Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:100 times better, but 20% energy savings? (Score 1) 90 90

I would ass-u-me that this would mean that over a period of time X, a current generation chip would process Y commands consuming N units of energy.

The new chip would perform 2Y commands over X time while only consuming .8N units of energy.

Or that each command execution would take 80% of the energy of a current gen chip, but that it could complete twice as many of them in the same time period, meaning a net increase of ~60% energy consumption at sustained max load.

Tons of ways to play with the statistics on this one, and the 100% performance improvement and 20% energy efficiency improvement are not mutually exclusive. But the summary doesn't give any context or detail, so without RTFA, it should be considered nothing more than marketing speak.

-Rick

Comment Re:The argument is "leaky" at best too (Score 1) 194 194

I would correct that even further.

It isn't about the fittest or death risk, it's about being able to procreate and survive.

In your species example of the 4, 6, and 10 mph creature. If the live birth rate of the creature declines as their speed increases (musculature takes energy/hormones away from breeding, high speed movements cause more lost pregnancies, etc...) than the 4mph species may actually be the winner as they will out-bread the 6 and 10mph variants.

Now, throw a 5 mph predator into the mix and the picture may change. If the 4mph variant can still breed fast enough to offset the deaths to the predator and out populate the higher speed variants, then it could still be the winner.

More likely though, the 6mph critter would win out as it is able to out breed the 10mph critter and would suffer significantly less losses than the 4mph critter to 5mph predators.

It all comes down to procreation. Which is the basic of the movie Idiocracy.

-Rick

Comment The bigger issue (Score 4, Interesting) 147 147

This bug is in the JIT optimizer of the 4.6 framework. For apps you are developing, it's absolutely no problem, you just go into the compiler settings and uncheck the 'optimize' setting.

The problem though, is that the 4.6 framework is an in-place replacement for the 4.5 framework, which was an in-place replacement for the 4.0 framework. And the JIT optimizer is on by default. So if you install the 4.6 framework, it could potentially introduce this bug into any application developed targeting the 4.0, 4.5, or 4.6 framework that is already distributed.

Luckily, it appears as though the issue is a combination of a nullable int that has a bug in the boxing/unboxing of it's operator when calling the .hasValue method. So the actual number of places where this will actually pop up is hopefully quite limited.

That said, MS better get this patch deployed ASAP. Or if you are in a critical hurry, the correction has already been committed to the .Net Git repo, so you can brave a build from that.

-Rick

Comment 'Coolest' mistake ever (Score 1) 377 377

A co-worker of mine had just finished implementing a new caching system for a legacy app that interfaced between multiple systems and the mainframe to track progress and shipping of pilot production runs. Due to a bug in his code, in a very specific use case, one of the cached systems would not get flushed. This was identified a few days after the production release when the company (a multi-billion dollar food sciences multi-national corporation) received a phone call from a Pastor in BFE, Minnesota asking why we had sent him almost 500 gallons of ice cream. Apparently, his church's address was in the system from some charity event we had sponsored, since the ID and business type didn't flush from the previous transaction, when the pilot plant told the software to print labels for the next order, it pulled the shipping address from the wrong database and the ID just happened to collide.

The cost of shipping the ice cream back for disposal was ridiculous. So the company told the Pastor to have a huge ice cream social.

The responsible developer was not fired, but there were running gags about him being the Ice Cream Man for the next year.

-Rick

Comment Re:Type 4 UUIDs (Score 1) 251 251

My concern is how to keep someone between your server and the subscriber's MUA from compromising "possession", or how to establish "possession" the first time.

If you follow the same model with account creation, then you already have possession established. If someone compromises your email account, and knows your user account for this site, and knows your security answers, then yeah, you're borked. But if someone has all of that information already, I'm pretty sure you've been borked for a while and in significantly worse ways than someone having your college transcripts. ;)

I just use a PRNG. If I need it as a GUID, I request 120 random bits and format them as a type 4 UUID. Is that good enough?

"Good enough" is a question that is best answered by the asker. Security isn't a Boolean implementation. You aren't secure or insecure, you are at some level of security across a very wide range. Storing passwords in clear text is vastly more secure than having no authentication on a system at all, but it is vastly less secure than storing a hashed password. And that is vastly less secure than storing a 1-way hashed password. And even that is meaningless if you don't have a secured communication layer, or if you aren't correctly exchanging public/private keys. etc...

Are you trying to keep script kiddies from spamming your content management site with pictures of dicks, or are you trying to keep banking details, SSNs, and credit histories locked up with controlled access via the internet?

With that said, you're likely more on the 'secure' side using a v4 UUID, assuming the rest of your implementation follows the appropriate patterns.

-Rick

Comment Re:Responses (Score 3) 251 251

[quote]So how do you encrypt this UUID?[/quote]

You don't. It's just a GUID or some other low collision rate hash.

[quote]And what do you send for a password reset?[/quote]

You send them a new UUID in a link. When the link is hit, the UUID resolves back to their account and they are directed to enter a new password, just like a first time user.

The combination of time (the UUID can be time boxed), activity (a successful login nullifies the UUID), and possession (control of the account's registered email address), and if you want to get really wild, knowledge of a security question, creates a scenario where there are no good purely technical solutions for the attacker.

An attacker could, in theory, create a colliding GUID for an account they know the name of (but not password), manually enter the UUID link, and set the new password (assuming there is no security question).

But if an attacker manages to consistently generate colliding GUIDs*, they have accomplished something so monumental that they should be heralded as the second coming of Steve Jobs or something.

(*Assuming the coders didn't decide to come up with their own GUID generation algorithm that is easily reverse engineered and seeded)

-Rick

Comment Re:Um.. we don't see it as advancing our career (Score 4, Insightful) 125 125

I find this notion interesting.

I am a manager. I have hired people over 50. On my team right now I have 3 people within 3 years of full retirement. One of whom I hired within the last year. I also have two that are within spitting range of 50, one of who I hired less than 6 months ago.

When I'm bringing someone on board in the 40+ category with 20+ years of professional experience, I have drastically different expectations than what I'm looking for in a 24 year old kid who's on his first salary gig out of college.

I'm looking for someone who understands corporate structures, workflow analysis, generalization. I'm looking for someone who says, "When you boil this down, it's an asset management system, and I've worked with half a dozen different vendors and 4 different home grown systems that do the same thing". I want someone who can sit down with users, look at what their doing and not just imagine up a new piece of software, but understand the business process to the point where they can make truly business impacting recommendations with a realistic grasp of what it would take to accomplish. I want someone who will pull the young bucks aside and explain to them the merits of simplicity and maintainability, someone who can do code reviews without being a pretentious dick, someone who can help guide that next generation of developers into the future engineers and architects I need.

People over 50 absolutely have a place in the development arena. But if you're 50 years old and still expect to have the same responsibilities as a 24 year old kid, you will be sorely disappointed.

-Rick

Comment Re:The problem is that landfills are too cheap (Score 1) 371 371

If you live out in the country in the US, you have to take your trash/recycling into a dump or collection site.

The typical approach is that you charge enough extra for trash/dumping that it covers the cost of recycling.

It has the benefits of being self-funding, and it puts a price point on motivating consumers to recycle.

As a GP up the tree pointed out though, the more expensive trash is, the more likely you'll see people illegally dumping. So it's a balancing act of funding recycling without driving off low income citizens to cheaper (illegal) means.

-Rick

I have yet to see any problem, however complicated, which, when you looked at it in the right way, did not become still more complicated. -- Poul Anderson

Working...