Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Some Premises Need to be Questioned (Score 2) 96

by Bruce Perens (#49383785) Attached to: NSA Worried About Recruitment, Post-Snowden

I am still having a little trouble with "we don't need our spies to spy". Maybe we do.

I am also having trouble believing that the kind of encryption we use on the Internet actually stops the U.S. Government from finding out whatever it wishes although IETF and sysadmins might be kidding themselves that it can. Government can get to the end systems. They can subborn your staff. Etc.

Comment: Re: It's stupid (Score 1) 171

Yes. The last stuff I wrote that I couldn't compile today was in "Promal" or "Paradox". My C and C++ code from 1980 still builds and runs.

All of my web development is on Ruby on Rails. That environment has had a lot of development and I've had to port to new versions. So old code for RoR would not quite run out of the box, but it's close.

Comment: Re:How is limiting your market protection? (Score 2) 51

by IamTheRealMike (#49379331) Attached to: EU Commission Divided Over Nation-Specific Content Blocking

Clearly I don't understand capitalism.

Clearly. Geoblocking is at least partially about market segmentation. The EU is so large that it has extremely major disparities in wealth between its member nations. Consider the difference between Sweden and Romania. If you have a movie and charge a single price to stream it across the entire EU then:

a) Some people will find it incredibly cheap and others will find it still too expensive, just pushing them back towards piracy.

b) You end up having to deal with the tax systems of every single EU country anyway due to the retarded VAT changes they introduced this year, so it doesn't help simplify your business at all, and you theoretically aren't allowed to opt out of serving particular regions due to their horrible paperwork requirements, so being able to geoblock unprofitably complicated regions whilst claiming you have some other reason is quite attractive.

Comment: It's stupid (Score 0) 171

Development with a proprietary language is ultimately harmful to your own interests, whether you make proprietary software for a profit or Free software.

The one thing every business needs is control. When you make it possible for another company to block your business, you lose control. Your options become limited. Solving business problems potentially becomes very costly, involving a complete rewrite.

The one thing that should be abundantly clear to everyone by now is that making your business dependent on Microsoft anything is ultimately a losing proposition. They have a long history of deprecating their own products after customers have built products upon them.

Comment: Yes, it's free. Also, the patent system sucks (Score 1) 171

All Open Source licenses come with an implicit patent grant, it's an exhaustion doctrine in equitable law.

The problem is not patent holders who contribute to the code, you're protected from them. It's trolls who make no contribution and then sue.

Of course these same trolls sue regarding proprietary code as well.

Comment: Re:depends (Score 1) 148

by IamTheRealMike (#49378651) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?

You mean like browsers and Javascript? In that case 99% of the population has lost already. The pwn2own competition results are rather miserable.

I don't think it's so bad. The pwn2own competition is notable primarily for the ridiculous levels of skill required to actually beat modern browser security (note: I do not include the still unsandboxed Firefox in this category).

What's been happening in recent years is that more and more bugs are being found by whitehat hackers first, with the complexity and difficulty of beating them going up radically over time. It used to be that random hackers in their bedrooms could put together browser exploit kits. Nowadays the people being whacked by clicking on "bad links" are mostly people who aren't keeping their software up to date properly or using decent browsers. Remember SQL Slammer and Code Red? It used to be that teenagers could find RCE vulns in Windows. Now it's much harder.

This trend is reflected in the rapidly escalating cost of buying exploits on the black market. There didn't even used to be a market for exploits.

Also look at the escalating difficulty of jailbreaking iPhones and Xboxes. The defenders learn from each successful attack and each time they fall, they get back up stronger than before. And that's despite the fact that there's hardly any money in writing secure software. Many customers will be happy if you simply patch holes that are reported to you, with few people choosing which product to use on the basis of a good security track record.

So it seems like things are getting better and the game is rapidly moving beyond many attackers abilities, the age of the script kiddie is largely coming to an end when it comes to attacking user endpoints. Instead a new game is starting, one where professional teams of government sponsored hackers fight against professional teams of private-sector sponsored defenders. We can claim this isn't progress of a sort, but without the previous hardening efforts, the industry would be tackling both types of attackers at once ...

Comment: Re:A Corollary for Code (Score 1) 210

by TheRaven64 (#49378147) Attached to: Why You Should Choose Boring Technology
Not knowing about trickier parts of a language doesn't mean that you don't use them. I recently discovered some code where experienced C programmers didn't know that signed integer overflow was undefined in C. This meant that the compiler could optimise one of their tests away in a loop (nontrivially, in a way that's difficult to generate a warning for) and turn it into an infinite loop. After a few weeks, their code would hit this case and infinite loop and freeze. Unless you know that this tricky part of the language exists, you don't know enough to avoid using it.

Comment: Re:More... (Score 1) 210

by TheRaven64 (#49378133) Attached to: Why You Should Choose Boring Technology
The original justifications for hating goto referred to a non-local goto (or, exceptions, as the kids call them these days) which made it very difficult to reason about control flow in a program. The new reasons for hating goto in language like C/C++ relate to variable lifetimes and making it difficult to reason about when variables go out of scope.

Comment: Re:Reminds me of one thing (Score 1) 737

by IamTheRealMike (#49352757) Attached to: Germanwings Plane Crash Was No Accident

Because then everyone dies when the computer fails. Autopilots regularly fail and expect the pilot to take over

I think this depends on your definition of "fail". As far as I know true computer failures where the machine just goes crazy and tries to crash the plane are non-existent. What happens more regularly is the autopilot sees that something weird is happening and chooses to disengage itself - presumably an autopilot program could be written that never disengages and always does the best it can to fly the plane, unless deliberately disengaged.

This is particularly problematic when sensors fail, as they did in AF447, and the computer doesn't know what's going on any more.

No, this is irrelevant. If the planes sensors completely fail then the pilot doesn't know what's going on either, and the plane is probably doomed no matter what. In normal operation these planes are flying in a very small speed corridor between disintegration and stalling. If you don't know how fast your going a stall or overspeed is pretty much inevitable, and if you don't know how high you are even basic visibility problems can cause a crash into the surface. Neither human nor computer can succeed in such a situation.

Comment: Re:Check their work or check the summary? (Score 2) 485

by Coryoth (#49336973) Attached to: No, It's Not Always Quicker To Do Things In Memory

And this is why we should not teach CS101 in Java or Python. If they'd been forced to use C this whole experiment would have turned out differently.

Not at all. If you wrote your C in memory string handling as stupidly as they wrote the Python and Java you will still get worse performance in C (e.g. each iteration malloc a new string and then strcpy and strcat into it, and free the old string; compared to buffered file writes you'll lose). It's about failing to understand how to write efficient code, not about which language you chose.

Comment: Re:Do what you can to support this (Score 2) 186

by TheRaven64 (#49335787) Attached to: New Bill Would Repeal Patriot Act
There was an article a few years ago about how Congressmen judged popular support. I don't know how true it is now, but back then most of them got under ten letters for any given bill. Anything that got 100 was judged to be really important to their constituents. Basically, if everyone on Slashdot who is a registered voter in the USA actually bothered contacting their representatives (a form letter doesn't count, those are ignored, but a couple of short paragraphs will be counted as a separate mail) then they'd be perceived as representing popular opinion.

"Stupidity, like virtue, is its own reward" -- William E. Davidsen