I believe you'll find even the previous 14 days was the longest period of detention without charge allowed anywhere in the first world; so the news stories floating around at the time of the vote were saying, anyway.
28 days was an absurd result, neither sticking on the point of principle, nor caving in to the demands of security services (who strangely said that 28 days rather than 14 wouldn't help, but 90 would, though of course they can't tell us why for national security reasons).
You're more likely to persuade people to vote for you than fight for you.
Unfortunately, as the UK system so kindly demonstrated a few months ago, a "democracy" can still be a place where winning the support of only 22% of the population eligible to vote (and only thirtysomething percent of those who actually did vote), not to mention losing the popular vote in the largest single country in the union (England), is still enough to get you a comfortable absolute majority in parliament, with which you can pass any laws you want (assuming they even need new laws, rather than conveniently circumventing parliamentary scrutiny as this measure has, and assuming that your own party don't finally give in to the truly absurd and rebel against you for the first time in three administrations, only to cave in on the overall principle half an hour later anyway).
That is very debatable. The speed limits here in the UK are now so absurd in many places that the vast majority of motorists exceed the limit, yet no accidents ever result (literally; speed limits have been dropped on roads that haven't had even a minor injury accident in a decade).
This is just another power play by Blair's dictatorship and his ever more draconian Home Secretaries, right along with ID cards for everyone, the National Identity Register, electronic strip searching on the way onto the London Underground, the RIP Act, detention without trial for as long as they can get away with, installing CCTV everywhere (yes, we're still the most spied-upon nation in the world), reversing the burden of proof and/or attempting to do away with jury trials for increasing numbers of cases...
All of these things, of course, are "justified" by arguing that they increase national security, help to prevent crime, or otherwise benefit Joe Public. Unless he's in the wrong place at the wrong time, in which case he loses his benefits because some junior staffer in a government office mistyped one number out of 1,000 they entered that day into the master database. Or the ANPR system misreads a number plate, and sends him a fine for doing the physically impossible, which he then has to challenge in court after several weeks of concern, with no compensation for the time wasted or grief caused. Or his daughter's the one being rendered naked for the pervert watching the screens at the Underground station. Or he's late for the train, and since he ran through the screen he's obviously a terrorist so they shoot him dead. Or he's black, old, bald, young, or a registered member of an opposition political party, the biometric recognition doesn't work, and he's held for three months as a suspected terrorist on the whim of a senior politician, by which time he's lost his job, his home, and the trust of all his family and friends, not to mention the ability to challenge the statements of absolute fact issued by our political leaders (and I use the term loosely, since they didn't even win the popular vote in England, never mind an overall majority that might justify their absolute control of parliament, not that this particular abuse ever went before parliament) to justify all these Big Brother efforts.
I used to think the tin foil hat brigade were eccentrics. In recent years, looking at the direction New Labour have taken our government, I think the sooner we have a written constitution and a constitutional court above parliament and answerable only to the public, the better.
Let's hope so. With a bit of luck, this case will demonstrate the idiocy of both draconian copy protection mechanisms and draconian anti-copying laws. If it becomes Sony vs. Microsoft, there will be a big, high profile case with both sides sending zillions of lawyers at each other and zillions of lobbyists at the government, ultimately with no winning option for either side since any outcome will hurt their corporate interests in the longer term even as it protects them in the short term. The government can't suck up to both parties forever, and public opinion is bound to sway against things like the DMCA, DRM, and so on the longer it goes on.
Microsoft(!) declared Sony's XCP software to be malware, and said they'd remove it in the forthcoming December update of the Malicious Software Removal Tool, as it violated "objective criteria". Check out the MS Anti-Malware team's blog for more fun.
<obligatory> And I submitted this yesterday, but apparently the editors didn't think it was worth mentioning, instead going for a dubious LGPL angle that was debunked in at least two previous discussions. <sigh/> </obligatory>
Sorry, my mod points just ran out, or you'd have been (+1, Insightful).
Speaking of moderation, the fact that a post quoting the phrase "modularization and encapsulation of cross-cutting concerns" was modded (+1, Informative) is itself (+1, Funny).:-)
Maybe it's just me, but I've never appreciated what's supposed to be so great about aspects. Yes, it might be useful to be able to introduce some debugging diagnostics at the start and end of every function automatically. We use a pretty powerful instrumentation system in our code at work, but having to stick a macro at the start of every function to make it work is tedious (though hardly the end of the world).
But what else is it good for? I've looked into AOP a couple of times now out of curiosity, made the effort to read some of the background papers, and now placed it firmly on the level of so-called extreme programming: much hype, toy examples, few to zero real world case studies showing measurable benefits. I haven't read every single post in this discussion yet, but probably the majority, and I've yet to see anything other than the same old example (or thinly disguised variants of it) repeated ad nauseam. Maybe one of the AOP advocates can tell me what I'm missing?
Disclaimer: I'm as sceptical as the next guy about having any big organisation collecting massive amounts of data about some area of the Internet, and Google are clearly the biggest potential abusers of that information.
However, right now the text that appears for a web site I help to run if you find it in Google isn't written by either Google or us, it's written by some anonymous editor at DMOZ. Those editors are notorious for not giving a damn what the webmasters of sites they link to (or don't link to, or link to but misleadingly) think; indeed, we have been blocking all referrals from DMOZ with a 403 since they rejected an update request that by their editor's own admission was in both their readers' interests and ours.
Moreover, whether or not you're listed on DMOZ seems to have an absurd effect on your site's PageRank. It would be a welcome change for Google to construct their index independently, using only their own analysis of relevant factors directly related to the site in question, rather than relying on outside sources with dubious ethics.
Well, obviously DoubleClick are evil. Google do no evil, so this time it's completely different, and it's OK to run someone else's JavaScript on your web site.
Even if its a constant 20% hit in all the other functions, we're talking about a 4% overall performance decrease, which is insignificant.
I understand what you're saying, but I think you're still missing my point. This is just one trivial but routine efficient coding practice, and you've just demonstrated that if a lot of your functions are simple things working on moderately complex data, the overhead of not doing it can be as high as 10%, all because of a stubborn insistence that no optimisation should occur until the end of the project and without the guidance of a profiler, even where it's a well-known and universal good practice that requires a mere seven extra keystrokes. (You're ignoring the hit on the stack in this case, BTW; if any of your functions are recursive, sloppy parameter passing is a crash waiting to happen in C++, too.)
What I'm obviously not conveying very well here is that this is only one example of the impact of following lazy coding practices throughout a project. What if many functions inhibit things like the named return value optimisation, something that's all too easy to do if you just write code completely naturally, but often very easy to fix if you understand the implications of the code you write? There go another few percent. Now suppose you have a lot of classes that have member functions performing relatively simple calculations, but you do those calculations every time the function is called rather than caching the results? That's a few percent more. And so it goes on, eating away at performance one little piece at a time, using a little unnecessary memory because a few more KB can't possibly matter in a machine with RAM capacity counted in GB.
As I said before, I agree with you that in isolation such carelessness is unlikely to be a major problem if the area of code where it happens isn't called repeatedly, but the point is that it all adds up. A little here, a little there, and now your program runs twice as slowly, or uses 5x the RAM, and eventually, you get the sort of absurd bloat that I mentioned elsewhere in this discussion, and no profiler on the planet will help you undo the damage. This is the result of assuming there's no need to think about performance until the very end, and IMHO it's a most unwelcome one.
I would tell a C++ programmer that worrying about a bit of extra data copy in the function call is generally useless. It's really not that expensive unless your structs are monstrously large. [...] If, after profiling, you find that this is a problem, use the passing style on those few functions that the profiler points out. Doing it for everything else is useless.
The thing is, that's not true. In isolation, it might be, but the overhead of passing a data structure that is a few words of memory by value becomes significant if your function is called from inside a loop, and potentially horrible if you do it routinely throughout your program.
The kicker is, profiling won't help you here. Lazily using pass-by-value where pass-by-const-reference would suffice will not cause a huge hit in one function, it will cause an x% hit in all the affected functions, and a profiler won't help you with that. The approach you advocate systematically reduces performance across the whole application, for absolutely no benefit in maintainability or readability, just a saving of a few keystrokes and some basic knowledge of how C++'s object model works.
In other words, this is exactly why the "premature optimization is evil" argument is fundamentally flawed.
Yes, but planning for performance from the start doesn't mean optimizing from the start. It means designing good algorithms and implementing them without any grossly stupid performance mistakes. Optimization can happen after implementation, where profiling shows the need for more hand-tuning.
But the sort of issue I mentioned above isn't a fatal mistake in one place. It's more like death by a thousand cuts. And again, no post-processing with a profiler and hand-tuning will fix a system that is inherently slow because of such lazy coding practices.
It's a scale, but one very biased towards high-level optimizations. Compilers do an excellent job of the low-level stuff.
No, they really don't, at least not in many common languages such as C++ or Java. Just take a look at the assembly output from even quite simple functions: while the opcodes are generally well-ordered, a whole heap of slightly higher-level stuff gets missed, often because these languages aren't expressive enough for the compiler to appreciate what is possible. Highly portable compilers, such as GCC, are particularly vulnerable to this; the code from something specialised like Intel's compiler is usually far better at low-level optimisations.
Sometimes, there are problems with compilers being a little too clever with their low level assumptions, too, as anyone who works with serious floating point maths can no doubt testify. Compilers, and indeed the programming languages we ask them to compile for us, aren't yet sufficiently clever to do this all by themselves. Once again, I stand by my claim that assuming that they are, and that a final profiling and hand-tuning phase is sufficient, will leave you well behind the leading edge in performance-sensitive applications.
Premature optimization is evil. Everybody says this, but so many people do not take it to heart.
Not quite everyone says that. While I agree with the general principle, premature pessimization is the root of naff code, particularly when insufficient allowance is made for fixing it up once the code is working correctly but slowly.
Consider, for example, passing a large bit of data as a parameter to a function. In languages that use pass-by-reference semantics, this will typically be cheap. In languages that use pass-by-value semantics, this will typically be expensive. In C++, you have a choice, but the natural (that is, default) is by value. Would you tell a C++ programmer not to use const-reference parameter types from the start, because it's a premature optimization?
In some types of software, you simply have to plan for performance from the start. Obviously algorithmic improvements make more difference than anything else, but even so, there's a scale between large-scale algorithm and data structure changes and assembly-level micro-optimisation, not a switch. If you write all your code to be beautifully maintainable, yet fail to consider the continuous nature of this scale from the start, you will never catch up with those who did, no matter how much time you invest in micro-optimisations at the end of the project.
This is the compiler's job. If your compiler targets a particular processor poorly, get a better compiler.
That's true, of course, but the compiler can only be as good as the language it's compiling permits.
In higher level languages, you can express design intent more completely than you can in lower level languages. C isn't a high level language, it's a portable assembly language. That's a role it plays very well, but as long as programmers are writing in C, the compiler will have to deal with aliasing, for example. In a higher level language, perhaps the compiler could deduce exactly where a specific piece of data would be accessed, know that there won't be any aliasing, and optimise accordingly.
That's a rather specific optimisation, but more generally, think of compiling for architectures that have multiple processors, dual-core chips, hyper-threading, or some other form of true parallel execution. If your program is written in C, or C++, or Java, it's going to be hard to take advantage of that extra processing ability without touching the code to give the compiler a hint. On the other hand, in many declarative programming languages, it's entirely possible that the compiler could analyse the data flow, find independent paths, and assign them to separate threads on separate (pseudo-)processors algorithmically, without any further help from the programmer.
So, while it may be possible to write somewhat portable code in any language above assembly, the degree of portability you can have, and the degree to which a compiler can help you with it, will always be limited by the expressive power of the programming language itself.
Yes we now can have 2^32 bytes of memory in computers (4GB). But WTF is anyone going to do with 2^64 bytes of ram?
I don't know. Then again, ten years ago, if you'd told me that an e-mail client or web browser would require tens of megabytes of memory just to load, or it would require over 100MB just to store the quick start-up code for an office application, I'd have laughed. Right now, that's exactly what Firefox, Thunderbird and OpenOffice 2.0 are claiming on the PC where I'm writing this.
Actually, I'm still laughing, because that says more than words about the design of those applications and the tools used to compile them. But the applications have expanded to fill the space nevertheless.
The Intel x86 ISA allows non-aligned memory accesses...
Yes, it does, but they're significantly slower than optimally aligned accesses. Why do you think good C and C++ compilers on Intel boxes still add padding to structures, even where it's not strictly required to access the members concerned?
Yep. I just disable auto-run on all CD drives on any PC I set up these days. If I really want an auto-run to do its thing, it's not difficult to do it manually. OTOH, most of the time, I don't, so why worry about funny keyboard behaviour?
"...We will firewall it at your PC... --Steve Heckler, Sony senior VP, 2000
No, you won't, because it's my PC and I'm much better at this than you are. Right now, as it happens, I don't copy your music illegally because I have enough respect left for what copyright law should be that I choose not to break it. Don't mistake that choice for lack of ability to circumvent your toy protections, infringe your copyrights, and get away with it, if I ever decide that's a more ethical course of action. -- Me, 2005
It makes perfect sense. Of course, if the kind of infrastructure that needs to remain functioning for a nation's survival is even accessible from the Internet, you have far bigger problems than Sony screwing up an audio CD.
But why do people put heavy desclaimers when giving legal opinion?
Because in many jurisdictions, offering certain types of advice (typically legal, financial or medical) as if you're knowledgable on a subject, but without the professional qualifications, insurance etc. to match, can get you in a whole heap of trouble if the advice turns out to be wrong. There's nothing wrong with discussing these issues anywhere, AFAIK, as long as it's clear that it's a personal opinion and not professional advice.
AIUI, the disclaimers are actually more relevant for those who are practising professionals. For example, if a lawyer gives some general legal advice randomly on the Internet, they probably wouldn't want it to be treated the same way as advice they gave in confidence to a client whose exact situation they knew. A couple of fairly regular Slashdotters have a sig that says something like "I am a lawyer, but I'm not your lawyer, and this is not my legal advice to you".
Of course, the most important disclaimer is that if you get your legal advice from Slashdot, you probably deserve whatever consequences befall you anyway...
To prevent untrusted ActiveX controls from running requires non-default browser settings. And the settings are not lockable.
So set them up, and trust that any user competent enough to change them back knows not to run the offending control. You're looking for a technological solution to sociological problem, and despite the wishful thinking of many sysadmins, Edward's Law is pretty clearly winning right now.
To prevent a virus from "pamelasbreasts.jpg.vbs" requires non-default file type settings. Which are also not lockable.
Ditto.
Yes, I have been a victim of a security flaw in an application. That application is Outlook. The security flaw is the preview pane.
So use a better e-mail client. There must be at least 20-30 commonly available ones for Windows that you could use instead. The fact that you choose to run dubious software without doing your homework isn't a flaw in Windows, it's a flaw with your choice of software.
Why doesn't the Microsoft OS have code that says "Hmmm, why is this process, spawned from an email application, trying to muck with the registry...."
Perhaps you could give us an example where another OS undermines the requests of another piece of software to access generic system data? If I run $MAIL_CLIENT on Linux, receive a mail with an executable attachment, and run that attachment, and the executable then forwards my entire e-mail archive to everyone in my address book, is that Linux's problem?
A fully patched and up to date Windows systems (with an anti-virus package and firewall) is not enough to secure a system.
I didn't say it was. Having a clue how computers work and doing a little basic homework before connecting expensive equipment to external sources is kinda fundamental too. Until you realise that, your systems will be vulnerable no matter what OS they run.
Windows is inherently vulnerable. I consider that a fact.
OK, I'm convinced. Why don't you just skip the supporting reasoning and save us both a few minutes next time?
I've recently had fully patched and up to date Windows systems (with an anti-virus package and firewall) get spyware loaded on them via Active X.
What were you doing allowing ActiveX controls from untrusted sources to run in the first place? You had several chances to prevent that, and if you missed them all, you're unqualified to comment in this discussion.
In the past, I've had fully patched and up to date Windows systems (with an anti-virus package and firewall) get a virus before the my anti-virus vendor had a signature for the virus.
Wow, that's amazing! A virus just installed itself on your system, with no help from you? What did you do, click where it said "pamelasbreasts.jpg.vbs" in the e-mail from "Your Friend"? Assuming we're talking about a recent and fully patched version of Windows, it's hard to see how else a virus could have found its way onto your system if you had even a basic firewall configured properly. Again, if you can't do that, you're unqualified to be in this discussion. (Of course, you could genuinely have been the victim of a new security flaw in an application you used, but that could happen on any platform with a connection to the outside world.)
To say that it only happens to clueless people with unpatched machines is a lie.
It might not be 100% true; I can't possible know, and neither can you. However, it is 100% true among the examples I've seen in recent years.
If that makes you think I'm a Microsoft fanboy, that's really too bad. It's just an objective assessment of my own experience. As you can see from my numerous past posts about Microsoft, I'm just as happy to criticise them when they get something wrong, but in this case, I happen to think that a lot of the criticism they get is unfounded.
Exactly. More than that, a "portability layer" is just a handy term for a specific example of modular programming, which is good practice as a general principle anyway. If your code is constructed from carefully separated subsystems with well-planned interfaces and a layered structure internally, portability pretty much becomes the default, because it's little more than "adapting the stuff in the bottom layer".
My own experience has been that it has very limited utility in real-life ie. corporate IT. [...] But I can see how this might be useful for somebody doing systems level programming (assuming there are still such jobs in the IT industry in the US, of course...)
I think perhaps your definition of "real-life" is a little limited. As well as systems applications, you have to consider mathematical and scientific applications (numerous, and often run on diverse platforms), engineering and instrument control applications (ditto), CAD/CAM/CAE (ditto), and various related fields. Not everything is a web app or a database.
Really, do you think MS' lawyers would write a contract that wasn't legally binding because of a blatant technicality like that?
I don't know (/me glances at several common EULA terms) but it seems likely that there's more to this story than Microsoft telling someone off and that someone automatically signing away some rights in a legally binding agreement without any real compensation. What aren't we seeing here yet?
The problem is, the vast majority of Windows-based attacks exploit vulnerabilities for which a patch has been available for a long time but not installed. A fully-patched Windows system, running basic security software like an anti-virus package and firewall, is also not vulnerable to these worms and viruses we keep hearing about. My home PC runs Windows, has done for years, and yet has never (to my knowledge) had any sort of virus, worm, spyware or other crap on it. How did that happen, if Windows is so inherently vulnerable?
The answer, of course, is that I have a clue how to set up and use a computer securely. It doesn't really matter whether it's Windows, Linux, OS X or otherwise. Equally, someone who doesn't patch their system regularly (if only by following Microsoft's recommended practices and allowing auto-update to do it for you, for those not knowledgeable enough to handle it themselves) is going to get screwed whether they're using Windows, Linux, OS X, or whatever, because they'll be the people running the vulnerable Linux configuration you cited.
Windows isn't great, and yes it certainly does have some daft security practices, but it's hardly the automatic suicide bid that Microsoft bashers make it out to be, nor are other operating systems and their associated cultures immune (despite half the Linux fanboys around here apparently believing that because they don't run everything as root, they're immune to all attacks).
I believe you'll find even the previous 14 days was the longest period of detention without charge allowed anywhere in the first world; so the news stories floating around at the time of the vote were saying, anyway.
28 days was an absurd result, neither sticking on the point of principle, nor caving in to the demands of security services (who strangely said that 28 days rather than 14 wouldn't help, but 90 would, though of course they can't tell us why for national security reasons).
Unfortunately, as the UK system so kindly demonstrated a few months ago, a "democracy" can still be a place where winning the support of only 22% of the population eligible to vote (and only thirtysomething percent of those who actually did vote), not to mention losing the popular vote in the largest single country in the union (England), is still enough to get you a comfortable absolute majority in parliament, with which you can pass any laws you want (assuming they even need new laws, rather than conveniently circumventing parliamentary scrutiny as this measure has, and assuming that your own party don't finally give in to the truly absurd and rebel against you for the first time in three administrations, only to cave in on the overall principle half an hour later anyway).
Constitution or revolution, place bets now.
That is very debatable. The speed limits here in the UK are now so absurd in many places that the vast majority of motorists exceed the limit, yet no accidents ever result (literally; speed limits have been dropped on roads that haven't had even a minor injury accident in a decade).
This is just another power play by Blair's dictatorship and his ever more draconian Home Secretaries, right along with ID cards for everyone, the National Identity Register, electronic strip searching on the way onto the London Underground, the RIP Act, detention without trial for as long as they can get away with, installing CCTV everywhere (yes, we're still the most spied-upon nation in the world), reversing the burden of proof and/or attempting to do away with jury trials for increasing numbers of cases...
All of these things, of course, are "justified" by arguing that they increase national security, help to prevent crime, or otherwise benefit Joe Public. Unless he's in the wrong place at the wrong time, in which case he loses his benefits because some junior staffer in a government office mistyped one number out of 1,000 they entered that day into the master database. Or the ANPR system misreads a number plate, and sends him a fine for doing the physically impossible, which he then has to challenge in court after several weeks of concern, with no compensation for the time wasted or grief caused. Or his daughter's the one being rendered naked for the pervert watching the screens at the Underground station. Or he's late for the train, and since he ran through the screen he's obviously a terrorist so they shoot him dead. Or he's black, old, bald, young, or a registered member of an opposition political party, the biometric recognition doesn't work, and he's held for three months as a suspected terrorist on the whim of a senior politician, by which time he's lost his job, his home, and the trust of all his family and friends, not to mention the ability to challenge the statements of absolute fact issued by our political leaders (and I use the term loosely, since they didn't even win the popular vote in England, never mind an overall majority that might justify their absolute control of parliament, not that this particular abuse ever went before parliament) to justify all these Big Brother efforts.
I used to think the tin foil hat brigade were eccentrics. In recent years, looking at the direction New Labour have taken our government, I think the sooner we have a written constitution and a constitutional court above parliament and answerable only to the public, the better.
Blockquoth the AC:
Let's hope so. With a bit of luck, this case will demonstrate the idiocy of both draconian copy protection mechanisms and draconian anti-copying laws. If it becomes Sony vs. Microsoft, there will be a big, high profile case with both sides sending zillions of lawyers at each other and zillions of lobbyists at the government, ultimately with no winning option for either side since any outcome will hurt their corporate interests in the longer term even as it protects them in the short term. The government can't suck up to both parties forever, and public opinion is bound to sway against things like the DMCA, DRM, and so on the longer it goes on.
Microsoft(!) declared Sony's XCP software to be malware, and said they'd remove it in the forthcoming December update of the Malicious Software Removal Tool, as it violated "objective criteria". Check out the MS Anti-Malware team's blog for more fun.
<obligatory> And I submitted this yesterday, but apparently the editors didn't think it was worth mentioning, instead going for a dubious LGPL angle that was debunked in at least two previous discussions. <sigh/> </obligatory>
Sorry, my mod points just ran out, or you'd have been (+1, Insightful).
Speaking of moderation, the fact that a post quoting the phrase "modularization and encapsulation of cross-cutting concerns" was modded (+1, Informative) is itself (+1, Funny). :-)
Maybe it's just me, but I've never appreciated what's supposed to be so great about aspects. Yes, it might be useful to be able to introduce some debugging diagnostics at the start and end of every function automatically. We use a pretty powerful instrumentation system in our code at work, but having to stick a macro at the start of every function to make it work is tedious (though hardly the end of the world).
But what else is it good for? I've looked into AOP a couple of times now out of curiosity, made the effort to read some of the background papers, and now placed it firmly on the level of so-called extreme programming: much hype, toy examples, few to zero real world case studies showing measurable benefits. I haven't read every single post in this discussion yet, but probably the majority, and I've yet to see anything other than the same old example (or thinly disguised variants of it) repeated ad nauseam. Maybe one of the AOP advocates can tell me what I'm missing?
Disclaimer: I'm as sceptical as the next guy about having any big organisation collecting massive amounts of data about some area of the Internet, and Google are clearly the biggest potential abusers of that information.
However, right now the text that appears for a web site I help to run if you find it in Google isn't written by either Google or us, it's written by some anonymous editor at DMOZ. Those editors are notorious for not giving a damn what the webmasters of sites they link to (or don't link to, or link to but misleadingly) think; indeed, we have been blocking all referrals from DMOZ with a 403 since they rejected an update request that by their editor's own admission was in both their readers' interests and ours.
Moreover, whether or not you're listed on DMOZ seems to have an absurd effect on your site's PageRank. It would be a welcome change for Google to construct their index independently, using only their own analysis of relevant factors directly related to the site in question, rather than relying on outside sources with dubious ethics.
Asketh the AC:
Well, obviously DoubleClick are evil. Google do no evil, so this time it's completely different, and it's OK to run someone else's JavaScript on your web site.
</sarcasm>
I understand what you're saying, but I think you're still missing my point. This is just one trivial but routine efficient coding practice, and you've just demonstrated that if a lot of your functions are simple things working on moderately complex data, the overhead of not doing it can be as high as 10%, all because of a stubborn insistence that no optimisation should occur until the end of the project and without the guidance of a profiler, even where it's a well-known and universal good practice that requires a mere seven extra keystrokes. (You're ignoring the hit on the stack in this case, BTW; if any of your functions are recursive, sloppy parameter passing is a crash waiting to happen in C++, too.)
What I'm obviously not conveying very well here is that this is only one example of the impact of following lazy coding practices throughout a project. What if many functions inhibit things like the named return value optimisation, something that's all too easy to do if you just write code completely naturally, but often very easy to fix if you understand the implications of the code you write? There go another few percent. Now suppose you have a lot of classes that have member functions performing relatively simple calculations, but you do those calculations every time the function is called rather than caching the results? That's a few percent more. And so it goes on, eating away at performance one little piece at a time, using a little unnecessary memory because a few more KB can't possibly matter in a machine with RAM capacity counted in GB.
As I said before, I agree with you that in isolation such carelessness is unlikely to be a major problem if the area of code where it happens isn't called repeatedly, but the point is that it all adds up. A little here, a little there, and now your program runs twice as slowly, or uses 5x the RAM, and eventually, you get the sort of absurd bloat that I mentioned elsewhere in this discussion, and no profiler on the planet will help you undo the damage. This is the result of assuming there's no need to think about performance until the very end, and IMHO it's a most unwelcome one.
The thing is, that's not true. In isolation, it might be, but the overhead of passing a data structure that is a few words of memory by value becomes significant if your function is called from inside a loop, and potentially horrible if you do it routinely throughout your program.
The kicker is, profiling won't help you here. Lazily using pass-by-value where pass-by-const-reference would suffice will not cause a huge hit in one function, it will cause an x% hit in all the affected functions, and a profiler won't help you with that. The approach you advocate systematically reduces performance across the whole application, for absolutely no benefit in maintainability or readability, just a saving of a few keystrokes and some basic knowledge of how C++'s object model works.
In other words, this is exactly why the "premature optimization is evil" argument is fundamentally flawed.
