OK, I'll bite. What do you consider to be better than php?
I coded the payment system on our store's website in python CGI scripts. Keep it simple first. It helps that I'm a crypto security type engineer for a big techy company in my day job, so it's not a challenge to bake in defense in depth. It sucks when PCI-DSS scans ding you for insecure versions after their probe finds my honeypot.
As far as I can tell, that's been trending since before I was at college. I graduated in 1991.
It's still a good idea though. I tend to build things as a collection of command line tools first. Usually operating against a shared data model, be it in RAM, or a database or whatever. Then it's easy to add arbitrary UIs and really easy to script actions within the system. If it's for my own use only, then it doesn't need to get past command line tools because GUIs are a crutch in most cases.
Example: on January 2200 we could just apply all leap seconds that are stale, around 10 or so.
The alternative, which is better is to do something so often that implementation problems get ironed out before the big-saved-up-event.
So instead of a leap second, have a leap milisecond inserted 10,000 times more often than the leap-10-seconds. Humans wouldn't notice and implementation errors would be seen and fixed quickly.
"Ok so they grow faster. Does that mean they eat a proportional amount more in the same amount of time or are they less dense or less healthy then the original fish?"
There is NO WAY they are even worse than current farm-rised ones. They are simply awful.
Well they are raised in tanks on land. So there's no way they are better than farm raised salmon.
I've been specifically rejecting products lately that say "No GMOs", or "Organic" on their labels because I think it's marketing hype that caters to the ignorant masses. It's getting harder every day to do that though.
I've managed to neatly sidestep the GMO/Organic plants issue is by not eating plants.
However 'organic' cow meat, which I can get in nearby stores, is clearly better tasting than equivalent cow meat from non organic sources. I'll continue to buy it and eat it.
Ah, but that would cut in to their *profits!* The thing to remember here is of course these Salmon will be significantly cheaper to produce. Will they be qualitatively different? of course! faster grown species are always noticeably different. Their trick of course is they will market them as the original species, which they now are not. Just require them to be marketed under a new name...
A new name for faux salmon? May I suggest salmonella?
> Better yet, catch it yourself. It's quite an enjoyable and delicious hobby.
Right, I'll be sure to catch myself a years worth of salmon during the brief period they are catchable here. I'm sure my job won't miss me for however many weeks that takes, if it's even possible. Clearly if I want wild caught fish, or fish that don't have lab tuned genes, I should have to be a subsistence hunter.
Your product UI stinks. Sooner or later someone will come along with a better product and eat your lunch. Your customers hate your product because of the bad UI. The business is at extreme risk.
So find out who the competition is and get a job there.
But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean.
Without going to extreme measures like actually reading the article, I'm going to guess that they mean encryption mechanisms where the service provider (read: Apple or Google) has no way to unilaterally decrypt the user's data, because the only place the decryption passwords/keys are ever stored is on the user's device.
This may be. But Zero Knowledge Proof means something very specific and that isn't it.
Personally, I'd really like to have an opinion on "zero knowledge encryption", but I can't figure out what the hell it is. From context I infer that he's using the term to describe device encryption, as done on Android and iOS. I know what that is, and wholeheartedly support it.
But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean. I know what zero-knowledge proofs are, and they're really cool, but they have nothing to do with device encryption.
I've got it! He's using the phrase "zero knowledge" to describe his understanding of encryption.
This. Zero knowledge protocols and proofs have plenty to do with cryptographic security, most commonly in authentication protocols, but have nothing to do with encryption.
Excess revenue is a big problem for a crowd funded project.
You might know how to build 200 units and ship them. Get some friends in to a soldering party. But if you need to build 200,000, you need manufacturing.
Manufacturing require up front investment, employees, time and effort. The payoff is over a longer period as you ship products to market. If you build 200,000 then stop, you're going to make a huge loss, because you spent all that money setting up the manufacturing.
I seem to live in a different universe. I think about it for a year or two. Go to some conferences to meet experts across the industry. Push some things into standards so it fits with or defines industry practice. Maybe spend a few days coding once I know exactly what needs doing. Then a year or two to deploy and get into products.
There may be multiple such things going on in parallel, but when you're deploying billions of these things and they're crypto and they have to be right and they have to be secure, 'agile' is not an option. Extremely diligent is more the order of things.
Maybe the world is full of insecure online services because they get pushed out the door without extensive scrutiny of the security issues.
With a very very long process in getting it back to boot.
After the government has installed whatever bugs or keyloggers they want? No thanks, it's not worth the effort at that point. Use cheap laptops, encrypt them and accept the fact that if one of them is ever seized, you're never going to use it again or likely even get it back.
The thing I don't get is why everyone assumes that every government is out to get the data on their laptop.
I deal with crypto and governments and I travel a lot. I've never been asked to reveal the contents of my laptop or usb sticks. An Israeli once asked me to show it booted, so he had some reason to believe it wasn't a bomb.
If you carry stuff around in your laptop that would compromise you in some way, by all means protect that information but I don't believe all the people posting the paranoia rants really do.
Slashdot Mirror
OK, I'll bite. What do you consider to be better than php?
I coded the payment system on our store's website in python CGI scripts. Keep it simple first. It helps that I'm a crypto security type engineer for a big techy company in my day job, so it's not a challenge to bake in defense in depth. It sucks when PCI-DSS scans ding you for insecure versions after their probe finds my honeypot.
As far as I can tell, that's been trending since before I was at college. I graduated in 1991.
It's still a good idea though. I tend to build things as a collection of command line tools first. Usually operating against a shared data model, be it in RAM, or a database or whatever. Then it's easy to add arbitrary UIs and really easy to script actions within the system. If it's for my own use only, then it doesn't need to get past command line tools because GUIs are a crutch in most cases.
Unless they built 'robust, maintainable code' (TM) ^_^
It's probably written in COBOL with subroutines RPG II and 360 Assembler.
Or something ludicrous, like as a minecraft mod.
That would be inorganic meats. Probably on some sort of sulfur metabolism. You need lots and lots of ketchup.
Example: on January 2200 we could just apply all leap seconds that are stale, around 10 or so.
The alternative, which is better is to do something so often that implementation problems get ironed out before the big-saved-up-event.
So instead of a leap second, have a leap milisecond inserted 10,000 times more often than the leap-10-seconds. Humans wouldn't notice and implementation errors would be seen and fixed quickly.
"Ok so they grow faster. Does that mean they eat a proportional amount more in the same amount of time or are they less dense or less healthy then the original fish?"
There is NO WAY they are even worse than current farm-rised ones. They are simply awful.
Well they are raised in tanks on land. So there's no way they are better than farm raised salmon.
I've been specifically rejecting products lately that say "No GMOs", or "Organic" on their labels because I think it's marketing hype that caters to the ignorant masses.
It's getting harder every day to do that though.
I've managed to neatly sidestep the GMO/Organic plants issue is by not eating plants.
However 'organic' cow meat, which I can get in nearby stores, is clearly better tasting than equivalent cow meat from non organic sources. I'll continue to buy it and eat it.
Ah, but that would cut in to their *profits!*
The thing to remember here is of course these Salmon will be significantly cheaper to produce.
Will they be qualitatively different? of course! faster grown species are always noticeably different.
Their trick of course is they will market them as the original species, which they now are not. Just require them
to be marketed under a new name...
A new name for faux salmon? May I suggest salmonella?
> Better yet, catch it yourself. It's quite an enjoyable and delicious hobby.
Right, I'll be sure to catch myself a years worth of salmon during the brief period they are catchable here. I'm sure my job won't miss me for however many weeks that takes, if it's even possible. Clearly if I want wild caught fish, or fish that don't have lab tuned genes, I should have to be a subsistence hunter.
Having friends on the res works much better.
Your product UI stinks. Sooner or later someone will come along with a better product and eat your lunch. Your customers hate your product because of the bad UI. The business is at extreme risk.
So find out who the competition is and get a job there.
But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean.
Without going to extreme measures like actually reading the article, I'm going to guess that they mean encryption mechanisms where the service provider (read: Apple or Google) has no way to unilaterally decrypt the user's data, because the only place the decryption passwords/keys are ever stored is on the user's device.
This may be. But Zero Knowledge Proof means something very specific and that isn't it.
Personally, I'd really like to have an opinion on "zero knowledge encryption", but I can't figure out what the hell it is. From context I infer that he's using the term to describe device encryption, as done on Android and iOS. I know what that is, and wholeheartedly support it.
But I have no idea where this "zero knowledge encryption" label came from or what it's intended to actually mean. I know what zero-knowledge proofs are, and they're really cool, but they have nothing to do with device encryption.
I've got it! He's using the phrase "zero knowledge" to describe his understanding of encryption.
This.
Zero knowledge protocols and proofs have plenty to do with cryptographic security, most commonly in authentication protocols, but have nothing to do with encryption.
Excess revenue is a big problem for a crowd funded project.
You might know how to build 200 units and ship them. Get some friends in to a soldering party.
But if you need to build 200,000, you need manufacturing.
Manufacturing require up front investment, employees, time and effort. The payoff is over a longer period as you ship products to market. If you build 200,000 then stop, you're going to make a huge loss, because you spent all that money setting up the manufacturing.
I seem to live in a different universe. I think about it for a year or two. Go to some conferences to meet experts across the industry. Push some things into standards so it fits with or defines industry practice. Maybe spend a few days coding once I know exactly what needs doing. Then a year or two to deploy and get into products.
There may be multiple such things going on in parallel, but when you're deploying billions of these things and they're crypto and they have to be right and they have to be secure, 'agile' is not an option. Extremely diligent is more the order of things.
Maybe the world is full of insecure online services because they get pushed out the door without extensive scrutiny of the security issues.
Most grade school kids could figure this out:
man openssl
Combine OpenSSL with a little AppleScript, and voila, you have the same "proof of concept" that TFA is basically showing. What a fucking joke.
The fix is simple. Just find another vulnerability in openssl and use it to recover the key used to encrypt the data.
That post got mangled beyond recognition by the slashdots. Please insert right and left angle brackets where it makes sense.
The problem with is it could be a forwards arrow or 'greater than or equal to'
It means different things amongst the languages most people use most of the time.
Overloaded terms suck. Let's not do that.
He seems to have a temper tantrum at the littlest of things. Difficult childhood by the sounds of it.
No he had a temper tantrum at the biggest of things.
They can charge you with withholding the key. In the UK, your attempts at evasion would land you in jail.
Well I don't put bombs in things. It's not the kind of thing I do. I'd prefer the additional disk space.
Mongolia is a long way away.
They taste like blue screens of death.
If you're depending on stderr for troubleshooting, you're doing it wrong.
What's your better idea?
What do you thing stderr is for?
With a very very long process in getting it back to boot.
After the government has installed whatever bugs or keyloggers they want? No thanks, it's not worth the effort at that point. Use cheap laptops, encrypt them and accept the fact that if one of them is ever seized, you're never going to use it again or likely even get it back.
The thing I don't get is why everyone assumes that every government is out to get the data on their laptop.
I deal with crypto and governments and I travel a lot. I've never been asked to reveal the contents of my laptop or usb sticks. An Israeli once asked me to show it booted, so he had some reason to believe it wasn't a bomb.
If you carry stuff around in your laptop that would compromise you in some way, by all means protect that information but I don't believe all the people posting the paranoia rants really do.
I doubt there's a law against carrying a low-value SD card in your shoe.
In many countries, including the one I left, there are laws making it illegal to withhold the contents and keys when they find it.
I'm doing fine on the big org side of things.