Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:They'll deliver too... (Score 1) 138

by radish (#49128595) Attached to: Pebble Time Smartwatch Receives Overwhelming Support On Kickstarter

Kickstarter should only ever be used for new projects. Established businesses, artists, engineers, etc should not be allowed to sully the waters for people or projects that could legitimately use it

So what you're saying is one of the world's most successful smart watch manufacturers, with a healthy cash flow and established production and retail channels shouldn't be using kickstarter to launch their third generation device?

Comment: Re:node is going away. (Score 1) 318

by radish (#49082673) Attached to: Java Vs. Node.js: Epic Battle For Dev Mindshare

Of course you don't need tomcat to write a web service in Java. I don't even remember the last time I used tomcat - typically I spin up a simple JVM process with an in-process http server (I like simplehttp, there are plenty of others) and take it from there. The nice thing about that approach is your process isn't tied to http as a protocol - want something else? Just add another in-process server for JMS or whatever. Where I work we front plain jvm processes with haproxy (apache is a dog, and even nginx is overkill for simple proxying) and can get hit rates up to 100k/s per node depending on the workload.

The whole container model (e.g. tomcat, weblogic, etc) is heavy and while it does confer some benefits, if performance is a concern you shouldn't even consider it. In my previous enterprise life a hit rate of 5/s was considered high so honestly I could have used anything :)

The nice thing about using the jvm for this kind of thing is it's stable, tested and well understood. Not something I can say about the latest branch of a fork of something originally built for a browser.

Comment: Re:Electric cars work great in an urban landscape. (Score 1) 215

by radish (#49056861) Attached to: Japan Now Has More Car Charging Points Than Gas Stations

I frequently hear this comment about how desolate the US is compared to Europe (whether it's discussing broadband, cell service, electric vehicles, etc). I've lived in both significantly - and the difference really isn't that great. Yes there are great areas with few people in the middle of the US - but get anywhere near a coast or major city and it's plenty populated. And guess what? That's where most people live and therefore where most people drive. No one is proposing electric vehicles as the only choice (yet), but for a majority of the population they are or soon will be a viable choice - vehicle cost aside.

Comment: Re:College requirements are why.... (Score 3, Insightful) 809

by radish (#49051073) Attached to: Ask Slashdot: What Portion of Developers Are Bad At What They Do?

Meh. I wouldn't hire you because you come across as an arrogant prick who thinks he knows better than everyone else. That's a team dynamic issue, which is every bit as important as what you can or can't do technically.

That aside, your general point is sound - what matters is the person not what certifications they have. However, as others have mentioned there is a value to a (good) formal CS education, at least for the work I do. Self taught people tend to learn the minimum needed to solve the problem they face. There's a whole bucket of academic stuff (logic, complexity, stats) that don't often fall into that category but which are really useful as background knowledge. Someone teaching themselves python or ruby is unlikely to spend much time learning about CPU cache design, but that can be surprisingly useful when it comes to optimizing stuff. Just examples, there are always exceptions :)

Comment: Re:Are reviews objective? (Score 1) 135

by radish (#49033053) Attached to: Are Review Scores Pointless?

Since most reviews are prohibited from coming out before the game

Review embargoes are, in general, a good thing. I know you don't believe me :) If the outlet doesn't get the final version of a game until a few days before launch they don't have time to play the thing and write a decent review if they're competing with every other outlet to get that all important first post. Having an embargo takes that first past the post advantage away and lets the outlets actually spend the time they need to do the job properly.
That said, a game which puts it's embargo actually past the release date (as opposed to the day before or something) is likely doing so because they know the reviews are not going to be great and they don't want to scare away preorders. But that in itself is useful information for the savvy consumer :)

and one assume most of these websites are getting paid for favorable reviews

You might assume that, I think you're crazy. If it were true we'd see a lot less major sites closing down - Joystiq could have saved their jobs by just adjusting some review scores. Stop listening to the GG morons and take off the tin foil hat.

Comment: Re:Diminishing Returns (Score 1) 422

by radish (#48995815) Attached to: What Happened To the Photography Industry In 2014?

What you describe has always been the case, I'd guess even more so in the film days when the rate of change of bodies in particular was much slower. I think the theory is that as established photographers slow down their purchasing, new ones come up and are buying kit. I know I bought less last year than previously, but I still probably spent $1000 or so. The concern is whether people are being put off making the switch to SLR from phones or whatever.

I honestly don't see that - I see so many people spending money on a Canon or Nikon low end DSLR and running around using the kit lens thinking it'll magically improve their shots. They're not spending thousands but $700 or whatever isn't nothing.

My guess (and I haven't seen the numbers) is that we're in a situation similar to gaming. The bar has been raised so high that R&D is WAY more expensive than it used to be, and the market is struggling to support it. So it's not that sales are down or the audience is diminishing, it's that the cost of doing business is so much higher sales have to be that much higher again.

Comment: Re:So much for stability and uptimes... (Score 5, Interesting) 175

by radish (#48989773) Attached to: Greg KH Favors Rolling Release Distros

You know it's interesting. I used to work in finance. We, like you it seems, had a very locked down production environment with huge amounts of testing - pushing builds through multiple stages, reviews and signoffs. Once every month or so we'd shut everything down for a few hours in the middle of the night and roll the world forward. Stability was everything. Downtime was OK if scheduled, a disaster if not.

Now I work at a web company. We push to prod multiple times per day. There's a process, there are reviews and approvals, but it all happens much more quickly and at a more granular level. Change is constant but small, as opposed to infrequent but total. What's more we're a 24/7 operation so no downtime (as visible to the user) is acceptable. We simply can't schedule a few hours to do our rollout - everything has to happen live.

