Forgot your password?

Comment: Re:Laziness (Score 1) 144

Although you certainly have a point, the core problem is often that the documentation is poor. I find that if there is a proper writeup of the solution somewhere on the net, Stack Overflow will mention it (eventually). If there is no proper writeup, sometimes someone bright posts a solution that is right, and sometimes people stumble upon a voodoo solution that nobody understands properly, but sort-of works.

The Android APIs are susceptible to this problem, because they are often poorly documented, have glaring documentation bugs, or don't explain the overall concepts. No matter how brilliant your epibration classes are, and no matter how well-documented all the methods in the epibration API are, it doesn't help at all if you don't explain what the hell epibration is, and when and how you should use it.

Amazingly, security libraries are often in this category. Is there a really good writeup ANYWHERE about SSL, certificates and signing practices? And IPSec with all its intricacies?

Comment: Re:Price floors are subsidies (Score 1) 309

Sometimes the old way of doing things is not worth saving.

And sometimes it is, despite the supposed inefficiencies. That's what the French government thinks, and there are similar opinions in other European countries.

Personally, I'm not sure this particular law is so helpful, but anything that prevents Europe from becoming a cultural wasteland at least gets my sympathy. There is more in life than just financial efficiency.

Comment: Re:Is it really about "art"? (Score 1) 121

And the reality of the matter is that digital instruments do a good job of replicating piano, organ and other keyboard instruments.

My son, who is a talented piano player, disagrees. He has played some of the electric piano `replacements', and he says they are interesting to play, but the real thing is still a far richer and interesting instrument.

There are still plenty of effects in real pianos that are not emulated properly. Two examples: resonances in the other strings of the piano when you strike a string, and striking a key, leaving it half-pressed, and striking again. The piano pedals are also not easy to emulate, I understand, but I don't know the details.

Comment: Re:How does it work? (Score 1) 247

by mean pun (#47203307) Attached to: Mayday Anti-PAC On Its Second Round of Funding

But at that stage the hope is that the masses of voters like these laws so much that voting against them would be political suicide. Therefore, the Super PACs will have to make these laws controversial in some way, and they will have to start as soon as they can. I have no talent in this area, so I don't know whether these ideas grab your guns, are socialist, harm your children, support terrorism, promote unions/homosexuality/abortion/government, continue the war on christmas, are an IRS complot, don't have a proper birth certificate, land you in FEMA camps, deserve a dog whistle, or introduce death panels, but the mud will be ready.

I'm sure the Eye of Sauron is already on this initiative. The memos have been written, and the mud will start flying as soon as it gathers any momentum.

Comment: Re:Basic programming principles what? (Score 1) 127

by mean pun (#47158831) Attached to: GnuTLS Flaw Leaves Many Linux Users Open To Attacks

It seems like taint tracking and sanitation should be pervasive and explicit. This can be partially enforced by type enforcement, no?

This is possible in almost any modern language, although in some languages the code will be so horrible you can wonder if the cure isn't worse than the disease. For example, in C you could wrap tainted data in a struct that is only touched by a few select sanitisation functions. (You would still have to make sure no lazy or malicious code pokes around in the struct, or casts away this protection, but you could write a tool to check that.) Similar for languages like Python, although again it is easy to get around the isolation, so discipline and checking is still required. Languages like Java (or Swift :-)) are strict enough that you can almost completely enforce this isolation rather than rely on disciplined programming (I say almost because you cannot block access to I/O functions, so in principle you could still ignore the isolation, and directly access the tainted data). In C++ you can make the isolating `wrapper' almost transparent, but all the C trickery is still available.

I think it is fair to say that an important reason that these techniques are not used is cultural. Building a watertight taint wrapper in C (the most common language for this kind of code) is tricky and boring, and there is a lot of Real-Programmers-don't-Need-Handholding mentality among C programmers.

May the bluebird of happiness twiddle your bits.