Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:Sanity? (Score 2) 451

by Tanktalus (#48256265) Attached to: Ken Ham's Ark Torpedoed With Charges of Religious Discrimination

Without any regard to the religious organisation. As long as any group can qualify for tax breaks of a similar nature for a similar sized tourist attraction with similar business plans, and expectation of tourist dollars spent in-state, regardless of the religosity or lack thereof of the attraction, then they are supporting tourism for tourist purposes.

(And I say that disagreeing with Ham's interpretation of the Bible.) (And disagreeing with the whole concept of selective tax breaks - if you have spare cash, spread it around by lowering all taxes, not just certain ones.)

Comment: Re:Predictable responses (Score 2) 59

by Tanktalus (#48181605) Attached to: Brain Patterns Give Clues To Why Some People Just Keep Gambling

Really, it doesn't matter if the brain lacks free will. We necessarily must presume it does for our legal system to have any effect. It doesn't matter whether you're a thief or a diagnosed kleptomaniac, either way we need to find a way to keep you away from the personal property of others. Sure, the methods used may change, but we've determined (whether through free will or some reasonably complete facsimile thereof) that this is not acceptable behaviour in our society, and it must be caught and removed.

Comment: Re:Who cares about succinctness .... (Score 1) 165

by Tanktalus (#47983735) Attached to: Rosetta Code Study Weighs In On the Programming Language Debate

Perl [lets] you express a lot of operations in a few characters. Syntactically succinct, hard to read.

That really depends on your experience level, like in anything. Reading a wiring diagram is arcane to the uninitiated, but once you know what symbols represent what types of circuit pieces (including resistors, capacitors, diodes, FETs, etc.), they are both syntactically succinct and easy to read because you can tell what goes where at a glance, you don't need to read and parse a lot of text.

Same thing in Perl. Once you actually learn it, it becomes easier and faster to read than, say, Java, because there's less skipping over of absolute boilerplate. The more I use perl, the less patience I have for trying to find my way through the verbosity that is Java.

Comment: Re: There we go again (Score 1) 383

by Tanktalus (#47651687) Attached to: DARPA Wants To Kill the Password

Do you think that simply because you omitted that common attack vector that it's magically not going to happen?

Rate limiting, et al, has a singular primary purpose: to make things hard enough that an attacker doesn't get the password hash. Anything else is pure gravy.

Once the attacker has the password hash, the next defense is a strong password. And that's where we need to focus the entire debate about passwords vs passphrases vs biometrics vs telepathy. Assume the attacker has your password hash. This worst-case scenario is reality all too often. Yes, throttle password attempts and all that, but if your server has Sarah Palin or Barack Obama on it, assume that someone, somewhere, will deploy sufficient resources to getting that password hash through some zero-day vulnerability. (If your site is just discussing hooch for local rednecks in Bumfuk, Virginia, then the passwords are likely safe, regardless of how insecure the system is.)

Comment: Re:hahaha! (Score 1) 932

by Tanktalus (#47215641) Attached to: House Majority Leader Defeated In Primary

I'd suggest the penalty be based on the savings, not the cost.

If the illegal is simply indentured, unpaid servant, the penalty goes to zero? Instead, I'd suggest asking a local union (just for kicks, mind you) what the going rate is for that work, subtracting the actual pay, and using that as your basis for penalty. If the illegal was paid full union rates, I could live with "no penalty" - they've been penalised enough, I suppose.

Comment: Re:We banned Perl (Score 1) 126

I used to be a huge fan of C++.

All those negatives you cite seem to me to be advantages. Because when you know how to use them, they become powerful forces for good. Sure, there's plenty of room to shoot your foot off, but there are some things you can do in Perl that a stricter language wouldn't let you do.

Comment: Re:We banned Perl (Score 1) 126

I've put that bullet through that approach.

I've grabbed the precise versions of everything that we're going to use, checked into our version control system, complete with a full build-from-scratch setup that will build perl from source, with the exact options we need (or at least the exact same options every time, not sure if we need threading, for example), and the precise list of CPAN modules that we are using, along with standard patches to said modules where required (some of them don't support AIX as well as we need). Upgrading a module will require a degree of regression testing, etc.. And all developers will use exactly the right levels of everything as the level that is going into production.

I'm a huge fan of CPAN. It has issues, such as some crap code, but yet it remains one of Perl's greatest strengths. Like anything else worth having, it provides sufficient rope to hang yourself with, so you do have to be careful, putting the onus back on the developer to find a mode that works for them. And yet, to fulfill corporate requirements, I'm using precise levels of code. There's no reason why you can't have the best of both worlds.

Comment: Re:We banned Perl (Score 1) 126

Gee, if that was the criteria, I'd be banning Java at work. Because I've seen first-hand a number of Java devs writing absolutely stupid things resulting in a heap of vulnerabilities.

The reality is that you get a bunch of stupid developers, and it doesn't matter what language you put in front of them, they're going to write stupid code. The people who've worked under me in perl don't get the opportunity to write code that dumb because a) I provide a saner framework work in where those gotchas are centralised into common functions and objects, and b) I code review everything that goes in until they acquire a better knowledge base to work from and then I do spot reviews and review anything they feel, with their now better experience, might be tricky and should get extra eyes.

I don't care what language you're working in. If you don't realise that calling the shell with special characters that you didn't know you had will cause problems, it's the developer at fault, not the language. I don't care if it's cmd = "do-stuff " + tainted_value; Process p = java.lang.Runtime.exec(cmd); or my $cmd = "do-stuff $tainted_value"; my $rc = system($cmd);, that's going to result in broken code. If you don't realise that doing the same thing with SQL is going to cause problems, you shouldn't be doing SQL. Or running a subprocess, waiting for it to exit, and THEN reading its stdout. These are all common things, in my experience, and most of them I've seen in Java code, though I do get to work with some nimwits in a different reporting chain using perl stupidly as well. I don't ascribe the bad code to the language, but to the bad developers. Maybe you should look, too, and you'd find it's your developers that are the problem, not the language.

We don't know who it was that discovered water, but we're pretty sure that it wasn't a fish. -- Marshall McLuhan