I'm more ambivalent - no, angry - about the "staple of the geek diet" statement in the summary.
What the hell has "geek" come to mean? Some awful stereotype of pallid fat socially inept outcasts sat in the glow of a computer screen stuffing junk food in our mouths?
Bollocks to that.
A geek is meant to be intelligent. Intelligence looks at the evidence and sees that eating properly makes you happier and more effective.
Like the parent says - Doritos shouldn't be anyone's "staple".
The Glastonbury Festival is held on what is for the rest of the year a working dairy farm. The festival peopled by a mixture of mainstream music fans and old-school hippies, including, of course, a number of militant vegetarians and vegans.
Every morning, a truck circulates the campsites selling pints of milk. One year, upon the tailgate of the truck, was sprayed "MILK: RAPED FROM COWS".
To this day, I don't know whether it was written there in earnest, or in jest. It could so easily be either.
But yeah, balking at pigeon milk is as irrational as spurning horse meat.
It quotes Dubner directly. Dubner says nothing about bug bounties in relation to rat farming.
He talks about the rat farming anecdote, then talks about unintended consequences in general, in the realm of government, not software development.
His main observation seems to be that politicians have no incentive to create schemes that are immune to unintended consequences, because the unintended consequences are usually long-term -- and the politicians only want their scheme to reflect well on them long enough to get re-elected, earn bonuses, etc. in the short term.
The nonsensical leap to bug bounties is an invention of Dennis Fisher's.
As I've already said, Dubner's a clever bloke. If he was trying to make the point you've made, then he'd have found a suitable analogy. He has at least two bookfuls.
No, this is a reporter getting the wrong end of the stick.
But let's think about your observations.
The rat farming thing is fairly interesting. You can imagine the rat bounty seeming like a good idea. People subverting it by farming rats would come as a surprise to a lot of people. Freakonomics is full of stories like that.
Your observation, that a bug hunt will reveal lots of inconsequential bugs, but the few significant ones make it worthwhile -- well, that's entirely the expected result, surely?
However, they are very similar to the rat farmers in the sense that they might not care about the software being bug-free (or the city being clear of rats) and are only interested in the monetary gains.
But that part isn't notable or interesting.
The whole point of the rat bounty is to coax people into hunting wild rats, who wouldn't be doing it without the monetary incentive. Just like an external security analyst, the legitimate vermin killer is only doing it for the money.
What makes the rat farming anecdote notable, is that people would exploit the scheme by claiming the money while actually making the problem worse. But the bug bounty story has no parallel for that interesting part -- unless someone actually is deliberately injecting bugs, so they can claim credit for fixing them later.
As an aside, I've worked in a couple of places were you get a lot of visibility and credit for fixing serious production issues, and little recognition for maintaining a code base that never goes wrong. We often joke that it's an incentive to put time bombs in the code, but as far as I know, nobody's ever gone through with it.
I had always kind of figured the Freakonomics guys were more pop-pseudo-science than actual hard science. But I'm not an expert in any of the other fields they've discussed. Now I guess I know for sure that they're full of it.
Freakonomics is fine. This seems like a chinese whispers in the retelling.
The (current) last two paragraphs of the article were added after many of the/. comments were posted.
Previous final sentences:
But are those bugs being bred in the lab by researchers just to be led to the slaughter for a nice payday? Yes, yes they are. And that's a good thing.
Added paragraphs:
The researchers aren't introducing the bugs into the software, of course; they're simply finding flaws that might not have been found under other circumstances. Those who run the bug bounty programs at the software companies say that they are seeing more and more submissions than they did before their programs began, and the combined resources of the external researchers and the vendors' internal teams finds far more flaws than just the internal teams could.
The idea of people raising rats for the express purpose of killing them likely isn't what the officials had in mind when they began their reward program, and they may well end up with a larger rat infestation than they had when they began if they put a stop to the rewards and the rats end up wandering the streets. But the opposite has occurred with the vendors' bug bounty programs. As they've continued to reward researchers and even raise the amount they pay for new bugs, researchers have responded with more submissions, and all of the users of those applications have benefited.
Seems like an attempt to rescue the article from terminal idiocy. But it's just digging a deeper hole.
It's just like rat farming! Except that nobody's manufacturing defects deliberately. Rat farming had unintended consequences! Bug bounties have exactly the consequences that their designers were aiming for: lots of people detecting bugs.
I think what you're saying is, it's not a direct analogy.
"Here's an example of an incentive scheme that has an unexpected and undesirable outcome".
"Bug bounties can also have unexpected outcomes" -- but with a quite different mechanism.
I don't think Dubner would have done that. Freakonomics (the book) contains loads of examples of unexpected outcomes due to skewed incentives. He could have found one that fitted better.
No, I'm pretty sure this is just a reporter failing to convey what was actually said.
(Favourite Freakonomics story: the city that decided to pay its rubbish collectors bonuses based on the weight of what they brought in. Rubbish brought in increases, by weight: success! But their incinerator's efficiency measurements fall dramatically. What's going on? Much of the rubbish is now soaking wet. )
1. Note missing feature in Firefox 2. Write missing functionality; include carefully obfuscated security bug 3. Donate code to Mozilla 4. "Find" and fix bug. Claim bounty. 5. Collapse, cackling, into your bed of dollar bills.
My HTC Desire came with Android 2.1, got an official OTA update to 2.2, and I'm currently running 2.3 Cyanogenmod on it. HTC at first said they weren't going to provide an official 2.3, but have since said they'll release one.
That's pretty good going in my opinion.
I don't expect the Desire to support >2.3 since already in 2.3 system memory is tight.
Don't people remember the string of incidents with the ultimate being the day that you could log into any Dropbox account you wished without a password? Why are they even still in business?
Because people use them for stuff that's not confidential? Or not sufficiently confidential to get get up about?
The social messaging services are not all that this is for. For example, one of the recipes is for it to send you an SMS if weather.com says it'll rain in your town tomorrow. Another copies content into your Dropbox if you start it in Google Reader.
These are neat ways to streamline the way you consume these services. Too simple to really be called programming, but useful nonetheless.
Slashdot Mirror
Solution: don't publish PDFs. Pressure the sources of stuff you read not to publish PDFs.
Reflowable formats should be the default choice.
The various stadia will be used to hosting a capacity crowd, and phone networks will have provided for them.
Presumably the phone networks will have provided adequate cover for the newly built Olympic facilities.
They'll probably be putting in temporary cells for the rural events too.
I doubt this is going to be a problem; and if it is, it's negligence on the part of the networks, not the result of a fundamentally difficult problem.
I'm more ambivalent - no, angry - about the "staple of the geek diet" statement in the summary.
What the hell has "geek" come to mean? Some awful stereotype of pallid fat socially inept outcasts sat in the glow of a computer screen stuffing junk food in our mouths?
Bollocks to that.
A geek is meant to be intelligent. Intelligence looks at the evidence and sees that eating properly makes you happier and more effective.
Like the parent says - Doritos shouldn't be anyone's "staple".
Yep.
Pigeon Pie. Not made with the flying rats you see in towns.
"Nipples" is now censorship fodder? Come on.
Pigeons, however, don't have nipples. The "milk" arises in the crop. RTFA.
The Glastonbury Festival is held on what is for the rest of the year a working dairy farm. The festival peopled by a mixture of mainstream music fans and old-school hippies, including, of course, a number of militant vegetarians and vegans.
Every morning, a truck circulates the campsites selling pints of milk. One year, upon the tailgate of the truck, was sprayed "MILK: RAPED FROM COWS".
To this day, I don't know whether it was written there in earnest, or in jest. It could so easily be either.
But yeah, balking at pigeon milk is as irrational as spurning horse meat.
I don't think anyone's going to MRI scan you without your knowledge any time soon.
Another blog post, another site: http://www.leadershipblog.co.za/2010/08/11/stephen-dubner/
It quotes Dubner directly. Dubner says nothing about bug bounties in relation to rat farming.
He talks about the rat farming anecdote, then talks about unintended consequences in general, in the realm of government, not software development.
His main observation seems to be that politicians have no incentive to create schemes that are immune to unintended consequences, because the unintended consequences are usually long-term -- and the politicians only want their scheme to reflect well on them long enough to get re-elected, earn bonuses, etc. in the short term.
The nonsensical leap to bug bounties is an invention of Dennis Fisher's.
1. I think you underestimate how dumb people can be
2. It's trivial to work around that obstacle with a little collusion.
As I've already said, Dubner's a clever bloke. If he was trying to make the point you've made, then he'd have found a suitable analogy. He has at least two bookfuls.
No, this is a reporter getting the wrong end of the stick.
But let's think about your observations.
The rat farming thing is fairly interesting. You can imagine the rat bounty seeming like a good idea. People subverting it by farming rats would come as a surprise to a lot of people. Freakonomics is full of stories like that.
Your observation, that a bug hunt will reveal lots of inconsequential bugs, but the few significant ones make it worthwhile -- well, that's entirely the expected result, surely?
No, we're confused because the rat farming analogy has no bearing on the good news you noticed.
Rat farming: Incentive scheme leads to unintended, unexpected, undesirable outcome
Bug bounty: Incentive scheme leads to intended, expected, desirable outcome
However, they are very similar to the rat farmers in the sense that they might not care about the software being bug-free (or the city being clear of rats) and are only interested in the monetary gains.
But that part isn't notable or interesting.
The whole point of the rat bounty is to coax people into hunting wild rats, who wouldn't be doing it without the monetary incentive. Just like an external security analyst, the legitimate vermin killer is only doing it for the money.
