Re:Lines of code isn't the only thing that counts
on
First GNOME Census Results
·
· Score: 2, Informative
> This is not contributing back to the community.
I think a lot are pointing out which dishes suck. They may not be able to tell you exactly why and how, but if your target is the general public, that's useful info if you know how to sort it out properly.
> All this noise distracts from the real contributors who actually do the work, quietly, productively and without much of a fanfare.
If the bug reports are distracting the workers then it's the fault of the organization.
The bug reports do not have to go straight to the developers. They can go to someone else first whose job is to figure out which are the top problems to be fixed - there are always bugs so you have to prioritize. Maybe someone could also figure out whether the problem is a bug that's best fixed in a module or one that's best fixed by changing the architecture in the future - too often if people are too busy fixing stuff at the tree level, they don't fix stuff at the forest level.
At the end of the day, one _seems_ to work and one completely doesn't.
I wouldn't recommend Debian to "normal" people. Or even Ubuntu.
Ubuntu and the rest have made a lot of progress on "Desktop Linux" but they still have a long way to go. I used to prefer KDE to Gnome, but KDE seem to have lost their way or something, judging from their recent stuff.
Microsoft has lost their way too (the Win 9x/Win2K UI actually is not that badly thought out, then it got worse and worse from XP to Win 7), but they have the advantage of mass preinstallations.
> Doesn't solve subject movement at all, but then, nothing really does other than cranking down the exposure time.
I suspect that if it's possible to get very many images of the subject then you can gather enough data to rebuild what would be a more accurate image of the subject. Even if the individual images are blurry...
Imagine you're some mid level person: you know the success rates of these large Gov IT projects. So are you going to put your signature on the proposal to upgrade to IE8?
No, you wait for some big guy at the top to propose it - that person probably gets benefits worth the risk. Whether fat bonuses or kickbacks.
To me it's a shame that they can't create web apps for government work that are more cross platform. I thought most of this stuff would just be filling forms and updating some stuff.
Because you could lose your job if it goes wrong? That's often considered undesirable.
The rewards for risk taking in some organizations are very low, or even negative.
So if things are working overall (even though there are some problems- there aren't any show stoppers), you don't push for any changes.
And if change is required, many have concluded that it's often a good idea to spend other people's money in order to keep your job. Can't be too careful right?:)
How so? The Dual BIOS Gigabyte motherboards are certainly upgradeable. In fact one of the benefits of the Gigabyte dual BIOS was that you can more easily recover if your upgrade goes wrong - you can fall back to the original/backup ROM and start the whole upgrade again.
> The way I see it, there's no way to cheat at a real test,
Can you give an example of a real test where cheating is not possible? Even the Mission Impossible people can cheat in an essay test. Or a CCIE test.
With sufficient resources and preparation time you can cheat in most tests. Assuming they don't strip naked, MRI all test candidates, and put each in their own sealed Faraday cage for the test.
Even then you may have difficulty ensuring that the person sitting for the test is actually the person who's supposed to get the certs/grades. After all people have also been known to pay others to sit for some tests.
How about TI design the calculator to allow people to install software, but have a hardware button to reset everything- e.g. overwite the entire flash with an original ROM? I think Gigabyte motherboards have a "dual BIOS" thing which does that. You want to bring your calculator in, too bad it gets reset to the old original ROM.
Then kids who can figure out how to mod the calculator and still cheat in exams probably would do OK anyway.
> if people CAN cheat at a test, there's something wrong with the testing method.
Just because the "Mission Impossible" sort of people can cheat in your highschool's test doesn't mean there's something wrong with the test.
> the way of thinking for programming and computer science are the same.
Similar. There are a lot of differences. It's like math vs engineering. Yes engineering does involve math, but most engineers don't actually spend that much time doing math in the real world.
A programmer could spend a fair bit of time thinking on topics like: 0) What's the "fastest" and "OK enough" way to _write_ the code (CS on the other hand is typically more about the best way the code should do stuff). 1) How can a hacker or user screw this up. How do I stop it? 2) What sort of exceptions/interrupts are possible at this point and what should be done about them? 3) Is this library portable? Is it ok to assume recent enough versions of it are available on every system, or do I bundle it (and check licensing). 4) Should I bother making this configurable? What's a suitable default value? 5) WTF do I name this item (variable, object, method, module, lib etc)?
I'm sure the more experienced and good coders out there can provide more and better examples.
And from what I see, most computer scientists hardly ever think about stuff like that. Maybe a few might descend from their ivory towers to touch on such mundane topics from time to time.;)
> I know computer science is way more than just programming.
And programming is way more than computer science.
There's overlap, but you can be a top computer scientist without being able to write a multiplayer game engine that's even half as good as the current ones on the market - easy to be licensed out to 3rd parties, performs well, great features, not ridden with security flaws etc.
And you might be a good programmer without being able to create sorting algorithms even half as good as the current ones known. You'd probably just look for convenient and suitable preexisting library/algorithm for your purposes. After all if the product is not out of the door soon enough, there may be zero customers to enjoy the benefits of your fancy latest research sorting algo.
Yes there's some overlap but they are two rather different fields. Then again to most people it's "Geeky/Nerdy" stuff, so depends on how far back you stand...:)
If/when more cars start using lots of electricity to run, you'd probably want distance/kWh since most electricity rates are by kilowatt hour (whether they are taking money from you, or crediting you:) ).
FWIW there are about 34 megajoules in a litre of petrol. So that's about 9.5kWh/litre. BUT that's not so useful if your fuel supplier doesn't charge you in kWh. After all what most people would want to know is how much it would cost them. For a hybrid car the fuel may be converted to electricity, but it also may not be.
So what you'd want is a "100% liquid fuel" only distance/litre rate, and a "100% electric" distance/kWh rate, then you can get the distance/$$ for both, so that you can better decide on whether you want to fill up at the fuel station, or charge at home.
You don't want some marketing bullshit MPG rate, with fine print stating lots of assumptions about electricity cost (which varies a fair bit) and how much you drive on "electric only".
Yeah that's a biggie, but for years not many malware authors exploited it though.
So far autorun works well enough for them and I think using autorun to launch stuff is according to the Microsoft Windows guidelines, so I'm sure Microsoft will maintain backward compatibility with that method for a few more years;).
Whereas I bet Microsoft will fix the icon problem, if only for Windows Vista onwards (if they think they can get away with annoying the megacorps still on XP).
While that's true. You can also have stuff that nobody _else_ wants.
Basically you get stuff that has low "fence/resale value", or customize/modify it to be so.
Many thieves want cash and want it without having to do too much work. So they have to be able to sell the stuff easily. An item that's too unique looking will be hard to sell off.
It can also increase their chances of getting caught. Stealing and driving the only "Hello Kitty" theme Camry in the city or even the state is going to be rather risky. People including cops might notice that it isn't the usual person driving it...
Does noexec work against some user typing "perl Makefile.PL"?
Windows users were willing to enter passwords to decrypt zipfiles in order to run the malware inside... Or to do various things in order to install "Antivirus 2010" on their "infected" machine. So give these sort of users a "Desktop Linux" OS, and I'm sure they'll step right up to the task. Anything to see bunnies/pigs/famousperson.
While the distros differ, to create a spam or DDoS zombie, you don't need that much beyond the perl standard library and normal user privileges. LWP and even IO::Socket::INET are available on most distros.
To keep it running you can hook onto all the.rc and.profile stuff, and/or use "at" or "crontab". Joe User isn't going to know anymore than they can look at the windows registry to find similar stuff.
So I think you overestimate the difficulty of writing cross-distro malware. Writing it to also run on OSX will take a few more lines (e.g. to put the relevant launchd stuff in ~/Library/LaunchAgents or wherever), but I'm sure the average perl hacker is up to the task.
Python and ruby are nearly as widespread nowadays if you don't want to use perl.
I'm currently writing some crossplatform (Linux, Solaris, AIX, OSX etc) stuff for work. And only a very few of the problems I'm facing would make malware difficult. The only issues I see are installation (but the user might help;) ), and getting the stuff to keep starting up (which isn't so hard).
Anyway, if OSX gets really popular, The Steve is going to have a good excuse to "App Store" and jail OSX...
Or modify their ranking algorithm to smack down these spammers. For example, just pick a few very unrelated trend keywords/phrases. Then find sites which are turning up for these set of unrelated keywords. After some sanity checks, rank the sites down.
> Mehserle's criminal defense attorney, has claimed Mehserle intended to fire his Taser, but mistakenly shot Grant with a pistol when he thought Grant was reaching for a gun.
> Police said Johnston fired at them and they fired in response; she fired one shot out the door over the officers' heads and they fired 39 shots, five or six of which hit her. > None of the officers were injured by her gunfire, but Johnston was killed by the officers. Police injuries were later attributed to "friendly fire" from each others' weapons.
> is that people seem to feel completely fine using terms like "cure a disease" to describe dealing with religious individuals. > Congratulations on taking the absolute worst characteristics of the people you seem to be opposed to and making them your own.
Heh, as I said earlier, these are the ones who have found "religion"- "Atheism" with a capital A.
They may not believe there's a God, but their fervour cannot be denied;).
> This is not contributing back to the community.
I think a lot are pointing out which dishes suck. They may not be able to tell you exactly why and how, but if your target is the general public, that's useful info if you know how to sort it out properly.
> All this noise distracts from the real contributors who actually do the work, quietly, productively and without much of a fanfare.
If the bug reports are distracting the workers then it's the fault of the organization.
The bug reports do not have to go straight to the developers. They can go to someone else first whose job is to figure out which are the top problems to be fixed - there are always bugs so you have to prioritize. Maybe someone could also figure out whether the problem is a bug that's best fixed in a module or one that's best fixed by changing the architecture in the future - too often if people are too busy fixing stuff at the tree level, they don't fix stuff at the forest level.
At the end of the day, one _seems_ to work and one completely doesn't.
I wouldn't recommend Debian to "normal" people. Or even Ubuntu.
Ubuntu and the rest have made a lot of progress on "Desktop Linux" but they still have a long way to go. I used to prefer KDE to Gnome, but KDE seem to have lost their way or something, judging from their recent stuff.
Microsoft has lost their way too (the Win 9x/Win2K UI actually is not that badly thought out, then it got worse and worse from XP to Win 7), but they have the advantage of mass preinstallations.
> Doesn't solve subject movement at all, but then, nothing really does other than cranking down the exposure time.
I suspect that if it's possible to get very many images of the subject then you can gather enough data to rebuild what would be a more accurate image of the subject. Even if the individual images are blurry...
> The US has 12 reserve banks, and there are about 8,100 tonnes of gold in them
Hmm that's about 310 billion US dollars, or about 26 billion per bank.
I think the investment bankers help lose a lot more money than that ;).
The Federal Reserve also secretly loaned out more than that:
http://www.google.com/search?q=+site:www.bloomberg.com+federal+reserve+trillions
So I think there are ways to make a huge profit and do it far more safely and legally[1] than robbing banks.
[1] Yes there's some relativeness - even if it's illegal, do it right and you won't do as much time :).
Someone else's signature was on that OPEX?
Imagine you're some mid level person: you know the success rates of these large Gov IT projects. So are you going to put your signature on the proposal to upgrade to IE8?
No, you wait for some big guy at the top to propose it - that person probably gets benefits worth the risk. Whether fat bonuses or kickbacks.
You? You get a free mug maybe.
> Nothing is standardised between departments,
:).
Except Windows and IE6 I guess
To me it's a shame that they can't create web apps for government work that are more cross platform. I thought most of this stuff would just be filling forms and updating some stuff.
Because you could lose your job if it goes wrong? That's often considered undesirable.
:)
The rewards for risk taking in some organizations are very low, or even negative.
So if things are working overall (even though there are some problems- there aren't any show stoppers), you don't push for any changes.
And if change is required, many have concluded that it's often a good idea to spend other people's money in order to keep your job. Can't be too careful right?
You can't live forever either. But most people keep trying to put off the inevitable.
Procrastination is great, I'll tell you why later...
Hey I'm all for "fuck the poor" as long as I get a say in who fucks me and the rich hot babe actually wants to :).
:(.
But until such policies get introduced, it looks like I'll remain a poor slashdot virgin
>that breaks upgradability.
How so? The Dual BIOS Gigabyte motherboards are certainly upgradeable. In fact one of the benefits of the Gigabyte dual BIOS was that you can more easily recover if your upgrade goes wrong - you can fall back to the original/backup ROM and start the whole upgrade again.
