Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:A fatal flaw (Score 2) 95

Indeed, more information *can* yield a clearer picture of the event, situation, etc.

However, more data also simplifies the job of cherry picking data points to prove some totally random theory.

Hope drives the former, while laziness drives the latter.

Anything you say can *and* will be used against you in a court of law (except in cases where you're exempt from the extra paperwork of courts). That takes on a more ominous tone when you can't control the massive volume of data being collected and generated about everything you ever do.

Comment Re:GTFO! (Score 1) 480

I suspect the better people quit because mediocrity was being rewarded, which means the workload on people who don't do a crap job becomes impossible.

Of course, the longer term issue is also that the company is going to collapse and those who see it coming will jump ship before the whole company collapses and there are that many other people looking for jobs. "Company went out of business and I didn't see it coming" isn't a great response to "why did you leave your last job?"

Comment Re:Perfect summary of Perl from Larry himself (Score 2) 133

It really comes down to the developers mindset.

If you're writing something obfuscated to show how clever you are, it shows that you don't work in teams. I know perfectly intelligent people who like Perl 1-liners, but don't realize that the compactness means other people can't use or build on that work. Whenever I wanted to use one of those 1-liners, I always spent the first 20 minutes translating it into readable code with variable names so I could figure out where to add new features. That kinda loses its value if the useful part of the code would only take 5 minutes to reproduce from scratch.

I write Perl like I learned to write C, which means using functions where appropriate, sometimes creating Perl modules to keep all of the related functionality separate so the module could be used from multiple other scripts in the future. I've had new developers come in to a project I was previously working on my own and they were impressed that they could read the Perl code, it was documented, everything was in subversion, etc. If you're doing something with a lifespan and scope of more than one person, keep the next guy in mind when you start. And never forget that the next sucker to inherit your code may be your future self, so be nice to him too.

Comment Re:Perl is better than you think (Score 4, Informative) 133

Totally agree.

As much as Python is touted as the replacement for Perl, compatibility between Python versions is painful. While it's possible to write code that works in 2.4, 2.7 and 3.0, it's much harder and more limiting. I'm sure Python is great for environments where there's only one OS image and version of Python to support, which covers small to mid sized companies pretty well.

However, large enterprises tend to have legacy systems (RHEL 3/4 still run fine in VMs if you don't have to keep up on security patches) and non-Linux based systems. Solaris is pretty painless, but AIX can be painful.

Perl 5.8 has most of the functionality needed to be productive and covers systems with bundled versions of Perl 10+ years old. If you really want to reach, being compatible with 5.4 gets you to almost 20 years ago.

It's not that hard to write Perl so it's readable and maintainable by groups of people, as long as they agree to pretty basic standards. Functionally, it's no different than any other collaborative development.

Perl's biggest strength is how easily it can act as the glue between many different utilities, data sources, etc. There's so many CPAN modules available that it's not hard to find most of the big pieces of code and write what's left.

Comment Re:I don't think it's enough, but I have doubts to (Score 1) 331

Treating stupid kids as stupid kids is far better than the zero-tolerance approach often used.

However, once they decide they want to commit adult crimes, they should have adult consequences. A felony conviction for swatting following someone for the rest of their life seems pretty fair.

Comment Tamper evident (Score 5, Interesting) 88

From TFA: For those interested, FIPS140-2 Level 1 means that a device has at least one standard ("approved") security algorithm or function and Level 2 means that physical design is tamper-evident.

He seems to think little of the product, but it appears to me it meets the requirements just fine. It's obvious that his key was tampered with, and nothing was done to try to extract key data from the device. Basically, he can take one apart, but there's little chance someone's going to take my Yubikey in the middle of the night, duplicate the key data, and put it back without me noticing something is wrong. Sure, the NSA could probably do it, but they can't have the time with listening to everyones grandmas phone calls. =)

Comment Re:Stupid question: how do you use it? (Score 3, Interesting) 88

It's a second factor in two factor authentication (2FA) for applications that support it.

The one I find to justify it entirely is LastPass. All of the random sites on the internet that need credentials can have automatically generated passwords that are stored encrypted and I never have to remember them. I just have to remember the LastPass password and have the Yubikey setup with my account. The Yubikey integration requires a LastPass Premium subscription.

Of course, nowadays you can use google authenticator without having a piece of custom hardware or paying for LastPass Premium. But I don't mind supporting good companies with useful products.

Comment Re:my two cents (Score 1) 599

It's California, specifically Los Angeles - they are pioneers in fields worthy of Ig Nobel prizes.

If we really want to get away from the classic one-size-fits-all-future-factory-workers education model, trade schools should start around the Jr. High age.

Specialization is critical to the world today, so it makes sense to let people start specializing at an early age. I had to wait for high school to get a computer teacher who could point me in the right direction to learn new things, even though she told others that I knew more than she did. But she combined technical knowledge with people skills, a critical combination that took me several more years to learn. She recommended me for my first job as a programmer at 15.

It would be nice if outliers could be identified and pushed in a more productive direction at an early age. For some, that should be a specialized technical program, others may need remedial potato product upselling classes. Segregating people into groups for reasons other than merit is a trend that puts the US at a severe disadvantage against other cultures who can focus on ability.

Comment Re:You should title this "Patriot act to be repeal (Score 1) 188

You have to have faith that things will work out in the end.

The businesses that own those congressmen are being negatively impacted by the surveillance state. The US can no longer be taken seriously for security products globally because the NSA has to have a finger in every pie, and a plethora of vulnerabilities in every product.

We have the best government many can buy. It just takes time for that money to get in the hands of the large multinational corporations who can be trusted to take the most profitable path. Once the laws start to directly conflict with the ability of those companies to make a profit, and the lucrative government contracts dry up so it's no longer profitable to support the surveillance state, those companies will fight to repeal those laws, unless a third, more profitable option appears. The government would be in a real bad position now if they couldn't just arbitrarily print unlimited sums of money to keep that contract option going.

Of course, this is probably why a lot of people feel it necessary to prepare for the collapse of western civilization.

Comment Re:Jail time (Score 1) 538

Yes, that's exactly that would happen if Anonymous Coward was appointed supreme emperor. Fortunately, the existing corrupt politicians are unlikely to give up their power that easily. AC would be floating in a river by sun up.

I suspect the sentiment was more frustration that politicians are almost never held accountable.

Best idea on term limits comes from a bumper sticker: "Two terms. One in Congress, the other in federal prison for what they did while in Congress."

Comment Another bad omen for privacy and security (Score 4, Insightful) 309

It's a bad sign when those who care about security lose interest. The NSA is doing their part to eradicate secure crypto. Law enforcement agencies are commonly breaking the law to fish for potential criminals. The only protection available is what's written by people who are not subject to influence from the NSA. That's increasingly meaning open source or non-US-based companies.

Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.

On the other hand, the 1990s cryptography he mentions would be a huge improvement over many things we have today. Since the 90s, I've wanted the ability to have cryptographically signed financial transactions. Instead of financial institutions and credit reporting agencies using shared secrets, I'd like to have the ability to authenticate with a public key. I'd like to provide my public key in person to my bank so they know I'm authorizing transactions. Instead, they rely on secrets which are available to anyone who's willing to spend a few bucks and maybe break a few laws. Identity theft is so prevalent because we're basically relying on writing (at least a 4000BC technology) for security instead of good crypto. Hell, bad crypto would be an improvement over most of what's being done today.

I hope his opinion isn't representative of more people who have been involved with security and privacy issues, but unfortunately, I think it will resonate with a lot of us.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner