Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: Should You Invest In Documentation, Or UX?

Jaime2 Re:UX can only go so far (198 comments)

You can't make UX the documentation because it doesn't cover all of the use cases. UX is great for answering the question "What does this button do?". You need independent documentation to answer questions like "How do I mail-merge?". This goes double for processes where the industry standard term is trademarked, so you can't actually use it in your product.

about a week ago
top

Ask Slashdot: Should You Invest In Documentation, Or UX?

Jaime2 Re:When every feature undocumented (198 comments)

Some of that is intentional. For example, they make using a debit card as a credit card difficult because it saves them money. Walmart is the only store I know that labels the button to do so. Sometimes I ask how to do it just to give back a little of the frustration.

about a week ago
top

Ask Slashdot: Should You Invest In Documentation, Or UX?

Jaime2 Web 2.0 (198 comments)

It's much more Web 2.0 to create a user interface that's minimal to the point of being cryptic, and to call users that can't figure it out idiots. It also helps to have a complete lack of standards.

about a week ago
top

Oracle Hasn't Killed Java -- But There's Still Time

Jaime2 Re:Nobody kills Java (371 comments)

There's a lot of room for improvement in programming languages. New features aren't just novelty. The database/language impedance mismatch is still pretty big, language feature to support multithreading are still weak, strongly typed languages still need to handle "dynamic-ness" better. Microsoft has done a great job of introducing new features that people actually want while still maintaining backwards compatibility. Oracle is being way too conservative here and it does matter to their customers - even the big ones.

I spent a lot of time recently working at a fortune 20 company. Java was the official programming language of the company, but the Enterprise Architecture group was starting to lean closer to .Net when I left.

about two weeks ago
top

Oracle Hasn't Killed Java -- But There's Still Time

Jaime2 Re:JAVA EE is not dead. (371 comments)

For a language which forced Microsoft to up it's game with C#

Java has been playing catch up with C# for almost ten years. Attributes, generics, and lambdas were all added to Java long after they were added to C#. Also, Microsoft made them part of the runtime, while Java only made them part of the compiler (for the most part), so the features work a lot better in C#.

The point of this article is that Oracle has been slowing down the pace of innovation to an even slower pace than Sun was at, and Sun had already lost a five year head start to Microsoft very quickly.

about two weeks ago
top

Oracle Hasn't Killed Java -- But There's Still Time

Jaime2 Re:Nobody kills Java (371 comments)

"runtime and a language with a huge install base" describes a future where Java just coasts. By contrast, Python, Ruby, and .Net are all runtimes and languages (several languages in the case of .Net) with a huge install base that are actively introducing new frameworks, development tools, and feature on a regular basis. I'm calling an interpreter a runtime for the purposes of this conversation.

about two weeks ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

Jaime2 Re:Put in a separate table (62 comments)

The number of possible valid credit card numbers is so small that any hashing solution can be brute forced very quickly, even if each record has its own salt. The only protection would be to make the algorithm secret, but then you've just reduced your system to security by obscurity and as soon as someone figures out the algorithm, you're toast.

about two weeks ago
top

Ask Slashdot: Best PDF Handling Library?

Jaime2 Re:pdf.js (132 comments)

I wouldn't recommend Office Automation on a server if there is any alternative. For beginners, there's too many gotchas and for advanced users, there's plenty of alternatives that will do what you want without too much difficulty. Office with .Net is especially problematic because the COM components run as out-of-process servers and due to .Net's garbage collection and COM interoperability, they are difficult to get to shut down properly.

about two weeks ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

Jaime2 Re:Put in a separate table (62 comments)

In the payment card industry, this is called a token, not a hash. The difference is that a hash can be algorithmically generated from the source material, while a token cannot. Because there is no forward link outside the entity that generated the token to go from card to token, the tokens can be different at each merchant, making a loss of token much less of a problem than a loss of hashes would be. It's also 100% infeasible to break the token generating algorithm since there isn't one. In my experience, tokens are simply generated sequentially (skipping those that don't pass Luhn check). Another beauty of tokens is that they can pass validity checks for credit card numbers, so they can be handed to third-party software and treated just like card numbers, but without the risk of breach.

about two weeks ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

Jaime2 Re:In the industry... (62 comments)

They implemented it the way they did so they can sell it as a drop-in solution that requires no coding changes. Unfortunately, a security technologies don't matter as much as processes do, so this product, like all other silver-bullet products, will never be all that good.

about two weeks ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

Jaime2 Re:Is the target "hackers"? (62 comments)

You mean regular DBAs like the next Edward Snowden? Inside threats are important and are one of the reasons this feature exists. LitchField did what he does best; he showed that the product doesn't quite live up to the marketing material.

about two weeks ago
top

Oracle Database Redaction Trivial To Bypass, Says David Litchfield

Jaime2 Re:Put in a separate table (62 comments)

How would a hashed credit card number ever be useful? You would have a really hard time sending a request for payment to a payment processor if you did.

about two weeks ago
top

40% Of People On Terror Watch List Have No Terrorist Ties

Jaime2 Re:So 40% dwarfs 60%? (256 comments)

They didn't say that. They said that the 40% "dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined". That means that the second list is only a small portion of the remaining 60%. It also means that most of the 60% aren't suspected of having ties to the three groups - and therefore also are probably false positives. Note that they said "suspected", most of the 60% aren't even suspected of having ties to the big three.

about two weeks ago
top

Multipath TCP Introduces Security Blind Spot

Jaime2 Re:Really??? (60 comments)

It's different because the agencies with security as their middle name don't have a backdoor for this.

That's why I was careful to say "end-to-end encryption" instead of "https". If you aren't using the public CA infrastructure, your data may be private.

about three weeks ago
top

Multipath TCP Introduces Security Blind Spot

Jaime2 Really??? (60 comments)

Is this article suggesting that new communication paradigms are a bad idea because the security gear optimized for the old paradigm won't work? Should we wait for the security industry to invent multipath TCP? BTW, this is the same security gear that can already be thwarted by end-to-end encryption. How is this any different?

about three weeks ago
top

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

Jaime2 Re:PCI Compliance (348 comments)

Believe me, this install will never be PCI complaint. Either they will choose a solution that doesn't store cardholder data, or will outsource the credit card processing to someone else. It isn't cost effective to have a PCI compliant installation this small. So, this issue can be ignored when discussing "should a server like this have a firewall?".

about three weeks ago
top

Man Booted From Southwest Flight and Threatened With Arrest After Critical Tweet

Jaime2 Re:What?!? (928 comments)

Yes, it's legal. But, Southwest's Contract of Carriage lists 13 reasons that boarding can be denied. "We disagree with you" isn't on the list. So, they violated their own contract and they owe the passenger between 200 and 400 percent of the fare, depending on how late he gets to his destination.

about three weeks ago
top

Man Booted From Southwest Flight and Threatened With Arrest After Critical Tweet

Jaime2 Re:The lesson here isn't to be quiet, but... (928 comments)

Tweet after you land and your family and friends read it. Tweet before you take off and it gets on the front page of Slashdot. I'd say he played it exactly the right way to both get to where he was going and to make as much bad Southwest publicity as possible.

about a month ago

Submissions

Jaime2 hasn't submitted any stories.

Journals

Jaime2 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>