Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. I know the government wants to make coding the next blue collar job but it takes a lot of knowledge and practice to perfect the craft.

    Only problem with that is that it will never happen. Really simple things like building a web-page do not require any coding anymore. But as soon as you get into things that does, you need far more than that and "advanced white-collar" is more were you will find it once this settles. Sure, at the moment there are a lot cheap and really bad coders around, but they destroy value, i.e. their work has negative productivity. The business world is slow to figure this out, but that cannot last. And when it is finally something generally known, many current coders will lose their jobs. The last thing we need is a whole additional bunch of bad coders.

  2. Same here. I now have been coding for 30 years and I am still learning stuff. (Of course, I know a bit more than one language in one coding paradigm ...)

    This "teach everybody to code" is really unmitigated nonsense. As any skill, coding takes a few years to get any good at it and it requires specific talents even for that.

  3. Re:Kaby Lake lithography is 14 nm on Samsung's First Exynos 9 Chip is Faster, Uses Less Power, and Supports Gigabit LTE · · Score: 1

    Maybe. Maybe not. The sizes given for processes often do not mean what they seem to mean. But sure, Intel will have to play catch-up for a few years. And maybe they will even try a non-criminal way this time.

  4. If not, this is decidedly a step back. Removing features in new products is not impressive!

  5. Re:For variable values of "practical" and "relevan on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) · · Score: 1

    That is just my point. There is a big difference between a high-effort attack that is hard to do and a simpler one that has been done mass-scale. The second is a real risk, the first one is pretty irrelevant. Incidentally, the defects of the CA system are systematic, and they cannot be fixed by merely moving to a non-broken hash function.

  6. Re:For variable values of "practical" and "relevan on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) · · Score: 1

    Actually, that _is_ my point. This is not any big news, it is a small step in an expected progression. But my second point is that the value of certificates (what this mostly applies to) is generally vastly overrated.

  7. Re:For variable values of "practical" and "relevan on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) · · Score: 1

    Indeed. Not a lot you can do even when you ignore the high effort needed and that it is a 2-sided collision. I do not dispute that you should not use SHA1 when you want security, but the actual attacks possible at this time are pretty much irrelevant. Your list just confirms that. It looks impressive (well, sort of), but when you take into account the effort of each attack and the possible gain, they become meaningless, because higher gains at lower effort are around plenty.

  8. Unless you are coding very simple business code, that is never going to work. You will get insecure code with bad or no error handling that does not even work for many inputs and is inefficient in every possible way in addition. Sure, replacing a very bad coder may work that way, but very bad coders have _negative_ productivity, because cleaning up after them is more expensive than coding things from scratch again.

    So no, the kind of coding I do (and I do not do it as major occupation, I only do it when the task is difficult enough that our customers fail to find anybody else than can do it and the task is interesting) will not be replaced by AI anytime soon and very likely not ever.

  9. For variable values of "practical" and "relevant" on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) · · Score: 0

    The thing is that there is not actually a lot you can do with an SHA1 hash collision. Sure, you may be able to impersonate a site by use of a fake certificate. But these are around anyways because of CAs with shoddy security and governments that do not understand the value of security and just coerce CAs in giving them out. So an SHA1 collision is actually a bit of overkill for that and likely the most expensive option by a large margin. So what else is left? I do not see anything.

    Sure, if this was something Jonny hacker could do in his basement in a week and it was a one-sided collision (i.e. one document is already given when the attack starts, two-sided collisions where you create both documents are much, much easier to do), this may be some not very serious threat, but even that is not the case here.

    What remains is a stunt that at best helps to estimate the difficulty of a not very relevant attack. Not that this is actually bad, good researchers demonstrate what their theories mean and a stunt is one form to do it, but the implications of this one are pretty minor.

  10. This is not a technological problem on 'Social Media Needs A Travel Mode' (idlewords.com) · · Score: 2

    It is a political one. If you travel to a country where they can demand your passwords, they can do equally bad things to you if you have a "travel-mode" configured. The problem is that they can demand your passwords. In a country that respects personal freedoms, that will not happen. Unfortunately, the citizens of most democratic countries are too unaware of history today to understand the value of those freedoms and how hard it was to get them and are not defending them. If you go to such a country, having them look at all your social media stuff from the inside may be the only option. Whether you want to go to a country run by honor-less and decency-less "authorities" that do these things with the general consent of the citizens there is another question.

    Incidentally, doing a "travel mode" is easy: Create long random password that you cannot remember, write it down, set it as your account-password and leave the piece of paper it is on at home. Done.

  11. I would recommend to pay more for that screwdriver. It pays off.

  12. Actually, quite a bit of fault is with PHP, as novices may just not know any better without really being at fault. Poor tools play a role in creating poor craftsmen. It can also not be disputed by anybody sane that the makers of PHP are exceptionally poor craftsmen.

  13. Re:Wealth inequality is a symptom, not the disease on The Only Thing, Historically, That's Curbed Inequality: Catastrophe (theatlantic.com) · · Score: 0

    Fascinating how you completely miss the problem. The problem is that in the US the fantastically rich get admired. There is no sane reason to do so. You can only get fantastically rich by inheriting (not your accomplishment) or reducing a lot of people from middle-class to poor.

  14. Well, Trump is an excellent con-man, he just demonstrated it again. The funny thing is indeed that most of his voter-base will be those that will suffer the most from his incompetence.

  15. This is PHP. The language is saturated with bad decisions. This is just one more of those.

  16. You have to admit that they are consistent at the bad decisions though. Making bad decisions seems to be their most important guiding principle.

  17. Re:So they'll be the first to do it wrong? on PHP Becomes First Programming Language To Add 'Modern' Cryptography Library In Its Core (bleepingcomputer.com) · · Score: 1

    They probably only care to be the "first" at something.

  18. It is a poor craftsman that uses shoddy tools in the first place. Selecting good tools is a core skill for any craftsman. Those that do not have it will never amount to anything.

  19. Because modifying string _constants_ is a bad idea?

  20. C is not an interpreted language with memory safety.Your example does not apply and it is completely clueless in addition.

  21. And there we have the core problem: Clueless language designers with big egos. A segfault is like scramming a reactor. It is an absolute least resort, it may do significant damage, it is always a sign of something having gone terribly wrong and it should never, ever happen in normal operation.

  22. It is a sign of very junior and inexperienced language designers with very big egos. And no concept of personal responsibility.

    Writing good code is hard enough with good tools.

  23. Looks like they were trying to come up with a competitor for "brainfuck" and then too many people did not get the joke and though this was a language intended fro real work...

  24. Very much this. PHP is a language for idiots that have no clue they are idiots. It is designed by the same class of people, as it ignores most, if not all, principles of good language design.

    Without a large group of people that consider themselves "coders", but are anything but (unless you include the lowest level of amateur-activity) a language like PHP would never have stood any chance. It is just too much of an insult to anybody with real skills in the area.

  25. Re: Control vs. Security on Google Discloses An Unpatched Windows Bug (Again) (bleepingcomputer.com) · · Score: 1

    I am not asking for them to do it in 12h. But if they cannot make 90 days, then they are utterly incompetent or their product is so borked it should never have been put on the market.