Slashdot Mirror


User: jbolden

jbolden's activity in the archive.

Stories
0
Comments
13,627
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,627

  1. Perl on Oracle's Latest Java Moves Draw Industry Ire · · Score: 1

    If you are talking about when Java took off, the early 1990s Python was immature. Perl would have been the better choice and was about 10x as popular.

    The big issue is that Perl, Python and Ruby are all dynamic. Dynamic languages are prone to all sorts of runtime errors that static languages don't have. Further the theory of how to optimize static code is vastly more advanced, and was more advanced then. Given how Java was going to be running, dynamic languages were out. VBScript and Javascript were the dynamic web based languages. There were also more mature platform independent languages at the time like Smalltalk,

    There wasn't anything else but Oak/Java to full the niche of cross platform, bytecode secure VM...

  2. Re:Embrace and suffocate ?? Anyone ? on Oracle, Cloudera Team Up On Hadoop Appliance · · Score: 1

    No you don't. If you don't think the distinctions between types of businesses are important, and still want to comment on business...

  3. Re:Embrace and suffocate ?? Anyone ? on Oracle, Cloudera Team Up On Hadoop Appliance · · Score: 1

    How is this is a monopoly? I think you mean conglomerate.

  4. Re:yeah on Data Hogs: the Monsters Carriers Created · · Score: 1

    That will happen when demand for data falls off relative to supply. Right now companies are spending a fortune adding capacity. Think about what's happened to the price of minutes.

    Think about how they aren't able to monetize things like GPS, ring tones or video entertainment anymore, they are just collecting (small) data fees.

  5. Re:yeah on Data Hogs: the Monsters Carriers Created · · Score: 1

    You are forgetting something in your math. Because phones are heavily subsidized the cost of a data plan should really be consider subtracting off the additional subsidy. So I'd do the same math you are doing but start by subtracting $10 from each plan.

    So AT&T is charging you $5/mo for 200mb vs. $15/mo for 2g. A 3::1 ratio in cost for 10::1 in data vs. 5::3 in cost for 10::1 in data. Still a very large discount but not as large as you were making it out to be.

  6. Obama on Ask Slashdot: Which Candidates For Geek Issues? · · Score: 1

    He picked Julius Genachowski an early innovator in web technology to head the FCC, and a huge advocate of net neutrality. Obama has consistently sided with science. I think it is a no brainer.

    In terms of Republicans...
    John Huntsman is pro science
    Newt Gingrich has a long history of being pro technology. He tends to go for big government technology investment.

  7. Re:Quality on Nginx Overtakes Microsoft As No. 2 Web Server · · Score: 1

    Sure imagine if I have to maintain 100m sessions, which are 95% inactive on 1m websites my company hosts simultaneously. nginx uses 2.5Mb per 10k inactive sessions. So for the 95m inactive sessions I'm at 23.75 gigs. Say on the order of a dozen servers to handle those inactives.

    On the other hand apache can't get to 10k session at all. So I might be at one server per 5k inactive sessions or around 19k extra servers.

    That doesn't change anything about the 5m active sessions, and that could be another 10,000 servers easy.

    But the difference between 10k servers for apache and 30k severs for nginx is what you are buying.

  8. Re:Results on Why Freemium Doesn't Work · · Score: 1

    Remember the email was generated after a period of time. And many of them likely had to create multiple accounts to bypass the one letter restriction.

    They likely didn't even remember getting the email from the paid service.

  9. Re:Odd example... on Why Freemium Doesn't Work · · Score: 1

    Which may be the genesis of the spam complaint. He has a bunch of free customers who gave him a 1/2 dozen email addresses to generate more than one letter and saw it as spam when they got a 1/2 dozen emails.

  10. Re:I absolutely agree on Why Freemium Doesn't Work · · Score: 1

    That's common in most things, behavior changes belief not visa versa. And it is very counter intuitive.

  11. Re:Quality on Nginx Overtakes Microsoft As No. 2 Web Server · · Score: 2

    nginx uses a different strategy for how it utilizes hardware. It is not so much a configuration problem as a density problem. For things like webhosting companies, which are a huge percentage of websites, nginx cuts costs.

  12. Re:IIS will become legacy software on Nginx Overtakes Microsoft As No. 2 Web Server · · Score: 2

    That article is looking at a type of webserving where the webserver using a substantial percentage of hardware. There are a huge number of applications in which the number of clients is vanishingly small but there is a strong desire to offer integration with other services, primarily intranets. In other words IIS is likely to thrive is where it always has, in the intranet where you want a non standard value add webserver solution.

    As a percentage of websites though, intranets are small.

  13. Re:IIS still wins on Nginx Overtakes Microsoft As No. 2 Web Server · · Score: 2

    You meant that sarcastically, but it isn't entirely unreasonable to drop free webservers and look at profits as a different way of accounting. It does tell us something that for a long time with so many good free ones that: IIS, Oracle Weblogic (BEA), IBM's , LiteSpeed, riverbed ... are still sold. And the reason interestingly enough is generally the same. Integration.

    In both the case of iPhone over Android and commercial over free webservers it appears that customers consider integration / ease of integration to be a service worth paying substantial money for.

  14. Re:Layers on Ask Slashdot: Writing Hardened Web Applications? · · Score: 1

    I always tell people good security quintuples the cost. If they still talking then we are going to get all the way through. If they were thinking more like an extra 10% then we start looking at a few gimmicks to get a cheap boost and forget doing it right.

  15. Re:Layers on Ask Slashdot: Writing Hardened Web Applications? · · Score: 1

    You are an AC but just in case someone is confused by your comments, you sound like someone who knows a limited number of approaches.

    1) I meant capabilities (http://en.wikipedia.org/wiki/Capability-based_security )
    2) I didn't say "list all attack vectors". I recommended a specific approach to avoid having to make that sort of comprehensive list. Listing all attack vectors assumes you already know a great deal about securing your system.
    3) There is far more than just POST and GET. This isn't 1996 and he isn't necessarily using CGI for the application.
    4) Of course databases do checking. At the most basic level: http://en.wikipedia.org/wiki/Relational_database#Constraints . Beyond that capabilities are important, if data is coming in tainted it can only be read by subsystems which are designed for tainted data.
    5) As for the network, I absolutely want fragmentation not separation. I don't just want distinct subnets, but subnets where the majority of machines are non-addressable from the other side.

    What the guy asks for, is actually insight to make educated decisions.

    No, read the post. "I am clueless of what is requires to create a web server that is as secure as, say, a banking account management system" I gave him a list of what is done. And the first thing is if he is clueless, he shouldn't be the one making the decisions he needs to bring other people onboard.

  16. Re:Layers on Ask Slashdot: Writing Hardened Web Applications? · · Score: 2

    I wonder if any web applications that properly implement all those things and more even exist

    Yes, this sort of layered approach is common in most of the internet application services. I've worked with Yahoo and Myspace on parts of their infrastructure. They get an amazing amount of attacks.

  17. Re:Layers on Ask Slashdot: Writing Hardened Web Applications? · · Score: 1

    I was saying vulnerability assessment above. VA (IMHO) is very specific to the choice of tools. But I agree it is a critical part of the process. Humans can check some stuff in detail but they don't check 50,000 easy things.

  18. Re:FINALLY! on Ask Slashdot: Writing Hardened Web Applications? · · Score: 1

    Whitelisting is a pain in most languages and a lot of work. That's why I'd go with languages and/or frameworks that make it mandatory and easy. But fundamentally most developers don't like doing security, that's why it is often a good idea to have a security development team do work like validation of input functions and then the more application oriented stuff is done by developers.

  19. Re:FINALLY! on Ask Slashdot: Writing Hardened Web Applications? · · Score: 1

    All input is suspect, all users are suspect, deny access to everything and go from there.

    Nicely put. I agree. And possibly -- internal users are suspect as well.

    I agree with you on money saving. Very few people want to pay for security, except for security companies and the military. Web companies aren't bad either because they have to deal with so many attacks. But in general most people want to claim security without the spending.

  20. Layers on Ask Slashdot: Writing Hardened Web Applications? · · Score: 4, Insightful

    A few things;

    1) Multiple layers. Consider your application and the entire framework it exists in. Assume that each part is completely under the control of a hostile. Now design the system so that the hostile still can't do much harm. So for example start with the webserver assume it were hostile, how are you protecting the data? Go through the entire architecture this way and make sure you can contain any type of part under hostile control even if it went undetected.

    2) You probably want to be using capabilities not permissions i.e. X has the permission to do Y to Z, not X has the permission to do Y. That takes a ton of time to setup, and it is as much a jump in security as going from no password to passwords.

    3) You want to use languages, servers, software that are security aware and designed. So for an obvious example you want to use web frameworks that taint check everything as a matter of course. You want a database that does the same thing (remember multiple layers).

    4) You are going to want a full security implementation. A fragmented network, the server in a DMZ with monitoring behind a firewall. You are going to want intrusion detection and vulnerability assessment.

    5) If you are really serious, hire a white hat team to audit you and do multiple cycles.

    And if your boss is serious I'd be happy to start discussing this professionally.

  21. Re:Natural monopolies are a myth on The Un-Internet and War On General Purpose Computers · · Score: 1

    All large companies interact with government policies of one sort of another. We've seen natural monopolies in utilities, in sugar, in steel, in oil and now arguably we are having trust issues in global finance.

    If you counter argument is natural monopolies don't really exist because in theoretical anarchist world, they wouldn't exist that doesn't mean much. In the real world they are created.

  22. Re:BASIC on Open Source IDE GAMBAS Reaches 3.0 · · Score: 1

    Remember the point is an embedded language so it won't be an ANSI FORTH, it must different because it is going to be using the application objects as primitives. I think FORTHs are amazing at new primitives.

    Anyway, yes I agree an LISP is easier to learn. Especially since you can use XML syntax.

  23. Re:BASIC on Open Source IDE GAMBAS Reaches 3.0 · · Score: 1

    OK good, that's exactly the point. You want your application's data objects to be the primitives in your new derivative language. For example in a shell you want files to be primitive objects, while in most other languages you wouldn't. And in a spreadsheet you are going to want cells to be primitives. That's a good way to say it, you want to use a BASIC because you are going to need create a derivative language which means you can't just pull in a library from a preexisting language.

  24. Re:BASIC on Open Source IDE GAMBAS Reaches 3.0 · · Score: 1

    I can just link in some library and go

    That should read I can't just link in some library and go

  25. Re:BASIC on Open Source IDE GAMBAS Reaches 3.0 · · Score: 1

    I don't think you are getting this.

    I have an app, ABC. The purpose of the control language is to manipulate the internal data structures of ABC app. The purpose is not to offer a generic python. Python out of the box doesn't allow me to manipulate ABC's data structures, libpython doesn't let me do that. I need to rebuild the python where I'm changing the internal primitives. I can just link in some library and go. Most likely I want to change what are or are not primitive objects in the language. So for example in Excel control language I'd want sheetname!Column(Letters)Row(numbers) to be a special type of syntax with different parsing rules, a special type of variable. I can't use the generic parser.

    What you might be thinking of is, is having ABC offer an API and creating a python library to manipulate that API. In which case the API is essentially the control language. but it can be minimally featured because the feature set comes from the library not the API. And that is totally possible and you could use libpython for that. But... that's an entirely different approach from the ground up.