Follow Slashdot stories on Twitter


Forgot your password?

Comment Don't Need Ads, Only Sponsors (Score 1) 307

It's not the advertisers you're sticking it to, though. You're taking revenue away from the content producers, so that eventually that content will go away.

Not necessarily. I've noticed a lot of the "content" I enjoy online is videos and music made by younger people that treat it as a gig. They don't throw ads in your face, they ask for you to buy stuff from their store (think funny t-shirts) or "donate" to them. Probably "sponsor" is a better word than donate. Many of them seem to be moving to using special websites like Patreon to raise income to support their creative projects. I gladly chip in a couple bucks a month on something like that if I really enjoy a particular project.

There's a lot of people that have their books hosted completely free online. (I think a lot of O'Reilly programming books are that way). I can read online, but I can also buy a paper copy. When I really enjoy a book and would like to have it for reference, I chip in and buy a copy. Considering so many authors do this, it must work for them as well. And I believe it -- why drop $50 on a book I don't know anything about? If I can preview it without being harassed, I definitely am more likely to buy it if its useful to me.

The point is, the internet allows us to directly sponsor the people/projects we want to see. I get warm fuzzies supporting someone for doing something creative I enjoy, and I know that person gets a much larger bulk of my contribution than our current ad-centric model (I know sites like Patreon have a cost, I don't have a problem with them charging a reasonable fee, but I know most marketing charges out the ass for it). We don't need middle-men advertisers annoying us and then skimming off the top before they give a meager paycheck to the creators. If advertising can't adapt, then that's their problem... I guess it become an industry that, like horse and buggy and plenty of other things, is an outdated obsolete industry we no longer have use for.

Comment Often aren't "math guys" but "arithmetic guys" (Score 4, Interesting) 616

Certainly, not every programmer with a strong background in math is like this. But I've worked with people who are proud of their math ability, and who would be the first to tell you how critical math is to programming, who write terrible code ... They pride themselves on their "uncommon" ability to keep lots and lots abstract details "in their heads," and in their "analytical" skills.

Throughout elementary, middle, high school and even into college (dependent a bit on major), we tell kids that "math" is learning your times tables, balancing a checkbook, and basically arithmetic skills. There's some algebra thrown in there in high school but for the most part, most people think of math as doing arithmetic. I'll give you an example. My mother says "You're so good at math!" whenever she's baking cookies and asks me how much flour to use if she wants to double the recipe and she typically uses 1/3 cup of flour. This isn't unusual; I heard this all through my life, from family, friends and even teachers.

Mathematics, however, is really just logical thinking. It is the art of logical reasoning about problems. Often applied to numbers, sure, but it doesn't have to be, or at least not in a concrete sense. It's more about reasoning about patterns, abstracting different types of problems (realizing that two problems you thought were different are actually the same type of problem!) There are whole college courses in mathematics I took back in the day where not a single number was written on the board. It was all symbols and functions and proving properties of things (meaning: what can I logically conclude about something based on this list of facts?). Being good at math really means being good at reasoning about problems, abstract away the difficulty, and notice patterns.

I think the disconnect is that there is a healthy population of people running around that declare themselves "good at math" because everyone they know (family friends teachers) tells them they are good at math... because they did arithmetic and basic algebra well. The end. I've met several people like that. Doing those things at a high school level is more about memorization (think: memorizing times tables, memorizing "FOIL" method for multiplying polynomials, memorizing quadratic formula, etc.) than logical reasoning. You might get a taste of that in high school geometry if you're lucky, but honestly even that seems to mostly be "memorize this proof about geometry" without really building logical reasoning skills that can be applied to other problems. You just do it for the sake of doing it, from the students' perspective.

The people that are "good at math" you meet that suck at programming are likely the people that fall into this category. They were great at K-12 math classes because they can memorize and hold a lot in their head, and they probably learned programming by the same method -- look at code (in a book, google search, whatever) and memorize the code. They memorize what functions do what, and how to throw things together, but they never really internalized that abstraction and problem solving that a true mathematical mind has. So they never really learned how the code goes together, or why one pattern is better than another. They just memorized an approach that worked in the past. I've seen a lot of that too unfortunately.

