Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Security 102, chapter 1 - Risk Analysis (Score 1) 113

If you go a bit beyond the corporate-mandated annual security training, most information security curriculum says that step one is identifying the assets at risk and their value. It would be silly to spend $50,000 turning your garage into a vault to protect a $15,000 car, and similarly for information security the value of the asset determines the maximum effort you should put into protecting it. This not only avoids wasting more time/money/hassle than the asset is worth, but it allows you to spend your efforts on the most valuable assets. Any time/money spent on a low-value asset is time NOT spent protecting a higher-value asset.

The identity of your favorite gaming site is worth about 5 cents US, so it is error to spend more than 5 cents worth of time trying to protect that information.

Additionally, in most cases it is better to protect and encrypt data on a per-account basis, for both technical and practical reasons. On a laptop, that means you encrypt the home directory, not the system. Multiple user logins have separate encryption, and one account can't access the encrypted files of another account. If you want to take it a step further, you can have a work account on the machine and a separate account for checking personal email, etc. Along with the obvious security benefits, that avoids having the browser or search engine auto-complete a URL based on *personal* browsing history in the middle of a presentation.

Given per-account security, a guest account with restrictions on it is quite feasible, and a theif would likely click the guest account.

Comment Per-account encryption is often better than full-d (Score 1) 113

In many cases, it is better to encrypt files for each account separately, rather than full-disk encryption. This is partly because most full-disk encryption sucks in one of two ways. (Google "ecb penguin" for an example.)

Along with avoiding technical problems with full-disk encryption modes, this improves security because the user of one account can't access files owned (and encrypted) by another account. You can even have a "guest" account for a houseguest to use, and guest can't access your files.

Since you have a guest account anyway, the guest account might also be configured appropriately given the knowledge that a thief might one day use it.

Comment Re:Hey look! (Score 1) 175

Smalltalk has been influential, but some of its key ideas have failed. For example, its approach to software development (browsers, images) has largely failed. Its "everything is an object" approach has failed. Its syntax has failed. Object and type systems of major languages (Java, C#, C++, Python, JavaScript) are substantially different. Concurrency has gone in a different direction.

And we're not catching up with the past; Smalltalk has been mined for ideas to death and every idea in it has been tried multiple times. What hasn't caught on by now has failed for a reason.

Comment Self-taught is great. The language is the glossary (Score 4, Interesting) 110

> I taught myself PHP

That's awesome. I respect anyone who has the desire to learn, the puts in the work, and has the discipline to see it through.

PHP is of course a language, a set of vocabulary. At the back of any textbook, you'll find a glossary, the language or vocabulary used in the book. You've already learned the language, the glossary, of PHP programming. If you look, you may find there's a lot of cool stuff in the other parts of the book, systems architecture stuff, software engineering, analysis of algorithms, etc.

You need to learn a programming language or two before you learn analysis of algorithms or software engineering, because the languages are the vocabulary words of the field.

To give a concrete example, when I started my current job, the company had a software system that worked - mostly. A team programmers had worked several years on it, and all knew the language they were working in. Customers just wanted it to be faster. It was definitely too slow. Although it was my first month on the job, when I heard the complaints of slowness I said in a meeting "I'd like to take a look at that; I can probably make it 20%-30% faster easily enough for now, then do more after I understand how it all works." The team was rather skeptical, in fact they chuckled out loud at my claim, saying "I rather doubt you can do that". "How long do you think that'll take?", they asked. "Give me a week", I said, though I hadn't yet seen the code. They laughed again, hundreds of thousands of lines of code and this new guy was going to make it 20%-40% faster in a WEEK? Doubtful, they said. To put me in my place, they said "sure, go ahead and try that [wiseguy]."

As I left the meeting I realized I had just taken a big risk. When I went home I told my wife that I had just bet my reputation at the new job on a claim I only hoped I could fulfill. If I failed, it would establish that I'm an arrogant prick. If I succeeded, I'd be known as possibly the best programmer in the building.

Well a week later I had it running 30% faster. Why could I, in a week, make drastic improvements to code they'd been trying to speed up for months and years, code I'd never even seen before? They all knew the language almost as good as I did. But I had been taught to study much more than the language. They knew C, Perl, and Erlang; I knew algorithms and cache theory. So in a week I did in fact make major improvements to their years of work.

Now, I'm going to go upstairs and check the progress of my benchmark. Now six months into the job, a major customer again complained about slowness, so I've been looking at that for a few days. I hope to see that my three day's work has made the system another 20% faster. I'm a tad nervous because I need to impress the new boss, I think that by learning more than just the language (glossary terms) I'll be able to do that.

Comment Re:welcome to *public* utilities (Score 1) 313

Supporting the idea of a Republic where people get to vote makes me that? Good to know.

You seem to believe that voters can impose whatever they like through voting. That makes you a totalitarian.

I believe in limited government with enumerated powers, where voters can only make decisions within those enumerated powers.

Comment Re:welcome to *public* utilities (Score 1) 313

If you see any form of government as you enemy you are clearly not.

Not at all; minimal government is simply a "necessary evil".

But neither are you from that long discussion earlier.

You say that because you live under the delusion that the term "bound by a contract" has a meaning beyond the consequences of breaking the contract. There are no consequences to government for breaking a contract, and the consequences for you breaking a contract with the government can be arbitrarily dire.

Comment Free software assistant... already exists (Score 3, Informative) 53

Free software assistant... already exists

They've got an RPi image you can download, slap on a card, and be up and running with a USB mic and something to handle the audio out.

Seems to me like the FSF should pay more attention to what is already going on.

Comment Re:I'm ok with this... (Score 1) 313

Maybe if we take away all their benefits of being part of the US, they'll start giving a shit and living up to some of their responsibilities. I know, it's a concept conservatives can't understand...

Actually, that is the concept conservatives want: a small federal government that limits itself to national defense, protecting our borders, and international treaties, and otherwise doesn't hand out any benefits.

Comment Re:welcome to *public* utilities (Score 1) 313

I already exercised my "options" by coming to the US. And I don't want the US to turn into the kind of stagnant, oppressive system that I came from, where ending up "at the wrong end of a weapon" was an actual possibility.

I'm sorry if some pampered, privileged, ignorant Americans like you may not understand. Fortunately, as the election shows, not all Americans share in your delusions.

Comment Re:Hey look! (Score 1) 175

A trip to Wikipedia before posting is all you need to stop embarrassing yourself.

I don't need to make a trip to Wikipedia, being familiar with the implementation of three of those languages.

Objective-C's object system is indeed based on Smalltalk's.

Java's is not at all: it lacks duck typing, uses interfaces, lacks many of Smalltalk's dynamic features, and has separate value types.

Python's object system is also very different, with its implementation of objects as hash tables, and its use of bound methods.

But, yeah, if you only have a superficial understanding of OOP and those languages, you might erroneously believe that their object systems are all very similar.

Comment Re:welcome to *public* utilities (Score 1) 313

and if you leave them with the "free market", they are subject to profiteering

No, in a free market, competition keeps prices down. In fact, European countries have deregulated their electricity markets and simply give customers a choice between fossil fuel and renewable energy sources.

In the US today, electricity (public utility) is much *more* reliable, and affordable than Internet connectivity (private) is

That statement is wrong in many ways. Seriously, do some background research.

Comment Re:welcome to *public* utilities (Score 1) 313

He's an anarchist

Actually, I'm a minarchist.

who goes as far as saying you should be able to break any contract so long as it's to your advantage.

No, I'm simply stating a fact: contracts define actions and consequences, and people behave accordingly.

Government of any kind expects people to play by rules so is automatically his enemy so you are not going to convince him.

Government is the enemy because it isn't bound by contracts but can instead take your property, your liberty, or your life with no recourse.

Of course, you, being a totalitarian, aren't bothered by that.

Comment Re:welcome to *public* utilities (Score 1) 313

Unless you have the time and skill to generate your own utilities (water, electricity, telephone, internet) – and to home-school your children, then you NEED to have a governing power of some kind.

That "governing power" can be a simple private corporation or association. That means that the people making the decisions are the owners on the one hand, and the customers on the other.

When you open up governance to political processes and have the government grant monopolies, that is precisely when you get these problems, because then fossil fuel companies (or solar or whatever companies) will push through legislation by which they can enrich themselves.

Slashdot Top Deals

6.023 x 10 to the 23rd power alligator pears = Avocado's number