...last time he hired someone. He ended up doing phone interviews with a lot of people. [*] He found that very few of them stuck out in his mind at all. He gave them his standard spiel about the job which basically described it, and that was enough for all of them. They didn't ask any questions which required any thought.
I think the lesson of the story is to show interest in getting or learning about this specific position. Don't sound like you're desperately applying for every job; sound like you're deciding between a few that sound particularly interesting to you.
[*] - more to satisfy university affirmative action requirements than because they actually had a chance, but that's another story... University policies are well-intentioned but dumb sometimes.
Electricity spikes whenever an appliance is powered-on. This is why many people rightfully recommend to turn your monitor on before turning your computer on, so to shield the computer from the electricity spike.
That might have once made sense, but it doesn't now. When you power up the monitor but leave the computer off, it's sleeping and using relatively little power. If there's a big spike at all, it will come when you give it an input signal and it wakes up.
That spike takes up a lot of electricity on its own.
You're mixing up some concepts here. You don't "use up electricity". You use (and are billed for) electrical energy (measured by the meter you mention in kiloWatt * hours). Another way of saying that you're using energy quickly is to say you're drawing a lot of power, as power is energy / time. When you rapidly increase your power use, the line voltage can drop. (If you were to keep it at that power level, I think the voltage would come back up.) That low voltage is what could potentially be harmful to other appliances.
When I first learned about this in high school, I remember I did a test at home and had my brother turn on the vacuum at while I looked at the power meter on the house. It is true. That meter dial sped up like crazy for a few seconds, then dwindled back down to the vacuum's running electricity level
Yes, a motor like that takes more power to get up to speed than to maintain speed. For the same reason, your hard drives draw a lot more power when they start up. But a vacuum draws a lot more power than a monitor does in general. Mine claims to run 12 amps at 120 volts. That's 1440 watts.[*] That's an order of magnitude more than your monitor draws. So I wouldn't be too concerned about what happens to your computer when your monitor powers up.
The problem is that IE (and Firebird, and Mozilla) all display the URL as typed, including user name and password information. So if you type http://www.slashdot.org:foo@www.whitehouse.gov/ you get directed to a nasty site, even though the URL appears to say www.slashdot.org. [...] I don't consider the problem a "bug" in the same sense that buffer overflows are a bug.
What you described has been known for a long time and arguably isn't a bug, yes. But what they're using is a newer variation that's more dangerous and clearly a bug. If you include a %00 just before the @, only "http://www.slashdot.org" is displayed. (Apparently the display code evalutes the hex escape and treats the %00 as end-of-string, but the engine itself does not.) Your only real indication that something is wrong is the lack of the trailing "/", which you're not likely to notice even if you know what it means.
What about those people on DHCP who get a different IP address each time they log on ?
That's actually not the only situation in which an IP address isn't enough information to identify the computer - there's also modem pools and NAT. Presumably they actually gave:
IP address
time of access
port number
Which, in theory, is enough regardless. DHCP servers should keep a logfile of their leases. Modem pools have RADIUS logs, which are similar. And NAT routers could keep a log of what port they assigned to which internal IP at what time for each connection. I don't think that's common practice, but it's at least possible.
The other question is how long most ISPs keep logs. When the "owner" of an IP address changes often, that's important. The logs linking this information with a real person might already have been purged.
And then, once they link it to a computer, they have to prove it was actually the owner of the machine who downloaded the file. There's always the "a virus did it" argument.
There are parts of it that I've never agreed with:
"Well," they say, "look at this function. It is two pages long! None of this stuff belongs in there! I don't know what half of these API calls are for."
[...]
Back to that two page function. Yes, I know, it's just a simple function to display a window, but it has grown little hairs and stuff on it and nobody knows why. Well, I'll tell you why: those are bug fixes. One of them fixes that bug that Nancy had when she tried to install the thing on a computer that didn't have Internet Explorer. Another one fixes that bug that occurs in low memory conditions. Another one fixes that bug that occurred when the file is on a floppy disk and the user yanks out the disk in the middle. That LoadLibrary call is ugly but it makes the code work on old versions of Windows 95.
This should never happen! If you have all these bugfixes in your code and no way to know why they were put in, you've screwed up badly. You should have each one documented in:
a bug number in the database
a log message in your commit history (cross-referenced to the bug database) (which you should be able to pull up easily with "cvs annotate" or similar)
if it's particularly weird-looking, a comment in the code
So the idea that you'd have all these important bugfixes without any way of knowing what they are should be laughable! Given a codebase like that, you probably would be better off throwing it out, because it was clearly developed without any kind of discipline.
Also, he's embelleshing a lot. If it's just a "a simple routine to display a window", it doesn't need to load a library, require Internet Explorer, etc., and thus can't possibly have bugs related to those things. He makes the situation sound a lot more extreme than it really is.
But in general, I think he's right. Refactor, not rewrite. That's the same thing the XP people say to do. They also have extension unit tests to make it easier to refactor with the confidence that you haven't screwed anything up. Which can help in situations like this:
I laughed heartily as I got questions from one of my former employees about FTP code the he was rewriting. It had taken 3 years of tuning to get code that could read the 60 different types of FTP servers, those 5000 lines of code may have looked ugly, but at least they worked.
Ugh. I bet it would have been a lot less tuning if there were a decent way to test that the change to support #60 hasn't broken any of the previous 59 server types. Or that just a refactoring hasn't broken any.
I don't think this advice always applies, though. I rewrite one major project from scratch at work: our personnel system. Our database schema was hopelessly denormalized and broken. That's not something you can refactor easily - with a widely-used database schema, it's easy to make one big change than many smaller ones, because a lot of the work is just hunting down all the places that use it. That's easier to do once. So I believe there are situations this advice does not apply, but I also believe they are rare.
