So... as usual, a poor understanding of the economics of things dooms what could have been a great idea.
Oh, and not being able to copy it among my various machines dooms this too. I do my session notes and creative work on my desktop machine. Then I bring my laptop to the sessions with me... Actually, at this point, pretty much my entire group has a laptop or desktop at the table when we play. So am I going to buy a hardcopy version I can pass around to people as needed, or a software version that I can't? Hmm...
I think what I'm actually going to do is buy the hardcover, and download the scan of the same book on my P2P network of choice!
Oh wait, that's what I already do.:-)
I call this idea DOA, but let's see how it plays out.
Hmm... we've just started using Nagios at my site, and it seems to be doing quite well at that scale.
We *are* using 3 separate machines as data collectors, but that was also done so we could continue to grow in the future. We have requirements to monitor many different OS and platform combinations, as well as several services on those platforms. In all our searching (about a 6 month process), only Nagios seemed to fit the bill for that. So, if you can dedicate some modest hardware to it, Nagios seems to do quite well.
If low ids mattered for shit, I'd be modded up much higher on most of my comments;-). We had the same percentages of chuckle-heads back in the good old days too, just say 'no' to/. elitism.
(posting with 'No Karma Bonus' either, I am so humble it hurts)
This article is a piece of crap. It even includes the obligatory quote from Robert Enderle (who has left Gartner now and runs his own spewtank of market-trend quips).
I mean, come on... here are a few choice quotes:
Some corporate customers have viewed Linux as risky to use because the program is written by thousands of volunteers from around the globe, and nobody knows where the code comes from.
Yeah, the code just sort of suddenly appears on Linus's hard drive. *rolls eyes* Good god, this is unforgivable at this point -- by now, everyone should understand this open-source thing, it's been high-profile for long enough that these sorts of total fuck-ups should be a thing of the past.
I suspect some sort of program is automatically writing this stuff. A neural net filled with old articles that they just feed some new pieces of FUD into and then it spits out a new article in the same vein.
I did like this, though
Linux creator Linus Torvalds says he isn't worried by suggestions that Linux may infringe on patents. "Hey, there 'may' be life on Mars. What does 'may' mean?" he says via e-mail, adding that if Linux really does infringe on a patent, he'll just rewrite the code to sidestep the problem.
It's a true statement, isn't it? That Genghis Khan and his good friends, The Mongol Horde, swept through raping and pillaging? It was pretty much their modus operandi, from all the accounts I've read.
Oh sure, in all the excitement, I'm sure a few guys got buggered too, but on the whole, it was probably mostly women getting raped or taken captive. How is this fact sexist?
Installing Mozilla/Firefox still does not remove the IE HTML 'widget'. So can't I still be exploited by something that gets executed inside of another application that is using IE to display HTML content? For instance, I think OverNet/E-Donkey uses IE to display Web ads inside of it (but maybe I'm wrong).
I'm asking because somehow I caught a nasty malware infection recently, and I honestly have no idea why. I usually practice safe hex -- I use Firefox, never run strange binaries, etc. I'm wondering if some other piece of software was using IE without me realizing it...
This may be the final thing that moves to stop using Windows even on my laptop machine (which I've stuck with because Linux support for all my hardware is sorely lacking).
Thinking that monitoring your child every second is the solution to anything is ridiculous in any case. I don't care if we're talking drugs, alcohol, violent video games, or Scientology. You can't always be there, and you shouldn't expect to be. You have to develop a parenting strategy that does not rely on monitoring for compliance and safety.
When I was growing up, my parents never even knew where I was most of the time. I went out to play on a typical summer day, and wandered around the neighborhood hanging out with friends. I wasn't expected back until dinner time.
Somehow, I managed to come out of it OK. Sure, I saw the porno mags Timmy Smith had stolen from his dad's stash. I smoked a couple cigarettes when I was 12. I saw my friend's brother smoke dope (never tried it myself until I was well past the age of majority). But my parents had done their job in educating me pretty well in their sense of what was right and wrong. Even when I did things I knew they wouldn't approve of, I was able to consider those things in the moral structure they thought I should be educated in. I could ask myself "Why is what I'm doing wrong? Should I not be doing this?". I developed the ability to make my own decisions, and I had enough common sense to not get in over my head.
This is, to me, the only way to go. Don't try to control your kids. Don't make other people responsible for that task either. Do the best you can, take advantage of all the times your kids are with you to point out the moral issues of life and provide your perspective. Accept that they will make mistakes; if you think it's appropriate, administer discipline when they go against "the rules", but understand that this is all part of the learning process too.
Please, people. Produce thinkers, not mindless drones who have to be saved from themselves constantly. Insist on personal moral responsibility and accountability. Anything else is a cop-out. Even a very young child is capable of understanding "right" vs. "wrong" and knowing when they are breaking "the rules".
At the very least, if you don't have a degree, the people factor becomes that much higher. You're either going to have to know someone who can speak well to your qualifications and overall competance, or you're going to have to wow me in the interview.
That having been said, we just did a round-table in an interview situation today (where the person in question did not have a degree yet), and 40% of us did not have a degree. Of the other 60%, only 2 of those people had a degree in CS:-).
A degree is a good indicator of someone who knows something, and spent the time to learn it to some level. It's definately worth something in terms of indicating that the person is well-rounded and adaptable (which is just as important as specific fine-grained skills sometimes -- business needs change pretty quickly these days). I would at the very least seriously consider starting a degree program, it would at least show potential employers that you're working on that area. Even better, many of them will help you out with tuition (although like most things, those programs seem to be a little less common these days).
Just out of curiousity, how did you end up with a "bad" reference? If it was a former employer, you should know things like that are actionable. I've fired people for cause before, and even if someone calls, you can't say: "We fired him because he was a drunk". The best you can say is "Things did not work out with him".
So, if this wasn't a business reference, was it a personal reference that went sour? That would be really sad... but I would have thought you might have known that this person was somewhat sour on you...
Not knocking you, just curious how this came about. I would never give a reference that wasn't a very positive one; I'd just omit those entirely! There's no rule that you have to give contact information and references for every job you've ever had.
> Do you agree Microsoft already has fewer > freedoms in business due to being declared a > monopoly? If yes, do you agree we should not > pollute the discussion?
It's not something you have to agree with, it's a fact. Having been declared a monopoly as part of the anti-trust suit, they are (by law) held to stricter standards of conduct wrt competitive actions.
Oh dear, now I've gone and polluted the discussion. How messy and inconsistent of me. Bad boy, Michael! Bad! (Smacks self on nose with a rolled-up newspaper)
Well, I don't really care in this case. The patent was bogus, even if Microsoft was the sole target. It's one of those costs of freedoms, you know -- you have to agree that everyone gets the same sorts of freedoms (*)
(*) yes, I know Microsoft already has fewer freedoms in business due to being declared a monopoly. Let's not pollute the discussion:-).
No, there's other answers. Sometimes you are trading power for bulk. Perl is very powerful, but also very "bulky". Large footprint, for one thing. libperl is about 800K on my nearest Linux box. If I can bring another language in that is more compact, that might be a good thing.
The other issue is "bulk" in terms of the scope of the language. Sometimes limits are *OK*. If I just want to script out some very simple operations, do I need Perl? Do I need my users to learn Perl?
You need to consider the topic as a whole. This isn't a defense of REXX's suitability in these roles, but a counter to the assumption that there is an "only answer".
The funniest thing is that the ad links at the bottom of the article (at least when I read it, maybe they rotate those) were selling air ionizers... not sure if the makers of those things want to actually be associated with a somewhat negative article... <g>
This sort of attack is so common, I think part of any interview for a technical job involving web content (or just plain any sort of system using HTML, including things reusing the IE or Mozilla renderers) should be to analyze a chunk of code and point out where the XSS vulnerability lies...
I'm what I consider a well-seasoned (and spicy!) web developer, and I've been bitten by this more than once in recent memory myself. It is hard to catch all possible avenues in which data you do not directly control might get interpolated into a web page you render. The latest bug I ran into was is displaying content from a security audit, when I did not realize the content included snippets of Javascript inside it... content that then became part of the page I rendered. Oops, that call to window.close() just got included into the text! It took quite a while to debug this one, because everytime someone went to the page in question, their browser just closed! I thought I had somehow segfaulted both Mozilla and IE until I was able to capture the page using Lynx and look at the content...
So... the name of the game is to audit,audit,audit. Always ask yourself "Do I know where this data came from? Could it contain markup or scripting? Have I escaped those characters so I know they cannot be interpreted as HTML?". Then I usually turn things over to a colleague and ask him to actively try to subvert the application... that usually catches a few "gotchas" I missed.
Some people advocate "sanitizing" all data before it is displayed. That is certainly possible, but can be a waste of cycles when it certainly is possible to rule out some data sources as being vulnerable. If I know I sanitize data going *into* my database, then I can probably trust data coming out... but even in that case, only if I know no other malevolent entity can attack that data (and we all know how often hacks occur from the inside...)
I'm not sure if I get your point. Were you agreeing or disagreeing with me? Or just saying something totally different?
My comments were basically the same as yours (I think) -- I favor as few restrictions on my freedoms and the freedoms of others as is feasible and useful to society. I think good laws flow from the basic social contracts, the "Golden Mean" sort of thing ("Don't do something to someone else you wouldn't want done to you"). Bad laws flow from those who want to nose into other people's lives and enforce their own notions of morality or advance themselves by exploiting others. Bad laws deserve to be ignored or blatantly broken...
I believe these "safe havens" for "criminals" are intentional and a part of what our country was based on.
Today's criminals/law breakers/dissidents are often tomorrow's freedom-fighters. It's fairly clear Thomas Jefferson thought that this country was kept free by the assurance that if the government became too corrupt, it could be overthrown again. Unjust laws deserve to be broken... and I want to be assured that our society does not stagnate by trying to crush all actions and opinions that do not suit the current mores.
Challenge authority. If it is just and fair, it can survive your challenge... if it is unjust, your challenge can be one more crack in the wall.
This is partially true (Merry is able to avoid the prophecy because he is No Man). However, the sword Merry uses was obtain from the Barrows. The Barrows contained dead from the land of Arthedain, lost to the Witch King of Angmar in a long bitter battle. It was at the Battle of Fornost in that war that Glorfindel made the prophecy about the Witch King not being able to be killed by any man...
So that very sword had been forged for the very purpose of defeating the Witch King... and almost lay in wait for a small hobbit to find it, and change the course of history (because Eowyn would have been toast without Merry's distraction). The sword had a purpose and a role in this tale as great as Merry and Eowyn did... You could imagine the spirit of some Dunedain swordsmith resting peacefully now that the sword he forged had fulfilled its mission.
It's one of those truly classic, epic moments in the books - the culmination of centuries of history and prophecy. That is what makes the books epic -- the story as a whole begins in the tale of the Silmarils, with Valar and demi-godlike Elves striving against Melkor, and ends with a cast of mortals overcoming evil and ushering in a new age.
Actually, Eowyn vs. The Witch King (in a title bout!) is my absolute most favorite scene in the books, because I just loved her defending Theoden and defying this awesome menance who has literally destroyed entire kingdoms. It's like, hey, now there's real girl power, to quote the Spice Girls...
Back when I did the consulting thing, we billed out at $100-$125/hour easily. Our most junior programmer would have been $75/hour, and I don't think we even went that low... and this was 3+ years ago, in a small firm, working mostly word-of-mouth contracts (there were 10 of us total).
Now, how much of that did *I* see? A lot less than $100 an hour, that's for sure:-). But I do think that our consultants were well worth the money -- we typically got things done in less overall time and with much higher quality and reusability than the in-house work I saw from our clients who had both in-house and consultant-developed applications. So I hardly think we were scamming them.
This same firm out-sourced their Y2K work to India at around that same time. Last I checked, the work was not done on time, and was not of a high quality.:-)
I couldn't disagree more. If I read DeviceEntity.java, and it says:
getDeviceName(customerId)
I for damn sure don't want to search for the same thing in DeviceServlet.java and be frustrated because it says:
GETDeviceNAME
ugh. At the most basic level, this is dumb. If I mistyped the name with incorrect capitalization, it *won't compile*! This is not a subtle error, it would be obvious! So it does not at all lead to errors.
Case sensitivity means I know a variable, method, whatever, is always going to "look" the same to me when I'm scanning the code or when I type a quick search into vi (/getDeviceName). I don't need my new intern who likes a different set of notation littering my code with GetDeviceName because the compiler lets him get away with it:-).
I'll agree with you that having both ThisIsImportant and thisisimportant in a module and relying on case-insensitivity to differentiate is probably not a good idea, though...
Whatever it is, I beg you to please not pursue the path of medication on this. It may bring your child into some sort of 'compliance', but it will not help long term! You are doing the right thing seeking out an alternative "cure".
I have a very close friend who went through this 13 years ago... he was diagnosed as ADD and immediately put on Ritalin. When that didn't work, they switched him to something else, when that didn't work, they switched him to something else... this poor guy's biochemistry was completely fucked for his entire adolescence. On top of the usual hormonal changes and mood swings, he had to deal with neurochemical roulette. Every time I saw him, he looked different -- sometimes he was very pale, sometimes he had a bad rash somewhere on his body, sometimes he was very low energy... it was crazy.
As soon as he turned 18, he stopped his medication. He has a horrible relationship with his parents due to this -- he says they turned him into a lab rat, and he hates them for it. He is now even more messed up than when he started, and recently has been diagnosed as so clinically depressed that he cannot function on his own... he's a mess. I'm convinced his brain was forever altered from this set of drugs they put him on... he was a very smart kid, still is, but he got shafted by faulty treatments by over-eager doctors and parents who believed that the *next* drug would be the key.
I'd be very wary of any sort of ADD/ADHD diagnosis. *Very* wary. It's just too easy to misdiagnose... Your daughter obviously does have some true difficulties fitting in, but I don't think giving her medication that makes her have facial microseizures is any sort of answer. The side-effects of these medications are just too great, especially in a growing body. Seek a second opinion, and definately look at holistic and therapeutic modalities.
I know this isn't an answer to your question... and I don't mean to sound critical of someone who is obviously a caring parent in a tough situation. I just figure relating my experiences in seeing this might help give you a perspective. Email me if you want more details -- my email address is on my blog linked above.
Do you have a link to an announcement about this? It would be a good step... I'm a little unsure about the development team's real intention, though, since I seem to recall a lot of slamming of the GPL on their discussion forum. I mean, I don't care -- pick any Open Source license you want, I'm no zealot. I just hope they have actually considered this and are committed to a real open source release.
I do understand the desire not to "go open" right away -- we all write some pretty crufty code when we know only we will be the ones looking at it... However, they should make open-sourcing an actual goal, something on a roapmap that is just as important as any feature they might add...
Opening it up would in the longer term help them achieve more features I think (although as we can see in the Mozilla project, there is a period of time where just bringing everyone out there up to speed consumes time and resources).
I see a couple "problems" (well, OK, they're just gripes of mine, so take that for what it's worth):
1) It's not free-as-in-speech. I take a dimmer view of projects that aren't open and have already taken a firm stand that they will *never* be open. Coupling this with some allegations of *possible* GPL violations (which were covered in the last SkyOS story), and it just gives me a bad feeling
2) I just don't see anything here to get excited about. Kudos to the author for doing this all on his own, that's great... but without something new and exciting to offer, it's just a toy project at best. I'd rather see innovative minds like this throw their weight behind projects that we do need (like better Linux games <g>).
I believe all of these are very true; HLL's can be optimized, and in some cases perform very well, far beyond the usual off-the-cuff expectations for HLL performance.
However... then we get into a situation where the programming team has to ask themselves:
- Do we know the language well enough to program in it without increasing our development time? - If not, would the increase in time on this project end up benefitting us on the other projects in the pipeline? (Do we even have a 'pipeline'?) - Do we know enough about the language and the compiler to know how to exploit the possible optimizations? If we're relatively new to the language, we might write code we think is great, but miss out on even simple tricks that would have let the compiler optimize things. Add a little more time to the learning curve.
Etc, etc. Hard calls to make, even if this is a project you intend to pursue "on your own" -- because who's to say that in a year, you're not going to want to open the project up on Sourceforge and solicit some of that good old 'open source' collaborative effort? Be nice if the potential pool of contributers were as large as possible...
I'm a firm believer in languages like Dylan and Common Lisp (despite never having done anything beyond toy programming in them), but it is very hard to make the case in most production, time-sensitive environments to "take a chance" on them. If more programmers were proficient in them, then they would be easier to promote... of course, relatively few people are being trained in them or learning them on their own, because there is not a huge market for that skill. Typical viscious circle promoted by short-term thinking, but that's a fact of life, isn't it?
In any case... my original point still stands (I think? <g>). The requirements and reasons for an extension language are totally different than those for an implementation language. Even if you decided to implement a project in Lisp and extend it via Lisp (I think I heard of an editor that lets you do that), you still would still be exposing some part of the work to the end-user, and "hiding" the rest as part of the 'black-box' that you are free to change in future revisions. The two goals (user friendly extension interface and highly performant and powerful engine) must be able to be pursued separately, and in many cases, that leads to two different underlying implementations and languages.
Slashdot Mirror
So... as usual, a poor understanding of the economics of things dooms what could have been a great idea.
:-)
Oh, and not being able to copy it among my various machines dooms this too. I do my session notes and creative work on my desktop machine. Then I bring my laptop to the sessions with me... Actually, at this point, pretty much my entire group has a laptop or desktop at the table when we play. So am I going to buy a hardcopy version I can pass around to people as needed, or a software version that I can't? Hmm...
I think what I'm actually going to do is buy the hardcover, and download the scan of the same book on my P2P network of choice!
Oh wait, that's what I already do.
I call this idea DOA, but let's see how it plays out.
Hmm... we've just started using Nagios at my site, and it seems to be doing quite well at that scale.
We *are* using 3 separate machines as data collectors, but that was also done so we could continue to grow in the future. We have requirements to monitor many different OS and platform combinations, as well as several services on those platforms. In all our searching (about a 6 month process), only Nagios seemed to fit the bill for that. So, if you can dedicate some modest hardware to it, Nagios seems to do quite well.
If low ids mattered for shit, I'd be modded up much higher on most of my comments ;-). We had the same percentages of chuckle-heads back in the good old days too, just say 'no' to /. elitism.
(posting with 'No Karma Bonus' either, I am so humble it hurts)
I mean, come on... here are a few choice quotes:
Yeah, the code just sort of suddenly appears on Linus's hard drive. *rolls eyes* Good god, this is unforgivable at this point -- by now, everyone should understand this open-source thing, it's been high-profile for long enough that these sorts of total fuck-ups should be a thing of the past.
I suspect some sort of program is automatically writing this stuff. A neural net filled with old articles that they just feed some new pieces of FUD into and then it spits out a new article in the same vein.
I did like this, though
Ummm...
It's a true statement, isn't it? That Genghis Khan and his good friends, The Mongol Horde, swept through raping and pillaging? It was pretty much their modus operandi, from all the accounts I've read.
Oh sure, in all the excitement, I'm sure a few guys got buggered too, but on the whole, it was probably mostly women getting raped or taken captive. How is this fact sexist?
Installing Mozilla/Firefox still does not remove the IE HTML 'widget'. So can't I still be exploited by something that gets executed inside of another application that is using IE to display HTML content? For instance, I think OverNet/E-Donkey uses IE to display Web ads inside of it (but maybe I'm wrong).
I'm asking because somehow I caught a nasty malware infection recently, and I honestly have no idea why. I usually practice safe hex -- I use Firefox, never run strange binaries, etc. I'm wondering if some other piece of software was using IE without me realizing it...
This may be the final thing that moves to stop using Windows even on my laptop machine (which I've stuck with because Linux support for all my hardware is sorely lacking).
Thinking that monitoring your child every second is the solution to anything is ridiculous in any case. I don't care if we're talking drugs, alcohol, violent video games, or Scientology. You can't always be there, and you shouldn't expect to be. You have to develop a parenting strategy that does not rely on monitoring for compliance and safety.
When I was growing up, my parents never even knew where I was most of the time. I went out to play on a typical summer day, and wandered around the neighborhood hanging out with friends. I wasn't expected back until dinner time.
Somehow, I managed to come out of it OK. Sure, I saw the porno mags Timmy Smith had stolen from his dad's stash. I smoked a couple cigarettes when I was 12. I saw my friend's brother smoke dope (never tried it myself until I was well past the age of majority). But my parents had done their job in educating me pretty well in their sense of what was right and wrong. Even when I did things I knew they wouldn't approve of, I was able to consider those things in the moral structure they thought I should be educated in. I could ask myself "Why is what I'm doing wrong? Should I not be doing this?". I developed the ability to make my own decisions, and I had enough common sense to not get in over my head.
This is, to me, the only way to go. Don't try to control your kids. Don't make other people responsible for that task either. Do the best you can, take advantage of all the times your kids are with you to point out the moral issues of life and provide your perspective. Accept that they will make mistakes; if you think it's appropriate, administer discipline when they go against "the rules", but understand that this is all part of the learning process too.
Please, people. Produce thinkers, not mindless drones who have to be saved from themselves constantly. Insist on personal moral responsibility and accountability. Anything else is a cop-out. Even a very young child is capable of understanding "right" vs. "wrong" and knowing when they are breaking "the rules".
At the very least, if you don't have a degree, the people factor becomes that much higher. You're either going to have to know someone who can speak well to your qualifications and overall competance, or you're going to have to wow me in the interview.
:-).
That having been said, we just did a round-table in an interview situation today (where the person in question did not have a degree yet), and 40% of us did not have a degree. Of the other 60%, only 2 of those people had a degree in CS
A degree is a good indicator of someone who knows something, and spent the time to learn it to some level. It's definately worth something in terms of indicating that the person is well-rounded and adaptable (which is just as important as specific fine-grained skills sometimes -- business needs change pretty quickly these days). I would at the very least seriously consider starting a degree program, it would at least show potential employers that you're working on that area. Even better, many of them will help you out with tuition (although like most things, those programs seem to be a little less common these days).
Just out of curiousity, how did you end up with a "bad" reference? If it was a former employer, you should know things like that are actionable. I've fired people for cause before, and even if someone calls, you can't say: "We fired him because he was a drunk". The best you can say is "Things did not work out with him".
(Here's a reference at FindLaw)
So, if this wasn't a business reference, was it a personal reference that went sour? That would be really sad... but I would have thought you might have known that this person was somewhat sour on you...
Not knocking you, just curious how this came about. I would never give a reference that wasn't a very positive one; I'd just omit those entirely! There's no rule that you have to give contact information and references for every job you've ever had.
So does this mean Apache 2.0 will now play nicer with PHP?
This is what killed "The Diamond Age" for me. Great book, very interesting characters, awesome speculative technology and settings...
Then, it suddenly ended, and left me scratching my head totally. I actually checked to make sure I wasn't missing another chapter or something...
Then I was totally embarrased, because I had already recommended the book to several friends. I was hoping they'd forget I mentioned it.
Not that that kept me from getting Cryptonomicon. I work at a security company, I think I pretty have to read it.
> Do you agree Microsoft already has fewer
> freedoms in business due to being declared a
> monopoly? If yes, do you agree we should not
> pollute the discussion?
It's not something you have to agree with, it's a fact. Having been declared a monopoly as part of the anti-trust suit, they are (by law) held to stricter standards of conduct wrt competitive actions.
Oh dear, now I've gone and polluted the discussion. How messy and inconsistent of me. Bad boy, Michael! Bad! (Smacks self on nose with a rolled-up newspaper)
Well, I don't really care in this case. The patent was bogus, even if Microsoft was the sole target. It's one of those costs of freedoms, you know -- you have to agree that everyone gets the same sorts of freedoms (*)
:-).
(*) yes, I know Microsoft already has fewer freedoms in business due to being declared a monopoly. Let's not pollute the discussion
No, there's other answers. Sometimes you are trading power for bulk. Perl is very powerful, but also very "bulky". Large footprint, for one thing. libperl is about 800K on my nearest Linux box. If I can bring another language in that is more compact, that might be a good thing.
The other issue is "bulk" in terms of the scope of the language. Sometimes limits are *OK*. If I just want to script out some very simple operations, do I need Perl? Do I need my users to learn Perl?
You need to consider the topic as a whole. This isn't a defense of REXX's suitability in these roles, but a counter to the assumption that there is an "only answer".
The funniest thing is that the ad links at the bottom of the article (at least when I read it, maybe they rotate those) were selling air ionizers... not sure if the makers of those things want to actually be associated with a somewhat negative article... <g>
This sort of attack is so common, I think part of any interview for a technical job involving web content (or just plain any sort of system using HTML, including things reusing the IE or Mozilla renderers) should be to analyze a chunk of code and point out where the XSS vulnerability lies...
I'm what I consider a well-seasoned (and spicy!) web developer, and I've been bitten by this more than once in recent memory myself. It is hard to catch all possible avenues in which data you do not directly control might get interpolated into a web page you render. The latest bug I ran into was is displaying content from a security audit, when I did not realize the content included snippets of Javascript inside it... content that then became part of the page I rendered. Oops, that call to window.close() just got included into the text! It took quite a while to debug this one, because everytime someone went to the page in question, their browser just closed! I thought I had somehow segfaulted both Mozilla and IE until I was able to capture the page using Lynx and look at the content...
So... the name of the game is to audit,audit,audit. Always ask yourself "Do I know where this data came from? Could it contain markup or scripting? Have I escaped those characters so I know they cannot be interpreted as HTML?". Then I usually turn things over to a colleague and ask him to actively try to subvert the application... that usually catches a few "gotchas" I missed.
Some people advocate "sanitizing" all data before it is displayed. That is certainly possible, but can be a waste of cycles when it certainly is possible to rule out some data sources as being vulnerable. If I know I sanitize data going *into* my database, then I can probably trust data coming out... but even in that case, only if I know no other malevolent entity can attack that data (and we all know how often hacks occur from the inside...)
I'm not sure if I get your point. Were you agreeing or disagreeing with me? Or just saying something totally different?
My comments were basically the same as yours (I think) -- I favor as few restrictions on my freedoms and the freedoms of others as is feasible and useful to society. I think good laws flow from the basic social contracts, the "Golden Mean" sort of thing ("Don't do something to someone else you wouldn't want done to you"). Bad laws flow from those who want to nose into other people's lives and enforce their own notions of morality or advance themselves by exploiting others. Bad laws deserve to be ignored or blatantly broken...
I believe these "safe havens" for "criminals" are intentional and a part of what our country was based on.
Today's criminals/law breakers/dissidents are often tomorrow's freedom-fighters. It's fairly clear Thomas Jefferson thought that this country was kept free by the assurance that if the government became too corrupt, it could be overthrown again. Unjust laws deserve to be broken... and I want to be assured that our society does not stagnate by trying to crush all actions and opinions that do not suit the current mores.
Challenge authority. If it is just and fair, it can survive your challenge... if it is unjust, your challenge can be one more crack in the wall.
This is partially true (Merry is able to avoid the prophecy because he is No Man). However, the sword Merry uses was obtain from the Barrows. The Barrows contained dead from the land of Arthedain, lost to the Witch King of Angmar in a long bitter battle. It was at the Battle of Fornost in that war that Glorfindel made the prophecy about the Witch King not being able to be killed by any man...
So that very sword had been forged for the very purpose of defeating the Witch King... and almost lay in wait for a small hobbit to find it, and change the course of history (because Eowyn would have been toast without Merry's distraction). The sword had a purpose and a role in this tale as great as Merry and Eowyn did... You could imagine the spirit of some Dunedain swordsmith resting peacefully now that the sword he forged had fulfilled its mission.
It's one of those truly classic, epic moments in the books - the culmination of centuries of history and prophecy. That is what makes the books epic -- the story as a whole begins in the tale of the Silmarils, with Valar and demi-godlike Elves striving against Melkor, and ends with a cast of mortals overcoming evil and ushering in a new age.
Actually, Eowyn vs. The Witch King (in a title bout!) is my absolute most favorite scene in the books, because I just loved her defending Theoden and defying this awesome menance who has literally destroyed entire kingdoms. It's like, hey, now there's real girl power, to quote the Spice Girls...
Back when I did the consulting thing, we billed out at $100-$125/hour easily. Our most junior programmer would have been $75/hour, and I don't think we even went that low... and this was 3+ years ago, in a small firm, working mostly word-of-mouth contracts (there were 10 of us total).
:-). But I do think that our consultants were well worth the money -- we typically got things done in less overall time and with much higher quality and reusability than the in-house work I saw from our clients who had both in-house and consultant-developed applications. So I hardly think we were scamming them.
:-)
Now, how much of that did *I* see? A lot less than $100 an hour, that's for sure
This same firm out-sourced their Y2K work to India at around that same time. Last I checked, the work was not done on time, and was not of a high quality.
I couldn't disagree more. If I read DeviceEntity.java, and it says:
:-).
getDeviceName(customerId)
I for damn sure don't want to search for the same thing in DeviceServlet.java and be frustrated because it says:
GETDeviceNAME
ugh. At the most basic level, this is dumb. If I mistyped the name with incorrect capitalization, it *won't compile*! This is not a subtle error, it would be obvious! So it does not at all lead to errors.
Case sensitivity means I know a variable, method, whatever, is always going to "look" the same to me when I'm scanning the code or when I type a quick search into vi (/getDeviceName). I don't need my new intern who likes a different set of notation littering my code with GetDeviceName because the compiler lets him get away with it
I'll agree with you that having both ThisIsImportant and thisisimportant in a module and relying on case-insensitivity to differentiate is probably not a good idea, though...
Whatever it is, I beg you to please not pursue the path of medication on this. It may bring your child into some sort of 'compliance', but it will not help long term! You are doing the right thing seeking out an alternative "cure".
I have a very close friend who went through this 13 years ago... he was diagnosed as ADD and immediately put on Ritalin. When that didn't work, they switched him to something else, when that didn't work, they switched him to something else... this poor guy's biochemistry was completely fucked for his entire adolescence. On top of the usual hormonal changes and mood swings, he had to deal with neurochemical roulette. Every time I saw him, he looked different -- sometimes he was very pale, sometimes he had a bad rash somewhere on his body, sometimes he was very low energy... it was crazy.
As soon as he turned 18, he stopped his medication. He has a horrible relationship with his parents due to this -- he says they turned him into a lab rat, and he hates them for it. He is now even more messed up than when he started, and recently has been diagnosed as so clinically depressed that he cannot function on his own... he's a mess. I'm convinced his brain was forever altered from this set of drugs they put him on... he was a very smart kid, still is, but he got shafted by faulty treatments by over-eager doctors and parents who believed that the *next* drug would be the key.
I'd be very wary of any sort of ADD/ADHD diagnosis. *Very* wary. It's just too easy to misdiagnose... Your daughter obviously does have some true difficulties fitting in, but I don't think giving her medication that makes her have facial microseizures is any sort of answer. The side-effects of these medications are just too great, especially in a growing body. Seek a second opinion, and definately look at holistic and therapeutic modalities.
I know this isn't an answer to your question... and I don't mean to sound critical of someone who is obviously a caring parent in a tough situation. I just figure relating my experiences in seeing this might help give you a perspective. Email me if you want more details -- my email address is on my blog linked above.
Do you have a link to an announcement about this? It would be a good step... I'm a little unsure about the development team's real intention, though, since I seem to recall a lot of slamming of the GPL on their discussion forum. I mean, I don't care -- pick any Open Source license you want, I'm no zealot. I just hope they have actually considered this and are committed to a real open source release.
I do understand the desire not to "go open" right away -- we all write some pretty crufty code when we know only we will be the ones looking at it... However, they should make open-sourcing an actual goal, something on a roapmap that is just as important as any feature they might add...
Opening it up would in the longer term help them achieve more features I think (although as we can see in the Mozilla project, there is a period of time where just bringing everyone out there up to speed consumes time and resources).
I see a couple "problems" (well, OK, they're just gripes of mine, so take that for what it's worth):
1) It's not free-as-in-speech. I take a dimmer view of projects that aren't open and have already taken a firm stand that they will *never* be open. Coupling this with some allegations of *possible* GPL violations (which were covered in the last SkyOS story), and it just gives me a bad feeling
2) I just don't see anything here to get excited about. Kudos to the author for doing this all on his own, that's great... but without something new and exciting to offer, it's just a toy project at best. I'd rather see innovative minds like this throw their weight behind projects that we do need (like better Linux games <g>).
I believe all of these are very true; HLL's can be optimized, and in some cases perform very well, far beyond the usual off-the-cuff expectations for HLL performance.
However... then we get into a situation where the programming team has to ask themselves:
- Do we know the language well enough to program in it without increasing our development time?
- If not, would the increase in time on this project end up benefitting us on the other projects in the pipeline? (Do we even have a 'pipeline'?)
- Do we know enough about the language and the compiler to know how to exploit the possible optimizations? If we're relatively new to the language, we might write code we think is great, but miss out on even simple tricks that would have let the compiler optimize things. Add a little more time to the learning curve.
Etc, etc. Hard calls to make, even if this is a project you intend to pursue "on your own" -- because who's to say that in a year, you're not going to want to open the project up on Sourceforge and solicit some of that good old 'open source' collaborative effort? Be nice if the potential pool of contributers were as large as possible...
I'm a firm believer in languages like Dylan and Common Lisp (despite never having done anything beyond toy programming in them), but it is very hard to make the case in most production, time-sensitive environments to "take a chance" on them. If more programmers were proficient in them, then they would be easier to promote... of course, relatively few people are being trained in them or learning them on their own, because there is not a huge market for that skill. Typical viscious circle promoted by short-term thinking, but that's a fact of life, isn't it?
In any case... my original point still stands (I think? <g>). The requirements and reasons for an extension language are totally different than those for an implementation language. Even if you decided to implement a project in Lisp and extend it via Lisp (I think I heard of an editor that lets you do that), you still would still be exposing some part of the work to the end-user, and "hiding" the rest as part of the 'black-box' that you are free to change in future revisions. The two goals (user friendly extension interface and highly performant and powerful engine) must be able to be pursued separately, and in many cases, that leads to two different underlying implementations and languages.