Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Russian Military Forces Have Now Invaded Ukraine

Tanktalus Re:Send in the drones! (737 comments)

You tell that to the President of (what remains of) Ukraine. Ever since Obama has said "Yeah, well, don't cross this line. I mean it!" Putin has known exactly how much he can get away with.

yesterday
top

DARPA Wants To Kill the Password

Tanktalus Re: There we go again (383 comments)

Do you think that simply because you omitted that common attack vector that it's magically not going to happen?

Rate limiting, et al, has a singular primary purpose: to make things hard enough that an attacker doesn't get the password hash. Anything else is pure gravy.

Once the attacker has the password hash, the next defense is a strong password. And that's where we need to focus the entire debate about passwords vs passphrases vs biometrics vs telepathy. Assume the attacker has your password hash. This worst-case scenario is reality all too often. Yes, throttle password attempts and all that, but if your server has Sarah Palin or Barack Obama on it, assume that someone, somewhere, will deploy sufficient resources to getting that password hash through some zero-day vulnerability. (If your site is just discussing hooch for local rednecks in Bumfuk, Virginia, then the passwords are likely safe, regardless of how insecure the system is.)

about two weeks ago
top

Why Software Builds Fail

Tanktalus Re:Because I'm lazy (279 comments)

Clang warns about bad variable names? I need to switch!

about 2 months ago
top

Big Bang Breakthrough Team Back-Pedals On Major Result

Tanktalus Re:Backpeddle? (127 comments)

This.

Real science is always open to upending. If they weren't willing to listen to critics, they'd be called a religion.

Excersise for the reader: are there any other scientists not willing to listen to their critics?

about 2 months ago
top

House Majority Leader Defeated In Primary

Tanktalus Re:hahaha! (932 comments)

I'd suggest the penalty be based on the savings, not the cost.

If the illegal is simply indentured, unpaid servant, the penalty goes to zero? Instead, I'd suggest asking a local union (just for kicks, mind you) what the going rate is for that work, subtracting the actual pay, and using that as your basis for penalty. If the illegal was paid full union rates, I could live with "no penalty" - they've been penalised enough, I suppose.

about 3 months ago
top

Perl 5.20 Released, and Mojolicious 5.0: the Very Modern Perl Web Framework

Tanktalus Re:We banned Perl (126 comments)

I used to be a huge fan of C++.

All those negatives you cite seem to me to be advantages. Because when you know how to use them, they become powerful forces for good. Sure, there's plenty of room to shoot your foot off, but there are some things you can do in Perl that a stricter language wouldn't let you do.

about 3 months ago
top

Perl 5.20 Released, and Mojolicious 5.0: the Very Modern Perl Web Framework

Tanktalus Re:We banned Perl (126 comments)

I've put that bullet through that approach.

I've grabbed the precise versions of everything that we're going to use, checked into our version control system, complete with a full build-from-scratch setup that will build perl from source, with the exact options we need (or at least the exact same options every time, not sure if we need threading, for example), and the precise list of CPAN modules that we are using, along with standard patches to said modules where required (some of them don't support AIX as well as we need). Upgrading a module will require a degree of regression testing, etc.. And all developers will use exactly the right levels of everything as the level that is going into production.

I'm a huge fan of CPAN. It has issues, such as some crap code, but yet it remains one of Perl's greatest strengths. Like anything else worth having, it provides sufficient rope to hang yourself with, so you do have to be careful, putting the onus back on the developer to find a mode that works for them. And yet, to fulfill corporate requirements, I'm using precise levels of code. There's no reason why you can't have the best of both worlds.

about 3 months ago
top

Perl 5.20 Released, and Mojolicious 5.0: the Very Modern Perl Web Framework

Tanktalus Re:We banned Perl (126 comments)

Gee, if that was the criteria, I'd be banning Java at work. Because I've seen first-hand a number of Java devs writing absolutely stupid things resulting in a heap of vulnerabilities.

The reality is that you get a bunch of stupid developers, and it doesn't matter what language you put in front of them, they're going to write stupid code. The people who've worked under me in perl don't get the opportunity to write code that dumb because a) I provide a saner framework work in where those gotchas are centralised into common functions and objects, and b) I code review everything that goes in until they acquire a better knowledge base to work from and then I do spot reviews and review anything they feel, with their now better experience, might be tricky and should get extra eyes.

I don't care what language you're working in. If you don't realise that calling the shell with special characters that you didn't know you had will cause problems, it's the developer at fault, not the language. I don't care if it's cmd = "do-stuff " + tainted_value; Process p = java.lang.Runtime.exec(cmd); or my $cmd = "do-stuff $tainted_value"; my $rc = system($cmd);, that's going to result in broken code. If you don't realise that doing the same thing with SQL is going to cause problems, you shouldn't be doing SQL. Or running a subprocess, waiting for it to exit, and THEN reading its stdout. These are all common things, in my experience, and most of them I've seen in Java code, though I do get to work with some nimwits in a different reporting chain using perl stupidly as well. I don't ascribe the bad code to the language, but to the bad developers. Maybe you should look, too, and you'd find it's your developers that are the problem, not the language.

about 3 months ago
top

California Opens Driverless Car Competition With Testing Regulations

Tanktalus Re:Why so much insurance? (167 comments)

Given that this is SCARY and NEW TECHNOLOGY, I can see an abundance of caution here. Also, it's the manufacturer that has to have the insurance, which seems to me to be rather cheap, especially since many players, especially Google, could self-insure something like this and wouldn't really notice any pinch. To be honest, this seemed to me to be somewhat low if their primary purpose is to ease peoples' minds about the new technology.

Remember that the state is going down uncharted waters here, regulating these things prior to actual use as opposed to the catch-up-with-existing-practices we did the first time round with these horseless carriage things. So they're taking things easy. It's probably the best way to make everyone comfortable with the process, other than perhaps the manufacturers.

about 3 months ago
top

Driverless Cars Could Cripple Law Enforcement Budgets

Tanktalus Re:Next target, please (626 comments)

I know that reading the fine article is frowned upon, but I .. I ... I couldn't help myself.

The article had this weird text and stuff, and it overwhelmed me, but when I finally sobered up long enough to take my eyes off the road and read my tablet, I saw this odd text:

Approximately 41 million people receive speeding tickets in the U.S. every year, paying out more than $6.2 billion per year, according to statistics from the U.S. Highway Patrol published at StatisticBrain.com. That translates to an estimate $300,000 in speeding ticket revenue per U.S. police officer every year.

(my emphasis.) Now, I get that the cost of policing isn't simply the officer's salary, but the cost of the vehicle, maintenance, gas, supervisors, etc. But I highly doubt that the cost per officer is $300k per year. I would say that $150k per year might be an excessive estimate. So let's call it $200k/year/officer. It seems like there's a significant profit being made here somewhere. I just don't know where it's all going, other than possibly into municipality coffers.

about 3 months ago
top

Spanish Conquest May Have Altered Peru's Shoreline

Tanktalus Re:Weren't the Peruvians altering the coast? (94 comments)

But anyone who thinks our goal should be to avoid altering our environment really hasn't thought it through, because the only way to achieve that goal is for us to cease existing.

There are people who believe that those espousing "avoid altering our environment" have thought it through, and their goal really is for humans to cease existing. I'm currently leaning toward believing these people.

about 3 months ago
top

FTC Approves Tesla's Direct Sales Model

Tanktalus Re:What does it mean? (328 comments)

How? By not prohibiting the sale itself, only who is making the sale. Tesla can sell all the cars they want, as long as they use local dealers to do so. Therefore interstate commerce is not prohibited. Still a dumb law, but I don't see anything here that makes it unconstitutional or federal.

Controlled substances can only be sold through pharmacies by licensed pharmacists. And new cars can only be sold through local car dealerships. Now why only local car dealerships should be allowed to sell cars, or why we're equating new cars to controlled substances, I don't understand. But we are, and it's legal for the states to make dumb laws like this.

about 4 months ago
top

New Jersey Auto Dealers Don't Want to Face Tesla

Tanktalus Don't get it (342 comments)

The right wing should be opposed on free-market principles. The left wing should be opposed on environmental grounds. So which politicians should be in favour of this regulation again?

about 6 months ago
top

Major Wikipedia Donors Caught Editing Their Own Articles

Tanktalus Re:Where is the big problem? (125 comments)

Right!. That's how scientific research works too. Write a paper for a journal run my you and your friends then right a new paper sighting the published one and submit to a more prestigious journal, who's reviewers are also colleagues. Now it's all fine

I see what you did there.

(It's "citing". I'd tell you to look up that word in wikipedia, but I'm guessing it's been illicitly edited by some research journals trying to skew the definition their way.)

about 6 months ago
top

Major Wikipedia Donors Caught Editing Their Own Articles

Tanktalus Re:Where is the big problem? (125 comments)

And sometimes you can find out it had a lot more information previously, but someone removed it because it was untrue, false, libelous, or, cardinal of all sins, lacked citations.

The reality is that you can't really know why that information is gone without more information. It may have been removed legitimately. Or it may have been removed as part of a whitewash to clean up an image. So now, which is the better article? The one before or after the subtractions? We don't necessarily know.

about 6 months ago
top

Consumer Reports Says Tesla Model S Is Best Overall Vehicle

Tanktalus Re:This is old news (318 comments)

Sounds exactly like the buzz about Obama back in about 2007...

about 6 months ago
top

Complete Microsoft EMET Bypass Developed

Tanktalus Re:Is anyone surprised? (116 comments)

So, you don't use a club on your steering wheel, you don't bother hiding valuables in your trunk, leaving them in plain view, and, really, since a professional can get in the car anyway, just leave the doors unlocked. It's all smoke and mirrors anyway.

If a malicious attacker/user is portscanning your system and finds that port 22 is open, they're going to assume an ssh attack. If they find port 1234, they may move on to another target that has port 22 open instead. Of course, if they're really after you, and not just throwing a wide net, then such shenanigans aren't going to stop them, though it might slow them down for a little while while they try to figure out what's listening on which non-standard port.

If a script kiddie is doing the same, most likely port 1234 would be enough to fool them, and they'd never get in.

Seems like smoke and mirrors are a useful tool in a secure system's administration, but should never be the sole tool.

about 6 months ago
top

White House Responds To Net Neutrality Petition

Tanktalus Re:Translation: Piss off, Peasants (245 comments)

What I'd have Obama do is be completely fucking honest with us instead of bullshitting us about it.

But I'm an idealist, what do I know?

about 6 months ago
top

China's Jade Rabbit Fights To Come Back From the Dead

Tanktalus Re:Serves them right (76 comments)

Price is a lot.

First, you have to amortise the cost of the item over its lifespan. That blender that is two bucks cheaper may last just as long as the solidly-built one, especially if I only have light-duty uses for a blender. Or the TV I bought a week ago for $200 has a planned lifespan of no more than about 5 years by which time I hope to have a plan for a better, complete entertainment system - so there's no point in buying a $500 TV that's going to get replaced in 5 years anyway. Or the car that costs $20k and lasts 5 years is still a better deal than the car that costs $50k and lasts 10 years.

Second, you have to look at opportunity costs. Even comparing a $20k vehicle that needs replacing after 4 years (a real stinker) and comparing to a $50k car that needs replacing after 10 (a bit of a stinker, but these numbers provide nice, round numbers), the $20k vehicle is still a better deal - I only need to come up with $20k now, if I need a loan, I only pay interest on whatever I can't pay outright on $20k, not the extra $30k, and the rest of the money can be used for other purposes for 4 years, perhaps in a GIC or other investments, or paying off other loans (credit cards, mortgage, etc.).

And, finally, you have to look at money available. If I need a blender, don't need anything fancy, and don't really have anything budgeted for it, the cheaper one fits that budget better. Maybe it's better to have the blender than not, but I don't have money for it. Blenders may make less of an issue here, but often vehicles and food fit here better - this becomes one of my issues with organic foods - by driving up the cost of good, nutritious whole foods, you force a bunch of people who are struggling financially (i.e., the poor) to buy less nutritionally beneficial processed foods because they can no longer afford wholesome foods. Yes, it's better, but if you don't have the money, you just don't have the money.

about 6 months ago
top

Former Dev Gives Gloomy Outlook On Linux Support For the Opera Browser

Tanktalus Re:Opera is dead. (181 comments)

It's just a disfunctional Chrome with Opera branding now.

Chrome is just a dysfunctional Webkit, which is just a dysfunctional Khtml....

Except that I find more websites work when I enable the KWebKitPart plugin in Konqueror than when I use KHTML for the renderer. So, while they may have had similar origins, WebKit seems to be getting more love.

about 7 months ago

Submissions

top

IBM, Novell Offer A MS-Free Desktop To UK Users

Tanktalus Tanktalus writes  |  more than 6 years ago

Tanktalus (794810) writes "CNN reports that IBM and Novell will be putting together a desktop solution without Microsoft. "The so-called IBM Open Collaboration Solution uses open document format, or ODF-based software, running on Suse Linux, a version of the Linux open-source operating system software owned by Novell." "IBM estimates that a customer can save between $600 and $800 per computer compared with using the Microsoft Vista operating system and Office productivity tools." Is 2008 actually the year of Linux on the desktop? Apparently, IBM and Novell are counting on it."

Journals

top

More on tolerance, open mindedness...

Tanktalus Tanktalus writes  |  more than 9 years ago

Following on the topic of the last entry ... Another post of mine which seems to cause similar knee-jerk reactions.

  • 2 new friends. (welcome!)
  • 5 new foes. (really open-minded of y'all...)
  • And moderators who want to punish people for having differing opinions - differing from their populist (and recently outdated) assumptions. I wonder if there are any open-minded people left here...

top

tolerance, open mindedness?

Tanktalus Tanktalus writes  |  more than 9 years ago

Anyone else expose their religious beliefs, and, within 24 hours, have others (yes, plural) put you on their "foes" list? And here I thought that not only are religious people a protected group from hate crimes, but that modern society was all about tolerance and accepting. I suppose that if you aren't politically correct, then we don't need to be tolerant nor accepting? <sigh>

top

/. mods

Tanktalus Tanktalus writes  |  more than 9 years ago

Sometimes, I gotta wonder if there is a significant population reading /. while still on drugs or something ... ok, so I can understand that someone may not quite follow Dilbert with this one, but "overrated"? Come on. That should at least rate one "Funny" mod. Or how about this one - insightful? Maybe a bit. But +4? Sheesh.

Oh, and while on the topic ... not that anyone cares, but those rare times I get mod points, I find myself with a bit of bias: I don't mod AC's up. Not because there's no point (i.e., no karma changes), but because if you really want to say something, I think that you should have the decency to say it with your name (pseudo-name) attached. In that regard, I suppose I disagree with the site owners...

top

Politics and Slashdot

Tanktalus Tanktalus writes  |  more than 9 years ago

Random musings...

  • Yes. I'm a Repub-fan.
  • No. I don't necessarily like everything that Bush or the Repubs do. Do you like everything that your chosen party does? Honestly?
  • No, actually, I'm not an American. Some of the things America does I may like, others I may not like, but, like it or not, America does impact most of the rest of the world, for good or for ill, so awareness of how the "world cop"/"world bully" operates is essential. I see no reason to complain about the fact that there is such a nation (England, France, and Spain viewed themselves similarly in the past, and became conquerors and empires), any more than I see a reason to complain about the existance of politics - again, something that is drastically affecting our day-to-day lives in so many ways.
  • Mods who insist on modding based on how much I agree or disagree with their views are being even less impartial than the news media.
  • Other posters who agree/disagree with me - that's fine. What I find incredibly interesting is the way that those disagreements (and agreements!) are phrased. Those who can express themselves with plain, polite language are amazingly rare on slashdot. At least when Bush, Iraq, or Microsoft are brought up, anyway. What is it about these things that cause so many people so much fear that their only method of expression is cussing and irrationality? If anything were to get me to move to Windows from Linux, it would be these people.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>