Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Right to bargain as a union (Score 1) 120

The statement about contractors not having a right to bargain as a union isn't quite the full story. What contractors don't have is a right to have a union as the sole bargaining unit for all contractors. With employees, the union bargains on behalf of all employees whether they're members of the union or not. Contractors have every right to form a union and have it bargain on their behalf, but it can only bargain on behalf of those contractors who're members. If you aren't a member, you negotiate your own terms. And the company can't refuse to negotiate with the union because they aren't negotiating with the union, they're negotiating with you with the union acting as your agent. They can of course refuse to negotiate with you, but they could do that anyway (and frankly any sane contractor has an attorney involved in contract negotiations to make sure there aren't any hidden loopholes or gotchas in the contract, so refusing to deal with a representative would be a red flag that these aren't negotiations) and the basic idea behind a union is that refusing to deal with the union cuts the company off from so many contractors that they can't afford to do that.

The thing to be wary of is joining a union or other organization where the management has the right to overrule the membership. That's when things always go badly.

Comment Re: Pretty much everything (Score 1) 282

Gaming. It's not so much that you need to press 10 keys at once as that between fast typing and keyboard hardware macros you can wind up overlapping keystrokes. If you don't game high-end content you probably underestimate how much involves repeated sequences and how fast you can get when it's down to muscle memory rather than conscious typing. On a USB keyboard that results in lost keys and missed commands.

Comment Pretty much everything (Score 4, Insightful) 282

USB's been the connector of choice for most of my peripherals. It replaced the floppy drive connector for portable media. It replaced dedicated connectors for keyboards, mice, tablets and the like. My headsets are almost always USB, whether they're wired or wireless. Webcams. The only things I don't use it for are primary networking (hardwired Ethernet there), non-portable mass storage (hard drives and optical drives), and video. Sometimes I still use the PS/2 keyboard connector for non-Windows UEFI systems where a USB keyboard won't get initialized during POST. It's fast enough, there's typically more than enough connectors (especially with a hub for non-latency-sensitive devices), and it's almost universally present and usable.

Comment Re:Not too hard (Score 1) 67

The EMV chips have been compromised for years. Typically it only takes a couple of weeks to break the latest version. The reason chip-and-PIN sounds so good is the European rules changes that accompanied it: if the transaction was done using chip-and-PIN then it's presumed valid and it's up to the cardholder to prove otherwise which is extremely difficult short of having absolute undeniable proof that you were physically at a different location at the time of the transaction (eg. timestamped video showing you at that other location at that time). So if the EMV chip in your card is compromised and cloned, the fraudulent transactions run up on the fake card are presumed not fraudulent and attempts to dispute them as fraudulent will be denied absent you having extraordinary proof. That skews the fraud statistics considerably.

The reason European cardholders don't raise a fuss about this is that 95+% of card fraud these days is done online using card-not-present transactions where chip-and-PIN isn't a factor. That won't change whether the US adopts chipped cards or not.

Comment Not too hard (Score 3, Insightful) 67

This isn't exactly an amazing product. The way Amex generates replacement card numbers is utterly trivial, the hardest part of it's calculating the new check digit. There's really no excuse for that kind of triviality, a replacement card should have a complete new number unrelated to the old one.

Comment Full-time permanent is required (Score 5, Informative) 169

Having been on the permanent-staff team dealing with contract workers, I can't see permanent staff ever being replaced by "gig" developers. A lot of things depend on having not just skill in programming but familiarity with the business and prior decisions about the system's design and architecture. You can hire short-term people for specific tasks, but you need people who've been there long-term to work out how to fit new requirements into the system as it exists. Then there's maintenance. Bugs that make it into production tend to be obscure and hard to trace, and someone new who isn't intimately familiar with how things fit together's going to be completely lost trying to troubleshoot a bug that's not in any component but in the interaction between 3 different components (or worse, a bug caused by all 3 components being absolutely correct and bug-free but that particular account's so old it has a combination of settings on it that isn't currently legal and that the documentation doesn't mention).

The permanent staff won't be the cheapest in absolute terms, but they'll be the cheapest in terms of dollars spent for results produced. This isn't a guess, it's a prediction based on the outcome of the vast majority of attempts to replace permanent development teams with contract workers and consulting firms.

Comment Makes sense (Score 2) 91

G+ has always had little of the Facebook-style indiscriminate "let the world see everything" of most social media, users have focused more on specific groups or communities with the conversations going on within that group and not in public view. The changes seem to make sense in focusing in on that rather than trying to be another Facebook or Twitter or SnapChat. It makes the pundits feel left out because they're outside those groups and not seeing the interactions, but that's easy enough to solve if they want to. If they don't... Not My Problem, Man.

