Binary Search in Java, obv:



It's okay to pick on Java, right?

I found this video I figure could be interesting to you all who are looking at Erlang and OO Languages:

http://www.infoq.com/interviews/johnson-armstrong-oop/

And here is the requisite copy/paste:

rofl

also yes it's obv okay to pick on java

required reading

http://steve-yegge.blogspot.com/2006...-of-nouns.html

also

http://steve-yegge.blogspot.com/2010...urce-java.html

obv i agree with this though it's a point of contention

What are these braces you're talking about? Putting them on the next line seems pretty silly.
Square ones are for lists
Curly ones are for tuples
Round ones are for parameters

function braces, c-style languages

What are you guys doing for security and backups?

For security I'd like to start by using separate and private 2 factor authenticated gmail addresses for every critical service. All with no backup email addresses and randomised security answer questions. Having all my two factor authentication on my phone worries me a bit. Is there cause for that? Are there better solutions? I also want to start using a password manager. What are all of your thoughts on Lastpass and Keepass? Assuming the latter, are there any security worries if I were to backup my password database on a cloud service? In addition to all this I also have 2 factor authentication for every service that offers it. Is there anything I have missed?

I have less of an idea of what I want/need to for backups.
- To what extent should I be comfortable putting critical data on cloud services?
- I plan to have one (or two?) cloud backup service plus Time Machine locally. I also will have an offline hard drive that I make regular back ups to. Is this enough?

Apart from that, I'm a bit lost as to how to evaluate the specific services. Backblaze looks ideal, but can I trust it? What about something like Amazon S3 with two factor authentication?

I use Keepass for both Linux and Windows stuff. Pretty good assuming you don't forget the master PW. Not using the cloud because I'm too paranoid, I just manually sync which isn't ideal but I can live with that (not painfull enough that I have even bothered researching alternatives).

Truecrypted USB stick.

My backup plan is currently...non existing except for copying stuff to an external HDD every now and then.

I'm also using Keepass which is stored in my dropbox, so you'd my email addy/password, and Keepass password to get to the rest of them. I also frequently backup anything important on two separate hdds.

I assume you guys are doing this, but just in case, I'll mention that you should use TrueCrypt or something similar to encrypt all your hard drives.... Encrypt the entire drive.

Re: the cloud, people really can't do better than speculate. Security breaches at very large companies (e.g. linkedin) aren't too rare, so being paranoid is justified. Of course, these are typically limited to leaking hashed passwords, which is scary as hell and a serious security breach, but won't cost you your data on its own if they handle their password security properly, you use a secure password, and the company responds relatively quickly. However, we obviously don't know who has access to what information on someone else's server in the first place.

There are a bunch of different ways to encrypt your data yourself and store it encrypted on the cloud, but I don't have any personal experience with this because I just store important stuff on machines that I physically own.

I'm with you. "Cuddled elses" and other K&R era style points were fine in the era of 25 line terminals, but these days we have more space, and the ability to make our braces line up for visual inspection.

You can store TrueCrypt volumes on Dropbox, the volume doesn't sync until you've closed it so it can't be open on multiple computers but it does deltas so the update when you close it is only the full file the first time.

noah, can you elaborate on the specific situations where doing this would save your ass, and how it would save it?

It prevents people from getting anything off of your computer/drive if they get physical access to it. That's by far the most common way that people lose data. E.g., you leave your laptop in a cab, or you have a party at your house, or whatever. It's not as sexy as hacking, but it's what actually happens.

That seems sensible, but does TrueCrypt or any other ones affect real time performance of the computer?

Also, is a password to enter Windows not sufficient? I've no idea at all how hard it would be to enter a computer with a Windows password (probably not very hard?)

For security I basically just use KeyPass which is stored on DropBox, and run a daily backup script on the server which zips everything to dropbox. Manually once a week or so I'll do a code backup but I'm pretty slack about that and need to investigate auto back ups

Windows user passwords are, unfortunately, not secure at all. Joe user can download an app to reset those passwords without much effort.

TrueCrypt does affect the performance, but the effect is pretty negligible.

The actual effect on read/write times is completely imperceptible on a decent machine. You can read a bunch of tests online and they're all in the neighborhood of 1% decrease IIRC. I've never had an application where I cared about 1% run-time effects.. so meh. There are, however, a few SSDs that use some kind of firmware-based compression or something. Since encryption makes your data effectively uncompressible, this totally ****s with those HDs. I forget what the technology is called and which SSDs use it, but the effect is ridiculous. So, you should probably google your HD before encrypting, but worst case scenario you just learn that you're one of the unlucky ones when your computer is really slow and then you decrypt.

The only noticeable hit is apparently to the CPU, since the CPU is what does the encryption/decryption. I've heard that this can be significant, but I haven't personally noticed it--even though I do very data intensive work that's usually HD or processor constrained. I know that it parallelizes decryption, so maybe that's why. Or maybe I don't actually do much computation while I'm reading/writing a lot of data to disk--because they're often separate steps in a sequential algorithm and/or most of the data is usually in memory. Or maybe I've only worked on machines that have hardware-accelerated AES.

For the same reason, the read/write speed would probably suck on a netbook or something, since it's actually mostly processor constrained.

A windows password isn't secure at all. It's not really meant to be. Not only can you get around it, IIRC you can actually find the original password, which sucks if your password is like "I'm secretly in love with Sarah" or whatever. Obv it's enough for some/most people, but it's breakable by Google, so it might not be enough for your purposes. Plus, doing things correctly is nice.

Yeah, I tried running with a TrueCrypted netbook and I can confirm it really bogs the underpowered CPU badly: videos stuttered that were fine before, booting took significantly longer, etc. I had to go back after a while as it was totally unusable.

Juk

What is the logic for encrypting the whole hard drive as opposed to a volume containing only your documents? If I have all my important data encrypted is there still much to worry about in the cloud?

Another password manager I've been looking at is https://agilebits.com/onepassword. From there web site it sounds like they are following best practices and that it should be fine, but I don't have enough knowledge to feel totally comfortable making that conclusion for myself. It certainly looks like it would be a much better experience than KeePass and something I'd find a lot easier to recommend to my parents for example. Does anyone have any experience with it/comments?

You can get hardware solutions can't you for encryption which will have near 0 performance impact I think?

Do any of you have memorable stupid bugs that caused far much damage/trouble then they should have that you fixed?

I just fixed one that had been plaguing me for months, users being logged out of the forum but remaining logged in on the main site! Spent so long trying to reproduce it in every way possible to no avail, ended up being caused by the forum trimming a usercode cookie down to 45 chars. If your username was over 10 chars in length then it trimmed off the end causing it to be invalid. None of my test cases I created went over 10 chars in length, reproducing the problem was 99% of the problem!

Another one I had was years ago on an SMS site I had, someone from Turkey kept sending hundreds of SMS messages in a loop costing me hundreds of £! Again hard to reproduce, but finally found it and it was caused by the check:

if credits >= 0 then send message

As supposed to > not >=! Doh!

It was made worse by the fact that to prevent people going into negative credit balance, once credits were deducted and message sent if balance < 0 then balance = 0. This guy spotted the glitch and mercilessly exploited it.

One character never cost me so much!

Someone make me feel better with their stupid bugs!

i too use keepass and just recently learned about the CTRL + ALT + A hotkey which will type the password for you. i was manually copying and pasting!

I once forgot C++ templates are the compile time abomination that they are, and tried to move the implementation from the header into its own source file.

1password is nice although somehow they have it set up so the contents of the clipboard are erased after 1 paste which turns out to be more annoying then you'd think. Still a nice product though, nice to have passwords on all my mobile devices.

As for the encryption, yeah. Don't encrypt your programs. Just your data and your swap.