Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Perfect summary of Perl from Larry himself (Score 2) 133 133

It really comes down to the developers mindset.

If you're writing something obfuscated to show how clever you are, it shows that you don't work in teams. I know perfectly intelligent people who like Perl 1-liners, but don't realize that the compactness means other people can't use or build on that work. Whenever I wanted to use one of those 1-liners, I always spent the first 20 minutes translating it into readable code with variable names so I could figure out where to add new features. That kinda loses its value if the useful part of the code would only take 5 minutes to reproduce from scratch.

I write Perl like I learned to write C, which means using functions where appropriate, sometimes creating Perl modules to keep all of the related functionality separate so the module could be used from multiple other scripts in the future. I've had new developers come in to a project I was previously working on my own and they were impressed that they could read the Perl code, it was documented, everything was in subversion, etc. If you're doing something with a lifespan and scope of more than one person, keep the next guy in mind when you start. And never forget that the next sucker to inherit your code may be your future self, so be nice to him too.

Comment Re:Perl is better than you think (Score 4, Informative) 133 133

Totally agree.

As much as Python is touted as the replacement for Perl, compatibility between Python versions is painful. While it's possible to write code that works in 2.4, 2.7 and 3.0, it's much harder and more limiting. I'm sure Python is great for environments where there's only one OS image and version of Python to support, which covers small to mid sized companies pretty well.

However, large enterprises tend to have legacy systems (RHEL 3/4 still run fine in VMs if you don't have to keep up on security patches) and non-Linux based systems. Solaris is pretty painless, but AIX can be painful.

Perl 5.8 has most of the functionality needed to be productive and covers systems with bundled versions of Perl 10+ years old. If you really want to reach, being compatible with 5.4 gets you to almost 20 years ago.

It's not that hard to write Perl so it's readable and maintainable by groups of people, as long as they agree to pretty basic standards. Functionally, it's no different than any other collaborative development.

Perl's biggest strength is how easily it can act as the glue between many different utilities, data sources, etc. There's so many CPAN modules available that it's not hard to find most of the big pieces of code and write what's left.

Comment Re:I don't think it's enough, but I have doubts to (Score 1) 331 331

Treating stupid kids as stupid kids is far better than the zero-tolerance approach often used.

However, once they decide they want to commit adult crimes, they should have adult consequences. A felony conviction for swatting following someone for the rest of their life seems pretty fair.

Comment Tamper evident (Score 5, Interesting) 88 88

From TFA: For those interested, FIPS140-2 Level 1 means that a device has at least one standard ("approved") security algorithm or function and Level 2 means that physical design is tamper-evident.

He seems to think little of the product, but it appears to me it meets the requirements just fine. It's obvious that his key was tampered with, and nothing was done to try to extract key data from the device. Basically, he can take one apart, but there's little chance someone's going to take my Yubikey in the middle of the night, duplicate the key data, and put it back without me noticing something is wrong. Sure, the NSA could probably do it, but they can't have the time with listening to everyones grandmas phone calls. =)

Comment Re:Stupid question: how do you use it? (Score 3, Interesting) 88 88

It's a second factor in two factor authentication (2FA) for applications that support it.

The one I find to justify it entirely is LastPass. All of the random sites on the internet that need credentials can have automatically generated passwords that are stored encrypted and I never have to remember them. I just have to remember the LastPass password and have the Yubikey setup with my account. The Yubikey integration requires a LastPass Premium subscription.

Of course, nowadays you can use google authenticator without having a piece of custom hardware or paying for LastPass Premium. But I don't mind supporting good companies with useful products.

Comment Re:my two cents (Score 1) 599 599

It's California, specifically Los Angeles - they are pioneers in fields worthy of Ig Nobel prizes.

If we really want to get away from the classic one-size-fits-all-future-factory-workers education model, trade schools should start around the Jr. High age.

Specialization is critical to the world today, so it makes sense to let people start specializing at an early age. I had to wait for high school to get a computer teacher who could point me in the right direction to learn new things, even though she told others that I knew more than she did. But she combined technical knowledge with people skills, a critical combination that took me several more years to learn. She recommended me for my first job as a programmer at 15.

It would be nice if outliers could be identified and pushed in a more productive direction at an early age. For some, that should be a specialized technical program, others may need remedial potato product upselling classes. Segregating people into groups for reasons other than merit is a trend that puts the US at a severe disadvantage against other cultures who can focus on ability.

Comment Re:You should title this "Patriot act to be repeal (Score 1) 188 188

You have to have faith that things will work out in the end.

The businesses that own those congressmen are being negatively impacted by the surveillance state. The US can no longer be taken seriously for security products globally because the NSA has to have a finger in every pie, and a plethora of vulnerabilities in every product.

We have the best government many can buy. It just takes time for that money to get in the hands of the large multinational corporations who can be trusted to take the most profitable path. Once the laws start to directly conflict with the ability of those companies to make a profit, and the lucrative government contracts dry up so it's no longer profitable to support the surveillance state, those companies will fight to repeal those laws, unless a third, more profitable option appears. The government would be in a real bad position now if they couldn't just arbitrarily print unlimited sums of money to keep that contract option going.

Of course, this is probably why a lot of people feel it necessary to prepare for the collapse of western civilization.

Comment Re:Jail time (Score 1) 538 538

Yes, that's exactly that would happen if Anonymous Coward was appointed supreme emperor. Fortunately, the existing corrupt politicians are unlikely to give up their power that easily. AC would be floating in a river by sun up.

I suspect the sentiment was more frustration that politicians are almost never held accountable.

Best idea on term limits comes from a bumper sticker: "Two terms. One in Congress, the other in federal prison for what they did while in Congress."

Comment Another bad omen for privacy and security (Score 4, Insightful) 309 309

It's a bad sign when those who care about security lose interest. The NSA is doing their part to eradicate secure crypto. Law enforcement agencies are commonly breaking the law to fish for potential criminals. The only protection available is what's written by people who are not subject to influence from the NSA. That's increasingly meaning open source or non-US-based companies.

Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.

On the other hand, the 1990s cryptography he mentions would be a huge improvement over many things we have today. Since the 90s, I've wanted the ability to have cryptographically signed financial transactions. Instead of financial institutions and credit reporting agencies using shared secrets, I'd like to have the ability to authenticate with a public key. I'd like to provide my public key in person to my bank so they know I'm authorizing transactions. Instead, they rely on secrets which are available to anyone who's willing to spend a few bucks and maybe break a few laws. Identity theft is so prevalent because we're basically relying on writing (at least a 4000BC technology) for security instead of good crypto. Hell, bad crypto would be an improvement over most of what's being done today.

I hope his opinion isn't representative of more people who have been involved with security and privacy issues, but unfortunately, I think it will resonate with a lot of us.

I have yet to see any problem, however complicated, which, when you looked at it in the right way, did not become still more complicated. -- Poul Anderson

Working...