It isn't just common wisdom. It is how things happen in most cases. However if you don't have to maintain things you write you have no real incentive to design software with good maintainability. It just needs to work today and we can band-aid it tomorrow.
Think of the google appliance. What about a similar idea with ThinkFree. If there are privacy concerns it could be hosted internally on a ThinkFree appliance. It would be wise of ThinkFree to offer something like that.
Such a tough crowd on something that was just sarcasm/a joke:-)
It does serve to illustrate the point that:
I forgot my return statement so the program is not reliable thus some folks can't even enjoy the joke:)
True security is incredibly difficult
And it is true that relying on stdio.h is a dependency. Someone could modify it and subvert it. It is honestly a moot point as you can connect how the standard C library would be subverted to a number of different weak links. Did you download it corrupted, weak link: Download Provider. Did someone break into your system, weak link: Overall system security. So on and so forth. However if you had verified that your download was from a trusted source and the checksum of the download matches with a checksum that is signed with the software providers public key you can be sure you have a download from someone that has access to the private key that you believe is the software providers. Then you are placing your trust in the ability of the software provider to guard their private key and PKI in general.
You can play the trust game all day. So, use tripwire to verify no one has cracked your system. What if you can't trust tripwire? What if this program, even though it is exactly the one we wanted had a lovely backdoor or security bug or flaw?
The point here is that practical security and absolute security are entirely different things. That is kind of what I was trying to illustrate in a joking manner with the malformed hello world program. Practical security is incredibly difficult and complexity is the enemy. The more complexity a program has the more chance for a security vulnerability. To some extent even the program language you are using is a part of the complexity. Hello world in Python has fewer moving parts than hello world in C.
You can extrpolate from the continuing stream of vulnerabilities in most major operating systems that they are both relatively complex pieces of software and whatever attempts have been made to mitigate the complexity are not working out so well;) Anyhow, that is all for now. Back to the salt mines for me. Jeremy
Only they took reasonable and relatively easy measures to mitigate the loss. It would make me a lot better to know that the files were encrypted with a key that was not stored in the laptop. That would mean that my data was "lost", but the company did everything REASONABLY possible to mitigate the possible damages.
It might take a little more processing power, but that is about it. Courier-IMAP comes with TLS and SSL by default. I always use TLS for access to my mail these days.
They should all get flamed equally. Anyone that plays those games. I don't really put that much stock in Google or any web based company like that. Search is great. Having everything I want to be private on a Google server.. no thanks:)
Never mind that they (Y!) censor searches in China just like google. Google gets flamed for it while all of the other major search engines in China do the same thing so they don't get banned.
Its just to hard for me to decide. I always feel that with such sensitive issues only the most glaring examples should be made examples of. Victim impact is for civil courts. It vandalism and burglary. I think its to hard to distinguish beyond a much finer level for a great majority of hate crimes. With murder there are levels of intent and other qualifiers (pre-meditation etc.). So in other words there are levels of "wrongness" to killing someone. In some ways even that bothers me. What is the most fair way to handle it? Does thinking about killing someone before killing them REALLY make the crime any worse? Does accidentally killing someone due to negiligence bring the person back? One is a mistake and not intentional but the person is just as dead. That is all that really matters to me. The family may be more upset if it was done on purpose, but the person is gone all the same.
By the way, I'm bi, so the notion of somebody being murdered for their sexual orientation has a certain delightful rhetorical frisson for me.:-) I guess. Its still up for interpretation to me, what exactly, a hate crime is. Making a death threat or other threat for bodily harm is already covered under the law. Here is the example. That dumbass who walked into a gay bar and started hacking away with his hatchet and shooting at folks. His crimes were labeled a "hate crime" because he did it at a gay bar. So if they pursue this as a hate crime in order to determine if it is a hate crime and not some random act of violence his thoughts at the time he committed the act of violence are on trial as well. Yes, they stem from the crime he already committed, but simply WHERE he did the murders is not enough. Yet the media ran with the "Hate Crime Suspect" label. And I think to prove he was guilty of a hate crime in that instance you would have to prove his thoughts when he was doing the crime. Good thing this guy was shot dead and we didn't have to bother with a trial for him anyway.
Good points. In certain states in the US it is illegal to burn a cross because it is a hate crime. The crime in this case is an expression of your opinion. It is well understood that a burning cross is linked to groups like the KKK and a hatred of blacks. It makes an implicit statement. So there is still a physical action linked to the thought. Yet, it basically, criminalizes expression. It treads closer and closer to criminalizing any outward expression of hatred towards groups that are victims of "hate crimes".
Intention means a lot. What I am talking about is different sentencing based solely on your opinions towards the people you commit a crime against.
This is about personal opinion affecting the sentencing for the person that committed a crime. 1st degree murder implies you planned the crime before it happened. Its not a "thought" crime. You went out of your way to plan a crime before hand and then performed the crime. Your opinion weighs into it not at all. Its just your plan for an intentional crime beforehand. What do your personal beliefs have to do with how you are punished for a crime?
Pre planning a crime and holding certain beliefs while committing a crime are different to me.
I don't either. It is just that crimes against gays and blacks are the vast majority of what get classified as hate crimes so you have to talk about the issues as they exist or you can get lost in metaphors.
Hate crimes are in essence thought crimes too. Think about it.. hate is a thought. Your reasons for feeling a certain way are thoughts. So in essence you can be subject to more severe penalties purely based on your personal opinions while performing a crime. Not only that you can be convicted of a hate crime alone where your sole criminal act was an expression of hatred for something.
This differs from premeditated murder in that, yes, ultimately, premeditation is a thought.. but the key difference is that you were planning a crime. Planning to kill someone is not an opinion. Hating a group of people is an opinion.
It is basically legislating what sort of motivations for doing a crime is worse than some other motivation. So if you rob a bank because you hate banks should you be subject to stiffer penalties? If you kill a gay man because you hate gays how is that anything other than a murder? Hate crime, for me, goes way to far down the path of thought crime. Double plus bad.
Load and CPU usage are different things. Load is a very tricky topic. The gist of it is that it is the average number or processes that were waiting to do some amount of processing. It is then scaled based on a logarithmic algorithm to give you a rough picture of what is happening. So lets say you have an SMTP server with a dozen processes all trying to disk access and the disk is also busy updating its locate database. Your disk is hammered. Your processor is not. But you have so many processes competing for IO that it bogs down the process scheduling eventually, which can make everything sluggish. Your CPU usage might not be heavy, but that doesn't mean the system isn't bogged down trying to do other things. CPU usage is an important part of system load, but not the only thing going into it.
You have not illustrated that Python is any different/better than Java for that particular problem. Your breakthrough sounds like an algorithmic break through to me, not language driven.
Often I get a flash of insight by attacking the problem from different directions (possibly languages). Perhaps some programming paradigms allow you to more naturally express certain problems, but in general most people tend to do OO or procedural Python so I don't see how Python would give you any huge advantage by just using a different language.
Good algorithm design can be expressed in a language neutral format and then implemented in any language.
There might be some arguments you can make for being able to better comprehend the Python code due to there being less lines of code so you are able to see more of the problem at once. This is often what helps lead me to solving bigger picture problems. This is also accomplished, for me, by refactoring bigger pieces of code into smaller objects/modules so that the core routines of the program are nothing more than skeletons to the methods doing all of the work.
So, in my mind to make a good puzzle solver you need the core algorithm in an easy to understand format. Then the language you use is just a formality. (Unless you are using functional programming or some other more esoteric paradigm that is difficult to emulate in a language like C/C++/Java)
I work 45 - 50 hours per week. When I am working I am super focused on my work. Simple as that. I work very hard when I am working. Some weeks I will pull 60 hours per week up to about three weeks if there is a big push to get something out the door. It is not fun to work the hours but I will do it for short amounts of time. The goal should always be quality software that works right the first time so you are exactly right. I don't think it is normal or good to work people much beyond that in a typical software development environment where someone is coding as the majority of their job.
I have seen what 70 and 80 hour a week death marches produce and I can attest to the fact that it is bad. I don't think many programmers over here try and make themselves believe much of anything else. It is often middle to upper management that force these kind of constraints on a development team. It is hard to communicate to them why time spent and work produced is not linear beyond 45-50 hours.
I know.. we are a little gun happy over here. Those are interesting numbers. Impossible to deny that we have more homicides than most places related to guns. I think it is more a reflection on our society than any true danger to the average citizen. We also have a LOT more guns. So they are more accessible and tend to be used as the default method of homicide. The more interesting figure is number of homicides in general. Not just with guns.
That is interesting. Most of corporate America averages 2 weeks of vacation. Three is not out of the question as many companies lump sick days and vacation days as one in the same.We are just pulling numbers out of our asses here to be honest. Most developers I know that work in a corporate setting do tend to get at least 2 weeks off. In smaller shops it does vary more, but it is still not some dire situation. America is known for its hard work. IT does tend to work more than your average corporate citizen. I just don't think its that bad. Its not great.. but not terrible either.
I get three weeks of vacation. Most folks do. God-Bothering.. bothers me too. GE food? Ehh.. we ship that stuff all over the world. Its hard to know exactly where your food came from.
The shootings... I am not exactly sure what you mean by this. People do get shot yes.. but it is not like we all run around in fear of being shot. Statistically it is one of the least likely ways for you to die. Heart disease is much worse over here.
I am no apologist, but please pick on us for stuff that is actually bad like our idiot politicians that are bankrupting the country and such.
Slashdot Mirror
Except that in .NET it all becomes MSIL, not Machine Code.
Jeremy
It isn't just common wisdom. It is how things happen in most cases. However if you don't have to maintain things you write you have no real incentive to design software with good maintainability. It just needs to work today and we can band-aid it tomorrow.
Jeremy
That Mind Map appears to have been made with FreeMind. An excellent, open source, mind mapping solution. I advise folks to try it out.
FreeMind
Jeremy
Think of the google appliance. What about a similar idea with ThinkFree. If there are privacy concerns it could be hosted internally on a ThinkFree appliance. It would be wise of ThinkFree to offer something like that.
Jeremy
Worse, I work in the security industry :)
It does serve to illustrate the point that:
And it is true that relying on stdio.h is a dependency. Someone could modify it and subvert it. It is honestly a moot point as you can connect how the standard C library would be subverted to a number of different weak links. Did you download it corrupted, weak link: Download Provider. Did someone break into your system, weak link: Overall system security. So on and so forth. However if you had verified that your download was from a trusted source and the checksum of the download matches with a checksum that is signed with the software providers public key you can be sure you have a download from someone that has access to the private key that you believe is the software providers. Then you are placing your trust in the ability of the software provider to guard their private key and PKI in general.
You can play the trust game all day. So, use tripwire to verify no one has cracked your system. What if you can't trust tripwire? What if this program, even though it is exactly the one we wanted had a lovely backdoor or security bug or flaw?
The point here is that practical security and absolute security are entirely different things. That is kind of what I was trying to illustrate in a joking manner with the malformed hello world program. Practical security is incredibly difficult and complexity is the enemy. The more complexity a program has the more chance for a security vulnerability. To some extent even the program language you are using is a part of the complexity. Hello world in Python has fewer moving parts than hello world in C.
You can extrpolate from the continuing stream of vulnerabilities in most major operating systems that they are both relatively complex pieces of software and whatever attempts have been made to mitigate the complexity are not working out so well
Jeremy
This is most definitely a "easy to use, accessible, and reliable application that has no security holes".
Where is my money?
Jeremy
Apple essentially ripped the content of the beige boxes and stuffed it into a Mac.. so what is the difference? ;-)
Only they took reasonable and relatively easy measures to mitigate the loss. It would make me a lot better to know that the files were encrypted with a key that was not stored in the laptop. That would mean that my data was "lost", but the company did everything REASONABLY possible to mitigate the possible damages.
Jeremy
It might take a little more processing power, but that is about it. Courier-IMAP comes with TLS and SSL by default. I always use TLS for access to my mail these days.
Jeremy
They should all get flamed equally. Anyone that plays those games. I don't really put that much stock in Google or any web based company like that. Search is great. Having everything I want to be private on a Google server.. no thanks :)
J
Never mind that they (Y!) censor searches in China just like google. Google gets flamed for it while all of the other major search engines in China do the same thing so they don't get banned.
Jeremy
Its just to hard for me to decide. I always feel that with such sensitive issues only the most glaring examples should be made examples of. Victim impact is for civil courts. It vandalism and burglary. I think its to hard to distinguish beyond a much finer level for a great majority of hate crimes. With murder there are levels of intent and other qualifiers (pre-meditation etc.). So in other words there are levels of "wrongness" to killing someone. In some ways even that bothers me. What is the most fair way to handle it? Does thinking about killing someone before killing them REALLY make the crime any worse? Does accidentally killing someone due to negiligence bring the person back? One is a mistake and not intentional but the person is just as dead. That is all that really matters to me. The family may be more upset if it was done on purpose, but the person is gone all the same.
Jeremy
By the way, I'm bi, so the notion of somebody being murdered for their sexual orientation has a certain delightful rhetorical frisson for me. :-)
I guess. Its still up for interpretation to me, what exactly, a hate crime is. Making a death threat or other threat for bodily harm is already covered under the law. Here is the example. That dumbass who walked into a gay bar and started hacking away with his hatchet and shooting at folks. His crimes were labeled a "hate crime" because he did it at a gay bar. So if they pursue this as a hate crime in order to determine if it is a hate crime and not some random act of violence his thoughts at the time he committed the act of violence are on trial as well. Yes, they stem from the crime he already committed, but simply WHERE he did the murders is not enough. Yet the media ran with the "Hate Crime Suspect" label. And I think to prove he was guilty of a hate crime in that instance you would have to prove his thoughts when he was doing the crime. Good thing this guy was shot dead and we didn't have to bother with a trial for him anyway.
Jeremy
Good points. In certain states in the US it is illegal to burn a cross because it is a hate crime. The crime in this case is an expression of your opinion. It is well understood that a burning cross is linked to groups like the KKK and a hatred of blacks. It makes an implicit statement. So there is still a physical action linked to the thought. Yet, it basically, criminalizes expression. It treads closer and closer to criminalizing any outward expression of hatred towards groups that are victims of "hate crimes".
Intention means a lot. What I am talking about is different sentencing based solely on your opinions towards the people you commit a crime against.
Jeremy
This is about personal opinion affecting the sentencing for the person that committed a crime. 1st degree murder implies you planned the crime before it happened. Its not a "thought" crime. You went out of your way to plan a crime before hand and then performed the crime. Your opinion weighs into it not at all. Its just your plan for an intentional crime beforehand. What do your personal beliefs have to do with how you are punished for a crime?
Pre planning a crime and holding certain beliefs while committing a crime are different to me.
Jeremy
I don't either. It is just that crimes against gays and blacks are the vast majority of what get classified as hate crimes so you have to talk about the issues as they exist or you can get lost in metaphors.
Jeremy
Hate crimes are in essence thought crimes too. Think about it.. hate is a thought. Your reasons for feeling a certain way are thoughts. So in essence you can be subject to more severe penalties purely based on your personal opinions while performing a crime. Not only that you can be convicted of a hate crime alone where your sole criminal act was an expression of hatred for something.
This differs from premeditated murder in that, yes, ultimately, premeditation is a thought.. but the key difference is that you were planning a crime. Planning to kill someone is not an opinion. Hating a group of people is an opinion.
It is basically legislating what sort of motivations for doing a crime is worse than some other motivation. So if you rob a bank because you hate banks should you be subject to stiffer penalties? If you kill a gay man because you hate gays how is that anything other than a murder? Hate crime, for me, goes way to far down the path of thought crime. Double plus bad.
Jeremy
Load and CPU usage are different things. Load is a very tricky topic. The gist of it is that it is the average number or processes that were waiting to do some amount of processing. It is then scaled based on a logarithmic algorithm to give you a rough picture of what is happening. So lets say you have an SMTP server with a dozen processes all trying to disk access and the disk is also busy updating its locate database. Your disk is hammered. Your processor is not. But you have so many processes competing for IO that it bogs down the process scheduling eventually, which can make everything sluggish. Your CPU usage might not be heavy, but that doesn't mean the system isn't bogged down trying to do other things. CPU usage is an important part of system load, but not the only thing going into it.
Jeremy
You have not illustrated that Python is any different/better than Java for that particular problem. Your breakthrough sounds like an algorithmic break through to me, not language driven.
Often I get a flash of insight by attacking the problem from different directions (possibly languages). Perhaps some programming paradigms allow you to more naturally express certain problems, but in general most people tend to do OO or procedural Python so I don't see how Python would give you any huge advantage by just using a different language.
Good algorithm design can be expressed in a language neutral format and then implemented in any language.
There might be some arguments you can make for being able to better comprehend the Python code due to there being less lines of code so you are able to see more of the problem at once. This is often what helps lead me to solving bigger picture problems. This is also accomplished, for me, by refactoring bigger pieces of code into smaller objects/modules so that the core routines of the program are nothing more than skeletons to the methods doing all of the work.
So, in my mind to make a good puzzle solver you need the core algorithm in an easy to understand format. Then the language you use is just a formality. (Unless you are using functional programming or some other more esoteric paradigm that is difficult to emulate in a language like C/C++/Java)
Jeremy
I work 45 - 50 hours per week. When I am working I am super focused on my work. Simple as that. I work very hard when I am working. Some weeks I will pull 60 hours per week up to about three weeks if there is a big push to get something out the door. It is not fun to work the hours but I will do it for short amounts of time. The goal should always be quality software that works right the first time so you are exactly right. I don't think it is normal or good to work people much beyond that in a typical software development environment where someone is coding as the majority of their job.
;)
I have seen what 70 and 80 hour a week death marches produce and I can attest to the fact that it is bad. I don't think many programmers over here try and make themselves believe much of anything else. It is often middle to upper management that force these kind of constraints on a development team. It is hard to communicate to them why time spent and work produced is not linear beyond 45-50 hours.
The battle rages on
Jeremy
I know.. we are a little gun happy over here. Those are interesting numbers. Impossible to deny that we have more homicides than most places related to guns. I think it is more a reflection on our society than any true danger to the average citizen. We also have a LOT more guns. So they are more accessible and tend to be used as the default method of homicide. The more interesting figure is number of homicides in general. Not just with guns.
Jeremy
That is interesting. Most of corporate America averages 2 weeks of vacation. Three is not out of the question as many companies lump sick days and vacation days as one in the same.We are just pulling numbers out of our asses here to be honest. Most developers I know that work in a corporate setting do tend to get at least 2 weeks off. In smaller shops it does vary more, but it is still not some dire situation. America is known for its hard work. IT does tend to work more than your average corporate citizen. I just don't think its that bad. Its not great.. but not terrible either.
Jeremy
#Develop. I have delivered rather large GUI based projects with it.
Jeremy
I get three weeks of vacation. Most folks do. God-Bothering.. bothers me too. GE food? Ehh.. we ship that stuff all over the world. Its hard to know exactly where your food came from.
The shootings... I am not exactly sure what you mean by this. People do get shot yes.. but it is not like we all run around in fear of being shot. Statistically it is one of the least likely ways for you to die. Heart disease is much worse over here.
I am no apologist, but please pick on us for stuff that is actually bad like our idiot politicians that are bankrupting the country and such.
Jeremy