A real college level course in mathematics is really eye-opening (likewise, I think physics majors and a few others also experience this), and I think that ability to reason abstractly really does make a huge difference in how you approach problems. Even if you never directly use your math classes at your job, having gone through those classes permanently change how you think about and approach problems, and I think that is a huge benefit. It's a shame most people -- even the ones "good at math" -- never take one of those classes.

Comment Re:Space Gives Positive Economic Outlook (Score 3, Insightful) 442

The (economic) question is however are those advances better (more progress/$) than direct funding of consumer products? Analysis shows no.

I am aware of such analyses, but do not know if such analysis is the consensus opinion or more a conjecture at this point.

I would still argue that overall the other benefits I listed imply that government funding of such things would be good. If nothing else, business is sometimes very risk averse, and once government research proves something is feasible, then they will jump on it (see the various businesses that have popped out of projects started at FFRDCs, for example). So such funding would then jumpstart consumer products that wouldn't have been tried in the first place by the private sector.

Comment Space Gives Positive Economic Outlook (Score 1) 442

space exploration returns next to nothing, its basic economics

The problem with statements like this is that "basic economics" is not always correct. It is a model, and like all models, it is incredibly helpful at helping us understand things and make predictions, but it doesn't always reflect reality. Most economists didn't predict the debt bubbles and economic issues of the past decade, for example.

In any case, let me illustrate why it's actually a great thing to do space exploration, even when other things need done too (nothing is mutually exclusive):

  • Science/engineering advances from space exploration often find their way into consumer products, allowing new businesses and innovations to develop. Often advancement in science and engineering understanding seems "dumb" until someone realizes a purpose for it (see for example, computers and all of the naysayers on how practical/useful they would be).
  • A strong space exploration program will be enticing for some of the world's top minds, and allow the US to "capture" those minds thru immigration. Those people will go on to develop great scientific advances and some of them start great companies, which will be American companies rather than $country companies.
  • People need to be hired to build and test these space exploration devices (satelites, landers, rockets, etc.), so we'll employ a bunch of people for a while and pay good salaries. That will help bring down our unemployment numbers and bring down family debt. When the program is over, they'll have something cool to put in resumes as they look for other work in the private sector or even start their own businesses. Or possibly we can keep working on awesome future space projects.
  • A space program that makes people excited will encourage more of the young generation to go into the sciences, making sure we stay competitive technologically into the future. We don't want current trends to continue, where there's little excitement in science (== little funding, no big projects, government doesn't support it, etc.) and so many of our bright students go into business instead, worried about their futures if they chose science.
  • Have you ever been to the Smithsonian museums? People from all over the world go there to see the lunar module and space shuttle and other stuff. They see the moon rocks. They buy their kids a t-shirt. "See the talk by the person that went to Mars!" or "See the Mars rock" or "Climb inside the real cockpit of the Mars lander!" would attract many tourists from across the world. And tourists spend money.
  • It's just plain bad-ass. Why does everything we do absolutely need to be profitable? Why is money the only judge of whether something is worthwhile or not? How about we just have pride in ourselves and our culture and do something because its there. At the end of your life, will you be happy that you saved $5 (your share of federal taxes paying for space program is so low that $5 probably isn't that far from the truth in a back of the envelope calculation) or that you got to see a person land on Mars on live TV? I'd rather have an interesting life than a boring one with more money.

There's probably even more arguments than this but here's for starters. We absolutely need to focus on our national infrastructure, our educational system and student debt, and other issues (shameless plug for Bernie Sanders goes here, as he's the only candidate really talking about all of these things), but I don't think any of that work says you can't also spend on science at the same time. In fact, I think it's a necessity.

Comment The Law States That's The Purpose (Score 3, Insightful) 418

Clue #1: a minimum wage job isn't something you should live off of. It is expressly for teenagers and for folks who use it as a stepping stone or fallback until something better comes along.

Who says? This is misinformation/propaganda being spread. If you look at the actual bill that instituted the minimum wage in the US (the Fair Labor Standards Act of 1938), the law literally says the reasoning for setting the minimum wage is "Congress finds that ... labor conditions detrimental to the maintenance of the minimum standing of living necessary for health, efficiency, and general well-being of workers causes ..." and then goes on to list negative effects of not being paid enough to live. So yes, the law quite literally states that the minimum wage is something you're meant to live off of. (Feel free to read the law yourself on the Dept of Labor website.

This idea of "teenagers can do it" is only a ploy to make people complacent with low wages. Remember a teenager at 17/18 can easily be out living on their own and not have the support of family (for many reasons: family doesn't have ability to help, family has cancer and teenager needs to support them, family is crazy/insane/drug addicts, family is dead, etc.), and so even teenagers should make enough money to support themselves.

Clue #2: these jobs usually require little-to-no skill, and consequently do not bear the value of $15/hr at current inflation/valuation.

When the minimum wage was instituted in 1938, the many US jobs were in agriculture or simple manufacturing. I don't consider those jobs to be "high skill", but that doesn't mean they're not super important (without food, we die -- about as important as you can get! and manufacturing gave us the modern world, despite many of those jobs being just to screw the same bolt on over and over). So for one thing, skill does not equate with importance, and I think important jobs especially should be well paid.

Furthermore, have you seen secretary and human resources job these days? Also requires pretty low skill (mostly just typing and sending emails and filling out forms -- anyone who can read and write can do it, really), but look at how much these people make (in my area, you can get jobs in HR making upwards of $50k with only minimal experience, much above minimum wage). If we were going by your metric, these paper-pusher jobs should be making low pay and important jobs like farmers and restaurants that provide me food should be making more.

All of this is an aside from the real goal of minimum wage, which is that if you do ANY type of work for anyone, you're important to someone and should be able to support yourself doing that work. If you're not needed, why did the company hire you? I'm tired of this idea that companies are entitled to cheap labor; if your company requires effectively slave labor to exist, then how about we state the truth that your company is failing, not doing well, and maybe should go bankrupt due to mismanagement rather than keeping it chugging on the backs of the poor?

Clue #3: when you price human labor too high, automation becomes more attractive. There are already machines that can effectively replace fast-food cashiers, and are cheaper to operate and maintain than $15/hr people. There are also machines coming online that can operate the back-end of a fast food joint as well, which will also just come under the wire as being cheaper (but would come out ahead by being reliable, on-time, etc.)

That is going to happen no matter what because of corporate greed to always maximize profit. Even if we paid people $1/hr, at some point people would need to eat and sleep while a machine could work all night long straight, cranking out more widgets. We can't compete with technology.

What we instead need to do is have real discussion on what the future economy looks like when jobs are phased out by robots. Probably future jobs would be more creative engineering or artistic jobs that robots can't do and it will work itself out and the economy will keep moving on, but we will have a transition period before we get there and it will be different than what we have now. In this transition, we need to do the humane thing and help people transition. That means making sure people's needs are met as they go back to get training for jobs, whether they be more academic (engineering/science) or more trade level (arts and crafts, music, cooking, stuff that makes people happy and can make money). It's not anyone's fault that robots were invented and are taking over, so why do we hold it against them that they should have someone thru clairvoyance known of the impending robot takeover and planned accordingly?

Clue #4: sucks to say it, but no one owes you a living -anything, let alone a "living wage" (whatever that means). Safety nets and charity are for those unable to help themselves, and obviously for those among us in temporary desperate situations, but that's it. Meanwhile, if you are able-bodied and not mentally defective, then it is up to you to better yourself by any legal means possible.

This makes the incorrect assumption that people have control over job availability. I know plenty of people with experience in fields that are drying up (drafting is a good example) -- used to make good money and be steady pay, now with automation, there's few jobs to go around. What is someone with 20 years supposed to do? That field has no jobs left; I know a guy that is looking. He also can't get into a new field because they pigeonhole him: "Why are you applying for this? Your experience is in a different field". He's quite able-bodied and intelligent person but its not working out. He's taking evening classes to go more into computer work, but that doesn't happen overnight. What do you propose he do in the meantime?

We need more than just a simple safety net, but a system that makes sure you have the chance to get ahead (good wages help you pay for things like school for example), and when things like the economy shift, is there to help you transition to new work.

Comment Re: CVSSv2 (Score 1) 30

From what I have seen, Mitre and NIST often show inaccurate CVSS scores on the CVE pages.

Have to stop you there, sorry for perhaps being a bit pedantic, but the NIST score is more or less the "official" score of a vulnerability, given how closely they work with organizations like MITRE. The CVSS scoring rules have some nuance to them, and in some scenarios the official rules on scoring a vector is not what you'd expect. NIST tries to follow the official scoring rules as strictly as possible. You may not agree with the rules (and many people don't, I'm not trying to knock you), but technically their scores are the most accurate.

CVSS recently released v3.0 scoring in order to try to address some criticisms in scoring. It did this by upgrading its base vector to be a bit more easily comprehensible by adding obvious metrics like "user interaction required", which was previously embedded in "access complexity" in v2. I think in general I like the concepts and it makes it easier for the most part, but time will tell if the general public agrees. The sticking point I think is the idea of scope, which is not a bad idea in general, but the definition seems a little fuzzy to me. We may have only shifted where the nuance is, and so disagreement in scoring may continue into the future.

In order for the metric to be truly useful, every organization has to localize measurement to their environment and each vendor needs to measure impact against their use or non-use of the underlying code. At the end of the day, it's all about risk measurement, but with those steps you end up with a reasonably accurate assessment.

Exactly. CVSS allows for this by use of temporal and environmental scores, but unfortunately, most organizations don't use them. This means most people run around talking about the base score without a clear sense of how it applies to them. I've seen vulnerabilities with a base score of let's say 7.0 or so being knocked down to 1.5, after you factor in its temporal factors (such as a patch being available) and environmental factors (such as not very widely deployed). I wish more people would talk about the environmental factors. CERT is one of the few places that lists temporal and environmental metrics, though their database is not comprehensive.

CVSSv3.0 is weakest in the fact that they essentially threw out the environmental metrics; yeah, its technically there, but its shadow of its former self -- it doesn't include important metrics like population anymore. I hope they will put that back in for CVSSv3.1, and encourage more widespread adoption.

There is nothing wrong with the current system that wider spread adoption and education cannot fix. Part of the problem is the media hype surrounding the bugs. If every little issue wouldn't get a cute name -- Shellshock, Logjam, POODLE -- the reactions might be a little less kneejerk.

I agree, but education can sometimes take a while and be harder than you think. There's momentum -- and money -- behind the current system. You get everyone wound up, and then offer to sell a widget that "protects against it". There's a lot of snake oil for sale in the industry right now, and so far, companies and governments are eating up. It will continue as long as money is being made. The bigger question is, how do you make it more profitable to tell the truth about threats?

Organizations like CERT tend to straight talk it and provide honest feedback with their temporal and environmental scores, but they're not picked up in the media as much as these security start-ups that are out to cause a ruckuss and make money. The start-ups seem to me to be more marketing companies than security companies these days; they tend to overinflate the CVSS base score and talk it up by reaching out to media directly, when in reality, the base score itself may not be that high, nevermind that temporal and environmental factors might lower it more. Fear makes money right now.

Comment Re:If only there was a rating system for this... (Score 1) 30

Temporal and environmental factors and only be assessed by people in the know. Windows shops obviously don't care about Linux vulnerabilities and vice versa.The base ratings are strictly focused on the vulnerability. Other factors you need to determine yourself... And there's already a system for that.

Yeah that's kind of the problem, most companies don't use temporal or especially environmental factors. If you base everything on the base score only, you're not getting a really accurate feeling for the severity of the vulnerability.

The other problem is that CVEs tend to be treated in the researcher community as gold. You list CVEs on your resume, for example. CVEs are not meant to indicate severe vulnerabilities, or even all types of vulnerabilities -- many things that are important don't get CVEs, while many lame vulnerabilities do have a CVE. These systems need rethinking in general.

Comment Re:Probably GPL, but depends on Apple (Score 1) 171

It's because BSD/MIT pretty much are cool with anything as long as you attribute the code to the original author. That is the main requirement of distribution. So proprietary is ok as long as somewhere deep in the credits they add the name of the original author.

GPL meanwhile requires not just attribution, but the availability of the full source code. So you can't be a proprietary trade secret with GPL code, so any proprietary software using GPL is in violation of the license and therefore copyright law. It's illegal.

Submission Qt 5.5 released->

mx+b writes: The latest version of Qt, the cross platform GUI toolkit and development platform, is out for all major platforms. Highlights include better 3D, multimedia, and web support, as well as better support for the latest OS X and Windows releases (including Windows 10) and more Linux distributions.
Link to Original Source

Comment Probably GPL, but depends on Apple (Score 4, Informative) 171

You beat me to it :-)

To the original poster:

The GPL is "viral" in that if you use even a smattering of GPLed code, you are required to release ALL of your code as GPL as well.

It concerns me that you state you use example Apple code. What license is it? ("has its own terms" is completely unhelpful).

In general, you're restricted to using a license that is the most restrictive. The liberal licenses like BSD and MIT can morph into anything pretty much. GPL is one of the most restrictive on redistribution (RMS would say it preserves user freedoms by restricting developer distribution, and I would tend to agree with it; just throwing that in there because I don't mean restrictive in a negative sense here, only that it was designed to prevent people from running off with the code without contributing back to the community, so you can't just re-release GPLed code under MIT like you suggested). Apple's license may be open source or not; furthermore, there are known open source licenses that are NOT compatible with the GPL, so its entirely possible that the Apple code may not be distributed together with the GPL code. For reference, see

It's possible your pro-bono advice is correct and this doesn't matter too much if you release it publicly and open source (it seems unlikely open source projects would sue other open source projects), but in case you ever plan on making money on this project (and even if you don't), to avoid any possible legal trouble you should choose the most restrictive license compatible with all licenses at play. Likely this means the GPL, but the wildcard is Apple. If you post the terms to it, we could probably help sort it out (with the usual IANAL caveat). Otherwise, you may need to rethink which libraries are included with your code and possibly even roll your own depending how niche it is.

Comment Qt for Android (Score 4, Interesting) 173

Where do I get started building Android apps in C++? Inquiring minds suddenly want to know.

The latest versions of Qt5 support building Qt/C++ apps for Android and iOS. I've never tried it for more than running a few examples, but it seems pretty nice and easy, and I've really enjoyed Qt development for years now.

Comment It's the economy, stupid (Score 1, Informative) 830

Really, with all the important issues that should occupy a president's attention, if this is even on your radar, you're not qualified for the job.

Converting to metric is not just a fun science nerd issue no one cares about.

Really it's an economic issue, and I'm surprised it hasn't been made more of a big deal. When we follow international standards, we can better share ideas and better trade goods. If the US used metric, we'd be in a much better position to sell our goods worldwide, as we wouldn't need to re-tool or re-calculate all the time.

Great example: our US engineers are mostly trained in the English system. My wife used to work in an industry that is now heavily developing and building things overseas. The American engineers had to build everything to metric standards, since they were building in India and what not, and really had trouble with it, as they weren't properly trained to do metric calculations and the equipment they wanted to buy from American companies didn't always come in a metric size. Instead, the engineers would have to half-ass some crazy scheme (like buying parts and then cutting them -- makes sense until you realize you'd have to pay field guys to do this 10,000 times) to get it to work. The quality suffers, and since there's all these problems, I get the sense that many international companies would rather just hire Germans or whatever to do it.

This is an anecdote of one industry, sure, but if our engineers were trained in metric, and our businesses made the jump to make metric products in the first place, we'd probably be a lot more competitive in the world market. We wouldn't need to spend all this extra time and money on customization, we could just do it. I imagine all this effort has long ago exceeded the cost of buying new tools once; we should have just switched then and told businessmen to shut up about costs.

Comment Have You Looked for a Job Recently? (Score 4, Interesting) 413

I find it amazing that not only is cable TV a "right", deserved by all, now broadband is also a "right".

In a way, it is. Your first comment is actually a little more correct than you realized.

I hunted for a job last year for quite some time before I got my new gig. Let me share some thoughts on the current job climate:

  1. (1) Many companies specifically say they do not fool with paper applications anymore, you are directed to submit resumes to their online HR portal.
  2. (1.5) For that matter, I don't see "Help Wanted" signs very much either. Job openings are posted online, so to even see if a job is available, you often have to check online.
  3. (2) An email address is as required as a phone number (perhaps more so?) these days when applying for jobs. Correspondence such as setting up interviews was done almost entirely in email in my experience. They may have called?... or may have thought since I didn't respond to their email, I wasn't available, and moved on to the next candidate.
  4. (3) A LinkedIn or Facebook is used to "verify" you are a real person that doesn't seem too crazy or weird, and that your public profile matches your resume (catching obvious liars). It was heavily insinuated to me that applicants without an online presence were basically treated as homeless drug addicts (i.e., "what are you hiding if you're not online?")

So, to get a job, it's quickly becoming a requirement to have internet access. If we ever expect to help people improve their lives, we have to be willing to give them a leg up to get started. Getting a decent job is a start to better things, so if jobs require internet access, I am all for making it a "right".

Furthermore, I think there is an even greater reason why to do this. While it is possible to call one's congressmen, you'd have to know what to call about. I never receive snail mail copies from my legislators, but I receive email newsletters and follow them on Twitter. Without internet, you would probably have much less of a chance of being informed as well as being able to interact with your representatives. Arguably, since democracy is one of the most important aspects of our society, I would say that allowing access to representatives is a fundamental right, and if those representatives now do a lot of their business and work online, we must require online connections for all.

Comment Not just no ads, but had content (Score 1) 531

I miss being able to do a google search, and the first few hits were generally exactly what I wanted.

Yeah yeah, I know, "use google-fu", but it doesn't really work anymore, not as well as it used to. The marketing droids and advertisers have their whole SEO thing now where they're actively out to cheat google to get you to browse to their crappy blog or whatever instead. Searching for anything technical gives you the first few pages of marketing blogs that copy-paste each other's heavily buzzword-laden summary, squelching the actual reporter or researcher that has real information.

It is obnoxious. I've day dreamed of making a TLD (.awesome or something) that has one specific requirement -- anyone can register a domain as long as you sign an agreement that you will NEVER DISPLAY ADS. Well maybe, a couple other requirements to try to cut down on the copy-paste news cycle. But generally speaking, if you search only .awesome addresses, you know you're getting legit content. That's what I want. That's what I could do in the early days of the internet. The internet has been destroyed by rampant greed and commericalism. I want those early days of hackers (in the sense of open source contributors, not malicious ones), professors and enthusiasts to come back. Do I just not know where to find them online anymore?

Comment In The Limit, It's the Things We Buy (Score 1) 837

Maybe we should just nix the idea that road infrastructure needs to be paid for with gas or vehicle taxes, and start paying for it from the general fund.

I came here to say this.

Pay-per-use means we have to track use, which means extra billing/administrative costs/HR involved, which means less of the money is actually going to what it is supposed to. Unless the tax hike is higher than what it is now. It's so much complication for no reason.

I'd say this: we all go to the supermarket roughly once a week to get groceries, clothing, whatever. Those things generally speaking come in by truck, which is much more damaging to the road than personal vehicles. So, no matter your personal habits, it is a drop in the bucket compared to the cost of your goods coming in. So how about we say: everyone needs to eat, buy new clothing, etc., and we just call it even and hike everyone's income tax by 0.1% or whatever. Everyone uses about the same because everyone needs goods trucked in, young, old, rich, poor. End of story. Earmark that money for transportation, and you're done, the tax is collected quarterly/biweekly automatically with no extra taxation infrastructure.

With an appropriate tax rate, we might even be able to offer free buses and shuttles and light rail for our citizens. It would be good for everyone, especially the poor, whom might pay less money with a 0.1% tax than current bus fare.

In any problem, if you find yourself doing an infinite amount of work, the answer may be obtained by inspection.