Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Yeah, right. (Score 1) 149 149

And now imagine an agile team of bricklayers "doing" an Empire state, sprint after damned sprint, under time pressure. Led by some MBA suit.

That sure looks like a recipe for success...

I have this image in my head of a skyscraper where every few courses, the bricklaying changes its appearance.

That's what Agile was supposed to promote, wasn't it? Adapting to user feedback as the code is developed?

Comment: Re:Try it for yourself! (Score 2) 815 815

You know, from a British perspective, the US flag is a rebel flag as well. Just sayin.

True. I doubt it flies above any government buildings in the United Kingdom, but I bet you can still buy one at TESCO!

Yep: http://www.tesco.com/direct/us...

And it's probably made in China. Just like the real thing.

Comment: Re:Never ? (Score 1) 152 152

Is it murder to refuse to perform a heart transplant, even if one is available? Probably not.
Is it murder to withhold a supply of insulin from someone who needs it to live? Maybe more so.
Is it murder to voluntarily stop producing new insulin shots while retaining a patent that prevents others from doing it? Complicated.

Of course if robots never advance to the point that you can consider them alive, it's all irrelevant here.

By that time, however, they'll probably seize the factories and start producing Terminators.

Comment: Re:POTS security is broken. (Score 4, Interesting) 193 193

The plain old telephone system evolved in an earlier era, security by obscurity was the norm. There were using simple whistling tones added/removed to regular conversation for data communication between exchanges. All analog. Blind phone phreaks were stealing just long distance minutes from the phone companies. But now the phone companies feel they have no liability to detect spoofed caller id. If some courts hold the phone companies liable for transmitting false phone numbers, using some lawyerly language like "aiding and abetting" "knowingly providing false information" "negligent" etc, then there could be some relief.

Phone companies most definitely know which of their resources are being employed to make calls with. They BILL for those resources and each and every call gets logged. Those logs are also required to be available for (allegedly) authorized law enforcement agencies and they're one reason why the old movie trope of "keep them on the line while we trace this call" is bogus. If the connection was made at all, no matter how briefly, there's a record constructed by automated equipment.

Naturally, if the true origin of the call is coming in from some other source, the phone company can only trust whatever ID came in from that source, but they definitely know where the call itself came from and that means that law enforcement can then track back until such point where they cannot gain any sort of co-operation. Even spoofing via Internet phone can be tracked if you're determined enough.

Comment: Re:asterisk, if you are up for it. (Score 1) 193 193

For a single home line, can't you just use a modem?

Yes you can. I did, in fact. I had the callerID route to a Perl script that screened incoming numbers. Not only did it filter out unauthorized callers, I even had it playing different ringtones.

Comment: Re:FCC (Score 1) 193 193

One of the vilest calls I've ever received is one where a robotic voice says "IRS (sic) has filed a lawsuit against you".

"The" IRS, or as they'd be more likely to identify themselves, the Internal Revenue Service of the United States of America" doesn't call like this. They use the US Postal Service, for one thing. For another, they don't use "English" phrasing constructs, because they're American.

This particular scam is blatantly intended to terrify the recipient into calling back the (Indian) call center who will then supposedly proceed to further the scam. However, if you check with the "who's calling" websites for comments, you may discover that like a lot of such scams, their agents are too incompetent to actually hook anyone not in advanced stages of Alzheimers or under 5 years old.

And speaking of "who's calling", such sites are a ready-made black-hole list for phone numbers someone else already answered so you wouldn't have to.

Comment: Re:The root cause : poor unit testing (Score 4, Insightful) 130 130

This is somewhat deceptive. Sonatype supports Maven component archives.

One of Maven's chief claims to fame is that when you build a project, it doesn't grab "the latest" versions of dependencies, it grabs the selected versions of dependencies. On the grounds that "If it ain't broke, don't fix it".

This ensures a predictable product because everyone who does a build, no matter when, no matter where, will be pulling in the same resources to build with.

The problem arises when one (or more) of those selected component versions turns out to have issues. The build ensures that the product will be consistent, and thus will pass its own tests, but as the old observation goes, testing cannot prove the absence of bugs, only their presence. So if there was a vulnerability, an old project's tests wouldn't see it. And because you're asking for a specific library release version, later fixes don't get automatically included (of course, neither do later breakages, but they ignored that aspect).

In theory, then, this is simple to fix. Just update the project (POM) to pull in newer, better dependencies.

And the NEXT version of Windows will fix all your problems, and I've got a very nice bridge in NYC for sale cheap.

If you're working on a project, you generally have all you can do to keep up with issues in your own code, let alone some supposedly trustworthy third-party libraries. You cannot afford to be constantly updating the dependency versions and even if you could, there's the issue of "dependency Hell", where changing the version of Hibernate can conflict with the version of slf4j which can conflict with junit, which can conflict with... I usually like to budget 2 or 3 DAYS when I'm ready to start upgrading dependencies.

Sonatype doesn't get a pass here, though. If they/Maven supported a mechanism that could flag builds that have known weak dependencies, it would help a lot. Management, of course, would promptly command it to be turned off to ensure "productivity", but at least we'd have some help short of periodically manually auditing every library in a complex project (like that's ever going to happen).

Comment: Re:Why would the festival cooperate? (Score 1) 134 134

Quite simply I want a law that prevents any organization from gathering data...

Absolutely impossible to enforce. You can never know what is being collected and stored. It is easier to prove the existence of your favorite deity.

It's a Comfort to me. Like a Big Brother watching over me wherever I go!

Comment: Re: Just take it in (Score 1) 479 479

One of the reasons I rented was that I'm tired of having old units accumulate.

In reality, however, I rent so long that by the time I'm done with the equipment they don't want it back anyway. I would have saved money by buying it and I'd still have an old unit cluttering up the place when I was done with it.

What is now proved was once only imagin'd. -- William Blake

Working...