Forgot your password?

Comment: Re:What now? 1 billion! (Score 1) 189

by EvanED (#46781839) Attached to: Apache OpenOffice Reaches 100 Million Downloads. Now What?

I would vote Excel in that contest. To me, comparing Excel to Python/matplotlib harkens a lot of the comparison of something like Python to a compiled language. The former gives you a REPL that lets you interact with your language easily, you can make changes and see them reflected without recompiling, etc. Well, Excel takes that one step further: with it, you don't have to do anything: as you change the input data, the calculated data changes immediately. With Python and matplotlib (at least as much as I've seen it), you don't have to recompile but you do have to re-run your script or take some other action besides just changing the data to get it to regraph (or else start writing your own wrapper).

Or not everything is graphing either. For instance, suppose you're picking between different mortgages and want to compare a few different scenarios. You can have cells for the interest rate, nominal loan time, points, extra prepayments, etc. and then have cells to calculate the total interest paid, actual loan time, etc. Want to see what an additional 1% does to your rate? Change 3.5% to 4.5% and... you see the effect.

Finally, I think spreadsheets often make data entry easier as well as just looking at tables easier. You can just grab and resize columns if something doesn't fit, as opposed to go and manually respace things. Entering data going down in a spreadsheet column is about as easy as it gets because you have an enter button on your 10-key: it's easier to type "17 25 4 12" than "17 25 4 12" even ignoring row vs column-ness.

At least personally, when I use a spreadsheet instead of going to Python/matplotlib or something else, those are usually the reasons why.

Comment: Re:Good. (Score 1) 89

by EvanED (#46780947) Attached to: RCMP Arrest Canadian Teen For Heartbleed Exploit

Second, he for your analogy basically stood outside and asked for some secrets and the homeowner yelled them back at him.

That's like saying someone who breaks into a house by throwing a brick through the window merely lets go of a brick when it has a particular trajectory and the glass just got out of their way.

Comment: Re:You can probably thank Microsoft for this... (Score 1) 189

by EvanED (#46780503) Attached to: Apache OpenOffice Reaches 100 Million Downloads. Now What?

Sure there were some incremental changes that took advantage of newer technologies, some new UI changes that I am not sure if it makes things better

This is going to sound like a shill, but I promise it's not; I've actually been really impressed with the Office UI changes post-2007. (For purposes of this discussion, let's forget about whether the ribbon itself was a good idea (I am actually pretty indifferent, to be honest) and just assume it's here to stay.) A few years back I went to work on a PowerPoint presentation in 2010 on a shared computer, than later continued work using 2007 on my own. And I definitely missed some of the changes -- where 2010 made much more accessible some operations that were more buried in 2007. And recently I was doing some collaborative work in Word 2013, and there were a couple minor but still nice changes to the way comments and track-changes were displayed in comparison to what I was used to (and have reason to believe changed since 2010).

I'm by no means a heavy Office user -- there will be weeks that go by where I almost don't open any Office programs. But at the same time, (1) they are making UI improvements and (2) I definitely don't think you can dismiss UI improvements for programs like these -- in some sense, 98% of the program is the UI for something like Word. Word's not doing any heavy computation behind the scenes that's the real thing you're interested in.

Comment: Re:I wonder how much damage... (Score 1) 189

by EvanED (#46780379) Attached to: Apache OpenOffice Reaches 100 Million Downloads. Now What?

OTOH, it is my wish that no one use MS Powerpoint anymore. It is dated and ugly

There's not a lot of good choices. And by "not a lot", I mean... pretty much 0, to be honest. Keynote might be one, but I haven't really used it and my standard line is that I don't want to spend a thousand dollars on presentation software, even if it does come with a free computer. (My other standard line -- re. Hackintoshes -- is that I try to have grown out of pirating and if Apple doesn't want me to give them money for a working legit copy, then fine, I wont.) Some other options like some of the HTML presentation libraries are kind of intriguing, and I haven't had cause to play around with them -- but I'm tempted they wouldn't be worth the added hassle of using separate programs to make a bunch of images and then having those images sit around in separate files.

And as tired as PPT is, Impress is still basically shit in comparison. PowerPoint is pretty much the best of a bad lot, IMO.

Comment: Re:Partial statistics (Score 1) 111

by hairyfeet (#46778719) Attached to: Steam's Most Popular Games

To me the point when HL2 shit the bed is when they pulled a Bioshock Infinite and fell in love with a gimmick...the gravity gun. In HL2 the GG was just another weapon, used in a couple of spots but other than those spots it really wasn't required. What did we get for EP 1? Gravitypaloza. By the time I was being forced to shoot basketballs at striders I was just sick of the stupid gravity gun, just as I got sick of infinite shoving that damned skyhook under my nose going "Isn't this neato"? Sure it was, before you BECAME ANNOYING ABOUT IT!!

As for so many games not played? Bundles, simple as that. You can get so many bundles on Steam that you soon end up with dozens of games and you only have so many hours in the day so...there ya go. Between the big Steam sales and Humble Bundles I probably got a good 50 games in a couple months, just not enough time to play them all before the next killer bundle comes along.

Finally as for Steam being "bloated" on OSX.....ever stop to think that OSX simply isn't very well suited as a gaming platform? Because on Windows you are looking at maybe 60Mb (I have Raptr AND Steam running and barely am using 100Mb) and from what I understand the Steam for Linux also runs quite well, which leaves OSX looking as the culprit from where I sit.

Comment: Re:ARM is the new Intel (Score -1) 108

by hairyfeet (#46776849) Attached to: Intel Pushes Into Tablet Market, Pushes Away From Microsoft

And this is different from what Google is doing with exactly? In case you missed the memo Google has been taking bog standard X86 laptops and locking them down worse than cellphones and as far as EEE? Google is already moved into the third phase by making more and more apps simply not work without GooglePlay API.

I find it hilarious how many are cheering because "Android has gots teh Linux" when in reality Google is about to make them its bitch. Have fun with that laptop that won't run 90% of the distros on distrowatch thanks to DRM or that latest version of AOSP that won't run half the apps in the playstore because its all tied to Google APIs, but "its teh Linux" so it can't be locked right?....oh wait

+ - WordPress 3.9 brings brand new editor and more features ->

Submitted by sfcrazy
sfcrazy (1542989) writes "WordPress users can now rejoice as the much awaited 3.9 arrives with some really stunning improvements. Writers and bloggers will now enjoy the brand new visual editor which is fully redesigned and looks more or less like Google Docs. It’s very mature, user-friendly and elegant looking. It has improved image management as well has HTML5 support for themes."
Link to Original Source

Comment: Re:What about a re-implementation... (Score 1) 284

by EvanED (#46767451) Attached to: OpenBSD Team Cleaning Up OpenSSL

Seriously, for performance reasons this dev-team bypassed malloc of all things; do you really want to assert that they wouldn't have bypassed a bounds-checker?

How would they have bypassed the bounds-checker? About the only way would have been to say int[] all_my_programs_data = new int[1000000000] and then write an interpreter for their own language that uses that array as its data store!

Let's take the example from XKCD: "HAT (500 letters)". To read past the end of the "HAT", they would have had to manually copy that string to some communal store, like all_my_programs_data, and then read past the end. Aside from completely ignoring the language runtime and implementing your own on top, in a language with enforced bounds checking you would not have been able to read past the end of "HAT"!

I've only clicked on your reply a couple minutes ago, but aside from "change the language runtime to no longer enforce bounds checks", I literally cannot think of any other way you would bypass a language's bounds checks.

Everything else, like overruns, overreading, etc is a result of that decision.

No it isn't! It's almost entirely orthogonal!