But the sort of issue I mentioned above isn't a fatal mistake in one place. It's more like death by a thousand cuts. And again, no post-processing with a profiler and hand-tuning will fix a system that is inherently slow because of such lazy coding practices.
No, they really don't, at least not in many common languages such as C++ or Java. Just take a look at the assembly output from even quite simple functions: while the opcodes are generally well-ordered, a whole heap of slightly higher-level stuff gets missed, often because these languages aren't expressive enough for the compiler to appreciate what is possible. Highly portable compilers, such as GCC, are particularly vulnerable to this; the code from something specialised like Intel's compiler is usually far better at low-level optimisations.
Sometimes, there are problems with compilers being a little too clever with their low level assumptions, too, as anyone who works with serious floating point maths can no doubt testify. Compilers, and indeed the programming languages we ask them to compile for us, aren't yet sufficiently clever to do this all by themselves. Once again, I stand by my claim that assuming that they are, and that a final profiling and hand-tuning phase is sufficient, will leave you well behind the leading edge in performance-sensitive applications.
Not quite everyone says that. While I agree with the general principle, premature pessimization is the root of naff code, particularly when insufficient allowance is made for fixing it up once the code is working correctly but slowly.
Consider, for example, passing a large bit of data as a parameter to a function. In languages that use pass-by-reference semantics, this will typically be cheap. In languages that use pass-by-value semantics, this will typically be expensive. In C++, you have a choice, but the natural (that is, default) is by value. Would you tell a C++ programmer not to use const-reference parameter types from the start, because it's a premature optimization?
In some types of software, you simply have to plan for performance from the start. Obviously algorithmic improvements make more difference than anything else, but even so, there's a scale between large-scale algorithm and data structure changes and assembly-level micro-optimisation, not a switch. If you write all your code to be beautifully maintainable, yet fail to consider the continuous nature of this scale from the start, you will never catch up with those who did, no matter how much time you invest in micro-optimisations at the end of the project.
That's true, of course, but the compiler can only be as good as the language it's compiling permits.
In higher level languages, you can express design intent more completely than you can in lower level languages. C isn't a high level language, it's a portable assembly language. That's a role it plays very well, but as long as programmers are writing in C, the compiler will have to deal with aliasing, for example. In a higher level language, perhaps the compiler could deduce exactly where a specific piece of data would be accessed, know that there won't be any aliasing, and optimise accordingly.
That's a rather specific optimisation, but more generally, think of compiling for architectures that have multiple processors, dual-core chips, hyper-threading, or some other form of true parallel execution. If your program is written in C, or C++, or Java, it's going to be hard to take advantage of that extra processing ability without touching the code to give the compiler a hint. On the other hand, in many declarative programming languages, it's entirely possible that the compiler could analyse the data flow, find independent paths, and assign them to separate threads on separate (pseudo-)processors algorithmically, without any further help from the programmer.
So, while it may be possible to write somewhat portable code in any language above assembly, the degree of portability you can have, and the degree to which a compiler can help you with it, will always be limited by the expressive power of the programming language itself.
I don't know. Then again, ten years ago, if you'd told me that an e-mail client or web browser would require tens of megabytes of memory just to load, or it would require over 100MB just to store the quick start-up code for an office application, I'd have laughed. Right now, that's exactly what Firefox, Thunderbird and OpenOffice 2.0 are claiming on the PC where I'm writing this.
Actually, I'm still laughing, because that says more than words about the design of those applications and the tools used to compile them. But the applications have expanded to fill the space nevertheless.
Yes, it does, but they're significantly slower than optimally aligned accesses. Why do you think good C and C++ compilers on Intel boxes still add padding to structures, even where it's not strictly required to access the members concerned?
Hmmm... Anyone wanna surreptitiously install software on Sony's office PCs to help them manage access to their corporate bank accounts?
Yep. I just disable auto-run on all CD drives on any PC I set up these days. If I really want an auto-run to do its thing, it's not difficult to do it manually. OTOH, most of the time, I don't, so why worry about funny keyboard behaviour?
No, you won't, because it's my PC and I'm much better at this than you are. Right now, as it happens, I don't copy your music illegally because I have enough respect left for what copyright law should be that I choose not to break it. Don't mistake that choice for lack of ability to circumvent your toy protections, infringe your copyrights, and get away with it, if I ever decide that's a more ethical course of action. -- Me, 2005
It makes perfect sense. Of course, if the kind of infrastructure that needs to remain functioning for a nation's survival is even accessible from the Internet, you have far bigger problems than Sony screwing up an audio CD.
Because in many jurisdictions, offering certain types of advice (typically legal, financial or medical) as if you're knowledgable on a subject, but without the professional qualifications, insurance etc. to match, can get you in a whole heap of trouble if the advice turns out to be wrong. There's nothing wrong with discussing these issues anywhere, AFAIK, as long as it's clear that it's a personal opinion and not professional advice.
AIUI, the disclaimers are actually more relevant for those who are practising professionals. For example, if a lawyer gives some general legal advice randomly on the Internet, they probably wouldn't want it to be treated the same way as advice they gave in confidence to a client whose exact situation they knew. A couple of fairly regular Slashdotters have a sig that says something like "I am a lawyer, but I'm not your lawyer, and this is not my legal advice to you".
Of course, the most important disclaimer is that if you get your legal advice from Slashdot, you probably deserve whatever consequences befall you anyway...
So set them up, and trust that any user competent enough to change them back knows not to run the offending control. You're looking for a technological solution to sociological problem, and despite the wishful thinking of many sysadmins, Edward's Law is pretty clearly winning right now.
Ditto.
So use a better e-mail client. There must be at least 20-30 commonly available ones for Windows that you could use instead. The fact that you choose to run dubious software without doing your homework isn't a flaw in Windows, it's a flaw with your choice of software.
Perhaps you could give us an example where another OS undermines the requests of another piece of software to access generic system data? If I run $MAIL_CLIENT on Linux, receive a mail with an executable attachment, and run that attachment, and the executable then forwards my entire e-mail archive to everyone in my address book, is that Linux's problem?
I didn't say it was. Having a clue how computers work and doing a little basic homework before connecting expensive equipment to external sources is kinda fundamental too. Until you realise that, your systems will be vulnerable no matter what OS they run.
OK, I'm convinced. Why don't you just skip the supporting reasoning and save us both a few minutes next time?
What were you doing allowing ActiveX controls from untrusted sources to run in the first place? You had several chances to prevent that, and if you missed them all, you're unqualified to comment in this discussion.
Wow, that's amazing! A virus just installed itself on your system, with no help from you? What did you do, click where it said "pamelasbreasts.jpg.vbs" in the e-mail from "Your Friend"? Assuming we're talking about a recent and fully patched version of Windows, it's hard to see how else a virus could have found its way onto your system if you had even a basic firewall configured properly. Again, if you can't do that, you're unqualified to be in this discussion. (Of course, you could genuinely have been the victim of a new security flaw in an application you used, but that could happen on any platform with a connection to the outside world.)
It might not be 100% true; I can't possible know, and neither can you. However, it is 100% true among the examples I've seen in recent years.
If that makes you think I'm a Microsoft fanboy, that's really too bad. It's just an objective assessment of my own experience. As you can see from my numerous past posts about Microsoft, I'm just as happy to criticise them when they get something wrong, but in this case, I happen to think that a lot of the criticism they get is unfounded.
Exactly. More than that, a "portability layer" is just a handy term for a specific example of modular programming, which is good practice as a general principle anyway. If your code is constructed from carefully separated subsystems with well-planned interfaces and a layered structure internally, portability pretty much becomes the default, because it's little more than "adapting the stuff in the bottom layer".
I think perhaps your definition of "real-life" is a little limited. As well as systems applications, you have to consider mathematical and scientific applications (numerous, and often run on diverse platforms), engineering and instrument control applications (ditto), CAD/CAM/CAE (ditto), and various related fields. Not everything is a web app or a database.
I don't know (/me glances at several common EULA terms) but it seems likely that there's more to this story than Microsoft telling someone off and that someone automatically signing away some rights in a legally binding agreement without any real compensation. What aren't we seeing here yet?
The problem is, the vast majority of Windows-based attacks exploit vulnerabilities for which a patch has been available for a long time but not installed. A fully-patched Windows system, running basic security software like an anti-virus package and firewall, is also not vulnerable to these worms and viruses we keep hearing about. My home PC runs Windows, has done for years, and yet has never (to my knowledge) had any sort of virus, worm, spyware or other crap on it. How did that happen, if Windows is so inherently vulnerable?
The answer, of course, is that I have a clue how to set up and use a computer securely. It doesn't really matter whether it's Windows, Linux, OS X or otherwise. Equally, someone who doesn't patch their system regularly (if only by following Microsoft's recommended practices and allowing auto-update to do it for you, for those not knowledgeable enough to handle it themselves) is going to get screwed whether they're using Windows, Linux, OS X, or whatever, because they'll be the people running the vulnerable Linux configuration you cited.
Windows isn't great, and yes it certainly does have some daft security practices, but it's hardly the automatic suicide bid that Microsoft bashers make it out to be, nor are other operating systems and their associated cultures immune (despite half the Linux fanboys around here apparently believing that because they don't run everything as root, they're immune to all attacks).