Forgot your password?

Comment: Re:another language shoved down your throat (Score 4, Insightful) 403

by Xtifr (#47411369) Attached to: Python Bumps Off Java As Top Learning Language

Have you ever been fooled by incorrect indentation that didn't compile the way it looked?

Nope. My editor takes care of indentation for me, in every common language except Python, and when I have to deal with a batch of code written by someone else, I run it through indent(1) first. So, in fact, it's just the opposite: when the indentation doesn't match what I expect, I know there's an actual problem in the code!

With Python, on the other hand, I'm actually more likely to have an error in the indenting, because there's no easy way to see how many blocks I'm terminating when I outdent by an arbitrary amount. Which is a real PITA when you're refactoring.

Of course, things may be different if you're using crappy tools. But professionals shouldn't be using crappy tools.

Brackets, begin..end, and semicolons are crutches for compiler writers not programmers.

No, they're tools to make my job easier. Whatever the historical reason for them may be, they benefit the programmer! They make me more productive.

Now, I'll grant that Python is a remarkably good language despite its horrible flaw of relying on indentation. And many of its good features also make me more productive. But that doesn't mean that relying on the indentation isn't a horrible flaw.

Comment: Re:We can thank corporate America (Score 1) 279

by Wrath0fb0b (#47389797) Attached to: Ask Slashdot: How Often Should You Change Jobs?

Part of the problem is that it's easier to hire new folks than to reallocate existing ones without getting into political turf wars -- let alone shrinking some departments* that don't need the headcount. This means that the utility of a new employee is automatically greater than one that's been there forever, even if they are equal in skill, just because they can be put in the most useful position.

This is a facet of downwards-stickiness -- it's easy to tell an overstaffed* department that they don't get to hire new folks, it's nearly impossible to tell them to give up folks. But both of those are equivalent in terms of overall allocation of resources.

* Note: I don't mean to say that these folks are incompetent, only that demands change and a team that might be stretched thin one year because of a large project might have few demands the next. In fact, it's exactly the opposite -- the most talented teams end up overstaffed because they build things well and end up without much maintenance to do, rather than constantly chasing their tails duct-taping things up. We should be moving talent from those teams to where it's needed the most.

Comment: Re:Actually not /all/ corporations are covered ... (Score 1) 1314

Who ever said that the IRS definition for the purposes of taxation is the correct one to apply to a RFRA claim over contraception?

I highly doubt that the Waltons would qualify, given that billions of dollars of WalMart stock is held and traded publicly.

Comment: Actually not /all/ corporations are covered ... (Score 1) 1314

The opinion restricts itself to "closely-held corporations" (a phrase used dozens of times) rather than /all/ corporations. They don't define with precision what that exactly means -- that kind of drudgery is the domain of the lower courts -- they did point out that Hobby Lobby is privately held by a small number of folks from the same family. It would seem clear to infer that "closely-held" is sort of an antonym to "publicly-held" here, so I think there's virtually no chance any lower court would allow Wal Mart or Exxon to assert a RFRA claim.

Now, since companies under 100 employees are already exempt from most of PPACA, the net net of this only covers the rare company that simultaneously large enough to be hit by the mandate but still owned closely enough to merit RFRA protection. In other words, not too many in the scheme of things.

[ Full Disclosure: I don't support what Hobby Lobby believes, I think they deserve to lose on the merits. But at the end of the day, I'm not going to make a molehill into a mountain for rhetorical or fundraising purposes. ]

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47325179) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, you are right, I mistyped.

Public: { H(CC+Salt), Salt, Amount of money spent on porn, Amount of student debt }

[ where + is just shorthanded for "mixed with" ]

It's not at all within the realm of possibility for an attacker to brute force the CC space for each salt separately. So yes, an attacker can run through (2**CC_entropy) hashes to brute force a single entry, but that exercise provides him no help when he goes to do the next entry. Moreover, he can't spin up a few TB of storage on S3 and pre-compute anything useful.

The point of the scheme is to turn a pwn-once-win-forever game into a pwn-one-win-one game. This guy paid once and won the entire database. I would like him to have to pay that cost once for each entry.

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47321469) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, a secret salt is no salt at all.

But there are very important uses for salting that make it better than assigning a random number -- it allows someone that does know the input value look up the relevant entry without any involvement from the secure side.

Imagine you had the following two datasets that you've partitioned:

Private: { Credit Card Number, Random Salt }
Public: { H(CC+Salt), Amount of money spent on porn, Amount of student debt }

Now whenever you want to obscure an entry, you do need to go to private one. But if you want to answer the question "How much money did a person with CC X spend on porn", you can look it up without entering the secure domain. But no one without access to the private side can find credit cards in the DB or other stuff -- to within the computational costs of the operation multiplied by the entropy of the salt.

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47321451) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, which is exactly what the person in this article actually did -- he created a lookup table to accelerate brute-forcing the entire released dataset.

And yes, there are a trillion credit cards. But if each one gets a random 32-byte salt added to it, then that's a 4-billion-trillion input space ...

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 2) 192

by Wrath0fb0b (#47303271) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Um, the standard is fine. The phrase "One-way hashes based on strong cryptography" means (to any professional in the business) that one must salt the hash with sufficient entropy to make brute-forcing the input space impossible. So 16 digit CC has little entry, but add a 16-byte hash and you've somewhere.

So yeah, "strong cryptography" can't fix stupid, but those that know how to use it are plenty fine.

Comment: The ethnicities of my tech workplace (Score 1) 435

by Wrath0fb0b (#47262937) Attached to: Yahoo's Diversity Record Is Almost As Bad As Google's

And this is counting just those around me:

East Asia: Han, Cantonese, Korean, Japanese,
Indian Subcontinent: Telugu, Tamil, Sinhalese, Punjabi,
West Asia: Syriac, Turkmen, Arab, Persian,
North Asia: Slavs of all flavors,
Europe: Scandinavian, Germanic, Anglo-saxons, Castilians,
Africa: Hamitic, Bantu,

Looks pretty diverse to me, at least once you get past the crippling simplicity of the "White/Asian/Black/Latin" universe in which the race-baiters are forever trapped.

Comment: Re:Next up: We need a centrifuge in orbit! (Score 1) 76

by Xtifr (#47209453) Attached to: Moon Swirls May Inspire Revolution In the Science of Deflector Shields

If the answer is humans need a full gee, then we might as well just resign ourselves to limiting our trips into the solar system to quick jaunts and robotic explorers.

Disagree. Large-scale habitats/SPS/O'Neill Colonies have always been the best option. No huge gravity wells to deal with, since rotation provides your G's, and, while they are extraordinarily expensive, they cost nothing compared to a full-scale terraforming effort, and can provide a shirt-sleeve environment in basically no time flat. The one remaining big knock on them was the issue of radiation shielding, and now, that may be solved.

Comment: Re:f-35, beta feature set (Score 1) 417

by thogard (#47184753) Attached to: Canada Poised To Buy 65 Lockheed Martin F-35 JSFs

If Australia, Canada, Japan and South Korea got together, they could get the F-15 Silent Eagle built to the appropriate specs. It can be more stealthy than the F-35, it would be cheaper, faster, it is a proven air frame and it would meet the internal defense roles as well as the role of supporting allies. The F-15 Silent Eagle (or F15 Advanced as that might be its current name) is an more modern F-15E Strike Eagle air frame with modifications taken from the failed F-23 prototypes.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths