Slashdot Mirror


User: QuantumG

QuantumG's activity in the archive.

Stories
0
Comments
11,687
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,687

  1. Re:K'Nex on The Star Wars Trilogy Storyline -- In Legos · · Score: 2

    heh.. I have a string of 8 connectix that I make into a "snake" and wrap around my fingers, break, then make into 3 circles, join together, break, make into one big snake again, break, whilst I'm coding.. good stress releiver.

  2. Re:Gold plating the Shackles on Sun's (un)official response to .NET · · Score: 2

    That's not totally true though I appreciate the intent. There's no real reason why you can't have a compiler generate native code. You can have an object (say a COM object if you must) that has all the methods as native x86 code. Now you send this across to another machine and you want to run it as PPC code, just binary translate it. If your compiler anonotates the code entry points by either not using jump on register or using a standard switch format, you just removed half the problems with binary translation. If you know in advance which platforms you are going to need you can generate fat objects with multiple code formats. Your runtime can even sandbox the code by using code verification techniques or proof carrying code.

  3. Re:Be very afraid! on Sun's (un)official response to .NET · · Score: 2

    You can learn many thing about how operating systems work by reading the linux kernel source. You can learn many things about how networking and computer security by setting up linux networks. And I'm just gunna shutter at the "some kind of dos prompt" remark.

  4. no .NET here on Sun's (un)official response to .NET · · Score: 2

    forget the .net. COM is the bomb. Developing a front end in VB and linking it to a crypto engine in C++ is a joy to behold and Microsoft Visual Studio does it so well. I especially love the autocompletion and the tooltips that popup. What is utterly suprising is the fact that COM actually has a comment field for each method in the object. Yes, you can actually document the object in the object and it will display in the development environment.

  5. Re:Not everything from MS is bad, but... on Sun's (un)official response to .NET · · Score: 2

    if Microsoft had ported COM to more platforms we wouldn't have to put up with XPCOM in the Mozilla development tree which is a royal pain in the ass.
    Sometimes I like to stop by a web page I found where they say they are replacing the XPCOM in Mozilla with COM for the win32 version but they havn't done anything for like years.

  6. Re:Handcuffs? on Sun's (un)official response to .NET · · Score: 2

    I'll fight you, I'll fight you and I'll win.

  7. uhhh on Sun's (un)official response to .NET · · Score: 2

    Lastly on platform independence, just realize that Java isn't any more platform independent than anything else, it's just got an interpreter that has been written for each platform! If a new platform comes out, it won't run Java at all until someone writes an interpreter for it....

    Other than, say, having to write a new compiler backend?

    "writing a new interpreter for the platform" is actually as simple as pickup up the JVM source code (yes, Sun releases source to their JVM) and recompiling it on the target platform.

  8. Re:MS CODE -shudder- on Sun's (un)official response to .NET · · Score: 2

    dude.. you know the only good part of VB is the form designer and you can get that in the resource editor. Any code written in VB is guarenteed to be unmaintainable (as is anything written in Perl) but luckily you can train someone up in VB in a fortnight and get them to rewrite the app. I do contract programming in VB now and then because companies can't find people who know VB and know how to code in anything else. Microsoft's promise of releasing a real OO VB this year hasn't happened yet, but should they finally do it you might find that VB becomes a more respected language. ie, if you actually develop a class structure and make your code documentable (say, Microsoft could include a class heirarchy viewer and automatically generate implementation level class diagrams for you that you can abstract to a system overview and maybe even refine a spec from that you can compare to your business rules!) and result in code that lasts more than one developer. In my experience, VB is the throw away language of the Microsoft world. Perl is the throw away language of the Open Source world. Many a sysadmin will say "I need to tally the data usage of our clients" and whip up a perl script. Yes, it takes 1/10 the time of C/C++ (which can be totally abused by a poor programmer) but the code is only readable by the original developer. When you get a new sysadmin he will struggle with the last guy's code for a few months but the first chance he gets he'll replace it all with some more spegetti cobledygook and until he does that he will blame the last guy for everything that goes wrong.

  9. Re:And this was expected on Sun's (un)official response to .NET · · Score: 2

    heh.. you don't have to go to a pro-linux site to see Microsoft bashing. I've worked for dozens of Microsoft houses and every single one of them has programmers bitching about how fucked up Microsoft is. Even when I talk to the CEO's of said companies (many who have made millions from writing code for Microsoft products) they bitch and moan about how Microsoft just doesn't know what they are doing.

  10. Re:Python *and* Java will rule the CLR and the JVM on Sun's (un)official response to .NET · · Score: 2

    Python = LISP + infix operators (which LISP always had by no-one used) - about 5000 ()'s.

  11. Re:The Myth of Bank Security on Online Bank Security: Cover Your Assets! · · Score: 2

    it was an ingenico pin pad. We had a bet with them that we could do it but they never paid up :) But as I said, the NAB system does it all with software and you can read the key out of a file on the harddrive.

  12. Re:The Myth of Bank Security on Online Bank Security: Cover Your Assets! · · Score: 2

    ... this doesn't require a PIN, just a number and an expiry date.

    bzzz.. actually you don't even need the expiry date. Just enter any date after today's date and it will work fine - try it - go to amazon, put in your credit card number and 12/00 and it will work just fine.

  13. Re:I'll take that bet on Election Wrapping Up · · Score: 1

    yerp.. hell of a choice you have there, old dude who lies a lot vs son of dude who nearly plunged the world into world war three.

  14. The Myth of Bank Security on Online Bank Security: Cover Your Assets! · · Score: 5

    I developed a credit card processing gateway in Australia. We dealt with ANZ, Commonwealth, Westpac, St. George, National (NAB) and a number of overseas banks. The security of the ATM/EFTPOS network left us flabergastered. Your average corner store receives a device called a "pin pad".. This is the thing you type your pin number into. It connects to a 2400 baud modem which runs into a standard phone line. A place like us who does thousands of transactions a day (and places like Coles and Woolworths) connect their modems to a "secure" line that is essentially a normal telephone line that goes through different switches. This is called a tran$end line (yes, the $ is intention). Either way, your modem dails out to a remote computer that is connected to the X.25 network. Software in the pin pad generates an x.25 packet with the card details (tracks on the swipe card and the pin number) encrypted with a 56 bit DES key which is set up by the bank when they issue the pin pad to you (a shared secret). The packet is passed blindly onto the x.25 network and the receiving bank does switching to people like visa for credit card purchases or they handle the packet themselves. SWIFT transactions are done the same way. When you are doing online banking, instead of plugging the pin pad directly into the modem, you plug the pin pad into one serial port on your computer and the modem into another serial port. You then run client software on your computer (NT only) which fills in the blank fields of the packet, hands it off to the pin pad to be encrypted and then passes it off to the modem to be sent. Out of curiousity we started reverse engineering the format to the pin pad messages. Essentially it's an ASCII'd version of the x.25 packet with a request byte at the start. Using a plain text attack we were able to recover the DES key from the pin pad and encrypt the packets ourself. It was only after we set up the NAB system that we learned how futile this was. The NAB system uses an NT box (they supply the box) which has no hardware encryption device. The encryption is done by the PC and the DES key is stored in a file on the hard drive. The NAB system is totally insecure. They preinstall PC anywhere on the computer and then dialup to the PC over the tran$end network. Yes, that's right, search bugtraq and you will find an outstanding bug, "PC anywhere passwords passed in the clear". Anyone monitoring your phoneline can see the password and at 2400 baud that is very easy to do. Not that it really matters anyway because they NT box we received from them had not even had any service packs installed. The reason: "we don't run any database or web servers so we don't need the upgrades which these are mainly for fixing". When we asked them where they stored the transaction logs they replied: "in an access database" on the harddrive. I was shocked to find that this included credit card numbers (all the other systems XXX out the middle digits). The commonwealth bank was the securest system I saw. Your web server SSH's to their gateway using an RSA key for authenticity. But perhaps the scariest part of all this is that the entire Australian banking system is outsourced to third parties. This results in the bank having absolutely no idea what they have to do to set up a new client and the rebound of calls from third parties to the banks and back. The bank will give you account numbers which you type into the software and it won't work. So you'll call the vendor and they say "oh.. you just have to add a zero" that doesn't work, so you call back and they say "ahh.. actually you need to convert it to hex and add as many zero's to the end to make it 16 digits then convert it back to decimal" you do that and it doesn't fit in the field anymore and after some head scratching they say "drop the last digit on the decimal representation" and you do and it works. This is scary. Many times we rang up the banks and said we had to change contact details and get new pin pads for our clients and the first few times they demanded that we get written authorization from the client. We quickly learnt that when we call the banks we should claim to be from the client company and they never asked for authorization. Social engineering at its finest. It is strange. You get the feeling talking to banks in Australia that you are talking to public servants - even though all the banks are publically owned. You could tell them anything. Ask anyone who has worked in credit card processing and you will hear stories. We once charged a million dollars to the bosses credit card then charged back 1.2 million then rang up the bank and asked them to reverse it. And this is all done by entering fields into a web page that has ASP as the backend and is protected with code like 'if Request.Form("password") = "sekret55" then'.. We built a pretty secure system in the end but we didn't have much to work with and frankly I still don't trust credit card processing, especially people like Amazon who keep your credit card details in a database. (which BTW is illegal in Australia.. try telling your clients that).

  15. Re:Great... less competition on Compaq Holds Off On Crusoe · · Score: 1

    90% of the run time is spent in 10% of the code.

  16. Re:I'll take that bet on Election Wrapping Up · · Score: 1

    Thanks.. I didn't know that.

  17. Re:Is anyone else scared shitless? I'm not kidding on Election Wrapping Up · · Score: 1

    woooooooo.. you rock man! love it

  18. I'll take that bet on Election Wrapping Up · · Score: 1

    Are there any escrow services that we can use to gamble on these things. Bush is gunna win man. I'm not even an american and I know that.. hey, anyone wanna tell me why Clinton didn't run again.. or did he and just no-one voted for him?

  19. Re:Offtopic, but... on MozillaZine Editorial On Netscape Criticism · · Score: 1

    ahh... vegetarian's don't usually go around shooting things.. you should see some medical attention. I personally would just walk past and do nothing and if I saw a greenie on the way I would flip the bird at them and then ask them what THEY are gunna do about it.

  20. Re:Meta-Criticism on MozillaZine Editorial On Netscape Criticism · · Score: 1

    mmm.. infinite regression.

  21. odd numbered releases on MozillaZine Editorial On Netscape Criticism · · Score: 1

    ahhh.. I think a lot of open source coders look for some sort of leadership in the project and will accept it with open arms. A very basic part of the open source development process is the odd numbered release schedule. Say you have a program that is version 0.1.1.. you would expect it to be buggy and no new features are going to show up until 0.2.0.. When the minor version number is odd we do bug fixes, when the minor version number is even we do feature implementation. The real problem here is a lack of automated tests. For each class in the project there should be a thorough testing class that can generate go/no go responses for regression testing. Patches to the code base that do not comply with the odd versioning system or the testing regime or even the documentation requirements should be politely declined.

  22. Re:...and let's not forget that... on Netscape 6 Fails To Support Web Standards · · Score: 1

    no.. we write code for them.. that's why things go to 1.0 status way before they are due to, because we are trying to impress the population at large who don't give a shit about the code.

  23. Re:...and let's not forget that... on Netscape 6 Fails To Support Web Standards · · Score: 1

    then why do we insist on writing code for them?

  24. Re:Bill Gates... has a conscience? on Microsoft Cracked again? · · Score: 1

    Teaching kids to code would cost money? Maybe if you are getting some phat ass wages at the moment and you would have to take time off to do it but I don't see why coder's can't donate some of their time to teach disadvantaged kids how to code. Sure, you'd have to fork em a pc or two, but it's a small donation and you'd probably take a cut of the contract work you get them.. oh wait.. there's that exploiting the third world thing again.. drat.

  25. Re:M$ Bashing. on Microsoft Cracked again? · · Score: 1

    yer.. few years ago people would have just said "who'd put windoze boxen on the net?!!" and that would be that.