Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:ecosystem lock in (Score 1) 191

Yeah, it's obviously this.

Apple was first out with a slab phone, and I was accidentally on purpose an early adopter, and over the years I've picked up the apps I like and am used to, along with the music handling and what not - the hardware is good enough or better that it will probably never be worth swapping over, and I'm sure long term Android users feel just the same the other way.

Ignoring this is as stupid as people who review various laptops purely on hardware, as if OSX vs Windows (or Linux, I suppose, in these parts at least) didn't matter.

Comment jQuery is great in libraries vs frameworks (Score 1) 126

Personally, I find jQuery great as the baseline to support bespoke programming solutions.

There is a LOT of love for framework over libraries like jQuery, but in my experience most hit up against Dietzler's Law* pretty hard. with frameworks one has to be rock solid in the real browsers stuff AND the framework one chose AND the hacks you had to set up to meet the gap between requirements and the framework sweetspot. (vs bespoke, where it's just the real browser stuff and then straight to the gap ;-)

*Dietzler's Law: "Every Access project will eventually fail because, while 80% of what the user wants is fast and easy to create, and the next 10% is possible with difficulty, ultimately the last 10% is impossible because you can’t get far enough underneath the built-in abstractions, and users always want 100% of what they want" - but it's generally applicable

Comment Re:Oblig. Xkcd (Score 1) 247

This got a lot of publicity but it doesn't really add all that much security. Supposing you choose 4 words from a dictionary of 200k (roughly the order of magnitude of the OED), you arrive at about 70 bits of entropy. Conversely, choosing a 10-character password from a 62 letter alphabet (a-zA-Z0-9) yields 59 bits of entropy- the difference is only a factor of 1024. Attackers aren't so dumb as to just try choosing random characters- they have very good priors on how common any particular character sequence is in the typical password and will mix and match entire words, with or without leetspeak substitutions, etc.

Of course no matter how rigorous your policy, it all goes out the window once your users type the same password into some other random site.

Comment Complexity is a red herring (Score 2) 247

Complexity matters mainly if your attacker gains offline access to your hashes. Far and away the main source of password compromise is non-uniqueness (using the same password elsewhere). This is actually the main benefit of forcing a periodic password change. Graphical and gesture passwords are horribly insecure from shoulder surfers.
If you can, support as many factors as possible. Multiple factors gives your users flexibility- they may not always be able to receive an SMS or have a card reader handy. TPM-based virtual smart cards are super handy for remote auth from a domain-joined device- no cards or readers required.

Comment You're applying for the wrong jobs. (Score 2) 479

Don't apply for a dev job. Assuming there was sufficient math in your PhD apply for a data science or data analyst role, which will include a fair share of programming but also mentally engaging work. Hiring managers for these roles look for people that have strong analytical skills and the ability to learn new things (proof: you have a PhD). What languages you know is secondary in these roles to how well you dig in to a problem and deliver insights.

Comment assert side-effects and gcc fp optimizations (Score 1) 729

Gotchas more than quirks:
- the day you realize you put a side effect in an assert() call.
- the day you realize GCC, maybe it was V2, not sure this is still an issue, exploits extra bits of precision in the Intel FPU, *only if* optimizations are enabled, which causes certain iterative floating point algorithms (eg SVD) to fail to converge.

In both cases everything works great in debug builds but goes to hell in release builds and it's incredibly painful to get to root cause.

Slashdot Top Deals

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater