I suspect that most HTTP client implementations bundled with languages aim to be stateless by default. For anything that looks like state, the buck gets passed downstream. There is merit in this -- it gives the downstream developer a lot of flexibility. But then we have the problem: several standard HTTP behaviors that we usually take for granted are unworkable by default (i.e. HTTP cookies, HTTP caching, and CRL/OCSP -- which needs caching to perform reasonably).
Typically, a developer wants to say something simple (http.get("http://example.com/the/data")) rather than
cookieStore = new FileCookieStore("/var/lib/my-app-dir-that-someone-has-to-configure/cookies");
cacheStore = new FileCacheStore("/var/lib/my-app-dir-that-someone-has-to-configure/cache");
certValidator = new CachingCertificateValidator(cacheStore, {crl => true, ocsp => true});
httpClient = new HttpClient(cookieStore, cacheStore, certValidator);
httpClient.get('http://example.com/the/data');
Who wants to be responsible for administering/documenting/supporting all those fiddly bits of state?
Calling C++ "the Windows ME of programming languages" is like calling the Catholic Church "the Facebook of religious institutions." Both metaphors are trapped in a temporal-distortion field.
Honestly, those are terrible books. If nothing else the signal-to-noise ratio is extremely disproportionate. I mean there are nuggets of good information in the books, but a 1100+ page language tutorial is unnecessary. It would be a stretch to call the series programming books -- let alone "influential" programming books.
Speaking from my experience with the Deitels' C++ book in my first-year programming course, I'll agree that the book perhaps lacked some academic artfulness, that it might not help an already-skilled practitioner, and that I wouldn't read it again. But I loved it at the time -- it was fun to read, it had a sort of progression or flow that was easy but rewarding. More importantly, all those lengthy code snippets help the reader become *conversant* in the language. It's one thing to learn the grammar and basic vocabulary of a new language (which you can do quickly); it's another thing to read a novel, write a poem, watch a movie, or chat up a stranger in a new language.
I was wondering about that -- how much did the office of the minority whip spend to put together this program?
Well, it turns out that the House publishes their expenses every three months at http://disbursements.house.gov/ . "YouCut" doesn't appear to be explicitly budgeted. (Congress could learn a lesson from the NSF about transparency -- the NSF publishes expenditures for particular projects.)
So that leaves us to do some sleuthing and guesswork. Here are some puzzle-pieces that I found with about 10 minutes of searching:
The main site is hosted by the House's IT department.
The data-collection for their SMS poll is hosted by tatango.com.
The data-collection for the NSF review is hosted on a staff member's personal GoDaddy.com server.
The technical labor appears to be valued at ~$90k/yr, although it's not clear how much labor went into this particular project. (A man-day? A man-week? Six man-months?)
If the above facts are indicative of the project and its decision-making, then the project operates on a low-budget basis. Kudos for that.
Of course, "low budget" isn't good enough -- we need to get a return on investment. So what do we get? If the project produces an actively-engaged public which critically and broadly considers the costs and benefits of the national budget, then that would be a good return. If the project elevates the national discourse, then that would be a good return.
But I don't think we'll get that return. Look at the format of the site: each week, a Republican operative edits a list of 3-5 items that he thinks should be cut. This list includes options like "Prohibit Hiring New IRS Agents to Enforce Health Care Law" or "Terminate Taxpayer Funding of National Public Radio." Next, the list is published, and "the public" is asked to vote among these biased options. A week later, the tallies come in and -- surprise! -- the winning option is a Republican talking-point!
So what return will the public get on its investment in YouCut? Well, I guess we'll have some fodder to toss into the Republican machine, and that might help the Republican machine manufacture more outrage.
To recap, the public is investing an unknown (but relatively small) amount in the YouCut program to manufacture Republican outrage. Is that a good investment?
"You spin me right round, baby right round like a record, baby Right round round round"
That's not weird, this guy is just an idiot who can't be bothered commenting his code.
I'm fine with the occasional clever witty comment (I've done it myself) as long as the code makes sense and that everything is documented (e.g. This method does x, y, z and also takes over the world).
I agree with your reaction to the article on "earthweb" -- it's a thin argument. Like you, I also thought about occasional, odd comments that I've put in code, and I tried to judge the listed examples. Of course, there's not enough information to reach my own judgement, so I emoted and projected a little... and now I give this unnamed, undefended developer the benefit of the doubt. He's my comrade in arms and spirit. Surely "Right Round" makes sense in context. Perhaps he was commenting a spinlock in a multithreaded media player with visual animations. The visual animations kept drawing tiedyed ellipsoid upon overlapping, tiedyed, dizzying ellipsoid until the loop finally, mercifully terminated. In this case, his comment is multi-layered, beautiful, astute.
