Like macros in Word documents and VBScript in email messages that scan your address book, not actual executable, binary, compiled C code. Geez, you guys, so literal-minded.
People talk about how secure Linux is, but how do you prevent some executable piece of email from reading the user's *own* address book and deleting the user's *own* documents (or worse -- corrupting them so the backups get hosed, too)?
The problem isn't security, it's executable content. As long as executable content is never offered in any popular email program (or search-for-ET screensaver) in Linux, we're safe. How long will that last before some vendor brings out the spiffy new macro-language-in-email feature and users snap it up (once we get past the hurdle of even getting linux on the desktop)?
Hey, I know, maybe Microsoft could do these new things called DESIGN REVIEW and CODE REVIEW, rather than trying to test out bugs.
(Maybe Microsoft isn't the only guilty party here, either.)
Re:Advent of html/http worse thing for online apps
on
Ten Years of Web Browsing
·
· Score: 3, Interesting
I'm not sure where you're going with this.
Client-server was most definitely a going concern before Mosaic, as was Sun's RPC and XDR protocols (if I may use such a grandiose word for such simple concepts).
Even today, decent client-server apps are pretty much forced to have their own "custom" state machines/diagrams because otherwise, we'd all be running the same app (and it would be, uh... a web browser!).
(What I mean, specifically, is that a hospital utilization management system would have a very different workflow from a textile mill spare-parts system, for instance, and that workflow/peer dialog state machine would be embodied in the application itself.)
A co-worker tells me that maybe you're referring to the ease w/which apps could be developed post-Mosaic vs. pre-Mosaic, since tools like Visual Dev Studio ++ Wizzy Wizard# were just a gleam in somebody's eye at the time, and anyway, were absolutely not oriented to distributed processing.
If we haven't taken a giant step backwards in developing distributed apps, we've certainly experienced some arrested development.
The privacy rights community generally views O'Connor Kelly as a consensus builder, but it is too soon to say how much influence she will have in protecting Americans' privacy rights, said Ari Schwartz, associate director at the Center for Democracy and Technology.
"One of the things we liked (about her job) at DoubleClick was that she worked hard to build relationships with the privacy community and to vet their new policies with these groups," Schwartz said.
Why would this leave you any more speechless than hiring Kevin Mitnick to do security for a large corporation?
In places I've worked, the CM system (build, defect-tracking, patching, etc.) was written in scripting languages.
The people who worked on it were never really considered to be "developers", even though the systems could have benefitted from requirements analysis, design and code review and modular development practices. That had two effects: the good software engineers who were scripters got frustrated, and the crappy hackers were able to slam in crappy code that worked fine but was fragile and hard to maintain.
It's even easier to produce crap w/a scripting language than w/a compiled, statically-typed language. (Not that you can't produce crap with C/C++, don't get me wrong.) This ties in w/the preceding paragraph, but it's also a good standalone point -- w/out rigorous code review, Bad Stuff is going to accumulate more rapidly on the script side.
That might be more a reflection of people's attitudes towards the kind of work that gets done w/scripting languages (quick-n-dirty) than a reflection of attitudes toward the programmers who do the work.
All it would take is one guy with a pair of scissors to send this thing floating out into space. Or an airplane at any altitude.
Or (since we're talking about the not-to-distant future), dozens or hundreds of stupid little drones released from a cargo plane. (I don't know how feasible it would be for third-world vandals to acquire such things....)
I don't think the generally-accepted accounting principles are a recent development. Just because *you* only heard about it recently doesn't make it recent.
Companies advertising their adherence to the GAA might be recent. I would have hoped RedHat had always been adhering to the GAA, but I do remember their IPO and the fact that their stock price peaked at an outrageous value before dropping back to ~$10.
I also remember some major underwriting house (First Boston Credit Suisse or some such?) admitting to high-tech IPO hanky-panky some months ago.
Argo doesn't do collab/sequence diagrams, nor does the whiteboard ed. of TJ. Boo, hiss. I haven't found *any* free tool that does collab/sequence diagrams (Dia doesn't count, I need this for work, not home.)
I'm tired of static class diagrams that don't tell me how the system *works*.
So is Allen Holub. See http://www.javaworld.com/javaworld/jw-01-2002/jw-0 111-ootools.html.
Congo was one of his best???
on
Electronic Life
·
· Score: 2
Surely you jest.
Have you read _Andromeda Strain_ or _The Great Train Robbery_?
As are: the Association of Public Television Stations (I'll hazard a guess that they are what they sound like), The Kermit Project, and the Association of Shareware Professionals.
(ChannelX and hding engage in some belittlement of my need for such a "crutch" as static typing, and I find it difficult to leave it at that for future potential employers to discover.:)
Smalltalk runs financial systems. Good code can be, and is, written in Smalltalk. Smalltalk isn't untyped, it's dynamically typed. Smalltalk (BASIC, LISP, PROLOG, Java) can be compiled, Smalltalk doesn't have performance problems.
Noted, y'all. I knew all that.
I stand by my statement, however. In spite of all the above wonderfulness, you're still discovering errors at runtime, rather than before. This is how that XP unit test thang got started. (Actually, never mind the unit test thang, this is how that whole XP thang got started. Pair-programming (grizzled vet/neophyte) and all. I might even make the point that Smalltalk requires XP, if I felt like taking even more time off from work to compose this.)
Sure, it can be made to work, but I feel the opportunities for problems are greater than in statically-typed languages. Allow me to bring up Haskell, one of whose primary concerns is static type determination and checking (in addition to all that functional blah-dee-blah).
Also, I'm not sure what ChannelX meant about knowing about the language before discussing bugs (predicting frequency and severity?), but I've never really been able to convince a user that a bug is less serious because of my choice of implementation tools.
I do, however, totally agree that Smalltalk is a great way to get started on the O-O paradigm. Leave all that C bullshit behind and start w/a blank slate.
I recently came back to Smalltalk (Squeak, specifically) after being away for a few years (10?).
Yuck. No thanks. This realization pretty much slapped me in the face: it's a scripting language. It's essentially untyped, transforming all your type errors into runtime occurrences that depend on dynamic data. Ewww. I want my compiler.
I always got a kick out of the Primos message on the subject line. Conjured up the images of a cross-eyed little stick figure expiring as he was attempting to crawl out from under a pile of bricks and rubble.
I don't understand why you guys keep pinning your hopes on China. China has a long history of ignoring IP rights. Why should the GPL be any different? Is the source code for Red Flag out yet? (Has anybody looked at it to see what it's doing while it's booting w/a totally blank screen? Installing a keystroke logger, maybe?)
They're already pirates on a grand scale, so what revenue would Microsoft be *losing* if they switch to Linux?
I can't believe you didn't mention the people-coming-off-of-escalators/hotdogs-in-factory transition. Especially because the viewer gets fairly well slapped with it, several times, for good measure.
...is the tool we use here. I was involved in the search for a tool. I like it because it can parse the returned DOM and tell you things about it (like the value of the 3rd option in the select named "Blargh" in the form named "Foo") and make random picks in dropdowns in returned pages. Doing that with some of the other tools (including Mercury) required matching the entire page with regular expressions. Yuck. (I.e., you get the raw page text, a substring() function and a regexp matcher, if you were lucky.)
And the tests are developed in Javascript (Ecmascript), not some proprietary Pascal-like language, or something that required integration with custom C libs if you wanted custom functionality.
But, developing tests that don't trip over the slightest change in the UI (or underlying data) is definitely programmer-intensive.
If MS responds to being "forced" to put java back in the OS, we might wind up w/some broken MS implementation or some horribly out-of-date Sun implementation.
In this day and age, with vendors slinging CDs around like there's no tomorrow, I'd be willing to bet a user who wanted it could easily get it (up-to-date and all) from a CD sitting under his coffee cop.
Java for Joe Sixpack at home is probably never going to fly, but I bet it'll do just fine for Joe Intranetuser.
Slashdot Mirror
Like macros in Word documents and VBScript in email messages that scan your address book, not actual executable, binary, compiled C code. Geez, you guys, so literal-minded.
John.
People talk about how secure Linux is, but how do you prevent some executable piece of email from reading the user's *own* address book and deleting the user's *own* documents (or worse -- corrupting them so the backups get hosed, too)?
The problem isn't security, it's executable content. As long as executable content is never offered in any popular email program (or search-for-ET screensaver) in Linux, we're safe. How long will that last before some vendor brings out the spiffy new macro-language-in-email feature and users snap it up (once we get past the hurdle of even getting linux on the desktop)?
John.
Hey, I know, maybe Microsoft could do these new things called DESIGN REVIEW and CODE REVIEW, rather than trying to test out bugs.
(Maybe Microsoft isn't the only guilty party here, either.)
I'm not sure where you're going with this.
Client-server was most definitely a going concern before Mosaic, as was Sun's RPC and XDR protocols (if I may use such a grandiose word for such simple concepts).
Even today, decent client-server apps are pretty much forced to have their own "custom" state machines/diagrams because otherwise, we'd all be running the same app (and it would be, uh... a web browser!).
(What I mean, specifically, is that a hospital utilization management system would have a very different workflow from a textile mill spare-parts system, for instance, and that workflow/peer dialog state machine would be embodied in the application itself.)
A co-worker tells me that maybe you're referring to the ease w/which apps could be developed post-Mosaic vs. pre-Mosaic, since tools like Visual Dev Studio ++ Wizzy Wizard# were just a gleam in somebody's eye at the time, and anyway, were absolutely not oriented to distributed processing.
If we haven't taken a giant step backwards in developing distributed apps, we've certainly experienced some arrested development.
John.
From the article:
Why would this leave you any more speechless than hiring Kevin Mitnick to do security for a large corporation?
Get some balance in your outlook.
John.
*My* Timex sure as heck did *not* "take a licking and keep on ticking". (It just plain stopped.)
Are we now debating space policy on the basis of marketing tag lines?
A topic near and dear to my heart.
In places I've worked, the CM system (build, defect-tracking, patching, etc.) was written in scripting languages.
The people who worked on it were never really considered to be "developers", even though the systems could have benefitted from requirements analysis, design and code review and modular development practices. That had two effects: the good software engineers who were scripters got frustrated, and the crappy hackers were able to slam in crappy code that worked fine but was fragile and hard to maintain.
It's even easier to produce crap w/a scripting language than w/a compiled, statically-typed language. (Not that you can't produce crap with C/C++, don't get me wrong.) This ties in w/the preceding paragraph, but it's also a good standalone point -- w/out rigorous code review, Bad Stuff is going to accumulate more rapidly on the script side.
That might be more a reflection of people's attitudes towards the kind of work that gets done w/scripting languages (quick-n-dirty) than a reflection of attitudes toward the programmers who do the work.
All it would take is one guy with a pair of scissors to send this thing floating out into space. Or an airplane at any altitude.
Or (since we're talking about the not-to-distant future), dozens or hundreds of stupid little drones released from a cargo plane. (I don't know how feasible it would be for third-world vandals to acquire such things....)
Has the rtf spec been kept up to date as Word doc formats have changed?
I had the feeling the existing spec was old and outdated.
I don't think the generally-accepted accounting principles are a recent development. Just because *you* only heard about it recently doesn't make it recent.
Companies advertising their adherence to the GAA might be recent. I would have hoped RedHat had always been adhering to the GAA, but I do remember their IPO and the fact that their stock price peaked at an outrageous value before dropping back to ~$10.
I also remember some major underwriting house (First Boston Credit Suisse or some such?) admitting to high-tech IPO hanky-panky some months ago.
Argo doesn't do collab/sequence diagrams, nor does the whiteboard ed. of TJ. Boo, hiss. I haven't found *any* free tool that does collab/sequence diagrams (Dia doesn't count, I need this for work, not home.)
0 111-ootools.html.
I'm tired of static class diagrams that don't tell me how the system *works*.
So is Allen Holub. See http://www.javaworld.com/javaworld/jw-01-2002/jw-
Surely you jest.
Have you read _Andromeda Strain_ or _The Great Train Robbery_?
As are: the Association of Public Television Stations (I'll hazard a guess that they are what they sound like), The Kermit Project, and the Association of Shareware Professionals.