> The way I see it, there's no way to cheat at a real test,
Can you give an example of a real test where cheating is not possible? Even the Mission Impossible people can cheat in an essay test. Or a CCIE test.
With sufficient resources and preparation time you can cheat in most tests. Assuming they don't strip naked, MRI all test candidates, and put each in their own sealed Faraday cage for the test.
Even then you may have difficulty ensuring that the person sitting for the test is actually the person who's supposed to get the certs/grades. After all people have also been known to pay others to sit for some tests.
How about TI design the calculator to allow people to install software, but have a hardware button to reset everything- e.g. overwite the entire flash with an original ROM? I think Gigabyte motherboards have a "dual BIOS" thing which does that. You want to bring your calculator in, too bad it gets reset to the old original ROM.
Then kids who can figure out how to mod the calculator and still cheat in exams probably would do OK anyway.
> if people CAN cheat at a test, there's something wrong with the testing method.
Just because the "Mission Impossible" sort of people can cheat in your highschool's test doesn't mean there's something wrong with the test.
The part I'm wondering about is are those Realtek signed components actually Realtek components?
e.g. Did Realtek screw up on the cert handling or the components were actually made by realtek but were flexible enough to be abused by hackers?
I'm sure a combination of google, twitter, facebook, discussion boards etc can help malware avoid the use of blacklisted DNS domains.
Nobody is going to blacklist those.
Is Vixie promoting yet another complicated (or even "Rube Goldberg"ish ) solution to problems?
> the way of thinking for programming and computer science are the same.
;)
:)
Similar. There are a lot of differences. It's like math vs engineering. Yes engineering does involve math, but most engineers don't actually spend that much time doing math in the real world.
A programmer could spend a fair bit of time thinking on topics like:
0) What's the "fastest" and "OK enough" way to _write_ the code (CS on the other hand is typically more about the best way the code should do stuff).
1) How can a hacker or user screw this up. How do I stop it?
2) What sort of exceptions/interrupts are possible at this point and what should be done about them?
3) Is this library portable? Is it ok to assume recent enough versions of it are available on every system, or do I bundle it (and check licensing).
4) Should I bother making this configurable? What's a suitable default value?
5) WTF do I name this item (variable, object, method, module, lib etc)?
I'm sure the more experienced and good coders out there can provide more and better examples.
And from what I see, most computer scientists hardly ever think about stuff like that. Maybe a few might descend from their ivory towers to touch on such mundane topics from time to time.
> I know computer science is way more than just programming.
And programming is way more than computer science.
There's overlap, but you can be a top computer scientist without being able to write a multiplayer game engine that's even half as good as the current ones on the market - easy to be licensed out to 3rd parties, performs well, great features, not ridden with security flaws etc.
And you might be a good programmer without being able to create sorting algorithms even half as good as the current ones known. You'd probably just look for convenient and suitable preexisting library/algorithm for your purposes. After all if the product is not out of the door soon enough, there may be zero customers to enjoy the benefits of your fancy latest research sorting algo.
Yes there's some overlap but they are two rather different fields. Then again to most people it's "Geeky/Nerdy" stuff, so depends on how far back you stand...
They still haven't fixed his keyboard?
If/when more cars start using lots of electricity to run, you'd probably want distance/kWh since most electricity rates are by kilowatt hour (whether they are taking money from you, or crediting you :) ).
FWIW there are about 34 megajoules in a litre of petrol. So that's about 9.5kWh/litre. BUT that's not so useful if your fuel supplier doesn't charge you in kWh. After all what most people would want to know is how much it would cost them. For a hybrid car the fuel may be converted to electricity, but it also may not be.
So what you'd want is a "100% liquid fuel" only distance/litre rate, and a "100% electric" distance/kWh rate, then you can get the distance/$$ for both, so that you can better decide on whether you want to fill up at the fuel station, or charge at home.
You don't want some marketing bullshit MPG rate, with fine print stating lots of assumptions about electricity cost (which varies a fair bit) and how much you drive on "electric only".
47 years is a long time.
Maybe in 10 years they might find a cure or decent workaround.
After all you can control stuff with your thoughts now. It's crude, but should get better.
Yeah that's a biggie, but for years not many malware authors exploited it though.
;).
So far autorun works well enough for them and I think using autorun to launch stuff is according to the Microsoft Windows guidelines, so I'm sure Microsoft will maintain backward compatibility with that method for a few more years
Whereas I bet Microsoft will fix the icon problem, if only for Windows Vista onwards (if they think they can get away with annoying the megacorps still on XP).
While that's true. You can also have stuff that nobody _else_ wants.
Basically you get stuff that has low "fence/resale value", or customize/modify it to be so.
Many thieves want cash and want it without having to do too much work. So they have to be able to sell the stuff easily. An item that's too unique looking will be hard to sell off.
It can also increase their chances of getting caught. Stealing and driving the only "Hello Kitty" theme Camry in the city or even the state is going to be rather risky. People including cops might notice that it isn't the usual person driving it...
Does noexec work against some user typing "perl Makefile.PL"?
.rc and .profile stuff, and/or use "at" or "crontab". Joe User isn't going to know anymore than they can look at the windows registry to find similar stuff.
;) ), and getting the stuff to keep starting up (which isn't so hard).
Windows users were willing to enter passwords to decrypt zipfiles in order to run the malware inside... Or to do various things in order to install "Antivirus 2010" on their "infected" machine. So give these sort of users a "Desktop Linux" OS, and I'm sure they'll step right up to the task. Anything to see bunnies/pigs/famousperson.
While the distros differ, to create a spam or DDoS zombie, you don't need that much beyond the perl standard library and normal user privileges. LWP and even IO::Socket::INET are available on most distros.
To keep it running you can hook onto all the
So I think you overestimate the difficulty of writing cross-distro malware. Writing it to also run on OSX will take a few more lines (e.g. to put the relevant launchd stuff in ~/Library/LaunchAgents or wherever), but I'm sure the average perl hacker is up to the task.
Python and ruby are nearly as widespread nowadays if you don't want to use perl.
I'm currently writing some crossplatform (Linux, Solaris, AIX, OSX etc) stuff for work. And only a very few of the problems I'm facing would make malware difficult. The only issues I see are installation (but the user might help
Anyway, if OSX gets really popular, The Steve is going to have a good excuse to "App Store" and jail OSX...
Or modify their ranking algorithm to smack down these spammers. For example, just pick a few very unrelated trend keywords/phrases. Then find sites which are turning up for these set of unrelated keywords. After some sanity checks, rank the sites down.
And remember that xkcd coined word ( http://news.slashdot.org/article.pl?sid=10/05/13/183221 )? You can use stuff like that to find a whole bunch of sites to exclude.
Or Google could just make it easier for me to blacklist entire sites from appearing on google search.
Currently you have to tinker around with Google's custom search[1], and it's kinda klunky when there are hundreds of linkspam sites.
The "whack-a-mole" needs to be easier.
Yes I even tried a few firewall plugins but they didn't work so well. Maybe things have improved since.
[1] http://www.ehow.com/how_6752589_create-blacklist-google-search-results_.html
It may work as intended/designed. But the intention/design could be wrong/mistaken.
So what if you can prove that the software does "X" as designed? Very many bugs are because the spec/design should be to do "Y" instead.
That's why math proofs of "software correctness" are not that useful in most real world scenarios.
Nah.
http://en.wikipedia.org/wiki/BART_Police_shooting_of_Oscar_Grant
> Mehserle's criminal defense attorney, has claimed Mehserle intended to fire his Taser, but mistakenly shot Grant with a pistol when he thought Grant was reaching for a gun.
http://en.wikipedia.org/wiki/Kathryn_Johnston_shooting
> Police said Johnston fired at them and they fired in response; she fired one shot out the door over the officers' heads and they fired 39 shots, five or six of which hit her.
> None of the officers were injured by her gunfire, but Johnston was killed by the officers. Police injuries were later attributed to "friendly fire" from each others' weapons.
This civilian didn't get away as lightly when he shot some cops that busted in to his home: http://en.wikipedia.org/wiki/Cory_Maye
> is that people seem to feel completely fine using terms like "cure a disease" to describe dealing with religious individuals.
;).
> Congratulations on taking the absolute worst characteristics of the people you seem to be opposed to and making them your own.
Heh, as I said earlier, these are the ones who have found "religion"- "Atheism" with a capital A.
They may not believe there's a God, but their fervour cannot be denied