Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Yawn. (Score 1) 498

There has been some research which arrive at the conclusion that yes, indeed, password rules are actually bullshit for security.

There's research out there that the world is flat as well.

h arrive at the conclusion that yes, indeed, password rules are actually bullshit for security. As mentioned in the summary, enforcing password rules will actually block provably safe passwords : - a base32 encoded 128bit pure random number. It's mathematically provable to be secure (if done by a cryptography-grade true random number generated, it's a 2^128 security, which is pretty good enough). But it's a 25 character long string of alaphanumeric. So it's not mixed case, and doesn't contain punctuation so it will be rejected by most stupid rules (also some rules have size specified as a range [9 to 16 characters], not a minimum [more than 8]. This will also reject a 25-long password).

No argument. However, there is research back to the 1970 (can't remember the article) of unix where X% were just one character in length. (no joke). So while the rules 'block' randomly generated passwords that are effective because they don't have a 1 or a ! or whatever, they also block the idiots who don't use a password generator. And how hard is it to just add a '!' to a randomly generated password to make it pass their stupid tests? What Atwood wants is a better verification that a password is randomized rather than just blind rules. (Possible but not an easy task)

Comment Re:Min 5 year warranty required (Score 1) 136

Considering I have an android phone (and no trouble getting accessories....) Seriously though. While I would like to agree with you on monopolies, I'm not sure sure that's the case here. There are other tractor companies (including ones from overseas). I agree that there is a huge corporate interest in moving toward "locked-in" items. But as others have pointed out - that makes openness a huge selling point.

Comment Folks, he said (Score 1) 289

your skills have a 2 year half-life...from a MARKETING perspective.

Let's take it in that order.

I've been reinventing myself every 5 years (roughly). I'll ignore my first 5 year gig (Fortran..sigh), and jump to C. I stopped doing C code (mostly) around 2002. Jump forward 2 years and my C skills are about half as marketable as before. Jump another 2 years and they're 1/4.

Doesn't mean I won't get paid what I'm worth or that jobs aren't out there. Rather, it's harder to find the next gig.

Would you hire someone who hasn't done C for 4 years? That answer should be "maybe".

I think he's a little aggressive. That half-life might be 3-4 years....but other than that, it's fairly accurate.

Comment Yes folks...the first thought is the "eval" funct. (Score 1) 195

But that's NOT the advantage to this.

Ever used JSP before? You know that JSP pages are compiled (either on the fly or precompiled) and (if you're smart) you stored off the compiled .java files so you can debug when you page goes belly-up.

(You have to store the pages, because the line numbers match the .java classes, not the JSP pages themselves)

Now, we're removing the compiling mess, moving it to .NET as a service, and standardizing the calling of compiling those pages.

Comment Last I checked... (Score 1) 195

Ruby and Javascript were interpreted languages. The kicker isn't the eval function, but rather the def/prototype functions. In Ruby, you can instantiate a String object named str, add a method to String, and then immediately call that method on str. Upshot? - Imagine for a moment replacing (or removing) an object's toString method on the fly.

Comment Currently flying on business (Score 1) 699

Twice a week. Every week.

Did I mention I refuse to go through the full-body scanners? I do NOT agree that they are safe. I always chose to opt-out.

None of my pat-downs have been that bad. But, prior to October 2010, there was a STRONG push by TSA for pat-downs - they hoped it would get people to accept the Full-Body Scanners their bosses got kickerbacks er... bought with tax payer dollars.

For the record - most TSA agents hate this as much as you do.....but they don't set policy. Most of them recognize that when I choose to opt-out of full body scan, I'm helping to keep more of them employed. :-)

Comment Sorry, I must disagree (Score 1) 582

I'm currently working in the field - in particular with a group of people from India. I have also worked with numerous Indians in the past. I *HAVE* seen Indian groups give preference to other indians. It wasn't uncommon at all with the major recruiting jobs competing for jobs. (Sidenote: that's starting to change - they used to not care which Inidian group got the contract as long as one of them did....but this recession is hitting everyone) I've worked with Indians who, frankly, knew way more than me. I've worked with ones that didn't know how to restart a deamon in RedHat. (And have been lectured about deamons from the same individual - sigh)

Comment Not so much overcomplicates.. (Score 2) 236

But does it solve the problem?

--But I can TALK to the car

That's nice. But the problem was getting the car to talk to you. A light that says ENGINE or CAR isn't informing the driver of anything. A light that say ENGINE or CAR with a button that then says "3rd cylinder O2 sensor is outside of boundaries. This is not a critical problem but get this looked at the next time you service your car." DOES provide information.

--But I wanted to talk to the car!!

