Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Education vs. H1B (Score 2) 203

Does it really make sense to spend money on CS education while importing cheap H1B labor?

Yes it does. Unless you do a job that requires direct person-to-person interaction (medicine, nursing) or tied to regulation by necessity (law), or that requires hand-on work (utilities), you are going to compete with H1B and and global workforce no matter what.

Deal with it. That has been the norm for, what now, 15 years? For 15 years I've been told that my career is going to go poof because H1B labor or because some guy in Bangalore makes 1/5 of what I make, as if software/IT work can be directly compared to picking up fruits or something. In my first 5 years of work, I doubled my salary, and in the 15 years that followed, I've doubled it again.

And I've also been laid off a couple of times, one time 6 days before my first child was born. Tough shit, such is life. You adapt, you fight, you learn, you re-learn, you borrowed Teddy Roosevelt advise ("“Whenever you are asked if you can do a job, tell 'em, 'Certainly I can!' Then get busy and find out how to do it.")

We have to compete against H1B workers and a global workforce? Yes. End of the world? Yes if you suck.

To compete, you need to build your network, and you need to have specialized skills that are on demand. And that requires a baseline education, CS education or something comparable, or related experience.

This has been a fact like, forever. H1B workers and globalization are just a new constant in the polynomial.

Comment: Re:Seems reasonable (Score 5, Informative) 115

The hard part is indeed establishing what the right level of security is and how to evaluate companies against that. At least over here, the exclusions for burglary are pretty clear cut: leaving your door or a window open, and for insuring more valuable stuff there are often extra provisions like requiring "x" star locks and bolt, or a class "y" safe or class "z" alarm system and so on. With IT security, it's not just about what stuff you have installed and what systems you have left open or not; IT security is about people and process, as much or more than it is about systems.

I would disagree with you on this (somewhat). There are well established practices on how to build secure systems, for each major development platform (JEE, .NET, RoR, etc) and also for general decision-making.

Any organization, big or small, needs to be able to come up with scenarios and questions for things that need care, and for which it might need to provide evidence of attention. The important thing is to execute due diligence when it comes to defending your business against attacks, and to demonstrate providing evidence of such due diligence.

If we are in e-business or are bound by PCI, HIPAA and/or SOX compliance, the following questions would come to mind (just an example):

  1. Are we addressing the top 10 risks identified by OWASP?
    1. If so, can we quickly identify how we address them?
    2. What other risks identified by OWASP do we address and how?
  2. How do we address CERT alerts and advisories?
  3. Are we on top of security patches?
  4. Are the underlying systems security patches up to date?
    1. If so, can we quickly provide evidence of this?
  5. If we are bound by HIPAA and/or SOX how do we address security concerns that might stem from these regulations?
    1. How do we quickly provide evidence (evidence of process and assurance)?
  6. Do we have a multi-tiered architecture, or do we run everything co-located?
  7. Are back-end databases on their own machines, in their own subnets outsize of a DMZ?
  8. Are "mid-tier" services on their own machines, separated from databases?
  9. Are they in a DMZ? Are they proxied by a HTTP server in different machines?
  10. Do we have firewalls? If so, do we keep an inventory of their rules?
  11. Are we up to date with patches for network assets (firewalls, SSL appliances, etc)?
  12. Are we still on SSL 3.0 or older versions of TLS?
  13. Do we specifically disable anonymous ciphers?
  14. If we use LDAP, do we disable anonymous binds?
  15. Do we use IPSec to secure all communication channels (even those internally, a requirement for banking in several countries)?
  16. If not why? How do we compensate?
  17. If we are in E-Commerce, how do we demonstrate that we are PCI-compliant?

In my opinion and experience, these questions present the starting point for a framework to determine the right level of security in a system. More should be piled on this list obviously, but anything less would open a system to preventable vulnerabilities.

And that is the thing. The right level of security is the one that helps you deal with preventable vulnerabilities that you, the generic you, should know well in advance, vulnerabilities that are well documented. How costly the prevention is, that is a different topic, and any business will be hard press to justify to an insurer that they forego to deal with a vulnerability because it was too expense.

Answers to those questions and evidence of such would constitute proof that an organization followed reasonable due diligence in establishing the right level of security. Moreover, it will have a much greater chance to disarm an insurer trying to find a way to avoid covering damages.

Notwithstanding the ongoing abuses done in the Insurance business, insurers have rights also. My general health and life insurance is not going to pay up my family if I kill myself while base jumping with blood alcohol levels up the wazoo.

Comment: Re:"What happened to the dinosaurs?" (Score 1) 435

by luis_a_espinal (#49781813) Attached to: Creationists Manipulating Search Results

Uhh...wut? Just because they looked like overgrown lizards in Jurassic Park, doesn't mean they're related to lizards.

Well, some of them actually do look like lizards.

Tuataras are neither dinosaurs (clade Archosauromorpha), nor lizzards (order Squagmata). They are Rhynchocephalia, distantly related to the Squagmata, both orders being Lepidomorphs. It is almost as comparing Marsumials with Eutherians.

Comment: Re:Plant? (Score 1) 382

by luis_a_espinal (#49750729) Attached to: How Java Changed Programming Forever

Java is certainly not dead. If you're a software engineer, my gut feeling is that 70% of job offers involve Java programming. Java is widespread in the enterprise as well as open source frameworks and platforms.

But parent is right in the fact that Java in the browser is practically dead. Some office environments still require Java for entperise applications, but practically all ordinary users don't need Java in the browser.

It's a little ironic, since Java on the web was one of Java's main, original use cases. Now Java applets are niche and fading out, whereas Java is pretty much rampant everywhere else.

Java in the browser died 15-16 years ago. How is that relevant to any conversation nowadays? This is like saying "dinosaurs are dead" (no shit) while discussing bee colony collapse syndrome (a contemporary phenomenon.)

Comment: Re:Plant? (Score 1) 382

by luis_a_espinal (#49750711) Attached to: How Java Changed Programming Forever

Because Chrome is turning Java off and they're trying to make sure other browsers don't follow suit.

Seriously, I see no NEED for Java any more. I probably have more Silverlight things I like to use than I do Java, and neither are vital any more.

And the sooner we get out of the mindset of ancient-java-plugin being accepted as "more secure" for banking etc. the better. Hell, I remember the early days of the secure web where if you couldn't afford SSL, you pushed the transactions through a "secure" Java app.

And apparently you are still stuck in the early days (like 15-16 years ago) because I have not seen anything like that since the late 90's.

What do you NEED Java for nowadays? What do you NEED enough of it to justify a control panel icon, background services, etc.? Basically nothing.

OMFG, this tells me you are complete unfamiliar with the concept of "back-end" software, which is where Java/JEE runs supreme. Amazon, Google, a ton of shit that runs on those platforms, that's all Java. And we are not mentioning all the banking stuff that is out there also written in Java.

Seriously, you are stuck in the 90s', and thus, your opinions can (and should) be ignored without any doubt or feeling of guilt.

As such, Java is dead in the water, and a major browser ditching it could be the end.

What does Java has to do with a browser? Oh, let me guess, you are still in late-90's-applet-land?

However, as some of the comments on here show, it won't be missed.

It does make me wonder, however, quite what Oracle have left - Java is dead, MySQL is dead,

MySQL is dead? Really? Tell me where you get this information, fanboi?

Maybe that was the impetus for the whole Java/Dalvik thing?

Uh?

All that did was kill off Java and its derivatives even more.

So they have to find some news to keep the name of the language alive.

More uh?

Comment: Re:Now Germany! (Score 1) 100

by luis_a_espinal (#49745443) Attached to: US Levels Espionage Charges Against 6 Chinese Nationals

As a German, I'd rather see Germans with broomsticks and a healthy economy...

Because those two are so mutually exclusive. You people are dumb. If you do not want to be an armed country, that's great, just be open about it as opposed to pretending to have an army with broomsticks in lieu of heavy machine guns.

Comment: Re:Now Germany! (Score 2) 100

by luis_a_espinal (#49735081) Attached to: US Levels Espionage Charges Against 6 Chinese Nationals

I really hope you are being sarcastic or something, and you don't really think that...

The German airforce has over 200 front line offensive aircraft in its inventory, 109 of them being the Eurofighter.

The German army has over 230 Leopard 2 main battle tanks, a tank commonly held as one of the best in the world, and over 150 PzH 2000 self propelled guns, again commonly held as one of the best in the world.

The German navy has 81 commissioned ships in service, 43 of them front line offensive in nature.

Germany isn't exactly a nation I would want to currently face in battle, not even with a top tier military such as the US, France, UK et al - those military's would almost certainly win any competition, but they wouldn't come out unscathed....

Dude, you might want to check this: Germany’s army is so under-equipped that it used broomsticks instead of machine guns (Feb, 19, 2015)

Or this older article from 2014: http://www.washingtonpost.com/world/europe/the-german-military-faces-a-major-challenge-from-disrepair/2014/09/30/e0b7997c-ea40-42be-a68b-e1d45a87b926_story.html

Hell, just google "Germany military equipment problems". When German soldiers have to use broomsticks to hide the facts they did not have heavy machine guns during a NATO exercise, I have to say your post is full of uninformed baloney. This particular incident, that is the kind of crap I would expect from an underdeveloped nation, not from the fourth largest economy.

Comment: Re:How About... (Score 1) 17

While I don't think programming should be a core subject, I do think it would be good for schools to teach a "technology class" in let's say 6th grade. Maybe about 45 days of 45 minute classes covering... Keyboarding Navigating various operating systems. How to install various operating systems. Office software Networking Programming (one week only), perhaps using QBasic. Hardware (taking apart a computer, learning about various parts) Perhaps a quick intro to LaTeX over a week. Etc.

What would be more important perhaps is to have a logic course at some point. The kind of intro to logic you'd get in college.

LaTeX? You are batshit crazy. And I say this as a person who loves LaTeX and has used it for actual projects several times.

Comment: Re:NTY - You aren't gonna like this. (Score 1) 17

Teaching everyone coding basics doesn't imply that they will become coders as adults.

This is true but useless. Furthermore, it doesn't address the argument that technology is being pushed down kids' throats to the detriment of other more valuable skills.

I think in our technology focused world, coding is simply becoming another basic skill like reading and math.

That is an opinion, not a fact. And here is a prime example of a skill not being thought, separating opinions from facts.

And let's suppose for the sake of arguments that this is true. At least in this country, we are doing a shit-piss-poor jobs at teaching reading and basic mathematics to the general population. It doesn't matter squat if some wealth-to-do neighborhoods (like the one I live in) have excellent schools with kids capable of competing with any kid from, say, Finland. It doesn't matter because for each of those kids, there is a bunch of other kids who graduate from HS without knowing how to add fractions, or read news from different sources and synthesize an informed opinion.

So, in that background, does it really make any sense to pile more technology when we are fucking up teaching the basics???

And this very rhetorical question is made on the assumption that coding is nowadays as important as a general skill as reading and math. And that assumption is not accurate at all.

It should be an augmentation to the current set of basic skills taught,

But runs counter to your previous sentence saying that coding/technology is a basic skill like math or reading. It is either a basic skill or an augmentation of basic skills. I do not see how it can be both.

not meant to replace the important skills you mentioned like public speaking and investigation/questioning.

But that is pretty much the net effect. We cut on fine arts and history electives and we do a crappy job at teaching how to read and write. Without that, it is very hard, if not impossible to learn how to investigate and question, let alone see examples of public speaking or participate in such activities.

If we are already compromising teaching of those skills, what do you think happens we pile on yet another subject, one which requires a context for it to be meaningful (technology)? Something has to give, and it is typically the thing that is not new and shinny.

Besides, learning coding will teach kids ancillary skills as they go through the exercise, you don't learn in a vacuum.

I've been a teaching assistant for programming and business-related computer classes when I was in CS grad school. And sorry to say, but that statement above is not true. You need to have a grasp of basic skills before learning reasonable examples of how to use technology for solving problems. This is more important for kids.

Comment: Re:Maybe I'm Old (Score 3, Insightful) 47

What the hell is a MOOC?

You can find a definition here.

I'm old, but I can use google, and before that Altavista and before that the dreaded usenets. Some of my managers or former managers are in their 60's and they are the first ones to hit that shit (with the browsers in their smart phones if needed) when they encounter an acronym that they don't know. Hell, my mom who is in her 70's and who is not a technical person at all knows how to use google.

I really don't get the "Maye I'm Old" meme.

Come on if your going to use a new acronym you should define it.

The acronym has already been defined for an "eternity" relative to Internet-based technology. You just don't know it (which is fine), and can't find a way to find a meaning for it (which, in a technical-oriented forum, it is not fine.)

Comment: Re:Do most of the work? (Score 1) 441

by luis_a_espinal (#49734857) Attached to: Choosing the Right IDE

You can use an IDE that support multi-file undo, so it doesn't take 2 hours to sort out the mess. i.e. you could actually be productive instead of retarded.

You mean like git?

So far your argument seems to just be to insult what you don't understand.

You mean you do potentially mass commits before checking, or even before compiling or running unit tests because problems with compilation and unit tests can - and will - occur when refactoring/renaming of artifacts is done wrong?

Comment: Re:Do most of the work? (Score 1) 441

by luis_a_espinal (#49734187) Attached to: Choosing the Right IDE

Too bad plain old text editors aren't context aware enough to properly rename that function in the multitude of files that may reference it.

If you have a text editor that is well then guess what, you have an IDE.

Can you do the same thing with global search and replace and some regex? Sure. By there's no point in doing it manually. Do plumbers forge their own custom tools every time they need one? No, so why the hell should a programmer?

It's called a shell script and you can programme it to recursively search each directory in the project for files containing the string to be replaced and actually replace it in-place.

Coding something that one can easily get wrong (bad regular expression) and spending time debugging it when you have already built-in functionality typically coupled with a transparent mass undo? You are such a professional.

Comment: Add, Substract, Read, Write, Think (Score 1) 302

What Tech Skills Do HS Students Need To Know Now?

None. When I go to Japan, it is impossible not to notice how intelligent people are. Intelligent as in being able to express themselves, to think, reason, and synthesize positions out of multiple sources of information. This is not to say there aren't ignorant dumb-asses over there, but you can tell that basic, common education delivers over there.

Here, education is quite unequal. Some schools have nothing to envy from countries like Finland, whereas other schools churn graduate kids who cannot add fractions or read an Op.Ed. Student cohorts that gravitate to the later condition tend, IMO, to be the ones least likely to understand the benefits of technology.

Before we even get to the point of teaching technical skills to kids, we need to first worry about teaching them how to reason and operate effectively in a literate world. When they do that, a whole world of thinking opportunities, tasks and problems requiring solving comes into existence.

That gives a context in which technology can be applied. Better yet, people that are already literate begin, on their own, to apply technology to their needs. Beyond that, HS kids need to know the basics of computer security (recognizing spam attempts, running an anti-virus, backing up data on thumb drives, etc.) and basic usage of spreadsheets and word processors.

The last two (spreadsheets and word processors) can only be used effectively in a "problem" context. You use spreadsheets to create a balance, or budget, or to track expenses, or to calculate your mortgage rate, or how the cost of material and labor in making a home repair. That comes with a good understanding of arithmetic and algebra applied to real world problems (such as personal finance).

And all that comes from the capacity of engaging in abstract thinking. Form follows function. The form of solving a problem (using technology) follows function (the need to solve a problem). And a person cannot envision a problem or a need to solve it if he/she cannot think about it in practical, useful and abstract terms.

The trouble with doing something right the first time is that nobody appreciates how difficult it was.

Working...