Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Discipline (Score 1) 314

by gmurray (#43739255) Attached to: Ask Slashdot: Becoming a Programmer At 40?
Being a good programmer is actually all about discipline. Something that is likely much easier for you than the youngsters. No one likes a programmer with tons of bravado and not enough sense. Code needs to use good design patterns and be well tested, not thrown together as a rapid prototype then squirted into production. The best way to program is to continually educate yourself and adopt new best practices. Continually challenge yourself to work on new technology that would be useful if you were to need to change jobs.
A lot of older programmers I've known fell into the trap of maintaining one component, working with one technology. They probably felt secure that it would be too difficult to replace them, especially if their code was unintelligible. But this, invariably, did not work out. And then they are left without current and marketable skills. I don't know if the passion for acquiring new skills weakens later as I'm still in my 30s but if you no linger have a built in drive, you must cultivate one to stay relevant. But, some programming skills remain relevant regardless of language or platform.
please, please read "Design Patterns" by the gang of four and "Clean Code" by uncle bob. They should be required reading in every CS curriculum. Sadly they are not. Those books? Recommended to me by an awesome white haired software architect.

Comment: Re:To all "They're not REAL scientists!" posters (Score 1) 308

by gmurray (#35737068) Attached to: MythBuster Developing Light-Weight Vehicle Armor
In my mind, what they do is actually more important that what Scientists do in a lot of respects. Science has less worth if most of the population rejects its findings because they don't align with their world view.

What the Mythbusters do is help us see where our physical intuitions about the world, that evolution has built for us, are inaccurate in the face of our understanding of the physical sciences. You can read something 1 million times in a text book, and it might not sink in unless your (often incorrect) intuition of physics is challenged by a physical demonstration right in front of you.

The Mythbusters, through their style of presentation and their frequent failings on-air, have built up a mysterious credibility in our minds that let them easily dismantle some of our errors of intuition in a style that sticks with us. I think this is valuable beyond measure, and wish there were more shows like this, and less like GhostHunters, for example.

Comment: Re:I've lost track of my passwords... (Score 1) 207

by gmurray (#34548878) Attached to: Gawker Source Code and Databases Compromised
Have you read the code?
And I'm not familiar with this one in particular, but if its released on the Android marketplace, for example, what's to stop someone from having used a different version of the source to compile the distributed app than the open source code that was published? Is there a good way to compare a hash of such an apps binaries to a known good compile of the source?

Just because an app is open, doesn't make it safe. Of course, I'm just overly paranoid perhaps. But sometimes it feels nicer for there to be an entity behind a product that I can bring a lawsuit against if their software is doing illicit things without my permission.

Comment: Re:I've lost track of my passwords... (Score 1) 207

by gmurray (#34548250) Attached to: Gawker Source Code and Databases Compromised
but the question is, is how much do you even trust the KeePass developer? The application deals with your passwords in plaintext, and can talk to the network if it wants to. I find it hard to trust any 3rd party with my passwords in plaintext. Its hard enough to trust Microsoft and Google.

Comment: Re:Weird thread atmosphere here (Score 1) 213

by gmurray (#34450798) Attached to: Silverlight 5 — Back From the Dead?
I haven't used Android. But WP7 is certainly better than the iPhone. It provides a single cohesive experience while everything on the iPhone is insular and poorly integrated. Its anecdotal, but, everyone I've shown the phone too has been seriously impressed, and might be converts. Even die hard android fans seem to love this thing when they play with it in person. I would suggest you check one out at a kiosk rather than relying only on jaded reviewers.

The problem with the kiosk demos, though, is that probably all the social features of the phone are disabled, which is one of the main selling points of the OS.

One thing I personally like a lot about the software is that it seems like there is always immediate feedback when you perform an action. Sometimes with android and iOS you can be left wondering if the click you performed was actually received. But everything seems to animate in some way as soon as you click it in WP7.

That, and working with Silverlight is a dream from a hobby development standpoint. You can put a semi complicated app together in an afternoon. This could turn out to be a bit of a detriment in the end though, as I'm sure a lot of junk will accumulate in the marketplace.

Comment: Re:WPF (Score 1) 331

by gmurray (#34364966) Attached to: What 2D GUI Foundation Do You Use?
I would have to second that WPF is fantastic. It uses a lot of new paradigms so it can be tough to get into if all you've used is qt or winforms, but its totally worth it. Its also very easy to separate View logic from Presentation logic in WPF, so much so that new UI patterns are emerging all the time to take advantage of WPFs unique features and further decouple your view logic.

Also, vector graphics and animation were part of the core design of WPF (rather than tacked on later). So the whole thing works very naturally for creating very compelling UI with not a lot of work invested. Also, when you are learning WPF you are also learning Silverlight in the process, as Silverlight is merely a subset of WPF.

To those wondering why Mono doesn't seem too concerned about WPF, it may be because they intend to use MoonLight (Silverlight port) for a 2D UI framework on the Linux platform. This is just theory as I haven't kept up to date with their roadmap there. Also, you could probably add Silverlight to your list of 2D frameworks there. You can create out of browser apps with it, and its the 2D framework that Windows Phone 7 uses.

Comment: "Kinect for Windows" (Score 1) 200

by gmurray (#34230688) Attached to: Exciting Kinect Stuff Already Coming Out
I'd like to point out the fact that they called the product "Kinect for Xbox 360" means its highly likely they are planning on releasing a "Kinect for Windows" at some point. Along with support for the kinect being used as a multitouch input driver for Windows (7/8). But its nice we are getting a head start.

Comment: If you are at all worried... (Score 2, Interesting) 233

by gmurray (#34197794) Attached to: How Often Should You Change Your Password?
If you are at all worried about changing your password, then a password is not enough. Changing doesn't help, as soon as your password is compromised it needs to be changed. Multiple factors is a much better solution than changing passwords, which only provides a false sense of security at best.

Comment: Re:Use md5 (or something) over the wire (Score 1) 185

by gmurray (#34016114) Attached to: Firefox Extension Makes Social-Network ID Spoofing Trivial
As I noted in my post, your suggestion still leaves you open to interception attacks. Which are, admittedly harder to perform than replay attacks, but are nonetheless problematic. My statement that all tokens sent in the clear were replayable was a bit inaccurate though, yes, as I contradicted with suggestions later in the same post! :)

Comment: Re:Use md5 (or something) over the wire (Score 1) 185

by gmurray (#34014948) Attached to: Firefox Extension Makes Social-Network ID Spoofing Trivial

But this attack shows crackers just intercepting an replaying the creds. Discouraging that might involve IP or other checks. Defeating it might involve total encryption.

Anything that you send in the clear to assert your identity can be replayed. IPs etc are easy to spoof so are not an adequate counter. You can include a timestamp in the hashed information so that the hashed info cannot be reused more than a certain amount of time after it is generated, but you have to allow for transmission delay and the server's clocks being out of sync, so if an attacker is quick enough they can replay your tokens even if you have made them time sensitive.

Using a request counter + timestamp or a one time password in the token would be much more preferable, but is more expensive to assert with each request, and is still suseptible to interception and spoof attacks, if not replay attacks.

There's really very little that is a valid substitution for encrypting all traffic here, IMO. The rampant use of unencrypted transmission of tokens on these sites today rely on the fact that it is harder to stage a man in the middle attack once requests leave your local network. But as tools for use on public wi-fi networks become easier to use and more prevalent this is only going to become a larger and larger problem.

Nothing in progression can rest on its original plan. We may as well think of rocking a grown man in the cradle of an infant. -- Edmund Burke