Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment CodeAnywhere (Score 1) 168

I used this service for awhile to see how I liked using an online IDE. Overall, it worked pretty smoothly. Some caveats:
  1. - You do have to be careful about accidentally closing a browser window/tab or hitting in the wrong place (triggers browser back button)
  2. - I felt a bit uncomfortable storing SSH credentials "in the cloud" as these are the "keys to the kingdom" for the servers I manage.
  3. - I run a local Dev server at my home office that I could not access since the "cloud" IDE initiated all SSH transactions from their servers, and my local server was behind the firewall.

Submission + - "Unauthorized code" in Juniper firewalls decrypts encrypted VPN traffic

m2pc writes: Ars Technica is reporting that Juniper Networks firewalls have been discovered to have had "unauthorized code" inserted into their ScreenOS software. Juniper has has published an advisory addressing the matter, with instructions to patch the affected devices.

From the Ars article: "NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier."

The rogue code was discovered during a recent internal source code review conducted by Juniper.

Comment Re:why so negative? (Score 1) 98

As others have mentioned, it's not that he may be onto something, it's the fact that he's using public roadways as his "lab" to test this stuff out that's the problem here. He could have the best AI in the industry but not account for some of the "corner cases" where his AI in untrained and then a family is killed. This doesn't compare to other companies like Google and Tesla who have access to private tracks with controlled environments and safety nets in place should something go wrong.

I'm all for the "hacker" mentality, except when it deals with real-life situations involving multi-ton vehicles on public roads that endanger the lives of innocent people. I'd leave that to the experts in the field.

Comment Re:Missing cost (Score 2) 160

Meetings can be another time waster and non-billable. Unless you specify upfront that _any_ time spent with the client is billable, you will eat the cost of sitting through sometimes hours-long meetings just to define the project you will bid and be paid on.

On top of that, some clients will expect you to meet them wherever they need you to be, even if it's several hours away, again at your own expense.

I've been freelancing for the past couple years and love it, but just keep this in mind!

Comment A good thing... (Score 1) 83

I personally believe this is a good thing. Walmart is #1 on the Fortune 500 list so they must be doing something right. Amazon.com is #29 on the same list BTW.

Having worked in the ERP/Logistics space myself, you don't get to be as big as Walmart without some serious tech in place and working.

If anything, maybe having more players in this space is good just for the competitive aspect; it will force others to lower their prices to lure customers!

Comment False Alarm (Score 3, Interesting) 41

The part where they wrote that the "HTTP_CLIENTIP" variable was apparently someone else's (another bank customer's) IP seems incorrect.

Analyzing the data I saw something strange. My own IP address wasn’t listed in variable HTTP_CLIENTIP and this listed address was also not an internal server IP address. When I translated IP address to the corresponding fully qualified domain name, the result I got was 80-166-145-257-static.dk.customer.tdc.net. Notice the .dk in the result? That means it’s an IP address from Denmark. I live in The Netherlands myself. That probably means that the IP address I’m seeing is from a web site visitor, and very likely a customer of Danske Bank. If I refreshed the login screen again, I would get to see a different set of data, from another customer. I repeated that a few times and got back different records each time. This observation is very interesting, but then again: very alarming.

Most likely this was simply their IP address or the IP address of some networking hardware or proxy downstream from them and the only reason it changed between refreshes was that it was a dynamic IP.

Simply dumping the contents of the $_SERVER variable in PHP could yield a screen full of variables like this. Many of these name/value pairs are also present in the HTTP headers that are exchanged between the client and server.

Comment Seen it firsthand (Score 3, Interesting) 154

At a previous employer, I got to see this whole turn of events unfold [the wrong person deciding to move to "The Cloud"]. It went something like this:

a) CEO (non-techie btw) gets wind of "The Cloud"
b) SalesForce.com reseller somehow gets past the call screeners and directly to the CEO's phone.
c) CEO flies to San Francisco to a "DreamForce" convention to see Sting perform and hear Colin Powell speak and hear Virgin and Coca Cola sing praises to the platform.
d) CEO signs up for 3 years of SalesForce.com and a bunch of addons without consulting anyone
e) CEO flies back and tells everyone (and I quote: "OK everyone, I'm driving this car down the street with no headlights on, hang on, here we go!")

Needless to say I was out of that place not soon after. It was a real shame to see this "Cloud" technology forced down everyone's throats on a whim of the CEO, when he had absolutely _zero_ input from anyone else in the company (IT or otherwise). Especially when we had a really good system in place that just needed a few tweaks to make it perfect.

My friend who still works there now as to run around like crazy coding a bunch of APEX scripts just to hold things together. It's a sad, sad mess unfortunately.

Comment You need to care (among other things)... (Score 2) 214

IMHO, a good developer needa to CARE about what he/she is writing. Here are some points I've gathered from two decades of development work:

Care about the code
The quality of the code, efficiency, consistency are all key. Internal documentation is very important. Even if you don't think anyone will *ever* look at that code again, guess again. Someone will probably end up going back over it in the future to fix a bug or add a feature -- often times that is YOU, the one who wrote it. So leave enough comments behind to tell the next guy (or you when you've long forgotten that code) what in the world you were thinking. I've known way too many developers that simply say "yes sir" to their boss and crank out the code as fast as possible. They don't bother to think for themselves things like "what would the customer want" or "how can I design this to be as efficient as possible but still be understandable"? People who view development as simply a "day job" and don't take pride in their work end up causing themselves and others pain down the road. Being a developer should be more than simply writing code that works. You should care enough to write code that works and is elegant.

Care about the end user
Whether your code is a script that nobody will ever see, or a GUI application that people will use daily, a good developer puts themselves in the customer's perspective. They care about efficiency. They care about how the people who will use their software on a daily basis will perceive it, and how it will impact their workflow. Try to imagine how shaving even a few seconds off a process that someone does many times a day could add up over the years. With the power of modern computing, it's all too easy to become lazy as a developer and not put much thought into scalability, or to write sloppy code that doesn't make good use of resources.

Care about robustness and security
Writing good code also involves covering yourself in terms of error trapping. Make sure your code can (attempt to at least) fail gracefully when the unexpected occurs. Also, make sure you always code with a view to security. Way too much software is written in such a way where security and error trapping is put off until later. All too many times, due to time constraints or simply forgetting, these tasks never get done, and as a result insecure, buggy software is released.

Don't be afraid to start over
Good developers also aren't afraid to refactor their code. Sometimes it takes finishing a good chunk of code and analyzing how it performs in the real world to realize you did it all wrong and you need to rip it up and redo it. That's OK. Try to learn from it and do it less as you mature as a developer.

Memorize the headers and APIs you use most
Try to memorize headers and such of key APIs and libraries you use often. Personally, I find it all to easy just to keep looking up that function over and over whenever I need to use it. But if you trust yourself and memorize the documentation, then you can code more efficiently with less interruptions from having to go and look up that function call every time.

Keep it simple
It's easy for a developer to code "the kitchen sink" and bombard the user with a million options and settings. Yes, the program can do everything someone could possibly want, but overwhelming and confusing the end user is never a good idea. It's much better to think things through carefully and build only what is necessary, or if all the options must exist, build it in layers so the most important options are visible first, then the advanced users can dig in and configure to their heart's content.

Comment BMW (Score 4, Interesting) 195

Most of the BMWs from the 90's onward are fairly hackable. You can find copies of the dealer software and production line tools on the web, and tools like NavCoder and similar allow you to control tons of the "convenience" features. Most of the modules have had their options decoded by interested individuals wanting to customize their vehicles.

Some info here.

Submission + - CurrentC Breached (cnbc.com)

tranquilidad writes: As previously discussed in Slashdot, CurrentC is a consortium of merchants attempting to create a 'more secure' payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."

Comment Re:incremental backups (Score 2) 150

This is the same problem we've always had, whether its someone's website on a shared host or a colo server. You need to back it all up and doing a naive dump of the entire thing will take too long and cost too much in bandwidth, so you take a dump of the entire thing once (preferably when you have the thing you're deploying locally) and then take incremental backups from there.

I agree with this approach. If you can get an initial full backup and then use something like RSync with a cron job to handle the incrementals, that would be ideal.
Some info regarding RSync with EC2 is here: http://stackoverflow.com/quest...

One of the worst offenders when it comes to data exports has to be salesforce.com. If you delete a single custom object they charge you upwards of $10K USD to recover your data: https://help.salesforce.com/HT...
Even worse, you get it back in CSV format. My former employer decided to go with them for their entire operation (sales, marketing, and production/warehouse). I left around the time they started implementation, and it was a complete nightmare!

Comment Re:Industrial Automation (Score 1) 146

Granted, I wouldn't recommend the Pi in an extreme environment where an error could lead to loss of human life or cause severe damage, but as an inexpensive controller for small operations, it works great. A company I used to work for is using them for test automation, and so far they have been very stable and a great little SBC for that task.

Slashdot Top Deals

The only perfect science is hind-sight.