Then get OnStar.

Comment BTW: in his own words (Score 1) 202

During my time as secretary of homeland security, the Transportation Security Administration began working to replace the 1970s-era metal detectors used at airports across America with modern technology able to detect non-metal weapons concealed by terrorists on their bodies -- even in their underwear, where Abdulmutallab allegedly hid his bomb. The latest versions of these machines -- sometimes called whole-body imagers -- are deployed at 19 airports, and the TSA is attempting to place them throughout the nation.


What's curious about this: at the time - there was only one company that made full body scanners - Rapiscan.

Comment Use the source Luke (Score 1) 202

Well, I don't know about YOUR definition of "representing", but when someone hires my company (me), I am most certainly "representing" them.

LOL, as for his "lobbying", go do some research - Chertoff advocated heavily and repeated for the full body scanners (such as those made by Rapidscan) after the underwear bombing claiming they would have detected the explosives.

He made no mention that this was an international flight and that the explosive would NOT have been detected - the full body scanners are deployed to the US, not internationally.

To draw an analogy, this would be as if Microsoft hired me to do penetration testing for them, I lobbied a local politician to buy more computers for the local school, and then you came along and started whining that the reason the school board didn't buy Macs is because I was shilling for Microsoft. It's retarded.

If you were a penetration testing expert and you claimed schools should buy them because they can't be hacked into...then yes I could claim you were shilling.

In fact, I have claimed that multiple testing organizations have shilled for Microsoft both now and in the past because they received cash and then "claimed" that Microsoft systems provided a clear advantage over their competitors. Where do you think FUD comes from? (Or do you think FUD is purely fiction?)

Moreover, even if what's claimed in that article were 100% true, it wouldn't support the original statement, which was:

"the purpose of these body scanners was NEVER to increase security, it was a gigantic kickback to former homeland security chief Michael Chertoff who received very well documented "consulting" positions with the company that makes those scanners"

You'd have to show that their purpose wasn't to increase security, AND that Chertoff got kickbacks based on actual sales, AND you'd have to justify the quotation marks around the word "consulting". Failing that, the statement remains an idiotic conspiracy theory, based on the delusional interpretations of a paranoid mind.

  1. I claim their purpose was to enrich the pockets of company that make the scanners (what, you think they're giving them away?)
  2. I claim Chertoff got kickbacks (no, the kickback do NOT have to relate to actual sales) - and he did, his firm was "hired", meaning money exchanged hands
  3. And finally I don't have to justify the word "consulting". At this point, I have enough of a case to question his judgement, or the judgement of any politician, by showing that money has exchanged hands -- if Chertoff wants to clear his name, he can explain in detail what consulting he provided and what cash he received.

If you don't want to connect the dots - that's your business, but Chertoff was hired by Rapidscan and Rapidscan is doing business with the Government.

Comment Cursory google search (Score 1) 202

with Michael Chertoff scanners.

4th item:

A few days later the Washington Post revealed that Chertoff represents Rapiscan - a maker of full body scanners drawing criticism of groups who oppose full body scanners "Mr. Chertoff should not be allowed to abuse the trust the public has placed in him as a former public servant to privately gain from the sale of full-body scanners under the pretense that the scanners would have detected this particular type of explosive," said Kate Hanni, founder of FlyersRights.org, which opposes the use of the scanners.

Continue reading at NowPublic.com: Full Body Scanner Lobby: Michael Chertoff & Rapiscan | NowPublic News Coverage http://www.nowpublic.com/world/full-body-scanner-lobby-michael-chertoff-rapiscan-2552674.html#ixzz1SkZjxX2P


Frankly, it's common knowledge.

Comment I won't argue that outsourcing is (Score 1) 250

the worse problem. It's hard to hire a 60k a year programmer when you can hire 10 6K a year programmers.

But H1B's don't help either. Ideally they should be paid market rates, but employers bring them in as junior programmer (lower cost) and once here, the H1B acts like a straight-jacket, making more difficult for the employee to quit/change jobs.

I'm better than an H1B - by a long shot - but financially it's hard to argue with an H1B and offshoring.

The solution for me is to open my own business. Provide the contracting/consulting/marketing that H1Bs and offshoring don't provide. Then when I get a contract, I can hire those guys cheap, verify the work, and rake in the difference as profit.

The long term solution is for this recession/depression to continue...as the dollar keeps falling against the rupie - those 6K programmer are suddenly 30k...and offshore...and everything else that makes offshoring and H1B difficult.

No wonder Indian officials are screaming to exempt their workers from Social Security.

Slashdot Top Deals

Mathematicians practice absolute freedom. -- Henry Adams