Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

Comment: Re:Seems reasonable (Score 1) 119

by gbjbaanb (#49781127) Attached to: Insurer Won't Pay Out For Security Breach Because of Lax Security

It can be about systems - what policies you have, and have you been audited for security shortcomings. People and process are important factors, but they do not count if you have no security system in place and no way of knowing if its been configured to work.

Hopefully this will drive more established standards for IT security, along the lines of both having a world-class 'lock' but also "you left the key under the mat" so it doesn't count.

Comment: Re:I call shenanigans... (Score 1) 446

or Directors of Diversity and Inclusivity.

Which is maybe why girls are studying English Lit instead of STEM courses - why work hard when you can spout a load of bull from a cosy office and get paid far more?!

They always said girls were more intelligent than boys, if they've seen the way the world works and are exploiting it while the boys are shouting "your code is teh sux0r, n00b" at each other, its probably true

Comment: Re:what boys/girls want (Score 1) 446

That'll have been Babbage. Turns out Ada wasn't the first programmer, but the first computer operator, feeding in programs Babbage wrote.

Still, so what - Babbage was a truly great man, we shouldn't denigrate his position in history just because he didn't have boobies and some people today want to rewrite history to suit their own newthink.

Comment: Re:To be more precise, Amazon will collect on taxe (Score 1) 243

by gbjbaanb (#49763335) Attached to: Amazon Decides To Start Paying Tax In the UK

The problem is not that taxes are collected but that some people who collect it seek to keep what they've collected and not pass it on.

The system only works if we all pay our taxes and they get spent on services or employing people who then spend their wages on stuff, which gets taxed... etc etc. Its this circular aspect of keeping money flowing that makes the economy work, when some people or corporations seek to subvert that for their own selfishness, we all suffer.

Comment: Re:How could you protect against this? (Score 3, Insightful) 173

How about:

a) not putting any kind of direct DB access in your website, using a middle tier layer (webservice?) to act as the DB access
b) not letting the middle tier server access the DB directly, instead having to go through stored procedures
c) basically not letting anyone run "select * from users" at all.

Security can be done, but as long as we have websites that think "webserver" means all the back-end processing has to be running in the web server whether its IIS or Apache, and frameworks that assume all development must be done in 1 web-server hosted language.... then we will continue to see security breaches like this.

You want to secure your site, split the web handling/presentation from the data processing, and the processing from the data extraction. Then slap as much security on the interfaces between these layers. Do not trust the webserver one bit. Assume the webserver is already hacked. Hell, do not trust the middle tier either - allow it only the limited data it needs for each part of the processing.

I've done the above, its not nearly as difficult as the webdevs will say.

Comment: Re:Lol (Score 3, Funny) 173

exactly, I wonder who was dumb enough to create a profile saying "Dave Brown of 22 Acacia Avenue AB1 3CD, wants to meet nice ladyboy for extramartial affair"? It'll be "single male, BigBrownie, of 1 nowhere place, wants to meet nice ladyboy"

And as for the spam emails, I have a couple I use for all kinds of dodgy sites (eg slashdot) and I get loads of spam anyway.

Still... .9 million users... that's a lot of people! I wonder why these dating sites charge so much per month for membership when they could just charge $1 and rake in the cash. Stack 'em high 'cos extramarital affairs are never going to go out of fashion - the only problem is ending up meeting your blind date and finding it's your wife!!

Comment: Re:Incorrect (Score 1) 175

What's more, with really tiny code sizes, particularly for complex items like an OS, what you are often doing is using assembly, or at best C

You're going to have quite a surprise when you look at the source code of any kernel!

Linux seems to do OK with its kernel without having to write it all in Java or C#.

Comment: Re:No. (Score 2) 507

by gbjbaanb (#49691597) Attached to: Is Agile Development a Failing Concept?

Well, my take on it is that agile is not actually Agile.

ie, all the rubbish people do to pretend they're working in an agile way is just an excuse to do far less work and far more process. Just the opposite of what Agile is all about.

Alistair Cockburn said it in his Shu Ha Ri page - agile is about Put 4-6 people in a room with workstations and whiteboards and access to the users. Have them deliver running, tested software to the users every one or two months, and otherwise leave them alone

It is not about daily meetings, more meetings, more review meetings, postits in place of documentation, more meetings to discuss what postts to put in the meeting you're going to have the next day to confirm the postits you decided would be in the next planning process...

I think I should start a new agile methodology - the bugtracker agile system.

You have a bug tracker (where bug also means task, requirement, change or just plain bug) with as many bugs in it as you can think of to get the project going (should be easy - you know what you want after all). Then you tell your dev team - here's the bug list, get on with it. I'll be back in a month to see how you're getting on, you'd better have something to show me - tech docs at least if not some form of running product. If you have any questions, ask Dave the customer liaison chap (or tech architect fellow, or product owner bloke), he'll clarify any confusion in the requirements.

And that's it. Trouble is, I doubt I'd be able to sell many books or conferences with that. Pity, 'cos it works.

Comment: Re:Pretty sure the heat death of the universe will (Score 1) 386

by gbjbaanb (#49683491) Attached to: Criticizing the Rust Language, and Why C/C++ Will Never Die

What has all that got to do with how one compiler (or script engine) can link or call methods in a binary produced by a different compiler?

If you just mandated a standard name mangling you'd be 80% of the way there - the remaining bits are types, and typically you're not going to get far unless you define a subset of all possible types, probably using C types with struct and class layouts defined.

Nobody is suggesting we compile a binary for one platform and be able to run it on another - no x86 PE is going to be usable on a x86 ELF for example.

Anyway: some reading for you

Comment: Re:Pretty sure the heat death of the universe will (Score 1) 386

by gbjbaanb (#49680555) Attached to: Criticizing the Rust Language, and Why C/C++ Will Never Die

yep, I love StringBuilder classes too.

Managed languages are dying - since Microsoft decided to AOT compile them and migrate the entire .NET framework to native code (yes, it still looks the same, but all those functions you call in it are native now, or soon will be for the WinRT API that comes with Windows 10)

Just read the hype from Microsoft about how much faster and generally wonderful their latest native .NET is, ... you'd almost think they were lying when they told us how wonderful the old managed version was!

Mind you, the ABI they have now in WinRT is based on COM!

Comment: Re:Pretty sure the heat death of the universe will (Score 1) 386

by gbjbaanb (#49680527) Attached to: Criticizing the Rust Language, and Why C/C++ Will Never Die

the problem there is that if you link your C++ binary with, say, a python application, it will not be able to use things like std::shared_ptr anyway.

In these cases, the boundary should be defined to some limited standard, in much the same way a webserver REST API is defined (ie as a firm boundary between 2 heterogenous systems)

So while a standardised ABI would be awesome, it wouldn't be able to support everything for every language. At least it'd allow us to compile C++ binaries without 'extern C', and link C++ binaries regardless of the compiler used to generate them. Just those 2 would be sufficient improvements to warrant it IMHO. Stroustrup disagrees unfortunately.

If I have seen farther than others, it is because I was standing on the shoulders of giants. -- Isaac Newton