Forgot your password?

Comment: Not for home users... (Score 3, Insightful) 80

From rtfs, it seems o3b is aimed at the ISP market. I think this could be quite neat, they are aiming at being a backbone provider for say a local wireless ISP on a tropical island, this ISP sets up their terrestrial wifi equipment, and sets up a link to o3b for backhaul.

This could transform the competitive landscape in a lot of these places where either a) becoming an ISP means signing a multi-thousands/mo deal with the 1 company that has pulled fiber under the sea for thousands of miles, or b) having no option, because the terrestrial land lines are all owned by the government run telco who has no interest in providing an upstart with bandwidth

Of course, for this utopia of competition to break out, it assumes that o3b will be charging significantly less than whoever has pulled fiber under the sea, and that government regulation in all these countries doesn't simply preclude the business model by granting unlimited monopoly power to the government run telco. I know in the 2 south american countries I've visited this second hurdle is much larger than the first... The government owns the telco, thats the only way to get internet, period.

But assuming I'm wrong about the regulatory landscape, and assuming o3b will have reasonable pricing, it almost becomes interesting to attempt to setup a wifi based ISP in some underserved country...

Comment: kettle, meet pot (Score 1) 294

by pavera (#47031939) Attached to: Fixing the Pain of Programming

I found it hilarious that the post bemoans the state of getting started with a new environment, and how it invariably requires a tutorial, and that is terrible.... And then you download their software and you're presented with a blank screen and no idea how to get started... so you turn to you guessed it.. a tutorial.

And then a tutorial that isn't even illustrated, so you can't tell what is supposed to happen with you hit cmd/ctrl+enter... I get a little checkbox next to my line of code.. I don't know what that means. Line is syntactically correct? Line executed? Line monitored by system? And it certainly doesn't provide any insight into the flow of data. I don't see a pane like I do in pycharm that lists the variables with their current values, I don't see any state.. Is that intended? I don't know, the tutorial doesn't inform me, and the environment is useless.

I don't generally use debugging tools, preferring to keep my abstractions shallow, my code small and understandable, and a test suite that can prove that my code is handling the cases its designed for correctly. In some projects, yes, complexity is a requirement, but I feel like the advent of IDEs and debuggers has only served to allow people to more easily break what is in my opinion the first rule of development:

  "Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it?" - Brian Kernighan

Break systems down into small manageable parts. Write the code simply and clearly. Write tests EVERYWHERE.

Comment: Re:Tough, Apple (Score 1) 180

by pavera (#44743481) Attached to: Patent Suit Leads To 500,000 Annoyed Software Users

The problem is apple *did* implement the standard, this is a classic submarine patent. Apple is using the standard SIPS+SRTP protocol... but guess what? These guys patented it a year before it was standardized, and now its the defacto standard in everything (IP Phones, LTE, literally all voice communications now use SIP)

So these guys printed a mint by patenting something, then getting standards bodies to adopt their standards, then claiming everyone infringes by implementing the standard.

Comment: Re:My give-a-darn meter is reading negative GADs (Score 2) 180

by pavera (#44743459) Attached to: Patent Suit Leads To 500,000 Annoyed Software Users

By my reading, this company virnetx claims to have patented SIP... So Asterisk, grandstream, and everyone else is probably on their list as well. Anyone who setups up direct communications between 2 endpoints violates their patent.

According to what I've read, using SIP secured by TLS/SSL and SRTP was only "standardized" in 2004, 1 year after these guys patented "setting up an adhoc VPN" between two devices automatically (which is what SIPS+SRTP does) according to them.

So, I guess we'll all use VoIP again in 2023, once this patent finally expires.

Comment: Re:As usual, some things got left out... (Score 1) 161

by pavera (#44693241) Attached to: Tesla Model S REST API Authentication Flaws

How is it sloppy security practice? You're seriously arguing that *every* *single* *api* on the internet *must* implement oauth right now because the api *will* be reverse engineered and users will be tricked into providing their credentials directly to a third party? Even when third party apps are not authorized? Every company with an api on the net *must* provide for third party access?

Oauth doesn't provide any security anyway. Users will still be tricked into providing their credentials directly to third parties (on phishing oauth portals). Whats going to stop someone from spoofing an oauth portal, and distributing an app that redirects to said portal? User enters username/password on spoofed oauth portal, third party has creds, does nefarious deeds. Oauth provides precisely 0 security if the user is not careful.

Comment: Re:Those who attempt to re-create Oauth... (Score 1) 161

by pavera (#44693167) Attached to: Tesla Model S REST API Authentication Flaws

Well, I'd argue this is one such context. There is no third party, Tesla's API is not designed for third party access, its designed for Tesla app -> Tesla API communication. Adding Oauth to this workflow, just for kicks, certainly would decrease usability, as you'd get redirected to a third Tesla page, to provide your credentials and generate a token for Tesla's own app.... The facebook and twitter apps published *by those companies* don't use oauth, they ask directly for your username/password

Saying Tesla's app should use oauth is crazy. Saying that anyone who publishes an API on the internet *must* implement oauth so third parties can access the API is equally crazy.

Comment: Re:Those who attempt to re-create Oauth... (Score 1) 161

by pavera (#44693123) Attached to: Tesla Model S REST API Authentication Flaws

Tesla wasn't even trying to re-create Oauth, they *don't* provide third party api access. They implemented a perfectly reasonable first party api authentication mechanism. If users are inclined to give their creds to *unauthorized* third party apps then that is on the user.

Every API in the world shouldn't be *required* to provide third party access.

Comment: Re:Major fail for Tesla (Score 1) 161

by pavera (#44693091) Attached to: Tesla Model S REST API Authentication Flaws

The problem with the article and the sentiment you express is that this api is *not* a third party api. It is not published, it is not intended for use by third parties. Oauth is a PITA. Why would tesla setup Oauth between themselves and... themselves?

Oauth is designed to work between 3 parties, the user, the "authenticator", and a third party app that wants to access the authenticated service on behalf of the user. In this case, tesla implemented an API for their app to communicate with, so there is no third party involved, and the system wasn't designed to support third party apps. Now, intrepid hackers have reversed engineered this api, and services have begun popping up that provide "functionality" via this api, but they require you as the user to fully trust a third party that is *violating terms of service* and using an unpublished api that they've reverse engineered. If you as a user trust this third party you are foolish.

There are no Tesla approved third party apps, this API wasn't designed for use by third parties, so why would anyone expect Tesla to implement a third party authentication protocol? Is the argument really that *any* API exposed to the internet must provide access to third party apps? That seems a rather untenable position to take. Certainly its not unreasonable for Tesla to ask for your username/password in *their own app*?

I'm much more concerned about banks not implementing oauth, and the fact that there are literally millions of people handing out their banking credentials to third party apps (mint, money desktop, etc). These apps are storing much more important (and much more valuable) info than any hacked third party app to honk your horn.

Comment: Re:OAuth for Apps? Seriously? (Score 2) 161

by pavera (#44692977) Attached to: Tesla Model S REST API Authentication Flaws

The problem with the article is there are *no* authorized third party apps that use this API. Tesla does not provide third party access.

People have reverse engineered the api, and then if you give these third parties your credentials, they can make calls to the api and do things to your car. The article is arguing that *any* API that is exposed on the net *must* implement oath so that third parties can use it. Seems pretty crazy to argue that any api exposed to the internet must implement third party app access.

Comment: Re:No Google apologist here (Score 1) 555

by pavera (#44430739) Attached to: Google Argues Against Net Neutrality

I don't know where in the US you live, but where I live (yes in the lower 48) I've been hosting servers happily on residential connections for 13 years, using 4 different ISPs over that time frame.

Every ISP I know of here (centurylink (qwest before buyout), att, and xmission) will gladly sell you static IP addresses on residential connections. Not 1, but a block of 16 or 32 (heck xmission will give you a full class C for just $60/mo).

Why on earth would you buy a block of 16 IPs if you can't host servers on them?

Now, since its not a business class service, you wouldn't want to put anything that needs super high availability on this connection, but thats perfectly understood, I'm hosting a few personal web sites, a couple blogs, a code repository, and a minecraft server... If the rest of the country really is so seriously locked down against having a mail server in your basement, I guess I better not move ever.

