Forgot your password?
typodupeerror

Comment: Re:hahaha! (Score 1) 932

by Tanktalus (#47215641) Attached to: House Majority Leader Defeated In Primary

I'd suggest the penalty be based on the savings, not the cost.

If the illegal is simply indentured, unpaid servant, the penalty goes to zero? Instead, I'd suggest asking a local union (just for kicks, mind you) what the going rate is for that work, subtracting the actual pay, and using that as your basis for penalty. If the illegal was paid full union rates, I could live with "no penalty" - they've been penalised enough, I suppose.

Comment: Re:We banned Perl (Score 1) 126

I used to be a huge fan of C++.

All those negatives you cite seem to me to be advantages. Because when you know how to use them, they become powerful forces for good. Sure, there's plenty of room to shoot your foot off, but there are some things you can do in Perl that a stricter language wouldn't let you do.

Comment: Re:We banned Perl (Score 1) 126

I've put that bullet through that approach.

I've grabbed the precise versions of everything that we're going to use, checked into our version control system, complete with a full build-from-scratch setup that will build perl from source, with the exact options we need (or at least the exact same options every time, not sure if we need threading, for example), and the precise list of CPAN modules that we are using, along with standard patches to said modules where required (some of them don't support AIX as well as we need). Upgrading a module will require a degree of regression testing, etc.. And all developers will use exactly the right levels of everything as the level that is going into production.

I'm a huge fan of CPAN. It has issues, such as some crap code, but yet it remains one of Perl's greatest strengths. Like anything else worth having, it provides sufficient rope to hang yourself with, so you do have to be careful, putting the onus back on the developer to find a mode that works for them. And yet, to fulfill corporate requirements, I'm using precise levels of code. There's no reason why you can't have the best of both worlds.

Comment: Re:We banned Perl (Score 1) 126

Gee, if that was the criteria, I'd be banning Java at work. Because I've seen first-hand a number of Java devs writing absolutely stupid things resulting in a heap of vulnerabilities.

The reality is that you get a bunch of stupid developers, and it doesn't matter what language you put in front of them, they're going to write stupid code. The people who've worked under me in perl don't get the opportunity to write code that dumb because a) I provide a saner framework work in where those gotchas are centralised into common functions and objects, and b) I code review everything that goes in until they acquire a better knowledge base to work from and then I do spot reviews and review anything they feel, with their now better experience, might be tricky and should get extra eyes.

I don't care what language you're working in. If you don't realise that calling the shell with special characters that you didn't know you had will cause problems, it's the developer at fault, not the language. I don't care if it's cmd = "do-stuff " + tainted_value; Process p = java.lang.Runtime.exec(cmd); or my $cmd = "do-stuff $tainted_value"; my $rc = system($cmd);, that's going to result in broken code. If you don't realise that doing the same thing with SQL is going to cause problems, you shouldn't be doing SQL. Or running a subprocess, waiting for it to exit, and THEN reading its stdout. These are all common things, in my experience, and most of them I've seen in Java code, though I do get to work with some nimwits in a different reporting chain using perl stupidly as well. I don't ascribe the bad code to the language, but to the bad developers. Maybe you should look, too, and you'd find it's your developers that are the problem, not the language.

Comment: Re:Why so much insurance? (Score 1) 167

Given that this is SCARY and NEW TECHNOLOGY, I can see an abundance of caution here. Also, it's the manufacturer that has to have the insurance, which seems to me to be rather cheap, especially since many players, especially Google, could self-insure something like this and wouldn't really notice any pinch. To be honest, this seemed to me to be somewhat low if their primary purpose is to ease peoples' minds about the new technology.

Remember that the state is going down uncharted waters here, regulating these things prior to actual use as opposed to the catch-up-with-existing-practices we did the first time round with these horseless carriage things. So they're taking things easy. It's probably the best way to make everyone comfortable with the process, other than perhaps the manufacturers.

Comment: Re:Next target, please (Score 1) 626

by Tanktalus (#47051853) Attached to: Driverless Cars Could Cripple Law Enforcement Budgets

I know that reading the fine article is frowned upon, but I .. I ... I couldn't help myself.

The article had this weird text and stuff, and it overwhelmed me, but when I finally sobered up long enough to take my eyes off the road and read my tablet, I saw this odd text:

Approximately 41 million people receive speeding tickets in the U.S. every year, paying out more than $6.2 billion per year, according to statistics from the U.S. Highway Patrol published at StatisticBrain.com. That translates to an estimate $300,000 in speeding ticket revenue per U.S. police officer every year.

(my emphasis.) Now, I get that the cost of policing isn't simply the officer's salary, but the cost of the vehicle, maintenance, gas, supervisors, etc. But I highly doubt that the cost per officer is $300k per year. I would say that $150k per year might be an excessive estimate. So let's call it $200k/year/officer. It seems like there's a significant profit being made here somewhere. I just don't know where it's all going, other than possibly into municipality coffers.

Comment: Re:Weren't the Peruvians altering the coast? (Score 1) 94

by Tanktalus (#47045437) Attached to: Spanish Conquest May Have Altered Peru's Shoreline

But anyone who thinks our goal should be to avoid altering our environment really hasn't thought it through, because the only way to achieve that goal is for us to cease existing.

There are people who believe that those espousing "avoid altering our environment" have thought it through, and their goal really is for humans to cease existing. I'm currently leaning toward believing these people.

Comment: Re:What does it mean? (Score 1) 328

by Tanktalus (#46840207) Attached to: FTC Approves Tesla's Direct Sales Model

How? By not prohibiting the sale itself, only who is making the sale. Tesla can sell all the cars they want, as long as they use local dealers to do so. Therefore interstate commerce is not prohibited. Still a dumb law, but I don't see anything here that makes it unconstitutional or federal.

Controlled substances can only be sold through pharmacies by licensed pharmacists. And new cars can only be sold through local car dealerships. Now why only local car dealerships should be allowed to sell cars, or why we're equating new cars to controlled substances, I don't understand. But we are, and it's legal for the states to make dumb laws like this.

Comment: Re:Where is the big problem? (Score 1) 125

by Tanktalus (#46455791) Attached to: Major Wikipedia Donors Caught Editing Their Own Articles

Right!. That's how scientific research works too. Write a paper for a journal run my you and your friends then right a new paper sighting the published one and submit to a more prestigious journal, who's reviewers are also colleagues. Now it's all fine

I see what you did there.

(It's "citing". I'd tell you to look up that word in wikipedia, but I'm guessing it's been illicitly edited by some research journals trying to skew the definition their way.)

Comment: Re:Where is the big problem? (Score 1) 125

by Tanktalus (#46455761) Attached to: Major Wikipedia Donors Caught Editing Their Own Articles

And sometimes you can find out it had a lot more information previously, but someone removed it because it was untrue, false, libelous, or, cardinal of all sins, lacked citations.

The reality is that you can't really know why that information is gone without more information. It may have been removed legitimately. Or it may have been removed as part of a whitewash to clean up an image. So now, which is the better article? The one before or after the subtractions? We don't necessarily know.

Comment: Re:Is anyone surprised? (Score 5, Insightful) 116

by Tanktalus (#46331301) Attached to: Complete Microsoft EMET Bypass Developed

So, you don't use a club on your steering wheel, you don't bother hiding valuables in your trunk, leaving them in plain view, and, really, since a professional can get in the car anyway, just leave the doors unlocked. It's all smoke and mirrors anyway.

If a malicious attacker/user is portscanning your system and finds that port 22 is open, they're going to assume an ssh attack. If they find port 1234, they may move on to another target that has port 22 open instead. Of course, if they're really after you, and not just throwing a wide net, then such shenanigans aren't going to stop them, though it might slow them down for a little while while they try to figure out what's listening on which non-standard port.

If a script kiddie is doing the same, most likely port 1234 would be enough to fool them, and they'd never get in.

Seems like smoke and mirrors are a useful tool in a secure system's administration, but should never be the sole tool.

User hostile.

Working...