Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:what about git? (Score 1) 87

Why can't git be updated to just use another algorithm?

First off, Linus on the topic of SHA1 safety: (SO link, as the git mailing list links are flaky on me today)

The Linus' comment is somewhat outdated.

For the first type of collision - the inadvertent kind - a check was added to the git very long time ago. It will not let you commit, if there is a hash collision. The time-stamp is also part of the commit, and as such, the workaround is to simply wait one second and try to commit again.

Comment Re:Learn your mathematical operators (Score 1) 117

But that is true for all modern developers and all modern platforms.

IMO blaming developers is useless.

Or think of it in terms of the desktop software development: one does not have to bundle megabytes of libraries and frameworks with you desktop application, because they are already preinstalled by the OS.

Web? The mindless application of the "because security" argument made it impossible to even bundle something like jQuery with the browser. All sites use their own (often identical) versions and fetch them every damn time anew. Even in case of desktop browsing, this is shitty practice. Alas, "because security", browser makers decided to completely remove the responsibility from themselves.

They promote Web as a platform, but the sad reality is that making web-sites without the 3rd party libraries often reminds me of my younger days, coding in assembler: yes, you can do anything and everything efficiently and beautiful, it just takes so much time that it is simply not viable for any commercial development.

But I know, I know, "because security" nothing can be really improved or changed. "Because security".

P.S. The most profoundly ironic moment is the origin of the cross-site scripting vulnerabilities: they do exists largely because of the advertisement. Very few sites actually need multiple domains and would do fine in a sandboxed environment. If not for the web ads, the web security would have been a truly minor problem, paving the way for the much needed "web as a platform" changes.

Comment Re:Why does anyone care? (Score 1) 323

keep in mind, their cars are 100% legal in the much stricter European market

They are not. VW lied about the EURO6 compliance. The court cases are popping up all over the Europe.

IIRC, as a rule of thumb, California emission standards follow pretty closely the European ones. If VW is prosecuted in CA, then it is likely to be prosecuted in EU too.

Also, "keep in mind" most of those 10M cars were sold in EU. US market for diesel cars is relatively small.

Comment Re:"My God, it's full of waterfalls!" (Score 1) 299

Forget good requirements, no one has them.


It is never really done.

... and the loop is closed.

Though on global scale, IME, another problem is that the former is relatively well accepted, but the later should be never mentioned to the customer. Or to your sales. Or to your PM. Or to your colleagues.

Most people need the certainty about the results. Because result is something concrete, while the process is something distant. Because most people spend to little time understanding the whole development process and their role in it.


Lots of little releases to throw them a bone and to get feedback

Not all customers are OK with that. For business-critical software, installing new (even minor) release and testing could be in itself medium/major project. For example, if deployment of a new release could take a month, it doesn't make sense to have a monthly release schedule. Some customers also see the too many point releases as an attempt to shift the review and/or testing burden onto them. (And I have seen that abused in real life. En lie with submarine major architectural changes in minor releases, and later demanding money from the customer to rollback, because, duh, you should have caught earlier that the architecture was changing not the way you liked it! you have all the 123 point releases which show the whole transition in fine detail!)

Comment Re:Lies! (Score 1) 341

Add to that, there are some optimizations that can be done at run-time by the JIT that can't be done at compile time.

The problem with the statement is that it misses HUGE number of over-expensive optimizations which can't be done at run-time because, duh, they are slow and very resource-consuming.

Which is why Java's HotSpot might produce fast code - but the code typically is times larger than what normal compiler would do. (Consider a simple example: It is easy to unroll the loop - but optimizing the resulting code duplication to improve the i/d-cache usage is a no-go at run-time.) The consequence is that HotSpot has to be limited in how much memory can be dedicated to the generated code, meaning that only small fraction of the code is actually optimized, and optimized only using the methods which can be actually performed in real-time.

The myth of the "good" Java performance is perpetuated mostly because the Java these days is stuck in the server-side niche (fat niche - but still a niche) where it has literally no competition, and nothing to be compared to.

so they spent a lot of time optimizing the efficiency of their standard library, more than the C++ compiler writers of the time.

That's a load of blatant BS.

First, Java standard library is full of slow retarded crap (consider the dead horse example of the String.split()).

Second, unlike Java, C/C++ are used heavily in the HPC (High Performance Computing) and there are people whose full-time job is nothing but optimizing the code, optimizing the compilers and optimizing the libraries. And some of the people are actually employed by Intel/AMD/HP/etc, the companies which actually produce the hardware and the compilers and the libraries. The vertical integration doesn't get more vertical as in this case.

Comment A decent media player (Score 1) 889

Two things I use the most on Windows and which are missing on Linux:

A media player similar to MPC-HC. (VLC's UI is kind of crap. Nowadays - animated crap. Always was and it seems that they are not going to ever fix it. Still no click to play/pause. And some keyboard shortcuts are missing too. And the video tearing is also much worse on Linux than on Windows.)

A tool similar to AutoHotKey. There are efforts to replicate the tool on the Linux, but they are all castrated because of security and missing features and whatnot.

But in reality, though the state of the video players on Linux is as frustrating as it ever was, there is really nothing I'm missing too much.

Comment Re:Core code in C/C++. UI code in Obj-C, Swift, Ja (Score 1) 84

This is just ridiculous.

Yes, you're completely right.


A pile of generic performance optimization tricks definitely solves real world problems in real world applications. Or probably it does for you, the whole world is reduced to games and Android.

Try to write some business logic which crunches 100 millions entities, and then come back. Or networking application which serves 10K+/s requests in real-time. But why go so far - an Eclipse-like text editor without C, in pure Java. All that is routinely done in C/C++ - and still generally fails in Java. I know it, because I have tried.

Comment Re:Core code in C/C++. UI code in Obj-C, Swift, Ja (Score 1) 84

The general advice for writing games in Java is avoid creating temporary objects [...]

That's like saying "do not use classes or templates in the C++".

If you have a library or an interface, you inevitably end-up with temp objects to accommodate the other interface. (Heck, even the Java standard library on its own creates piles of temps.)

Literally everything these days is in libraries and wrapped in the interfaces, there is no way in hell a sane Java programmer can reduce drastically the number of temp objects.

Practical example. In one project, few devels spent several weeks optimizing the main loop, and it has gone from 12 temps to 7 temps per iteration, on average. The performance boost was noticeable. But the application was still more than 2 times slower than the C++ counterpart.

Java GC works fine in general but it's very disruptive for the game world to freeze for a split second in a game because of it.

This is just ridiculous.

"It works fine, up to the moment it doesn't." IOW it doesn't work fine. And "split second freeze" is a way too polite definition for the jitter and stutter of Java's interactive applications.

Comment Re:Core code in C/C++. UI code in Obj-C, Swift, Ja (Score 1) 84

Modern languages with runtimes like Java, C# (and presumably Swift when it gets its act together) can actually be *faster* than C/C++ in some cases because they have more optimization information at runtime than exists statically at compile time.

People keep telling that for as long as I have dealt with the software development (~25 years now, counting from the first programming courses I took).

The dreamers keep telling us that the compilers, which would be able to magically optimize the code, are just around the corner. So that even an idiot can write a program - and let the smart compiler to reduce it to the substance of what the user wanted. There would no need for the highly educated specialists to write software anymore and software development is a dead end for professional workers.

25 years on - and that shit still hasn't materialized. As much as Java has improved over the years, it is still miles behind the C/C++ when performance matters.

Comment Overreaction. (Score 1) 842

So, how would you deal with Notch's problem?

Put money into funds/trusts.

And then get a job.

Wealth in itself is not the problem. It is the overreaction to the "success" which is the problem. Most "rich" folks are douchbags not because wealth makes them that, but because they believe that they are better than the rest.

Distance yourself from the money. Give yourself few years to get back on then feet. And only then (very) slowly start thinking what to do with the money.

Money is ultimately the choice. It is only social perception - the status - that if you rich, you have to have an expensive car and huge house. In reality, you can still drive a cheap replaceable car and live in a small comfy house.

P.S. It is easier when you have family and tight friends. It is changes nothing when you burn money on them. Do not lend/give away money to the close people: giving money would only distances you. Instead, for example, go to together to the expensive vacations destination, renovate house, etc.

Comment Re:Simple (Score 1) 157

Why do you think ntpd provides only seconds or minutes accuracy? This is certainly not true.

Oh, you probably haven't had the problem. But for some the problem is relatively commonplace: NTPd after some time starts refusing to sync time. And no matter what you do (restart HW, restart NTPd, sync manually, and restart again everything) that POS would still within hours again start refusing to sync the time.

And when the NTPd refuses to sync time, the skew easily rises into the minutes. On some buggy virtualizations - even more. (I have said hours - because some VMware versions/configurations I have seen seem to have a bug in time implementation, where guest runs faster(?) by about 1 minute per hour. 2 days uptime == 20-30 minutes of time skew.)

In the same configuration under the same conditions, the OpenNTPd runs just fine.

The f***ed up configuration and documentation of the official NTPd was the main reason why people have actually developed the OpenNTPd. If NTPd was perfect, nobody would have even bothered.

Comment Re:Simple (Score 2) 157

It can now keep your clock within 10 milliseconds between syncs. Still not as good as the official NTP.

Depends on your perspective.

To me it is: 10ms with the OpenNTPd vs seconds if not minutes with the official NTPd, which occasionally blankly starts logging some errors or warnings like "oops shit, not syncing anymore".

Official NTPd is capricious as hell. And the documentation is just horrible.

I generally replace it with OpenNTPd which "just works". Because, at the end of the day, I can live probably even with 25ms skew, but the seconds/minutes of official NTPd is just unacceptable.

Comment Re:Fragmentation... (Score 1) 378

Sleep and suspend, outside the white-box laptops, pretty much never worked for me on Windows (2000, XP, 7). That's at least 4 home-built PCs. First one I thought I have messed up with the parts. But for the later ones I have specifically looked for the the parts officially supported by Windows. And still no dice.

On Linux, it is historically hit and miss. On earliest systems, the sleep and suspend were not supported at all. Later, when Linux started warming up to the laptop support, it still generally didn't worked for me (but I also haven't specifically tried the distros which officially claimed to support the suspend). These days, Linux' sleep/suspend support (on Xubuntu) generally works for me without problems.

The last PC I have built, Windows fails to come out of the sleep/suspend. With hybrid suspend it takes ~5 minutes before Windows reverts to resume from hibernate and finally starts. The (X)Ubuntu 12.04 and 14.04 have no problem with the PC whatsoever: both sleep and suspend worked out-of-box without a hitch.

P.S. To the problem with the controllers SteamOS had, I can probably relate. In office I have several custom USB devices and corresponding applications which misbehave after suspend. The applications open the devices and keep them open. After suspend, it seems that Linux tries to "replug" the devices, but the device nodes are locked by the applications. Consequently, the kernel (or udev?) assigns to them new device nodes. Applications do not work, because devices have "disappeared". Restart of application doesn't help because the device nodes are not there. One has to stop the application, unplug the devices, replug the device and start application again. From perspective of the software developer, it is a rather underdeveloped area in Linux: detection and handling in application of coming out of the suspend. On Linux there is precisely zero ways to reliably detect that the system just came out out of the suspend. One has to resort to stupid unreliable hacks like the polling of CLOCK_BOOTTIME.

A failure will not appear until a unit has passed final inspection.