Comment: Re:Again Slashdot Cant Read (Score 2) 555

by pavera (#44430663) Attached to: Google Argues Against Net Neutrality

I didn't see that anywhere in the linked article, but *LOTS* of ISPs will let you run a server, even comcast will sell you a static IP (for $30/mo) and let you run a server. Sure if you're filling up your upstream pipe 24/7/365 they'll probably get upset with you, but I've been running servers in my house since 2000 when I first got dsl, business servers, hosting websites (mine and other people's), hosting email, blogs, voip, code repositories, minecraft, you name it... I've been on 4 different ISPs over the 13 years, and have never had a problem (even when the ISP was qwest... well there was a reliability problem then, but not a "shut down your service" problem).

Comment: pretty f'ed up google (Score 2) 555

by pavera (#44430645) Attached to: Google Argues Against Net Neutrality

Well.. I used to be jealous of the google fiber cities...

Now I'm happy to live on with my 40mbps/20mbps connection with 16 static IPs and an ISP that happily lets me host servers in my basement...

(minecraft, git repos, a couple web servers, media server, encrypted voip server for friends and family.... ) All cranking away on a couple old dell servers from ebay...

seriously I wouldn't go near google fiber with that policy if they paid me to use it, in fact they couldn't pay me enough to use it (well... maybe if they paid me 6-700/mo so I could afford to colo my 2 servers in a cheapo datacenter)

Comment: Re:how many of the jobs didn't exist as well? (Score 4, Insightful) 233

by pavera (#42024343) Attached to: Hounded By Recruiters, Coders Put Themselves Up For Auction

sure, I didn't completely understand/put together the multiple offers/engineer thing... as a previous poster pointed out. But as the previous reply stated, that basically makes the numbers meaningless so why share them at all except to brag... In that case its just a case of statistics (of the lies/damn lies variety)... They picked the biggest number they had (total value of all offers, regardless of whether all offers could be accepted) and put it next to the smallest number they had (number of engineers) to get an "ooh wow" effect.

It has nothing to do with their potential revenues as that is based on accepted offers, hence my assumption of 1 per person. It is then impossible to infer anything about how many offers each engineer got, or how much the individual offers were for (although, on average each engineer did get offers worth 350-500k/yr... just might have been spread over multiple offers). Each engineer could have received an average of 5 offers of $68k/yr each and that would hardly lead to any of the conclusions of the original article... IE that there is a labor shortage, or that companies are having a hard time finding people willing to work (or even that "there's a huge need for something better in this space").... But again you can't tell anything from these numbers without the total number of offers, or the average number of offers per engineer....

My mistake was assuming that the numbers had some meaning... Unfortunately they don't. No reason to get all uppity though, sure I made a mistake. I can own that :)

Comment: Re:seriously? not this again (Score 3, Insightful) 233

by pavera (#42022719) Attached to: Hounded By Recruiters, Coders Put Themselves Up For Auction

I agree with your premise there are lots of "developers" who have worked on a project that used technology X... And realistically only a couple members of any team are producing 70-80% of the code, but the recruiting agencies and HR depts are a huge part of the problem. I am (no really) in that 5%, but I have the hardest time finding jobs, because I've worked all over the map... From designing huge networks, to automating deployment of tens of thousands of network devices, to DB design/DBA type work, to software design, development, etc both web and client based. HR departments are so keyword driven, they don't know what to do with my resume. I'm repeatedly told by recruiters "Well, this company only wants java experience, so you're out because you have other experience on your resume". Or: "Your C++ experience isn't recent enough"... Sure it was 2 years ago, I'm sure the fact that I've been integrating a large C codebase with python to make it scriptable for the last 2 years I've forgotten all my C++... (And oh no that reminds me... its now been 4 years since I used java professionally.. I'll probably never get another java job again... or is that a good thing?)

I regularly teach myself new tech, and really enjoy working in the field, but the miscommunication between development and hiring managers/outside recruiters is very painful to deal with. I shouldn't have to explain to someone who's never written a line of code that there is very little difference between all these languages, and that I know I would be productive on a project written in C, C++, Java, C#, Python, PHP, Perl, Ruby, Javascript, or SQL within 2-3 days at most. Hell, I was one of the most productive Foxpro programmers at one job I had (no I don't list foxpro on my resume) and I don't even know the language, but I could sit down in code review with the foxpro developers and find/fix bugs all over the place.

On a different note
Why is the position so "unattractive"? Because you're only offering $50k/yr for 6 days a week plus a rotating 24 hr on call day? Where's it located? is it strictly an entry level position?

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater