By the way, this is basically the same reason having the best CEO is worth so much to very large company. If having Carly Fiorina at the helm means you make $40 billion, while having Ray Morris means you make 5% more, that's $42 billion. Only a 5% difference means Morris is worth $2 billion more than Fiorina.
Suppose that having the core team meet face to face, relaxing over drinks together while discussing things, only results in a 1% improvement in Linux. That's a very small improvement, percentage wise.
The economic impact of all the world's servers running Linux and all the IoT and everything is more than $500 billion. 1% of that is $5 billion, so 1% improvement is worth perhaps $5 billion.
30 people are attending the meeting. If it costs $2,000/person, that's $60,000 cost for a $5 billion impact.
Yep, it's a catchy title. Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he began.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlate. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
> In no way whatsoever are these alternative actions....
> Unqualified people were placed in positions of authority, they made stupid decisions, and there were no mechanisms for underlings with better understanding to raise alarms.
"Dmitry Rogozin, head of the Russian space agency Roscosmos, told RIA Novost "We want to find out the full name of who is at fault -- and we will."
Facepalm! Dmitry Rogozin is at fault, you nitwit.
The problem is that the workers were afraid to admit a mistake and get it fixed - to the point that they'd rather jeopardize the mission by hiding the mistake than acknowledge an error. So this jackass responds with "we will find out the full name of the person [and then...]". That attitude IS the problem, dummy. To fix the problem, your statement would need to be "we want to find out why workers are afraid to acknowledge errors and fix the organizational culture so that errors can be acknowledged and fixed properly, rather than hidden."
Thanks, that's interesting. I'm glad you're doing well doing something you enjoy.
As you get older or whatever if you want/need a career that is less physically demanding, and you don't want to manage a company doing flooring, remember WGU is pretty liberal with transfer credit and only $4,500/year - no debt. So you ALSO have the option any time of having a degree without debt and without starting over.
Of course you may be able to retire while your body is still going strong if you make $100K and live on $50K, investing $50K / year. Assuming average long-term returns, you only have to do that for about 12 years to retire with over $1 million.
When the US government threatens actions against a belligerent country, that's a political policy. Agree or disagree, we all have the freedom to discuss the policy done in our name.
When a private individual threatens serious violence, that's a felony.
> Or... An entrepreneur invests in a few programmers (not 40, which is overkill), writes the software, invests in advertising and sales, sells it
You as the customer can pay for advertising, sales, and the entrpeneurs profit, or you can just pay only the cost of the developers and skip the salesmen in their $1,000 suits. Would you rather pay for sales and sales marketing, and license audits by your vendors, or would you rather your money go to better software?
> You mean sites that already have full control over everything on the page? > They are relatively tame, highly restrictive and can only affect the site they belong to.
Is what they said about JavaScript. There aren't any vulnerabilities associated with JavaScript, right?
The same origin policy is a good idea, but browsers and web developers keep screwing it up, over and over again. Cross site request vulnerabilities and the most common type of vulnerability there is, according to HackerOne. ( https://www.zdnet.com/article/... )
Cross site request forgery is another huge issue.
Regarding "can only afford the site they belong to", the docs for service workers should be read as "we wish service workers only affected the same site, and they'll be CVEs issued for many of the thousands of different flaws which allow sites to install service workers affecting other sites".
> I'm trying to understand the business model of whoever it is that writes the free software in the beginning.
My first reply may not have been well-focused on answering this question. I did some tangents. The main thing I'd say about "whoever it is that writes the free software in the beginning" is this:
The the BEGINNING, the software may very well take less than an hour to write. Someone whips up a simple script to solve their problem and posts that script on a forum.
If several people on the forum find it useful, you can easily see how one person might add two or three lines to fit their particular model or version. Someone else notices that the 60-line program has a bug on line #22. An open source project is born - no business model needed.
It varies. I would say I my experience, most often a bare-bones software exists, a starting point, before multiple people start working on it professionally. Someone, either a company or person, writes something small and simple to "scratch their itch" (solve their own need), then other people find it useful and a community grows up around it. That can easily mean someone puts in 20 hours building a script to load X onto Y hardware, then eventually others spend thousands of hours building it into something far bigger, very often programmers being paid to add another feature or module.
WordPress is a reasonable example here. It was a VERY simple set of scripts. Then one guy with a web site paid anothet guy $200 to add some feature to WordPress. Another web site owner paid another programmer $150 to improve something else. The company I used to own sent out a lot invoices for $100-$400 for improvements to WordPress or WordPress modules. We and hundreds of other companies turned a simple blog script into something more complex and powerful than some operating systems.
One software project I was heavily involved with started as three guys on a forum cooperating to get about five lines of of.htaccess absolutely correct. Someonw offered me, Mike, or Chuck $75 to expand it to fit their need. It grew to a over dozen lines of.htaccess configuration, then someone added a 50-line Perl script. Years later, it was a very capable security system used on hundreds of thousands of web sites, with plug-in modules available from multiple companies.
I've been involved in multiple open source projects which followed the Netscape-Seamonkey-Firefox model. A company producing proprietary software releases their software as open source, perhaps as they either go out of business or drastically reduce their work force. Firefox doesn't have a ton of companies selling work around Firefox and Gecko but there are some and there could be more. If you want something built on Gecko, or you want someone to write and submit a Gecko patch to support something you need, there are people who will do that for you.
Several companies sell OpenWrt based routers and otherwise contribute to the OpenWrt ecosystem. This is an example of another model. Linksys created the router firmware, several companies are now contributors. The Linux kernel existed before Linksys put it in routers, Linksys did a lot of work to produce a router firmware which included the kernel.
So there are many different paths. One path includes an individual programmer writing the first part for their own reasons, unpaid. Several other paths start with programmers getting paid from the beginning.
I don't know any off hand since I'm not really involved with Gimp. Here's the developers mailing list, where you can ask the people who build Gimp about who can help you, people and companies providing paid support, training, customization, or whatever you want.
Two years attention graduating CS, I imagine you had a job making decent money, or could have a job making decent money. You likely also had some debt payments to make at that point (though not necessarily). In that situation most people would start a flooring installation business and leave their job. What happened?
What have you the courage or desperation to strike out on your own, leaving CS behind? Did you start that as a side gig until it started to make decent money, then quit your day job? I'm curious how that first year went, the transition, how and why you did it.
If there is specific software you are interested in, I can post some companies that provide the business services around the software, while supporting the core development team.
As one example Moodle is an open source learning management system (online campus) with 80 third-party companies who can set it up, configure and customize it, write custom modules, host it, and maintain it, provide training, etc (whichever more of services your school or company needs). Each of these contributes funds back to Moodle HQ https://moodle.com/partners/
The bits don't just come in, set themselves up, configure themselves, integrate themselves with your existing business systems, customize themselves to your needs, and maintain themselves. The software itself is one ingredient in solving a business solution with a software system.
I've worked full-time, being paid well, working with and working on open source software for many years. Some companies hired me to handle their open source software, customizing and maintaining it, being the expert on it. See this for more:
However, at least 50% of companies and schools were nervous about having just one or two in-house experts and decided to instead contract with a third-party company to deploy, customize, and maintain the open source software. Those third-party companies have teams of developers and technicians which do nothing but work of open source software.
You wrote #4 (we need to use the software, selling the software isn't our business), then you seemed to completely forget about that when you wrote your conclusion.
Cooperating with other organizations who have the same needs rather than having 100 different companies each build their own is better for everyone. See:
I've worked full time getting paid quite well to work on open source.
Open source doesn't mean developers work for free. They get paid by the same people who normally pay them. It's just that cooperation makes them more efficient, so they can potentially be paid more. I'll give you one example that I have allot of experience with.
Universities (and others) are offering a lot of courses online these days. Suppose 40 institutions want to offer online courses. They each need an online system to manage those courses, an online campus. Suppose having such a system is worth $60,000 to each school. A programmer can build it in 500 hours at a cost of $30,000, so each school does it. (It'll cost them $30K and be worth $60k of value). Forty schools each spending $30k is a total of $1,200,000 spent. Later when they want other features they'll spend more.
Alternatively they can cooperate, building a modular online campus system that works well for all of them. Maybe that costs four times as much as building a system for one school - 2,000 hours, or $120,000. That's 90% less than it costs for them to each build their own. Later, when a school wants a new feature, it was already built for a different school. They just install it.
In the first scenario, the programmers each took 500 hours to provide something worth $60k. In the second scenario, 40 programmers at 40 schools spent a total of 2,000 hours. That's 50 hours per programmer to provide the same $60,000 of value to their school.
Who do you think can be paid more per hour: a programmer who takes 500 hours to get the job done, or one who gets the same job done in 50 hours?
Far from "working for free", by cooperating on an open source project we were able to provide the same value with 90% less work from each of us, so we were much more valuable and highly paid than a programmer who doesn't cooperate and use open source effectively.
Have you ever stuck a fork under your fingernails?
I'm guessing the answer is the same as the answer to whether or not I've ever used Rust.
Rust has done one thing EXTREMELY well - hype. Like almost all languages, Rust won't normally have buffer overflows. They've hyped that so much it would make PT Barnum blush, acting like that's something special.
The only way you get buffer overflows these days is if you turn OFF the standard warnings, and use deprecated functions, while writing C. So Rust's "claim to fame" really just comes down to "on one very specific point, it's safer than C used to be back in the 1980s".
I've looked at Rust enough to know I don't want to use it any more than I want to wipe my ass with a cheese grater. I don't have to test that out to know it's not a good idea. They have done a phenomenal job of hype, though, comparing it to 1980s C. Guess what - C in 2018 also isn't 1980s C, every modern language is safe from buffer overruns assuming a competent programmer.
Intel can fix the specific Spectre-class vulnerabilities that have recently received a lot of attention, with some impact on performance. AMD wasn't vulnerable, and Intel can do something similar to what AMD did.
On the other hand, if you want to speak more broadly about issues like Meltdown and the various types of Spectre, AMD does have some vulnerabilities and is likely that EVERY high-performance CPU in the next five to ten years will have similar issues. Not precisely the same, but in the same general category. Simple, low-performance ARM chips can be used for security-sensitive operations.
Software is written as if it executes step-by-step, using a simple model of a CPU. Simple code looks like this: if (userid larger than 1000) {
basekarma = 10; }
In this simple model, the basekarma variable is never changed for the oldest users. In the simple model, a Pentium and Core i7 look the same. In the real world, a modern processor doesn't run things step-by-step, it runs multiple things at once. Since the userid is almost always greater than 1000, it DOES run the code in the IF statement every time, then reverses it in the rare instance that userid is 1000 or lower. That's faster than waiting for the userid check, because it can simultaneously set the variable and check the userid in one clock tick.
In the model, setting the basekarma can never have any effect on the userid. In the real world, basekarma isn't an idea, it's a set of silicon transistors with certain electrical charges. Those tiny transistors are only a few nanometers from the ones used for basekarma, and using them creates hear which heats up all the surrounding transistors (variables). Electrical charges in one, alternating a billion times per second, can and will effect the electrical charges of others that are just 100 nanometers away.
With the complexity of a modern CPU, it's not going to match the simplistic model. It's going to run multiple threads concurrently. Physical effects mean doing something to one set of memory locations can physically effect others (if only by forcing the system to slow down to avoid overheating).
Caches speed up operations by an order of magnitude when essentially the same thing is done over and over, such as handling each pixel or each sample of audio. Being faster means attackers can tell what is in the cache. Eliminating cache timing-based attacks would make the CPU MUCH slower.
A simple single- thread CPU without any speculative execution, only in-order execution, no cache or only very simple cache, and half a dozen other types of complexity could fairly well match the simple model used for programming, and therefore be pretty secure.
Overall, the security of a system is inverse to its complexity. Complex systems have many complex parts that hackers can manipulate. They'll never be secure, or at least not any time soon.
You're absolutely right. It doesn't have to be that way, either.
I took a long break from college, going back later in life. By that time I had already learned some painful lessons abkut debt, having learned from my own mistakes.
I went to a very inexpensive state university and rather than graduating with a mountain of debt, I graduated with MORE money than the roughly $0 I had when I started school. I chose a degree in a field that's in demand, and a program I which I earned respected industry certifications like Cisco CCNA as part of my degree program. Halfway through school, the certifications and things I had learned allowed me to double my income.
Shortly after graduating, I landed a job making just shy of $100K in Texas (equivalent to $200k on the coasts).
Tuition at WGU is $6,000 / year, minus the $1,500 tax credit, so my total cost of school for four years $18,000. Except halfway through I had those certs which got me a job where my employer paid part, so the total cost to me was about $15,000. No need to graduate with $90,000 in student loans!
The $24,000 (or $15,000) cost of my degree was a great investment to start earning $100,000/year, so perhaps it makes sense for the government to encourage people to study fields that are in demand, via a school that provides good value. The problem is some people's idea of "fairness" means they have the government encouraging people to spend any amount of money to study any ridiculous thing.
If you want to see seven years at $50,000/year studying French History, you can sure do that if you have the $350,000 to spend. If you DON'T have $350,000, it's probably dumb to go $350,000 in debt studying French History at Yale. Perhaps the government shouldn't encourage people to do that.
Every syate i have lived in has guarantees about which credits transfer from a community college to a state university, will degree programs that transfer 100% of all credit. The guarantee is "if you get an associates degree in any of rhe following majors, all credit will transfer to a bachelor's degree in the same field at the state university".
If you take puppetry, ceramics, and floral design at the community college, those may not transfer toward a bachelor's in chemistry. In orser for the credit to transfer 100%, one needs to plan ahead and take appropriate courses. One easy way to get transfer credit to virtually any school is to take the core general studies courses - English, Math, History. Floral design probably won't transfer, so don't take that course expecting it will count toward your bachelor of science.
Slashdot Mirror
By the way, this is basically the same reason having the best CEO is worth so much to very large company. If having Carly Fiorina at the helm means you make $40 billion, while having Ray Morris means you make 5% more, that's $42 billion. Only a 5% difference means Morris is worth $2 billion more than Fiorina.
Suppose that having the core team meet face to face, relaxing over drinks together while discussing things, only results in a 1% improvement in Linux. That's a very small improvement, percentage wise.
The economic impact of all the world's servers running Linux and all the IoT and everything is more than $500 billion. 1% of that is $5 billion, so 1% improvement is worth perhaps $5 billion.
30 people are attending the meeting. If it costs $2,000/person, that's $60,000 cost for a $5 billion impact.
Yep, it's a catchy title. Bruce is generally a smart guy, so I'm surprised to hear him start the interview with a statement that is flat out wrong on the facts. More than that, anyone who knows a little history KNOWS it's wrong.
"There's no industry that's improved safety or security without governments forcing it to do so.", he began.
Has Bruce never heard of Underwriters Laboratories (UL listed, UL registered, etc)? Underwriters means insurance companies. That's not government, that's insurance companies offering guidance and an incentive. How about the National Fire Protection Association, which writes the fire codes? That's another safety organization started by insurance companies, and insurance companies wouldn't insure a building unless it met fire code. Later, local governments ALSO said "me to", but the NFPA and fire codes were created by insurance companies, not government.
The auto companies were advertising safety innovations for half a century before there was any major legistlate. From Dusenberg advertising hydraulic brakes in the 1920s to Ford marketing safety glasses in all its cars in the 1930s to padded dashboards, safety cages, and disc brakes in the 1940s - it wasn't until the 1960s that the government got involved.
So it's simply factually incorrect, plain wrong, to say "There's no industry that's improved safety or security without governments forcing it to do so". My side gig is pyrotechnics, fireworks. A LOT of what we talk about and work on in the industry is safety, sometimes talking about how to convince the government official to allow us to do things the safer way rather than insisting on outdated procedures, or things that are a bad (dangerous) fit for the situation.
> In no way whatsoever are these alternative actions. ...
> Unqualified people were placed in positions of authority, they made stupid decisions, and there were no mechanisms for underlings with better understanding to raise alarms.
And the other situation is Equifax.
If the max rating is expected for being acceptable, that pretty makes it impossible to distinguish acceptable from exceptional, doesn't it.
"Dmitry Rogozin, head of the Russian space agency Roscosmos, told RIA Novost "We want to find out the full name of who is at fault -- and we will."
Facepalm! Dmitry Rogozin is at fault, you nitwit.
The problem is that the workers were afraid to admit a mistake and get it fixed - to the point that they'd rather jeopardize the mission by hiding the mistake than acknowledge an error. So this jackass responds with "we will find out the full name of the person [and then ...]". That attitude IS the problem, dummy. To fix the problem, your statement would need to be "we want to find out why workers are afraid to acknowledge errors and fix the organizational culture so that errors can be acknowledged and fixed properly, rather than hidden."
Thanks, that's interesting. I'm glad you're doing well doing something you enjoy.
As you get older or whatever if you want/need a career that is less physically demanding, and you don't want to manage a company doing flooring, remember WGU is pretty liberal with transfer credit and only $4,500/year - no debt. So you ALSO have the option any time of having a degree without debt and without starting over.
Of course you may be able to retire while your body is still going strong if you make $100K and live on $50K, investing $50K / year. Assuming average long-term returns, you only have to do that for about 12 years to retire with over $1 million.
When the US government threatens actions against a belligerent country, that's a political policy. Agree or disagree, we all have the freedom to discuss the policy done in our name.
When a private individual threatens serious violence, that's a felony.
I just HAVE to buy a new $800 phone so it'll get rid of the 2mm bezel. Can't have 2mm around the screen before I put it in the big ass OtterBox case.
> Or... An entrepreneur invests in a few programmers (not 40, which is overkill), writes the software, invests in advertising and sales, sells it
You as the customer can pay for advertising, sales, and the entrpeneurs profit, or you can just pay only the cost of the developers and skip the salesmen in their $1,000 suits. Would you rather pay for sales and sales marketing, and license audits by your vendors, or would you rather your money go to better software?
By union the smallest states thrive. By discord the greatest are destroyed.
Small communities grow great through harmony, great ones fall to pieces through discord.
Salust circa 60 BC
> You mean sites that already have full control over everything on the page?
> They are relatively tame, highly restrictive and can only affect the site they belong to.
Is what they said about JavaScript. There aren't any vulnerabilities associated with JavaScript, right?
The same origin policy is a good idea, but browsers and web developers keep screwing it up, over and over again. Cross site request vulnerabilities and the most common type of vulnerability there is, according to HackerOne.
( https://www.zdnet.com/article/... )
Cross site request forgery is another huge issue.
Regarding "can only afford the site they belong to", the docs for service workers should be read as "we wish service workers only affected the same site, and they'll be CVEs issued for many of the thousands of different flaws which allow sites to install service workers affecting other sites".
> I'm trying to understand the business model of whoever it is that writes the free software in the beginning.
My first reply may not have been well-focused on answering this question. I did some tangents. The main thing I'd say about "whoever it is that writes the free software in the beginning" is this:
The the BEGINNING, the software may very well take less than an hour to write. Someone whips up a simple script to solve their problem and posts that script on a forum.
If several people on the forum find it useful, you can easily see how one person might add two or three lines to fit their particular model or version. Someone else notices that the 60-line program has a bug on line #22. An open source project is born - no business model needed.
It varies. I would say I my experience, most often a bare-bones software exists, a starting point, before multiple people start working on it professionally. Someone, either a company or person, writes something small and simple to "scratch their itch" (solve their own need), then other people find it useful and a community grows up around it. That can easily mean someone puts in 20 hours building a script to load X onto Y hardware, then eventually others spend thousands of hours building it into something far bigger, very often programmers being paid to add another feature or module.
WordPress is a reasonable example here. It was a VERY simple set of scripts. Then one guy with a web site paid anothet guy $200 to add some feature to WordPress. Another web site owner paid another programmer $150 to improve something else. The company I used to own sent out a lot invoices for $100-$400 for improvements to WordPress or WordPress modules. We and hundreds of other companies turned a simple blog script into something more complex and powerful than some operating systems.
One software project I was heavily involved with started as three guys on a forum cooperating to get about five lines of of .htaccess absolutely correct. Someonw offered me, Mike, or Chuck $75 to expand it to fit their need. It grew to a over dozen lines of .htaccess configuration, then someone added a 50-line Perl script. Years later, it was a very capable security system used on hundreds of thousands of web sites, with plug-in modules available from multiple companies.
I've been involved in multiple open source projects which followed the Netscape-Seamonkey-Firefox model. A company producing proprietary software releases their software as open source, perhaps as they either go out of business or drastically reduce their work force. Firefox doesn't have a ton of companies selling work around Firefox and Gecko but there are some and there could be more. If you want something built on Gecko, or you want someone to write and submit a Gecko patch to support something you need, there are people who will do that for you.
Several companies sell OpenWrt based routers and otherwise contribute to the OpenWrt ecosystem. This is an example of another model. Linksys created the router firmware, several companies are now contributors. The Linux kernel existed before Linksys put it in routers, Linksys did a lot of work to produce a router firmware which included the kernel.
So there are many different paths. One path includes an individual programmer writing the first part for their own reasons, unpaid. Several other paths start with programmers getting paid from the beginning.
I don't know any off hand since I'm not really involved with Gimp. Here's the developers mailing list, where you can ask the people who build Gimp about who can help you, people and companies providing paid support, training, customization, or whatever you want.
https://mail.gnome.org/mailman...
I'd first get clear about what you want. Training? Do you want someone to write some custom modules for Gimp? Do you want an on-call Gimp expert?
That should be:
Two years after graduating CS, ...
In that situation most people wouldn't start a flooring installation business
Two years attention graduating CS, I imagine you had a job making decent money, or could have a job making decent money. You likely also had some debt payments to make at that point (though not necessarily). In that situation most people would start a flooring installation business and leave their job. What happened?
What have you the courage or desperation to strike out on your own, leaving CS behind? Did you start that as a side gig until it started to make decent money, then quit your day job? I'm curious how that first year went, the transition, how and why you did it.
If there is specific software you are interested in, I can post some companies that provide the business services around the software, while supporting the core development team.
As one example Moodle is an open source learning management system (online campus) with 80 third-party companies who can set it up, configure and customize it, write custom modules, host it, and maintain it, provide training, etc (whichever more of services your school or company needs). Each of these contributes funds back to Moodle HQ
https://moodle.com/partners/
The bits don't just come in, set themselves up, configure themselves, integrate themselves with your existing business systems, customize themselves to your needs, and maintain themselves. The software itself is one ingredient in solving a business solution with a software system.
I've worked full-time, being paid well, working with and working on open source software for many years. Some companies hired me to handle their open source software, customizing and maintaining it, being the expert on it. See this for more:
https://slashdot.org/comments....
However, at least 50% of companies and schools were nervous about having just one or two in-house experts and decided to instead contract with a third-party company to deploy, customize, and maintain the open source software. Those third-party companies have teams of developers and technicians which do nothing but work of open source software.
You wrote #4 (we need to use the software, selling the software isn't our business), then you seemed to completely forget about that when you wrote your conclusion.
Cooperating with other organizations who have the same needs rather than having 100 different companies each build their own is better for everyone. See:
https://slashdot.org/comments....
I've worked full time getting paid quite well to work on open source.
Open source doesn't mean developers work for free. They get paid by the same people who normally pay them. It's just that cooperation makes them more efficient, so they can potentially be paid more. I'll give you one example that I have allot of experience with.
Universities (and others) are offering a lot of courses online these days. Suppose 40 institutions want to offer online courses. They each need an online system to manage those courses, an online campus. Suppose having such a system is worth $60,000 to each school. A programmer can build it in 500 hours at a cost of $30,000, so each school does it. (It'll cost them $30K and be worth $60k of value). Forty schools each spending $30k is a total of $1,200,000 spent. Later when they want other features they'll spend more.
Alternatively they can cooperate, building a modular online campus system that works well for all of them. Maybe that costs four times as much as building a system for one school - 2,000 hours, or $120,000. That's 90% less than it costs for them to each build their own. Later, when a school wants a new feature, it was already built for a different school. They just install it.
In the first scenario, the programmers each took 500 hours to provide something worth $60k. In the second scenario, 40 programmers at 40 schools spent a total of 2,000 hours. That's 50 hours per programmer to provide the same $60,000 of value to their school.
Who do you think can be paid more per hour: a programmer who takes 500 hours to get the job done, or one who gets the same job done in 50 hours?
Far from "working for free", by cooperating on an open source project we were able to provide the same value with 90% less work from each of us, so we were much more valuable and highly paid than a programmer who doesn't cooperate and use open source effectively.
Have you ever stuck a fork under your fingernails?
I'm guessing the answer is the same as the answer to whether or not I've ever used Rust.
Rust has done one thing EXTREMELY well - hype. Like almost all languages, Rust won't normally have buffer overflows. They've hyped that so much it would make PT Barnum blush, acting like that's something special.
The only way you get buffer overflows these days is if you turn OFF the standard warnings, and use deprecated functions, while writing C. So Rust's "claim to fame" really just comes down to "on one very specific point, it's safer than C used to be back in the 1980s".
I've looked at Rust enough to know I don't want to use it any more than I want to wipe my ass with a cheese grater. I don't have to test that out to know it's not a good idea. They have done a phenomenal job of hype, though, comparing it to 1980s C. Guess what - C in 2018 also isn't 1980s C, every modern language is safe from buffer overruns assuming a competent programmer.
Intel can fix the specific Spectre-class vulnerabilities that have recently received a lot of attention, with some impact on performance. AMD wasn't vulnerable, and Intel can do something similar to what AMD did.
On the other hand, if you want to speak more broadly about issues like Meltdown and the various types of Spectre, AMD does have some vulnerabilities and is likely that EVERY high-performance CPU in the next five to ten years will have similar issues. Not precisely the same, but in the same general category. Simple, low-performance ARM chips can be used for security-sensitive operations.
Software is written as if it executes step-by-step, using a simple model of a CPU. Simple code looks like this:
if (userid larger than 1000) {
basekarma = 10;
}
In this simple model, the basekarma variable is never changed for the oldest users. In the simple model, a Pentium and Core i7 look the same. In the real world, a modern processor doesn't run things step-by-step, it runs multiple things at once. Since the userid is almost always greater than 1000, it DOES run the code in the IF statement every time, then reverses it in the rare instance that userid is 1000 or lower. That's faster than waiting for the userid check, because it can simultaneously set the variable and check the userid in one clock tick.
In the model, setting the basekarma can never have any effect on the userid. In the real world, basekarma isn't an idea, it's a set of silicon transistors with certain electrical charges. Those tiny transistors are only a few nanometers from the ones used for basekarma, and using them creates hear which heats up all the surrounding transistors (variables). Electrical charges in one, alternating a billion times per second, can and will effect the electrical charges of others that are just 100 nanometers away.
With the complexity of a modern CPU, it's not going to match the simplistic model. It's going to run multiple threads concurrently. Physical effects mean doing something to one set of memory locations can physically effect others (if only by forcing the system to slow down to avoid overheating).
Caches speed up operations by an order of magnitude when essentially the same thing is done over and over, such as handling each pixel or each sample of audio. Being faster means attackers can tell what is in the cache. Eliminating cache timing-based attacks would make the CPU MUCH slower.
A simple single- thread CPU without any speculative execution, only in-order execution, no cache or only very simple cache, and half a dozen other types of complexity could fairly well match the simple model used for programming, and therefore be pretty secure.
Overall, the security of a system is inverse to its complexity. Complex systems have many complex parts that hackers can manipulate. They'll never be secure, or at least not any time soon.
You're absolutely right. It doesn't have to be that way, either.
I took a long break from college, going back later in life. By that time I had already learned some painful lessons abkut debt, having learned from my own mistakes.
I went to a very inexpensive state university and rather than graduating with a mountain of debt, I graduated with MORE money than the roughly $0 I had when I started school. I chose a degree in a field that's in demand, and a program I which I earned respected industry certifications like Cisco CCNA as part of my degree program. Halfway through school, the certifications and things I had learned allowed me to double my income.
Shortly after graduating, I landed a job making just shy of $100K in Texas (equivalent to $200k on the coasts).
Tuition at WGU is $6,000 / year, minus the $1,500 tax credit, so my total cost of school for four years $18,000. Except halfway through I had those certs which got me a job where my employer paid part, so the total cost to me was about $15,000. No need to graduate with $90,000 in student loans!
The $24,000 (or $15,000) cost of my degree was a great investment to start earning $100,000/year, so perhaps it makes sense for the government to encourage people to study fields that are in demand, via a school that provides good value. The problem is some people's idea of "fairness" means they have the government encouraging people to spend any amount of money to study any ridiculous thing.
If you want to see seven years at $50,000/year studying French History, you can sure do that if you have the $350,000 to spend. If you DON'T have $350,000, it's probably dumb to go $350,000 in debt studying French History at Yale. Perhaps the government shouldn't encourage people to do that.
Every syate i have lived in has guarantees about which credits transfer from a community college to a state university, will degree programs that transfer 100% of all credit. The guarantee is "if you get an associates degree in any of rhe following majors, all credit will transfer to a bachelor's degree in the same field at the state university".
If you take puppetry, ceramics, and floral design at the community college, those may not transfer toward a bachelor's in chemistry. In orser for the credit to transfer 100%, one needs to plan ahead and take appropriate courses. One easy way to get transfer credit to virtually any school is to take the core general studies courses - English, Math, History. Floral design probably won't transfer, so don't take that course expecting it will count toward your bachelor of science.