The response was correct. Barter is illegal (in the US at least.) You are supposed to determine the value of the services and pay taxes on that. Technically, if you did not do this, you did not declare all of your income, and are liable for that.
CRC32 is not suitable, try MD4 instead
on
Javascrypt
·
· Score: 1
I've been meaning to find a crypto guy to ask if I could just use CRC32 to hash the input string, since MD5 is too much Javascript to bookmark in IE. I know it's not a secure way to checksum a file, but given a CRC32 hash and part of the input, can you recover the other part? Anybody?
It would depend upon how much of the file you have compared to how much of it you need, at a minimum, it would narrow the possiblilities of what the original contained by quite a bit. The bigger concern is that CRC32 is reversible, meaning that adding the URL before you hash it would be useless for security, as it can be reversed into a CRC of just the master password. At this point, you could calculate what any of the passwords you are using are by simply running a CRC32 on the URL of the site and starting with the CRC of just the master password (it would also provide useful information to crack the master password, although this would not be necessary, as the data it protected would be exposed anyway.) In short, you still need to use a cryptographic hash.
If MD5 is too much for the browser, you may want to look into MD4. MD4 requires quite a bit less processing power to compute than MD5, and can be coded in much less space. MD5 is a safer method of hashing, however either should be suitable for what you are doing. The important thing is that the hash not be reversible.
I'll often put five or more function calls into an if() conditional, ||ing their error conditions together -- but there's nothing wrong with that;
Unless of course you care about the order in which they are called. Note that the C spec says that there is a sequence point after each conditional however, the order in which conditionals in an || are evaluated is not defined in the standard, as in, there is no sequence point there. so in a statement such as:
Any good C compiler will warn you (or force you to make an explicit cast) when you are doing something that may not be safe. The difference is that C ALLOWS the programmer to override this when they wish to. That is one of the reasons it is used for pretty much anything where speed is critical, it lets the programmer make the decisions, and does not attempt to second guess him/her. A bad C programmer can be pretty terrible but, a good one knows what is safe in the situation. Automatic memory management is also not nearly as efficient as a manual decision, the safety Java (and most higher level languages) gives comes at a high cost in system resources, and in many cases this is either not desirable or acceptable.
For a really interesting project, look at the OPEC estimates of how much oil there is left in its member countries. Then look at what they were five years ago. Keep in mind that the amount of oil they may sell in a year is based on how much they have left (a hint, the numbers went up dramatically without any new oil being found.) Another factor is that although we believed there was a signifigant quantity of oil in the Caspian sea, this turned out not to be the case, in fact, there is not much there at all.
We are not going to "run out" of oil anytime soon however, we are going to have problems. The peak oil production the world is capable of (referred to as the Hubbart Peak) is expected to be hit in 2008. From there the amount of oil we can successfully extract from the ground will fall each year (ALL major oil fields are currently pumping water in to get more oil out and, this is the best method we have currently.) We will not suddenly hit a time when we are out of oil however, in a few years, shortages will begin, they will not be dramatic however, either fossil fuel usage will decline or, somebody will have to do without. Why do you think the U.S. went to war in Iraq? Why do you think the U.S. supported an attempted coup in Venezuela? These are the second top two oil producing nations, with Saudi Arabia leading (which has a *cough* agreement with the U.S.) Somebody is not going to be able to fill their oil demand soon (why do you think N. Korea is reactivating their nuclear power plants? We refused to sell them oil.), and the first world nations are taking steps to make sure that they are not the ones lacking. Another interesting fact, if the Alaskan oil reserves were drained dry it would only provide two months of oil for the U.S. (and it is not possible to extract it at this rate, or to get 100% of it.)
That being said, I do not think the current blackouts have anything to do with this.
A bit of Googling will verify this information if you wish to. It really is a very interesting subject.
Yes, and then software liability will be mandated by legislation and then everyone in the software industry will be trouble.
Speak for yourself. I already guarantee my software. If software coming out of my company fails to operate as described, at the very minimum the purchase price will be refunded (other damages are limited, but would still be quite costly to us.)
To preempt the first expected argument:
If a client asks us to do something which may cause reliability issues, we suggest another method. If they still wish it, after being warned, we describe what possible problem we have found, and make them sign off on it. No guarantee is made in this case. In almost every case, as long as you are polite and resonable, your advice is respected and taken.
To preempt the second expected argument:
It is certainly not impossible to write bug free code, nor is it even extremely diffucult to do. It does however, take quite a bit of attention to detail and an understanding of what you are doing. If you think this cannot be done on a large scale, I have worked on processing systems with over one hundred million lines of code, where this was done every day (COBOL IBM S/390.) While there was a very large testing staff, it was made very clear that the job of QA people was not to find bugs for the programmers, but rather to verify that the programmer had done their job correctly.
Eventually, there will be some sort of required liability, and if is not done by the government, it will be done by industry. As computers become more important, this time draws closer. If you are incapable of verifying your own code to the point that you are nearly certain it will not break, you do not belong in this career. If you conceal the existance of a problem, or fail to properly verify your code so that you can meet a deadline, you are unethical, which is never good for your career in the long run.
I apologize for the rant, but I do not feel your statement applies to me, and I am a part of the software industry. The vast majority of business my firm receives is the result of referrals, and this is a fact in which I take great pride.
It is quite true that a diverse computing environment is not as efficient (as I believe was mentioned in another post). It also increases your chances of being affected by a vulnerability (running linux and windows means that you are vulnerable to attacks against either one) however, the damage caused by a single vulnerability is likely to be less. A determination has to be made in each case which is the preferable situation. If you have incompetent or overworked admins, you should also take this into account. The point I was trying to make is that slightly different versions of the same general operating system does not qualify as diversity. For example, if you are running both windows NT and 2000, you do not have a diverse environment, nor do you have a diverse environment if you are running both linux 2.2 and 2.4.
Diversity would mean that there is a healthy mix of signifigantly different sytems. Not that there are slightly different versions of the same one.
You write as if this is a standard
on
Ogg Now An RFC
·
· Score: 1
This is not a standard of any type. This is an Informational RFC. Pretty much anybody can get an Informational RFC published. An informational RFC is not endorsed by the IETF as a standard in any way. They are published upon a request by the author and, do not go through the design and review process that a standards track RFC does. They do exactly what the name says, they provide information about something the author felt should be documented.
You changed a 2000 line program into a 15,000 line program just so that it could fit your definition of "properly structured". That is kind of f*cked up.
Your mainframe CRASHED?! Wow. The one I used to work on had been running for TEN YEARS, and the only reason it was that short is that was the time for the upgrade to S/390 from S/370. It would have been kind of hard to keep it running through that. It's probably still running without any downtime.
I speak as a 21 year old who faced much the same decisions. I will give you the progression of the decisions I made, the paths my career took and, my thoughts on it. I am probably a bit closer in age than many of the responses you will get.
I started programming at 10 years old in x86 Assembly on a 286.
At late 15 I realized that there was a pretty severe shortage of mainframe programmers (as ironic as that is, considering the story) due to the impending year 2000 problem. I promptly learned COBOL, JCL and, CICS, since those seemed to be the things most needed.
It took me a few months to find someone who would hire me, but I did. I started a job as an intern doing Y2K remediation on an IBM S/390 in COBOL at 16 (at a large insurance company.)
Once that project was over, I became a real employee as a programmer / analyst, still in COBOL. I became invaluable to the company by learning a language called EAZYTRIEVE (not EAZYTRIEVE+) which they had a signifigant number of programs written in and, nobody who knew the language. They were also unable to find anybody who knew it or, any reference materials on it. This turned out to be very cool as, there were about 10 years worth of change requests piled up and, it was pretty much up to me which ones were done. It was shortly after this that I realized that I was making more than I could have expected to right out of a college.
At 17 I got tired of the green text on black background thing and, changed positions to Network Administrator, then realized quickly that I really did not like people much. I spent about 3 weeks doing this total.
Luckily for me, I there was a position opening in the marketing department for something called "Technical Consult to Marketing". I pulled a couple of strings and got that job. It is important to realize that marketing tends to be the best funded and most powerful part of most corporations. My job consisted of nothing more than being somewhere near a phone during business hours (I quickly aquired a cell phone.) This has to have been one of the most fun jobs I have ever had. I got pretty much as much time as I wanted off (paid) and wrote things I wanted to write, occasionally writing a prgram or two for the marketing people, who would then trade them out for favors among the rest of the company, and my primary job, figuring how the marketing department could say various things that sounded impressive without actually doing anything. Interesting setup to say the least. I also dropped out of high school and moved out of my parents house shortly after taking this job. I have worked mainly from home since this point.
At 18 I changed companies to a somewhat small internet startup. I was their resident systems programmer, using C and x86 ASM mostly (all of their products were written in VB, which I refused to write in, but that did not seem to bother them at first, it did later, although I still refused to write in it). I think they just felt better having somebody who knew how a computer actually worked around. The company slipped into a bit of financial trouble a few months after I got there. I also attended college briefly during this period (two quarters, on full scholarship due to SAT scores.) I could not take the mind numbingly booring classes anymore and dropped out of this too. I also did a bit too many drugs during this time period. That continued into the next one as well, but turned out alright in the end (although a few of my friends did not make it out quite so well.)
At 19, when the CTO left the company, I rose to that position. The company only lasted about six months after this but, it is a nice thing to have on ones resume. At this time I began planning with someone I had met at my earlier job (who was an AVP of marketing) to start a consulting and software company, noticing that people were beginning to lay people off from technical positions at a pretty amazing rate, and thinking that a lot of this work would likely still have to be done, and woul
I rather enjoyed COBOL. I used it professionally on an IBM S/390 for a few years. Lovely language. It makes it hard to write messy code, which is a huge bonus when you are working on 30 year old programs. Granted, I use C and x86 ASM mostly now but that is simply because COBOL is generally ill suited to PC programming. I really cannot see why so many people dislike COBOL.
Yes, but having 36 bit address space on a 32 bit processor means memory bank switching. Do you remember segmentation? With a 64 bit processor the memory model can be flat up to a 64 bit address space. For now, 40 bit physical address space is plenty, when this changes, it can be increased while staying on a flat memory model.
Re:One possible practical application?
on
The Space Elevator
·
· Score: 1
Actually nuclear waste is very easy to recycle. It is not permitted currently because during the recycling process it is easy to produce weapons grade nuclear material.
The SYSTEM account has no access to network resources. Nor can it be logged into interactively. In order to use it, you need a program to set itself up as the system account. Then, if you want to use it over a network, you need another program running as some other account to communicate with it. This makes it somewhat difficult to exploit (although I remember a bug in RPC which did exactly this for you.)
While it is true that most compilers will do this, they generally still turn it into assembly first, the assembler is run as another pass by the compiler. Sometimes the assembly is not saved to disk, but that does not mean it is not produced.
On the other hand, I've seen C and C++ programmers come up with the most amazingly fucked up atrocities to get around the strongly-typed nature of those languages
They are incompetent, that is what type casting and void pointers are for.
Why does it play with the floppy drive or CD rom at all if its told to just boot C:?
The purpose is to load the operating system, not boot "C:". The operating system may be on a floppy disk or CD. installing an operating system on a new hard drive should become a decent challenge ( =
Yes, but what happens when that application becomes applicaions (plural.) Changing a database in that case can have unintended consequences, which is exactly why programmers generally DO NOT get to control database layout (unless of course the database is for a single application, or the company plans to have major IT headaches.)
In my experience the degree is fairly worthless. I am far more likely to hire somebody with even one year of experience, and no degree at all, than I am to hire somebody with only a degree. I have found that not only do CS programs not teach you what you need to know, but also teach you things that simply do not work in the real world, hence a period to unlearn it. The only position I even consider someone with a degree and no experience for is as an intern, making about 7.50 an hour. Unless they can make quite an impression in some other way (which is a chance I also give people with no experience and no degree.) I know that the degree is supposed to show that you know what you are doing, but it simply does not, perhaps because unlike in most fields, the same task is not repeated many times in this field, instead it is a new problem, which requires a new solution, every time. The ability to reason and design is far more important than knowing how someone else solved a problem that barely relates to what you are doing. The part they do teach you can be looked up on the internet in a matter of seconds anyway, if it is though that it may help.
Slashdot Mirror
The response was correct. Barter is illegal (in the US at least.) You are supposed to determine the value of the services and pay taxes on that. Technically, if you did not do this, you did not declare all of your income, and are liable for that.
I've been meaning to find a crypto guy to ask if I could just use CRC32 to hash the input string, since MD5 is too much Javascript to bookmark in IE. I know it's not a secure way to checksum a file, but given a CRC32 hash and part of the input, can you recover the other part? Anybody?
.
It would depend upon how much of the file you have compared to how much of it you need, at a minimum, it would narrow the possiblilities of what the original contained by quite a bit. The bigger concern is that CRC32 is reversible, meaning that adding the URL before you hash it would be useless for security, as it can be reversed into a CRC of just the master password. At this point, you could calculate what any of the passwords you are using are by simply running a CRC32 on the URL of the site and starting with the CRC of just the master password (it would also provide useful information to crack the master password, although this would not be necessary, as the data it protected would be exposed anyway.) In short, you still need to use a cryptographic hash
If MD5 is too much for the browser, you may want to look into MD4. MD4 requires quite a bit less processing power to compute than MD5, and can be coded in much less space. MD5 is a safer method of hashing, however either should be suitable for what you are doing. The important thing is that the hash not be reversible.
I'll often put five or more function calls into an if() conditional, ||ing their error conditions together -- but there's nothing wrong with that;
Unless of course you care about the order in which they are called. Note that the C spec says that there is a sequence point after each conditional however,
the order in which conditionals in an || are evaluated is not defined in the standard, as in, there is no sequence point there. so in a statement such as:
if((Do_Something())
||(Do_Something_Else()))
{
goto Label_Error_And_Exit;
}
The order in which Do_Something and Do_Something_Else are called is undefined, it is compltely up to the compiler.
Any good C compiler will warn you (or force you to make an explicit cast) when you are doing something that may not be safe. The difference is that C ALLOWS the programmer to override this when they wish to. That is one of the reasons it is used for pretty much anything where speed is critical, it lets the programmer make the decisions, and does not attempt to second guess him/her. A bad C programmer can be pretty terrible but, a good one knows what is safe in the situation. Automatic memory management is also not nearly as efficient as a manual decision, the safety Java (and most higher level languages) gives comes at a high cost in system resources, and in many cases this is either not desirable or acceptable.
For a really interesting project, look at the OPEC estimates of how much oil there is left in its member countries. Then look at what they were five years ago. Keep in mind that the amount of oil they may sell in a year is based on how much they have left (a hint, the numbers went up dramatically without any new oil being found.) Another factor is that although we believed there was a signifigant quantity of oil in the Caspian sea, this turned out not to be the case, in fact, there is not much there at all.
We are not going to "run out" of oil anytime soon however, we are going to have problems. The peak oil production the world is capable of (referred to as the Hubbart Peak) is expected to be hit in 2008. From there the amount of oil we can successfully extract from the ground will fall each year (ALL major oil fields are currently pumping water in to get more oil out and, this is the best method we have currently.) We will not suddenly hit a time when we are out of oil however, in a few years, shortages will begin, they will not be dramatic however, either fossil fuel usage will decline or, somebody will have to do without. Why do you think the U.S. went to war in Iraq? Why do you think the U.S. supported an attempted coup in Venezuela? These are the second top two oil producing nations, with Saudi Arabia leading (which has a *cough* agreement with the U.S.) Somebody is not going to be able to fill their oil demand soon (why do you think N. Korea is reactivating their nuclear power plants? We refused to sell them oil.), and the first world nations are taking steps to make sure that they are not the ones lacking. Another interesting fact, if the Alaskan oil reserves were drained dry it would only provide two months of oil for the U.S. (and it is not possible to extract it at this rate, or to get 100% of it.)
That being said, I do not think the current blackouts have anything to do with this.
A bit of Googling will verify this information if you wish to. It really is a very interesting subject.
http://www.iab.org/documents/docs/2003-09-20-dns-w ildcards.html
This is the actual IAB Commentary on Verisigns recent activity. The link the article gives is not correct.
Yes, and then software liability will be mandated by legislation and then everyone in the software industry will be trouble.
Speak for yourself. I already guarantee my software. If software coming out of my company fails to operate as described, at the very minimum the purchase price will be refunded (other damages are limited, but would still be quite costly to us.)
To preempt the first expected argument:
If a client asks us to do something which may cause reliability issues, we suggest another method. If they still wish it, after being warned, we describe what possible problem we have found, and make them sign off on it. No guarantee is made in this case. In almost every case, as long as you are polite and resonable, your advice is respected and taken.
To preempt the second expected argument:
It is certainly not impossible to write bug free code, nor is it even extremely diffucult to do. It does however, take quite a bit of attention to detail and an understanding of what you are doing. If you think this cannot be done on a large scale, I have worked on processing systems with over one hundred million lines of code, where this was done every day (COBOL IBM S/390.) While there was a very large testing staff, it was made very clear that the job of QA people was not to find bugs for the programmers, but rather to verify that the programmer had done their job correctly.
Eventually, there will be some sort of required liability, and if is not done by the government, it will be done by industry. As computers become more important, this time draws closer. If you are incapable of verifying your own code to the point that you are nearly certain it will not break, you do not belong in this career. If you conceal the existance of a problem, or fail to properly verify your code so that you can meet a deadline, you are unethical, which is never good for your career in the long run.
I apologize for the rant, but I do not feel your statement applies to me, and I am a part of the software industry. The vast majority of business my firm receives is the result of referrals, and this is a fact in which I take great pride.
There are good ones too. For example, Singapore has an excellent state run telco monopoly.
That's the point -- you can't do anything, no matter how pissed off you get or how badly you are wronged.
There is always revolution...
It is quite true that a diverse computing environment is not as efficient (as I believe was mentioned in another post). It also increases your chances of being affected by a vulnerability (running linux and windows means that you are vulnerable to attacks against either one) however, the damage caused by a single vulnerability is likely to be less. A determination has to be made in each case which is the preferable situation. If you have incompetent or overworked admins, you should also take this into account. The point I was trying to make is that slightly different versions of the same general operating system does not qualify as diversity. For example, if you are running both windows NT and 2000, you do not have a diverse environment, nor do you have a diverse environment if you are running both linux 2.2 and 2.4.
"Diversity of Windows installations"
I believe you completely missed the point.
Diversity would mean that there is a healthy mix of signifigantly different sytems. Not that there are slightly different versions of the same one.
This is not a standard of any type. This is an Informational RFC. Pretty much anybody can get an Informational RFC published. An informational RFC is not endorsed by the IETF as a standard in any way. They are published upon a request by the author and, do not go through the design and review process that a standards track RFC does. They do exactly what the name says, they provide information about something the author felt should be documented.
You mean there are actually people who PAY for windows... wow. ( =
You changed a 2000 line program into a 15,000 line program just so that it could fit your definition of "properly structured". That is kind of f*cked up.
Your mainframe CRASHED?! Wow. The one I used to work on had been running for TEN YEARS, and the only reason it was that short is that was the time for the upgrade to S/390 from S/370. It would have been kind of hard to keep it running through that. It's probably still running without any downtime.
I speak as a 21 year old who faced much the same decisions. I will give you the progression of the decisions I made, the paths my career took and, my thoughts on it. I am probably a bit closer in age than many of the responses you will get.
I started programming at 10 years old in x86 Assembly on a 286.
At late 15 I realized that there was a pretty severe shortage of mainframe programmers (as ironic as that is, considering the story) due to the impending year 2000 problem. I promptly learned COBOL, JCL and, CICS, since those seemed to be the things most needed.
It took me a few months to find someone who would hire me, but I did. I started a job as an intern doing Y2K remediation on an IBM S/390 in COBOL at 16 (at a large insurance company.)
Once that project was over, I became a real employee as a programmer / analyst, still in COBOL. I became invaluable to the company by learning a language called EAZYTRIEVE (not EAZYTRIEVE+) which they had a signifigant number of programs written in and, nobody who knew the language. They were also unable to find anybody who knew it or, any reference materials on it. This turned out to be very cool as, there were about 10 years worth of change requests piled up and, it was pretty much up to me which ones were done. It was shortly after this that I realized that I was making more than I could have expected to right out of a college.
At 17 I got tired of the green text on black background thing and, changed positions to Network Administrator, then realized quickly that I really did not like people much. I spent about 3 weeks doing this total.
Luckily for me, I there was a position opening in the marketing department for something called "Technical Consult to Marketing". I pulled a couple of strings and got that job. It is important to realize that marketing tends to be the best funded and most powerful part of most corporations. My job consisted of nothing more than being somewhere near a phone during business hours (I quickly aquired a cell phone.) This has to have been one of the most fun jobs I have ever had. I got pretty much as much time as I wanted off (paid) and wrote things I wanted to write, occasionally writing a prgram or two for the marketing people, who would then trade them out for favors among the rest of the company, and my primary job, figuring how the marketing department could say various things that sounded impressive without actually doing anything. Interesting setup to say the least. I also dropped out of high school and moved out of my parents house shortly after taking this job. I have worked mainly from home since this point.
At 18 I changed companies to a somewhat small internet startup. I was their resident systems programmer, using C and x86 ASM mostly (all of their products were written in VB, which I refused to write in, but that did not seem to bother them at first, it did later, although I still refused to write in it). I think they just felt better having somebody who knew how a computer actually worked around. The company slipped into a bit of financial trouble a few months after I got there. I also attended college briefly during this period (two quarters, on full scholarship due to SAT scores.) I could not take the mind numbingly booring classes anymore and dropped out of this too. I also did a bit too many drugs during this time period. That continued into the next one as well, but turned out alright in the end (although a few of my friends did not make it out quite so well.)
At 19, when the CTO left the company, I rose to that position. The company only lasted about six months after this but, it is a nice thing to have on ones resume. At this time I began planning with someone I had met at my earlier job (who was an AVP of marketing) to start a consulting and software company, noticing that people were beginning to lay people off from technical positions at a pretty amazing rate, and thinking that a lot of this work would likely still have to be done, and woul
I rather enjoyed COBOL. I used it professionally on an IBM S/390 for a few years. Lovely language. It makes it hard to write messy code, which is a huge bonus when you are working on 30 year old programs. Granted, I use C and x86 ASM mostly now but that is simply because COBOL is generally ill suited to PC programming. I really cannot see why so many people dislike COBOL.
Yes, but having 36 bit address space on a 32 bit processor means memory bank switching. Do you remember segmentation? With a 64 bit processor the memory model can be flat up to a 64 bit address space. For now, 40 bit physical address space is plenty, when this changes, it can be increased while staying on a flat memory model.
Actually nuclear waste is very easy to recycle. It is not permitted currently because during the recycling process it is easy to produce weapons grade nuclear material.
The SYSTEM account has no access to network resources. Nor can it be logged into interactively. In order to use it, you need a program to set itself up as the system account. Then, if you want to use it over a network, you need another program running as some other account to communicate with it. This makes it somewhat difficult to exploit (although I remember a bug in RPC which did exactly this for you.)
While it is true that most compilers will do this, they generally still turn it into assembly first, the assembler is run as another pass by the compiler. Sometimes the assembly is not saved to disk, but that does not mean it is not produced.
On the other hand, I've seen C and C++ programmers come up with the most amazingly fucked up atrocities to get around the strongly-typed nature of those languages
They are incompetent, that is what type casting and void pointers are for.
Why does it play with the floppy drive or CD rom at all if its told to just boot C:?
The purpose is to load the operating system, not boot "C:". The operating system may be on a floppy disk or CD. installing an operating system on a new hard drive should become a decent challenge ( =
Yes, but what happens when that application becomes applicaions (plural.) Changing a database in that case can have unintended consequences, which is exactly why programmers generally DO NOT get to control database layout (unless of course the database is for a single application, or the company plans to have major IT headaches.)
In my experience the degree is fairly worthless. I am far more likely to hire somebody with even one year of experience, and no degree at all, than I am to hire somebody with only a degree. I have found that not only do CS programs not teach you what you need to know, but also teach you things that simply do not work in the real world, hence a period to unlearn it. The only position I even consider someone with a degree and no experience for is as an intern, making about 7.50 an hour. Unless they can make quite an impression in some other way (which is a chance I also give people with no experience and no degree.) I know that the degree is supposed to show that you know what you are doing, but it simply does not, perhaps because unlike in most fields, the same task is not repeated many times in this field, instead it is a new problem, which requires a new solution, every time. The ability to reason and design is far more important than knowing how someone else solved a problem that barely relates to what you are doing. The part they do teach you can be looked up on the internet in a matter of seconds anyway, if it is though that it may help.