need to.
  • You need a team of skilled self-starting developers (not coders, testers, analysts); there's no place for "that's not my job". In my experience good developers love the challenge and the ability of the team to self manage. Others just want to be told what to do.
  • Continuous build is essential. The two basic rules are, if it's not in Git it doesn't exist and if the builds (and test suites) are failing it doesn't work. There's no room for fudging; the build server's dashboards don't lie!
  • As a scrum master, one of your most important tasks is to keep traditional "management" out of the developers hair. If they want progress reporting, I point them at the online scrum board (user stories and burn down charts) and the build dashboards. That's actual progress that they can check anytime they want.

If you do it right, then you can be very productive and have fun doing it. Unfortunately, there are a lot people who have made half-assed attempts at "agile" and then rubbished it when their projects failed.

Comment Re:OS/2 is still alive? (Score 1) 262

I remember 2.0 back in about 92 or 93 and it was alright but not really special. And then it pretty much died. I can't imagine there are any significant projects still using it. Though I'll probably be told about several who never gave up on it. After all, there are still projects running Motif...

Well quite a few big companies bought into and built their own apps on it. And IBM of course continued to ship apps for OS/2. And there has also been a loyal geek user base which has ported a fair amount of open source projects to the platform. It is Posix compliant so porting isn't that difficult.

I must say, I liked OS/2 - especially Warp. It ran well on the hardware of the day and was way better than Windows. But IBM weren't as smart at marketing as Microsoft!

Slashdot Top Deals

"Life is a garment we continuously alter, but which never seems to fit." -- David McCord