Take the moon jumping analogy. It literally means that, you cant take one small jump, then another small jump, and so on. You have nothing to land on for all those little jumps. Your list details the history of how our "jumps" got stronger.
If he's talking literally, it's a stupid comparison. There are no literal jumps in developing artificial intelligence. In fact, going to the moon is almost nothing like developing artificial intelligence, except that neither is easy.
I took it to mean that there are no subgoals - concrete smaller problems to solve that are necessary for the larger one. That's not true, as my list made painfully clear.
So to get to the moon, you have to get there in one big jump. After all, there's nothing in between to land on. Yeah we have the ISS, but that's still an unfinished 'lily pad in the space pond' thing.
This is completely tangential to my point, but...
When you drive a car, there's continuous deacceleration caused by friction. Given level ground, if you turn off the engine, you'll come to a stop.
When you're in a rocket in space, if you turn off the engine...you'll keep going nearly forever (there is stuff floating around in space to cause friction but here it's negligible). Stopping and starting again takes fuel, and going at a steady pace doesn't. For that reason, it would be pretty stupid to stop. You'd have to have a lot of fuel on the space station for it to be worthwhile, and that raises the question of how you got it there. It would not be efficient at all to use more fuel than you need, especially considering that much of the fuel in our launches is spent getting the rest of the fuel to where it will be used.
You can't jump to the moon incrementally?!?
on
Growing Up With Lucy
·
· Score: 1
But as he says, you can't jump to the moon incrementally.
I think there are some Apollo people who would disagree. Let's see...what milestones were there along the way...
Flight (balloons)
Flight by a heavier-than-air craft
Solid-fuel rockets
Low earth orbit
Getting to the moon
Landing on the moon
(Obviously I skipped many more; there are some huge gaps in years there.)
My point is that if you can't break something apart into milestones, I think you're just not trying hard enough.
I don't remember about the AP test; I didn't pay attention to which calculators weren't allowed because my mighty 85 was okay for everything. I hope the rules change to disallow the 86 and higher on the AP. Really, I'd like to see less use of calculators in math classes, period. It's a disservice to students that the calculators do the work for them. You don't learn the Tao of calculus punching numbers. I'm not just being crotchety because I didn't have a calculator that cool--understanding the way math works is so much more necessary for learning to think than getting the right answers is, even if it's the other way around for grades and placement testing.
I don't really think the TI-89 should have been allowed on the AP test, but it was, so I took advantage of it. (It would have been stupid not to.) But it definitely gave me an advantage over people who couldn't afford such things, so it was not fair. (At the time, it was $100, I think. Not out of reach for most people, but certainly enough to make people hesistate.)
But in general...I think it is beneficial for students to have these calculators when doing homework and such. Or on an exam, if everyone has one. It's not like you can avoid doing the work - if I didn't show every step, my high school teacher and my TAs and professors would have not given me many points. But you can check your work with it. You can explore things very quickly. A simple example: there are a lot of situations where integration by parts can be done two ways; both correct, one makes the problem easier, one makes it harder. For a beginning calculus student, you could waste a lot of time on the mechanics of doing it the "wrong" way. Time you could spend actually learning calculus.
So, what is the point of a 15 mHz calculator, or a USB-capable one? You don't need something like that in high school (would a student even be allowed to use one?), and you have better resources in college and in the working world.
TI likes to sell its calculators as (among other things) data collectors. The USB interface would presumably be used as an easier way to upload to the computer. Think high school physics classes.
Oh, and yeah, a high school student would be allowed to use one. I was still in high school when the TI-89 came out; I was allowed to use one (although maybe not on calculus tests - its been a while). I was allowed to use it on the AP Calculus test, strangely enough. (What a joke. The test was easier than our teacher's exams to begin with, then I could use the calculator to verify all my answers were correct beyond setting up the initial equation. I didn't even bother finishing the thing and I still got a five. Arrogant, yeah, but I got away with it.) I don't think the incrementally faster processor would make it unallowable. Or the USB port - there's nothing you'd be allowed to plug into it during class, of course.
Bet you could write some great games for these uber-calculators, though (there were already good games available for the 83/85/86/89 when I was in high school.)
I imagine so. The screen would almost certainly be the limiting factor, not the processor or memory. (It already was for a lot of games.)
I said: Name five great software products that you're sure haven't come out of Bangalore.
An AC replied: linux - Finland
mplayer - Hungary
decss - Norway
gnome - Mexico
kde - Germany
I don't buy it. Linux didn't come out of Finland. Sure, its original creator was from there. But so many people all over the world have put so much effort into it that there's no way you can say it came from Finland. Likewise the other OSS projects, to a lesser extent. I'll bet someone from Bangalore has contributed to at least linux, gnome, and kde. If I cared more, I'd look through the public ChangeLogs and prove it.
Name 5 great software products to have come out of Bangalore.
Name five great software products that you're sure haven't come out of Bangalore.
The companies aren't based there, but enough of the work is actually done there that you need to put some actual thought into answering that question...
On the other hand, I don't have a high opinion of Bangalore-as-Silicon-Valley, either. I just don't think you'll get anything really remarkable out of people under those conditions. And if there's one thing the world doesn't need, it's more mediocre programming...
We should be careful when we attack people like this. Did he make a huge mistake? Yes. Was the mistake a result of caving into greed? Yes. However, millions of Americans are currently putting themselves into similar situations by getting deeper and deeper into debt by taking loans to buy luxury items: a new yacht, a larger house, a fancy new car, etc. The evils of debt and the mounting interest costs is well documented, but it happens time and time again.
That's not true at all. People get themselves into holes with loans, yes. But it's not a similar situation. Nigerian spammers essentially say "I stole a lot of money and I'll give you a cut if you help me smuggle it out of the country." The original premise in these emails is always that it's money the guy has acquired through questionable means, thus the need to launder it through an American. In this case, the guy claimed to work for a bank and to have stolen the money from the account of some dead German guy. (Was it his? No. Is it his now? Yes. Was it a gift? No. Thus, stealing. It's not rocket science.)
I'm tired of everyone saying the people who get scammed are innocent but stupid. They may be stupid, but they're not innocent. They all knew something shady was going on; they just didn't realize it was at their expense.
So for that reason, the people who just get themselves into debt are in a totally different situation. They were irresponsible and screwed themselves over, yes. But they didn't do it in the name of stealing money from someone else.
I imagine the thinking goes "ha ha! we no longer provide a useful diagnostic as required by the standard. There is no way they will know our computer is here now, despite running a high-profile service. Now everything is secure."
It's the same thinking that slashdot uses.
Okay, in fairness, there are some well-respected security sites that do this also. Case in point: securityfocus.com, which hosts the bugtraq mailing list. I still think it's a stupid idea, though.
So they discovered that pserver has security bugs. No, really? The solution is to provide pserver cvs in a chroot with a uid that can't write anything and maybe use systrace to disallow nasty operations.
Well, that's still not ideal. Here's one fundamental pserver flaw which rarely gets talked about: it does not authenticate the server at all. So it would be easy to spoof and send your own compromised code to whoever does an anonymous checkout. And sending compromised code to people is the real goal of someone who would crack the Linux BK->CVS gateway, the Debian machines, the Gentoo machines, and/or Savannah.
I bet other sites like SourceForge would be doing this if they had the CPU cycles to spare. But cryptography is expensive and SourceForge's CVS setup is slow already.
Riding a motorcycle, by itself, requires 3 times the concentration that driving a car does. Add in the fact that everybody else on the road is quite literally trying to kill us... and then add in some serious distractions from a HUD, and you've got a recipe for disaster.
You keep on using this word. I do not think it means what you think it means.
- Inigo Montoya
Please don't say someone is "quite literally trying to kill us" unless you're in combat. The strongest literal statement you could make here is "they often make me fear for my life". Or maybe "they regularly bring me within an inch of death", if they would actually kill you by coming one inch closer. (One inch, not two. Not five. Not some vague, seemingly-small distance.) Anything else is hyperbole, which is not literal at all. Hyperbole is fine, but don't call it something it's not.
But I do understand your sentiment. It's not even unique to motorcycles - when I'm just riding a bicycle around town, it often feels like all the drivers want me dead. They definitely have a blindness for anything smaller than a SUV, and they don't expect bicycles to be moving quickly.
Since all heavy-duty nerds (that could handle mostly every kind of problem) have moved from RedHat (newbie distro) to Debian (zealot distro) it's pretty hard to get decent help on harder RedHat problems.
That's completely false.
Meanwhile, who would pay for user support when all you need is/join #debian on irc.debian.org, ask your question and at worst get redirected to the right RTFM.
This support is more about updated packages than someone at the other end of the phone. RedHat's planning to stop releasing security fixes, errata, or new feature (like new hardware support) RPMs for these distributions. You absolutely need those to run it well, whether you buy them from someone or build them yourself. Building them yourself would be a lot of work. Progeny feels there's enough people who want to buy them from someone to make a profitable service out of it. So they're offering one.
Actually, RedHat's CEO said in a recent interview that this was profitable. They just want to focus on the enterprise market, which is where the big bucks are. Progeny's picking up their scraps, I guess.
Organize a local key-signing party. Surely there are many other computer geeks at your college interested in using PGP/GPG. Start getting the geeks together and sign each other's keys. If you can, try to get someone to join the party who is already connected to the worldwide web of trust that most well-known PGP keys are part of. If you can't get anyone well-connected to your key-signing party, don't worry! Creating a local web of trust at your college is a good start, and all it takes isone person who signed your key to get a signature from a well-connected key to get you well-connected yourself. And that can happen after the fact.
Maybe I'll mention that to our ACM president. I don't have a lot of time for organization, either, but they're already a group that meets regularly (so it should be easy), and as likely as anyone to be interested in key-signing. With luck, maybe a couple of them will go to a convention and get keys signed there.
By the way, next time you complain that you can't get anyone to sign your key, you might specify your geographical location.
Along the same lines, it's pretty important that they sign with a key in the strongly connected set. I've seen a lot of projects that actually provide PGP sigs, but the keys used to generate the sigs don't have any signatures, or are part of closed (2-3 key) set!
I agree that would be ideal, but it's easier said than done. I've got no other signatures on my GPG key now. I want to get some, but I don't know anyone else around here who does that sort of thing. How would I go about getting some? I know they have key signing parties at conventions and such, but I'm a college student, which means I have no money or time to attend such things.
A solely self-signed GPG key isn't worthless, though. Someone can download the public key from your website once. Assume it's good then. They can then tell if the website or the mirrors are compromised. That's better than MD5s posted on the website, which can only tell if the mirrors are compromised.
He'll have to do more than say "let's go back" before I call his plan bold. Okay, so he might mention the idea of establishing a permanent Lunar base and of going to Mars. As the article said, his father already did that:
On July 20, 1989, President George H. W. Bush marked the 20th anniversary of the first Apollo moon landing with a speech at the National Air and Space Museum in Washington in which he called for a permanent American presence on the moon and, ultimately, a mission to Mars.
...but it's been 14 years and his speech is all but forgotten. If Dubya. wants to do better, he'll need a plan to make it happen. And I don't believe he and his administration are capable of that sort of vision.
I'd like to see this Lunar base and Martian mission. But I don't have high hopes that it will be any time soon. And I don't believe that Dubya will have anything to do with it.
Besides, if somebody I know gets a computer, what they hell are they calling Dell's phone support for? I dont know about you, but the people I know recognize me as an expert on computers. Perhaps if the people you know dont, its because you arent.
I don't know about you, but the people I know recognize me as someone who is very busy. I occasionally help out friends/family with computer problems[*], but there's no way I could possibly keep up if they all came to me with all their computer-related problems.
Even so, I'm more likely to recommend they get it from a smaller dealer or, for somewhat more knowledgeable people, stretch themselves by trying to build it themselves (I help pick out good parts). I tell them to take it to a place in-town for help if they need it. The per-incident cost, though it doesn't seem like it, will actually be less than the up-front support cost at a place like Dell.
[*] - It's much easier to solve the problem when you know the person's skill level and are actually there. Even assuming there is someone competent on the other end of the support line (a shaky assumption), they're handicapped, so I know I can do a better job. Besides, it's quite rewarding when I can actually teach someone how to do something.
Subqueries are being added in MySQL 4.1, which is in alpha. I use MySQL every day, so can't wait for 4.1 to hit production.
Don't get your hopes up too much. I'd imagine their first implementation will suck. That's partially based on my distrust of the MySQL developers' abilities and partially based on a few comments I saw in the documentation you linked to:
Starting with version 4.1, MySQL supports all subquery forms and operations which the SQL standard requires, as well as a few features which are MySQL-specific (from
here)
I'm suspicious of their MySQL-specific features. In the past, many MySQL-specific features have been dumb. I couldn't find specific mention of these ones, but I bet they're more of the same.
MySQL's unofficial recommendation is: avoid correlation because it makes your queries look more complex, and run more slowly. (
from this page)
Ugh! I use correlated subqueries all the time on Oracle and PostgreSQL with no performance problems. I'd guess from their comment that they're firing the subquery on every row of the outer query (which would run very slowly indeed). I think real databases replace these with equivalent but dramatically more efficient forms. (Like an "exists" subquery becoming another join condition and a distinct. Or a "not exists" subquery becoming a left join checking for nulls. Or however they implement it - it doesn't really matter; I type in something that is easy for me to understand/verify is correct, and they worry about making it perform well.
The PostgreSQL people were thinking about this sort of thing in 1997. And hell, they just now got IN/NOT IN to have good performance.[*] And they're good at this sort of thing. I don't have a lot of faith in the MySQL people.
ERROR 1235 (ER_NOT_SUPPORTED_YET)
SQLSTATE = 42000
Message = "This version of MySQL doesn't yet support
'LIMIT & IN/ALL/ANY/SOME subquery'"
(from here)
So it's obviously not a complete implementation.
[*] - They probably could have gotten it to work a while ago but didn't because there was a workaround. (IN/NOT IN doesn't do anything EXISTS/NOT EXISTS can't, although IN/NOT IN is more terse.) Still, it shows you that there are likely to be a lot of gotchas in a new implementation.
I beg to disagree on the JDBC claim. As long as Statement.setFetchSize() or Statement.setFetchDirection() are not supported, it's close to useless to me.
Cursors are supported now. Nic Ferrier wrote a patch for this back in April, and I think it got applied in the beginning of May. There's a trick I can't remember right now to enable it (maybe setting the result set type/scrollability first with JDBC2 methods), since it's not quite as efficient for smaller queries. I'm sure the people on the pgsql-jdbc mailing list would help you if you can't figure it out.
Keep in mind that the JDBC drivers shipping with any given version of PostgreSQL are likely not the best available drivers to use with that version. The JDBC people don't make changes to the release branches, unless they started recently. The best available drivers tend to be the ones from their website or in CVS HEAD.
Also, if you stumble on a page listing the compliance features/misfeatures of PostgreSQL, it's hopelessly out of date. I hope they're not still linking to it. The picture is much brighter than what that page suggests.
On second thought, what we care about here is how much warning/not warning them about strangers changes their chances of being molested:
P(B | A,C,~D) - P(B | A,C,D)
where
C = child uses the Internet enough to have a computer in his/her bedroom
D = child has been warned about strangers
I'm arguing that P(B | A,C,~D) is significantly higher than P(B | A,C,D) (it is important to warn these children about strangers); you're arguing otherwise.
And here's more handwaving...there are a couple other applications of Bayes's Theorem with fake numbers involved. I'll just say that C probably increases their chances of being abducted. (The Internet makes a lot of things easier; unfortunately, I think molesting children is one of them.) For most children, D is true (they are warned). If that were not so, I think that 1% statistic would be much more the other way. (If it were easier to molest random children, pedophiles would do it more.)
You've already screwed up with "a = b + c". You're making an unstated assumption that no child is molested both by family and strangers (that the union of B and C is zero). That's not true. I'm not sure that makes a significant difference in the calculation, but unstated assumptions are bad.
You need Bayes's Theorem to correctly prove things like this. In this case, I think it'd be something like:
A = child has a safe family (not molested by them, anyway)
B = child is molested
P(B | A) = P(A union B) / P(B)
We don't know any of these probabilities. We know the percentage of reported molestations that are by a family member (1%, again assuming the accuracy of that statistic).
First, I'll state an assumption to make things easier: all abuses are reported. That's clearly wrong, but it simplifies things. To do this correctly, you'd have to go through Bayes's Theorem again with molestations vs. reported ones.
Then our 1% becomes the percentage of molestations that are by a stranger. Assume there's at most one report per child per molester (how do these reports work? is each incident reported separately?). And assume there's at most one molester per child (and consequently there's no overlap between the family-abused and stranger-abused children). Then.01 = P(~A | B).
So.99 = P(A | B) = P(A union B)/P(A). We want P(B | A) = P(A union B)/P(B). So we need to multiply by P(B)/P(A).
You defined P(A) as.8 (and called it pessimistic; I do, too). Let's say P(B) is 5%. Then there's a 6% of a child with a safe family being molested.
Hmm...I said getting a result like that was possible, but I didn't expect it to actually happen. I think I've screwed up the reasoning somewhere along the way. (Maybe you can spot it.) Or maybe it's a consequence of the silly assumptions I've stated. In any case, making an error better proves my point: this sort of argument is complicated and error-prone.
I said: So I think in this case you're best off assuming the danger is coming from strangers. Or maybe from other close acquaintances. Or from anyone but the immediate family, because they're the ones you're talking to.
cduffy replied: Or maybe you're better off assuming that making your kids paranoid about anyone whom they don't know yet is a bigger threat to their overall wellbeing than that 1% (or likewise very small) remaining risk.
That 1% may or may not have been correct as original stated, but you've certainly misinterpreted it. It certainly does not
say that if a specific child in this specific situation is not molested by his/her immediate family, that child has only 1% (or "likewise very small") of the "normal" risk for being molested. It'd be a reasonable guess that the risk is less than normal, given that the major risk factor in the general population has been eliminated. But that's all it is; a guess. That's not valid deductive reasoning; there are plenty of situations in which that sort of reasoning will get you a conclusion that is not true.
Are you the same kind of person who won't take your child on an airline because planes sometimes crash? There's a notion of "acceptable risk"; I consider talking to strangers (not blindly obeying strangers, but talking to strangers) well within that area.
I don't have children; I'm 21. But no, I don't plan to ever be that kind of parent. In this case, I think an ancestor post by LostCluster struck a good balance:
The thing is, demonizing "strangers" doesn't quite do the trick. Afterall, a police officer you've never met before is also a "stranger", but one who the kid should be running towards, not away from. Most "strangers" are actually good people that that they haven't met yet, but there are a few not-so-good people out there in the world too.
It's the people who really don't belong at a place that kids need to be scared of, the people who do belong to a place are usually good people there to help. If the kid is lost in a store, they should go towards the people wearing the store's uniforms, they're the ones that can help. At the playground, the kids that they don't know are strangers, but they're other kids that they could be friends with... it's the 29 year old who's there without a kid that doesn't belong at the playground, that's the kind stranger to be worried about.
In fact, most abuse seems to come from parents or immediate family. "Stranger Danger" is less than 1% of reported abuse.
Let's assume for a second that statement is true.(*) What good does stating it do here? This thread is about giving advice to the parents. If they're asking for parenting advice, they're probably not the sort of people who would do that. Or presumably if they are, a few words on slashdot won't change that. So I think in this case you're best off assuming the danger is coming from strangers. Or maybe from other close acquaintances. Or from anyone but the immediate family, because they're the ones you're talking to.
* - I have a distrust of naked statistics; I find that most were obtained through poor methods or are carelessly restated in a way that alters their meaning. I'd need to see a citation, details of the study/questions asked, population samples, statistical methods, etc to actually trust one. I have to be really interested in the question to go to all that trouble of verifying the methodology.
Slashdot Mirror
I think the lesson of the story is to show interest in getting or learning about this specific position. Don't sound like you're desperately applying for every job; sound like you're deciding between a few that sound particularly interesting to you.
[*] - more to satisfy university affirmative action requirements than because they actually had a chance, but that's another story... University policies are well-intentioned but dumb sometimes.
That might have once made sense, but it doesn't now. When you power up the monitor but leave the computer off, it's sleeping and using relatively little power. If there's a big spike at all, it will come when you give it an input signal and it wakes up.
That spike takes up a lot of electricity on its own.
You're mixing up some concepts here. You don't "use up electricity". You use (and are billed for) electrical energy (measured by the meter you mention in kiloWatt * hours). Another way of saying that you're using energy quickly is to say you're drawing a lot of power, as power is energy / time. When you rapidly increase your power use, the line voltage can drop. (If you were to keep it at that power level, I think the voltage would come back up.) That low voltage is what could potentially be harmful to other appliances.
When I first learned about this in high school, I remember I did a test at home and had my brother turn on the vacuum at while I looked at the power meter on the house. It is true. That meter dial sped up like crazy for a few seconds, then dwindled back down to the vacuum's running electricity level
Yes, a motor like that takes more power to get up to speed than to maintain speed. For the same reason, your hard drives draw a lot more power when they start up. But a vacuum draws a lot more power than a monitor does in general. Mine claims to run 12 amps at 120 volts. That's 1440 watts.[*] That's an order of magnitude more than your monitor draws. So I wouldn't be too concerned about what happens to your computer when your monitor powers up.
[*] - more or less
What you described has been known for a long time and arguably isn't a bug, yes. But what they're using is a newer variation that's more dangerous and clearly a bug. If you include a %00 just before the @, only "http://www.slashdot.org" is displayed. (Apparently the display code evalutes the hex escape and treats the %00 as end-of-string, but the engine itself does not.) Your only real indication that something is wrong is the lack of the trailing "/", which you're not likely to notice even if you know what it means.
That's actually not the only situation in which an IP address isn't enough information to identify the computer - there's also modem pools and NAT. Presumably they actually gave:
Which, in theory, is enough regardless. DHCP servers should keep a logfile of their leases. Modem pools have RADIUS logs, which are similar. And NAT routers could keep a log of what port they assigned to which internal IP at what time for each connection. I don't think that's common practice, but it's at least possible.
The other question is how long most ISPs keep logs. When the "owner" of an IP address changes often, that's important. The logs linking this information with a real person might already have been purged.
And then, once they link it to a computer, they have to prove it was actually the owner of the machine who downloaded the file. There's always the "a virus did it" argument.
Here's a much better article with a similar thesis: Joel on Software - Things You Should Never Do, Part I
There are parts of it that I've never agreed with:
This should never happen! If you have all these bugfixes in your code and no way to know why they were put in, you've screwed up badly. You should have each one documented in:
So the idea that you'd have all these important bugfixes without any way of knowing what they are should be laughable! Given a codebase like that, you probably would be better off throwing it out, because it was clearly developed without any kind of discipline.
Also, he's embelleshing a lot. If it's just a "a simple routine to display a window", it doesn't need to load a library, require Internet Explorer, etc., and thus can't possibly have bugs related to those things. He makes the situation sound a lot more extreme than it really is.
But in general, I think he's right. Refactor, not rewrite. That's the same thing the XP people say to do. They also have extension unit tests to make it easier to refactor with the confidence that you haven't screwed anything up. Which can help in situations like this:
Ugh. I bet it would have been a lot less tuning if there were a decent way to test that the change to support #60 hasn't broken any of the previous 59 server types. Or that just a refactoring hasn't broken any.
I don't think this advice always applies, though. I rewrite one major project from scratch at work: our personnel system. Our database schema was hopelessly denormalized and broken. That's not something you can refactor easily - with a widely-used database schema, it's easy to make one big change than many smaller ones, because a lot of the work is just hunting down all the places that use it. That's easier to do once. So I believe there are situations this advice does not apply, but I also believe they are rare.
If he's talking literally, it's a stupid comparison. There are no literal jumps in developing artificial intelligence. In fact, going to the moon is almost nothing like developing artificial intelligence, except that neither is easy.
I took it to mean that there are no subgoals - concrete smaller problems to solve that are necessary for the larger one. That's not true, as my list made painfully clear.
So to get to the moon, you have to get there in one big jump. After all, there's nothing in between to land on. Yeah we have the ISS, but that's still an unfinished 'lily pad in the space pond' thing.
This is completely tangential to my point, but...
When you drive a car, there's continuous deacceleration caused by friction. Given level ground, if you turn off the engine, you'll come to a stop.
When you're in a rocket in space, if you turn off the engine...you'll keep going nearly forever (there is stuff floating around in space to cause friction but here it's negligible). Stopping and starting again takes fuel, and going at a steady pace doesn't. For that reason, it would be pretty stupid to stop. You'd have to have a lot of fuel on the space station for it to be worthwhile, and that raises the question of how you got it there. It would not be efficient at all to use more fuel than you need, especially considering that much of the fuel in our launches is spent getting the rest of the fuel to where it will be used.
I think there are some Apollo people who would disagree. Let's see...what milestones were there along the way...
(Obviously I skipped many more; there are some huge gaps in years there.)
My point is that if you can't break something apart into milestones, I think you're just not trying hard enough.
I don't really think the TI-89 should have been allowed on the AP test, but it was, so I took advantage of it. (It would have been stupid not to.) But it definitely gave me an advantage over people who couldn't afford such things, so it was not fair. (At the time, it was $100, I think. Not out of reach for most people, but certainly enough to make people hesistate.)
But in general...I think it is beneficial for students to have these calculators when doing homework and such. Or on an exam, if everyone has one. It's not like you can avoid doing the work - if I didn't show every step, my high school teacher and my TAs and professors would have not given me many points. But you can check your work with it. You can explore things very quickly. A simple example: there are a lot of situations where integration by parts can be done two ways; both correct, one makes the problem easier, one makes it harder. For a beginning calculus student, you could waste a lot of time on the mechanics of doing it the "wrong" way. Time you could spend actually learning calculus.
TI likes to sell its calculators as (among other things) data collectors. The USB interface would presumably be used as an easier way to upload to the computer. Think high school physics classes.
Oh, and yeah, a high school student would be allowed to use one. I was still in high school when the TI-89 came out; I was allowed to use one (although maybe not on calculus tests - its been a while). I was allowed to use it on the AP Calculus test, strangely enough. (What a joke. The test was easier than our teacher's exams to begin with, then I could use the calculator to verify all my answers were correct beyond setting up the initial equation. I didn't even bother finishing the thing and I still got a five. Arrogant, yeah, but I got away with it.) I don't think the incrementally faster processor would make it unallowable. Or the USB port - there's nothing you'd be allowed to plug into it during class, of course.
Bet you could write some great games for these uber-calculators, though (there were already good games available for the 83/85/86/89 when I was in high school.)
I imagine so. The screen would almost certainly be the limiting factor, not the processor or memory. (It already was for a lot of games.)
An AC replied:
linux - Finland
mplayer - Hungary
decss - Norway
gnome - Mexico
kde - Germany
I don't buy it. Linux didn't come out of Finland. Sure, its original creator was from there. But so many people all over the world have put so much effort into it that there's no way you can say it came from Finland. Likewise the other OSS projects, to a lesser extent. I'll bet someone from Bangalore has contributed to at least linux, gnome, and kde. If I cared more, I'd look through the public ChangeLogs and prove it.
Name five great software products that you're sure haven't come out of Bangalore.
The companies aren't based there, but enough of the work is actually done there that you need to put some actual thought into answering that question...
On the other hand, I don't have a high opinion of Bangalore-as-Silicon-Valley, either. I just don't think you'll get anything really remarkable out of people under those conditions. And if there's one thing the world doesn't need, it's more mediocre programming...
That's not true at all. People get themselves into holes with loans, yes. But it's not a similar situation. Nigerian spammers essentially say "I stole a lot of money and I'll give you a cut if you help me smuggle it out of the country." The original premise in these emails is always that it's money the guy has acquired through questionable means, thus the need to launder it through an American. In this case, the guy claimed to work for a bank and to have stolen the money from the account of some dead German guy. (Was it his? No. Is it his now? Yes. Was it a gift? No. Thus, stealing. It's not rocket science.)
I'm tired of everyone saying the people who get scammed are innocent but stupid. They may be stupid, but they're not innocent. They all knew something shady was going on; they just didn't realize it was at their expense.
So for that reason, the people who just get themselves into debt are in a totally different situation. They were irresponsible and screwed themselves over, yes. But they didn't do it in the name of stealing money from someone else.
I imagine the thinking goes "ha ha! we no longer provide a useful diagnostic as required by the standard. There is no way they will know our computer is here now, despite running a high-profile service. Now everything is secure."
It's the same thinking that slashdot uses.
Okay, in fairness, there are some well-respected security sites that do this also. Case in point: securityfocus.com, which hosts the bugtraq mailing list. I still think it's a stupid idea, though.
So they discovered that pserver has security bugs. No, really? The solution is to provide pserver cvs in a chroot with a uid that can't write anything and maybe use systrace to disallow nasty operations.
Well, that's still not ideal. Here's one fundamental pserver flaw which rarely gets talked about: it does not authenticate the server at all. So it would be easy to spoof and send your own compromised code to whoever does an anonymous checkout. And sending compromised code to people is the real goal of someone who would crack the Linux BK->CVS gateway, the Debian machines, the Gentoo machines, and/or Savannah.
I bet other sites like SourceForge would be doing this if they had the CPU cycles to spare. But cryptography is expensive and SourceForge's CVS setup is slow already.
But I do understand your sentiment. It's not even unique to motorcycles - when I'm just riding a bicycle around town, it often feels like all the drivers want me dead. They definitely have a blindness for anything smaller than a SUV, and they don't expect bicycles to be moving quickly.
Since all heavy-duty nerds (that could handle mostly every kind of problem) have moved from RedHat (newbie distro) to Debian (zealot distro) it's pretty hard to get decent help on harder RedHat problems.
That's completely false.
Meanwhile, who would pay for user support when all you need is /join #debian on irc.debian.org, ask your question and at worst get redirected to the right RTFM.
This support is more about updated packages than someone at the other end of the phone. RedHat's planning to stop releasing security fixes, errata, or new feature (like new hardware support) RPMs for these distributions. You absolutely need those to run it well, whether you buy them from someone or build them yourself. Building them yourself would be a lot of work. Progeny feels there's enough people who want to buy them from someone to make a profitable service out of it. So they're offering one.
Actually, RedHat's CEO said in a recent interview that this was profitable. They just want to focus on the enterprise market, which is where the big bucks are. Progeny's picking up their scraps, I guess.
Maybe I'll mention that to our ACM president. I don't have a lot of time for organization, either, but they're already a group that meets regularly (so it should be easy), and as likely as anyone to be interested in key-signing. With luck, maybe a couple of them will go to a convention and get keys signed there.
By the way, next time you complain that you can't get anyone to sign your key, you might specify your geographical location.
Iowa City, Iowa
Thanks for the response. I'll give that a shot.
I agree that would be ideal, but it's easier said than done. I've got no other signatures on my GPG key now. I want to get some, but I don't know anyone else around here who does that sort of thing. How would I go about getting some? I know they have key signing parties at conventions and such, but I'm a college student, which means I have no money or time to attend such things.
A solely self-signed GPG key isn't worthless, though. Someone can download the public key from your website once. Assume it's good then. They can then tell if the website or the mirrors are compromised. That's better than MD5s posted on the website, which can only tell if the mirrors are compromised.
He'll have to do more than say "let's go back" before I call his plan bold. Okay, so he might mention the idea of establishing a permanent Lunar base and of going to Mars. As the article said, his father already did that:
I'd like to see this Lunar base and Martian mission. But I don't have high hopes that it will be any time soon. And I don't believe that Dubya will have anything to do with it.
I don't know about you, but the people I know recognize me as someone who is very busy. I occasionally help out friends/family with computer problems[*], but there's no way I could possibly keep up if they all came to me with all their computer-related problems.
Even so, I'm more likely to recommend they get it from a smaller dealer or, for somewhat more knowledgeable people, stretch themselves by trying to build it themselves (I help pick out good parts). I tell them to take it to a place in-town for help if they need it. The per-incident cost, though it doesn't seem like it, will actually be less than the up-front support cost at a place like Dell.
[*] - It's much easier to solve the problem when you know the person's skill level and are actually there. Even assuming there is someone competent on the other end of the support line (a shaky assumption), they're handicapped, so I know I can do a better job. Besides, it's quite rewarding when I can actually teach someone how to do something.
Don't get your hopes up too much. I'd imagine their first implementation will suck. That's partially based on my distrust of the MySQL developers' abilities and partially based on a few comments I saw in the documentation you linked to:
I'm suspicious of their MySQL-specific features. In the past, many MySQL-specific features have been dumb. I couldn't find specific mention of these ones, but I bet they're more of the same.
Ugh! I use correlated subqueries all the time on Oracle and PostgreSQL with no performance problems. I'd guess from their comment that they're firing the subquery on every row of the outer query (which would run very slowly indeed). I think real databases replace these with equivalent but dramatically more efficient forms. (Like an "exists" subquery becoming another join condition and a distinct. Or a "not exists" subquery becoming a left join checking for nulls. Or however they implement it - it doesn't really matter; I type in something that is easy for me to understand/verify is correct, and they worry about making it perform well.
The PostgreSQL people were thinking about this sort of thing in 1997. And hell, they just now got IN/NOT IN to have good performance.[*] And they're good at this sort of thing. I don't have a lot of faith in the MySQL people.
So it's obviously not a complete implementation.
[*] - They probably could have gotten it to work a while ago but didn't because there was a workaround. (IN/NOT IN doesn't do anything EXISTS/NOT EXISTS can't, although IN/NOT IN is more terse.) Still, it shows you that there are likely to be a lot of gotchas in a new implementation.
Cursors are supported now. Nic Ferrier wrote a patch for this back in April, and I think it got applied in the beginning of May. There's a trick I can't remember right now to enable it (maybe setting the result set type/scrollability first with JDBC2 methods), since it's not quite as efficient for smaller queries. I'm sure the people on the pgsql-jdbc mailing list would help you if you can't figure it out.
Keep in mind that the JDBC drivers shipping with any given version of PostgreSQL are likely not the best available drivers to use with that version. The JDBC people don't make changes to the release branches, unless they started recently. The best available drivers tend to be the ones from their website or in CVS HEAD.
Also, if you stumble on a page listing the compliance features/misfeatures of PostgreSQL, it's hopelessly out of date. I hope they're not still linking to it. The picture is much brighter than what that page suggests.
P(B | A,C,~D) - P(B | A,C,D)
where
C = child uses the Internet enough to have a computer in his/her bedroom
D = child has been warned about strangers
I'm arguing that P(B | A,C,~D) is significantly higher than P(B | A,C,D) (it is important to warn these children about strangers); you're arguing otherwise.
And here's more handwaving...there are a couple other applications of Bayes's Theorem with fake numbers involved. I'll just say that C probably increases their chances of being abducted. (The Internet makes a lot of things easier; unfortunately, I think molesting children is one of them.) For most children, D is true (they are warned). If that were not so, I think that 1% statistic would be much more the other way. (If it were easier to molest random children, pedophiles would do it more.)
You need Bayes's Theorem to correctly prove things like this. In this case, I think it'd be something like:
A = child has a safe family (not molested by them, anyway)
B = child is molested
P(B | A) = P(A union B) / P(B)
We don't know any of these probabilities. We know the percentage of reported molestations that are by a family member (1%, again assuming the accuracy of that statistic).
First, I'll state an assumption to make things easier: all abuses are reported. That's clearly wrong, but it simplifies things. To do this correctly, you'd have to go through Bayes's Theorem again with molestations vs. reported ones.
Then our 1% becomes the percentage of molestations that are by a stranger. Assume there's at most one report per child per molester (how do these reports work? is each incident reported separately?). And assume there's at most one molester per child (and consequently there's no overlap between the family-abused and stranger-abused children). Then .01 = P(~A | B).
So .99 = P(A | B) = P(A union B)/P(A). We want P(B | A) = P(A union B)/P(B). So we need to multiply by P(B)/P(A).
You defined P(A) as .8 (and called it pessimistic; I do, too). Let's say P(B) is 5%. Then there's a 6% of a child with a safe family being molested.
Hmm...I said getting a result like that was possible, but I didn't expect it to actually happen. I think I've screwed up the reasoning somewhere along the way. (Maybe you can spot it.) Or maybe it's a consequence of the silly assumptions I've stated. In any case, making an error better proves my point: this sort of argument is complicated and error-prone.
cduffy replied: Or maybe you're better off assuming that making your kids paranoid about anyone whom they don't know yet is a bigger threat to their overall wellbeing than that 1% (or likewise very small) remaining risk.
That 1% may or may not have been correct as original stated, but you've certainly misinterpreted it. It certainly does not say that if a specific child in this specific situation is not molested by his/her immediate family, that child has only 1% (or "likewise very small") of the "normal" risk for being molested. It'd be a reasonable guess that the risk is less than normal, given that the major risk factor in the general population has been eliminated. But that's all it is; a guess. That's not valid deductive reasoning; there are plenty of situations in which that sort of reasoning will get you a conclusion that is not true.
Are you the same kind of person who won't take your child on an airline because planes sometimes crash? There's a notion of "acceptable risk"; I consider talking to strangers (not blindly obeying strangers, but talking to strangers) well within that area.
I don't have children; I'm 21. But no, I don't plan to ever be that kind of parent. In this case, I think an ancestor post by LostCluster struck a good balance:
The thing is, demonizing "strangers" doesn't quite do the trick. Afterall, a police officer you've never met before is also a "stranger", but one who the kid should be running towards, not away from. Most "strangers" are actually good people that that they haven't met yet, but there are a few not-so-good people out there in the world too.
It's the people who really don't belong at a place that kids need to be scared of, the people who do belong to a place are usually good people there to help. If the kid is lost in a store, they should go towards the people wearing the store's uniforms, they're the ones that can help. At the playground, the kids that they don't know are strangers, but they're other kids that they could be friends with... it's the 29 year old who's there without a kid that doesn't belong at the playground, that's the kind stranger to be worried about.
Let's assume for a second that statement is true.(*) What good does stating it do here? This thread is about giving advice to the parents. If they're asking for parenting advice, they're probably not the sort of people who would do that. Or presumably if they are, a few words on slashdot won't change that. So I think in this case you're best off assuming the danger is coming from strangers. Or maybe from other close acquaintances. Or from anyone but the immediate family, because they're the ones you're talking to.
* - I have a distrust of naked statistics; I find that most were obtained through poor methods or are carelessly restated in a way that alters their meaning. I'd need to see a citation, details of the study/questions asked, population samples, statistical methods, etc to actually trust one. I have to be really interested in the question to go to all that trouble of verifying the methodology.