Clean code is not required, just cost effective code.
Written by someone who never had to sort through spaghetti code to fix an HTML table for a graphic designer who doesn't give a shit that the widget maker doesn't produce clean code.
This is very true and -- sadly -- completely irrelevant. "Good enough" (or "good enough that the end user doesn't complain") is the rule across the entire tech industry now, especially as business/enterprise-level performance gets replaced with consumer-level expectations due to the users' rampant familiarity with consumer level tech.
Since the end users tolerate failure, reliability engineering goes out the window, as do the people with the domain knowledge to take crappy code/design/engineering and improve its quality to what might have been the expectation 8-15 years ago.
This is also why Developers think they can replace Systems Engineers and Administrators. Even though the end result of a lot of DevOps-mindset build work is atrocious, it works "enough" to skate by such that someone w/o domain knowledge might call the end result a success.
A passenger plane made an emergency landing at Mogadishu airport recently with a huge hole in its side and one passenger missing. Somali Islamist militant group al-Shabab later claimed the attack, but several questions remain unanswered:
The only reason the entire plane didn't go down was because they were only about 15m into the flight and not at peak cabin pressure differential.
They get a saw and cut your nice expensive safe open.
And then everyone whines and complains because Apple (or the encrypted device manufacturer) has the knowledge of how to use a saw to cut this type of nice, expensive safe open.
Frankly, I think using the physical device analogy is good though. If the hard-coded decryption key is etched into silicon and only readable by physical access and some very expensive equipment then having an unlock brings us to almost exactly the same point: legal custody (whether of the safe or the device) means that eventually the authorities will be able to get into it with a warrant and/or subpoena.
It is better to block it at the SMTP level and refuse to accept the message in the first place.
You might think so, but do you REALLY think any spammer cares about or even looks at the bounces from their spam?
Unfortunately, the only way to "block it at the SMPT level" for users is to return error code 67 (IIRC) from procmail, and that doesn't work if you are using IMAP to pull email from a server that has already taken final delivery.
You're begging the question. SPAM is unwanted mail. You "wanted" it by opting in at some point (probably within the context of a purchase or something).
Someone who doesn't intend to spam will provide an opt-out link. It's 2017, not 2002. Use it.
If you can't reject at the SMTP level then that means you're not running your own mail server. Every ISP or mail service in the last 20 years has maintained abuse accounts and administrators that will accept spam reports and (eventually) configure their systems to reject messages at the SMTP level for you (or pre-filter it). Contact them.
Most murders are crimes of passion, or by mentally unstable people, that is the perpetrators don't consider the consequences when committing the crime. That isn't a valid comparison to someone who likely is in their right mind and is just pursuing a hobby.
Begging the question a little. Most jurisdictions distinguish murder from manslaughter by whether there was premeditation.
A true "crime of passion" usually gets manslaughter. Murder is when you're planning ahead and are shown to have fully considered your actions in advance.
One of my favorite was from a book in '05 that pinned it pretty definitively in Indonesia. Although the author passed away soon after, fans of his (and some relatives) have been commenting upon some of the research at atlan.org, which was the first thing I thought of when news of this broke.
Why was THIS modded down? This would actually work... to some degree, if you had all the ad networks in there and didn't visit any malicious sites. (At least as far as for the *JavaScript* vector that is.)
That's basically ludicrous. You're better off disabling javascript and flash and leaving your hosts file untouched.
Actually, if you wanted a way to make the web more secure? Make all the browsers default only to Javascript 1.1 or some other ancient version with just enough built-in support for DOM tweaking to maybe update the status ticker, and then ban all cross-site loading of js files that's not HTTPS.
Taxes are not collected immediately and the injury to the State of Washington is barely noticable from that perspective over the course of a few days or weeks or months.
This temporary restraining order should be thrown out on that alone.
Regardless of whether they pushed it back or not, if they're planning to release next Tuesday then disclosing the hole with PoC exploit code is just irresponsible. You could have waited 5 more days.
Apparently we've forgotten the folks (San Bernardino, etc) who had "clear evidence of ISIS sympathies" on their Facebook profiles and other public social media that we then asked why hadn't been caught when they were entering the country.
As the SCOTUS has repeatedly stated, aliens have no Right of Entry to the US, and non-citizens have reduced guarantees (and certainly reduced privileges). Even a US citizen may be searched on entry if anything unusual is suspected, and is legally obligated to declare possessions in a way that basically happens nowhere else domestically (except agricultural goods going into California).
This is a Good Thing. How is this not a Good Thing? That's what customs/border inspection is supposed to be doing.
I don't disagree that "regular" phones are still useful -- but they're not useful if there's no network available to it. They also for the most part don't have the flexibility of using side-loaded apps for fancy things like independent mesh antennaes. As I said: a lot of effort.
A smartphone might be a marginally-useful-over-WiFi paperweight, but any non-smartphone 2G phone (i.e., any 2G-only phone other than the iPhone) might as well be bricked unless someone's putting some major effort in.
I realize that was a consumer-level link, but still... I expect better from Slashdot.
There are plenty of other devices out there that are still liable to use 2G that are now effectively bricked. The iPhone is probably the least likely of them to cause a real concern for people. (Though, hell, until 2 years ago my parents were still on 2G PCS phones (not through AT&T though).)
How is rural 3G coverage these days? I remember when the analog shut down happened, there were folks out there who needed lots of repeaters to get anything... Some of whom decided to go back to HAM repeaters to patch into the phone network.
Besides, all the political posturing is not new... What IS new though is a Republican (even if in name only) is taking credit for something largely seen as a good thing for labor...
So are you proposing a consumer pay-per search model, or a monthly subscription? Or is the search company supposed to be taking money from the sites who'll pay for higher rankings? Mapping probably only makes sense as a consumer subscription service.
Mapping companies could make money from advertising (cf. Mapquest) or subscription fees (other GPS navigation services). What they can't do is compete against Google Maps and Google Maps' backend, both of which are completely subsidized by Google's vertical monopoly but don't display ads on their own and couldn't survive *solely* through the apps they do display from AdWords independently. Using the market-dominant position in one industry (ads) to subsidize their position in another industry (online mapping), keeping prices (subscription and/or annoyance) artificially too low to make it worthwhile for anyone else to try to compete... is classic monopoly behavior.
2. if there is a food desert, using that space to sell food (grown elsewhere) 365 days a year is a better solution than spending 360 days farming for 5 days of produce.
Mod parent up on accord of both comments.
Outside of, perhaps, Detroit, "urban farming" doesn't make sense as a purely economic policy. If you want to keep people out of trouble, or increase vegetation in the area, or improve agricultural skillsets, fine. But "localvores" are eating locally because they're willing and able to pay for inefficiently-grown food by choice. If you need food in the area, you can get it there cheaper by transporting it from somewhere it's cheaper to grow it. Period.
In your hypothetical breakup, only the advertising company stands a chance of surviving. Advertising is the only Google (sorry, Alphabet) company that actually makes money, and it subsidizes all of the others. Conversely, all the others slurp up user data to enhance the functionality of the advertising company. So post-breakup, the advertising company would be crippled, starved of the data that makes it valuable, and all the others will die from having zero funding to run them. So congratulations, you just killed Google.
Well, yes. That's the point. One of the largest reasons for breaking up huge vertical monopolies is that the cost of entry for other participants is too high because the monopoly can subsidize one side of the business with the others. Can anyone else create a viable mapping, searching, or other business competing with them? No, not really. The only competitor they have in any of these is in Smartphone Mobile OS -- which is a duopoly with Apple.
Google needs to be broken up, for the good of the tech industry and of the country as a whole.
Yeah, that worked out so well for the phone companies. Oh wait, they've all merged back together again. Breaking up companies because you think they're too powerful are the thoughts of short sighted people.
There's an argument to be made that physical high-capital network infrastructure creates a natural monopoly, which ultimately ends up regulated.
But Google warehousing "all the world's information" and vertically integrating every aspect of this into myriad levels of myriad electronic devices is not the same thing. That's what MS was saying back in the '90s (private, in-house Windows API access by the Office and IE teams was a net benefit) and the industry wasn't having it.
We survived the IE near-monopoly and ended up with a nearly-standardized web platform instead of the incompatible mess it was before
Sure, but it took twenty years, and everything is organizing under Google's banner. Even Firefox is practically indistinguishable from Chrome these days, and will be entirely so once they discontinue support for legacy plugins/addons. So instead of having Microsoft dictate terms through outright monopolization of the market, we're allowing Google to dictate terms because...... why? We trust them?
This is a matter of faith; we've traded monopoly for theology.
This is exactly it. Only I fear that this time the technical populace somehow thinks this is a Good Thing. Control by information companies is not any better than control by software companies, and in fact is almost certainly far worse for a whole host of Orwellian reasons.
We fought and fought and fought to remove IE's monopoly, but the biggest work overall was done by Apple. Remember when we wanted to break up Microsoft into an Office/Apps company and an OS company? It's hard to imagine that we shouldn't break Google up into an advertising company, a tech hosting company, a search company, a browser company, a mobile OS company, a cloud computing company, and half a dozen other distinct entities. But this time the Bay Area is fully behind unified, Umbrella Corp, control because "it's easier".
Because directly donating the product doesn't get you a tax break. Donating cash, and then requiring that the funds buy your product gets you a tax break on money you never *really* donated.
Mod parent insightful. OS licenses are free and are exactly why education licenses can be given out rather cheaply to begin with.
A "donation" to purchase my own products is just money laundering.
Is that really so? I've always heard that many or most of Linux users never reboot their systems and I felt like a noob for doing so.
Outside of a basically a kernel or glibc update, you don't need to reboot your system to make anything "take effect" unless you're using Linux on the Desktop, and why in God's name would you do something like that? You should, however, pay attention to security updates and make friends with 'lsof' for the most critical libraries. There's a yum plugin that can help identify things that might need to be bounced following an update, but it's not automatic by default because that's really something that an admin should be deciding on re their site's policy.
It's a good idea to reboot every once in a while just to make sure you still *can*, but that's more an operational engineering decision (better to trace back 2 months' worth of changes than 2 years) than a software decision. Recently, there have been enough kernel security updates in even the stable distros that simply applying those will take care of your safety reboot.
In my experience, Slackware is a lot (very noticeably) faster than Fedora on the same HW. I don't know whether it is due to systemd or SELinux or something else entirely, but if you need raw speed, then you seriously should consider going back to basics.
Fedora would have been well served by following Debian's DashAsBinSh project back in the day. Post-kernel boot times might have been cut by up to a half or so, thus dulling the argument for systemd to begin with.
Slashdot Mirror
Clean code is not required, just cost effective code.
Written by someone who never had to sort through spaghetti code to fix an HTML table for a graphic designer who doesn't give a shit that the widget maker doesn't produce clean code.
This is very true and -- sadly -- completely irrelevant. "Good enough" (or "good enough that the end user doesn't complain") is the rule across the entire tech industry now, especially as business/enterprise-level performance gets replaced with consumer-level expectations due to the users' rampant familiarity with consumer level tech.
Since the end users tolerate failure, reliability engineering goes out the window, as do the people with the domain knowledge to take crappy code/design/engineering and improve its quality to what might have been the expectation 8-15 years ago.
This is also why Developers think they can replace Systems Engineers and Administrators. Even though the end result of a lot of DevOps-mindset build work is atrocious, it works "enough" to skate by such that someone w/o domain knowledge might call the end result a success.
(hint: blowing out a window won't destroy the plane or "suck anyone out".)
Hint: You're wrong. http://www.bbc.com/news/world-africa-35521646
The only reason the entire plane didn't go down was because they were only about 15m into the flight and not at peak cabin pressure differential.
They get a saw and cut your nice expensive safe open.
And then everyone whines and complains because Apple (or the encrypted device manufacturer) has the knowledge of how to use a saw to cut this type of nice, expensive safe open.
Frankly, I think using the physical device analogy is good though. If the hard-coded decryption key is etched into silicon and only readable by physical access and some very expensive equipment then having an unlock brings us to almost exactly the same point: legal custody (whether of the safe or the device) means that eventually the authorities will be able to get into it with a warrant and/or subpoena.
It is better to block it at the SMTP level and refuse to accept the message in the first place.
You might think so, but do you REALLY think any spammer cares about or even looks at the bounces from their spam?
Unfortunately, the only way to "block it at the SMPT level" for users is to return error code 67 (IIRC) from procmail, and that doesn't work if you are using IMAP to pull email from a server that has already taken final delivery.
You're begging the question. SPAM is unwanted mail. You "wanted" it by opting in at some point (probably within the context of a purchase or something).
Someone who doesn't intend to spam will provide an opt-out link. It's 2017, not 2002. Use it.
If you can't reject at the SMTP level then that means you're not running your own mail server. Every ISP or mail service in the last 20 years has maintained abuse accounts and administrators that will accept spam reports and (eventually) configure their systems to reject messages at the SMTP level for you (or pre-filter it). Contact them.
Most murders are crimes of passion, or by mentally unstable people, that is the perpetrators don't consider the consequences when committing the crime. That isn't a valid comparison to someone who likely is in their right mind and is just pursuing a hobby.
Begging the question a little. Most jurisdictions distinguish murder from manslaughter by whether there was premeditation.
A true "crime of passion" usually gets manslaughter. Murder is when you're planning ahead and are shown to have fully considered your actions in advance.
One of my favorite was from a book in '05 that pinned it pretty definitively in Indonesia. Although the author passed away soon after, fans of his (and some relatives) have been commenting upon some of the research at atlan.org, which was the first thing I thought of when news of this broke.
Why was THIS modded down? This would actually work... to some degree, if you had all the ad networks in there and didn't visit any malicious sites. (At least as far as for the *JavaScript* vector that is.)
That's basically ludicrous. You're better off disabling javascript and flash and leaving your hosts file untouched.
Actually, if you wanted a way to make the web more secure? Make all the browsers default only to Javascript 1.1 or some other ancient version with just enough built-in support for DOM tweaking to maybe update the status ticker, and then ban all cross-site loading of js files that's not HTTPS.
Taxes are not collected immediately and the injury to the State of Washington is barely noticable from that perspective over the course of a few days or weeks or months.
This temporary restraining order should be thrown out on that alone.
Regardless of whether they pushed it back or not, if they're planning to release next Tuesday then disclosing the hole with PoC exploit code is just irresponsible. You could have waited 5 more days.
I like how you keep repeating this as "Trump's list of seven"...
It's Obama's list of seven. See: http://townhall.com/tipsheet/mattvespa/2017/01/29/news-bulletin-the-list-of-muslim-nations-in-trumps-socalled-muslim-ban-are-ones-obama-choose-n2278021
Apparently we've forgotten the folks (San Bernardino, etc) who had "clear evidence of ISIS sympathies" on their Facebook profiles and other public social media that we then asked why hadn't been caught when they were entering the country.
As the SCOTUS has repeatedly stated, aliens have no Right of Entry to the US, and non-citizens have reduced guarantees (and certainly reduced privileges). Even a US citizen may be searched on entry if anything unusual is suspected, and is legally obligated to declare possessions in a way that basically happens nowhere else domestically (except agricultural goods going into California).
This is a Good Thing. How is this not a Good Thing? That's what customs/border inspection is supposed to be doing.
I don't disagree that "regular" phones are still useful -- but they're not useful if there's no network available to it. They also for the most part don't have the flexibility of using side-loaded apps for fancy things like independent mesh antennaes. As I said: a lot of effort.
A smartphone might be a marginally-useful-over-WiFi paperweight, but any non-smartphone 2G phone (i.e., any 2G-only phone other than the iPhone) might as well be bricked unless someone's putting some major effort in.
I realize that was a consumer-level link, but still... I expect better from Slashdot.
There are plenty of other devices out there that are still liable to use 2G that are now effectively bricked. The iPhone is probably the least likely of them to cause a real concern for people. (Though, hell, until 2 years ago my parents were still on 2G PCS phones (not through AT&T though).)
How is rural 3G coverage these days? I remember when the analog shut down happened, there were folks out there who needed lots of repeaters to get anything... Some of whom decided to go back to HAM repeaters to patch into the phone network.
Besides, all the political posturing is not new... What IS new though is a Republican (even if in name only) is taking credit for something largely seen as a good thing for labor...
Mod parent up. Wish I had them of my own.
Sorry if you are not willing to donate then what moral right do you have to receive? Basically none.
Not sure you really want to go there... unless you're willing to renounce ER regulations about serving the indigent who don't pay any taxes.
So are you proposing a consumer pay-per search model, or a monthly subscription? Or is the search company supposed to be taking money from the sites who'll pay for higher rankings? Mapping probably only makes sense as a consumer subscription service.
Mapping companies could make money from advertising (cf. Mapquest) or subscription fees (other GPS navigation services). What they can't do is compete against Google Maps and Google Maps' backend, both of which are completely subsidized by Google's vertical monopoly but don't display ads on their own and couldn't survive *solely* through the apps they do display from AdWords independently. Using the market-dominant position in one industry (ads) to subsidize their position in another industry (online mapping), keeping prices (subscription and/or annoyance) artificially too low to make it worthwhile for anyone else to try to compete... is classic monopoly behavior.
1. food deserts are by and large a myth
2. if there is a food desert, using that space to sell food (grown elsewhere) 365 days a year is a better solution than spending 360 days farming for 5 days of produce.
Mod parent up on accord of both comments.
Outside of, perhaps, Detroit, "urban farming" doesn't make sense as a purely economic policy. If you want to keep people out of trouble, or increase vegetation in the area, or improve agricultural skillsets, fine. But "localvores" are eating locally because they're willing and able to pay for inefficiently-grown food by choice. If you need food in the area, you can get it there cheaper by transporting it from somewhere it's cheaper to grow it. Period.
In your hypothetical breakup, only the advertising company stands a chance of surviving. Advertising is the only Google (sorry, Alphabet) company that actually makes money, and it subsidizes all of the others. Conversely, all the others slurp up user data to enhance the functionality of the advertising company. So post-breakup, the advertising company would be crippled, starved of the data that makes it valuable, and all the others will die from having zero funding to run them. So congratulations, you just killed Google.
Well, yes. That's the point. One of the largest reasons for breaking up huge vertical monopolies is that the cost of entry for other participants is too high because the monopoly can subsidize one side of the business with the others. Can anyone else create a viable mapping, searching, or other business competing with them? No, not really. The only competitor they have in any of these is in Smartphone Mobile OS -- which is a duopoly with Apple.
Google needs to be broken up, for the good of the tech industry and of the country as a whole.
Yeah, that worked out so well for the phone companies. Oh wait, they've all merged back together again. Breaking up companies because you think they're too powerful are the thoughts of short sighted people.
There's an argument to be made that physical high-capital network infrastructure creates a natural monopoly, which ultimately ends up regulated.
But Google warehousing "all the world's information" and vertically integrating every aspect of this into myriad levels of myriad electronic devices is not the same thing. That's what MS was saying back in the '90s (private, in-house Windows API access by the Office and IE teams was a net benefit) and the industry wasn't having it.
We survived the IE near-monopoly and ended up with a nearly-standardized web platform instead of the incompatible mess it was before
Sure, but it took twenty years, and everything is organizing under Google's banner. Even Firefox is practically indistinguishable from Chrome these days, and will be entirely so once they discontinue support for legacy plugins/addons. So instead of having Microsoft dictate terms through outright monopolization of the market, we're allowing Google to dictate terms because...... why? We trust them?
This is a matter of faith; we've traded monopoly for theology.
This is exactly it. Only I fear that this time the technical populace somehow thinks this is a Good Thing. Control by information companies is not any better than control by software companies, and in fact is almost certainly far worse for a whole host of Orwellian reasons.
We fought and fought and fought to remove IE's monopoly, but the biggest work overall was done by Apple. Remember when we wanted to break up Microsoft into an Office/Apps company and an OS company? It's hard to imagine that we shouldn't break Google up into an advertising company, a tech hosting company, a search company, a browser company, a mobile OS company, a cloud computing company, and half a dozen other distinct entities. But this time the Bay Area is fully behind unified, Umbrella Corp, control because "it's easier".
Read a book, guys. Learn your history.
Because directly donating the product doesn't get you a tax break. Donating cash, and then requiring that the funds buy your product gets you a tax break on money you never *really* donated.
Mod parent insightful. OS licenses are free and are exactly why education licenses can be given out rather cheaply to begin with.
A "donation" to purchase my own products is just money laundering.
Is that really so? I've always heard that many or most of Linux users never reboot their systems and I felt like a noob for doing so.
Outside of a basically a kernel or glibc update, you don't need to reboot your system to make anything "take effect" unless you're using Linux on the Desktop, and why in God's name would you do something like that? You should, however, pay attention to security updates and make friends with 'lsof' for the most critical libraries. There's a yum plugin that can help identify things that might need to be bounced following an update, but it's not automatic by default because that's really something that an admin should be deciding on re their site's policy.
It's a good idea to reboot every once in a while just to make sure you still *can*, but that's more an operational engineering decision (better to trace back 2 months' worth of changes than 2 years) than a software decision. Recently, there have been enough kernel security updates in even the stable distros that simply applying those will take care of your safety reboot.
That seems somewhat essential to the story, yet neither the post nor TFA explains it.
Found the Millennial.
In my experience, Slackware is a lot (very noticeably) faster than Fedora on the same HW. I don't know whether it is due to systemd or SELinux or something else entirely, but if you need raw speed, then you seriously should consider going back to basics.
Fedora would have been well served by following Debian's DashAsBinSh project back in the day. Post-kernel boot times might have been cut by up to a half or so, thus dulling the argument for systemd to begin with.