Slashdot Mirror

That does not work in C++. I'd be surpised if it works in C. So the question I have for you is, what language DOES it work in? It looks like csh to me.

I just hit the magic Logan's Run of 40 in IT, and I hate getting lumped in with the Bobs

Then your resume should reflect it. Companies are hiring 40+ year olds all the time. My contract company has 4 open jobs that are all in the realm of 40+ year olds. When there was a recent down turn all of the 'entry level' positions were the ones that got cut.

If you stood on a table at a job fair and shouted those 4 terms recruiters would be coming to you.

Here's what they are:

- Simulink. Simulink is a graphical programming language. https://www.date-conference.co...

There is a huge need for programmers that understand both Simulink AND C (so you can debug the toolchain). In addition there is a completely unknown MATHWORKS language called TLC that only a handful of people know and can master (or so it seems): https://stackoverflow.com/ques... You need to know TLC to make device drivers for Simulink. I started making my own for Arduino/NilRTOS/FreeRTOS but got hung up with something else. Learn TLC.

- RTOS - I hope no explanation needed. All automotive controllers are running one of some sort. All of them are closed source. See also: WindRiver. Get familiar with an opensource RTOS and RTOS concepts.

- dSpace. dSpace is unit testing for the physical world. When companies need to test how software is going to work they can't always do it on the hardware itself. When a modern car is put into 'drive' a the CAN message that tells the transmission computer to go into drive is sent. (Get familiar with CAN as well).

A lot of decent tutorials out there: https://www.youtube.com/watch?...

Unfortunately they're stuck on Python 2.7 which is the only reason I have to still deal with it. I'm sure there are a lot of companies out there looking for people that can automate the automation tools.

  It's programmed through Simulink. https://www.youtube.com/watch?...

- OSEK. [Offene Systeme und deren Schnittstellen für die Elektronik in Kraftfahrzeugen](https://en.wikipedia.org/wiki/OSEK). Literally "Open Systems and their Interfaces for the Electronics in Motor Vehicles".

I hear VW might be looking for some. Every other automotive manufacturer is.

The trick is to do both cutting edge and legacy and avoid doing anything in the middle. I'd imagine the guy that knows COBOL and Python3 very well isn't going to have a problem with unemployment.

Put those on your Resume. Put it on linked in and wait. I deleted my linked in because I got tired of dealing with poaching head hunters. I talked about it at work and multiple of my co-workers get the same things.

You obviously have no working knowledge of C++. RAII is the answer which you are obviously ignorant of. "goto fail" is full of fail.

It took the various Web-standards organizations 10+ years to provide a sane HTML height/width option - with "display: flex;"

Then there was IE that sanely used (by default) "box-sizing:border-box;" - which conflicted with every other browser as "border-box" includes padding and borders.

CSS does the width include the padding? (2009)

Are you so sure: https://stackoverflow.com/ques...

"The fundamental problem with RPC is coupling. RPC clients become tightly coupled to service implementation in several ways and it becomes very hard to change service implementation without breaking clients" http://stackoverflow.com/a/151...

"...let along provide a fix for ..." a bug that was just found yesterday. Those lazy bastards!

Except that this actually happens all the time in apps, where the fix is simple and the developer is paying attention.

I don't follow such events (I'm not a programmer), so I'll take your word for it. It still seems a bit overblown to complain the day after someone wrote about the flaw in a blog somewhere.

And this is a particularly pathetic bug. People who don't do input checking or bounds checking are spectacular idiots. What other spectacularly idiotic decisions did they make during development?

This I totally agree with. I can see not doing checks on test code, or for classwork in school. But for any production code, bounds checking and other similar issues should be the default for every programmer. With all the buffer overflow attacks we see, we should expect paid programmers to be more security conscious.

I just googled about it, and came across this discussion on Stackoverflow. It has some good pro/con points.

With vim, there's actually a reason for it. Those "obscure" commands are COMPOSABLE: http://stackoverflow.com/quest.... You physically can't be more productive with a GUI. And then there's the fact that I can log in to any server, pull a git repo with my vim config, and voila, I have a pretty serviceable development environment, even if I'm connected through a shitty internet connection from halfway across the globe. Your GUI can't do that.

C++ advances and still maintains backward compatibility. It does matter. If you learned C++ 10 years ago, that knowledge still applies today.

There have been breaking changes in C++ in the past.

Swift 2.2 was released in MARCH 16, 2016, and is already obsolete. Ridiculous.

Hardly obsolete. No-one is saying you now can't still write Swift in 2.2 or even 1. Swift is not included in iOS and is instead bundled with the App that uses it. You just need to use the tooling version that supports your desired Swift version.

I am writing this from a laptop running Kubuntu 16.04 and while there are things which I find inconvenient/annoying, I am generally pretty happy with the overall experience. I am not trying to troll you but I like my computer's environment set a particular way and I am actually genuinely interested in knowing if the OSX GUI can now support my workflow instead of me having to adapt so here goes; I use a multi-monitor setup with a panel on both screens, each of the panels has its own Application launcher, taskbar (which shows only applications from the screen the panel is on and does not autosort/group applications) and a notifications tray and I like to use focus-follows-mouse instead of click-to-focus. Last time I checked (with Yosemite, a friend let me keep their old Mac Book Pro for a month to play with), OSX wouldn't let me do either of these things (I could not get the dock to show up on both screens or get it to not group windows of the same application together and even when i eventually managed to get focus-follows-mouse working, the unified toolbar (which I couldn't switch off) made it nearly impossible to use). I realise someone somewhere might think that the interface of OS X is perfect but as far as I am concerned, I could not see myself using it in it's default configuration and since I couldn't modify it either, I didn't really see the point of getting a Mac if I was going to install Kubuntu on it at the end of the day anyway.

Ok, let's tackle these one-at-a-time. If I misunderstand, let me know and I will try to realign my thinking... I am not an expert in all things regarding multiple desktops and docks; but I might be able to help.

Keep in mind that no OS has everything; but the question is, can you "get there". And I think that the answer in your case is "Yes".

1. Multiple Docks. I am not sure if any of these might help; but there sure are a LOT of choices!

2. Multiple Desktops (Spaces). Again, not sure if any of these will fit the bill; but again, there are a LOT of options...

2a. Windows Grouped by Application, and "multiple displays have separate Spaces". I found this when looking for a way to have Multiple Menubars (see #4, below). It might help with some of your Window Grouping.

3. Focus-follows-mouse. Well, there are a few "terminal" solutions. The best one (CodeTek VirtualDesktop Pro) seems to cost $40 though. If you don't like any of that, try this Google Search.

4. Unified "Toolbar" (MenuBar?). Hmmm. If the "Displays have Separate Spaces" setting won't do what you want, there are a few other options. This one might be the best overall solution. It's $15, but allows you to do several cute things with MenubarS (plural!).

Or you can always whip out XCode and create your own haxie/extension!

What is the single most influential book every programmer should read?

PHP7 is a huge improvement over old versions. If you haven't looked at it, do so. PHP sucks in 2016 is mostly FUD now.

To see how much of an improvement PHP 7 is, let's check the 7 things wrong with PHP 5 that I mentioned in this article (and previously in a Slashdot comment):

And there's still hope for those three people. They can run key mapping software that detects when they're not in a form while on a web page and make backspace trigger alt-left! Just do the opposite of http://stackoverflow.com/quest....

Like that.

So does "while(true);". That doesn't make it a useful benchmark.

This actually just gets put in the L1/L2 cache of the CPU.

In General, if I use a benchmark like Cinebench it correlates to real world performance in programs like Final Cut, Adobe Premiere, and After Effects for video rendering.

In all my years of benchmarking and overclocking, I have not found anything suspicious. Years ago there was the whole Intel vs. AMD benchmark bru-ha-ha where benchmarks favored Intel due to compiler optimization favoring Intel hardware, but the CPU wars are long over. AMD lost and now Intel is going out of business. Without competition things stagnate. Come on DDR4 memory!

You should see if you can work in Python instead, the normalization support is quite good.

cf http://stackoverflow.com/a/164...

Just adding a particular symbol ends up directly in copyright hell and can't be tuned to fit with a particular font.

Rather than a symbol every code needs a description of what that code is supposed to show so that each font creator can implement their own take on the symbol without the meaning becoming ambiguous.

On the contrary, differing implementations across devices/platforms is, in fact, one of the major sources of ambiguity when communicating with emojis.

Image copyright is definitely an issue. And beyond that different telecom/mobile OS companies would probably be loath to just settle on one (e.g. Apple Color Emoji) even if it were free to use (it is not). For example, rival phone mfrs may bristle at using the Apple Earbuds for the headphones emoji, or the iPhone lookalike for the smartphone emoji.

One solution might be a handful of openly licensed emoji fonts that are included by default across phone platforms (I dunno how to make that happen, short of getting a telecom consortium to agree to it, or getting the FCC, the states of New York and California, and various EU and Asian regulators to require it).

Make sure these are available as character keyboards, and include a font indicator/bit so the recipient's phone knows which open emoji font it should render with (with fallback on other platforms or where the font is lacking).

That seems like a lot of work, but I think to dismiss emojis (as some in the thread do) as unimportant trivialities is a huge mistake. Billions of people are using these things. On a scale from [affects something in my favorite emacs extension] to [affects the entire human race], it's much closer to the latter. Unicode is the right place for characters that are used on that scale, though presentation issues are rather thornier than with most other types of characters.

I am asking for the count of all the possible valid combinations in Unicode with explanation.

1,111,998: 17 planes x 65,536 characters per plane - 2048 surrogates - 66 noncharacters
109,384 code points are actually assigned in Unicode 6.0.

How many characters can be mapped with Unicode?

There is plenty of room for growth here.

Unicode 8 supports 120 scripts and 14 collections of other symbols of which Emoji is one and typographical decorations --- dingbats --- another. Once you admit that a Unicode graphic can be purposeful, decorative or both, the battle against the admission of Emoji is lost. U 9.0 and Post 9.0 Emoji Candidates

Emoji is explicitly Asian in origin --- and that seems to be one of things ticking off the geek here --- but combining words and pictures in casual messaging to provide a touch of color or save some space is very old in the Western world, and doesn't really need a defense.

The geek who complains about this sort of thing tends to come across as humorless and prissy and a bit out of touch.

I just read that the string % operator is no longer deprecated or scheduled for removal, as of Python 3.3:

http://stackoverflow.com/quest...

And yes, .format() is more flexible, but it requires much more typing for my typical case of printing 5-10 float values on a line and I wouldn't say that the end result looks more clear either.

None of the error messages on my 300-line script was about the issues that you mention, except maybe that xrange() doesn't exist anymore because range() itself is an iterator in Py3. It was mostly about stuff that changed names or moved to different modules. I suppose that migrating is easier if you use a migration tool, but this run-py2-code-on-py3 incident was not really planned...

I was just talking to an old Co-Worker from a C++ company I worked at a few years back. He asked "So what are you doing lately" and I told him I'm working on my thesis, which is titled "Ruby's a Terrible Programming Language, And You're A Terrible Programmer For Liking It". Then I cited a number of my complaints -- being able to add arbitrary functions to a live object, never knowing where to look for the interface definition of parameter objects, need to extensively test all execution paths of production code (Which no one ever does,) odd syntactic quirks and changes in syntax between language versions. He laughed and said he had exactly the same complaints about Python. You see, Object Oriented Programming was invented to reduce maintenance costs for completed projects, because that's where 90% of your expenses with the project will be. Ruby, at least, and apparently Python as well according to my friend's complaints, were invented to make the cheap part of the development process "easier", while at the same time letting the language fanboys pat themselves on the back about what clever programmers they are. This is exactly the opposite of software "engineering".

Well you can write terrible code in any language; C/C++ projects are no different. The "engineering" part is between the keyboard and the chair; a fool with a tool is still a fool. That's why testing matters and, with modern automated testing, full test coverage is not difficult.

Python is a well structured, expressive, language that is suitable for many types of application. You don't even have to write OOP code if you don't want to; though if you do, Python has good OOP support. OOP is not a magic fix for maintenance costs. Well structured code (OOP or not) is what makes maintenance easy.

Run something through even a 1024 bit cipher a couple times and it becomes pretty damn impossible to crack without known vulnerabilities or super computers.

Not to disturb your rant, but double encryption is not necessarily stronger.

I did something similar with a symlink to an SSH mounted server. rm -rf server/ instead of rm -rf server Then I learned 'unlink' is a better option http://stackoverflow.com/quest...

Apparently it is not possible. See http://stackoverflow.com/quest... - "This code requires the activity to be in memory and in the foreground. Without root access and without modifying Android's source there is no way you can one can take a screenshot."

I definitely don't know all the circumstances so it's hard to judge, but perhaps CPU processing capacity was not the limiting factor.

I imagine most likely it was because the builder wanted to use off-the shelf components, but it might also be because the communications links are low bandwidth and they did not want to incur the overhead of encryption or they thought that they needed to send data in blocks (CBC I think) rather than adopting a streaming form of encryption (there are lots to choose from) And they may have been deterred by the risk of losing control if they had a communication glitch and the crypto had to recover.

Anyhow, I can see it being more complicated than just having cheaped out on the CPU. They woudl be justified in thinking that this is a complex choice and they may have recognized that they were not qualified to make it. Finally, if they say the link is encrypted and it gets hacked I can see them being far more liable than they are if they never encrypted it, plus they get the contract to add encryption later. Heck, they probably planted this story.

Did you write that website? Because it looks like it's mostly bullshit, and the writer just seems to have a giant chip on their shoulder. E.g.

4.There is an auxiliary .svn directory in each folder of Subversion working copy
False. An outdated myth.
Starting with Subversion 1.7 (released in Oct 2011), working copies have centralized metadata storage and there is a single .svn directory in the root of working copy.

First, I don't know why anyone would care, and you're not giving me a reason. Fixing bugs/inefficiencies in your back-end is not something you should trumpet as if you've just won an argument. Secondly, if anyone was ever arguing that this was a serious deficiency of SVN, it was probably back when the Linux kernel was changing its source management, and that would have been a valid complaint.

Also,

2.Branches are expensive in Subversion
False. A myth.

Performance or space was never the reason branches were considered to be "expensive". They were expensive because merging was a huge pain in the ass. The last SVN-based workplace I saw still had regularly scheduled merge days. Maybe they weren't using up-to-date software or procedures, but I'm willing to bet that this still continues to be an issue.

Distributed version control systems are inherently superior to centralized ones such as Subversion
False. There is a parity.

I'm rolling my eyes at this, but if you're willing to say that there are pros and cons to each, then it's clearly a matter of opinion and circumstance, so claiming parity is just as wrong as saying one is better.
#11 again, misunderstands the issue and mischaracterizes it. For one thing, tracking content and not files is a deliberate design decision. Doing things this way is a tradeoff, not an inherently bad idea. Claiming otherwise is disingenuous. Also, git mv is just syntactic sugar. Personally I didn't know it existed. Apparently, it's equivalent to
mv oldname newname
git add newname
git rm oldname
It moves the file, and updates the index. If you then replace the file with entirely new content, then it's not the same file, now is it? As a human looking at that repository before and after the change, I would say you deleted file A and created a new file B. If you wanted to record the move, why wouldn't you commit after moving the file? Is it really that important to record every little detail that happens at the filesystem level? And if that's really your complaint, [a] why not have a versioning filesystem with that feature, and [b] you're complaining that git has very little idea of what a filesystem even is, which is true, and could be considered to be an issue, but you don't understand what that means, so you're just going to parrot something about losing history.

There may be a good argument for using SVN vs git, but this is not it.

I agree with this. In 2013 a number of people figured out how to get Google's speech recognition to work offline. It required root and was definitely a hack, but I got it to work on my HTC One V. It worked completely offline and its accuracy was great--and I mumble. It was also possible to add in custom word lists which could further improve accuracy. I was hoping to use offline voice recognition as a feature in an Android app for botanists, where cell signals cannot be assumed and where the sunlight makes it annoying to peck at the screen you can't read and being able to control it with your voice would be very useful. I was never able to get offline voice recognition working on any other phone though, and requiring root and a bunch of funky steps kind of killed its practicality.

This Stack Overflow question gives the gist of what one needed to do to get it working. I used some other resources as well which I can't locate right now. It's kind of a non-starter though, as Google clearly doesn't intend this functionality to be possible--and it might not be anymore. So you'd be running afoul of their policies or lawyers or whatever.

An open source solution would be great but from what I've seen the existing projects are experimental with changing APIs. Since Google's speech recognition worked fine offline, it's definitely possible to do. One would think that the community could help out by providing speech samples and by helping do manual quality control (does this speech match this machine-translated text, or transcribing difficult passages to help refine the algorithms). I don't really understand the approaches behind speech recognition but providing training datasets (for many languages) seems like something interested people could help with.

TFS puts it like Mac took something away from Linux. However, market share for linux remained at roughtly one fifth, even growing by about 1%. So more people had linux, not less. The big loser here is windows, it had 54.5% in 2015, and now it has 52.2%, and next year might be the first year of UNIX on the developer's desktop, with less than 50% windows users.

So in total, its a very good development.

What can a site do? Run a script to detect an ad blocker? Suggest a monthly payment and block the page from that user or request the ad block is removed?

Wired http://www.wired.com/ has started doing that and I've started not visiting their site, even though I whitelisted them so I could do it for free. Screw them ...

On the other hand, Stack Overflow https://stackoverflow.com/ has stated publicly that they are fine with ad blockers. Their reasoning is that if you're running one, you don't want ads, and wouldn't click on any if you saw them.

It turned out to be the fault of the VM and functionality offloading. See here: http://stackoverflow.com/quest...

I've been using R for years. A lot of self-taught (and thus half-assed) statistics and programming for me has occurred. I started using the listserv years back and got frustrated with the crowd there. A few are very knowledgeable and helpful. I've only recently stumbled upon stackoverflow and wouldn't really think about going to the list for help now. Besides, a lot of the helpful people on the list are stars on stackoverflow, so there is even less reason to use the listserv.

Nicopa: 'Just hours ago: link'

What is dll hijacking?

This answer has a script that logs the user out of basic auth by replacing stored credentials with wrong credentials.

That's awesome. And I totally expect that users who want to disable all cookies from my website are going to be thrilled to let me run javascript on their website instead.

This answer has a script that logs the user out of basic auth by replacing stored credentials with wrong credentials.

And why are they going thorough the trouble of removing improvements from CFQ?

My guess is to establish a chain of authorship, so that that those things that BFQ shares with CFQ can be correctly attributed to the author of CFQ. Chain of authorship is very important to the Linux project. It dates back to the SCO lawsuit, which ends up being why Git has the --signoff option.

Why not just make an addition one named BFQ?

That might be the ultimate plan: duplicate CFQ, producing a second scheduler identical to CFQ, then apply the heuristic removal patch and the BFQ patch to "Copy of CFQ".

"stderr? This is driving us nuts when we have about six hundred Ubuntu servers, and simple problems are harder to solve because stderr is not displayed in the terminal or saved in the journal. Is there a way to get systemd to not throw away...

How to Pipe Output to a File When Running as a Systemd Service?

HTTPs only encrypts the contents of what you are retrieving, not the location (URL) that you are retrieving it from. Seems rather pointless to push it everywhere. It only has a purpose when the user and/or server want to exchange secret payloads (e.g. credit card numbers).

Umm... the full URL certainly IS encrypted.
https://stackoverflow.com/ques...

Why would you stop using normal pointers? The fact that you use smart pointers (which deal with ownership and lifetime of objects) is not related with normal pointers.

Because the moment you use pointers, you lose all the features of smart pointers, and this automatically introduces the opportunity for bugs to sneak in. The moment you have a pointer ptr, you can do ptr++, or do "delete ptr" and then dereference it and do other evil stuff. Yeah of course nobody except for some newbies would do this directly, but often bugs appear whose core is basically such behaviour.

False. "char" is and will always be of size 1.

Never disputed that. I just said that 1 byte is not guaranteed to contain 8 bits: http://stackoverflow.com/quest...

On top of that, you don't understand what int*_t types are about. It is not about "portability", but rather ensuring a minimum/exact size, or performance.

Yeah, exactly, that's what these types are for. int/long/char etc are so that you can write "platform generic" code that works on 8 bit platforms as well as on 16 bit ones. But most people who write C code don't know this. They use these types because they think . But those types are useless the moment you store something on disk and want to read it later on a different platform, or if you send sth over the network. And most programs do this, and for counts you should only use size_t, nothing else (if you want to optimize you can use vector::size_t on some platforms its smaller than size_t, but its never larger). So int/long/char don't really deserve their short names.

Boost

I don't want to use boost, and I hope you don't want to do it either.

There was always a std::pair type in the stdlib

Well yeah, if you have generic programming then you can do tuple "types" quite easily, but rust still has more sugar for it.

That is actually the *point* of C++ (performance) compared to other languages which provide more run time type information (and reflection, introspection, etc.).

And the *point* of rust is to ensure even more reliability through the type and ownership system at compile time. The more checks the compiler does, the less checks the program has to do.

And no, you don't need "asserts" to check types in C++.

You don't need them indeed, but C++'s type system is far more limited. To give another example, you don't have parametrized enums. And, thanks to the separation of the program into header and source code, c++ has this problem with generic programming that using it is a real pain.

Guess what! it has nothing to do with OOP emulation. All cleanup in a C program has to be done explicitly by the developer, be it coded in object-oriented, functional, imperative or whatever the paradigm-of-the-week is.

Furthermore, the way kernel devs use goto for cleanup is one of the ways that actually keeps the code simpler and less prone to errors. There are a few alternatives to do cleanup in complex code:

1. Don't do error checks. In your average C101 homework it's often assumed that many syscalls cannot fail. Obviously, the absolute minimum required in a real world program is a simple assert that stops the program before it can misbehave. Any real-world program that cannot lose data or crash the whole system such as office programs, databases and kernels obviously cannot do this.
2. Do an early return and clean up all data so far. Very error prone as the cleanup code has to be replicated in multiple places.
3. if/do-while(0)-break wrapping of code. Easy as long as there is one tier of resources to allocate. Any more and the function becomes arrow code.
4. Wrap the constructors and destructors in a macro to emulate RAII. The result is still arrowish, although the cleanup is harder to fail. Not allowed in many projects due to an undeserved loathing of macros.
5. Split the code into multiple functions. Now you have to pass around the state in function parameters. Having the code split into multiple functions makes the it more prone to logic errors.
6. Use goto to jump to the cleanup section. All relevant code is kept in the same function and the code between alllocations and frees stays flat and concise.

I want all my relevant online contributions to be considered public domain. Ironically, the sites where I write (StackOverflow or Slashdot) can apply their more-restricted-copyright policies (a different story is people respecting such decisions).

Note that I have updated my SO profile description to include all these ideas: http://stackoverflow.com/users...

Looks like someone monkeypatched it for 32 bit Win7+IE9.

Boiling your comment down: Publish anyway and attempt to use the easier to ask forgiveness than permission (EAFP) principle. Now on mitigating risk of an exception:

or if it's really too close to a copy try to make a reasonable settlement.

I wonder what sort of settlement the incumbent music publishers would consider "reasonable", especially if it's something for which I never received royalties in the first place, such as the background music for a film or video game released under a Creative Commons license. I could stop infringing by taking down the work containing the piece immediately upon receiving notice, but I'd have no source of revenue from which to pay damages for past use.

Oracle has included the 'merge' command for several iterations now, which does the same thing.

Wrong. It does not do the same thing - it's subject to race conditions, which you have to account for yourself if you want to use it in the situations INSERT ... ON CONFLICT was designed for.

Your answer is naive and wrong. See this Stack Overflow page. The solutions on this page work but none of them have the elegance of the newly available INSERT ... ON DUPLICATE UPDATE method.

This is great. I've been using PosgreSQL for a while now. It's one of those pieces of software that just does what it's told and doesn't let you down. While I'm saying this there are credible rumours to the effect that the Oracle merge operation is broken. Read the comments to the most upvoted answer at this stack exchange question. The final comment is:
Not reliably. I ended up with retry loops in the client code. :( – Randy Magruder Aug 27 '15 at 16:05
This makes me think that Bruce Momijan may have been thinking about Oracle's implementation of merge when he said that other implementations were handled very badly.

The requirement for client credentials in implementations of OAuth produces a couple practical problems.

OAuth 1 and OAuth 2 are unrelated protocols with similar names. The spec for each discourages servers from requiring client credentials (a client ID and client secret) in an API intended for use in an app that runs on the user's computer, such as a desktop or mobile app. As stated in section 4.6 of the OAuth 1 RFC:

In many cases, the client application will be under the control of
potentially untrusted parties. For example, if the client is a
desktop application with freely available source code or an
executable binary, an attacker may be able to download a copy for
analysis. In such cases, attackers will be able to recover the
client credentials.

Likewise section 9 of the OAuth 2 RFC:

Native applications that use the authorization code grant type
SHOULD do so without using client credentials, due to the native
application's inability to keep client credentials confidential.

And the article "OAuth 2 Simplified" by Aaron Parecki states:

If a deployed app cannot keep the secret confidential, such as Javascript or native apps, then the secret is not used.
[...]
mobile apps must also use an OAuth flow that does not require a client secret.

Yet several service providers offering APIs built on OAuth 1 or OAuth 2, notably Twitter, require them. Despite it being trivial to pull client credentials out of an executable with tools such as strings, Twitter has been known to disable any client credentials that leak to the public. There are two workarounds, both cumbersome:

• The first, recommended by OAuth 1 spec author Dick Hardt, is to proxy all API calls through a server that the app developer operates. The API keys then never leave this server. Yet the app developer needs to find some way to recover the cost of operating this proxy server.
• The other, as recommended by Raffi Krikorian and Chris Steipp, requires each user to register with the service provider as a developer, obtain API credentials through the developer console, and enter those into the user's own copy of the application. Because providers tend to refuse to offer a means of automating application registration, each application has to include a walkthrough for registering a copy of an application and update this walkthrough whenever the service provider changes the design of the developer console. In addition, developer consoles tend to require a minimum age of 18 to rather than 13.

OpenID 2.0, an authentication protocol, did not require relying parties to obtain client credentials. It was intended that a user would paste his identifier URI into a form on the relying party's web site (or use a browser extension to autofill it), and the user would be briefly redirected to the identity provider's web site for verification. Very few identity providers required relying parties to register; the only one I could think of was PayPal.

But unlike OpenID 2.0, which was open by default, the OAuth 2-based OpenID Connect is closed by default. It requires each relying party to obtain client credentials from each identity provider's developer console, which requires O(n^2) contract executions. There's theoretically a way for a relying party to obtain client credentials automatically, called Dynamic Client Registration (dyn-reg), but to my knowledge

C99? I'm talking old, bro

Yeah, it's crazy. "Let's make some invisible character with a variable width significant."

Like Makefiles do?

• http://stackoverflow.com/questions/2131213/can-you-make-valid-makefiles-without-tab-characters

Here's some evidence, albeit imperfect: Why did Stack Overflow the web app precede Stack Overflow the native app?

That isn't much evidence and a narrow definition of "application". And a better question to ask is why did Stack Overflow bother making a native app at all? Simple: it's because there was a worthwhile return on development. They were late to the game because as they themselves acknowledge they misunderstood the market.

But these are just websites and bulletin boards. Show me some real evidence for applications which do something more. Show me application development times and figures. Show me figures for efficiency and productivity. Show me the real financial returns on premising the broad range of application development (i.e. not merely bulletin boards or advertising platforms) on including support for niche, limited, "extreme example" platforms. You haven't supported your claim that it's worth suffering all the limitations of web development for the sake of the tiny market share of the Wii U's 11.7 million users.

but one needs a far more expensive debug unit to test native applications.

No one doesn't. The simple solution is that one doesn't waste one's time on closed platforms with insignificant market share, like games consoles. There simply aren't enough of them to justify development of anything other than the children's games they're built to play.

I wouldn't doubt it if the Bill and Melinda Gates Foundation is behind this somehow, but if this is more along the lines of code.org, I don't think selling Microsoft software would be the focus.

It's been amazing watching the media fall all over themselves trying to trivialize programming. Everyone Can Code! We've got a president who's a programmer because he spent an hour of code. We've got a female CEO who's a programmer because she figured out the secret lingo all us evil misogynerds invented to keep women from programming and can now copy and paste HTML and CSS from StackOverflow (couldn't resist linking there *grin*).

I suppose if I count time self-teaching, classroom time, and experience out in the real world, I've been doing this stuff for 20 years. There's still stuff I don't grok, like functional programming. I still haven't gotten around to teaching myself database clustering or done any exercises in maintaining, say, a petabyte sized distributed data set.

There's a programmer shortage! We need more women programmers! We need more H1Bs! You xenophobic misogynerd!

Oh wait, didn't we just find out that we're going to lose 8% of those jobs over the next decade?

I suppose it all works out nicely for the Illuminati or whatever they call themselves. Trivialize programming. Drive down wages. Lower the standards. Scare people like me out of the field. Make "cyber" space (yes, I know cyberspace was a thing) sound like a scary place full of revenge porn and other harassment. Generate more "cyber" crime and "cyber" terrorism as software continues to be hilariously easy to hack due to incompetent developers paid 3rd world wages by gaslighting asshole managers.

Lock the internet down! Backdoor encryption! There, that's better. It's far easier to control the Narrative without the internet or effective encryption.

Somehow, iPhones will still work. We just won't be able to boot non-Approved operating systems. Don't like Windows or iOS? That's ok, there are several approved variants of Linux, and systemd will keep you safe on all of them, citizen.

Yea, like I said, I'm not aware of any way to do that. If there is one, it won't be effective in general. What they probably did was put a shit lot of linefeeds after a "Viewing source is disabled" comment at the top of the HTML- I'm not even joking, that's a real thing people do lol

But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

You probably saw this mewling poopsack:
http://stackoverflow.com/quest...

And this dumb jive turkey:
http://www.makingdifferent.com...

There's plenty of code in there that does it. You'll also find that, in general, working around it is as trivial as not using a shitty browser that listens to bad advice like that. I don't doubt that the guy ranting ran across something that actually did what he said it did, somewhere.

Seriously, can you believe that some browsers in the modern day trust remote code? It's really dumb.