Get paid for your time and effort, not the quality of and demand for your work? What are you, some kinda communist?
Are you telling me you pay more for your McBurger when it's busy, or if they manage to put it together nicely?
I implied nothing of the sort, but as it so happens, I do, when I make my own food. My time is more expensive to me when I'm busy, and I prefer to have the option of putting it together less nicely.
It sounds like you favor the split in the open-source community that the Linux guys are warning us about. Personally I'd be in the GPLv2 camp. It looks like you'd be on the other side.
There are already dozens or hundreds of splits or camps in the open-source community. You already can't combine License A with License B. It's a really big tent.
Shouldn't things like DRM be left up to the consumers to decide and not any small group?
That's what the GPLv3 attempts to ensure: that for example the master keys controlling which programs can run on a computer are given to the owner of that computer, as opposed to preventing the owner from modifying the computer or its programs, or running other programs on the computer. It puts decision-making in the hands of the owner of the computer, where it belongs.
My personal view on it is that the FSF is trying to take a software license and use it as part of its political campaign against DRM
That's not the half of it: the FSF created that license in the first place to serve their political and moral goals. From the very beginning, the GPL has been about imposing the morality of the developer on subsequent developers, and GPLv3 does not change that in any way.
For those who agree with the FSF and its goals, GPLv3 is great. For you and your parent poster, the BSD license is a better solution.
I can think of quite a few, but they all involve me owning the master keys to my own computer, which the GPLv3 would make more likely.
After reading the whole thing, I disagree with the kernel developers on most points. Their most significant objection is this one: "As drafted, this currently looks like it would potentially jeopardise the entire patent portfolio of a company simply by the act of placing a GPLv3 licensed programme on their website." It doesn't look like that to me, but IANAL, and TANLE, and in any case, jeopardizing software patents would not actually be that bad of an outcome.
It's cheaper to lop off the 10% that are obvious "spam patents" before they're ever granted than to let all 10% (that would be like 4,000 these days) go through and clean up later...
Perhaps it's cheaper in the short term, but if letting the worst 10% of software patents go through annoys enough people that we're able to get rid of all software patents, or the worst 90%, it would be cheaper in the long run to allow obvious "spam patents".
What's broken: the obvious "spam patents" or the system that approves them? Will getting rid of only the worst 10% solve the problem? In Stallman's eyes, not only will it not, but getting rid of the worst 10% makes the next worst 10% harder to get rid of.
It's true that for those who would be unfairly prosecuted for violating the worst 10%, but not the next worst 10%, getting rid of the worst 10% is the priority. Everyone else, though, should take the long term view.
Some definitions of plagiarism are extremely (and inaccurately) broad. Some people even consider it cheating to "self-plagiarize", or quote something you've previously written, without attributing it to yourself.
Claiming credit for someone else's work is bad, but broadening and diluting the definition this much is counterproductive, I think.
At a small start up with no outside investors, no one really cares if a shop getting 30 emails a day over DSL is using a warez copy of Exchange. If the owner decides to go that route, it filters down to employees who will feel free to use email, phones, etc. for personal purposes.
The horror!
Seriously, we're talking about ethical breaches here, not how worker-friendly it is. There's nothing wrong with a company letting employees use email, phones, etc. for personal purposes, and if a company doesn't allow that, they are less able to compete for good workers.
A better way to phrase it is that if they use a warez copy of exchange, it filters down to employees who feel free to use warez copies of other software, or even release warez versions of the company's software.
... and changing even a small piece of code often requires changing a lot of tests. If you can offer any suggestions about how to improve that, I'm all ears.
That's the wrong way round. Shouldn't you be rewriting the tests to conform to the new specifications then changing the code for the re-written tests that fail?
Yes, that's the XP way, but either way, each change requires you to change lots of tests. The problem is that if you do it the XP way, tests first, then you maximize the number of tests you have to change for each code change. If you code first, you might not have written all your tests yet.
As a non-layman, highly SW-based, real enough engineer (and other than that an almost normal person), I would not parallel, for instance, structural analysis in civil engineering with formal methods in SW engineering. "Formal method" is the name of a specific kind of SW analysis tool, based on mathematically proving the software, not taking stress scenarios into account (stress simulation for SW is called "testing":) ).
There are tools to help with formal methods, but don't mistake the tool for the method. It's simply the case that without their tools, formal methods are impractical on nontrivial systems. The parallels that I was thinking of between formal methods in software engineering and mathematical calculation of loads and stresses are these:
Both can occur during planning or design, before something is actually built
Both use mathematically rigorous techniques
Both can be thought of as a system of equations
Do you believe that software engineering is real engineering? I'm open to the idea (that's its goal), but I see a huge discrepancy in quality of results.
I'm not a real engineer, but my layman's understanding is that the engineering equivalent of formal methods involves the mathematical calculation of loads and stresses.
