Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Security 102, chapter 1 - Risk Analysis (Score 1) 87

If you go a bit beyond the corporate-mandated annual security training, most information security curriculum says that step one is identifying the assets at risk and their value. It would be silly to spend $50,000 turning your garage into a vault to protect a $15,000 car, and similarly for information security the value of the asset determines the maximum effort you should put into protecting it. This not only avoids wasting more time/money/hassle than the asset is worth, but it allows you to spend your efforts on the most valuable assets. Any time/money spent on a low-value asset is time NOT spent protecting a higher-value asset.

The identity of your favorite gaming site is worth about 5 cents US, so it is error to spend more than 5 cents worth of time trying to protect that information.

Additionally, in most cases it is better to protect and encrypt data on a per-account basis, for both technical and practical reasons. On a laptop, that means you encrypt the home directory, not the system. Multiple user logins have separate encryption, and one account can't access the encrypted files of another account. If you want to take it a step further, you can have a work account on the machine and a separate account for checking personal email, etc. Along with the obvious security benefits, that avoids having the browser or search engine auto-complete a URL based on *personal* browsing history in the middle of a presentation.

Given per-account security, a guest account with restrictions on it is quite feasible, and a theif would likely click the guest account.

Comment Per-account encryption is often better than full-d (Score 1) 87

In many cases, it is better to encrypt files for each account separately, rather than full-disk encryption. This is partly because most full-disk encryption sucks in one of two ways. (Google "ecb penguin" for an example.)

Along with avoiding technical problems with full-disk encryption modes, this improves security because the user of one account can't access files owned (and encrypted) by another account. You can even have a "guest" account for a houseguest to use, and guest can't access your files.

Since you have a guest account anyway, the guest account might also be configured appropriately given the knowledge that a thief might one day use it.

Comment Self-taught is great. The language is the glossary (Score 3, Interesting) 99

> I taught myself PHP

That's awesome. I respect anyone who has the desire to learn, the puts in the work, and has the discipline to see it through.

PHP is of course a language, a set of vocabulary. At the back of any textbook, you'll find a glossary, the language or vocabulary used in the book. You've already learned the language, the glossary, of PHP programming. If you look, you may find there's a lot of cool stuff in the other parts of the book, systems architecture stuff, software engineering, analysis of algorithms, etc.

You need to learn a programming language or two before you learn analysis of algorithms or software engineering, because the languages are the vocabulary words of the field.

To give a concrete example, when I started my current job, the company had a software system that worked - mostly. A team programmers had worked several years on it, and all knew the language they were working in. Customers just wanted it to be faster. It was definitely too slow. Although it was my first month on the job, when I heard the complaints of slowness I said in a meeting "I'd like to take a look at that; I can probably make it 20%-30% faster easily enough for now, then do more after I understand how it all works." The team was rather skeptical, in fact they chuckled out loud at my claim, saying "I rather doubt you can do that". "How long do you think that'll take?", they asked. "Give me a week", I said, though I hadn't yet seen the code. They laughed again, hundreds of thousands of lines of code and this new guy was going to make it 20%-40% faster in a WEEK? Doubtful, they said. To put me in my place, they said "sure, go ahead and try that [wiseguy]."

As I left the meeting I realized I had just taken a big risk. When I went home I told my wife that I had just bet my reputation at the new job on a claim I only hoped I could fulfill. If I failed, it would establish that I'm an arrogant prick. If I succeeded, I'd be known as possibly the best programmer in the building.

Well a week later I had it running 30% faster. Why could I, in a week, make drastic improvements to code they'd been trying to speed up for months and years, code I'd never even seen before? They all knew the language almost as good as I did. But I had been taught to study much more than the language. They knew C, Perl, and Erlang; I knew algorithms and cache theory. So in a week I did in fact make major improvements to their years of work.

Now, I'm going to go upstairs and check the progress of my benchmark. Now six months into the job, a major customer again complained about slowness, so I've been looking at that for a few days. I hope to see that my three day's work has made the system another 20% faster. I'm a tad nervous because I need to impress the new boss, I think that by learning more than just the language (glossary terms) I'll be able to do that.

Comment Re:PHP? That's software engineering nowdays? (Score 1) 99

I think the real problem is partial substitutability.

In both php and javascript if you use a number where a string was expected or a string where a number was expected the program will blunder on. If you are lucky it will produce the right results, if you are unlucky it will produce wrong answers. It is relatively unlikely to produce an error message and if it does that error message is likely to be a long way from where the mistake was made.

php's separation of the addition and concatenation operators increases the chance that a program will produce the right results despite accidental using the wrong type but it's still a minefield.

Java is statically typed. A caller can only pass your method the types it was expecting.

Python is dynamically typed but forbids use of the "+" operator on mixed strings and integers and will never compare a string an an integer as equal. So using an integer where a string was expected or vice-versa is likely to fail fast.

Comment Re:Tables are turning (Score 3, Insightful) 300

And what would you call this proposed bill in Wyoming? It's an unapologetic subsidy to the coal industyr, because clearly the Wyoming government believes that the Wyoming coal industry will not be able to compete with renewables. Now maybe the justification boils down to "we get more taxes from coal than wind", but whatever that justification is, the intention is clear, Wyoming coal is seen as being at a competitive disadvantage, and therefore it will be subsidized by making renewable energy sources more expensive.

Comment Re:Why is this a problem? (Score 1) 46

Ah, I see. Re-reading again, the last sentence makes that more obvious.

I'm wondering now if the negative tone was actually intentional or not, because TFA sounds a bit more neutral. I think much of it comes from the word "pressured" in the headline (which the article doesn't use). It makes it sound as though Google is sending goons to app developers' homes to... "encourage" them to upgrade their libraries.

"That's a lovely app you have there. It would be a real shame if something were to happen to it."

Comment Re:'America's Smokestack' ! (Score 1) 301

how many humans are actually working there?

Apparently, 6,673 people. Add another 1,110 at coal-fired plants, as that's sort of related to the issue.

It's telling that I had to get these numbers from sourcewatch (a progressive / left-leaning group), because I first looked at industry websites and couldn't find employment numbers. Given these numbers, I can see why they don't exactly trumpet them. Coal is not actually a huge employer these days. It's more likely that they have a disproportional lobbying influence, especially since their industry is more or less under attack by environmental concerns, and has historically been an economic driver for Wyoming.

Comment Re:How insane can you get? (Score 1) 301

I know politicians are not very bright, and some, if not many, are corrupt, but how can they allow this to pass, especially when the alternative is coal powered power plants!

Wyoming is a major coal-producing state.

In the view of politicians, when you say "the alternative is coal powered power plants"-- that's exactly why they want to pass the bill.

Comment Can still ask permission, or fair use (Score 1) 140

It is perhaps worth noting that the guidelines are an additional grant of license by Paramount / CBS. People who want to do something outside of those guidelines can still ask permission, and I suspect it would be granted if it were in the same spirit as what the guidelines envision.

Of course, people can also still make Fair Use works, and "not for profit" gets you halfway to fair use.

> Star Trek Continues also violates the guidelines, but I have a hard time seeing how their copyright infringement is harmful to CBS/Paramount in any significant way.

It appears CBS and Paramount may agree with you - they haven't taken any enforcement action against Star Trek Continues, as far as I know.

I don't think CBS and Paramount could announce a policy of allowing "non-profit" use with professional cast and crew. They can be forced to honor whatever policy they publish, and a producer could pay himself a salary of $1 million. No "profit", that's his salary as professional producer.

Comment Re:Why not an x86 board? (Score 2) 76

Intel has parts that would work(albeit a bit light on GPIO); I've got a dreadful little tablet here based on the Z3735G, and they packed that CPU, a gig of RAM, 16GB of flash, a 1024x600 touchscreen, some sort of BT and wifi, and a battery together for under $50.

If they hadn't also burdened the device with some of the more agonizing firmware I've had the pleasure of dealing with(AMI's dysfunctional take on 32-bit UEFI, no compatibility support module, on a 64-bit platform? Sign me up!); it'd actually be a decent little Linux toy, since that Atom is supported by intel GPU drivers, not the freaky PowerVR stuff.

As best I can tell, though, the Z-series Atoms didn't attract all that much interest(they are comparable to ARM devices aimed as similar price performance niches; but not particularly superior); and vendors weren't exactly clamoring to buy the chips; and Intel doesn't really like selling parts that cheap. They'd much rather try to sell you on a Core M or the like.

There isn't a whole lot of reason to do it; or apparent interest; but it could be done.

Comment They compete in many projects, share community (Score 1) 76

The hardware is vastly different between the Arduino and the Pi, but in neither instance is the hardware the point. The point is all the community and everything which makes them easy to use, even for hobbyists.

At work we had a "show and tell" type event for a while. One guy brought his RPi, which he had hooked up to some triacs (think relays) to allow it to turn 120V devices on and off. I shared that I had built almost exactly the same thing with an Arduino. (I had also done the same with an old Pentium I got from the scrap pile). So same project, he used an RPi, I used an Arduino.

I'm not the only person who owns both RPi and Arduino - they attract some of the same buyers and community members. Sometimes when thinking about a project, I'm not sure at first if I want to do it with the Arduino or with the Pi. The Arduino probably *could* handle it, but there wouldn't be room left to add features later. So this Arduino I have right here and this Pi I have in this red case directly compete for my projects, even though the hardware is vastly different.

Slashdot Top Deals

One good suit is worth a thousand resumes.