At the moment Verisign logs 53 billion requests for websites - not just dotcoms - every day, about the same number handled for all of 1995. "We expect that to grow in 2020 to somewhere between three and four quadrillion," Mr McLaughlin told BBC News.
How do we interpret this? I sure hope this is DNS lookups. But if so, doesn't it bother anyone else that the Verisign CEO said "53 billion requests for websites" as opposed to "53 billion requests for domain name resolution." God help us if this means 53 billion different DOMAINS; how many of them are Botnet controllers?
I'm just waiting for the sign in front of Verisign HQ, "Over 53 billion websites served every day"...
"Impossible to test", but that does not mean that it's impossible to write bug-free software. It requires a substantially different approach to specification and construction than most people/companies currently use. Model Checking (http://en.wikipedia.org/wiki/Model_checking) and SPARK (http://en.wikipedia.org/wiki/SPARK_(programming_language) ) are two approaches that work. It's worth looking at what the commercial avionics industry requires for its embedded software, where 10 ^ -9 is the requirement for safety-critical avionics (http://en.wikipedia.org/wiki/DO-178B )
Note though, that no amount of 'construction by correctness' approach for software will make up in deficiencies in specifications. See the work of Nancy Leveson (http://en.wikipedia.org/wiki/Nancy_Leveson or http://sunnyday.mit.edu/ ) and John Knight (http://www.cs.virginia.edu/~jck/ ) for both discussions and analysis of safety-critical software approaches and analysis of how some of these approaches have not worked as well as expected (e.g. Leveson's critique of N-version programming.)
I agree with both parent posts. PKI Certs are certainly the way to go, but it's really hard to do this right.
This is a case where some consulting to (a) set up the PKI stuff; (b) train our (unfortunately anonymous) questioner on how to disseminate the certs; and (c) apply the appropriate tarpit/other firewall settings, would probably be money-well-spent.
Well, I am no "newbie," having bought my first personal computer in Oct 78, having used personal machines (not owned by me) and timeshares for 5 years previously. And I've done development AND FIELDING of systems to end users (soldiers) who were not particularly computer aware, as well as tools/infrastructure development for the technically literate. I've administered small proprietary standalone systems (e.g. Wang), VAX/VMS, Ultrix and HP/UX. I'm currently using MacOS X Server in my home office.
What I've observed as a matter of culture is that too many IT people believe the entire business runs for their convenience. WAY too many times I've been trying to do my job and been prevented because of IT policies designed to make a -non-producing- part of the business "easier". When the CIO gives me a charge number against his account, that I use whenever his IT policies keep me from being productive (e.g. when he decides to push an update in the middle of the day, trashing network performance, my computer performance, and even a few times a reboot cycle...)
Talking about Microsoft Office formats: I've had more problems about incompatibilities within Microsoft products than between MS Office and Open Office. In fact, until recently I'd get PowerPoint documents that would crash PowerPoint, but would open just fine in OpenOffice.
If you value consistency, buy a Mac, damnit. And that's a major reason why I've preferred Macs over the various iterations of Windows I've used over the last 20 years. If you want to talk total life-cycle costs, there are lots of studies that show Macs have lower life-cycle costs, even though they have substantially higher initial investments.
I also remember the time when we were analyzing/costing a major system upgrade, replacing some big Unix servers with Microsoft servers. The cost people had a 'figure of merit' that a Windows server cost 25% the life-cycle costs of a Unix server, and most of that cost was in the sysadmin/labor category. That looked great, until we looked at the actual performance of the Windows servers, and realized we ended up with 6 Windows servers to replace that 1 Unix server.
What bothers me about this story is the apparent unwillingness of the manager to listen to his staff. Even in the Army, it's much better to lead by example and by knowledge, than it is to lean on rank. There are times when you have to issue an order and expect it to be obeyed without debate. But the best way to get that kind of response is to have your subordinates believe that you've actually thought through what you're ordering them to do, and that requires listening and analyzing/comparing alternatives when there's time to do so.
Your experience may vary, but that's a reflection of my 30+ years in this business.
Our boss picked this book, "Made to Stick" (http://www.amazon.com/Made-Stick-Ideas-Survive-Others/dp/1400064287 ) as this year's reading assignment. There are some interesting ideas in here that support things like "the sad puppy picture error".
But a big part of the problem that I've seen is the irrelevance of error messages to the recipient. The Blue Screen of Death in theory contains useful information to the developer, but is completely meaningless to the user. Error reporting (whether it's exceptions tossed by a module or alerts presented to the user) should be based on a clear model of the user/caller's world. "A603 Load Module Does Not Exist*" is a lot less useful than "Cannot locate program to run".
(* If you're old enough to recognize the source of this error message, reply below. First one to get it right gets a prize...:-)
Grab a piece of open source code that interests you and walk through it. In fact, in contradiction to what some others have posted here, it's better to read other people's code -first- before starting to write it yourself. You'll end up with a much better appreciation for the language and the structure of a program.
You want to look for both 'patterns' in the small ("What does this little chunk of code do?") and structure in the large, e.g. class layout, etc.
>Thinking about it, I would say that good programmer and analysts were already looking for design patterns long before Design Patterns became formalized.
I agree. A lot of what appears in the Design Patterns book struck me as "obvious - that's how I've always done it". But again coming from the Ada community, the language and the culture encouraged the kind of bigger-than-just-a-subroutine approach that is also codified in Design Patterns.
The other comment I'd make is that people who haven't carefully read the Design Pattern literature, particularly the original "Gang of 4" book, miss the fact that a pattern comes with 'qualifying conditions'. Too many people apply a Design Pattern because they think they have to or it's a good thing, without reading -and reasoning about- the definition of the pattern to see if it's applicable/appropriate. And that behavior is equally true of formally trained and self-trained developers.
Meta-comment: Computer Science/Software Development is very trendy! (and that's not meant as a compliment...)
I'd suggest
a. Debugging techniques (but then I strongly prefer design/language approaches that minimize debugging in the first place)
b. Programming-in-the-large, including (i) program structure; (ii) maintenance/documentation considerations (That's true for programmers who have worked on large, well-run projects.)
c. MAYBE multiple programming languages - As I wrote in another posting on this thread, I will not hire a mono-lingual programmer. Too often people coming out of schools have been exposed to one programming language, the popular language-du-jour. If you've been around long enough you've probably worked in several different languages and seen how each language points you towards a certain set of solutions.
d. Understanding of the non-coding aspects, such as design documentation, etc. Again that's true for people who have worked in well-run shops. The rate of illiteracy among programmers isn't getting any better, and in any project > 5 people you'll spend as much time doing reading, writing, talking, etc, as you will in front of a computer typing in code.
I'm about 3/4 self-taught, I had some CS courses in college (before there was even a CS minor in the school) and a couple of grad school courses (which I can't say I got all that much from.)
But here's my list, based on what I've experienced over the last 30 years:
analysis of algorithms, "Big O" and similar things. If you've read a basic data structures book, you -might have- seen this stuff. But it's really important theory to understand. I'd rate this as the #1 gap; people who don't have this knowledge have a real hard time reasoning about or discussing performance, etc.
AI - not an interest of mine, so I've never bothered to learn it. But that's a big hole in my own knowledge. That includes knowledge representation, reasoning systems, etc.
multiple programming paradigms - In this case I'm "OK", I've learned and applied several different programming languages (most of which are not popular/politically correct these days...) I've said I'd never hire a mono-lingual programmer, and that's because learning different languages has given me other ways to look at problems. (See http://en.wikipedia.org/wiki/Sapir-whorf - which applies to programming languages as much as natural languages!)
numeric analysis - That's one of 2 post-grad courses I took where I actually learned a lot, and it seems that numeric analysis is somewhat of a dying art. But a lot of what we do is still 'calculating', so this is important to know.
concurrency - Here I'm personally in good shape because it is an interest, and I've done a lot of work in Ada which provides a very strong concurrent programming model. But things like race conditions, deadlock, consensus algorithms, etc. are growing in importance due to multi-core CPUs. Nancy Lynch's "Distributed Algorithms" is The Book to read here, too bad it's so expensive (http://www.amazon.com/Distributed-Algorithms-Kaufmann-Management-Systems/dp/1558603484)
compiler theory - it's worth knowing how language processing tools work, and with compiler theory (parsers, etc), I'd add knowledge of machine languages. If you ever have to go down to assembly language to find a compiler optimization bug (something I've had to so several times - ain't fun), you MUST know this stuff.
optimization/operations research mathematics - I'm not sure how much this gets taught in CS departments, but I was fortunate enough to get -2- Operations Research courses as a math major (at 2 different schools...) Understanding linear programming, integer programming (things change when you can only deal in whole numbers), PERT/CPM, etc, has proven to be valuable for both hard-core programming and for systems design (and even project management.) I'd also add graph theory to this list, a lot of problems I've worked on are graph problems (they show up in compiler construction, too...)
I've learned -a lot- just by reading other people's code, too. Remember, a program is written once, but read many times during its lifetime. Reading code gives you both an appreciation for how others attack a problem, and the need to make your own code more understandable. This is where the Open Source movement has been a Godsend. (I'll note in passing the Ada community was very good about sharing source code back in the '80s when this wasn't as popular as it is today.)
Finally, a "meta-comment": Although my formal education in CS itself was weak, I've invested a lot in learning on my own. I'm sure my professors would argue they taught me how to learn, and there's some truth to that. But not everyone will snuggle up to a textbook on graph theory on a snowy winter night:-)
Heisenbugs like race conditions (http://en.wikipedia.org/wiki/Heisenbug ) are rarely 'shallow', in that they usually require a lot of analysis, reasoning and testing, and dedicated time to form a mental (or otherwise) model of the code. The argument for 'shallow' here is the potential number of people willing to invest that kind of effort.
Having source code helps a lot, even more when you can instrument the code or use some sort of debugger (which itself can change timing etc and perturb the resulting behavior), but I've tracked down heisenbugs without it.
The previous comments that 'design counts' is certainly true, and there's often trades to be made in the kind of potential conditions you can get. For instance, some synchronization approaches can trade the chance of deadlock against the chance of race conditions.
I'll not comment on whether Microsoft code is "better", since I choose to avoid Microsoft products. (But I will note that many, if not most of the Microsoft desktop products started life outside Microsoft...)
Nuanti's Highgate Media Suite will enable support for standards-based HTML5 video streaming with Theora in browsers that have Silverlight. It works entirely without requiring the users to install any additional software." Makes Steve Job's opposition to Flash look prescient...
I'm NO fan of Microsoft (which I hold responsible for a lot of the malware problems on the 'Net), nor am I a big fan of PKI (I think the implementations are way to fragile), but I think there might be a worthy idea in here.
Drivers Licenses have two uses:
1. Certification of driving skills
2. A nationally recognized identity Consider this for use #2...
So what if the government issued an "Internet ID Card", with PKI Certs, etc, that would be used to secure email, transactions, etc? This is by no means a panacea, but as a factor in 2-factor ID, it might well cut down on some forms of malware.
Yes, there -are- civil liberty implications. But we always have the tension between known identity and guaranteed privacy.
So as a form of tougher ID on the Internet, I think this deserves to be taken seriously, and the plusses and minuses (as established here...) should be debated.
The users who are likely to be infected by a bot are the least likely to be able to "fix the problem".
True... But this is where frankly I'd like to see Microsoft, in particular, -pay up- to provide fixes for such machines. As a strawman: Microsoft provides tools and training, and then the end user pays a relatively low fixed fee to get his machine deloused before it can be put back on the net.
PKI might be theoretically secure, but it is to damn complex to set up and maintain in the face of issuing and then managing certs including expiration of same, email addresses that change causing a cascading exchange of certs, case mismatch between the sender's email address, e.g. "joe.blow@example.com" might not match a cert issued to "Joe.Blow@Example.com", etc.
Same thing's true for trying to set up https on websites. But I'm disappointed at how many corporate high-confidence (e.g. bank) websites don't start off with https these days. They can make the purely server-side investment. Unlike email and point-to-point connections, at least web server security is encapsulated on the server.
Another problem is that most of the time you just want a simple "did this message come from who you thought it did", but the cert authorities add to this confirmed identity. That means you have to pay a company like Verisign a lot of money for an identity cert where they require you to show up with your passport, etc,. Again, -overkill- for what most people need, mostly they want to make sure there's no interference with subsequent messages from the same sender.
The error messages in general are not helpful, in part due to bad human factors engineering and in part due to policies that want to prevent covert channels (akin to the lack of distinction between 'file doesn't exist' and 'file exists, but you don't have access')
It took me several years to get reliable PKI certs working for encrypted email on Thunderbird, but all that broke when I moved my mail over to Apple Mail.app. I'll probably have to move back to Thunderbird (even though there are things about T-bird that I actively despise.) Part of that complexity is exchanging individual certificates with others, and part of that is trying to connect to external corporate LDAP servers to get certificates for new correspondents. (Seems that most mailers assume a single internal LDAP server, and don't provide support for connecting to ldap.xyz.com for XYZ employee certs, ldap.abc.com for ABC employee certs, etc.)
And then there's Smart Cards/Common Access Cards, which work OK if someone who knows what they're doing configures a Windows machine, installing third party software, etc, etc. A security measure that only works on Windows is questionable (and that's before the well-documented problems with Windows vulnerabilities, allowing people to get 'inside the firewall'. Just ask Google, Adobe, etc...)
As someone who's been using personal computers for over 30 years, if -I- don't have patience with this, it's certainly not ready for mom-and-pop.
Well, there are IT programmers, and then there are people who have been called 'architects', 'lead programmers', 'software engineers', etc. Anyone who has to reason about correct behavior of a distributed system, as one example, should have a background in both discrete math and in probability, as essential tools to try to reason about correctness, or at least stable/unstable behavior, in his system.
I believe that there is more to IT than hacking code. Even there, when I was a gen-u-ine programmer and the first maintenance programmer on my project (I rewrote a major component twice, once for time because it was taking too long and the second time for space, because it used too much memory. The savings from the latter on this project by reducing memory requirements in the workstation was literally $1m...), I used both CS and discrete mathematics to reason about the code I was trying to rewrite.
So I reject the position taking by "SupplyMission". We have -way too many hackers- and not enough people with both formal reasoning skills and with the specific academic tools, including discrete mathematics, in this business. Nothing is a better illustration of this than the -abomination- of a time reporting/expense reporting system my company bought from an "industry leader." Some of the worst-designed software I've used in -years-!!! (Name provided upon request.)
I'd strongly recommend going with choice #1. There's a huge amount of application of graph theory, etc. in both computer science and in practical programming.
My undergrad degree is in Math, and I have -never- used anything I learned in the classical mathematic topics past linear algebra. The courses in statistics and probability, and the 2 Operations Research courses (I was very lucky to get both of them) have been the really useful items. Unfortunately I was unable to take the graph theory course, but I bought the book anyway.
In conversations with my Alma Mater, they have substantially changed their curriculum, moving away from the classical analysis topics and more into discrete math.
You're just jealous you didn't send it into Slashdot...;-)
But to my surprise, CNN.com had the story, where the British Daily Mail (dailymail.co.uk) website didn't have any mention of it when I sent this in last night.
At that point it was reasonable to assume this was still 'breaking news' and worthy of reporting to this community.
I picked up his-and-her iPhones yesterday. (Was scheduled for today, but we're getting all the snow they promised, 14" and coming down at 1"/hour). Verizon coverage is very good, but ATT cannot be any worse than Verizon on customer service and in particular on corporate policies. I got a call a couple of days ago from some Verizon sales rep trying to get me to replace/upgrade my phone. I said "I don't want any of your new phones."
A friend has a Droid and is pretty happy.
Even if you're not an Apple fan, you have to give them credit for recasting the cellphone world and removing the chokehold the carriers had on costs, phones, customer service, etc, etc.
My ISP (satisfied customer for 20 years!) uses a very effective anti-spam device (http://www.escom.com) that includes SPF checking. (No business connection, just a very satisfied customer. I get less than 1 spam/quarter that isn't trapped in quarantine or flat rejected...)
I'm appalled at the "professional" electronic contact service companies that fail to set up SPF records, e.g. Bronto.com that sends emails on behalf of the IEEE Computer Society. If this is your business, you have every obligation to make sure your services on behalf of -paying customers- are properly configured, even if some anti-spam devices do not use SPF as part of their spam detection approach.
Failure to include SPF records usually causes an email to get trapped in quarantine on my ISP. That's not "catastrophic" but it is most certainly annoying for something that can be very easily prevented, particularly by companies/organizations that actively invest in email.
Slashdot Mirror
(subject says it all...)
Pretty bizarre that whoever bought BBN let "bbn.com" lapse...
At the moment Verisign logs 53 billion requests for websites - not just dotcoms - every day, about the same number handled for all of 1995.
"We expect that to grow in 2020 to somewhere between three and four quadrillion," Mr McLaughlin told BBC News.
How do we interpret this? I sure hope this is DNS lookups. But if so, doesn't it bother anyone else that the Verisign CEO said "53 billion requests for websites" as opposed to "53 billion requests for domain name resolution." God help us if this means 53 billion different DOMAINS; how many of them are Botnet controllers?
I'm just waiting for the sign in front of Verisign HQ, "Over 53 billion websites served every day"...
"Impossible to test", but that does not mean that it's impossible to write bug-free software. It requires a substantially different approach to specification and construction than most people/companies currently use. Model Checking (http://en.wikipedia.org/wiki/Model_checking) and SPARK (http://en.wikipedia.org/wiki/SPARK_(programming_language) ) are two approaches that work. It's worth looking at what the commercial avionics industry requires for its embedded software, where 10 ^ -9 is the requirement for safety-critical avionics (http://en.wikipedia.org/wiki/DO-178B )
Note though, that no amount of 'construction by correctness' approach for software will make up in deficiencies in specifications. See the work of Nancy Leveson (http://en.wikipedia.org/wiki/Nancy_Leveson or http://sunnyday.mit.edu/ ) and John Knight (http://www.cs.virginia.edu/~jck/ ) for both discussions and analysis of safety-critical software approaches and analysis of how some of these approaches have not worked as well as expected (e.g. Leveson's critique of N-version programming.)
No winners. Xerox/SDS Sigma series error message if you mistyped the name of an executable.
I agree with both parent posts. PKI Certs are certainly the way to go, but it's really hard to do this right.
This is a case where some consulting to (a) set up the PKI stuff; (b) train our (unfortunately anonymous) questioner on how to disseminate the certs; and (c) apply the appropriate tarpit/other firewall settings, would probably be money-well-spent.
Well, I am no "newbie," having bought my first personal computer in Oct 78, having used personal machines (not owned by me) and timeshares for 5 years previously. And I've done development AND FIELDING of systems to end users (soldiers) who were not particularly computer aware, as well as tools/infrastructure development for the technically literate. I've administered small proprietary standalone systems (e.g. Wang), VAX/VMS, Ultrix and HP/UX. I'm currently using MacOS X Server in my home office.
What I've observed as a matter of culture is that too many IT people believe the entire business runs for their convenience. WAY too many times I've been trying to do my job and been prevented because of IT policies designed to make a -non-producing- part of the business "easier". When the CIO gives me a charge number against his account, that I use whenever his IT policies keep me from being productive (e.g. when he decides to push an update in the middle of the day, trashing network performance, my computer performance, and even a few times a reboot cycle...)
Talking about Microsoft Office formats: I've had more problems about incompatibilities within Microsoft products than between MS Office and Open Office. In fact, until recently I'd get PowerPoint documents that would crash PowerPoint, but would open just fine in OpenOffice.
If you value consistency, buy a Mac, damnit. And that's a major reason why I've preferred Macs over the various iterations of Windows I've used over the last 20 years. If you want to talk total life-cycle costs, there are lots of studies that show Macs have lower life-cycle costs, even though they have substantially higher initial investments.
I also remember the time when we were analyzing/costing a major system upgrade, replacing some big Unix servers with Microsoft servers. The cost people had a 'figure of merit' that a Windows server cost 25% the life-cycle costs of a Unix server, and most of that cost was in the sysadmin/labor category. That looked great, until we looked at the actual performance of the Windows servers, and realized we ended up with 6 Windows servers to replace that 1 Unix server.
What bothers me about this story is the apparent unwillingness of the manager to listen to his staff. Even in the Army, it's much better to lead by example and by knowledge, than it is to lean on rank. There are times when you have to issue an order and expect it to be obeyed without debate. But the best way to get that kind of response is to have your subordinates believe that you've actually thought through what you're ordering them to do, and that requires listening and analyzing/comparing alternatives when there's time to do so.
Your experience may vary, but that's a reflection of my 30+ years in this business.
With the Windows Logo on it, required to be worn by all the IT staff.
Our boss picked this book, "Made to Stick" (http://www.amazon.com/Made-Stick-Ideas-Survive-Others/dp/1400064287 ) as this year's reading assignment. There are some interesting ideas in here that support things like "the sad puppy picture error".
But a big part of the problem that I've seen is the irrelevance of error messages to the recipient. The Blue Screen of Death in theory contains useful information to the developer, but is completely meaningless to the user. Error reporting (whether it's exceptions tossed by a module or alerts presented to the user) should be based on a clear model of the user/caller's world. "A603 Load Module Does Not Exist*" is a lot less useful than "Cannot locate program to run".
(* If you're old enough to recognize the source of this error message, reply below. First one to get it right gets a prize... :-)
Grab a piece of open source code that interests you and walk through it. In fact, in contradiction to what some others have posted here, it's better to read other people's code -first- before starting to write it yourself. You'll end up with a much better appreciation for the language and the structure of a program.
You want to look for both 'patterns' in the small ("What does this little chunk of code do?") and structure in the large, e.g. class layout, etc.
Too many people out there produce 'write-only code', just check out http://thedailywtf.com/
>Thinking about it, I would say that good programmer and analysts were already looking for design patterns long before Design Patterns became formalized.
I agree. A lot of what appears in the Design Patterns book struck me as "obvious - that's how I've always done it". But again coming from the Ada community, the language and the culture encouraged the kind of bigger-than-just-a-subroutine approach that is also codified in Design Patterns.
The other comment I'd make is that people who haven't carefully read the Design Pattern literature, particularly the original "Gang of 4" book, miss the fact that a pattern comes with 'qualifying conditions'. Too many people apply a Design Pattern because they think they have to or it's a good thing, without reading -and reasoning about- the definition of the pattern to see if it's applicable/appropriate. And that behavior is equally true of formally trained and self-trained developers.
Meta-comment: Computer Science/Software Development is very trendy! (and that's not meant as a compliment...)
That's a good question, too.
I'd suggest
a. Debugging techniques (but then I strongly prefer design/language approaches that minimize debugging in the first place)
b. Programming-in-the-large, including (i) program structure; (ii) maintenance/documentation considerations (That's true for programmers who have worked on large, well-run projects.)
c. MAYBE multiple programming languages - As I wrote in another posting on this thread, I will not hire a mono-lingual programmer. Too often people coming out of schools have been exposed to one programming language, the popular language-du-jour. If you've been around long enough you've probably worked in several different languages and seen how each language points you towards a certain set of solutions.
d. Understanding of the non-coding aspects, such as design documentation, etc. Again that's true for people who have worked in well-run shops. The rate of illiteracy among programmers isn't getting any better, and in any project > 5 people you'll spend as much time doing reading, writing, talking, etc, as you will in front of a computer typing in code.
I'm about 3/4 self-taught, I had some CS courses in college (before there was even a CS minor in the school) and a couple of grad school courses (which I can't say I got all that much from.)
But here's my list, based on what I've experienced over the last 30 years:
analysis of algorithms, "Big O" and similar things. If you've read a basic data structures book, you -might have- seen this stuff. But it's really important theory to understand. I'd rate this as the #1 gap; people who don't have this knowledge have a real hard time reasoning about or discussing performance, etc.
AI - not an interest of mine, so I've never bothered to learn it. But that's a big hole in my own knowledge. That includes knowledge representation, reasoning systems, etc.
multiple programming paradigms - In this case I'm "OK", I've learned and applied several different programming languages (most of which are not popular/politically correct these days...) I've said I'd never hire a mono-lingual programmer, and that's because learning different languages has given me other ways to look at problems. (See http://en.wikipedia.org/wiki/Sapir-whorf - which applies to programming languages as much as natural languages!)
numeric analysis - That's one of 2 post-grad courses I took where I actually learned a lot, and it seems that numeric analysis is somewhat of a dying art. But a lot of what we do is still 'calculating', so this is important to know.
concurrency - Here I'm personally in good shape because it is an interest, and I've done a lot of work in Ada which provides a very strong concurrent programming model. But things like race conditions, deadlock, consensus algorithms, etc. are growing in importance due to multi-core CPUs. Nancy Lynch's "Distributed Algorithms" is The Book to read here, too bad it's so expensive (http://www.amazon.com/Distributed-Algorithms-Kaufmann-Management-Systems/dp/1558603484)
compiler theory - it's worth knowing how language processing tools work, and with compiler theory (parsers, etc), I'd add knowledge of machine languages. If you ever have to go down to assembly language to find a compiler optimization bug (something I've had to so several times - ain't fun), you MUST know this stuff.
optimization/operations research mathematics - I'm not sure how much this gets taught in CS departments, but I was fortunate enough to get -2- Operations Research courses as a math major (at 2 different schools...) Understanding linear programming, integer programming (things change when you can only deal in whole numbers), PERT/CPM, etc, has proven to be valuable for both hard-core programming and for systems design (and even project management.) I'd also add graph theory to this list, a lot of problems I've worked on are graph problems (they show up in compiler construction, too...)
I've learned -a lot- just by reading other people's code, too. Remember, a program is written once, but read many times during its lifetime. Reading code gives you both an appreciation for how others attack a problem, and the need to make your own code more understandable. This is where the Open Source movement has been a Godsend. (I'll note in passing the Ada community was very good about sharing source code back in the '80s when this wasn't as popular as it is today.)
Finally, a "meta-comment": Although my formal education in CS itself was weak, I've invested a lot in learning on my own. I'm sure my professors would argue they taught me how to learn, and there's some truth to that. But not everyone will snuggle up to a textbook on graph theory on a snowy winter night :-)
Heisenbugs like race conditions (http://en.wikipedia.org/wiki/Heisenbug ) are rarely 'shallow', in that they usually require a lot of analysis, reasoning and testing, and dedicated time to form a mental (or otherwise) model of the code. The argument for 'shallow' here is the potential number of people willing to invest that kind of effort.
Having source code helps a lot, even more when you can instrument the code or use some sort of debugger (which itself can change timing etc and perturb the resulting behavior), but I've tracked down heisenbugs without it.
The previous comments that 'design counts' is certainly true, and there's often trades to be made in the kind of potential conditions you can get. For instance, some synchronization approaches can trade the chance of deadlock against the chance of race conditions.
I'll not comment on whether Microsoft code is "better", since I choose to avoid Microsoft products. (But I will note that many, if not most of the Microsoft desktop products started life outside Microsoft...)
Nuanti's Highgate Media Suite will enable support for standards-based HTML5 video streaming with Theora in browsers that have Silverlight. It works entirely without requiring the users to install any additional software."
Makes Steve Job's opposition to Flash look prescient...
I'm NO fan of Microsoft (which I hold responsible for a lot of the malware problems on the 'Net), nor am I a big fan of PKI (I think the implementations are way to fragile), but I think there might be a worthy idea in here.
Drivers Licenses have two uses:
1. Certification of driving skills
2. A nationally recognized identity
Consider this for use #2...
So what if the government issued an "Internet ID Card", with PKI Certs, etc, that would be used to secure email, transactions, etc? This is by no means a panacea, but as a factor in 2-factor ID, it might well cut down on some forms of malware.
Yes, there -are- civil liberty implications. But we always have the tension between known identity and guaranteed privacy.
So as a form of tougher ID on the Internet, I think this deserves to be taken seriously, and the plusses and minuses (as established here...) should be debated.
The users who are likely to be infected by a bot are the least likely to be able to "fix the problem".
True... But this is where frankly I'd like to see Microsoft, in particular, -pay up- to provide fixes for such machines. As a strawman: Microsoft provides tools and training, and then the end user pays a relatively low fixed fee to get his machine deloused before it can be put back on the net.
PKI might be theoretically secure, but it is to damn complex to set up and maintain in the face of issuing and then managing certs including expiration of same, email addresses that change causing a cascading exchange of certs, case mismatch between the sender's email address, e.g. "joe.blow@example.com" might not match a cert issued to "Joe.Blow@Example.com", etc.
Same thing's true for trying to set up https on websites. But I'm disappointed at how many corporate high-confidence (e.g. bank) websites don't start off with https these days. They can make the purely server-side investment. Unlike email and point-to-point connections, at least web server security is encapsulated on the server.
Another problem is that most of the time you just want a simple "did this message come from who you thought it did", but the cert authorities add to this confirmed identity. That means you have to pay a company like Verisign a lot of money for an identity cert where they require you to show up with your passport, etc,. Again, -overkill- for what most people need, mostly they want to make sure there's no interference with subsequent messages from the same sender.
The error messages in general are not helpful, in part due to bad human factors engineering and in part due to policies that want to prevent covert channels (akin to the lack of distinction between 'file doesn't exist' and 'file exists, but you don't have access')
It took me several years to get reliable PKI certs working for encrypted email on Thunderbird, but all that broke when I moved my mail over to Apple Mail.app. I'll probably have to move back to Thunderbird (even though there are things about T-bird that I actively despise.) Part of that complexity is exchanging individual certificates with others, and part of that is trying to connect to external corporate LDAP servers to get certificates for new correspondents. (Seems that most mailers assume a single internal LDAP server, and don't provide support for connecting to ldap.xyz.com for XYZ employee certs, ldap.abc.com for ABC employee certs, etc.)
And then there's Smart Cards/Common Access Cards, which work OK if someone who knows what they're doing configures a Windows machine, installing third party software, etc, etc. A security measure that only works on Windows is questionable (and that's before the well-documented problems with Windows vulnerabilities, allowing people to get 'inside the firewall'. Just ask Google, Adobe, etc...)
As someone who's been using personal computers for over 30 years, if -I- don't have patience with this, it's certainly not ready for mom-and-pop.
Well, there are IT programmers, and then there are people who have been called 'architects', 'lead programmers', 'software engineers', etc. Anyone who has to reason about correct behavior of a distributed system, as one example, should have a background in both discrete math and in probability, as essential tools to try to reason about correctness, or at least stable/unstable behavior, in his system.
I believe that there is more to IT than hacking code. Even there, when I was a gen-u-ine programmer and the first maintenance programmer on my project (I rewrote a major component twice, once for time because it was taking too long and the second time for space, because it used too much memory. The savings from the latter on this project by reducing memory requirements in the workstation was literally $1m...), I used both CS and discrete mathematics to reason about the code I was trying to rewrite.
So I reject the position taking by "SupplyMission". We have -way too many hackers- and not enough people with both formal reasoning skills and with the specific academic tools, including discrete mathematics, in this business. Nothing is a better illustration of this than the -abomination- of a time reporting/expense reporting system my company bought from an "industry leader." Some of the worst-designed software I've used in -years-!!! (Name provided upon request.)
I'd strongly recommend going with choice #1. There's a huge amount of application of graph theory, etc. in both computer science and in practical programming.
My undergrad degree is in Math, and I have -never- used anything I learned in the classical mathematic topics past linear algebra. The courses in statistics and probability, and the 2 Operations Research courses (I was very lucky to get both of them) have been the really useful items. Unfortunately I was unable to take the graph theory course, but I bought the book anyway.
In conversations with my Alma Mater, they have substantially changed their curriculum, moving away from the classical analysis topics and more into discrete math.
"My kid beat up your honors student"
dave (who was usually on the receiving side of such efforts...)
You're just jealous you didn't send it into Slashdot... ;-)
But to my surprise, CNN.com had the story, where the British Daily Mail (dailymail.co.uk) website didn't have any mention of it when I sent this in last night.
At that point it was reasonable to assume this was still 'breaking news' and worthy of reporting to this community.
I picked up his-and-her iPhones yesterday. (Was scheduled for today, but we're getting all the snow they promised, 14" and coming down at 1"/hour). Verizon coverage is very good, but ATT cannot be any worse than Verizon on customer service and in particular on corporate policies. I got a call a couple of days ago from some Verizon sales rep trying to get me to replace/upgrade my phone. I said "I don't want any of your new phones."
A friend has a Droid and is pretty happy.
Even if you're not an Apple fan, you have to give them credit for recasting the cellphone world and removing the chokehold the carriers had on costs, phones, customer service, etc, etc.
My ISP (satisfied customer for 20 years!) uses a very effective anti-spam device (http://www.escom.com) that includes SPF checking. (No business connection, just a very satisfied customer. I get less than 1 spam/quarter that isn't trapped in quarantine or flat rejected...)
I'm appalled at the "professional" electronic contact service companies that fail to set up SPF records, e.g. Bronto.com that sends emails on behalf of the IEEE Computer Society. If this is your business, you have every obligation to make sure your services on behalf of -paying customers- are properly configured, even if some anti-spam devices do not use SPF as part of their spam detection approach.
Failure to include SPF records usually causes an email to get trapped in quarantine on my ISP. That's not "catastrophic" but it is most certainly annoying for something that can be very easily prevented, particularly by companies/organizations that actively invest in email.
... indicates that they (and the rest of our atmosphere) may be of extraterrestrial origin..
Duh. Why do you suppose they call it "krypton," Kal-El?