Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Miranda anyone? (Score 1) 138

by hlee (#49590721) Attached to: Paul Hudak, Co-creator of Haskell, Has Died

I was taught Miranda (precursor to Haskell) some twenty years ago in my undergraduate degree. To this day I use still functional programming (Haskell) to prototype any reasonably complex algorithm.

To give you an idea of how compact functional programming languages can express complex algorithms - here's quicksort:
qsort (x:xs) = qsort (filter ( x) xs)

Couple high level functions with closure gives us a very powerful tool to express complex algorithms.

Comment: So how do you develop relatively secure software? (Score 2) 58

by hlee (#49482221) Attached to: Why "Designed For Security" Is a Dubious Designation

Here's what works in most practical systems with a little effort:
- Threat model. Sequence diagram of all external communication between all servers and clients. Apply STRIDE analysis. May be take a step back to see if you can simplify the workflow.
- Assurance model. State diagram of system. Capture success and error states. Unit tests for each case.

Add to that third party oversight:
- Static analysis tools.
- Third party verification.

I assume you're not developing mission critical systems that control functions in a nuclear power station, or even a car breaking system. Rather you're looking at consumer or enterprise level systems that involve some confidential, and possibly credit card information. Short deadlines and budget constraints mean you can't spend forever coming up with a solid specification or even do extensive analysis.

Comment: Re:Double tassel ... (Score 1) 216

by hlee (#49440811) Attached to: Senate Draft of No Child Left Behind Act Draft Makes CS a 'Core' Subject

The way this played out in my undergraduate degree, which was a hybrid course in electronics engineering and computer science was that those of us who had a knack for programming ended up electing more and more CS subjects, while those who didn't ended with a more EE oriented course (many of those individuals went the telecommunications route rather than circuit design). Similarly, an introductory CS course could provide different tracks to allow students to focus on their strengths, i.e. while everyone is expect to do some basic programming, do not make advanced programming mandatory, but rather one out of several options.

Comment: H1B from 2000 viewpoint (Score 1, Insightful) 442

I came to the US on an H1B back in 2000. I'm now a US citizen, even married an American. My starting pay back in 2000 was around $60k (Washington DC metro region), and is about twice that today (software engineer/architect) not counting bonuses that can add another 10-20k. I got no complaints about my salary.

Most of us in the technology group are/were H1Bs, and are now responsible for hiring new software developers. I've conducted dozens of interviews over the years (mostly entry level new grads from nearby universities) and noticed the extremely small number of American applicants (salary offered is competitive), while other departments are full of Americans (including IT). Sometimes I don't think our still smallish company would have survived or grown without the H1B program. One interesting factor about the Washington DC metro region is that it has a lot of work that requires security clearance so are only available to Americans, but I think that in turn sets a decent baseline for prevailing wages that H1Bs here benefit from.

Comment: Replace instead of recharging batteries (Score 1) 293

One technology for batteries that could be developed is for a charging station to replace your electric car batteries with freshly charged ones. You could potentially be in and out faster than refueling by gas. That would be one solution to overcome the lengthy recharging.

I imagine there are still a lot of hurdles to jump over to get such a system working:
- How to design batteries so they can be replaced easily and quickly. Perhaps each car might have several sets of batteries, some of which can be easily removed, but not others. This means replacement technology can only refuel your car partially.
- Who owns the batteries? It would certainly not be the car owner under such a system - probably some sort of lease with whoever runs the charging stations.

Comment: Re:Does it check for MITM? (Score 1) 36

by hlee (#48315107) Attached to: Google Releases Open Source Nogotofail Network Traffic Security Testing Tool

It is a MITM vulnerability detector for TLS/SSL among other things, if I understand the intention of the tool correctly. If so, that's fantastic. For example, most TLS/SSL environments are susceptible to a large class of MITM attacks simply because their website exposes both HTTP and HTTPS so then you decide to enable SSL only (perhaps with HSTS) - but did you do it right? Perhaps this tool can tell you. How about testing out a new Certificate Pinning implementation that your lead developer claims will prevent 99% of MITM attacks? Most IT admins or enterprise developers do not have the mindset or sufficient know how to setup an environment or build a system that would slow down a determined hacker much at all.

In so far as detecting MITM attacks... I think we'll get that for free when quantum crypto arrives. But I haven't read much literature about what you're going to do about if you do detect a MITM attack on your data - if you simply stop using that channel or any other vulnerable channel then it seems you're now a victim of a DoS attack. Not saying detection like this isn't useful - on the contrary I think it opens up a whole new field of countering such threats, but right now it is much more useful to so many of us to have a good tool that can tell us whether we're indeed vulnerable to MITM attacks and ensure we setup our TLS/SSL environment properly.

