Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Levels of Security (Score 1, Insightful) 118

I'm quite tired of the hi-tech this-security-is-hackable discussion. Of course it's hackable. Everything is. That this product doesn't require ethan hunt just makes it worthless for bank vaults.

I highly doubt that this product is being sold as a replacement for secure systems. It's being sold as a supplement to, wait for it, a lock and key.

It's better than the fake camera with the blinky light.

This isn't slashdot-worthy news. There are lesser products out there. That's never news.

Comment Re:Knowledge of English (Score 1) 304

You can't just change operators, some ways of changing them would break the parser. For example: "if 5 > 6" might be normal, you can't change it to "if 5 0 6", you can't map "if" to "38" either.

But you can always do whatever you want to do, in your own pre-compile stage. Write code however you like, then write a converter to convert your syntax to the other one. If you can parse your own syntax, that's all that matters.

Also, > and GT are not the same in good languages. In perl, for example, the former is mathematical, the latter is linguistic. That means more than just a differing precedence too. It's a type-casting difference, it's also a readability difference. Am I reading math or logic, logic or instruction, programmatic algorithm or business application logic?

The difference is particularly functional with languages that recognize ">" as non-legible, and "GT" as letters. "gt" can be a case-insensitive match, whereas "GT" can be case-sensitive. > could interpret strings containing numbers (e.g. "File 123") as logically padded so File123 would come after File21, whereas gt would to the opposite.

Welcome to linguistic development. Anything can be done in at least a dozen ways. Some believe that makes the choice meaningless. Quite the opposite. It means that the choice you make says something about your code, and that enhances readability.

Comment Re:Most obvious problem: its questionable legality (Score 1) 135

Those aren't considered serious injuries. We're talking broken bones, and potentially life-long injuries.

But, as was said by another, within a licensed sparring gym is a different matter. I'd imagine that it's supervised, there are medical-safety measures and procedures in place, including someone to stop the fight, and I'd guess that the gym is somehow licensed or registered for it.

Comment Re:Most obvious problem: its questionable legality (Score 1) 135

In many countries, you simply cannot consent to serious injury -- at all, ever.

Things like boxing (and hockey) wind up being "prize fights", are under heavy regulation, and are supposedly set up with enough safety procedures to avoid serious injury, with exceptions being considered errors, and dealt with accordingly.

Cool, I guess there's one exception: you can consent to organ donation!

Comment Re:not all sets have a solution (Score 1) 208

who the hell has this in their brain that saying 'i don't know' is a BAD thing?

I'd rather have someone admit that they don't know everything than to try to fake it.

90% of the companies have zero clue how to interview. and it shows. the software quality is at an all time low and getting worse every day.

whatever you guys are doing, you are doing it 180degrees wrong. but you'll never admit it because .... won't ever admit you don't know something!

perhaps I've been doing software for too long, but I'm sick and tired of the bullshit games that companies play during interviews. coding used to be fun and we used to take pride in our work. now, its all about 'velocity' and agile and speed. all the things that are toxic to quality designs and implementations.

Comment Re:TL;DR? (Score 4, Insightful) 208

speed coding is a sign of youth, and to be honest, I am bored by kids who are at google and think they know everything.

speed is the WORST metric you can use to measure coders and programming skill. in my 35 yrs writing code, I never ONCE had to code while being timed. not a single god damned time. its stupid, it shows that you have no idea what real programming is like and it ends up being an agist test. younger kids, fresh from school are filled with algorithms and nothing else. those of us who have been away from school for decades not only don't care about memorizing algs, but realize that its the dumbest use of greymatter. we realize that anything that is memorizable is also searchable (online or in books) and its a total waste of your brain to store crap there that is easily found in ref material.

google: please just fix your fucking bugs in android and stop trying to show off how 'great' you are. maybe you can fix the year old VPN bug in android 4.4? maybe you can fix other bugs that languish? maybe you can STOP eol'ing things people use and actually support the code for longer than your summer fling.

and for the record, I've never once had to redo an already done linked list library or tree library. total waste of time to reinvent wheels. google bores me with their 'brain teasers'. I don't like to waste time on your so-called 'challenges'. and that goes for any other company that thinks that timed tests are, at all, relevant in software engineering.

Comment Re: The farther left you go, the more you lose (Score 1) 284

"if you can't protect it, don't collect it"

no government OR business has proven to us that they can safeguard our info. therefore, I will never willingly give info to any 'authority' that I don't have to, under pain of arrest or actual physical pain.

I could care less what 'good uses' they list. the bad overweighs the good. I safeguard my personal info as best I can and since we get an almost weekly news item about this or that company having a network or computer break-in, the industries have not proven that they can protect the info well enough.

until they can protect it, they do not deserve to collect it.

burn that into your memories, guys. IF YOU CAN'T PROTECT IT, DON'T COLLECT IT!

these days, those are really important concepts to internalize. teach that phrase to others and maybe, eventually, people will think before they hand over info 'just because'.

Comment Umm, no. Surface area? (Score 2) 220

There's often a lot of focus on actual/active security, and a lot less on determining the need for that security. Think of security like a power-to-weight ratio for performance.

The goal isn't to have great security. The goal is to have no successful attacks. "no successful attacks" is approachable from two primary vectors: "successful" and "attacks". Security focuses on the successful vector, by resisting.

Certainly, when it comes to contracting a provider, or rolling my own, a big provider might be better than I am. Of course, I can hire a consultant and get the best of both, and a big bill to match.

Obfiscation is not security. But it is a reduction in the actual number of attacks -- so long as it's working, of course.

I've been with small providers, I've been with large providers, I've been with Rackspace, and I've rolled my own.

The truth is that all four scenarios have had plenty of attempted attacks. But dive a little deeper, and something way more interesting appears.

When I rolled my own, I got loads of random attacks, mostly from China. Nothing persisted for very long. Nothing was particularly focused. And nothing was complicated. Almost all were easily dodged with standard surface-area-of-attack controls, like closing unused ports and not having general server bloat.

When I was with Rackspace, I had loads of help from their excellent support teams, and on occasion, wow did I ever need it! Persistant attacks, lasting for days, targeted attacks, ddos attacks with large systems on the other end. At one point we had over a dozen rackspace support personnel just fighting to kill stuff fast enough to keep performance up long enough to identify and resolve the issue without needing to take the server entirely offline.

I was very happy with Rackspace, and was with them for a decade. Now I'm rolling my own again, things are just much more stable that way.

So what's your preference? Being in a military compound, protected by a thousand soldiers in the middle of a war-zone; or being completely unprotected, on a mountain side, in upstate montana?

I'm choosing big-sky country, personally.

Also, I believe that Rackspace is partnered with a very familiar government spy agency quite directly -- since they both moved campuses at the same time the other year, and I was greeted quite aggressively, as you would imagine, when I visited Rackspace for a tour, and accidentally pulled up to the unmarked neighbour. Probably appropriately so, given that it was on a september 10th.

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer