Greenspun's arguments are very similar to those of Fred Brooks: almost all effective software is written by a small number of programmers, and if you want to have a productive organization, coddle your superprogrammers and work them to death.
There are several problems with this model (speaking as a former superprogrammer at TRW, 1972-79):
You can only identify most of your superprogrammers afterwards...
There aren't that many of them. Organizations have to make do with the general population of programmers.
There are a lot of programming problems that _nobody_ can solve. Don't throw superprogrammers at impossible problems.
You _can_ develop a few superprogrammers if you're willing to spend the time. Most companies aren't.
Most of them are interested in having a life.
So, realistically speaking, you have to develop a way of managing that works for the average programmer...and sometimes they turn out to be superprogrammers.
There are a good many people in the IT industry who are responsible for children, either because they are single parents or they take that responsibility within the family. My experience is that this can be a significant hassle, both for the parent and the coworkers. Despite high-level company support for such programs as take-your-child-to-work, managers have to cope with the disruption. So, yes, child-care and other signs of a pro-family attitude are definite considerations in the choice of employer when you're older, more experienced and more mature.
Since I have an idea simmering in the back of my mind that is based on my dissertation work and that I suspect will be very valuable once I get it together, I definitely like the European perspective. My idea is very unobvious and will take significant work to develop. The problem with the US PTO appears to reflect cluelessness about what is obvious rather than pure wrongheadedness.
What we really need is software vendors becoming liable for the economic impact of software faults.
Computer Security in Today's World
on
Microsoft Cracked
·
· Score: 1
Automated computer security is vulnerable to bugs and social engineering. I wonder which was responsible here. Basically, you need a man in the loop to notice the funny patterns.
What would be interesting would be a thorough search through the code for back doors, but I suspect that has been done by MS, at least for the ones not deliberately inserted. What would be scary is the perps doing a thorough search through the code for buffer overflow opportunities.
I did my BS in math at UCD. Edward Teller had a joint appointment at Berkeley and Davis, so he used to have a seminar at Davis. I remember one session where he talked about his ideas for civilian uses of nuclear explosions. They had to be specific projects where a very large underground explosion would be useful.
Later, I worked on one of the ballistic missile defense systems, Site Defense. SD and its predecessors used nuclear kill at low altitude. Originally, these systems were intended for city defense, but Congress was somehow bothered by the use of dozens of small nuclear bursts to defend a city against incoming reentry vehicles. Something about collateral damage.
If you've ever played that video game where you used missiles to defend against an attack from space, it has an interesting background. It was originally written by a friend for the Commodor Pet as a serious study of battlespace management in ballistic missile defense, based on a study I did soon after I left grad school and started work.
My grandfather was one of the original investors, and did very well, so when Xerox hit 8, I bought 500 shares. Looks like a poor investment now. Xerox's only real asset is their incredible technology, and now they're shopping it around. I applied to PARC during the summer, but it doesn't look like a good idea to follow up.
The key point is that real systems are too big for one person to build, either because there's too much code to write or too much to debug. OSS seems to produce higher quality large products. A basic text editor is at the low end of the zone where software quality is hard to ensure. This issue is not restricted to software--see Christopher Alexander's books on design quality in building.
Danke. I didn't have time to post a human translation, so I'm glad someone from Germany did us the kindness. I had heard that ECHELON had been used for industrial counterespionage. I suspect that's hard to differentiate that from industrial espionage when you get into the details. The Babelfish translation reminds me of about 25 years ago when I was checking out a series of automated translations of technical books from the USSR. I found one of particular interest on methods of operations research. I started reading it and it sounded familiar. So I checked out the author listing: Morz i Kimbal. It had originally been published in English...
If someone figures out how to spoof biometrics-based security or identification in some system, there's absolutely no way of issuing new IDs and passwords... I much prefer systems that allow me to do something about a security break-in.
The radar and flight data systems are currently FAA-unique (HCS) in BAL and JOVIAL, but that has been moving to UNIX/Ada/C++ since 1990 and will probably continue in that direction. On the other hand, voice communications is a mix of special hardware and Tandem-based Pascal, but that's now moving to Win32/C++ with the contractor (Harris) pushing for that. There are also some Win32-based flight control systems in development for the cockpit.
Eptesicus fuscus, Myotis septentrionalis, or Myotis lucifugus. I'll need a supply for my lab in England. (I did my dissertation on modeling bat behavior.)
I strongly suspect there is a serious shortage of software engineers sufficiently skilled to work on life-critical systems. Whether there is a shortage of web designers is a different question entirely...
Open source works because the community of testers and debuggers is so large. It won't work for ATC, simply because there are so few users, particularly computer-sophisticated users. What may work is the use of open-source components in air traffic control applications. The software reliability needed in ATC (about 2 hours of unplanned down-time per year per system) is comparable with that seen in some open source products and several times what MS products seem to provide.
We use 240 frame per second infrared cameras to track bats in the flight room. They're expensive, and memory is the big issue, not just for the frame count, but also for the picture resolution. This looks interesting.
As a security engineer, I saw nothing in Dr. Perrit's answers to suggest that the review will be anything but conscientious, professional, and independent. I'm willing to wait for the results before making my final judgment.
I referee soccer matches, and I've seen broadly similar behavior in games involving teenaged males. That suggests flaming is related to dominance conflicts.
Why the crazy sig? I'm a security engineer. Crabs are the favorite food of octopi, and if you put one into a tank with an octopus, it's soon dinner. The method the octopus uses to catch the crab is very much like how a hacker usually breaks into a system--he looks for design flaws and uses social engineering, avoiding the security mechanisms themselves. So I am in the business of...
This change is needed. There have been too many cases of vendors and users burying their heads in the sand about vulnerabilities. In practical terms, the threat usually exploits software bugs. not weaknesses of existing security mechanisms. The lack of vendor liability for errors and omissions in their software has meant that security-related bugs have been fixed only grudgingly. The UCITA has been a step backward; perhaps this will be a step forward.
The reaction of the GCC steering committee makes sense, given the developmental status of 2.96. I would certainly avoid it for anything that had to have high reliability. I would have bundled a stable release (2.95) and provided some means of downloading 2.96 for the thrill-seekers out there. I know 2.95 has less than perfect support for the standard, but that doesn't justify pushing people into 2.96.
The underlying problem is we don't seem to be able to program common sense. I've seen something similar in modeling target capture by bats. How do they localize and track their targets? Working from a sonar or radar model leads us to model the process using a tracking filter. Tain't so. The bats listen to the target until they think they understand what the target is doing, and then they go eat it. Works much better than any radar system, but suggests bats behave more like hackers than computers...
I think that's probably the real breakthru here. Mac OS X brings UNIX to the _masses_. The other stuff--preemptive multi-tasking, Quartz, Aqua, etc.--is nowhere as important. Within a year, about 10% of the non-technical users out there will have UNIX running on their desktop/ laptop and will like it.
The company uses NT 4.0, SP5. I, being (among other things) a security engineer, prefer to use non-MS applications on my Mac PowerBook G3 running Mac OS 9.0.4 and (now) Mac OS X beta. (I also have VPC 3.0 installed for when I need a Wintel sandbox.) There's something to be said for a (relatively) virus-free working environment that is hard for hackers to attack.
Slashdot Mirror
There are several problems with this model (speaking as a former superprogrammer at TRW, 1972-79):
You can only identify most of your superprogrammers afterwards...
There aren't that many of them. Organizations have to make do with the general population of programmers.
There are a lot of programming problems that _nobody_ can solve. Don't throw superprogrammers at impossible problems.
You _can_ develop a few superprogrammers if you're willing to spend the time. Most companies aren't.
Most of them are interested in having a life.
So, realistically speaking, you have to develop a way of managing that works for the average programmer...and sometimes they turn out to be superprogrammers.
There are a good many people in the IT industry who are responsible for children, either because they are single parents or they take that responsibility within the family. My experience is that this can be a significant hassle, both for the parent and the coworkers. Despite high-level company support for such programs as take-your-child-to-work, managers have to cope with the disruption. So, yes, child-care and other signs of a pro-family attitude are definite considerations in the choice of employer when you're older, more experienced and more mature.
Since I have an idea simmering in the back of my mind that is based on my dissertation work and that I suspect will be very valuable once I get it together, I definitely like the European perspective. My idea is very unobvious and will take significant work to develop. The problem with the US PTO appears to reflect cluelessness about what is obvious rather than pure wrongheadedness.
What we really need is software vendors becoming liable for the economic impact of software faults.
Automated computer security is vulnerable to bugs and social engineering. I wonder which was responsible here. Basically, you need a man in the loop to notice the funny patterns. What would be interesting would be a thorough search through the code for back doors, but I suspect that has been done by MS, at least for the ones not deliberately inserted. What would be scary is the perps doing a thorough search through the code for buffer overflow opportunities.
Later, I worked on one of the ballistic missile defense systems, Site Defense. SD and its predecessors used nuclear kill at low altitude. Originally, these systems were intended for city defense, but Congress was somehow bothered by the use of dozens of small nuclear bursts to defend a city against incoming reentry vehicles. Something about collateral damage.
If you've ever played that video game where you used missiles to defend against an attack from space, it has an interesting background. It was originally written by a friend for the Commodor Pet as a serious study of battlespace management in ballistic missile defense, based on a study I did soon after I left grad school and started work.
My grandfather was one of the original investors, and did very well, so when Xerox hit 8, I bought 500 shares. Looks like a poor investment now. Xerox's only real asset is their incredible technology, and now they're shopping it around. I applied to PARC during the summer, but it doesn't look like a good idea to follow up.
The key point is that real systems are too big for one person to build, either because there's too much code to write or too much to debug. OSS seems to produce higher quality large products. A basic text editor is at the low end of the zone where software quality is hard to ensure. This issue is not restricted to software--see Christopher Alexander's books on design quality in building.
Try a maximum likelihood argument. Then start to worry. It's related to Fermi's paradox.
Danke. I didn't have time to post a human translation, so I'm glad someone from Germany did us the kindness. I had heard that ECHELON had been used for industrial counterespionage. I suspect that's hard to differentiate that from industrial espionage when you get into the details. The Babelfish translation reminds me of about 25 years ago when I was checking out a series of automated translations of technical books from the USSR. I found one of particular interest on methods of operations research. I started reading it and it sounded familiar. So I checked out the author listing: Morz i Kimbal. It had originally been published in English...
If someone figures out how to spoof biometrics-based security or identification in some system, there's absolutely no way of issuing new IDs and passwords... I much prefer systems that allow me to do something about a security break-in.
The radar and flight data systems are currently FAA-unique (HCS) in BAL and JOVIAL, but that has been moving to UNIX/Ada/C++ since 1990 and will probably continue in that direction. On the other hand, voice communications is a mix of special hardware and Tandem-based Pascal, but that's now moving to Win32/C++ with the contractor (Harris) pushing for that. There are also some Win32-based flight control systems in development for the cockpit.
Go do searches on VSCS, VTABS, and VCSU. For example, see http://www.govcom m.h arris.com/voice_switching/programs/vscs/VTABS.htm
Eptesicus fuscus, Myotis septentrionalis, or Myotis lucifugus. I'll need a supply for my lab in England. (I did my dissertation on modeling bat behavior.)
I strongly suspect there is a serious shortage of software engineers sufficiently skilled to work on life-critical systems. Whether there is a shortage of web designers is a different question entirely...
Open source works because the community of testers and debuggers is so large. It won't work for ATC, simply because there are so few users, particularly computer-sophisticated users. What may work is the use of open-source components in air traffic control applications. The software reliability needed in ATC (about 2 hours of unplanned down-time per year per system) is comparable with that seen in some open source products and several times what MS products seem to provide.
We use 240 frame per second infrared cameras to track bats in the flight room. They're expensive, and memory is the big issue, not just for the frame count, but also for the picture resolution. This looks interesting.
As a security engineer, I saw nothing in Dr. Perrit's answers to suggest that the review will be anything but conscientious, professional, and independent. I'm willing to wait for the results before making my final judgment.
I referee soccer matches, and I've seen broadly similar behavior in games involving teenaged males. That suggests flaming is related to dominance conflicts.
Why the crazy sig? I'm a security engineer. Crabs are the favorite food of octopi, and if you put one into a tank with an octopus, it's soon dinner. The method the octopus uses to catch the crab is very much like how a hacker usually breaks into a system--he looks for design flaws and uses social engineering, avoiding the security mechanisms themselves. So I am in the business of ...
This change is needed. There have been too many cases of vendors and users burying their heads in the sand about vulnerabilities. In practical terms, the threat usually exploits software bugs. not weaknesses of existing security mechanisms. The lack of vendor liability for errors and omissions in their software has meant that security-related bugs have been fixed only grudgingly. The UCITA has been a step backward; perhaps this will be a step forward.
The reaction of the GCC steering committee makes sense, given the developmental status of 2.96. I would certainly avoid it for anything that had to have high reliability. I would have bundled a stable release (2.95) and provided some means of downloading 2.96 for the thrill-seekers out there. I know 2.95 has less than perfect support for the standard, but that doesn't justify pushing people into 2.96.
The underlying problem is we don't seem to be able to program common sense. I've seen something similar in modeling target capture by bats. How do they localize and track their targets? Working from a sonar or radar model leads us to model the process using a tracking filter. Tain't so. The bats listen to the target until they think they understand what the target is doing, and then they go eat it. Works much better than any radar system, but suggests bats behave more like hackers than computers...
I think that's probably the real breakthru here. Mac OS X brings UNIX to the _masses_. The other stuff--preemptive multi-tasking, Quartz, Aqua, etc.--is nowhere as important. Within a year, about 10% of the non-technical users out there will have UNIX running on their desktop/ laptop and will like it.
The company uses NT 4.0, SP5. I, being (among other things) a security engineer, prefer to use non-MS applications on my Mac PowerBook G3 running Mac OS 9.0.4 and (now) Mac OS X beta. (I also have VPC 3.0 installed for when I need a Wintel sandbox.) There's something to be said for a (relatively) virus-free working environment that is hard for hackers to attack.