I have built a successful ($450K subscription revenue in 6 months) production app using Struts. Struts has a steep learning curve, but once you get over the hump, the payoffs are enormous.
I am now embarking on a second app built on the technology of the first one. I spent the last 2 months rewriting much of the JSP side of things, having finally learned how to do things the right way.
I feel the biggest hole to fill in the literature is the tag libraries. I nearly killed myself learning how to properly extend and implement a tag library. The community needs a whole book just covering the usage and customization of Struts tags.
Having survived that ordeal, I now have nearly 100% scriptlet-free JSP. Scriptlets in JSP is like cancer. You don't realize how badly it is infected until you try to remove it. I have dubbed the term "page global variables", in reference to the usage of variables defined in one JSP and then used by included JSP fragments. They are as insidious as good old-fashioned C globals.
Does Intel need to show in their end product what brand chairs the engineers at intel sit in? Does GM need to put stickers all over there cars saying what brand steel was used for the fenders?
My thoughts exactly.
I am a strong open source advocate, having contributed open software before the term even existed.
However, I feel the long-haired hippie freaks at Groklaw have lost sight of one fact. If everything is open source and nobody charges for anything, then we will all be unemployed while we watch India, China, etc. reap the benefits of our labor.
Likewise for me. After filling out my taxes, I paid 13% federal income tax. No state income tax - I live in NH. No sales tax too.
Property tax - yes. People in MA always say NH has high property taxes. Yes, the rates are high, but the actual amount I pay is probably the same because the appraised value of the house is 30%-50% less than the MA house.
My cousin has been a mechanic nearly all his life (44) - his dad owned a garage. As an engineer, I could always relate to his job, since there are many parallels. It has been interesting to see the evolution of cars and how his skills changed. He went from a greasy mechanic working under the car, pulling out 500 lb. transmissions, to an electronics wizard fixing computer-controlled transmissions from the driver's seat. The coolest thing was watching him drive-by-wire using the diagnostic computer.
I used to use a tool called ConfigSafe. It did a pretty decent job of showing what changed relative to a snapshot run from the tool.
I haven't used it in a couple years though so I can't say how well it works with Windows XP. I found that the newer Windows OS and apps were too complex to easily decipher the results.
I know it's been said, but let me reiterate. Ethereal rocks. I am a web app developer. I used it to trace an HTTP stream. It is great for isolating traffic and seeing the raw data. By using ethereal I proved that IE was corrupting it's HTML. I could see the valid HTML in the HTTP stream.
Yes, I went to Funworld. It used to be the best arcade. It was there before the arcade boom and survived the arcade bust. Sadly, it has morphed into a chuck-e-cheese clone. I imagine they had to do that to survive.
"When I was a kid..." Funworld always had the latest games. They used to put the newest games up front and center when you walked in the door. I still remember when they got the first pinball machine that talked. It was "Gorgar" or something like that. That was bleeding edge technology back then.
Absolutely! We started our website with a hodge-podge of hardware leftover from the dot-com bust of our company. It was enough to survive for 6 months. Once we brought in some income, we bought better servers. This is how the US has succeeded so well - we do best with what we have.
I think the hysteria on slashdot over RFID is so overblown. This technology is just another technology that has good uses and bad uses.
I've got two words for you: Logan's Run
Imagine the security potential. Everyone has an RFID tag on or embedded in them. There will be checkpoints at airports, border crossings, etc. If you don't have a tag, or your database entry is flagged, then security brings you behind doors for "interrogation".
Personally, I'm scared. Generally, I'm not a luddite, but I see a huge potential for abuse. It will all be for our own good, but freedom will be a distant memory.
Still love that dongle that doesn't care who's actually holding it?
That is precisely why we will eventually allow these things to be embedded in our bodies. Of course, then identity theft will be considerably more grisly.
Here in NH, Mobil (er, Exxon/Mobil) stations are everywhere. I have a dongle on my keychain that lets me buy gas with very little pain. It can also be used inside the store. I use it all the time, despite the potential privacy concerns. Same goes for my shopping loyalty cards. I just got $17 in free Staples $'s. I'm not complaining about that.
The sad truth is, we will easily succumb to the convenience. I knew we were doomed when my I told my brother about the government putting RFID chips in our bodies. His response was, "Go ahead. I've got nothing to hide." Fsck that! It's Logan's Run!
We are doomed.
BTW, you are right about the military. I saw something on TV saying they are going to go gangbusters with it. RFID everything! "Uh, soldier, we need to put one of these thing in your Johnson. You don't mind, do you?"
No kidding man. What is it with the need for females to move things around. It's as if the world will somehow stop turning if you don't cycle your furniture on a regular basis.
Re:Can't build security on a weak foundation
on
Exploiting Software
·
· Score: 1
I will whole-heartedly agree that you can write really bad, stupid code in Java. What you can't do is write the kind of exploits that are so common in the C codebases of Windoze and Linux.
Just because you can still make some stupid mistakes is no reason to rule out a language that eliminates a whole category of mistakes. I spent more time than I care to admit chasing down my off-by-1 string copy errors in C. Then there are all the memory management errors, such as using a freed object - the silent killer. It doesn't fail now, but add in some new logic a year from now and suddenly that free memory is corrupt. Bork bork bork!
Re:Can't build security on a weak foundation
on
Exploiting Software
·
· Score: 1
Now how can you say I'm ignorant of C++. The parent I responded to was talking about C. I mentioned C++ simply because it inherits all of the baggage of C. Sure, I probably would not use strcpy in C++, but I could if I wanted to. C++ would be a bit more reasonable if it prevented the usage of C constructs.
Re:Can't build security on a weak foundation
on
Exploiting Software
·
· Score: 1
Why waste all that time teaching people how to avoid shooting themselves in the foot, instead of simply removing the gun? If you provide an environment that makes it impossible to make certain mistakes, isn't that preferable than hoping that the programmers have learned their lesson? As Bill Joy said, "Hope is a lousy defense."
You're argument for C based on performance is just plain silly. Since most security issues center around networking, are you ready to say that network programs are CPU-bound?
Re:Can't build security on a weak foundation
on
Exploiting Software
·
· Score: 1
That was actually one of the primary goals in the design of Java. After writing Java code for several years now, I can't imagine having to use strcpy or worry about whether I'm supposed to free an object or if the API I'm using will free it for me.
I'm sure the C/C++ bigots will flame the hell out of me. Nonetheless, many of the exploits we read about every day simply wouldn't exist if a safer language were used.
BTW, I participated in the whole "Ada thing" back in the 80's, having worked for a hardware vendor that needed Ada as a "checklist item" (what a freakin' expsensive checkbox that was!). Ada got a lot of things right, but didn't go quite as far as Java in incorporating inherently safe language constructs. What I really liked about Ada was the package concept, and built-in language constructs for multi-threading. Ada's biggest faults were trying to bring in too many features and the fact that is was ahead of it's time. It was just too damn slow for the hardware of the day.
Robotron was great! It was the only game I played that caused me to sweat profusely. It was also dangerous to stand behind me, as my leg would kick back during intense battles (pretty much all the time:-)). At the local arcade, I 0wn3d that game!
Defender was equally great! I didn't realize they were created by the same guy, but in hindsight, it makes perfect sense.
These two games definitely fit in my top 5 arcade games of my childhood.
I love Maxtor drives. I've had 3 Maxtor drives in a software RAID config on my Linux server running 24/7 for 3+ years. Last week the power supply burnt up. The drives and rest of the system survived the disaster. I put a new (Antec) PS in and everything was business as usual (after a painfully long fsck).
I run Maxtors in my desktop systems too. They've never given me a lick of trouble. I've RMA'ed 2 deathstars and have another (60GXP) waiting to go out. My WD800JB hasn't died, but it doesn't play well with my nforce2 mobo - I had to hook it to my add-on IDE card.
Your last point is particularly poignant. I followed the link, started reading, and then saw there was source code in it. I quickly x'ed the tab to avoid even glancing at the code.
The editors should add an update warning that some source code is in the article. It's like seeing your sister naked. Ack!
Obligatory Monty Python reference: GOD:...What are you doing now!? ARTHUR: I'm averting my eyes, oh Lord. GOD: Well, don't. It's like those miserable Psalms -- they're so depressing. Now knock it off!
Absolutely. For anyone that runs a real game server. I'm talking 24/7. Linux is the best choice.
Sadly, after hosting UT2003 through a few patch cycles, I gave up in disgust. The effort required to reconfigure after a patch is ridiculous. Epic can't hold a candle to Id when it comes to ease of administration.
I'm not just some spouting lus3r. I've been a software engineer for 20+ years. All I have to do is look at the config files and their mutations on every patch cycle and realize the inside of the game is a total mess. Perhaps UT2004 breaks the cycle. I'll check it out.
I was a member of the UT sponsored admin email list. I was continually amazed how willingly the admins put up with the mess. It doesn't have to be that way, but most of them are not experienced engineers, so they just plod along, thinking that is business as usual.
I've been running a Q3A server (LOVE DUMP) for over 3 years. My server config is about 20 lines long, and doesn't have to change with patch cycles.
Epic needs to be kinder to admins (in terms of ease of admin) before I'll host another UTyyyy server.
With that said, if more and more users get accustomed to Firefox on Windows, it might make it easier to convince them to try out a Linux desktop in the future.
Slashdot Mirror
I have built a successful ($450K subscription revenue in 6 months) production app using Struts. Struts has a steep learning curve, but once you get over the hump, the payoffs are enormous.
I am now embarking on a second app built on the technology of the first one. I spent the last 2 months rewriting much of the JSP side of things, having finally learned how to do things the right way.
I feel the biggest hole to fill in the literature is the tag libraries. I nearly killed myself learning how to properly extend and implement a tag library. The community needs a whole book just covering the usage and customization of Struts tags.
Having survived that ordeal, I now have nearly 100% scriptlet-free JSP. Scriptlets in JSP is like cancer. You don't realize how badly it is infected until you try to remove it. I have dubbed the term "page global variables", in reference to the usage of variables defined in one JSP and then used by included JSP fragments. They are as insidious as good old-fashioned C globals.
Does Intel need to show in their end product what brand chairs the engineers at intel sit in? Does GM need to put stickers all over there cars saying what brand steel was used for the fenders?
My thoughts exactly.
I am a strong open source advocate, having contributed open software before the term even existed.
However, I feel the long-haired hippie freaks at Groklaw have lost sight of one fact. If everything is open source and nobody charges for anything, then we will all be unemployed while we watch India, China, etc. reap the benefits of our labor.
Likewise for me. After filling out my taxes, I paid 13% federal income tax. No state income tax - I live in NH. No sales tax too.
Property tax - yes. People in MA always say NH has high property taxes. Yes, the rates are high, but the actual amount I pay is probably the same because the appraised value of the house is 30%-50% less than the MA house.
My cousin has been a mechanic nearly all his life (44) - his dad owned a garage. As an engineer, I could always relate to his job, since there are many parallels. It has been interesting to see the evolution of cars and how his skills changed. He went from a greasy mechanic working under the car, pulling out 500 lb. transmissions, to an electronics wizard fixing computer-controlled transmissions from the driver's seat. The coolest thing was watching him drive-by-wire using the diagnostic computer.
I used to use a tool called ConfigSafe. It did a pretty decent job of showing what changed relative to a snapshot run from the tool.
I haven't used it in a couple years though so I can't say how well it works with Windows XP. I found that the newer Windows OS and apps were too complex to easily decipher the results.
I know it's been said, but let me reiterate. Ethereal rocks. I am a web app developer. I used it to trace an HTTP stream. It is great for isolating traffic and seeing the raw data. By using ethereal I proved that IE was corrupting it's HTML. I could see the valid HTML in the HTTP stream.
Yes, I went to Funworld. It used to be the best arcade. It was there before the arcade boom and survived the arcade bust. Sadly, it has morphed into a chuck-e-cheese clone. I imagine they had to do that to survive.
"When I was a kid..." Funworld always had the latest games. They used to put the newest games up front and center when you walked in the door. I still remember when they got the first pinball machine that talked. It was "Gorgar" or something like that. That was bleeding edge technology back then.
I went to my favorite arcade the other day, hoping to get in a good pinball game. They had a measly 3 (lame) machines hidden on the top floor.
Can anyone recommend a good pinball arcade in the New Hampshire area?
Absolutely! We started our website with a hodge-podge of hardware leftover from the dot-com bust of our company. It was enough to survive for 6 months. Once we brought in some income, we bought better servers. This is how the US has succeeded so well - we do best with what we have.
I think the hysteria on slashdot over RFID is so overblown. This technology is just another technology that has good uses and bad uses.
I've got two words for you: Logan's Run
Imagine the security potential. Everyone has an RFID tag on or embedded in them. There will be checkpoints at airports, border crossings, etc. If you don't have a tag, or your database entry is flagged, then security brings you behind doors for "interrogation".
Personally, I'm scared. Generally, I'm not a luddite, but I see a huge potential for abuse. It will all be for our own good, but freedom will be a distant memory.
The only people we hate more than the Romans are the fscking Judean People's Front.
Still love that dongle that doesn't care who's actually holding it?
That is precisely why we will eventually allow these things to be embedded in our bodies. Of course, then identity theft will be considerably more grisly.
Here in NH, Mobil (er, Exxon/Mobil) stations are everywhere. I have a dongle on my keychain that lets me buy gas with very little pain. It can also be used inside the store. I use it all the time, despite the potential privacy concerns. Same goes for my shopping loyalty cards. I just got $17 in free Staples $'s. I'm not complaining about that.
The sad truth is, we will easily succumb to the convenience. I knew we were doomed when my I told my brother about the government putting RFID chips in our bodies. His response was, "Go ahead. I've got nothing to hide." Fsck that! It's Logan's Run!
We are doomed.
BTW, you are right about the military. I saw something on TV saying they are going to go gangbusters with it. RFID everything! "Uh, soldier, we need to put one of these thing in your Johnson. You don't mind, do you?"
No kidding man. What is it with the need for females to move things around. It's as if the world will somehow stop turning if you don't cycle your furniture on a regular basis.
I will whole-heartedly agree that you can write really bad, stupid code in Java. What you can't do is write the kind of exploits that are so common in the C codebases of Windoze and Linux.
Just because you can still make some stupid mistakes is no reason to rule out a language that eliminates a whole category of mistakes. I spent more time than I care to admit chasing down my off-by-1 string copy errors in C. Then there are all the memory management errors, such as using a freed object - the silent killer. It doesn't fail now, but add in some new logic a year from now and suddenly that free memory is corrupt. Bork bork bork!
Now how can you say I'm ignorant of C++. The parent I responded to was talking about C. I mentioned C++ simply because it inherits all of the baggage of C. Sure, I probably would not use strcpy in C++, but I could if I wanted to. C++ would be a bit more reasonable if it prevented the usage of C constructs.
Why waste all that time teaching people how to avoid shooting themselves in the foot, instead of simply removing the gun? If you provide an environment that makes it impossible to make certain mistakes, isn't that preferable than hoping that the programmers have learned their lesson? As Bill Joy said, "Hope is a lousy defense."
You're argument for C based on performance is just plain silly. Since most security issues center around networking, are you ready to say that network programs are CPU-bound?
That was actually one of the primary goals in the design of Java. After writing Java code for several years now, I can't imagine having to use strcpy or worry about whether I'm supposed to free an object or if the API I'm using will free it for me.
I'm sure the C/C++ bigots will flame the hell out of me. Nonetheless, many of the exploits we read about every day simply wouldn't exist if a safer language were used.
BTW, I participated in the whole "Ada thing" back in the 80's, having worked for a hardware vendor that needed Ada as a "checklist item" (what a freakin' expsensive checkbox that was!). Ada got a lot of things right, but didn't go quite as far as Java in incorporating inherently safe language constructs. What I really liked about Ada was the package concept, and built-in language constructs for multi-threading. Ada's biggest faults were trying to bring in too many features and the fact that is was ahead of it's time. It was just too damn slow for the hardware of the day.
C'mon. Real men use vi on /var/mail/user
Robotron was great! It was the only game I played that caused me to sweat profusely. It was also dangerous to stand behind me, as my leg would kick back during intense battles (pretty much all the time :-)). At the local arcade, I 0wn3d that game!
Defender was equally great! I didn't realize they were created by the same guy, but in hindsight, it makes perfect sense.
These two games definitely fit in my top 5 arcade games of my childhood.
I love Maxtor drives. I've had 3 Maxtor drives in a software RAID config on my Linux server running 24/7 for 3+ years. Last week the power supply burnt up. The drives and rest of the system survived the disaster. I put a new (Antec) PS in and everything was business as usual (after a painfully long fsck).
I run Maxtors in my desktop systems too. They've never given me a lick of trouble. I've RMA'ed 2 deathstars and have another (60GXP) waiting to go out. My WD800JB hasn't died, but it doesn't play well with my nforce2 mobo - I had to hook it to my add-on IDE card.
To put it another way, "The enemy of my enemy [MS] is my friend."
And, yes, I have RMA'ed 2 deathstars. I have a 60GXP waiting to be RMA'ed.
Your last point is particularly poignant. I followed the link, started reading, and then saw there was source code in it. I quickly x'ed the tab to avoid even glancing at the code.
...What are you doing now!?
The editors should add an update warning that some source code is in the article. It's like seeing your sister naked. Ack!
Obligatory Monty Python reference:
GOD:
ARTHUR: I'm averting my eyes, oh Lord.
GOD: Well, don't. It's like those miserable Psalms -- they're so depressing. Now knock it off!
Absolutely. For anyone that runs a real game server. I'm talking 24/7. Linux is the best choice.
Sadly, after hosting UT2003 through a few patch cycles, I gave up in disgust. The effort required to reconfigure after a patch is ridiculous. Epic can't hold a candle to Id when it comes to ease of administration.
I'm not just some spouting lus3r. I've been a software engineer for 20+ years. All I have to do is look at the config files and their mutations on every patch cycle and realize the inside of the game is a total mess. Perhaps UT2004 breaks the cycle. I'll check it out.
I was a member of the UT sponsored admin email list. I was continually amazed how willingly the admins put up with the mess. It doesn't have to be that way, but most of them are not experienced engineers, so they just plod along, thinking that is business as usual.
I've been running a Q3A server (LOVE DUMP) for over 3 years. My server config is about 20 lines long, and doesn't have to change with patch cycles.
Epic needs to be kinder to admins (in terms of ease of admin) before I'll host another UTyyyy server.
Agreed. Linux is ancilliary to the discussion.
With that said, if more and more users get accustomed to Firefox on Windows, it might make it easier to convince them to try out a Linux desktop in the future.