top OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks
Looks like snhenson most recently committed the two places final s2n() macro call the above linked article identifies as the line that finally sends data, as well as the n2s() that got data from the remote connection:
Not sure which is worse, using the unsanitized user input (which it seems he MUST have known was user input) or the copy-n-paste coding.
Sorry for the public shaming, but it seems he'd better at least make a case that he's not on the NSA payroll. Of course mistakenly relying on user input is the sort of mistake we've all probably made at least once, so it's quite believable that it was an honest mistake.
top Gates Warns of Software Replacing People; Greenspan Says H-1Bs Fix Inequity
Where the heck do you live that you can buy even a studio apartment for $10k? And even if you can, you'll spend $20k/year in gas getting to your job (not to mention the time you waste in the car). Okay, maybe if you get mad cash working an oil field in the boonies, but for most of us who have to live in a city to be reasonably close to work...
I agree with you that people should consume less, not demand huge, new houses, drive their cars until they can't possibly be fixed, and I do all that. My car is a 1998 I live 45 minutes from work because houses cost twice as much near my office. And I have a family, so I can't just rent a room (which is how I lived cheaply when I was single). But for the $800 of our mortgage payment that goes to interest, taxes and insurance, we can only rent a small apartment or condo, so borrowing and buying truly makes more sense.
What I'm really complaining about is the tax code and the fed's monetary policy. If you're paying 3.5% (i.e. earning -3.5%) on a mortgage and the stock market earns, on average, 8%, every extra dollar put in your 401k instead of paying down your mortgage is earning you 4.5%/year. But now that money is at risk for those years (and we have one once or twice a decade) where the stock market actually drops.
Tax and monetary policy should encourage people to save, not gamble. It
/should/ be smart to pay off your mortgages and thereby distribute wealth rather than consolidate it at the top. Tax the capital gains the same as income. End the mortgage interest deduction but let us withdrawal from retirement accounts without penalty or taxes to pay off the mortgage on a single, primary residence (with some reasonable cap, say $500k). When Americans start actually owning their homes instead of the mortgage company owning it, we'll have less need for social security and medicare and be less resistant to cuts in those programs. And we'll save cash too, now that we've paid off our mortgages early, making us dependent on ourselves, not handouts from the Uncle Sam.
And the feds should NEVER bail out the markets. If we'd all owned our homes instead of having so much of our asses in the markets, we could have just let the big firms fail -- only a small percentage of very wealthy Americans would have been hurt much by that, and all of them could have afforded it.
And the fed should target a 0%, not 2% inflation rate. Would this hurt stock market growth? Of course, but that's fine. This free ride of a market averaging 8%/year just makes the rich (who have a larger % of their assets in the market) richer. Let it fail. Let it decline. But let the middle class get out first.
top Facebook Introduces Hack: Statically Typed PHP
Okay, stupid name aside, this is awesome. I've never had a single good thing to say about Facebook or Mr. Zuckerberg, but this could totally change that. Lots of devs disparage PHP, but they're all idiots -- PHP is heavily used because it's heavily useful. I haven't used HACK yet, but if it's not a buggy piece of junk might truly be great. I've yet to find a language that lets me go dynamic when I'm prototyping but gradually type when I see fit. So...Sweet!
That said, static typing isn't all it's cracked up to be. Java being the prime example, it makes for some very wordy code that's often tedious to change. And of all the bugs I fix in dynamically typed languages, very few are caused by treating something as the wrong type.
top Gates Warns of Software Replacing People; Greenspan Says H-1Bs Fix Inequity
> don't borrow money. Ever.
I know that seems like common sense, but the very rich have engineered it so that it's stupid NOT to borrow money. This is what makes us all slaves. You HAVE to borrow money because if you have decent credit, a mortgage is as cheap or cheaper than renting. Saving won't work due to inflation.
But that's why the financial system is rigged. The middle class has to borrow from the rich and pay them, making them richer. We also have to put our money at risk in the stock market because savings will LOOSE value to inflation. And because the middle class has our assets there, the government has to bail out the market when it collapses like it did in 2007/2008.
1) The fed to target 0% inflation 2) Tax policy to encourage owning property and paying down mortgages more quickly, rather than paying the rich interest.
Or maybe just a good old fashion french-style revolution with guillotines and all. Actually, I think we're getting pretty close to that one, unfortunately.
top How the NSA Plans To Infect 'Millions' of Computers With Malware
Okay, everybody, stop your whining. I'm pretty sure every one of us reading slashdot has had somewhere near the middle of his or her to-do list something along the lines of "script mass exploit of remote computers in case I ever need to give the entire world a big F-U". There it is, just below "implement monitoring for everything" and just above "stock up for immanent apocalypse" (which fell a few spots in late 2012). It probably won't ever float high enough to actually make much progress on, but we've all though of it. If you could get someone to actually pay you to work on that one in a semi-legitimate fashion (i.e. NOT the mafia or Russian government), wouldn't you jump at the chance?
top Massachusetts Court Says 'Upskirt' Photos Are Legal
> If laws can be "interpreted" to go beyond their plain meanings, then it becomes difficult for those subject to them to figure out what is prohibited.
Really? Apparently you haven't read much of the law then. If that were the case, the we pretty much haven't a single law on the books, as just about anything written by lawyers and judges that I've ever read, the constitution itself being a prime example, is vague to the point of being useless. Maybe that just because I'm a computer programmer and when writing code anything ambiguous doesn't even compile, but lawyers and judges have got to be the group with the absolute worst grasp of language.
about a month and a half ago
top Walmart Unveils Turbine-Powered WAVE Concept Truck
And what's wrong with subsidizing something we all use and benefit from? Those who can pay more do in the form of higher property taxes (the rich actually pay a smaller percentage to the feds income/capital gains tax, but that's a different story). But in return the can hire people at lower wages and patronize businesses with cheaper prices because those businesses can hire people at lower wages. Without the subsidy, we'd either have crime, a revolution or higher wages.
about a month and a half ago
top Are Bankers Paid Too Much? Are Technology CEOs?
> It would distort the free market and no one would take the risk...
Risk? What risk? The DOW did hit ~7k briefly, but last year it broke record highs on a daily basis. If you happened to be the idiot who sold at 7K, you lost. If you just kept your money where it was, you're doing pretty well. And why is that? Because congress plunged us deeper into debt and the federal reserve printed money like it was going out of style. And in the long run, those things will disproportionately hurt the lower and middle class in the form of higher taxes* that stifle job creation and inflation that erodes wages and savings.
So why would our government do this when there's obviously a lot more poor and middle-class voters than rich ones?
> ...and who is the shareholder? Your elderly mom, YOU, etc
Ah yes, that's it. Because the system forces all of us to take the same risk, independent of our financial means.
Between FDIC and NCUA, each adult can have $500k of government-insured bank and credit union deposits, far more than most of us have in liquid assets. Why would we possibly put our money at risk in the stock market? Because they pay almost no interest, yet government policies almost ensure inflation and profits in the stock market. So while we won't loose our deposits to bank fraud or runs on the bank, they'll slowly decrease in purchasing power. So instead we have to put it at the same risk that the very wealthy take in the stock market. Which means that when those systemic risks actually happen, the government HAS to bail out the markets or everyone, rich or poor, looses. This means the tax payer is actually on the hook to make sure the rich stay rich.
* Why do taxes and inflation hurt the poor and middle-class more? Because wage increases always trail inflation. And because the rich make most of their money through capital gains, paying 15% federal income tax while the rest of us pay more. We also pay a higher percentage of our salary in social security and medicare (there's a cap on how much of your salary is taxed for those). And since we have to spend more of our salary to survive, we pay a higher percentage of our earnings in sales tax. So I'm all for a flat income tax, but it has to take the place of all other taxes.
top The Death Cap Mushroom Is Spreading Across the US
Nothing in the Amanita genus is easy to id considering that it's a huge genus which includes a very large number of both the most commonly found and most poisonous mushrooms.
Now, if you mean that the genus, rather than the species phalloides is easy to identify, okay, maybe. But distinguishing A. phalloides from it's edible cousins is in no way easy, and you've got to be pretty dumb to eat anything that looks similar unless you have a degree in Mycology and/or decades continuous of field experience in the region where you picked it. There are old mushroom hunters and there are bold mushroom hunters, but there are no old, bold mushroom hunters, as the saying goes.
This is especially the case when other both edible and choice species like Bolets, Morels and Chanterelles are relatively easy to identify, have no poisonous lookalikes (assuming you have the experience to notice key characteristics). Of course, they're much harder to find, but...
top Slashdot Tries Something New; Audience Responds!
Why not start at the beginning and tell us why the heck you're redesigning in the first place.
I read you're little "WE HEAR YOU" post. And no, you're still not listening. If you were, you'd know that we like slashdot just the way it is. No redesign. Why are you trying to change it at all?!? We're all baffled. Your stupid little post just said "we'll slow down". But nobody asked you to "slow down". We
/told/ you to stop. Just don't touch anything.
If, for some unfathomable reason, you think you do need to change things, why don't you start by explaining why. Why are you trying to make
/. look just like Ars Technica? Are your revenues hurting and you need to work more ads in there or increase readership to charge more for your ads? What gives. Why change it at all?
And if it's is revenue-related, why not just ask for money like Wikimedia. I donate to them every time they ask because I value their service. I'd give
/. $5 ever once in a while too. I don't want to click on any ads, nor do I want to sign up for some paid account (I rarley log in anyway). I just want to read my FA's and comments. (Okay, maybe just headlines and comments).
top HTML5 App For Panasonic TVs Rejected - JQuery Is a "Hack"
Me too. Solidarity, brothers, solidarity.
top Why Does Facebook Need To Read My Text Messages?
If I worked for facebook, I'd refer to users as "dumb fucks" too.
No, I don't have any "friends".
top How Much Is Oracle To Blame For Healthcare IT Woes?
Really? Don't blame Oracle, a huge and well funded IT company that claims to be the best of the best?
The defense of both the healthcare.gov contractor and Oracle keep whining about requirements not being defined until late in the game, but anyone with experience in software development knows that "requirements" evolve over time and iterative development is the only way to do any project of any significant size. Now who do you think is in a better position to know that and manage the project accordingly: A state or federal government official or the head sales guy at an IT consulting firm?
Buyer beware is still a bit true, but in 21st century America, and especially when accepting public money, it should be
/seller/ beware. You can't (or shouldn't be allowed to) sell an obviously inadequate product or service and get away with it.
Both Oracle and the healthcare.gov contractor are 100% culpable. They should be in a position to know what they were getting into and should not have gotten into it if it's so poorly defined that they can't deliver.
IBM (another company I hate) actually did this right when they bowed out of that contract for a supercomputer for some university and just paid the associated fines. If you're the IT expert, it's your job to know how these things work and say if and when it can't be done.
top A Math Test That's Rotten To the Common Core
Slashdot needs to up the maximum score a comment can get just for this comment. Give it a 10, and give Pearson a -6.02x10^23.
That said, I'm doing pretty well in life because I can figure out WTF the complete idiots at Pearson were thinking slightly more often than not. So possibly preparing kids early for the idiocy that is professional certifications isn't all bad for the kids. But for society, which needs a useful mechanism to determine someone's qualifications, things look pretty bleak.
top How Big Data Is Destroying the US Healthcare System
Uh... that's a paradox.
I think you (and the entirety of the Republican party) misunderstood your microecon textbook. The point of a competitive free market is to reduce the maximum price a company can charge for something to just slightly more than it costs to produce (i.e. a small profit). Any company charging more will loose all their business to the competition who charges less. Free markets actually
minimize profits, not maximize them. Monopolies maximize profits, which is to say they allow companies to charge as much as consumers are willing to pay before consumers instead choose to go without the product.
Of course this really only happens for commodities -- goods and services that can both be easily substituted and that the consumer understands well so he can easily decide if the competition is a sufficient substitution. Maybe all heath insurance is mostly the same and easily substituted, but it's definitely too complicated for consumers to understand if and when that's the case.
top Ask Slashdot: What Are the Hardest Things Programmers Have To Do?
First off, let's define "hard". You could mean
a) absolutely hard: it takes lots of effort to make this work at all b) hard to do well: it takes lots of effort to do this well even though I can do this somewhat acceptably with minimal effort c) time consuming: this takes a lot of f-ing time, and it's unclear that the effort justifies the benefit
a) seems like the most appropriate definition, but judging by the list they seem to mean either b or c.
9. Designing a solution :
b. I can make you some working software based on your off-the-cuff requirements pretty easily. Anticipating what you really meant, what you will ask for next, and writing code that can be easily leveraged to do those things would be 'a'.
8. Writing tests
c. For small projects, automated testing way more time than it's worth. For large projects writing tests is the only way to make it work at all. Of course, all those medium sized projects and those projects that start small but may become large are a challenge. And weather or not the software lends itself and the programming team knows how to use a testing suites make a difference.
7. Writing documentation
c. No one /ever/ reads documentation because we all learn the hard way that it's perpetually out of date. The UI and API /are/ the documentation. If, by "writing documentation" you mean "designing a good UI/API" that makes it obvious to the user what's going on, then this becomes 'a'.
6. Implementing functionality you disagree with
WTF - If you're getting paid, do what you're told. If not, tell 'em to do it themselves. This is only "hard" in any sense if you're a pedantic a-hole. Oh, wait. This is /., so I guess that's all of us.
5. Working with someone else’s code
b - But if they instead had "writing code that isn't a PITA for others to work with", then it's an 'a'.
4. Dealing with other people
That's only because: http://www.dilbert.com/2013-10-10/
But I guess if we spent any time developing our social skills, we wouldn't have had time to learn how to program.
3. Estimating time to complete tasks
Okay, this one really is 'a'. On the other hand, you just shouldn't do this. Instead, you need to get good at getting customers/users on board with iterative development where they wait/pay a bit and get some incremental functionality as you work towards some end goal that neither of you can really predict up front.
2. Explaining what I do (or don’t do)
1. Naming things
See #5. Naming things is easy. And my names make perfect sense to me.
Also, queue the penis jokes based on my use of the word "hard" in the subject.
top When Does the Universe Compute?
Apparently not, since I did it multiple times. I blame the US public education system.
top What Are the Genuinely Useful Ideas In Programming?
> Look a bit deeper and you'll notice that most of the knocking is done by those who never wrote anything more complicated than a few lines of Perl.
There's something more complicated than a few lines of perl code?
Seriously though, perl is an abomination and, while a revolution when it was first written, Larry Wall should be ashamed of himself for not encouraging people to chose a readable and user friendly scripting language for the 21st century. That said, I write most stuff in perl simply because it's already installed on just about every linux box in existence, packages for just about everything are available via my OS package manager and it actually does work just as well on Windows via ActivePerl when I need it to.
Why can't distros rewrite stuff in Ruby already and NOT install perl by default.
top Digital Revolution Will Kill Jobs, Inflame Social Unrest, Says Gartner
The 3rd party is the government that has to keep the peace. If you have a huge portion of the population up in arms because they work 12+ hours a day and can barley afford to feed themselves, the government has a responsibility to do something about that to protect the private property of the wealthy. There are two options: 1) Pay the police to intimidate, imprison and kill the poor or 2) Provide social wellfare programs to subsidies low wages and pacify the masses.
3rd world countries usually do #1, which is made possibly by buying sophisticated weaponry and technology, mainly from the U.S. 1st world countries usually do #2, but have to charge higher tax rates and/or go into lots debt to do it. The U.S. does both. We have an very high % of our population in prison, medium-high taxes and lots of debt.
We want wages set by the market, but we want that market to naturally set a living wage. The key is figuring out the government policy that can make that happen.
Regulation of pay (minimum wage OR CEO maximum pay) is obviously a horribly idea. However, we do need to provide food and gas subsidies and social wellfare programs (since I think we all agree that #2 is better than #1) to make sure everyone eats, has a place to live and gets some minimal amount of healthcare. That's essentially equivalent to a minimum wage. And we need to tax the hell out of either corporations or rich individuals (the later being preferable) to pay for it, which is essentially a maximum wage.
Subsidies, wellfare and taxes are all bad and equivalent to price and wage controls. They're not the natural fair distribution of wealth via market forces that we want. So what's a government to do?
If wages are low, work on education (get us some good schools rather than just throwing more money at the horrible k-12 and college systems we have today) and technology (fund the basic research that private industry can't because there's no clear path to profit)
If taxes on the rich have to be high to pay for wellfare programs, get people off wellfare by investing. In the long run, scientific research and infrastructure improvement will provide ROI by maintaining the U.S. as the most powerful country (economically and militarily) in the world. In the short run, it will create middle-class jobs. And those middle-class spenders will create demand for less-skilled labor -- reducing the need for wellfare.
When you tax the rich, Mr. Millionaire still buys his $5 coffee at Starbucks and doesn't ask Uncle Sam for a check (though he may bribe his congressman for lower taxes). When you cut government spending, Mr. Middle-class, now unemployed, certainly does drop Starbucks and, in a few years when his savings is exhausted, will be asking Uncle Sam for a check.
top When Does the Universe Compute?
Does this remind anyone else of how religious philosophers of days past used to argue over how many angles could dance on the head of a pin? I'm not sure about the angles part, but there are surely some pinheads in this story.