Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:Best short programs (Score 1) 123

by Yaztromo (#48921551) Attached to: Computer Chess Created In 487 Bytes, Breaks 32-Year-Old Record

It would be cool to see which programming languages could have the best short chess programs.

I'd nominate Haskell, scheme and prolog to try it in.

To make things fair, I think you'd have to define the valid set of languages as general purpose languages. I could see coming up with a chess-specific language that would be super-efficient in that the language would already have known chess properties as built-in elements.


Comment: Re:Legions of crappy programmers (Score 1) 197

by Yaztromo (#48918493) Attached to: Why Coding Is Not the New Literacy

Sigh, forcing people to "learn to code" is just going to create legions of substandard programmers.

Alternately (and somewhat more likely), it will create a legion of future business people with software needs who know how to articulate those needs in a logical way when trying to write a specification.


Comment: Re:COBOL (Score 1) 382

by Yaztromo (#48866009) Attached to: Is D an Underrated Programming Language?

That one is about stomping out all the world's other languages and making us all speak the same. What a loss of culture.

Esperanto has only ever been promoted as a universal second language. There has never been a push to make it the native language for anyone, anywhere. Hence, no loss of culture needed nor required.


Comment: Windows 10, the bad car analogy. (Score 1) 489

by Yaztromo (#48852271) Attached to: Windows 10: Can Microsoft Get It Right This Time?

Windows has always been like a cheaply made off road vehicle made in a former Soviet-bloc country. The controls were a little weird, and it broke down a lot, but otherwise it could drive on a lot of really sketchy roads, and you probably knew a guy who knew how to fix it for you when it broke down.

Then Windows 8 came along. To continue the analogy, it was like a new model year of that same cheaply made Eastern European off-road vehicle suddenly came with a few well-needed under-the-hood improvements so that it wouldn't break down as readily, along with a big 8" spike sticking out of the centre of the drivers seat. Aficionados who have never driven another car in their lives rave about the spike (it's painted some very nice colours), and continue to flood forums trying to convince people who have stayed away from the newer model because of the spike that if they just tried it long enough, they'd get used to having a giant spike up their asses.

Now Microsoft is coming out with Windows 10, the biggest benefit of which is that it now features a slightly shorter spike. And Windows zealots will try to convince everyone else that it's a major improvement. But you're still taking it in the ass every time you get in for a ride.


Comment: Re:They're assholes. (Score 1) 336

by Yaztromo (#48677603) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

This is true, but the issue is that is dumb! You really should be able to unbox a toy on Christmas morning have it work without going out the Internet and connecting to some account.

Maybe not all the functionality can be there, but functions that don't naturally require network access should not require network access.

As it happens, my wife bought me a PS4 for Xmas -- a massive upgrade over my 15 year old original PS2. It came in the box with GTA5 (on disc), and a coupon for a free digital download of another game.

It's been a PITA that PSN has been offline. There are a lot of features and functions built into the system that rely on online functionality, including for some dumb reason accessing the built-in web browser. However, playing GTA5 hasn't been an issue -- I just popped the disc in, waited what felt like an eternity while it installed itself (it didn't give me a choice, and warned me it could take up to an hour), and I was off and playing. All without having been signed into PSN.

In essence, the system worked exactly as you described that it should. A single-player game on disc loaded and ran just fine while PSN has been offline. Not all the functionality was there, but the major function that doesn't require network access (playing GTA5 in this case) has worked flawlessly.


Comment: Re:Apple Pushing All Mobile CPU Vendors (Score 1) 114

by Yaztromo (#48605177) Attached to: Apple and Samsung Already Working On A9 Processor

Uh, a dual core 1.3Ghz cpu is "marginally superior" to phones running quad and octo cores at twice the clock speed?!

Cores and clock speed is hardly the only determinant of performance. It sets a hard upper bound, but that can be readily squandered by software.

In the case of Android phones, they pushed for extra cores early on to avoid UI stutter during garbage collection cycles. iOS has never provided garbage collection; you either have to setup your own retain/release calls to keep or relinquish objects, or you use ARC (Automatic Reference Counting) to do more or less the same thing.

In effect, it's a trade-off. Google decided to simplify memory management for developers, and keep the barrier to entry low by appealing to existing Java developers, with the trade-off being that they require more parallel processing power for garbage collection. Apple avoided the need for the additional processing power and battery capacity (and in turn device size) by not implementing garbage collection in iOS, and thus can squeeze more performance out of fewer cores, with the trade off being you can't just pull Java developers off the street and have them start writing iOS apps. ARC is so slick that IMO Apple has an overall edge with their design; others are of course free to disagree.


Comment: Re:Open Source not a silver bullet (Score 2) 73

by Yaztromo (#48570385) Attached to: Why Open Source Matters For Sensitive Email

It seems a bit foolish to worry about purely theoretical security issues when we've got so many real ones to deal with. Ken Thompons' compiler infection demonstration was an interesting experiment designed to make a particular point, but I don't think it's wise to consider tool-chain hacking a legitimate threat, as we've never seen anything remotely like this in the wild, as far as I'm aware. And frankly, I question whether it's even realistically possible beyond a very simplistic demonstration.

First off, naturally the level of security I'm talking about would probably only be reserved for national governmental agencies intended to protect ultra-sensitive data. For them, that level of security is necessary, and they will spend the money and resources to audit and verify everything if necessary (which is why we have SELinux).

Additionally, the build chain comprises not only the compiler, but the standard libraries and any third-party libraries as well. If not verified, these could easily have unexpected code inserted into them, that compromises your product once linked against them. You wouldn't expect to see such compromised libraries "in the wild", as they would probably part of a targeted attack. This is hardly unprecedented; while not done at build time, Stuxnet uses DLL replacement on Windows to add extra routines to the operating system, which are used to inject code being uploaded into a PLC.

Again, most organizations don't care to undertake the kind of expense required to protect against such attacks; they use the chain-of-trust you describe. However, national security organizations do work at this level, and if you need that level of security, pre-compiled binaries, whether they come with source or not, is insufficient.


Comment: Re:Open Source not a silver bullet (Score 1) 73

by Yaztromo (#48570317) Attached to: Why Open Source Matters For Sensitive Email

With a verified compiler no less. We have seen ever more sophisticated malware these days, certainly a malicious compiler could easily slip vulnerabilities into the binary.

Yup -- I intended that to be considered part of the build chain. Compiler, standard libs, any 3rd party library dependencies, the build tools themselves (have to make sure they're using the libs you expect them to...), the OS kernel...right on down the chain.


Comment: Re:Open Source not a silver bullet (Score 1) 73

by Yaztromo (#48569943) Attached to: Why Open Source Matters For Sensitive Email

I use many open source tools, but I've never inspected the code myself. Even if I did, I'm not going to be finding these hard-to-find defects that the people in the project can't find.

From a security perspective, even just having and being able to inspect the code is insufficient if you need top-notch security: you had better also be compiling that code yourself. It is nearly impossible to be able to verify that a binary blob didn't contain additional/modified code than what the sources contain without compiling it yourself. And even with being able to compile everything yourself, you're still at the mercy of the build chain and all of its dependencies (unless you audit/build them yourself too).

Open Source is still better in this regard than closed source, of course -- at least you have the ability to compile it yourself if security is that critical. I think the problem for a lot of organizations is that security isn't critical enough for them to hire people to a) audit the code and b) build, test, and verify it for their own internal use. In which case, it would (at least form outward appearances) be cheaper/easier to go with a closed-source solution, with someone behind it whom you can blame/sue if things go sideways.


"Say yur prayers, yuh flea-pickin' varmint!" -- Yosemite Sam