Slashdot Mirror


User: phantomfive

phantomfive's activity in the archive.

Stories
0
Comments
31,362
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 31,362

  1. Re:It's been done on New 'Asciidots' Programming Language Uses Ascii Art (And Python) (github.com) · · Score: 1

    And wished you had earplugs to deal with the drum memory......

  2. Re:It's been done on New 'Asciidots' Programming Language Uses Ascii Art (And Python) (github.com) · · Score: 3, Insightful

    Yeah, I thought it would be lame, but seeing how the code flows and watching it execute is kind of cool, actually. The ascii art turns into a kind of flow chart. It's like a map of the execution of the code, and you can watch the program counter travel through, like a car in a small city. It's just a toy but it gives me ideas for visualization that might work in larger, more realistic, projects.

  3. Re:Well, I liked my young co-workers, and vice-ver on 269 People Joined An Age Discrimination Class Action Suit Against Google (bizjournals.com) · · Score: 2

    May I interject this is a silicon valley thing more than it is an everywhere thing

    It's not a Silicon Valley thing either, it's just a whiner thing. There are plenty of jobs available in Silicon Valley for people who have the skills.

    There are not quite so many jobs available for people who still use tables to lay out their HTML, or who only know COBOL. (There are jobs for people who only know COBOL, but not in Silicon Valley).

    There are certainly companies that discriminate on age (and Google might be one of them, I don't know), but there are also companies that discriminate based on what you wear. The proper thing to do is move on, and find a company that doesn't. There are plenty.

  4. I understand that in some circles it is quite fashionable to be a victim, in order to seek sympathy and acceptance. I respectfully choose not to participate in the victim industry, or engage in victim mentality. Now, if you excuse me, I have to go back to hacking on this fine, beautiful weekend, in order to keep my skills up to date, and be employable..

    Thankyou. Please enjoy your coding, and please release it as open source if you get a chance.

  5. I think age is a biological difference. FWIW.

  6. Re: Prevent data on Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) · · Score: 1

    Please clarify instead of posting cryptic pointless posts.

  7. Re:Cloud equivalent on Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update (bleepingcomputer.com) · · Score: 1

    Do you know what a bug is? It's a mistake. What do you do when you find a mistake? You find some way to avoid it in the future.

    There are entire classes of mistakes that should never happen. SQL injection? Never. We know how to make this not happen. The extra time it takes to avoid SQL injections is minimal to none. You can be perfect at avoiding SQL injections. There are many other ways to avoid bugs, techniques that can be learned and used. Because this company is making security devices, ideally they should devote some real resources to QA, giving them a multi-layered bug avoidance system. They should keep their bug tracker empty, fixing all known bugs as soon as they are reported. How much do you want to bet they don't have QA?

    Keep your interfaces simple so you can reason about them. Test your code. Learn how to avoid bugs that can be easily avoided. Soon you will find that your code is solid, and bugs are rare (even without QA).

  8. Re: Prevent data on Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) · · Score: 1

    These frameworks will de-serialize any object. Send them a Process object in .NET, and the framework will deserialize it into something that can fork a new process. The APIs in Java and .NET are so huge, that it is extremely difficult to filter out every kind of object that might cause problems (some frameworks try......and fail).

    There is no 'pure' data here, the purpose of these frameworks is to deserialize into objects, and objects by definition are functions combined with data.

  9. Re:Real Developers never Deserialize into objects on Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) · · Score: 2

    Trust me I've built systems both ways and deserialization directly into objects is no bueno.

    Yeah, running a auto-deserializer on untrusted data is basically guaranteed to be a security flaw. The NSA and FSB will pwn you at that point, along with anyone else who wants to (just ask PayPal).

  10. Re:JSON does not have code-execution ability on Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com) · · Score: 1

    It's probably better to parse out to low-level "scalar" values and hand-code the part that stuffs them into objects or databases rather than let a parser actually build objects or object trees itself.

    This is exactly right. Because the data is untrusted, you need to verify it anyway, and adding parsing code to that usually doesn't add much overhead (it can often be the same code).

    In the defcon talk they made a strong case that these generic de-serialization libraries are extremely difficult if not impossible to use securely. They were just grabbing at low-hanging fruit, as soon as you've imported these libraries, you're compromised. They didn't even discuss ways that the libraries might be used incorrectly.

    Say no to generic deserializers on untrusted data.

  11. Re:Cloud equivalent on Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update (bleepingcomputer.com) · · Score: 1

    No. If you're making something like locks, you need to make a huge effort to write solid code in the first place. People are depending on your code to keep things secure, and you need to follow either formal logic design, or the DJB school of programming. You don't release things and fix them later, your lock needs to have pretty close to zero bugs.

    This is just a sign that they have lousy procedures, and the code is just as bad.

  12. Re:30 years of tech support. on A New Amiga Will Go On Sale In Late 2017 (theregister.co.uk) · · Score: 1

    You have a point, the Amiga wore the crown in a time when there were many different computer brands, and they were all being thinned out. Only a few were able to survive that, and even Apple had trouble against the PC.

    Look at it another way, though. There was enough room in the market for another OS (Linux), so why not for another hardware platform as well? Perhaps difficult, but it seems like it would have been possible.

  13. Re:The price of ambient authority on Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) · · Score: 1

    Cool, thanks. That's something I'm going to have to think about.

    I'm not entirely convinced (tentatively). It seems to some degree you are trying to sandbox something, but privilege escalation exploits are all over the place in OSes.

  14. Where are the prosecutions of clearly corrupt Democrats by the clear majority Republicans

    Which democrats in particular would you like to be prosecuted?

  15. Re:The price of ambient authority on Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) · · Score: 1

    I don't see how any other authority system is better.

    How we handle money.......so you are saying have a double-entry bookkeeping system for file permissions?

  16. Re:Good grief on James Damore Explains Why He Was Fired By Google (wsj.com) · · Score: 1

    As long as it keeps getting over 1,000 comments, I guess. People want to talk about it, let them, I say.

  17. If you want to get the whole picture, you need to pay attention to how it does in international sales. Pirates of the Caribbean made $$173 million in the US, but it made $781 million worldwide. Which market do you think they are going to pay the most attention to? The US is just one small market now.

  18. Re:Yay, another prediction! on Global Investment Firm Warns 7.8 Degrees of Global Warming Is Possible (vice.com) · · Score: 1

    That's true of coin flips too. This matches your requirement, a legitimate scientist who is very well respected, had plenty of time to update his prediction, and it looks like he's going to be wrong in any case.

  19. Cool, thanks for reading the PDF.

  20. In the cases you mentioned would the outcomes have been different if the offending speech were circulated internally and not on a public domain?

    That's a good question, and in some cases the question of whether or not he used company resources would be extremely important.

    A case on that topic would likely revolve around whether Google disallows personal use of the company resource (in this case, I believe it's their internal Google+ system). Google can say, "Only work related things on internal Google+" or "Only work related things on company email." Once they allow personal things however, it is a lot harder for them to censor things they don't like. See this for one example.

    A good portion of the manifesto is criticizing workplace policies, which is allowed. I expect a major question of the lawsuit to be whether the parts that were harassing women were separate from the critiques of workplace policies. (Other potential areas of dispute are whether he was actually critiquing work-place policies, and whether he was actually harassing women. Google might also have to address whether they followed standard policy in firing him instead of giving him a warning).

  21. That's good to know, thanks.

  22. That is ridiculous. Of course the state will incur extra costs because of this plant. To suggest otherwise is disingenuous.

    How much? If you have numbers, please present them. That would be good info and a strong argument.
    Right now you are just ranting emotionally. I hope it made you feel better.

  23. This is not "breaking even" because they did not pay any money out to begin with. If Foxconn pays even one dollar in taxes, then Wisconsin has more revenue than it would otherwise.

    Of course, Wisconsin might have other expenses increase from this, like road upkeep, and that would be an interesting story, worth comparing......but the present story is just a hack job.

  24. Re:Text Message??!?! on Salesforce Fires Red Team Staffers Who Gave Defcon Talk (zdnet.com) · · Score: 2

    When it comes between "giving a talk at DEFCON" and "keeping your job at Salesforce," for a penetration tester the former is a much better career choice.

  25. The scenario where Google could have offered Damore a big severance package was not really an option, assuming Google wants to maintain internal morale. Once the PC authoritarians heard about any severance

    That's why they offer it with a nondisclosure agreement, so no one finds out about it.