Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Apple Iphone 1G (Score 1) 203

Since the first Iphone as such has become known as the "2G" and the second as the "3G", I suggest thinking of the Newton as the Iphone 1G. (OK, so there were a few different versions of the Newton itself. But at this distance in time, I think we can ignore that.)


Comment Re:LOL (Score 1) 569

He doesn't care about the e-mail client. He's trying to gauge whether he has total freedom to choose whatever tools he wants, or if the IT department pretty much dictates what he can or can't use.

Actually, it's not even really about whether developers individually get to choose the tools. It's about trying to gauge whether engineering as a whole has freedom to choose the tools, or whether it's imposed from above/outside. I've seen environments where literally the entire development team (including management) hates the source-control system, and the entire development plus QA teams (including management) hate the bug-tracking system, but corporate politics has left them with no mandate to get them changed against the wishes of the IT department. Perhaps that is indeed a rare pathology, but it's the one the question was intended to be diagnosing.


Comment Re:LOL (Score 1) 569

Pull a stunt like that and you'd strike out if I was interviewing you. To each their own, but fer christ sakes it is an email client not your main development tool!

Yes. That's why, as I said, I suggest paying attention to how they reply, not to which actual products they name.

After all, if you have major demands for extremely minor things like your email client, what kinds of demands are you going to asking for when it comes to actually doing your job?

For one thing, an email client is one of the primary tools of most jobs today, even software development jobs -- though I agree that in fact few, maybe none, are actually unusable.

But yes, the purpose of the question is very much for the interviewee to determine whether "major demands" for tools that are needed to actually do the job, such as source-control (which is why I indicated a harder line on that) are listened to or not. (It's not, as you seem to have inferred, a recommendation to make such demands at interview.) At the level I'd be interviewing at, for instance, you'd be taking me on not just for my experience in the design of software, but for my experience in the design of software-development organisations. The suggestion of "Babe Ruth" tooling isn't born from some prima-donna fantasy, it's the result of my having worked in both kinds of environments and seen the efficiency advantages. So that's one free piece of advice for your organisation without you even needing to have hired me.


Comment "Can't you enforce tooling?" (Score 3, Interesting) 569

What hardware/software am I expected to use at my desktop (e-mail, OS, editor, source control, etc.)?

This (certainly the email and source-control bits) is an excellent question to ask -- not so much because of what the answer as such, but because of your interviewers' reaction to giving the answer. If the interviewers frown or are apologetic about the answers, then that's a big clue that the IT department is run for its own convenience rather than the users' convenience.

For instance, if the email system in use is Outlook, ask if they have IMAP or SIMAP turned on, to enable non-Exchange clients. If the answer is no, then you know that uniformity gets enforced over convenience. You also know that nobody in the company uses any external mailing lists (such as the GCC or Linux kernel lists), as there's no way of posting to those from Exchange without looking like a fool.

If your interviewers sound cross or apologetic when describing the source-control system -- in other words, if the source-control system was dictated by IT without engineering buy-in -- then decline the job. Even if it were theoretically possible to do work in such a company, the excess overhead due to dealing with bureaucracy would make it an inefficient use of your time.

The absolute best answer you could get here is the one a VP of engineering whom I once worked for gave to a compiler vendor whose products we didn't want. "Can't you enforce tooling?", they asked him. "No," he said, "we don't tell Babe Ruth how to hold his bat."


Comment "Magnae Insulae Beati Brandani Branziliae Dictae"? (Score 4, Funny) 210

Look at those large islands to the west of the Canaries. They're labelled Magnae Insulae Beati Brandani Branziliae Dictae: St Brandon's Large Islands, Called The Branzillas. Branzillas? Nobody used -zilla to mean "large" before Godzilla, and it didn't become really popular until Mozilla. The whole thing is clearly a forgery by some 21st-century geek, probably a Terry Gilliam fan, trying to mock up a folk etymology of the name "Brazil". ;)


Comment Re:Wait, what? (Score 1) 391

While dereferencing NULL is explicitly not permitted, pointer arithmetic on NULL is permitted, and dereferencing any non-NULL memory address is permitted.

Not any non-null memory address -- only one that points into an object. As there is no object whose address is the null pointer, the dereference is still undefined. And the compiler knows that.

Another way of looking at it is that tun->sk is equivalent to (*tun).sk, which is even more clearly undefined in C.


Comment Re:Wait, what? (Score 5, Interesting) 391

Technically, however, the C standard allows tun->sk to be a valid address, so removing the test is a semantically-invalid optimisation.

No. Technically, if tun is null, dereferencing it in the expression tun->sk invokes undefined behaviour -- not implementation-defined behaviour. It is perfectly valid to remove the test, because no strictly conforming code could tell the difference -- the game is already over once you've dereferenced a null pointer. This is a kernel bug (and not even, as Brad Spengler appears to be claiming, a new class of kernel bug); it's not a GCC bug.

But as other posters have said, it would indeed be a good security feature for GCC to warn when it does this.



New Linux Kernel Flaw Allows Null Pointer Exploits 391

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"

Comment Re:Trademarks helps some of OSS best organisations (Score 4, Interesting) 226

It's a bit of a pain to explain why Firefox is the same thing as Ice Weasel.

"Because the Mozilla people have done something insane, egotistical, and counter-productive." There, that wasn't very painful.

As you imply, the reason that anyone who forks Firefox should be able to call the binaries their project produces firefox is the same reason that anyone who forks ls should be able to call the binary their project produces ls. Anything else just causes user confusion. If you want to have a trademark because you think you're so darn good that anyone else's version of your code just won't be the same, trademark your organisation name, not your project name. FSF Emacs vs XEmacs, FSF Glibc vs eglibc, coreutils ls vs BSD ls: there's no ambiguity in any of those cases.

By trademarking the name of the product, and imposing restrictions on uses of that trademark which affect people carrying out the normal processes of open-source natural selection, the Mozilla people have placed their own personal egos above the quality of the user experience. That's the sort of behaviour that open-source more usually comes as a blessed relief from.

That such restrictions on trademarked product names are allegedly compatible with open-source licences should be viewed as a bug in those licences, and Debian are absolutely right to call the Mozilla people on not being DFSG-free. If you want to pinpoint the moment they lost their way, it was when they trademarked "Mozilla" and named their foundation after it, and changed the mozilla tree so that it no longer built a binary called mozilla. If when they realised their "mistake" they'd changed the foundation name not the binary name, there'd be the Seamonkey Foundation's mozilla versus everyone else's mozilla, which would be perfectly straightforward, and they'd have generated much less ill will.


Comment Re:are you kidding? (Score 1) 361

The mass market wants tick boxes, and customers wanted P4S. If you didn't have P4S, you didn't sell. It's sad and believe me it's true.

Right, it wouldn't have been so bad if the customers actually did want Plays-For-Sure. In fact, they just thought they wanted it -- or worse, perhaps we just thought they thought they wanted it.

Here is a story about Plays-For-Sure. The Rio Carbon was in some ways the poster child for Plays-For-Sure, and for Janus DRM: it was one of the players which Gates himself waved around at the launch event. I don't know how many we sold, but it was a lot. One day in late 2005, Microsoft accidentally revoked the Rio Carbon Janus licence. Or, rather, apparently, they rolled out a new version of the software in the Redmond DRM servers, which made WMP erroneously think that the Carbon licence had been revoked. Either way the effect was the same: for about six weeks until they pushed out a WMP hotfix, nobody anywhere in the world could transfer Plays-For-Sure protected content to their Rio Carbons. And during this six-week period, exactly five users noticed, one of whom was a former Rio employee. That tells you all you need to know about the extent to which consumers actually used or liked Plays-For-Sure.

What saddens me most is the thought of all the cool stuff that we could have implemented if we hadn't been wasting our time doing Plays-For-Sure.


Comment Re:I think I have observed this! (Score 5, Interesting) 550

I turned a corner and swear I saw him sitting there. I even said involuntarily "Hi, Prince..."

Stories like this make me wonder whether we actually hallucinate the presence of cats, maybe even people, all the time, and it's only when it happens after the cat has passed away that we think twice about such events and realise that they must have been hallucinations...


Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman