Keep I'm mind the company made a decision to use low paid drones and use them as the customer face of the company. They did do the right thing in the end but one should not have to appeal to the media to get proper treatment.
When I'm writing code I have two modes: Planning/Collab and hardcore coding. When it comes to planning/collab having an open space is great. Easy to interact, easy to work with others and everyone is heard. For hardcore coding it's time to be segmented away from others. Half walls don't work. Wearing earphones isn't enough. To be as productive as possible I need to concentrate using the ideas and plans from the planning/collab time to write my code.
It's as simple as that. Either have a small team room and individual workspaces free of outside distraction or get a transforming workspace of some kind. No need to listen to the seating experts spout something that 5 years ago was bad but somehow became good again (and will be bad again soon).
I currently work at a place what 'proudly touts' open floor plan for all IT developers. The end result is people really want to work from home when coding to avoid managers interrupting, PM's being PM's, smells of lunch (or worse), people on conference calls, etc..
Oh, and no round tables. It's a waste of space and people still are crowded.
For instance, SonicWall blocks phishtank. Yup, SonicWall blocks a site to help protect users against phishing by being able to check links against known phishing sites (http://www.stevemilner.org/blog/2010/01/20/sonicwall-silly/). The less technical the data owners are the less helpful the the rule sets are.
To be honest, this site in question does look like a phishing site and thus, if someone went to the site and knew what phishing was, they would most likely flag it if they did not click through (aka it isn't a verified phishing site but it sure looks like one at first glance).
Surprise, a company released a hosted service (in this case 'cloud computing') where they did not have well thought through security support. AWS is a hot bed of bad activity. So are many of the other cloud providers (to lesser degrees related to popularity of the service). It's going to get worse before it gets better so make sure your own infra is ready to deal with the attacks through blocking on the edge, host firewalls, IDS, whatever you deem is helpful for your setup... and don't be afraid to block outright and request the addition of the IP's to a public block list.
But that is just my $0.02.
Of course, someone *could* use an AWS account to send calls to her phone over and over.... but that would be bad:-).
There are number of people posting comments about how this isn't an issue since Apache's code is open. Let me outline a few possible issues even with the code being...
1. If Apache keeps non-released security information in their bug tracker it could end up being disclosed. Great if you want to get your hands on security issues before patches are released.
2. Private comments can be leaked out which are probably not meant for general consumption. Probably not a huge issue, but it depends on the content.
3. Many people use the same passwords everywhere -- and the same usernames. Any cracked accounts could prove quite useful.
On the flip side it goes to show that XSS and CSRF are, as many security (open and closed) groups note, are a major problem -- and are pretty easy to exploit. While it is not fun to have this occur it may wake up some engineers into seeing that 'if it can happen to Apache maybe we should take it seriously'.
I think the frustration is actually in some people not using the right tools for the job. I like NoSQL databases (specifically MongoDB), but I have not used them with anything I've written. Why? Because it wasn't the right tool for the job. I tend to use MySQL, Postgres or sqlite because it's so widely available and well known in how to administer. There are times that NoSQL will makes sense, it's just not the area I work in.
I do think we are going to continue seeing an uptick in NoSQL related things since many companies are fixated on "the cloud" while not really knowing what "the cloud" is (heck, no one still really, truly has a common definition of what it means...). Since NoSQL seems to be a popular tool, and "the cloud" is a popular buzz phrase CIO's/CTO's will likely be pushing their shops to utilize "NoSQL in the cloud". While large scale applications which don't require relational information and need fast syncing across many servers is good grounds for NoSQL, these "NoSQL in the cloud" instances will probably not actually fit that status.
I do agree that it will be a good thing when "NoSQL for everything" dies. Just like it was a good thing when "PERL for everything", "Java for everything" and "Ruby for everything" died, but let's not throw out the whole idea because a lot of people use it wrong.
I assume some social sites require you to be you by way of their terms or EULA... I guess they can get around that? I mean, it makes sense they would read public information but if they are using fake profiles without prior approval for a case it seems like something is going wrong...
"Gobby is a free collaborative editor supporting multiple documents in one session and a multi-user chat. It runs on Microsoft Windows, Mac OS X, Linux and other Unix-like platforms. "
It is GPL, easy to use and lets you code together very rapidly.
http://gobby.0x539.de/trac/
From a technical point of view I'm sure your right but remember, Oracle is not really about the technology. For Oracle it's about the cash. Think of Oracle like a rapper and Sun like, well, a nerd. The nerd is smart but but in the end he will get slaughtered by the rapper, yo!
Really though, technically better doesn't mean a company will back it esp when it means backtracking on previous 'we are better than they are' comments.
... before yet another worm sweeps the internet this time sending email with random sized attachments to people eating up capped bandwidth or some other scheme that could make average users feel the pain of the caps.
Before TW moves a few miles this way with their caps I'll find another company to go with, even if it means I have to pay more to keep the same level of service I get today.
Even though it probably will make no difference I will be sending them an email stating I will move to another provider if they cripple my service under caps.
Good point. Though I bet a lot of the large companies are very close to the same compensation as small companies at this point as they are trying to cope with their inefficiencies. On top of that a lot of large companies have huge business divisions with all sorts of shiny ideas that don't work that they try over, and over, and over... and big companies tend to allow it because they can absorb it... or at least they use to be able to!
A coworker explained that in business school they were taught there is no such thing as a wrong business decision.... when you fail, do the same thing again with different people. Hopefully that kind of thinking will be revisited.
There has been a steady but rising flood of semi-skilled people getting into IT increasing the size of IT shops... and generally their cost. I don't like to see people lose jobs, but in some cases shrinking IT is really, really good. I don't want to work with 50 so-so or worse developers or sysadmins... but I'd be more than happy to work with 10 stellar engineers/admins. Same goes with management. Speaking with some friends this past year it almost seems there has been a popular trend in adding layers of management for the sake of reporting structures (group A reports to manager who reports to manager who reports to director who reports to....). In a lot of cases that is just cruft that is not needed that increases cost for little to no gain.
Then again, I've seen the definition of IT being stretched to include positions that have nothing to do with Information Technology.
Your right about sales... for sure it is not IT. Data folks can be... it depends on how an organization is structured and at what level (IE: are they schema and reporting administrators or guy who looks at data in an application). Same thing goes with engineers. A lot of companies consider things like web applications the domain of IT so web engineers are in the IT departments.
Short answer, make the code as clean and speedy as you can, then any extra hardware needed is an obvious request.
Long answer... a lot of people don't think about the other costs. I am a software engineer and, for a while, the group I was in was under an 'operations' org. What I learned was that it's more than hardware, it's also the costs of administration of the hardware (when it breaks, when it's acting up, etc...), the underlying OS (security updates, audits, monitoring, etc..), power/cooling consumption, and the cost of spreading the operational (generally system administration) team X more thin.
There is a middle ground. If your worried about C++ being to slow then your probably worrying to much (or need better engineers):-). If your thinking that writing your shiny new app in jruby on top of java inside of an application server, running on top of the CLR then, yeah, 'hardware' becomes expensive and pretty quickly. If you go with proven languages (C, C++, etc..), currently popular languages (Java, C#, PHP, etc..), or up and coming languages (Ruby, Python, Erlang, etc..) your trade off's should be sane (assuming the developers don't take all the short cuts then can to increase hardware).
Really. I mean that... and remember that whatever you decide you like now may not be what you like 5 years from now.
For me, I like Python quite a bit. As someone who use to write Java back when it was the hot language Python let me do what I wanted to do without having to define lots of boilerplate or worry about VM implementation differences, etc... It also was portable... VERY portable (no more System.gc tricks to avoid VM bugs on some platforms).
I also think C is a great language to know even if you don't have much reason to use it right now. Seems like a lot of languages themselves use C (Python is written in C, so is Java... I think). If you know C you'll have a good basis for programming and a good understanding of memory management (which most higher level languages take care of for you).
If your looking for specifics here is my $0.02 (not in any order):
Web (Open Source or Small-Medium Company): Ruby, Python, PHP, Mono Web (Open Source/Closed Source or Large Company): Java, C++, Mono, Python Desktop (Open Source or Small-Medium Company): C, C++, Ruby, Python, Mono Desktop (Open Source/Closed Source or Large Company): Java, C, C++, Ruby, Python, Mono
This coming from Google? That surprises (and scares) me. I don't know how something like that would get through a QA process unless the QA process was rushed... oh no, please don't become like almost every other software company out there Google!:-/
I more or less agree. Java really is the language of the now... and it's a huge language. The problem with picking it up this late in it's life is that by the time your marketable with the language you will probably only be working on legacy upkeep applications.
Learning Java is a good thing, but like John said pick up Ruby or Python to be marketable in the future (or Erlang as it seems it's getting some steam as well), and Java so that you can understand this gen's applications.
Book wise I've heard "Head First Java" is quite good (though it is probably out of date). I personally liked the books directly from Sun. I also recommend you look at Java security as there are a lot of folks who can write Java, not very many who can write Java in a secure manor (or so it seems from experience).
Hopefully. I'm sure it will put pressure on them to do so... if they do the right thing or not is up to them. I personally think in this specific space it has been easy for open source companies to keep this software closed. Now that one of the bigger FLOSS companies decided enough was enough it would be great to see some competition with other FLOSS software.
Though honestly I don't think it will make Canonical release a FLOSS version of Landscape, at least not any time soon. Take a look at https://bugs.launchpad.net/launchpad/+bug/50699. While I think launchpad is one of the best bug/code/etc.. systems out there, it's not FLOSS. The reasons for that seems to be:
1. Mark doesn't have a revenue model for launchpad and this open sourcing the code would put his developers out of work (at least that is what it seems he is saying). 2. It's a 'hosted solution' so it doesn't need to be open source.
My assumption is that the same views would be extended to Landscape and other hosted applications.
Really. When I'm looking to hire new folks I'm more interested in what they have done in the past. Open Source projects are things I look at heavily as I can see the code and the success (or lack) of the project, how committed they are to projects, how they work (or don't) with others, and that they actually like hacking on stuff.
I've really found college education means almost nothing when hiring from the technologist's point of view. I've interviewed lots of people and the range of skills that college grads, 'good' college grads, and non collage grads have is next to nothing. In fact I've found that if you hire a college graduate your only really ensuring the person can create boilerplate code/ideas no matter what college... anything more than that comes from the love of hacking/administering/etc..
On the flip side HR does tend to care... and to what college. Candidate A graduated from Berkley while Candidate came from Polk Community College. Candidate A looks much better. The fact may be (and really there is a 50% chance here of it) that Candidate B is better than A... but on paper it doesn't seem that way.
Bottom line is it depends on where you want to work. You want to work in IT at a hospital... go to a college with a good name. Want to work on cool stuff at a tech company? Get some projects under your belt and, if you can, just finish at a college.
Slashdot Mirror
Keep I'm mind the company made a decision to use low paid drones and use them as the customer face of the company. They did do the right thing in the end but one should not have to appeal to the media to get proper treatment.
The storm won't be a problem. Quetzalcoatl will be here.
It happened again since the 8th: http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html
When I'm writing code I have two modes: Planning/Collab and hardcore coding. When it comes to planning/collab having an open space is great. Easy to interact, easy to work with others and everyone is heard. For hardcore coding it's time to be segmented away from others. Half walls don't work. Wearing earphones isn't enough. To be as productive as possible I need to concentrate using the ideas and plans from the planning/collab time to write my code.
It's as simple as that. Either have a small team room and individual workspaces free of outside distraction or get a transforming workspace of some kind. No need to listen to the seating experts spout something that 5 years ago was bad but somehow became good again (and will be bad again soon).
I currently work at a place what 'proudly touts' open floor plan for all IT developers. The end result is people really want to work from home when coding to avoid managers interrupting, PM's being PM's, smells of lunch (or worse), people on conference calls, etc..
Oh, and no round tables. It's a waste of space and people still are crowded.
For instance, SonicWall blocks phishtank. Yup, SonicWall blocks a site to help protect users against phishing by being able to check links against known phishing sites (http://www.stevemilner.org/blog/2010/01/20/sonicwall-silly/). The less technical the data owners are the less helpful the the rule sets are.
To be honest, this site in question does look like a phishing site and thus, if someone went to the site and knew what phishing was, they would most likely flag it if they did not click through (aka it isn't a verified phishing site but it sure looks like one at first glance).
Surprise, a company released a hosted service (in this case 'cloud computing') where they did not have well thought through security support. AWS is a hot bed of bad activity. So are many of the other cloud providers (to lesser degrees related to popularity of the service). It's going to get worse before it gets better so make sure your own infra is ready to deal with the attacks through blocking on the edge, host firewalls, IDS, whatever you deem is helpful for your setup ... and don't be afraid to block outright and request the addition of the IP's to a public block list.
.... but that would be bad :-).
But that is just my $0.02.
Of course, someone *could* use an AWS account to send calls to her phone over and over
There are number of people posting comments about how this isn't an issue since Apache's code is open. Let me outline a few possible issues even with the code being ...
... http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html ... :-)
1. If Apache keeps non-released security information in their bug tracker it could end up being disclosed. Great if you want to get your hands on security issues before patches are released.
2. Private comments can be leaked out which are probably not meant for general consumption. Probably not a huge issue, but it depends on the content.
3. Many people use the same passwords everywhere -- and the same usernames. Any cracked accounts could prove quite useful.
On the flip side it goes to show that XSS and CSRF are, as many security (open and closed) groups note, are a major problem -- and are pretty easy to exploit. While it is not fun to have this occur it may wake up some engineers into seeing that 'if it can happen to Apache maybe we should take it seriously'.
Then there is the whole thing of Apache using Jira instead of something Open
I think the frustration is actually in some people not using the right tools for the job. I like NoSQL databases (specifically MongoDB), but I have not used them with anything I've written. Why? Because it wasn't the right tool for the job. I tend to use MySQL, Postgres or sqlite because it's so widely available and well known in how to administer. There are times that NoSQL will makes sense, it's just not the area I work in.
...). Since NoSQL seems to be a popular tool, and "the cloud" is a popular buzz phrase CIO's/CTO's will likely be pushing their shops to utilize "NoSQL in the cloud". While large scale applications which don't require relational information and need fast syncing across many servers is good grounds for NoSQL, these "NoSQL in the cloud" instances will probably not actually fit that status.
I do think we are going to continue seeing an uptick in NoSQL related things since many companies are fixated on "the cloud" while not really knowing what "the cloud" is (heck, no one still really, truly has a common definition of what it means
I do agree that it will be a good thing when "NoSQL for everything" dies. Just like it was a good thing when "PERL for everything", "Java for everything" and "Ruby for everything" died, but let's not throw out the whole idea because a lot of people use it wrong.
I assume some social sites require you to be you by way of their terms or EULA ... I guess they can get around that? I mean, it makes sense they would read public information but if they are using fake profiles without prior approval for a case it seems like something is going wrong ...
Exactly what I thought as well. I have a feeling the Twitter API was picked since status.net supports it too http://status.net/wiki/Twitter-compatible_API.
What about places that might have a need for both SPICEs?
They will need a SPICE rack.
"Gobby is a free collaborative editor supporting multiple documents in one session and a multi-user chat. It runs on Microsoft Windows, Mac OS X, Linux and other Unix-like platforms. " It is GPL, easy to use and lets you code together very rapidly. http://gobby.0x539.de/trac/
From a technical point of view I'm sure your right but remember, Oracle is not really about the technology. For Oracle it's about the cash. Think of Oracle like a rapper and Sun like, well, a nerd. The nerd is smart but but in the end he will get slaughtered by the rapper, yo!
Really though, technically better doesn't mean a company will back it esp when it means backtracking on previous 'we are better than they are' comments.
... before yet another worm sweeps the internet this time sending email with random sized attachments to people eating up capped bandwidth or some other scheme that could make average users feel the pain of the caps.
Before TW moves a few miles this way with their caps I'll find another company to go with, even if it means I have to pay more to keep the same level of service I get today.
Even though it probably will make no difference I will be sending them an email stating I will move to another provider if they cripple my service under caps.
... why it's so 'cheap' to offshore.
Good point. Though I bet a lot of the large companies are very close to the same compensation as small companies at this point as they are trying to cope with their inefficiencies. On top of that a lot of large companies have huge business divisions with all sorts of shiny ideas that don't work that they try over, and over, and over ... and big companies tend to allow it because they can absorb it ... or at least they use to be able to!
A coworker explained that in business school they were taught there is no such thing as a wrong business decision .... when you fail, do the same thing again with different people. Hopefully that kind of thinking will be revisited.
There has been a steady but rising flood of semi-skilled people getting into IT increasing the size of IT shops ... and generally their cost. I don't like to see people lose jobs, but in some cases shrinking IT is really, really good. I don't want to work with 50 so-so or worse developers or sysadmins ... but I'd be more than happy to work with 10 stellar engineers/admins. Same goes with management. Speaking with some friends this past year it almost seems there has been a popular trend in adding layers of management for the sake of reporting structures (group A reports to manager who reports to manager who reports to director who reports to ....). In a lot of cases that is just cruft that is not needed that increases cost for little to no gain.
Then again, I've seen the definition of IT being stretched to include positions that have nothing to do with Information Technology.
Your right about sales ... for sure it is not IT. Data folks can be ... it depends on how an organization is structured and at what level (IE: are they schema and reporting administrators or guy who looks at data in an application). Same thing goes with engineers. A lot of companies consider things like web applications the domain of IT so web engineers are in the IT departments.
Short answer, make the code as clean and speedy as you can, then any extra hardware needed is an obvious request.
Long answer ... a lot of people don't think about the other costs. I am a software engineer and, for a while, the group I was in was under an 'operations' org. What I learned was that it's more than hardware, it's also the costs of administration of the hardware (when it breaks, when it's acting up, etc...), the underlying OS (security updates, audits, monitoring, etc..), power/cooling consumption, and the cost of spreading the operational (generally system administration) team X more thin.
There is a middle ground. If your worried about C++ being to slow then your probably worrying to much (or need better engineers) :-). If your thinking that writing your shiny new app in jruby on top of java inside of an application server, running on top of the CLR then, yeah, 'hardware' becomes expensive and pretty quickly. If you go with proven languages (C, C++, etc..), currently popular languages (Java, C#, PHP, etc..), or up and coming languages (Ruby, Python, Erlang, etc..) your trade off's should be sane (assuming the developers don't take all the short cuts then can to increase hardware).
Really. I mean that ... and remember that whatever you decide you like now may not be what you like 5 years from now.
For me, I like Python quite a bit. As someone who use to write Java back when it was the hot language Python let me do what I wanted to do without having to define lots of boilerplate or worry about VM implementation differences, etc... It also was portable ... VERY portable (no more System.gc tricks to avoid VM bugs on some platforms).
I also think C is a great language to know even if you don't have much reason to use it right now. Seems like a lot of languages themselves use C (Python is written in C, so is Java ... I think). If you know C you'll have a good basis for programming and a good understanding of memory management (which most higher level languages take care of for you).
If your looking for specifics here is my $0.02 (not in any order):
Web (Open Source or Small-Medium Company): Ruby, Python, PHP, Mono
Web (Open Source/Closed Source or Large Company): Java, C++, Mono, Python
Desktop (Open Source or Small-Medium Company): C, C++, Ruby, Python, Mono
Desktop (Open Source/Closed Source or Large Company): Java, C, C++, Ruby, Python, Mono
This coming from Google? That surprises (and scares) me. I don't know how something like that would get through a QA process unless the QA process was rushed ... oh no, please don't become like almost every other software company out there Google! :-/
I more or less agree. Java really is the language of the now ... and it's a huge language. The problem with picking it up this late in it's life is that by the time your marketable with the language you will probably only be working on legacy upkeep applications.
Learning Java is a good thing, but like John said pick up Ruby or Python to be marketable in the future (or Erlang as it seems it's getting some steam as well), and Java so that you can understand this gen's applications.
Book wise I've heard "Head First Java" is quite good (though it is probably out of date). I personally liked the books directly from Sun. I also recommend you look at Java security as there are a lot of folks who can write Java, not very many who can write Java in a secure manor (or so it seems from experience).
Hopefully. I'm sure it will put pressure on them to do so ... if they do the right thing or not is up to them. I personally think in this specific space it has been easy for open source companies to keep this software closed. Now that one of the bigger FLOSS companies decided enough was enough it would be great to see some competition with other FLOSS software.
Though honestly I don't think it will make Canonical release a FLOSS version of Landscape, at least not any time soon. Take a look at https://bugs.launchpad.net/launchpad/+bug/50699. While I think launchpad is one of the best bug/code/etc.. systems out there, it's not FLOSS. The reasons for that seems to be:
1. Mark doesn't have a revenue model for launchpad and this open sourcing the code would put his developers out of work (at least that is what it seems he is saying).
2. It's a 'hosted solution' so it doesn't need to be open source.
My assumption is that the same views would be extended to Landscape and other hosted applications.
From reading https://fedorahosted.org/spacewalk/wiki/SpacewalkFaq it sounds like they have plans on making it not so oracle-centric.
Really. When I'm looking to hire new folks I'm more interested in what they have done in the past. Open Source projects are things I look at heavily as I can see the code and the success (or lack) of the project, how committed they are to projects, how they work (or don't) with others, and that they actually like hacking on stuff.
... anything more than that comes from the love of hacking/administering/etc..
... and to what college. Candidate A graduated from Berkley while Candidate came from Polk Community College. Candidate A looks much better. The fact may be (and really there is a 50% chance here of it) that Candidate B is better than A ... but on paper it doesn't seem that way.
... go to a college with a good name. Want to work on cool stuff at a tech company? Get some projects under your belt and, if you can, just finish at a college.
I've really found college education means almost nothing when hiring from the technologist's point of view. I've interviewed lots of people and the range of skills that college grads, 'good' college grads, and non collage grads have is next to nothing. In fact I've found that if you hire a college graduate your only really ensuring the person can create boilerplate code/ideas no matter what college
On the flip side HR does tend to care
Bottom line is it depends on where you want to work. You want to work in IT at a hospital