×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

San Francisco's Housing Crisis Explained

JDG1980 Simple problem, simple solution (357 comments)

The only way to fix the Bay Area housing crisis is to build more fucking housing. Anything else is just shifting the pain around. This doesn't even need to mean high-rises; European cities manage population densities far higher than U.S. cities with buildings that are mostly 5 stories or less. But if people want to build skyscrapers, let them build skyscrapers unless there's a sound engineering reason not to.

Fixing the problem requires that the NIMBYs be crushed and that all non-essential regulations be eliminated. Obviously the buildings need to meet safety standards, but in a crisis situation like this, everything other than that should go. No "historical preservation" crap, no ability of "neighborhood activists" to block development, no convoluted environmental impact statements. Let's face it, the Endangered Species Act was passed because people cared about charismatic megafauna, not snail darters or burrowing owls. As things currently stand it's primarily a tool of NIMBYs.

This problem goes back decades. Up until the 1970s we could build like crazy. Empire State Building? Barely more than 1 year from groundbreaking to completion. Hoover Dam? 5 years. In contrast, the Big Dig took 15 fucking years to finish (1991-2006). And these examples are not atypical of the time periods in question. During the 1970s, we gave troublemakers of all stripes the ability to throw sand in the gears of development in a dozen different ways, and they all started to use it. Enough of this crap.

4 days ago
top

The Security of Popular Programming Languages

JDG1980 Re:SQL injection attacks? (188 comments)

People are still writing code vulnerable to SQL injection attacks?

Yes, they are. It doesn't help when lots of online tutorials give crappy information, like saying to use mysql_real_escape_string in PHP instead of a proper parameterized query. (Using the escape function is better than nothing, but it's not foolproof and is needlessly convoluted.)

This tutorial, which ranks first on Google when I search for 'php sql', uses the escape method and does not mention parameterized queries at all. (The correct method is described here.)

4 days ago
top

OpenBSD Team Cleaning Up OpenSSL

JDG1980 Re:"Please Put OpenSSL Out of Its Misery" (289 comments)

Otherwise known as "the only sane way to simulate exceptions in C". Seriously. Read up on how "goto" is used in low-level code bases such as OS kernels, instead of citing some vague memory of a 1960s paper without understanding its criticisms.

I agree that using the goto statement is about the only sensible way to simulate a try/throw/catch block in C (of course, you can wrap this in macros to simplify). But that's a serious flaw in the C language, and it means that the maintainers of the C standard should have updated the standard with conditional execution methods that allows this to be handled in a more elegant manner – maybe something like Windows structured exception handling.

But 6,740 of them? Really? I find it hard to believe that all were necessary, unless OpenSSL's code base is even more bloated than I've been led to believe.

Otherwise known as "making the thing go fast". Yes, I want the bignum library, or hashing algorithms, to use assembly. Things like SIMD make these tasks really effing fast and that is a good thing...

These days it's usually recommended to handle SIMD with compiler intrinsics, not inline assembly. You get the added power without having to do the whole inner loop on bare metal, or worry about your register usage conflicting with that of the compiler. (GCC's inline assembly syntax is almost incomprehensible.) Maybe, maybe, there are a tiny handful of inner loop situations where you need actual inline assembly, but don't jump to that conclusion ahead of time. They should have first written the algorithms in C, then tested and profiled, then if there were areas where more speed would be helpful, try compiler intrinsics to speed up and/or parallelize the bit-twiddling; and only then resort to inline assembly if that wasn't good enough. But OpenSSL was full of premature optimizations like their crappy fake malloc that was designed for unspecified systems that allegedly had poor performance with the system malloc. Why should we all have to put up with poor security because some idiot is still running a 386?

4 days ago
top

OpenBSD Team Cleaning Up OpenSSL

JDG1980 Re:What about a re-implementation... (289 comments)

the fact that it was authored by someone who's more expert in security than you and has had more eyes to review it than your ad-hoc solution.

You may be right. Still... isn't that what most people were thinking when they used OpenSSL? It's a bad idea to roll your own crypto, we all know that, but we assumed that OpenSSL was written by people who understood security and that lots of eyes made bugs shallow. Turns out, that was completely wrong: OpenSSL was written by poorly trained monkeys, and however many eyes may have been scanning it, it obviously wasn't enough.

4 days ago
top

OpenBSD Team Cleaning Up OpenSSL

JDG1980 Re:What about a re-implementation... (289 comments)

And thay changes things, how? C++ allows all the same "unsafe" things as C does. Have you ever used C++ before?

Since C++ is a superset of standard C, yes, you can write the same kind of unsafe code in C++ that you would in C. And indeed many programmers do this.

But C++ gives you the tools to automatically catch various kinds of errors and memory leaks. If you use class destructors correctly, you can ensure that an object is automatically closed properly when it goes out of scope. There are a lot of standard classes such as smart pointers that are specifically designed with this kind of programming in mind. It's not 100% foolproof but it is a lot more reliable than having to remember to do it all manually in C (or C masquerading as C++).

4 days ago
top

Bachelor's Degree: An Unnecessary Path To a Tech Job

JDG1980 Re:Other than NY? (286 comments)

It took me 10 years, a degree, tons of hours of work, to get my salary up to that level and I am sure I could have been running some RG-58 pretty efficiently for the past 10 years.

Do you want to be digging trenches, fishing wires through walls, and squeezing yourself into tiny crawlspaces and/or attics full of sharp points, mold, and vermin?

Electricians get paid good money, too, and for the same reason – it's a difficult trade job that requires both physical dexterity and a reasonable level of intelligence. You can't really compare a job like this with a white-collar job where you sit behind a desk at a computer all day.

5 days ago
top

Bachelor's Degree: An Unnecessary Path To a Tech Job

JDG1980 What exactly is a "tech industry job"? (286 comments)

Tech industry jobs that do not require a four-year degree and may only need on-the-job training include customer services representatives, at $18.50 an hour, telecom line installer, $37.60 an hour, and sales representatives, $33.60 an hour.

There seems to be some confusion here. What exactly constitutes a "tech industry job"? I wouldn't consider any of the above three positions to be that. Customer service (as opposed to technical support) is a low-paid non-technical job that usually involves reading off a script. In most parts of the country it will pay a lot worse than $18.50 an hour (maybe as little as half as much). Telecom line installer sounds like a blue-collar trades job – not necessarily a bad thing if it pays well, but not the kind of thing that someone gets into the "IT industry" to do. And sales is, well, sales – the average techie isn't going to be at all suited for this.

The question really should be how important a college degree is for real IT jobs like programmer, network admiinistrator, or DBA.

5 days ago
top

NSA Allegedly Exploited Heartbleed

JDG1980 Re:This seems plausable (149 comments)

Then it is analyzed by genius hackers who are paid top dollar for the job.

"Top dollar"? This is a government agency. They pay based on the GS scale. Even if the NSA's security hackers were classified at GS-15 (the highest rate), that's about $120K a year to begin – if they really are "geniuses" then they could do better in Silicon Valley, and probably feel better about their jobs as well.

In general, the GS scale pays somewhat more than typical private-sector rate for low-end jobs, but considerably less for high-end jobs.

Government contractors rake in the dough, but that money goes to politically-connected businessmen, not rank-and-file employees.

about a week ago
top

Theo De Raadt's Small Rant On OpenSSL

JDG1980 Re:Summary. (301 comments)

If you're crashing out on reads, then every malloc(1) that crashes if you read 2 requires 4096 bytes of real RAM to store 1 byte of data--we get into costs.

4096 bytes of RAM as an unacceptable cost? Seriously? Besides, how often are you repeatedly allocating really tiny buffers like this? If you have to do that, then maybe there's a more fundamental problem with the way your code flow is designed.

about two weeks ago
top

Theo De Raadt's Small Rant On OpenSSL

JDG1980 Re:His rant could apply to almost any large projec (301 comments)

A lot of large performance-sensitive projects implement custom allocators in the form of arenas and freelists. Lots of platforms have a fast malloc implementation these days, but none of them will be as fast as this for the simple reason that the program knows more about its memory usage patterns than any general-purpose allocator ever could.

This is security software. You don't sacrifice the library's core functionality to make it run a bit faster on the old Celeron 300 running Windows 98.

about two weeks ago
top

Theo De Raadt's Small Rant On OpenSSL

JDG1980 Re:De Raadt is wrong (301 comments)

This is not a problem with OpenSSL, or the C Language or the Malloc implementation, this is a problem because everyone is relying on the same black box they do not understand.

That's a cop-out. Any kind of advanced economy needs division of labor. This is no less true of the IT industry than anywhere else. The people building the "black box" need to know what they're doing and it needs to work. Period.

about two weeks ago
top

Intel Releases $99 'MinnowBoard Max,' an Open-Source Single-Board Computer

JDG1980 Does this have real GPIO pins? (97 comments)

The Intel Galileo board has 8 GPIO pins, but these are not nearly as useful as on an Arduino or Raspberry Pi because they are actually multiplexed through I2C rather than connected directly to the processor, and thus are much slower to read or toggle than on other project boards. Is the same true of the MinnowBoard Max, or does it have real GPIO? This might not matter if you're going to use it as a router or NAS, but for embedded projects it can make a big difference.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

JDG1980 Re:I think this is bullshit (1746 comments)

What if he had said, "blacks don't deserve the right to vote"?

If someone said that in Alabama in 1957, would it be justified to deny them employment for the rest of their life even if they changed their mind after the Civil Rights Act passed?

Publicly acceptable positions on gay marriage are changing quickly. In 1996, Congress overwhelmingly passed, and President Clinton signed, a bill (DOMA) banning recognition of gay marriage across state lines. 10 years after that, few Democratic politicians, at least outside the most conservative states, would defend that position. But views changed slowly. In 2004, when running for the Senate, Barack Obama said that he thought marriage should be between a man and a woman. He said in 2010 that his views were "evolving", and at that point said he supported civil unions. Shortly afterward he came down on the side of supporting gay marriage without reservations.

The point is that this is an issue on which decent, well-meaning people have disagreed. To the extent that there is a majority consensus, it has only formed recently. Going back and retroactively persecuting people for their views before the consensus formed seems grossly unfair.

about two weeks ago
top

Brendan Eich Steps Down As Mozilla CEO

JDG1980 Re:I think this is bullshit (1746 comments)

I'm not clear. When did freedom of speech extend to the operations of a private business?

A majority of people in modern-day America work for corporate entities of some kind. If you argue that free speech should only be protected against the government and not against employers, then you are in effect saying that a majority of people shouldn't have any free speech protections at all.

about two weeks ago
top

60 Minutes Dubbed Engines Noise Over Tesla Model S

JDG1980 Re:This is one thing I love about it (544 comments)

Who really killed the EV? It was the "consumer" who was beating down the manufacturer's door for an EV but never put down their cash when the manufacturer delivered on that demand.

Tesla is, in fact, a highly profitable company. They paid off their $465 million Department of Energy loan nine years early. So the rest of your rant is irrelevant. Tesla is profitably making electric vehicles that actual customers are buying. And they already have designs coming up that will be considerably less expensive than the Model S, and will almost certainly see much higher sales figures as a result.

about two weeks ago
top

Will Cameras Replace Sideview Mirrors On Cars In 2018?

JDG1980 This is already happening (496 comments)

There is already one production car (sort of) that does away with the side mirrors: the Volkswagen XL1.

(I say "sort of" because they're only making 250 of them, and they are not available in the United States, probably due to the mirror regulations.)

about two weeks ago
top

Will Cameras Replace Sideview Mirrors On Cars In 2018?

JDG1980 Re:Maybe focus on the stupid driver? (496 comments)

I constantly see the focus on improving the car. Making it safer, adding more air bags, ABS brakes, avoidance features. All to address what has become a simple fact of people not being good drivers. Its like handing out flake vests because we have too many shooters out there. Maybe at some point the government could focus on improving driving skills and teaching people to actually drive their vehicle and use the tools like side mirrors already on their vehicles? Does anyone thing camera's will be any more effective? I think not.

Your error is that you think it's easier to improve human behavior (across a diverse population of millions of people) than to improve technology. It's not.

Keep in mind that the average person has a median IQ of 100. And half the population is even dumber than that. Keep in mind that human drivers will inevitably be distracted by various events and emotions during the time that they are driving, so even an otherwise intelligent and conscientious driver is going to have weak moments now and again – and it only takes a brief lapse of concentration to risk an accident.

The truth is that driving is just too hard a task for most humans to perform reliably and consistently. In the next 10-30 years, manual driving will be replaced by self-driving cars. And some day we will look back on the era of manual driving the same way we now look upon previous eras without antibiotics or sanitation.

about two weeks ago
top

Will Cameras Replace Sideview Mirrors On Cars In 2018?

JDG1980 Re:Robot vision (496 comments)

These are already in several cars. It doesn't solve this problem, it solves a different problem.

