Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Client-side validation? (Score 5, Interesting) 295

None should, that's not to say they don't. I worked for a company a while back that was dipping its toes into the google web toolkit, which allows you to write your web page's UI in Java and then converts it to Javascript. They ended up doing all their authentication on the client side, so you could just make a web request to the backend and create arbitrary users in any organization in the billing system. That included administrative users. When I reported it, the team writing the code said something to the effect of "You're just making calls to the backend! No one would ever do that!" That attitude is surprisingly prevalent in the industry.

Comment Re:Wait for it... (Score 0) 54

I'm inclined to suspect incompetence over malevolence, though. You know how it is, web site goes down under the load and some dumbass middle manager prone to hysteria freaks out about a "cyberattack." God knows he can barely even operate the office coffee maker without third degree burns. Wait, we're still talking about the FCC, right?

Comment Re:Error my ass! (Score 1) 142

Sure it was an error. They implemented ads in their keyboard and they had a switch to turn it on. So exactly what was the error? Switching it on at that point in time? Not realizing that their users would give two shits? Being out-innovated at every turn by Samsung? You think anyone involved in the decision process of "Hey let's put ads in the keyboard!" got fired? I guess their error was that they decided to be a bunch of underhanded twats and then lying about it when they got called out. Fortunately I won't be making the error of ever buying their hardware in the future, so I suppose it's an error in my favor.

Comment I Don't See That As Going Anywhere (Score 4, Insightful) 389

IIRC they beefed up the requirements for a constitutional amendment last year, and I'd be surprised if that gets enough signatures to get on the ballot, much less get approved by the voters. This sort of busybody legislation traditionally doesn't go anywhere and this story wouldn't be news until it at least ends up on the ballot, except that it's clickbaity enough to get a lot of clicks.

Comment Re:Wrong tool! Focus on what we need! (Score 1) 103

You could just link your binaries statically. That's always where I end up when I'm writing native software.

Back in the day when there were dozens of different unixes that you had to conform to, I would have said that a better build system would have been nice, but I'm currently working with ffmpeg on OSX and Linux and find that good old-fashioned makefiles more than adequate to build my code. It'd be fine for Java, too, if you didn't need to bring in 8000 separate components when building your system.

Comment Agile and Devops? (Score 1) 221

Agile and Devops won't do anything on their own to improve your security. I'd have a really hard time taking seriously anyone who thought they did. Also, the current state of the industry is not likely to change as long as there are intelligence agencies that feel that it's beneficial for software to not be secure. If you OS were truly secure, you could be that there'd be a constant push by those guys to introduce backdoors they could exploit.

Comment Re:Simple question (Score 1) 196

Ubuntu should be taken seriously, as they seem to be the most successful corporate takeover of Linux to date. Redhat seemed largely content to just follow along with community standards for components, but Ubuntu's been actively trying to dictate Linux standards since they started. And while I can see where they'r'e coming from with systemd and weyland, having spent the better part of the last couple years up to my ears in shitty X11 code, their tendency to dismiss actual legitimate concerns because "No one actually uses those features," is more than a little disturbing.

Comment Because (Score 5, Insightful) 230

We've seen how well private industry does it. In the places where taxpayers fund the internet, you get gigabit speeds at rates around a quarter of what private industry offers for any internet service at all. Private industry might complain that it isn't "fair", but private industry won't step up and do it, either. And if life were "fair", you'd die penniless in the gutter after spending a lifetime enriching yourself by destroying the planet. So I'm not going to worry about that too much.

Comment Still Just Using The Best Browser I Can Find (Score 1) 189

I'd drop Chrome in a heartbeat if anything better came along. If the Firefox guys implemented some features around making the browser harder to identify and give the user some control over the javascript being run and the page being presented to the user, I'd consider switching back. Someone recently posted a great idea to maintain two document trees, the one that's presented to the user and the one that the page javascript thinks is being presented to the user. Maybe add a page blacklist so I can remove those spammy sites that pop up toward the bottom of the first page on Google from the internet I see. And let me use my favorite editor when entering text posts. That would actually be pretty nice.

Slashdot Top Deals

grep me no patterns and I'll tell you no lines.