Damn. I posted this before I saw the "Questioning Extreme Programming" story. Honest.
(ChannelX and hding engage in some belittlement of my need for such a "crutch" as static typing, and I find it difficult to leave it at that for future potential employers to discover. :)
Smalltalk runs financial systems. Good code can be, and is, written in Smalltalk. Smalltalk isn't untyped, it's dynamically typed. Smalltalk (BASIC, LISP, PROLOG, Java) can be compiled, Smalltalk doesn't have performance problems.
Noted, y'all. I knew all that.
I stand by my statement, however. In spite of all the above wonderfulness, you're still discovering errors at runtime, rather than before. This is how that XP unit test thang got started. (Actually, never mind the unit test thang, this is how that whole XP thang got started. Pair-programming (grizzled vet/neophyte) and all. I might even make the point that Smalltalk requires XP, if I felt like taking even more time off from work to compose this.)
Sure, it can be made to work, but I feel the opportunities for problems are greater than in statically-typed languages. Allow me to bring up Haskell, one of whose primary concerns is static type determination and checking (in addition to all that functional blah-dee-blah).
Also, I'm not sure what ChannelX meant about knowing about the language before discussing bugs (predicting frequency and severity?), but I've never really been able to convince a user that a bug is less serious because of my choice of implementation tools.
I do, however, totally agree that Smalltalk is a great way to get started on the O-O paradigm. Leave all that C bullshit behind and start w/a blank slate.
John.
Ya know...
I recently came back to Smalltalk (Squeak, specifically) after being away for a few years (10?).
Yuck. No thanks. This realization pretty much slapped me in the face: it's a scripting language. It's essentially untyped, transforming all your type errors into runtime occurrences that depend on dynamic data. Ewww. I want my compiler.
This thread is probably ancient history by now, but...
Blaming the people is a cop-out. The Chinese gov't didn't see fit to enforce IP law until recently.
Not to mention that many companies that appear to be private frequently turn out to be subsidiaries of the Chinese military.
Sorry I missed this posting over the weekend.
I always got a kick out of the Primos message on the subject line. Conjured up the images of a cross-eyed little stick figure expiring as he was attempting to crawl out from under a pile of bricks and rubble.
John.
I don't understand why you guys keep pinning your hopes on China. China has a long history of ignoring IP rights. Why should the GPL be any different? Is the source code for Red Flag out yet? (Has anybody looked at it to see what it's doing while it's booting w/a totally blank screen? Installing a keystroke logger, maybe?)
They're already pirates on a grand scale, so what revenue would Microsoft be *losing* if they switch to Linux?
We gotcher palladium right here, Comrade.
According our signature-stamping custom hardware, you have been posting seditious material to an anonymous remailer. Come with us, please.
I can't believe you didn't mention the people-coming-off-of-escalators/hotdogs-in-factory transition. Especially because the viewer gets fairly well slapped with it, several times, for good measure.
...is the tool we use here. I was involved in the search for a tool. I like it because it can parse the returned DOM and tell you things about it (like the value of the 3rd option in the select named "Blargh" in the form named "Foo") and make random picks in dropdowns in returned pages. Doing that with some of the other tools (including Mercury) required matching the entire page with regular expressions. Yuck. (I.e., you get the raw page text, a substring() function and a regexp matcher, if you were lucky.)
And the tests are developed in Javascript (Ecmascript), not some proprietary Pascal-like language, or something that required integration with custom C libs if you wanted custom functionality.
But, developing tests that don't trip over the slightest change in the UI (or underlying data) is definitely programmer-intensive.
John.
If MS responds to being "forced" to put java back in the OS, we might wind up w/some broken MS implementation or some horribly out-of-date Sun implementation.
In this day and age, with vendors slinging CDs around like there's no tomorrow, I'd be willing to bet a user who wanted it could easily get it (up-to-date and all) from a CD sitting under his coffee cop.
Java for Joe Sixpack at home is probably never going to fly, but I bet it'll do just fine for Joe Intranetuser.
Or something.
Silly rabbit.
Microsoft is the rock around which the stream will flow.
IHBT. :)
You can always identify the leader in a race by looking for the guy with all the arrows in his back.