The OpenBSD malloc that they bypassed makes exploits of already compromised programs harder; that's why Theo refers to "exploit mitigation". If OpenSSL didn't have the overread to begin with, the fact that they replaced malloc would be a questionable decision but wouldn't have led to any exploit. And even with a hardened allocator (or most hardened allocators, anyway), the exploit is still there, it's just much harder to get anywhere near as much confidential information.

That's the only way that they aren't orthogonal: the two mistakes reinforce each other on OpenBSD. In all other respects, they are completely independent.

Comment: Re:What about a re-implementation... (Score 1) 284

by EvanED (#46766317) Attached to: OpenBSD Team Cleaning Up OpenSSL

While I broadly agree with your argument, I have to point out that the heartbleed exploit was due to the OpenSSL devs forgoing the system's malloc implementation and rolling their own abstraction for performance reasons.

No. No it wasn't. The Heartbleed exploit was a classic buffer overread bug that would have been prevented by any language with bounds checking.

On OpenBSD only (for some definitions of only), this bug would have been rendered harder to exploit because of OpenBSD's hardened allocator. An additional problem was OpenSSL's custom allocator and their lack of testing with the system one. Had they not done that, it would have been much harder to exploit on OpenBSD -- but only OpenBSD would have been helped (again, for some definitions of only), and the root cause of the Heartbleed bug was still there.

Comment: Re:What about a re-implementation... (Score 1) 284

by EvanED (#46764153) Attached to: OpenBSD Team Cleaning Up OpenSSL

Show me an OS with more than 1% market that has a kernel and network stack that is not written in C/C++.

I'd argue that's bad too. (Some sample evidence: Linux kernel buffer overflow (2013). Linux KVM buffer overflow (2013). Remote Linux buffer overflow that could potentially lead to arbitrary code execution (2014). Integer overflow seemingly leading to buffer overflow in FreeBSD (2013). Windows 8 double free vulnerability (2014). etc.) There needs to be a small kernel of code that is in something very low-level, but honestly most of what is in current OS "kernels" (and I don't think that term applies to a piece of software with tens of millions of lines of code) doesn't have to be. Java isn't the right thing and maybe you don't even want something GC'd, but I also think C isn't either.

Comment: Re:What about a re-implementation... (Score 1) 284

by EvanED (#46764063) Attached to: OpenBSD Team Cleaning Up OpenSSL

With so called "safe" languages people are less vigilinte because they can get away with being lazy and not really understanding what is going on.

[Citation needed]

In my experience, this might be true if you start talking about performance. It becomes easy to create and discord oodles of objects on the heap unnecessarily or whatever.

But I don't find myself becoming less vigilant when I'm working in a more abstract language. I find myself thinking more about the problem and less about implementation details.

Comment: Re:Lobbying aside (Score 1) 412

by EvanED (#46764025) Attached to: Intuit, Maker of Turbotax, Lobbies Against Simplified Tax Filings

Considering that 47% of Americans have a true tax liability of zero or less and that is caused mainly because of those "credits and stuff", then yes, the vast majority aren't straightforward but it is true that the IRS has all the necessary info once you enter all the required SSN.

First, the 47% is unusually high because of the recession; usually, it's a bit lower. Second, while you're true that most of the remainder will get the zero income-tax liability from credits, there's a substantial minority who don't have income enough to get above the standard deduction (e.g. students and non-workers). Finally, like you acknowledge, I don't think that "has credits" even maps very well to saying the return isn't straightforward for purposes of this discussion.

Comment: Re:The whole approach is wrong (Score 2) 186

by EvanED (#46760405) Attached to: The Security of Popular Programming Languages

A good coder with skills in secure coding will do fine with C.

I conclude from this and the list of security vulnerabilities in real life that there is no such thing as "a good coder with skills in secure coding."

Or at least no such thing as a project that only employs or accepts contributions from such programmers.

We are experiencing system trouble -- do not adjust your terminal.