Comment Do-it-themselves (Score 3, Insightful) 202

Why would any sane terrorist use any sort of service run by someone else? That just makes them vulnerable. Any sort of PC, install Linux and set up their own private XMPP server, instant fully-encrypted communications without leaving any logs or other traces on anyone else's systems where the authorities could get access to them. And with the authorities' current focus on social media it adds the additional layer of security of not being where anyone's looking for them to be. Geesh, I think government officials have been reading too many best-seller spy novels and listening to too few tech geeks.

Comment Just government IT outsourcing? (Score 1) 85

IMO it's:
s/US Government //
I haven't seen an outsourcing project yet that's been well-managed. Usually it's because management sees the development teams as interchangeable, so they go about managing the outsourced project like they would've their in-house devs. Problem is that your in-house devs you can call into the office and threaten with loss of bonuses and/or job if they aren't getting things done right. You can't do that with the contractors though since they don't work for you and likely aren't even on the same continent and the contract with the outsourcing firm's usually written without any provision for penalties for failure to deliver a product that works correctly and to spec, leaving you with no leverage.

The problem is that management's been taught to look at efficiency over effectiveness. The two aren't the same thing.

Comment Re:Don't have anything for them to find (Score 1) 324

Yes, but if you're dealing with a situation where they'll hold and interrogate you for an extended period even if they find absolutely no evidence at all then you have bigger problems than how to keep them from finding anything. In that situation the only way to avoid this is to not go there in the first place and if you have to go there the question's more along the lines of how do you get in and out without them finding out you're you along the way. And that frankly is seriously out-of-scope for this kind of forum.

Comment Don't have anything for them to find (Score 4, Insightful) 324

Best bet is simply not to have anything for them to find. Store your data on a thumb drive (that you'll carry or ship separately) or upload it to your own server or a service like Google Drive or Dropbox, encrypting it or not first, all depending on how sensitive the information is. Delete it or secure-wipe it or wipe the whole drive and do a complete factory restore on your laptop depending on how invasive you think the search might be. Then let the cops search all they want, they won't find what isn't there.

NB: Linux makes a better platform for this than Windows. On Windows bits of your files can end up in the oddest places to be found during a scan of the drive. On Linux it's easy to set up a separate partition where all your data will go and be certain it didn't leave traces anywhere else, and that partition can be secure-wiped and reformatted without messing up the OS installation in the process. Plus the cops are less likely to be familiar with Linux, and you can play the dumb-non-techie card of "I dunno, it's whatever the guys in IT put on it. I just follow the instructions to run my programs and everything works.".

Comment Re:Wny did they need the certificates? (Score 1) 95

Yep, and I agree with .local, .test and bare names and stuff like localhost not being allowed for commercial CAs. If I used them locally it'd be with my own internal CA for certificates (I have one set up, but that hodge-podge of shell scripts would make you cry).

@sigh Dammit, "The Marching Morons" was supposed to be a satire, not a bloody policy document.

Comment Re:They want to shift the problem to someone else. (Score 1) 291

As someone who's written that code, the problem doesn't lie in the timezone code. It lies in the Posix definition of the time() function, requiring it to return GMT/UTC which has leap seconds in it. Programmers too often treat that as if it were TAI which does not include leap seconds, and bugs pop up when leap seconds make UTC jump relative to TAI. If time() returned TAI directly and the timezone code handled leap seconds everything would be a lot better. I find it amusing that that change wouldn't break much Unix code and would in fact probably fix a lot of subtle bugs by bringing time()'s results into alignment with the assumptions of the code using it. And NTP wouldn't be a problem, conversion from NTP's time back to TAI isn't that difficult. But no, we still have to deal with UTC.

Comment Re:Wny did they need the certificates? (Score 1) 95

True, but at the time that RFC didn't exist. And a lot of software had a hard-coded rule about TLDs: ccTLDs were 2 characters, the generic TLDs were 3 characters and only a few were valid. Trying to use a TLD with more than 3 characters would make some software reject it as invalid, but it was easy to pick a 3-character TLD that was guaranteed not to exist in the global DNS.

Thankfully we've moved past that stage. Though I would like to see a special-use domain "local" defined for names that aren't for testing but are restricted to the organization's network.

A good supervisor can step on your toes without messing up your shine.