Slashdot Mirror

I would love to see you develop modern enterprise apps in C++. Different languages often are suited to different tasks.

And why exactly are you so anti Java, to the extent you are making a froth mouthed fool of yourself? It's alright if you don't know how to program in Java. There is plenty of respectable, often much more cerebral, glamorous work you can do, from writing device drivers to application prgramming. What is 'your' beef?

and badly written code is not just a Java phenomenon. See http://thedailywtf.com/ for examples in most common languages.

The first thing that struck me, both from the summary and the article itself, is that none of these are really open-source specific.

To reiterate, the four they listed in the article are:

• Communication technologies, like IRC and mailing lists
• How to get, build, and modify open source code
• Project organization, including version control, bug trackers, and individual roles within a project
• Linux and command line skills

OK, well, you could argue command-line Linux skills are open-source, but that's not guaranteed.

If anything, these are skills that all businesses who have programmers would want them to understand.

Heck, even my current project, an internal project that I swear I could submit things to The Daily WTF every weekday for the next year on, has version control and bug tracking software!

You're arguing with this guy ;)

I thought it was "FileNotFound" or is that just for booleans.

Just think of all the possibilities with steganography in poorly written html?
vs
and /> tags, empty span and font tags, the number of  's - casing in css styling and everything!

Just look to North Korea!

Brillant!

Oh, Paula Deen.

Nevermind.

( http://thedailywtf.com/Articles/The_Complicator_0x27_s_Gloves.aspx )

Yes, gloves. Many types of them - also fingerless gloves. Easy to make from cheap wool ones - and in this case cutting just the tips of two fingers will be usually enough, making them only slightly less warm.

http://thedailywtf.com/Comments/The-Defect-Black-Market.aspx?pg=2

Clearly they should use BobX.

http://thedailywtf.com/Articles/Extensive-Date-Parsing.aspx

STFU.

Real business rules for real business apps (for real businesses) are written by real programmers... because it's a lot easier to teach a team of programmers the business rules than it is to teach a team of businessmen how to program something that's not going to blow up in their face, and land your company on http://thedailywtf.com/.

I seem to remember some sites using Verified by Visa and then abandoning it. Perhaps they found that shoppers were abandoning their shopping carts after having set up VBV before and then forgetting their VBV username and password.

Well, few reasons.

1) Merchants love it because the customer gets stiffed with the charges (you can't chargeback a merchant if it was done via 3DS (3D Secure, aka Verified by Visa and MasterCard's equivalent). I only do VBV on a merchant I know. Unknown merchants, I'd probably trust Paypal a bit more.

2) It seriously screws up with NoScript. I keep forgetting to enable the 3rd party site which usually results in screwing up the checkout process.

3) It makes it harder to do "one-click shopping". If you're a merchant that gets a lot of impulse buys, the more steps betwen "I want it" and "We got your order, it'll be shipped soon!" is more chances the user will cancel the order prior to completion. (And this is a very important point)

4) It's extremely insecure, and can offer a great way to phish. Heck, we've got previous Slashdot articles on the subject. Why "Verified by Visa" system is insecure and Net Shoppers Bullied into "Verified by Visa" program.

5) Forgetting your password can get your credit card locked out.

Quite honestly, 3DS is just another form of Wish-it-was two-factor security. It pretends to be more secure, but in reality it isn't.

There are two ways to do it properly - you could SMS people a password, but that screws with people like me who don't always carry their cellphone around, or perhaps build in an RSA key thingy inside the card itself. Chip cards (which have their own issues - really - the PIN's in the chip and the chip sends an "OK" or "Failed PIN" response - not any form of challenge-response packet to the bank, who should know your PIN, not your card) have powerful enough processors to do some RSA token like task. Given we can buy a calculator for under a dollar, there's no real reason why we can't have credit cards with two-factor support on them (and no PIN needs to be stored - the card will generate a code based on the entered PIN which the bank can validate).

1) fast charging technology won't work, so battery changing will be necessary

This one probably won't be true. Most wires just can't give out enough power. Recharging a car at speeds at which a gas car is charged takes around 5 megawatts. That means that 10 of my local costco gas stations = 1 powerplant.

2) leasing battery packs is a viable business

With current battery prices, it can never be a viable business model. Most batteries cost too much per unit of energy stored. For example, a lithium ion costs ~0.5 dollars per watt*hour of energy stored, but runs 1000 cycles. Which works out to the battery costing 50 cents per kilowatt hour, 5 times as much as the raw electricity. You can go cheaper, and perhaps below threshold of batteries costing more than all the electricity they store.

3) enough cars can be designed around the standard battery packs to make this work

That's a major problem. How are they going to put those batteries in an SUV? A delivery truck? Can we convert cars to better place electrics?

4) they can standardize the infrastructure around their standards.

Yep. Good luck with that, especially when all the Vogons at the NHTSA, EPA, CARB, and the insurance companies start to mess around with that.

Or, for 7000 bucks you can order up a bunch of generators in stick em' in the car. Cut the battery pack to 40 miles of range, and solve the battery sticker shock problems.

Actually Dave has already figured out the optimal formula for calculating and ranking a woman's beauty.

Reminds me of this: http://thedailywtf.com/Articles/Deploy!--Deploy!-Deploy!.aspx

You mean it's not just Wish-it-was-Two-Factor? Google never ceases to amaze me. Now, how long must we wait before online banks finally get their security model right?

Don't you mean true|false|FileNotFound -- http://thedailywtf.com/Articles/What_Is_Truth_0x3f_.aspx

If your job can be replaced with a computer program, you should not be doing it, or you will be known as The Indexer.

they use Apache, which is a kind of Internet Information Server too. See? And that makes them an ISP just like Google is.

It's all so clear now.

Maybe it's the same guy from this story

"I think you're using a different definition of ISP than me," I responded, "what I mean is... I wouldn't have considered Google to be an ISP, but a search engine. Can you clarify?"

"No, no. They're actually both ISPs, as they allow people to access websites. Would you consider any of the companies you worked at to be an ISP?"

"Uhh... I guess not."

Please don't twist my words. I don't claim there are no non-human-factor caused crashes, I just claim that a vast majority is human factors, and mostly cockpit human factors at that.

AF447 is, to the best of my knowledge, a case of the pilots getting confused by a single point of failure in the air data instrumentation. If you look around, you will find posts by pilots who faced similar issues, had similar ACARS messages sent out, and they recovered without problems as long as they followed procedures. Surely it did fall apart in the sky, but it didn't "just" fall apart, at least there is no reason to think this way so far. To me, that's not unlike China Air 006 but with a different ending.

USAIR 1549, the famous Hudson water landing -- well duh, it was not a human nor a mechanical problem. Force majeure. One example of it, so what.

Emirates 407 -- well thank you, because that was a classic case of human error. Funny coincidence of you mentioning it -- just see yesterday's TDWTF story about Command 696. ;)

I somehow doubt that they are using a stock .NET component which is broken - given that FTP is a fairly straightforward client-server protocol and can be implemented using nothing but Sockets.

So, I assume you've never read this site or any of the many similar ones? And you've never heard of production code ever having a bug in it?

Reminds me of a Classic TheDailyWTF: I'm Sure You Can Deal

Were there any worms spread using a serial port?

heh. oddly enough...

Funnily enough, The Daily WTF has a posting up about why passing your test cases isn't always sufficient.

Role-based Canary

http://thedailywtf.com/Default.aspx

The threat that one day someone will post your code and or screen shots from your programs for everyone to ridicule should be motivation to either improve or write worse code.

Do you know how many microcontrollers are in a car?: http://news.bbc.co.uk/1/hi/magazine/8510228.stm

Do you know the quality of production software?: http://www.thedailywtf.com/

Linking systems together in any form will create emergent behavior and new sources of disaster. Oh well, here's to the first 200 car pileup.

The best way to learn is to read The Daily WTF and then don't do what is described in the articles.

And by three redundant VBScript function. (Well, two redundant - one must exist).

Missile based CIWS has a chance as it can engage at decent range and score a one shot kill.

So what you're referring to is a long range close in weapon system? No doubt it has a manual automatic control system.

Is this you?

Maybe South Afrericans...

What idiot doesn't check user input with at least a regex replace to look for offending tags in fields *YOU KNOW* will be rendered by an HTML interpreter (browser)?

http://thedailywtf.com/articles/injection-proofd.aspx

Reactive regexing offending tags such as "script", "object" or "embed" don't work if you don't know they exist. As such, it's easier to simply include functions in the programming language API that escape/unescape strings sent in through user input so that junk like that doesn't get echoed into something hazardous.

That's almost as awesome as this!

If you're in a school and your traffic is being filtered, then you aren't talking to the right people.

Take warning from this: http://thedailywtf.com/Articles/The-Russian-Plan.aspx

For all practical purposes, there's not a huge difference between memorizing entire books and being able to quickly pull the same information off Google when you need it. It's now less about what you know, and more about how you can actually use that knowledge.

True, but I've noticed something when observing people who are trying to learn something: facts are like pieces of puzzle: You can have a set of facts that are correct, relevant and sufficient, but unless you know how they connect to each other, you have nothing but a mess.

You can skim a missing puzzle piece from Google, and in fact can often work around not having it. But if you don't have the Big Picture... then your work ends up in your profession's equivalent of The Daily WTF, and rightfully so.

That's the point of education, IMHO: to give the people The Big Picture. You can't compensate for not knowing details, but you can't compensate for not having any idea WTF you're trying to do.

That's also why almost every non-fiction book begins with an introduction, and why you should always read it; all too often it's self-congratulatory droning, but it also gives you a clear idea of what the book's about. Next read through the table of contents. Only then start reading the actual book.

And so on and so forth. The same thing always comes through: people who know the Big Picture can use the information they have, while the people who don't know it don't really benefit from their bag of factoids except completely by random.

That's the real problem with Googling things. Google returns random facts in no particular order, so it'll take a long time establishing them into some kind of model so you can actually use them and add more. A book, on the other hand, goes through things in order, the later chapters building on things covered in the former, so you can simply read it - assuming the writer's any good, of course. It's far more efficient for picking up new things, while Googling is more efficient for checking details.

Yeah, but have they tried JavaScript?

But then, crappy programmers misuse them, not knowing about what is done behind their back, and it becomes slow and bloated code.

This is a compiler we are talking about. I think that we can assume that people who program the program that turns code into machine code must "know their shit", so to say - otherwise the time taken to compile will be the least of the user's problems.

Besides, having people copy code from a webpage/programming manual doesn't improve things any.

Having to specify everything explicitely makes you aware of the complexity/memory usage of what you are doing.

No, they simply memorize magical mantras that, when regurgitated, will do what they want. It's much better to give such people as high-level libraries as possible and let them use those; the more they have to think about optimization, the more likely they are to do something unbelievably stupid.

Besides, the exact same argument could be used to condemn first OO, then structural programming, then anything that gets compiled, then finally machine code itself as an abstraction over the physical hardware of modern processors.

That’s what you get when you mix the ex-taxi-driver “web designer” with the typical consultant: A Paula Bean.

Brillant!

Your comment reminded me of this story:
http://thedailywtf.com/Articles/Classic-WTF-The-Complicators-Gloves.aspx

A mighty fine story about overcomplication :)

So you implement some protection. Then some prima donna trader comes by and asks that they be disabled and his trades unquestioned. If the company makes good profit off the guy, down the protection goes.

Reminds me of this story on a commodities trader that not only didn't close his position, but actually ended up taking physical delivery of the commodity. Oops. Sure there were protections, but the guy had them disabled.

http://thedailywtf.com/articles/special-delivery.aspx

Hell, for all we know, this is exactly what happened - most traders can't enter in a "b", except a succint few well-trusted individuals. Just one of the "gods" managed to fumble it.

Sure, that's an extreme example, but you get the idea.

There are standard techniques for dealing with such things. e.g. ramp up the compiler warnings and see what they're complaining about or replace a type with a deliberate dud to see where it's used and inspect it. It's not magic or hard, it just requires routine developer expertise. Usually in modular code the side effects of new code (e.g. device driver) are minimal, even more so for a beginner engaged in an introductory project. The large kernel code can actually be a benefit in that it provides enormous numbers of examples to learn from with some examples likely to be very close to what you want to do.

It is true that there are many developers who think they're expert but aren't that would find this impossible (see dailywtffor many examples) however nobody wants those people anywhere near the kernel code. Or any code for that matter.

---

Insisting on absolute safety is for people who don't have the balls to live in the real world.

-- Mary Shafer, risks researcher, NASA

Software development is creative work. "8 hours of programming" probably doesn't consist of 8 hours of typing. And if it does, you're either an incredibly productive programmer, or an incredibly inept programmer

How would you pay a poet by the hour? Does he only get paid for the hours where his pen is actually touching paper?

Want to know what the Government thinks about the Internet? Read the Mr.Internet WTF story that was just published.

If you really want a kid to learn how computers work, put a filter between them in the internet. They'll figure out a way to circumvent it if they're smart. And if they're too stupid to break out, think of it as a your-kid filter for the internet and not an internet filter for your kid.

hehe. Funny, but painfully true. The smart ones get around the filters without blinking. And they're also a boon for the teachers whose jobs are impeded by these systems. I know some teachers who have been through it. (yes, yes, shameless self promotion =) )

That I just finished reading this.

From TFA:

The problem is today's desktop programs don't use the multiple cores efficiently enough, Probert said.

If you have a program that needs to do X things at once, it'll run best on multiple cores. You can't avoid that fact. TFA makes references to eliminating the abstraction of a process, giving each program only a single core. My point is that that won't help at all if the idiotic programmers of this world still can't write a decent program.

It doesn't matter if you can run 50 things at once, if the programs you use are written poorly. They'll still try to run in a single thread, doing a single thing, and preferring shiny buttons over actual function. I/O will have to wait for screen updates. Until I start seeing consistently better programs, I'll continue to assume programmers are dumb.

It's great to push for better scheduling, however you want to do it, but having both better scheduling and improved efficiency will still be better. I personally think that redesigning the OS concepts is a poor choice for improvement.

Or the classic True, False, and FileNotFound.

>And more examples of how wrong things can get can be found here: http://thedailywtf.com/

Or in my sig.