Comment Re:Come on guys (Score 1) 320

Except when that 50kB patch puts you over your bandwidth limit for the month -- if you have a bandwidth limit -- and costs you "up to $100 at [the providers] discretion at any time". Quoted section from a large ISP for overage charges.

And that's assuming there was only one update for the entire month. There was a reason to set the ethernet connection to metered for many people.

Comment Struts2 idiocy. (Score 3, Insightful) 63

This is a lesson in sanitizing inputs.

What happens is that the OGNL interpreter can get started with the HTTP headers as the input. Sepcifically the "Content-Type" header.

Why anyone thought that using a full on interpreter to parse a string attribute was a good idea is beyond me.

Comment Re:PasswordSafe (Score 1) 415

The trouble with using bits of entropy as the measuring stick is cracking isn't done by brute force anymore. Even as of 5 years ago they started using dictionary attacks.

Which means that if you have a real word in there to create the 10 characters, the time to crack it is significantly shorter. And quick little substitutions (leet-speak) are being added in to the more sophisticated software so changing "password" to something like "P@ssW0rd" buys you a few seconds at best.

Comment Not good enough! (Score 2) 249

Give me control as to when to download the update.

I have a metered connection that is unlimited between 2:00am and 6:00am. Let me schedule the download so I don't burn through my available bandwidth with OS updates!

And don't hog my bandwidth when I'm actively using the computer!

Installing and reboots are the least of my concerns.

Comment Re:Also in the news (Score 1) 238

Depends on the game. Standalone installers usually require admin to install but then you can play as a normal user. The trouble is that most of the games my kids like to play are online so require updates.

Also, some of the online games require elevated access to handle the network connections.

Comment Re:Better options (Score 1) 374

I actually like Go. And as run-times go, Go has a very nice one. I was simply pointing out that it still has a run-time so it can't really be used as a low level language where direct manipulation of the hardware is required.

Of course, the whole IoT argument brings up some interesting discussions as it shows what people think IoT is and should be.

Coming form an embedded side, IoT is small, specialized hardware that has a network connection bolted on to the side. In this case, we need C and assembler. Managed languages can't do bare hardware.

Coming from a web services side, IoT is just another computer on the network. This would mean that we can create the web service in any of the high level languages and we don't care what's under the hood.

Both sides are kind of correct based on their assumptions. Personally, I'm an embedded guy. C is needed to get the hardware up...and then we can start whatever run-time we can fit in the left over memory. :-)

Comment Re:Better options (Score 1) 374

As much as Go is "compiled" it cheats. There is a runtime in there which handles all of the memory management stuff it just gets linked in to the executable. Check out the size of the "Hello world!" in Go vs. C and you can see the difference.

Comment Re:Coffee (Score 1) 229

By "Enterprise" I was referring more to "Enterprise development" not the size of the company. The enterprise development space is dominated by large corporations that are using the software to "streamline the work flow to achieve synergistic relations with clients and maximize..."

This field is usually dominated by languages such as SAP, Oracle, Java (EJB), and VB (6 or .Net).

As the software is defined as overhead (operations) and does not create a product, the developers are hired by cost rather than skill. The Daily WTF has quite a collection from this world.

Comment Re:Coffee (Score 1) 229

...I've worked as a developer in a few fields - engineering, defence, medical, and finance...

Well, there's the problem. Most of the complaints come from developers in the "Enterprise" development space. Big Business assumes software development is overhead. As such, it is to be minimized in any way possible. Sales are the important people.

Comment Re:Poor summary as per usual (Score 1) 432

I was involved as a witness to exactly one sexual harassment law suit. The woman who accused her boss of harassment was the Indian version of Phyllis from The Office.

She claimed her boss would play with himself when talking to her.

Her boss had a nervous tic: he jingled the coins in his pocket.

Nowadays this would be a shit-storm on social media.