How so? The purpose of side-view and rear-view mirrors in cars is to allow the driver to see objects that would otherwise not be visible. If you have a full 360-degree overhead realtime view of everything surrounding the car, then you don't need any mirrors, because that display gives you a superset of the information you'd get by looking at mirrors.

about two weeks ago
top

Microsoft: Start Menu Returns, Windows Free For Small Device OEMs, Cortana Beta

JDG1980 Re:Die, die, die, flat UI elements (387 comments)

They made the desktop unappealing on purpose. If you like "shiny" you're supposed to switch to the metro apps and interface.

The Metro apps are just as flat and dull. It's really a widespread design trend. Designers consider it to be moving away from "skeuomorphism". I consider it to be the UI equivalent of the Brutalist architectural style (those bare concrete box buildings from the 70s).

about two weeks ago
top

Microsoft: Start Menu Returns, Windows Free For Small Device OEMs, Cortana Beta

JDG1980 Re:This still creates a coverage gap for a lot of (387 comments)

This still creates a coverage gap for XP users. If 8.1 had a sane UI today, I'd go XP-to-8.1. It's just an announcement though. With XP support going tits up in just a few days, there's no way to fill the gap without doing something transitional that you might want to throw away in a few months.

Just upgrade to Windows 7. It's a proven solution and it has extended support (security patches) up until mid-2020.

Windows 9 looks like it's going to fix the worst suckage of Win8, but I don't see it as being a "must-have" any time soon.

about two weeks ago

Submissions

top

Microsoft Finally Relents: Start Menu Returning in Windows 9

JDG1980 JDG1980 writes  |  about two weeks ago

JDG1980 (2438906) writes "Microsoft's announcements at today's Build conference indicates that the change of leadership just might be having some effects on the company's flagship product. It looks like Windows 9 will bring back the Start Menu that so many users missed in Windows 8. It won't be exactly the same as the Windows 7 menu (there's a live tile section off to the right), but it will be a lot closer, and won't hog the whole screen.

Another common complaint about Windows 8 is that the full-screen paradigm for Metro apps – while it may work OK with a tablet or phone – doesn't fit well on a multi-tasking desktop with a large screen. To fix this, Microsoft will allow Metro apps to run within a window on Windows 9 – similar to what can currently be done with Stardock's ModernMix."
top

Krita 2.8 Released

JDG1980 JDG1980 writes  |  about a month and a half ago

JDG1980 (2438906) writes "Krita, an open-source graphics editor, has been around since 2005, but no stable version existed for Windows users — until today. With the release of Krita 2.8, full and stable support for Windows users is finally a reality, thanks to input from KO GmbH and Intel. Krita brings some things to the table that GIMP does not: 16 bit per channel color support, adjustment layers, and a name that won't set off red flags at HR, just to list a few. You can download the Windows version here. Might be worth looking into, if you're tired of the lack of progress on GIMP and don't want to pay monthly "cloud" fees to Adobe."
top

Google Buys Nest

JDG1980 JDG1980 writes  |  about 3 months ago

JDG1980 (2438906) writes "Google just announced that they will be purchasing Nest, a company best known for their "smart" thermostats and smoke detectors, for $3.2 billion in cash. What will this mean for Nest devices going forward – greater integration with Android, perhaps?"
top

SSD Manufacturer OCZ Preparing for Bankruptcy

JDG1980 JDG1980 writes  |  about 5 months ago

JDG1980 (2438906) writes "OCZ, a manufacturer of solid-state drives, has filed for bankruptcy. This move was forced by Hercules Technology Growth Capital, which had lent $30 million to OCZ under terms that were later breached. The most likely outcome of this bankruptcy is that OCZ's assets (including the Indilinx controller IP) will be purchased by Toshiba. If this deal falls through, the company will be liquidated. No word yet on what a Toshiba purchase would mean in terms of warranty support for OCZ's notoriously unreliable drives."
top

Adobe Creative Suite Going Subscription-Only

JDG1980 JDG1980 writes  |  about a year ago

JDG1980 (2438906) writes "According to CNET and various other sources, CS6 will be the last version of Adobe's Creative Suite that will be sold in the traditional manner. All future versions will be available by subscription only, through Adobe's so-called "Creative Cloud" service. This means that before too long, anyone who wants an up-to-date version of Photoshop won't be able to buy it – they will have to pay $50 per month (minimum subscription term: one year). Can Adobe complete the switch to subscription-only, or will the backlash be too great? Will this finally spur the creation of a real competitor to Photoshop?"

Journals

JDG1980 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...