Sure, now that IBM has all the software patents they could ever need, they show others how to do the same thing. Of course, what this means is that IBM is pandering to an ever larger field of patentable technology through the normal process of cross-licensing (you license your patentable idea to me, and I won't charge you for X, which we already have a patent for).
I'm glad they're being reasonable about the advice they're giving, especially about "not patenting a business process with no technical content", but they're already so far ahead that they can afford to be reasonable. I don't see patent reform on the horizon as a result; IBM has too much invested in the current system to take a really progressive stance on "Intellectual Property" ownership.
Microsoft Academic Alliance. At least that's what it used to be called. I had terrible experience with it. Apart from the obvious lock-in that the school endures, the students suffer badly too (unless they like Microsoft, which is the entire point of the program).
Notable memories:
I've seen more legit software being provided by warez sites. I signed a "license agreement" that came out of a printer in some window in a lonely hallway when nobody else was around. The ISOs I was provided were deliberately buggered to prevent burning the image to disk (so I saved the compressed ISO file and used the image file directly). Windows XP was broken beyond usability within 4 months.
Instructors come with Microsoft bias. Students are allowed to have biases; after all, they're the one's making up their mind about what they're learning. Instructors should remain vendor-neutral. It seems, however, that there's no such thing as an MCP that doesn't evangelize while they work.
Linux and Windows segregation. One side of the classroom ran Windows PCs and the other side ran Linux PCs. Any instructor that came in could immediately tell what OS you were running by what side of the room you were sitting on. I was discriminated against as a result. The only good thing about it was that no one sat anywhere near me.
I had prepared a number of arguments to take to the college's directors, citing that the combined effect of the Microsoft marketing ploy was to reduce the academic value of the program. While there were several occasions when it seemed I might have to make them, I was allowed to evangelize myself without consequence. Fighting fire with fire is a pretty lame way of dealing with this issue. Better is to ensure that marketing and education don't get mixed.
I expected to find an article filled with made-up numbers and logical fallacies. There wasn't much in the line of reasoning, so no fallacies, and the numbers are comprehensive and cited. The claim is that there aren't any Americans to fill the job anyway. Three quarters of businesses were happy with the work that was done off-shore. I read that to mean that they're not just looking for a warm body but someone who can do the job to an acceptable standard.
Is there really a skilled labour shortage? Everyone who works in HR at an IT company or a company with an IT department seems to think so. If companies are really choosing offshoring because they can't find an equally qualified person onshore, than Americans aren't losing jobs. To compete with the offshore candidate, they'd need to receive further education. Perhaps the real problem isn't that Americans are losing jobs, but that they lack enough education to compete with skilled professions in a global market.
There's a lot of competition for tech. jobs. Blunt honesty might push some people out who weren't sure anyway. What are you doing looking for work if you can't handle rejection? My experience with interviews is that they either don't tell you anything, or they make up something that sounds nice but isn't very specific. How you treat each candidate reflects more on your company than it does on the IT industry as a whole.
Obvious flamebait, but what the hell.
AJAX is distributed computing. Distributed computing is hard. Ergo, AJAX is hard.
AJAX is a tiny component of the overall distributed application. The distributed application is not written in AJAX. AJAX isn't even a language; JavaScript is. Maybe some people who write AJAX code actually wrote some RPC stuff too, but I'd wager they're just a 13-year-old web monkey. RPC is distributed computing. RMI, CORBA, even XML web services are distributed computing. JavaScript is just glue. Get over it.
Ok smarty, which AJAX framework would you choose? GWT, J2Script? Would you handroll your own? What sort of data structures were you planning on using to get the data across the wire? Should your AJAX calls be fewer in number with larger payloads or would your application benefit from many calls with small payloads?
I'd roll my own. If I really needed to write an application that constantly transferred huge amounts back to the client, it'd probably be a clue that a proper desktop client/server app would be a better architecture. I mean, most AJAX people don't even realize that the server-side input doesn't need to be written in XML. Guess what? if you're receiving so much data back from the server as to need to process huge XML documents, it's just a fast to do a post-back.
In short, AJAX solves nothing but the most trivial of UI issues. It's about the worst possible choice to solve pretty much anything it's been used to do. Show me an non-trivial AJAX solution, and I'll come up with 3 others that are more portable, use less network resources and are more secure. web20 hype. web20 hype. web20 hype. Are we clear?
x86 Linux can certainly do everything Windows can. Under the hood, they both do the same thing: they boot up a kernel, install system hooks at vital memory locations and provide a mechanism to execute arbitrary binary code. Dynamic runtime linking will pull in binary code that has been provided with the OS (the Win32 API in your example). Ultimately, a Linux machine will be able to exactly run (N.B. not emulate) a Windows binary when binary libraries ported to Linux exactly duplicate the functions in all of the APIs available to Windows.
Of course, that's sort of like hitting a moving target. But Microsoft can't move too fast or they alienate their own customers, giving Linux a pretty decent chance of duplicating all but the newest additions to the API. New applications are always designed using the latest API, even when the new API isn't necessary (i.e. the Microsoft API mutates for the sake of mutating to prevent competitors from keeping up). Apple wins the proprietary game here; if Microsoft didn't want other OSes running their binaries, they should have gotten a proprietary hardware deal too.
My favourite part is that Canadian spelling actually dictates that you can mix and match. I typically keep the 'u' in unless I'm writing specifically to an American (no point in being different for the sake of being different, usually).
However, this disagreement on terminology doesn't take away anything from their practical usefulness and, for sake of consistency, I would continue calling them "design patterns".
...Because the seminal GoF work called them "design patterns". And in that book, they most certainly are. I just don't put Usability "patterns" in the same category as the GoF patterns; the scope and abstraction of the recurring problems are not even close to being on the same level. I don't think that it's about "consistency", but rather a simple word play to put AJAX programming on the same level as C++. Sorry, AJAX just isn't that complicated, and trying to make it sound big and complicated is just more Web 2.0 hype. Besides, who needs a book to learn AJAX? Unless I missed something important, a few paragraphs and a couple code samples explain things just fine.
This would be really cool for lab guys. A 3-d silicon model is so much easier to look at than trying to visualize the 3-d from a 2-d image. How long 'til we see them using it on CSI?:)
Right now I am playing WoW with no issues. Heh. Hear, hear! In fact, I've noticed that the performance in many cases is actually slightly better than under Windows XP. The framerates are identical; the NVIDIA driver is equally performant under XP and Linux. Network latency is better. It's rare that my latency ever goes over 100ms (though I have some help from QoS in the router). Load times are waaaay better. I use software RAID-0 on dual SATA drives as my main disk. I used the Windows VIA SATA-RAID driver to do basically the same thing, but the disks are just so much faster under Linux. I'm usually the first guy to appear when travelling between continents.
So, if it works on Linux under a limited user account... why isn't it possible on Windows? Well, there's some trickiness at work to make you think that you're not using root privileges. However, X.org needs root, as does the proprietary NVIDIA driver. The LUA is really only providing information via/dev/nvidiactl which then does stuff as root. WoW is the perfect example of how to exploit NVIDIA remotely; a carefully crafted WoW packet could contain 3d information which targets the NVIDIA exploit. If it works, then you just got r00ted. However, the LUA is still a little safer than running as root because file I/O is still restricted to user priviliges, thus ensuring that a patch download gone awry won't overwrite system data (though it can still trash all your documents); and networking is restricted to the user priviliges, thus maintaining the same level of network security.
I'm not feeling your pain. I agree that the advice about turning off firewalls and antivirus is insecure, but the users are either Internet savvy and found the instructions about what ports to open up on their router (there's usually only 1 or 2), or have absolutely no clue what a "port" even is. What secure method for retrieving the patch would you suggest to this illiterate user? Usually a link to the file download is provided. Hopefully the illiterate is able to locate and run the file after they've downloaded it.
Perhaps the key is in your statement "I'm sorry, but no game is important enough...". I'd tend to agree; online gaming should come with a prerequisite of basic networking knowledge. What's an IP address, firewall, router, port, and how does it apply to what I'm playing? Maybe if you can't answer that you should stick to one of the many single-player PC games, or buy a console that comes preconfigured to "just work" online. Let's face it, there's like two current titles left out there that only work on PC that haven't gone to X360 or PS3 yet.
I don't think Vista loses much by not being a first-rate gaming platform. My reading of the features says that it's a corporate OS anyway. What home user wants to deal with the DRM headaches with no obvious benefit to them?
If nVidia ever decides to drop a piece of hardware and stop compiling a certain driver for newer kernels, then users will either have to upgrade hardware (gee, I wonder if nVidia would have an incentive to make people do that) or else use an old kernel. Ouch!
More appropriate would be to say "or else use a kernel you don't want to." It's just as much of a nightmare being forced to upgrade your kernel as well. Gaming is very sensitive to kernel version (just read the Cedega release notes re: versions 2.6.9 and 2.6.10). Upgrading from 2.6.15 to 2.6.16 caused some Cedega-supported games to stop working.
My major issue with the binary driver is security. Because the driver is a kernel module, remote exploits of the NVIDIA driver will hack the kernel every time. Online gaming brings new life to the idea of remotely exploiting the NVIDIA driver, and not having an auditable driver is a big issue. It took them over 2 years to fix a reported, remotely exploitable issue. It's unacceptable to be forced to use such crap. The only other alternative is to use some othercrap which suffers from exactly the same problems. I wish something would shake up the 3D market, but somehow I doubt this project is going to unseat NVIDIA.:(
First, the people who make the technology decisions often don't have the required technical know-how, and have a terrible tendency not to listen to people who do. OTOH, the people who have the technical know-how have absolutely no idea how to write a business case. Thus, there's usually a disconnect between the people who understand the business requirements, and the people who understand the technical requirements. Vendor loyalty has been known to be a sticky issue as a result.
Second, there's always a problem getting a bunch of talented, egotistical (ok, so not all software developers have ego problems...) quirky, eccentric and generally difficult people to work toward a common goal. The common analogy to being a successful director/manager of a software project is to that of "herding cats". My experience has been that business types don't react well to the often-emotional developer types, hearing the emotional outburst, but ignoring the content of it. Developers would do well to learn some more social skills, and director/manager types would do well to listen better.
A good sample of the fake content that spam engines create. It seems intuitively obvious to me that this text is completely meaningless, but getting an AI to understand why is much trickier. Clues come from the fact that "latter" is used incorrectly (being no "former" to distinguish "it" from), pronoun "his" refers to no subject, comparative "than" doesn't compare two subjects, etc.
Unfortunately, humans make these sorts of semantic errors all the time. We're just extending a bayesian filter to make a statement about the spam probability based on the "makes-sense" factor of the message. Tagging doesn't really help much (tagging beta: Austria) either since we're just guessing based on word density and prominence.
I can believe that better language processors and increased electronic availability of information will help in syntactically and semantically deconstructing a message, but until humans in general are capable of more detailed conversations with their computer, all the semantic and syntactic analysis is not very useful to an end-user. Ultimately, you need to be able to tell your spam filter about what has been misidentified. Something like "you identified term1 in message0 as classification3, but it's really junk. Please update your understanding of classification3 with this new information." Most people can't update their understanding this easily, let alone know how term1 relates to classification3.
In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems?
Unfortunately, even the best of us get exploited too. I haven't had to deal with anything recently, but when I first got cable in 1998, someone hacked root using a vulnerability in wu-FTPd. Lucky for me they had just hidden eggdrop and I found them quite quickly. But it could have just as easily been daylights for the server.
Linux in the early days had huge problems, mostly related to unpatched network services like the wu-ftpd example, but also because Linux people tended to keep their computer on all the time, and ISPs were irresponsible and didn't go after people who scanned the entire network for vulnerable servers.
Defensive computing, like defensive driving, is a safe posture and will generally keep your computer in one piece. However, you can still get hit by something unexpected.
I used to work at a private financial institution that was a member of the Interac network. The security on modern ATMs in Canada is very good. Interac certification requirements are equal to or better than VISA/Plus requirements, which require:
An EPP (Encrypting PIN Pad) that uses 128 3-DES shared key encryption. The EPP is sealed at the factory.
A specially hardware device for generating gateway keys and terminal keys
MAC-ing of encrypted message between terminal and gateway to prevent errors and detect tampering.
private leased line between gateway and Interac network
(coming soon) upgraded requirements for MAC-ing and encryption on private leased line
The link between ATM and gateway, and gateway and Interac is probably the most secure aspect of the transaction. Most fraud I heard of was isolated cases of stolen cards (probably read the PIN over their shoulder and stole the card without cardholder's immediate knowledge), or of cameras recording PIN numbers (you need an insert on the card reader too). The only real problem now is that some older gateways still process non-compliant terminals which use weaker encryption (64-bit DES) or use PIN pads that aren't certified. Fines must be paid to keep these terminals operational, and I believe that there is a drop-dead date where nothing will keep the non-compliant terminals operating.
In practice, this means that an individual needs to pay attention to what ATMs they use. If it looks old and unreliable, there's a good chance it is. If it looks shiny and new, it's pretty likely that it meets current security standards, though it's possible to upgrade the case on some older models without upgrading the security.
Very good analogy. I'm most interested in what terminal they hax0red, and I can't really tell. I'm pretty certain of this though: any program that would be able to read the key presses will not authorize transactions - ever. If you can replace the electronics with something that can read the keypad, then you'll lose the benefit of the (tamper-resistant) electronics that actually encrypt the PIN block. Show me a proof-of-concept that can actually record keypresses while still authorizing transactions, then I might believe that these things aren't actually tamper-resistant.
All of these networks would continue to be interoperable with each other, but they would operate in slightly different ways by optimizing their networks for slightly different types of services. Pathetic. This is just an argument as to why people should remain clueless about TCP/IP and pay 3 times as much for network services as they need. I don't need three network providers. I need one network provider that allows me to set my own QoS. And I can already do that. My online gaming and VOIP applications are programmed to have higher priority on the router.
The solution is to make the programming of QoS easier. Right now, I need to have familiarity with pf syntax to do that. However, for my needs, and most small home-office needs, a set-top appliance could allow limited programming of at least a PRI queue. Online gaming uses ports x, y, and z. Set all traffic on these ports to the highest priority. Web and DNS needs to have next highest priority so surfing is instantaneous. SSH needs to be in the mix somewhere too. But P2P software certainly isn't dependent on latency, so dump it to the lowest priority.
I saw something about a "gaming router" recently. I wonder if that's how it works.
It is, in some cases. Many universities now offer degrees in Software Engineering.
I'm a developer, not an engineer. To me, that means that I don't follow any formal methodology, don't belong to the local professional engineering organization, and don't necessarily have a degree. My style is more based on what I learned in my High School English courses than anything else, and is largely the result of many years of experimentation.
That description is the reason you either want or don't want a Software Engineer. Engineering is a slower process. It is rigorous and formal and based on mathematics. The results can be exactly duplicated, even if you have entirely different engineers working on it. When I write software, I do what many people call "hacking". Often, I write only the documents that are required to firmly establish the concept in my mind, then just keep writing and debugging code until it works. For many applications, I will write software that is equally robust in less time. That's because you don't need an engineer to design a blogging application.
Software Engineering is used in much larger, mission-critical applications, like a financial institution's transaction processor, or a real-time monitoring system, etc. Mistakes cost millions of dollars or even lives, so every possible scenario needs to be considered up front (BDUF). Hacking isn't like engineering, and that's one process of producing software. Software Engineering is exactly like engineering and that's another process of producing software.
...Most people who don't run Windows on an x86 PC build their own.
...I got just as much satisfaction by tearing the Windows license off my laptop (there's a spot on the laptop chassis marked COA, like it can't work without it) and removing the little sticker that says "Designed for Windows XP"
Unfortunately, it's just not worth the time when you're really just stroking your ego.
How about this silly, uncited claim:
To illustrate his point, he notes that computer programmers tend to prefer manual transmissions. But not even 15 percent of the cars sold in the United States last year had that feature. I checked Google, and the only page that is even closely related to the claim is a blog post by "Joel on Software." Ironically, Joel can at least explain in technical terms what it is about a manual transmission that might appeal more to a computer programmer.
Regardless, it's a silly claim. It's just an attempt to pigeon-hole two groups that are a minority of the population into the same hole. I agree that there's a disconnect between developers and users, but it has nothing to do with developers being less numerous than users.
And I used to think your way. I'd certainly not say that either is superior to the other. In a creative sense, computer programming is an exercise in translation. The only difference is that the translation must exactly meet certain technical details, rather than expressing fuzzier, human-like ideas. Once the required documentation as to what the technical details are understood, it is now a matter of translating your understanding of the application into a language the computer understands. That is most certainly a creative process.
Writing documentation that expresses the details is an exercise in translation as well; that from a mathematical, formal language to English that the coder will understand. I know that there's engineering processes involved too (in many of the larger applications that people have mentioned), which evaluate the correctness of the mathematics. I'm not an engineer, nor did I claim to be. I probably drive people nuts who insist that only a formal methodology can produce executable code, but I've had plenty of success with my own methodology.
I don't work on these large-scale projects, but most business programming I've seen falls into the "can hack together in Perl in a few weeks" category. Pretty much any web application short of Google falls into that category as well. That should be plenty to keep me busy.
Every person I've met with writing talent throws lots of stuff away. They do it without a second thought, and the next attempt is almost always better. Why should writing software be any different? If the legacy is so bad as to be entirely undocumented and filled with back doors, work-arounds and pitfalls, what do you lose by rewriting? It's not like editing the crap code is going to be any faster or less error-prone.
In fact, there's many benefits to rewriting. It allows for proper documentation to be created (design diagrams, use cases, requirements documents) if it was missing. It allows for new technologies to be considered, and to plan for another 30 years of operation. If the software was created using a robust process, the design diagrams, use cases and requirements documents are already written. That's the hard part; any coder worth his salt should be able to exactly duplicate the application from those artifacts.
I don't think the risk is as bad as business types claim it to be. Is it really any more of a risk to "Rip and Replace" when it's at least as likely that either the ancient hardware that the application runs on fails without replacements being available, or that the one person in the entire company who actually knows all the stuff that should be written down in the non-existent documentation retires, and there's no replacement available? The article mentions in 2 of the 3 legacy reclamation techniques that a domain expert would be required. The fact that many of the domain experts are going to be or have already retired should be additional incentive to do the "Rip and Replace" while they're still available.
It's easy to say "bad software" from your point of view, but what exactly IS "bad software"?
Sorry, I wasn't very clear about this. I did mention that the key point was the misrepresentation of software for the purpose of gaining some control over the victim's computer. As a result, Microsoft would mostly be on the right side of the law, but a company like Gator would not. The difference is in what the software is purported to do. I don't even know what Gator is supposed to do. It doesn't really matter, since it's primary purpose is to send personal information back to the software creator. In this case, I'd say criminal liability since the business model is based on unjust enrichment by selling information that was obtained without permission. They rely on the fact that they have only breached civil law to stay in business; most people who were harmed by Gator are not in a position to hire a lawyer and roll the dice. OTOH, Microsoft's latest security exploit is not criminal (unless you could somehow prove that it was left there intentionally). Microsoft does not misrepresent their software; its intended use is how it's used in practice. Civil liability would have to be argued and damages would have to be proven.
I didn't consider the cost to Open Source projects. I don't know of any that deliberately misrepresent themselves however, so I don't think that my proposition criminalizes any activities of OSS developers. It's kind of hard to hide a deliberate back-door in something whose source is publicly available.
Slashdot Mirror
Sure, now that IBM has all the software patents they could ever need, they show others how to do the same thing. Of course, what this means is that IBM is pandering to an ever larger field of patentable technology through the normal process of cross-licensing (you license your patentable idea to me, and I won't charge you for X, which we already have a patent for).
I'm glad they're being reasonable about the advice they're giving, especially about "not patenting a business process with no technical content", but they're already so far ahead that they can afford to be reasonable. I don't see patent reform on the horizon as a result; IBM has too much invested in the current system to take a really progressive stance on "Intellectual Property" ownership.
mandelbr0t
Microsoft Academic Alliance. At least that's what it used to be called. I had terrible experience with it. Apart from the obvious lock-in that the school endures, the students suffer badly too (unless they like Microsoft, which is the entire point of the program).
Notable memories:
I had prepared a number of arguments to take to the college's directors, citing that the combined effect of the Microsoft marketing ploy was to reduce the academic value of the program. While there were several occasions when it seemed I might have to make them, I was allowed to evangelize myself without consequence. Fighting fire with fire is a pretty lame way of dealing with this issue. Better is to ensure that marketing and education don't get mixed.
mandelbr0tI expected to find an article filled with made-up numbers and logical fallacies. There wasn't much in the line of reasoning, so no fallacies, and the numbers are comprehensive and cited. The claim is that there aren't any Americans to fill the job anyway. Three quarters of businesses were happy with the work that was done off-shore. I read that to mean that they're not just looking for a warm body but someone who can do the job to an acceptable standard.
Is there really a skilled labour shortage? Everyone who works in HR at an IT company or a company with an IT department seems to think so. If companies are really choosing offshoring because they can't find an equally qualified person onshore, than Americans aren't losing jobs. To compete with the offshore candidate, they'd need to receive further education. Perhaps the real problem isn't that Americans are losing jobs, but that they lack enough education to compete with skilled professions in a global market.
mandelbr0t
There's a lot of competition for tech. jobs. Blunt honesty might push some people out who weren't sure anyway. What are you doing looking for work if you can't handle rejection? My experience with interviews is that they either don't tell you anything, or they make up something that sounds nice but isn't very specific. How you treat each candidate reflects more on your company than it does on the IT industry as a whole.
mandelbr0t
AJAX is a tiny component of the overall distributed application. The distributed application is not written in AJAX. AJAX isn't even a language; JavaScript is. Maybe some people who write AJAX code actually wrote some RPC stuff too, but I'd wager they're just a 13-year-old web monkey. RPC is distributed computing. RMI, CORBA, even XML web services are distributed computing. JavaScript is just glue. Get over it.
Ok smarty, which AJAX framework would you choose? GWT, J2Script? Would you handroll your own? What sort of data structures were you planning on using to get the data across the wire? Should your AJAX calls be fewer in number with larger payloads or would your application benefit from many calls with small payloads?I'd roll my own. If I really needed to write an application that constantly transferred huge amounts back to the client, it'd probably be a clue that a proper desktop client/server app would be a better architecture. I mean, most AJAX people don't even realize that the server-side input doesn't need to be written in XML. Guess what? if you're receiving so much data back from the server as to need to process huge XML documents, it's just a fast to do a post-back.
In short, AJAX solves nothing but the most trivial of UI issues. It's about the worst possible choice to solve pretty much anything it's been used to do. Show me an non-trivial AJAX solution, and I'll come up with 3 others that are more portable, use less network resources and are more secure. web20 hype. web20 hype. web20 hype. Are we clear?
mandelbr0tx86 Linux can certainly do everything Windows can. Under the hood, they both do the same thing: they boot up a kernel, install system hooks at vital memory locations and provide a mechanism to execute arbitrary binary code. Dynamic runtime linking will pull in binary code that has been provided with the OS (the Win32 API in your example). Ultimately, a Linux machine will be able to exactly run (N.B. not emulate) a Windows binary when binary libraries ported to Linux exactly duplicate the functions in all of the APIs available to Windows.
Of course, that's sort of like hitting a moving target. But Microsoft can't move too fast or they alienate their own customers, giving Linux a pretty decent chance of duplicating all but the newest additions to the API. New applications are always designed using the latest API, even when the new API isn't necessary (i.e. the Microsoft API mutates for the sake of mutating to prevent competitors from keeping up). Apple wins the proprietary game here; if Microsoft didn't want other OSes running their binaries, they should have gotten a proprietary hardware deal too.
mandelbr0t
My favourite part is that Canadian spelling actually dictates that you can mix and match. I typically keep the 'u' in unless I'm writing specifically to an American (no point in being different for the sake of being different, usually).
mandelbr0t
...Because the seminal GoF work called them "design patterns". And in that book, they most certainly are. I just don't put Usability "patterns" in the same category as the GoF patterns; the scope and abstraction of the recurring problems are not even close to being on the same level. I don't think that it's about "consistency", but rather a simple word play to put AJAX programming on the same level as C++. Sorry, AJAX just isn't that complicated, and trying to make it sound big and complicated is just more Web 2.0 hype. Besides, who needs a book to learn AJAX? Unless I missed something important, a few paragraphs and a couple code samples explain things just fine.
mandelbr0tThis would be really cool for lab guys. A 3-d silicon model is so much easier to look at than trying to visualize the 3-d from a 2-d image. How long 'til we see them using it on CSI? :)
mandelbr0t
mandelbr0t
I'm not feeling your pain. I agree that the advice about turning off firewalls and antivirus is insecure, but the users are either Internet savvy and found the instructions about what ports to open up on their router (there's usually only 1 or 2), or have absolutely no clue what a "port" even is. What secure method for retrieving the patch would you suggest to this illiterate user? Usually a link to the file download is provided. Hopefully the illiterate is able to locate and run the file after they've downloaded it.
Perhaps the key is in your statement "I'm sorry, but no game is important enough...". I'd tend to agree; online gaming should come with a prerequisite of basic networking knowledge. What's an IP address, firewall, router, port, and how does it apply to what I'm playing? Maybe if you can't answer that you should stick to one of the many single-player PC games, or buy a console that comes preconfigured to "just work" online. Let's face it, there's like two current titles left out there that only work on PC that haven't gone to X360 or PS3 yet.
I don't think Vista loses much by not being a first-rate gaming platform. My reading of the features says that it's a corporate OS anyway. What home user wants to deal with the DRM headaches with no obvious benefit to them?
mandelbr0t
More appropriate would be to say "or else use a kernel you don't want to." It's just as much of a nightmare being forced to upgrade your kernel as well. Gaming is very sensitive to kernel version (just read the Cedega release notes re: versions 2.6.9 and 2.6.10). Upgrading from 2.6.15 to 2.6.16 caused some Cedega-supported games to stop working.
My major issue with the binary driver is security. Because the driver is a kernel module, remote exploits of the NVIDIA driver will hack the kernel every time. Online gaming brings new life to the idea of remotely exploiting the NVIDIA driver, and not having an auditable driver is a big issue. It took them over 2 years to fix a reported, remotely exploitable issue. It's unacceptable to be forced to use such crap. The only other alternative is to use some other crap which suffers from exactly the same problems. I wish something would shake up the 3D market, but somehow I doubt this project is going to unseat NVIDIA. :(
mandelbr0tThe physics constant c refers to the speed of light in a vacuum. Read here to find out why this statement isn't stupid.
mandelbr0tFirst, the people who make the technology decisions often don't have the required technical know-how, and have a terrible tendency not to listen to people who do. OTOH, the people who have the technical know-how have absolutely no idea how to write a business case. Thus, there's usually a disconnect between the people who understand the business requirements, and the people who understand the technical requirements. Vendor loyalty has been known to be a sticky issue as a result.
Second, there's always a problem getting a bunch of talented, egotistical (ok, so not all software developers have ego problems...) quirky, eccentric and generally difficult people to work toward a common goal. The common analogy to being a successful director/manager of a software project is to that of "herding cats". My experience has been that business types don't react well to the often-emotional developer types, hearing the emotional outburst, but ignoring the content of it. Developers would do well to learn some more social skills, and director/manager types would do well to listen better.
mandelbr0t
A good sample of the fake content that spam engines create. It seems intuitively obvious to me that this text is completely meaningless, but getting an AI to understand why is much trickier. Clues come from the fact that "latter" is used incorrectly (being no "former" to distinguish "it" from), pronoun "his" refers to no subject, comparative "than" doesn't compare two subjects, etc.
Unfortunately, humans make these sorts of semantic errors all the time. We're just extending a bayesian filter to make a statement about the spam probability based on the "makes-sense" factor of the message. Tagging doesn't really help much (tagging beta: Austria) either since we're just guessing based on word density and prominence.
I can believe that better language processors and increased electronic availability of information will help in syntactically and semantically deconstructing a message, but until humans in general are capable of more detailed conversations with their computer, all the semantic and syntactic analysis is not very useful to an end-user. Ultimately, you need to be able to tell your spam filter about what has been misidentified. Something like "you identified term1 in message0 as classification3, but it's really junk. Please update your understanding of classification3 with this new information." Most people can't update their understanding this easily, let alone know how term1 relates to classification3.
mandelbr0t
Unfortunately, even the best of us get exploited too. I haven't had to deal with anything recently, but when I first got cable in 1998, someone hacked root using a vulnerability in wu-FTPd. Lucky for me they had just hidden eggdrop and I found them quite quickly. But it could have just as easily been daylights for the server.
Linux in the early days had huge problems, mostly related to unpatched network services like the wu-ftpd example, but also because Linux people tended to keep their computer on all the time, and ISPs were irresponsible and didn't go after people who scanned the entire network for vulnerable servers.
Defensive computing, like defensive driving, is a safe posture and will generally keep your computer in one piece. However, you can still get hit by something unexpected.
mandelbr0tI used to work at a private financial institution that was a member of the Interac network. The security on modern ATMs in Canada is very good. Interac certification requirements are equal to or better than VISA/Plus requirements, which require:
The link between ATM and gateway, and gateway and Interac is probably the most secure aspect of the transaction. Most fraud I heard of was isolated cases of stolen cards (probably read the PIN over their shoulder and stole the card without cardholder's immediate knowledge), or of cameras recording PIN numbers (you need an insert on the card reader too). The only real problem now is that some older gateways still process non-compliant terminals which use weaker encryption (64-bit DES) or use PIN pads that aren't certified. Fines must be paid to keep these terminals operational, and I believe that there is a drop-dead date where nothing will keep the non-compliant terminals operating.
In practice, this means that an individual needs to pay attention to what ATMs they use. If it looks old and unreliable, there's a good chance it is. If it looks shiny and new, it's pretty likely that it meets current security standards, though it's possible to upgrade the case on some older models without upgrading the security.
mandelbr0tVery good analogy. I'm most interested in what terminal they hax0red, and I can't really tell. I'm pretty certain of this though: any program that would be able to read the key presses will not authorize transactions - ever. If you can replace the electronics with something that can read the keypad, then you'll lose the benefit of the (tamper-resistant) electronics that actually encrypt the PIN block. Show me a proof-of-concept that can actually record keypresses while still authorizing transactions, then I might believe that these things aren't actually tamper-resistant.
mandelbr0t
The solution is to make the programming of QoS easier. Right now, I need to have familiarity with pf syntax to do that. However, for my needs, and most small home-office needs, a set-top appliance could allow limited programming of at least a PRI queue. Online gaming uses ports x, y, and z. Set all traffic on these ports to the highest priority. Web and DNS needs to have next highest priority so surfing is instantaneous. SSH needs to be in the mix somewhere too. But P2P software certainly isn't dependent on latency, so dump it to the lowest priority.
I saw something about a "gaming router" recently. I wonder if that's how it works.
mandelbr0t
It is, in some cases. Many universities now offer degrees in Software Engineering.
I'm a developer, not an engineer. To me, that means that I don't follow any formal methodology, don't belong to the local professional engineering organization, and don't necessarily have a degree. My style is more based on what I learned in my High School English courses than anything else, and is largely the result of many years of experimentation.
That description is the reason you either want or don't want a Software Engineer. Engineering is a slower process. It is rigorous and formal and based on mathematics. The results can be exactly duplicated, even if you have entirely different engineers working on it. When I write software, I do what many people call "hacking". Often, I write only the documents that are required to firmly establish the concept in my mind, then just keep writing and debugging code until it works. For many applications, I will write software that is equally robust in less time. That's because you don't need an engineer to design a blogging application.
Software Engineering is used in much larger, mission-critical applications, like a financial institution's transaction processor, or a real-time monitoring system, etc. Mistakes cost millions of dollars or even lives, so every possible scenario needs to be considered up front (BDUF). Hacking isn't like engineering, and that's one process of producing software. Software Engineering is exactly like engineering and that's another process of producing software.
mandelbr0t
...Most people who don't run Windows on an x86 PC build their own.
...I got just as much satisfaction by tearing the Windows license off my laptop (there's a spot on the laptop chassis marked COA, like it can't work without it) and removing the little sticker that says "Designed for Windows XP"
Unfortunately, it's just not worth the time when you're really just stroking your ego.
mandelbr0tRegardless, it's a silly claim. It's just an attempt to pigeon-hole two groups that are a minority of the population into the same hole. I agree that there's a disconnect between developers and users, but it has nothing to do with developers being less numerous than users.
mandelbr0t
And I used to think your way. I'd certainly not say that either is superior to the other. In a creative sense, computer programming is an exercise in translation. The only difference is that the translation must exactly meet certain technical details, rather than expressing fuzzier, human-like ideas. Once the required documentation as to what the technical details are understood, it is now a matter of translating your understanding of the application into a language the computer understands. That is most certainly a creative process.
Writing documentation that expresses the details is an exercise in translation as well; that from a mathematical, formal language to English that the coder will understand. I know that there's engineering processes involved too (in many of the larger applications that people have mentioned), which evaluate the correctness of the mathematics. I'm not an engineer, nor did I claim to be. I probably drive people nuts who insist that only a formal methodology can produce executable code, but I've had plenty of success with my own methodology.
I don't work on these large-scale projects, but most business programming I've seen falls into the "can hack together in Perl in a few weeks" category. Pretty much any web application short of Google falls into that category as well. That should be plenty to keep me busy.
mandelbr0t
Every person I've met with writing talent throws lots of stuff away. They do it without a second thought, and the next attempt is almost always better. Why should writing software be any different? If the legacy is so bad as to be entirely undocumented and filled with back doors, work-arounds and pitfalls, what do you lose by rewriting? It's not like editing the crap code is going to be any faster or less error-prone.
In fact, there's many benefits to rewriting. It allows for proper documentation to be created (design diagrams, use cases, requirements documents) if it was missing. It allows for new technologies to be considered, and to plan for another 30 years of operation. If the software was created using a robust process, the design diagrams, use cases and requirements documents are already written. That's the hard part; any coder worth his salt should be able to exactly duplicate the application from those artifacts.
I don't think the risk is as bad as business types claim it to be. Is it really any more of a risk to "Rip and Replace" when it's at least as likely that either the ancient hardware that the application runs on fails without replacements being available, or that the one person in the entire company who actually knows all the stuff that should be written down in the non-existent documentation retires, and there's no replacement available? The article mentions in 2 of the 3 legacy reclamation techniques that a domain expert would be required. The fact that many of the domain experts are going to be or have already retired should be additional incentive to do the "Rip and Replace" while they're still available.
mandelbr0t
Sorry, I wasn't very clear about this. I did mention that the key point was the misrepresentation of software for the purpose of gaining some control over the victim's computer. As a result, Microsoft would mostly be on the right side of the law, but a company like Gator would not. The difference is in what the software is purported to do. I don't even know what Gator is supposed to do. It doesn't really matter, since it's primary purpose is to send personal information back to the software creator. In this case, I'd say criminal liability since the business model is based on unjust enrichment by selling information that was obtained without permission. They rely on the fact that they have only breached civil law to stay in business; most people who were harmed by Gator are not in a position to hire a lawyer and roll the dice. OTOH, Microsoft's latest security exploit is not criminal (unless you could somehow prove that it was left there intentionally). Microsoft does not misrepresent their software; its intended use is how it's used in practice. Civil liability would have to be argued and damages would have to be proven.
I didn't consider the cost to Open Source projects. I don't know of any that deliberately misrepresent themselves however, so I don't think that my proposition criminalizes any activities of OSS developers. It's kind of hard to hide a deliberate back-door in something whose source is publicly available.
I hope this clarifies my position
mandelbr0t