Become a fan of Slashdot on Facebook


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:SQL Injection Trivial to Defend Against (Score 1) 193

Hiring a programmer who doesn't know how to eliminate SQL injection is like hiring a surgeon who doesn't know how to use a scalpel

I'd say it's like hiring a surgeon who doesn't wash their hands before operations. Even if they otherwise do a bang-up job, they could still screw things up.

[Though ... ]

Comment Would it kill you to mention the vulnerability? (Score 2) 115

Is it so subtle and insidious that it is simply impossible to name? Or do you just not understand what you're reading?

[Here, let me give it a go: Basically apps blindly trust network input and let it run in their execution context.]

[[Though I suppose when you put it _that_ way, you can't spend your time implying that it's somehow Java's fault.]]

Comment The TSA isn't the scary part, here. (Score 1) 349

The scary part is that the various parties are complaining about the TSA's efficacy rate, NOT about whether the entire program is mis-guided. So the likely response is not "Oh, nevermind then", it is to give them more money and latitude to be more intrusive until they find more of the contraband.

Comment Re:Never again (Score 1) 190

That's the price of the openness. You support fragmentation in Linux distros, but hate the fragmentation in Android distros? It's the same thing, and you're free to wipe and root your tablet and install your own version.

Really? There are basically Debian-based distros and RedHat-based distros. Unless you have very specific needs, you just update yourself along as new versions come out. If you don't want to play the upgrade game, they have specific releases which get longer-term support. And if you want to just stick with a single version forever, go for it.

Meanwhile, I have a 2013 Moto X which was promised Lollipop over a year ago, and indeed Motorola released it, but maybe it didn't work well, maybe they fixed it, but maybe Sprint isn't allowing it ... all of the "maybes" are because nobody from Motorola or Sprint (or Verizon or AT&T or ...) is willing to step up and say anything concrete.

Comment Why the anticipatory news? (Score 1) 65

When a system with a rolling release schedule like this _actually_ ships, that's (barely) news because now I can install it. Even more newsworthy is when it misses a release, because then you're plausibly talking about a hard-to-solve problem of some sort. But why would "The planned release will happen on schedule" be news worthy of any sort of general audience? I use Ubuntu, but I don't follow the day-to-day trials of stabilizing the next release because, honestly, it hardly matters which specific version of apache or bash is in there.

Comment Re:MOOC = Massive Open Online Course (Score 2) 112

MOOC is not a commonly used term. The ones you mentioned are. Do you understand the difference?

Do you understand the difference between publishing a summary on CNN and publishing on a site where MOOC should be as commonly known as a term like SSD? If you are even remotely part of the IT industry, it is very unlikely that MOOC is a term you are unfamiliar with.

In terms of common usage, I would put MOOC in the same category as a term like UAT.

A) I know what MOOC means, but have no idea what UAT means.

B) Is Slashdot suffering a financial problem which requires that posting text be compressed into acronyms to save space? Is there a place we can send donations to help them get through this rough spot?

Comment Such access is not surprising at all. (Score 1) 103

Apparently Uber leaked the keys on GitHub, and allege that this IP address visited the page - along with tens of thousands of other visitors. It wasn't some sort of Mission Impossible nighttime raid or anything, they published things publicly.

If I were CTO of a company, and I saw a Slashdot posting about "YourCompetitor leaked all of their keys on GitHub!", I would probably click through. ESPECIALLY if I were in charge of preventing similar leaks from the company I worked for.

Hell, I'd probably keep an eye on what kinds of things my competitor published on GitHub simply to inform what kinds of things my company might want to publish, simply to stay competitive.

Comment The article alleges no connection, though. (Score 5, Insightful) 103

Apparently they leaked the key on GitHub, and allege that this IP address visited the page - along with tens of thousands of other visitors.

If I were CTO of a company, and I saw a Slashdot posting about "YourCompetitor leaked all of their keys on GitHub!", I would probably click through. ESPECIALLY if I were in charge of preventing similar leaks from the company I worked for.

Comment Re:Good for them (Score 2) 191

So what crime do I need to commit to get a free degree? Gotta make sure I stay in at least four years.

I think you have that backwards. Once you've been imprisoned, you're going to have a helluva time getting a job even with a degree. I see this as people finding themselves in a worst-case scenario, and picking up the pieces and making the best of things. You could go out and make the best of things all on your own, right now, no need for some external party to force you to face harsh choices.

Comment Re:Radios? (Score 1) 242

How in the name of all stupid plot devices does each and every space suit, vehicle, structure and other large chunk of habitat equipment not have its own, independent up-link to the multiple Earth-Mars radio relays we already have in orbit around that planet? I squirmed for the first hour because that was too much disbelief to suspend; over the years as habitat equipment appeared on the surface prior to habitation a big collection of radio equipment would unavoidably accrete; they'd be tripping over redundant radio gear.

Yeah, this bugged me, too. AFAICT the overall idea was that they did all these earlier missions to land supplies and stuff, but they didn't have a literal constellation of satellites in orbit to allow reasonable communications? Some of the responses to your post ask things like why we don't have sat phones, etc ... well, there's a difference between a few billion people with communications devices and six of them.

Additionally, mars geosync orbit should be lower, and the atmosphere shouldn't block as much and being 20 years in the future we should have better batteries and antenna and all that. And, even if half of that is wrong, you'd still expect the character in this book/movie to be able to malloc up a sufficient antenna and power to blast a shortwave SOS in the direction of earth.

Comment Re:Catch the rounded ones early (Score 2) 300

But, from the point of view of a child, a computer language is just a language, like French, German, or Japanese. The earlier a child is introduced to a language, the easier it is for a child to pick up.

Those other languages are natural languages which co-evolved with the humans who speak them. Computer languages are designed to express things to computers, and computers are not humans - they aren't even aliens, they have no innate consciousness, so they do not work with you to adapt your communications. Every little bit of it is artificially constructed and stylized, all the way down. Computer languages are no more like human languages than the jargon used by biologists is like a human language.

Or, let's take a more direct counter-argument - very few people learn computer languages during the early childhood learning window when children are supposed to be optimized for such learning. And yet many people seem to have no problems at all learning new computer languages well into their adulthood. This is really fortunate, too, because most computer languages have a limited shelf life.

God is real, unless declared integer.