You know what I've noticed? We're no less reliable, overall, than the bank was. Yes we have issues, but they tend to be noticed, and fixed, much much faster. When you change everything all at once you run the risk of not being able to figure out what broke when inevitably something does. Rollback is painful because you have so many interdependent changes - in the end you have to pull the whole release to avoid one small issue in a single module. When you roll frequently the scale of change is small so isolating the bug is trivial, and rolling it back the same. Now of course there are huge differences in risk when you're handling people's money vs their cat photos, but I think the view that people working on an agile schedule don't care about stability, and that the only way to achieve stability is through reducing the frequency of change, is demonstrably wrong.

Comment: Re:So is the Internet Archive just a piracy site n (Score 3, Insightful) 198

by radish (#48752019) Attached to: Archive.org Adds Close To 2,400 DOS Games

And you're clearly going to be shocked if you ever learn how a library actually works.

Hint: the books (and CDs, and DVDs, and games) on the shelves are legally purchased copies, and are lent to a single patron at a time. They are not printouts of torrented epubs.

I love the Internet Archive but I seriously have no idea what they think they're doing here.

Comment: Re:Missing from my iPhone (Score 1) 421

by radish (#48744685) Attached to: What Isn't There an App For?

You should look at DLNA more closely (note it's a certification of UPnP so you'll see things listed under that category too). It's very common, there are plenty of FOSS clients and servers (here's a small list), and it's been around for years. It does not require any new hardware - most devices & software clients capable of streaming media already support it (check the page I linked - something like 18000 models). It seems like you're raging against something which does exactly what you want - allows you to easily stream your local content to local or remote devices over an open & cross platform protocol.

The reason devices are less likely to support SMB is that DLNA exists, is easier to implement, and provides a better user experience. There's literally no reason (that I can think of) to use SMB.

Comment: Re:Inexplicable gaps in Crypto products. (Score 1) 421

by radish (#48734249) Attached to: What Isn't There an App For?

Well I've no idea what this has to do with smartphone apps, but I'll bite.

1) Most public key products do use symmetric encryption for actual data transfer. The public key bit handles mutual authentication and the generation and exchange of the symmetric key. Your approach does this ahead of time, by throwing a crap ton of them in a file and copying it to the remote host (via what, sftp?).

2) The advantage of public key crypto is that there is (or should be) precisely one copy of my secret (the private key), so I have some hope of being able to control it. In your approach there is one copy per host. In a non trivial deployment managing that file to keep it (a) private and (b) current is going to be extremely difficult. All I need is one copy of that file (or a portion of it) and I can snoop any channel and modify any message in transit. The use of UDP is puzzling as I'm pretty sure that makes message tampering even easier (although I'm not enough of an expert to say that for certain).

3) I don't see the point of the passwords/hashes on top of the keys. If I have the key I can communicate with you, if I don't I can't. Adding another secret which is in the same file as the key doesn't seem to add anything (for one thing, if I have the key and can listen in on messages I can easily extract the passwords as they fly by).

4) All the stuff about file "copy numbers" is meaningless as you are trusting the peer to tell you honestly which copy it has. Rule number 1 in network security is you never, ever, trust the other side. Listener copy numbers are "256 and up" so I can just make up a random number in the 100000 range and I'm very unlikely to collide with yours, so the check passes trivially.

5) There's no host level identity. How do I know I'm talking to the host I think I'm talking to? All someone with a copy of the key file has to do is change the copy number and they can masquerade as any host on the network (with an appropriate DNS/IP spoof or whatever). SSH prevents that because knowing one host's signature doesn't help you guess another.

6) There's no user level identity. Who is logging in to this box? Are they actually allowed to do so?

7) Changing the keys all the time is pointless. Assuming I'm using a good cipher, extracting the key from the encoded stream should be essentially impossible, so changing it likely won't improve security. Moreover, if I have one of your keys I probably have all of them, so changing it won't stop me. Further, having to allow for clock skew introduces complexity which is potentially exploitable. If you were generating random session keys dynamically and exchanging them out of band somehow then periodic rolling wouldn't be a bad idea (because I'd have had to crack the crypto to figure out the first key. and now I have to start all over again).

There's more I'm sure, but it's late :)

Comment: Re:Missing from my iPhone (Score 1) 421

by radish (#48734081) Attached to: What Isn't There an App For?

SMB streaming is a pain because you have to deal with whatever formats you might encounter, plus you have to maintain a local index of content etc if you want to provide any decent kind of UI. Every SMB based streaming device I've used (including very expensive ones) has sucked. DLNA is a much better bet as the server can abstract away all the complexity, and there are a bunch of dlna client apps for ios.

Comment: Re:This is why I like Python so I can use OOP or n (Score 1) 303

by radish (#48728079) Attached to: Anthropomorphism and Object Oriented Programming

There's absolutely nothing stopping you writing procedural code in Java, just put everything in one class and mark all your methods as static. Of course if you're going to start interacting with the class library you'll have to bend to it's way of thinking but that's not a _language_ thing. Of course I don't recommend doing that, but it can be done.

This is why an experienced developer has multiple tools at her disposal - Java is great (IMHO) for a lot of things, but I'll pull out Ruby or Perl for some stuff, C# for others (e.g. when I want a native windows UI), Scala for yet more. There is no one size fits all, and just because one tool doesn't do everything doesn't make it useless.

Comment: Re:Buy two... (Score 1) 190

My 5-ish TB of data over at Crashplan begs to differ (and yes, I have a local copy as well).

Mirrored drives are not a good idea for data protection - for one thing an accidental delete (or overwrite, or ransomware, or whatever) will take your data out completely and instantly. Much better to do incremental backups at the file level, so you can restore deleted or damaged files from whenever you want in their history. Even if you don't want to pay for the cloud service, the crashplan software will do this very nicely to any target server.

There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson

Working...