What makes the rat farming anecdote notable, is that people would exploit the scheme by claiming the money while actually making the problem worse. But the bug bounty story has no parallel for that interesting part -- unless someone actually is deliberately injecting bugs, so they can claim credit for fixing them later.
As an aside, I've worked in a couple of places were you get a lot of visibility and credit for fixing serious production issues, and little recognition for maintaining a code base that never goes wrong. We often joke that it's an incentive to put time bombs in the code, but as far as I know, nobody's ever gone through with it.
I had always kind of figured the Freakonomics guys were more pop-pseudo-science than actual hard science. But I'm not an expert in any of the other fields they've discussed. Now I guess I know for sure that they're full of it.
Freakonomics is fine. This seems like a chinese whispers in the retelling.
The (current) last two paragraphs of the article were added after many of the /. comments were posted.
Previous final sentences:
But are those bugs being bred in the lab by researchers just to be led to the slaughter for a nice payday? Yes, yes they are. And that's a good thing.
Added paragraphs:
The researchers aren't introducing the bugs into the software, of course; they're simply finding flaws that might not have been found under other circumstances. Those who run the bug bounty programs at the software companies say that they are seeing more and more submissions than they did before their programs began, and the combined resources of the external researchers and the vendors' internal teams finds far more flaws than just the internal teams could.
The idea of people raising rats for the express purpose of killing them likely isn't what the officials had in mind when they began their reward program, and they may well end up with a larger rat infestation than they had when they began if they put a stop to the rewards and the rats end up wandering the streets. But the opposite has occurred with the vendors' bug bounty programs. As they've continued to reward researchers and even raise the amount they pay for new bugs, researchers have responded with more submissions, and all of the users of those applications have benefited.
Seems like an attempt to rescue the article from terminal idiocy. But it's just digging a deeper hole.
It's just like rat farming! Except that nobody's manufacturing defects deliberately.
Rat farming had unintended consequences! Bug bounties have exactly the consequences that their designers were aiming for: lots of people detecting bugs.
I think what you're saying is, it's not a direct analogy.
"Here's an example of an incentive scheme that has an unexpected and undesirable outcome".
"Bug bounties can also have unexpected outcomes" -- but with a quite different mechanism.
I don't think Dubner would have done that. Freakonomics (the book) contains loads of examples of unexpected outcomes due to skewed incentives. He could have found one that fitted better.
No, I'm pretty sure this is just a reporter failing to convey what was actually said.
(Favourite Freakonomics story: the city that decided to pay its rubbish collectors bonuses based on the weight of what they brought in. Rubbish brought in increases, by weight: success! But their incinerator's efficiency measurements fall dramatically. What's going on? Much of the rubbish is now soaking wet. )
Also : I've never seen a pizza analogy on slashdot. I'm curious - what are they like?
They're a lot like stone soup analogies.
Business model!
1. Note missing feature in Firefox
2. Write missing functionality; include carefully obfuscated security bug
3. Donate code to Mozilla
4. "Find" and fix bug. Claim bounty.
5. Collapse, cackling, into your bed of dollar bills.
It's correct to observe that an incentive scheme could, conceivably, tempt developers into deliberately inserting bugs.
This would happen if you:
What the article doesn't do is point at real-world instances of this happening, or explain why "that's a good thing".
Stephen Dubner is a smart guy, and I'm sure he had a solid point to make.
I can only imagine that this reporter has failed to relay it correctly.
What confuses me most is the "and that's a good thing" at the end. Mystifying.
My HTC Desire came with Android 2.1, got an official OTA update to 2.2, and I'm currently running 2.3 Cyanogenmod on it. HTC at first said they weren't going to provide an official 2.3, but have since said they'll release one.
That's pretty good going in my opinion.
I don't expect the Desire to support >2.3 since already in 2.3 system memory is tight.
So fork it.
Merge in Google's improvements if/when they're released.
Google could have done a lot more for free software, although just like anyone else, it's free to make its own choices. But it hasn't done nothing.
Chromium is BSD licensed.
Go is open source. They've released useful Javascript and Java libraries. V8 is free and awesome. WebM is free. GWT is free.
Summer of Code encourages free software.
Google has done more than nothing for OSS.
Be fair. If Slashdot waited for earth shattering news before posting, as you seem to expect, we'd go months at a time without a post.
It's a neat tool for those who want it.
Nobody *needs* it, but some people may find it useful. I do.
Don't people remember the string of incidents with the ultimate being the day that you could log into any Dropbox account you wished without a password? Why are they even still in business?
Because people use them for stuff that's not confidential? Or not sufficiently confidential to get get up about?
The social messaging services are not all that this is for. For example, one of the recipes is for it to send you an SMS if weather.com says it'll rain in your town tomorrow. Another copies content into your Dropbox if you start it in Google Reader.
These are neat ways to streamline the way you consume these services. Too simple to really be called programming, but useful nonetheless.