It's an attempt to achieve a greater level of quality through process/practices, which is as close as "software engineering" has gotten to real engineering so far. Arguably, though, "software engineering" isn't real engineering until you use formal methods to ensure the correctness of your design and implementation.
In my opinion, extreme programming is extremely overrated. Some of the ideas, such as test-driven development (although this concept is not restricted to XP), work well. Others, such as pair programming just do not work in my opinion. Programmersare solo beasts - putting two of these dragons behind one keyboard is asking for trouble.
Test driven development is seductive; who wouldn't want to have all those automated tests in order to check changes to their code? However, I find it hard to put into practice. When requirements change frequently (which XP is supposed to be geared towards) it's hard to complete the tests much less complete the code before we're asked to change something, and changing even a small piece of code often requires changing a lot of tests. If you can offer any suggestions about how to improve that, I'm all ears.
Pair programming, on the other hand, is something that I wish I could have done when I was fresh out of school and not really as smart as I thought I was. It seems like an effective way to show the newer programmer how the veteran does things, both in the code and in how the day is scheduled.
WHUXGA an abbreviation for Wide Hex[adecatuple] Ultra Extended Graphics Array, is a display standard that can support a resolution up to 7680 x 4800 pixels, assuming a 16:10 aspect ratio.
Just think about how many xterms you could fit without overlapping on a display like that. Of course it would have to be 8 feet wide, but I'm not complaining.
Seriously, what advantage does a desktop-style mail client -- especially one that's just simulated in a browser -- have over Gmail's simple, intuitive, fast interface with great integrated search capabilities?
A desktop-style mail client can read messages from the IMAP server running in my closet. I'm pretty sure Gmail and Yahoo! Mail Beta don't do that, though they could if they wanted to.
It is true that the United States interferes too much in world affairs. Sometimes, though, foreign military intervention is desirable, and in this case, Al-Qaida declared war against the United States as a direct result of the Persian Gulf War. Should the United States have allowed Saddam Hussein to keep Kuwait and threaten Saudi Arabia and the world economy? (It is, after all, about oil.)
Yes, a reasonable person would not have done lots of the things that the United States has done. There are many deplorable things that we condemn and there are many more questionable things that the US would be wise to reconsider. But would avoiding those things prevent us from being a target of terrorism? When I consider this batch of terrorists, I'm not convinced.
That's the theoretical side. Theoretically, if the US had been isolationist for the last 50 years, we might or might not be in a better situation now, but that's not the case. So, complaining about the past is only useful to the extent that it leads us to what should be done now. What should be done now?
In the last couple years, my parents and in-laws (but strangely not I; maybe it's an age thing?) have started getting lots of automated political messages right before elections. Yesterday there was a primary election and they each had 6+ automated messages from various politicians asking for their vote left on their answering machines Monday night.
I don't care about MPEG4 vs MPG2 vs MS DRM'd video streams for this purpose. I just timeshift stuff, I don't keep it, burn it, or care about handing it to friends. I don't care about watching video on multiple machines, or streaming it to my laptop in some hotel somewhere.
It sounds like a prepackaged, consumer-oriented system would best meet your needs. I recommend looking into Tivo. The new Series 3 looks like it will be quite nice.
The article didn't indicate which, but I hope lossless is an option.
I'm excited about this technology. It could be one more building block for a glasses-and-PDA-based desktop replacement.
The skipping student does poorly, and either learns to go to lecture in the future, or gets booted out of school. Everyone wins except for the student, who only screwed himself.
Your conclusion assumes that the school administrators don't care if kids are flunking out.
That's been my experience. Maybe at some smaller schools it's not the case, but various statistics claim that a quarter of freshmen drop out after one year and 50% of incoming freshmen eventually graduate in 6 years or less. Lots of kids just can't handle the responsibility of living away from home and party instead of studying.
Guess what, it looks bad to the school board and it has a negative effect on college rankings.
Elite schools prize their reputation; they want all but the best to drop out well before graduation. (They try to only admit the best in the first place, but that's hard.)
...and this statement is the crux of why your perspective is sub-optimal and unproductive. Nothing personal, lots of people in this thread agree with you, and are equally wrong. It's like saying "breathing is important" in a safety course. Well, yes, breathing is important, but it's not exactly something one generally has to concentrate upon, is it?
I wish good processes were as easy as good breathing. If proper documentation occurs at your place of work, don't take it for granted.
Here's my alternative wording:
"As an information security professional, it is my job to accurately assess risk, communicate that risk to relevant management, and carry out the resultant business decision."
That is a good way to state it. The submitter's question is this: having done that, and recognizing that disaster is about to occur anyway, what do I do?
1) avoid becoming the fall guy when one of the risks inevitably occurs (documentation)
You may be writing from somewhere where this might make a difference.
I am - from the United States. If CYA were ineffective, there wouldn't be so many people doing it. Sometimes, documenting an accurate prediction works to one's benefit.
2) minimize one's personal workload when one of the risks inevitably occurs (quit; see below for more options)
So, if you're salaried and don't get overtime, this might be an issue. If you're NOT salaried, the answer to this is called "overtime." It's a pay-me-now, pay-me-later kind of thing, and any reasonable business manager knows that if he gambles wrong and loses, he has to pay. There really isn't any insurance against unplanned overtime if you're in a production support role...
I believe that most people in the submitter's position are salaried. Despite that, though, "overtime" is not a solution -- it simply makes things less bad. The problem/goal is that the employee would rather be doing other things (be they regular duties or putting out other fires). There is insurance against unplanned overtime: contingency planning.
Overall, your post seems an apology for the sort of thinking I was criticizing earlier
I hope so! Documentation of risk is important, and leaving a bad situation for a better one is a valid strategic move.
Even if the sky is falling, it's certainly not falling on YOUR head. You get unemployment insurance if they go under, right?
Losing one's job, even with unemployment insurance, is not a best-case scenario. If you believe the sky is about to fall, why wait until it actually does before getting a new job?
So yes, you can document stuff and/or quit, but those are only means to an end, which is to align your business risk expectations with management's.
There are two ends that your analysis misses:
1) avoid becoming the fall guy when one of the risks inevitably occurs (documentation)
2) minimize one's personal workload when one of the risks inevitably occurs (quit; see below for more options)
In the submitter's scenario, it appears that management does not understand these particular risks enough to make an educated decision about where to set their risk tolerance. The submitter's question is this: "Disaster is imminent. What do I do?" "Align your risk expectations with management's" doesn't solve the problem.
Some things can be done. Security improvements can be bundled along with "upgrades". Fallback plans for when management panics and says "do something" can be made. Good backups can be kept. Backup restoration procedures can be tested. Case studies of similar organizations that experienced these particular risks can be brought to management's attention.
Slashdot Mirror
I implied nothing of the sort, but as it so happens, I do, when I make my own food. My time is more expensive to me when I'm busy, and I prefer to have the option of putting it together less nicely.
There are already dozens or hundreds of splits or camps in the open-source community. You already can't combine License A with License B. It's a really big tent.
That's what the GPLv3 attempts to ensure: that for example the master keys controlling which programs can run on a computer are given to the owner of that computer, as opposed to preventing the owner from modifying the computer or its programs, or running other programs on the computer. It puts decision-making in the hands of the owner of the computer, where it belongs.
That's not the half of it: the FSF created that license in the first place to serve their political and moral goals. From the very beginning, the GPL has been about imposing the morality of the developer on subsequent developers, and GPLv3 does not change that in any way.
For those who agree with the FSF and its goals, GPLv3 is great. For you and your parent poster, the BSD license is a better solution.
I can think of quite a few, but they all involve me owning the master keys to my own computer, which the GPLv3 would make more likely.
After reading the whole thing, I disagree with the kernel developers on most points. Their most significant objection is this one: "As drafted, this currently looks like it would potentially jeopardise the entire patent portfolio of a company simply by the act of placing a GPLv3 licensed programme on their website." It doesn't look like that to me, but IANAL, and TANLE, and in any case, jeopardizing software patents would not actually be that bad of an outcome.
Get paid for your time and effort, not the quality of and demand for your work? What are you, some kinda communist?
Perhaps it's cheaper in the short term, but if letting the worst 10% of software patents go through annoys enough people that we're able to get rid of all software patents, or the worst 90%, it would be cheaper in the long run to allow obvious "spam patents".
What's broken: the obvious "spam patents" or the system that approves them? Will getting rid of only the worst 10% solve the problem? In Stallman's eyes, not only will it not, but getting rid of the worst 10% makes the next worst 10% harder to get rid of.
It's true that for those who would be unfairly prosecuted for violating the worst 10%, but not the next worst 10%, getting rid of the worst 10% is the priority. Everyone else, though, should take the long term view.
Claiming credit for someone else's work is bad, but broadening and diluting the definition this much is counterproductive, I think.
The horror!
Seriously, we're talking about ethical breaches here, not how worker-friendly it is. There's nothing wrong with a company letting employees use email, phones, etc. for personal purposes, and if a company doesn't allow that, they are less able to compete for good workers.
A better way to phrase it is that if they use a warez copy of exchange, it filters down to employees who feel free to use warez copies of other software, or even release warez versions of the company's software.
Yes, that's the XP way, but either way, each change requires you to change lots of tests. The problem is that if you do it the XP way, tests first, then you maximize the number of tests you have to change for each code change. If you code first, you might not have written all your tests yet.
There are tools to help with formal methods, but don't mistake the tool for the method. It's simply the case that without their tools, formal methods are impractical on nontrivial systems. The parallels that I was thinking of between formal methods in software engineering and mathematical calculation of loads and stresses are these:
Do you believe that software engineering is real engineering? I'm open to the idea (that's its goal), but I see a huge discrepancy in quality of results.
I'm not a real engineer, but my layman's understanding is that the engineering equivalent of formal methods involves the mathematical calculation of loads and stresses.
It's an attempt to achieve a greater level of quality through process/practices, which is as close as "software engineering" has gotten to real engineering so far. Arguably, though, "software engineering" isn't real engineering until you use formal methods to ensure the correctness of your design and implementation.
Test driven development is seductive; who wouldn't want to have all those automated tests in order to check changes to their code? However, I find it hard to put into practice. When requirements change frequently (which XP is supposed to be geared towards) it's hard to complete the tests much less complete the code before we're asked to change something, and changing even a small piece of code often requires changing a lot of tests. If you can offer any suggestions about how to improve that, I'm all ears.
Pair programming, on the other hand, is something that I wish I could have done when I was fresh out of school and not really as smart as I thought I was. It seems like an effective way to show the newer programmer how the veteran does things, both in the code and in how the day is scheduled.
Just think about how many xterms you could fit without overlapping on a display like that. Of course it would have to be 8 feet wide, but I'm not complaining.
A desktop-style mail client can read messages from the IMAP server running in my closet. I'm pretty sure Gmail and Yahoo! Mail Beta don't do that, though they could if they wanted to.
It is true that the United States interferes too much in world affairs. Sometimes, though, foreign military intervention is desirable, and in this case, Al-Qaida declared war against the United States as a direct result of the Persian Gulf War. Should the United States have allowed Saddam Hussein to keep Kuwait and threaten Saudi Arabia and the world economy? (It is, after all, about oil.)
Yes, a reasonable person would not have done lots of the things that the United States has done. There are many deplorable things that we condemn and there are many more questionable things that the US would be wise to reconsider. But would avoiding those things prevent us from being a target of terrorism? When I consider this batch of terrorists, I'm not convinced.
That's the theoretical side. Theoretically, if the US had been isolationist for the last 50 years, we might or might not be in a better situation now, but that's not the case. So, complaining about the past is only useful to the extent that it leads us to what should be done now. What should be done now?
In the last couple years, my parents and in-laws (but strangely not I; maybe it's an age thing?) have started getting lots of automated political messages right before elections. Yesterday there was a primary election and they each had 6+ automated messages from various politicians asking for their vote left on their answering machines Monday night.
Just because the rest of the democratic world does fine with manual voting doesn't mean that Americans don't need their hands held.
It sounds like a prepackaged, consumer-oriented system would best meet your needs. I recommend looking into Tivo. The new Series 3 looks like it will be quite nice.
The article didn't indicate which, but I hope lossless is an option. I'm excited about this technology. It could be one more building block for a glasses-and-PDA-based desktop replacement.
That's been my experience. Maybe at some smaller schools it's not the case, but various statistics claim that a quarter of freshmen drop out after one year and 50% of incoming freshmen eventually graduate in 6 years or less. Lots of kids just can't handle the responsibility of living away from home and party instead of studying.
Elite schools prize their reputation; they want all but the best to drop out well before graduation. (They try to only admit the best in the first place, but that's hard.)
I wish good processes were as easy as good breathing. If proper documentation occurs at your place of work, don't take it for granted.
That is a good way to state it. The submitter's question is this: having done that, and recognizing that disaster is about to occur anyway, what do I do?I am - from the United States. If CYA were ineffective, there wouldn't be so many people doing it. Sometimes, documenting an accurate prediction works to one's benefit.
I believe that most people in the submitter's position are salaried. Despite that, though, "overtime" is not a solution -- it simply makes things less bad. The problem/goal is that the employee would rather be doing other things (be they regular duties or putting out other fires). There is insurance against unplanned overtime: contingency planning.
I hope so! Documentation of risk is important, and leaving a bad situation for a better one is a valid strategic move.
Losing one's job, even with unemployment insurance, is not a best-case scenario. If you believe the sky is about to fall, why wait until it actually does before getting a new job?
There are two ends that your analysis misses:
1) avoid becoming the fall guy when one of the risks inevitably occurs (documentation)
2) minimize one's personal workload when one of the risks inevitably occurs (quit; see below for more options)
In the submitter's scenario, it appears that management does not understand these particular risks enough to make an educated decision about where to set their risk tolerance. The submitter's question is this: "Disaster is imminent. What do I do?" "Align your risk expectations with management's" doesn't solve the problem.
Some things can be done. Security improvements can be bundled along with "upgrades". Fallback plans for when management panics and says "do something" can be made. Good backups can be kept. Backup restoration procedures can be tested. Case studies of similar organizations that experienced these particular risks can be brought to management's attention.