Comment: not where you want to be (Score 1) 593

by hlee (#47139625) Attached to: HR Chief: Google Sexual, Racial Diversity "Not Where We Want to Be"

The best way to go about hiring is to find the best people you can for whatever salary you're offering, based solely on merit. Do so by ensuring all interviewers have undergone training on non-discrimination - they should know what questions they can and cannot ask. When interviewers discuss a candidate, they cross check one another's opinion to help minimize subjective bias. The evaluation should never involve the candidate's gender and race, among other things.

After that it shouldn't matter what the composition of your workforce is.

Comment: curious, pirsig? (Score 1) 529

by hlee (#46492843) Attached to: Religion Is Good For Your Brain

Just curious how many people have read Robert Pirsig's book(s) and subscribe to his ideas?

In a nutshell his conclusion is that the irreducible factor of life and the universe is a creation force he calls Quality. Another way to look at it is if everything is a state transition diagram, the mysterious factor is something to be found in the transitions (dynamic Quality) rather than in the states (static Quality). Akin to some aspects of Zen and Eastern philosophy. He goes on to develop these ideas to say that you can build up increasingly complex static Qualities like atomic elements, compounds, even life, from what seems like nothing... but that intangible creative dynamic Quality is there, and yet not so easy to pin down. It isn't so much a thing as it is a force.

Right or wrong I find an odd sort of comfort in this understanding.

Comment: functional programming (Score 1) 197

by hlee (#46442843) Attached to: Ask Slashdot: Online, Free Equivalent To a CompSci BS?

We were taught Miranda (very similar to Haskell) in my bachelor's program. It was the primary language for most of our exercises across many courses. It is an effective lnguage for teaching many fundamental aspects of programming like recursion, and algorithms - expressing quicksort in a functional language is not only more elegant and considerably shorter when compared with c or Java. That was over twenty years ago, but to this day these functional programming abstractions have been invaluable in shaping my designs, and thought processes involving any kind of programming whatever the actual language I'm using.

Comment: Re:The CEO is Probably Right (Score 1) 383

by hlee (#45597803) Attached to: Ask Slashdot: How Do I Convince Management To Hire More IT Staff?

There's a huge difference when IT is considered a competitive advantage as opposed to a cost. Generally speaking when IT is simply a cost, then it'll always be short staffed and barely able to keep up with what it needs to do - and will often be targeted first when costs need to be cut. While the idea of turning IT into a competitive advantage sounds good, it isn't easy to execute because they often need to expand their roles and need an objective means of measuring their contributions, but the basic idea is to get IT involved in the company's bottom line - in this case to find out what can they do to improve manufacturing processes.

Comment: It's a good thing if they're pragmatic (Score 1) 251

by hlee (#45063409) Attached to: The Human Brain Project Kicks Off

In practice, today we can solve any control logic problem with existing programming techniques as long as we can specify all the inputs, states/transitions, and outputs. There are techniques to formally verify these programs so you can trust them for mission critical systems - they do exactly what they're designed to do, nothing more, nothing less.

I don't see this approach changing anytime soon. An AI designing a complex system is for the foreseeable future, science fiction. However what's interesting about The Human Brain Project is that it doesn't make any claims about AI, which is actually a good thing. If they start emphasizing AI research I seriously doubt they'd get very far. From what we understand about neural networks and machine learning, which incidentally have very little to do with AI, often turn out to be very good at solving very hard to describe problems like image recognition.

I think if The Human Brain Project focuses on better understanding our neurons and how they work, and are able to translate it to advanced neural networks - these systems could turn out to be adept at solving certain problems. That's a good thing.

Comment: Re:Maybe because programmers like to be clear (Score 1) 878

by hlee (#33007632) Attached to: Google Engineer Decries Complexity of Java, C++

Irreducible complexity is irreducible.

Still, I'd like to stress that picking the right language for your task can greatly reduce problem complexity.

For instance, algorithms are much more compact and easier to understand using a functional programming language. E.g. compare quicksort in Haskell and C - see

Complex concurrent programs remains challenging even with an excellent (IMO) concurrency library like the one in Java 1.5+. But switch to Erlang, and you'd find many concurrency patterns are expressed more naturally.

A debugged program is one for which you have not yet found the conditions that make it fail. -- Jerry Ogdin