×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

California Utility May Replace IT Workers with H-1B Workers

QilessQi Tata! (212 comments)

Northeast Utilities, last fall, announced it was outsourcing part of its IT operations to Infosys and another Indian-based IT services giant, Tata Consultancy Services.

I'm sure they were the breast candidate for the task.

2 days ago
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

QilessQi By what definition of "millionaire"? (457 comments)

If we're talking "has a net worth of over US$1M", that's not too crazy, especially given how inflation will affect salaries in the coming years. Heck, even though they called Thurston Howell III a "millionaire", he was probably a multi-millionaire, since $1M in 1964 would be just about $7.5M today*.

But if we're using millionaire figuratively, as in, "will be in the top 1%", well... not likely. You'd have to have a net income of around $1M to make it into the top 1%, and a net worth of about $16M. A net worth of $1M (and a net income of $250K) barely gets you into the top 20% ( http://www2.ucsc.edu/whorulesa... )

* Yes, "Gilligan's Island" is 50 years old come this September. Half a century. I have just made some of you feel incredibly old.

4 days ago
top

OpenBSD Team Cleaning Up OpenSSL

QilessQi Re:What about a re-implementation... (290 comments)

Agreed, in Java using a char[] still gives you some safety -- the fact that Java has primitives like byte and byte[] also let you mix high- and low-level code. But other languages may not give you that ability to get down-and-dirty with the machine.

Also, as another poster on this thread has observed, paging makes things even more complicated. If you can't prevent that char[]'s block of memory from getting swapped out to disk, then in theory there's an attack vector. C may let you avoid that scenario.

5 days ago
top

OpenBSD Team Cleaning Up OpenSSL

QilessQi Re:What about a re-implementation... (290 comments)

Issues like that are why real, bulletproof security is incredibly hard. At least with low-level languages, you're close enough to the machine to at least be able to think about such things, and maybe even do something about them.

5 days ago
top

OpenBSD Team Cleaning Up OpenSSL

QilessQi Re:What about a re-implementation... (290 comments)

As I understand it, one reason that security-related code is best done in low level languages is that the implementer has absolute control over sensitive data.

For example, consider an server which acquires a passphrase from the client for authentication purposes. If your implementation language is C, you can receive that passphrase into a char array on the stack, use it, and zero it out immediately. Poof, gone in microseconds.

But let's say you used some language which dynamically allocates memory for all strings and garbage-collects them when they go out of scope. It's "safer" in one respect, because it prevents the developer from having to do their own memory management. But auto-growing strings (and lists) often work via some invisible sleight-of-hand whereby the string's data is copied to new memory once it grows enough to fill its original underlying buffer. This can happen several times as you concatenate more characters onto the end of that string. So as you read it a long passphrase into a dynamically-growing string, little now-unused copies of the prefixes are being put back on the heap all the time, completely outside your control. If that daemon dumps core and you inspect the dumpfile, you might see something like "correct-horse-battery-sta". Marry that to the log of IP connections, and boom, you can make an educated guess at what Randall Munroe's passphrase is.

5 days ago
top

OpenBSD Team Cleaning Up OpenSSL

QilessQi Re:Anyone know if there are regression tests? (290 comments)

Whatever they're using as the baseline of their fork. There are already patches that fix Heartbleed (the simplest being "don't support heartbeats", which are not mandatory in the spec anyway). If they're taking this as an opportunity to do radical cleanup, that's great -- but I'm sure we'd all feel better if regression tests were in place to reduce the risk of introducing another subtle bug. Major surgery on critical security infrastructure should not be rushed.

5 days ago
top

OpenBSD Team Cleaning Up OpenSSL

QilessQi Anyone know if there are regression tests? (290 comments)

If they're doing a large-scale refactoring, a regression test suite is really advisable (in addition to static code analysis) to ensure that they don't create new, subtle bugs while removing things that might look like crud. Does anyone know how good their test coverage is?

5 days ago
top

Phil Shapiro says 20,000 Teachers Should Unite to Spread Chromebooks (Video)

QilessQi I read that as... (101 comments)

"Phil Shapiro says 20,000 Teachers Should Unite to Spread Chromosomes (Video)"

I was wondering whether the video showed the actual spreading of the chromosomes....

about two weeks ago
top

How the Internet Is Taking Away America's Religion

QilessQi Re:The Epicurean Paradox (1037 comments)

This is about the Problem of Evil as it pertains to the idea of God as being both just and omnipotent by definition. Put another way:

Is God willing to prevent evil, but not able? Then he is not omnipotent.
Is God able to prevent evil, but not willing? Then he is not just.
Is God neither able nor willing to prevent evil? Then he is neither omnipotent nor just.
Is God both able and willing to prevent evil? Then why is there evil in the world?

Most defenders of faith fall back on the Job argument: "God is able to prevent evil, he's just not willing to do so, but he can't possibly be injust, because that would violate Scripture. Therefore, it must be because we can't comprehend his reasons." But if the justice of God is not the justice of Man, than how can we call it "justice", or indeed, assign any human quality to it?

about two weeks ago
top

How the Internet Is Taking Away America's Religion

QilessQi The Epicurean Paradox (1037 comments)

From http://en.wikipedia.org/wiki/P... :

Epicurus is generally credited with first expounding the problem of evil, and it is sometimes called "the Epicurean paradox" or "the riddle of Epicurus":
"Is God willing to prevent evil, but not able? Then he is not omnipotent. Is he able, but not willing? Then he is malevolent. Is he both able and willing? Then whence cometh evil? Is he neither able nor willing? Then why call him God?" - 'the Epicurean paradox'.

about two weeks ago
top

China Cracks Down On Bitcoin, Cuts Off Exchanges' Bank Access

QilessQi I am reminded of Flainian Pobble Beads... (100 comments)

Yes, as I understand it, the whole point is that BTC are meant to be spent on goods/services, and the recipients can then spend their BTC on the goods/services they need, and so on, without the need to ever convert to or from other currencies except maybe to pay local taxes. In such a world, the exchanges become far less important.

But I don't think we're at the point yet where a community of people buy groceries, gasoline, pay rent and utilities, etc. purely by using BTC. And if the exchanges can't be trusted, the BTC user base may start to degrade to much smaller population of speculators, hoarders, and true believers waiting for a change in the technological or political winds.

At which point you basically have the Flainian Pobble Beads from The Hitchhiker's Guide to the Galaxy, which are only exchangeable for other Flainian Pobble Beads...

about two weeks ago
top

Wil Wheaton Announces New TV Show

QilessQi Re:Oh, it's on SyFy? (167 comments)

Actually (to answer the AC), Wesley Crusher was the annoying one, mostly due to the Mary-Sue-ing scriptwriters, and the fact that no one really wanted to see a teenage boy on the bridge of the Enterprise no matter who was playing him. Wil Wheaton was just an actor, all grown up now, and apparently a pretty nice guy. And when a little girl asked him a question about being bullied for being a nerd, he responded like this:

https://www.youtube.com/watch?...

So: famous Trek actor, nice guy, nerd-friendly, and he tours with Jonathan Coulton. Lots of folks like him. As for everyone else, well, haters gonna hate.

about three weeks ago
top

NSA Confirms It Has Been Searching US Citizens' Data Without a Warrant

QilessQi April Fools? (274 comments)

I'm guessing.... no.

about three weeks ago
top

Square Market Now Accepts Bitcoin

QilessQi Re:Buy Now (94 comments)

So, you're saying that Bitcoins are too much of a hassle to use and too much of a risk to buy and sell because of the exchanges -- even though you're convinced that you're going to get "near-guaranteed 50-80%" profit if you purchase a few bitcoins now.

You can see why some people here might be skeptical of it being the currency of the future.

about three weeks ago
top

Mt. Gox Working With Japanese Cops; Creditors Want CEO To Testify In US

QilessQi Re:Your stereotype is out of date (62 comments)

I find that most debunkers and detractors operate out of some kind of emotional offense

Well, to be fair, most fans and defenders probably operate out of some kind of emotional defense. For example:

I have no strong feelings about Bitcoin, for or against. Which is why I found it amusing that when I mentioned the transaction malleability issue in a recent discussion -- and subsequently quoted the 3rd party sources (Forbes and TechCrunch) which attributed Silk Road 2's problems to this issue -- one of Bitcoin's staunch defenders accused me of wearing a "tinfoil hat", which was odd because I was neither putting forth a conspiracy theory nor quoting a source which was. This individual said that I could either believe his facts or [what he asserted to be] non-facts from sources that I consider to be slightly more reliable than a random pseudoanonymous Slashdot user. Yes, "Appeal to Authority" may be a logical fallacy, but you can't counteract it simply by claiming to be more authoritative, all the while resorting to Argumentum ad Hominem.

Has Bitcoin been demonized? Well, it has gotten bad press, because of various things. What it has been used to purchase. The problems with various exchanges. The perceived complexity of use compared to conventional fiat currency.

Then there are the Bitcoin fellow-travelers, like the Winkelvoss twins and Bill Gates, who I think manage to turn a lot of Slashdot readers off Bitcoin simply by singing its praises. Sure, that's irrational too. If I found out that Steve Ballmer liked chocolate and kittens, I wouldn't immediately hate those things. True, I'd enjoy them a little less because of the uncomfortable association, and I wouldn't eat them in the same sandwich like he does, but still. Chocolate and kittens.

Are non-Bitcoin adopters jealous of the ones who jumped on the mining bandwagon early? Maybe, in some cases, there's a fox-and-the-grapes issue at work. But mostly I think there's just a lot of eye-rolling at the picture of a bright, shiny, government-intervention-free financial future that some cryptocurrency advocates are hyping. See https://www.youtube.com/watch?... to understand what this is like on the receiving end.

So let's allow for a little irrationality on both sides of the fence.

about three weeks ago
top

Klingon Beer

QilessQi Re:only 5.5%!?! (100 comments)

My bad, then. But that's the trouble with trying for a parody of Comic Book Guy in a world where this exists.

(I recommend suffixing such posts with ~s or bracketing them with <ComicBookGuy> tags)

about a month ago

Submissions

QilessQi hasn't submitted any stories.

Journals

QilessQi has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...