There's a very strong norm against publishing phone numbers, addresses, etc in journalism (esp. criminal and political journalism). I readily agree with this norm -- it seems that publishing such information can invite vigilantism and generate life-long problems for the accused without the benefit of a fair trial. I would generally expect journalists to abide this norm in news reports on robbery, drug trafficking, arson, embezzlement, etc.
Never-the-less, I felt a twinge of satisfaction while reading phone numbers and street addresses in TSG's article. I wouldn't mind if these serial harassers received a series of harassing phone calls.
Then again, TSG accuses Pranknet of systematically violating the informal norms that their victims rely on; is it proper for TSG to turn around and break an informal norm of journalism?
I'd like to better understand the ethical question here. Perhaps TSG's approach is the only way to deal with Pranknet? Perhaps it's poetic justice? Has TSG made a special ethical judgement regarding Pranknet? On what basis? Does TSG habitually violate journalistic ethics? Do the participants in Pranknet deserve worse treatment than anyone else accused of crime? How would our opinion change if TSG had presented the story differently?
I was once solicited by a firm that sold a wrapper for email-to-SMS gateways. Their sales team said that they'd been relaying a high volume of traffic for few years without incident. The claim seemed credible (although I felt the firm was slightly shady).
In any case, there's a lot of issues with email-to-SMS that can be resolved by negotiating a relationship with a gateway/carrier. As you mentioned, the content provider needs to maintain information about the user's carrier. Other differentiators:
WAP push
Mobile-originated texts (e.g. mobile signup, voting, questionnaires)
"Premium SMS" (i.e. billing through the carrier)
Don't get me wrong. The carriers' price structures are extor-- ridic-- not favorable to content providers. But they do offer more functionality.
They're light at least - but I don't really follow why that's a big deal. Obviously I'm wrong because Netbooks are popular. I just don't quite understand it.
The benefits of a netbook are basically the same as any laptop -- you want a functional computer for use at meetings, cafes, conferences, airports, etc. I think the differentiating issue is how you commute.
If you typically commute among home, office, clients, cafes, grocery store, etc. by car, then you need a portable computer that you can carry to the car. Once it's in the car, the size and weight don't matter. Any laptop will fit the bill.
If you commute by bike, metro-train, metro-bus, or foot, then you need a portable computer that fits in your bag (backpack, briefcase, messenger bag, purse). Your bag is critical because it goes almost everywhere that you go. A conventional laptop monopolizes your bag, slows you down, and requires careful handling. A netbook shares space with your other stuff.
I did a quick test with this product a few weeks ago, and it sync'd well with my phone. My only concern was that Microsoft appears to assert patent claims relating to ActiveSync. Anyone have thoughts or experiences on using this product in the US market?
The KDE project plans to release an easy-to-use GUI version that offers GNUke functionality to a range of unsophisticated users. The program will be called KUKE.
In related news, Apple's Mac OS X, iTunes, and iLife products will be ported to the Asus EEE by an informal group of enthusiasts. The rag-tag hackers will operate under the name IEEE.
"Faceboogle" is a classic example of the phenomenon I call "world wide web portmanteau." That name is a bit long; for short, I've coined a new term, "wwwortmanteau."
Thank you, thank you. I'll be here again Thursday night.
Man, if I had some popcorn for everytime some nutty defense department flunky suggested an airborne laser cannon, I would... have a whole lot of popcorn. I mean, a lot. I couldn't even fit it all in my house. It would be a lot.
Of course, it's not that simple. I'll take a stab explaining this (although IANBS and I haven't thought much about this in a long time.)
Under the scheme described by the grand-parent, the secrecy of the ballot depends on the confidentiality of the unique ID number: if an attacker can correlate the unique ID to a particular person, then the secrecy is compromised. If no attacker can make those correlations, then the secrecy is protected.
It is feasible to assign a unique ID to each voter during the election process -- e.g. allow each person to make up their own 16 digit code. The user is the only person who types in or sees the code. For an attacker to correlate the code with the person, he must either:
a) surreptitiously monitor the person and computer as the person enters the code
b) obtain the unique ID directly from the user after the vote (e.g. by stealing the paper receipt or monitoring the voter when the voter attempts to verify the correctness of the vote)
Issue "a" doesn't seem like a regression to me. If the attacker has the ability to surreptitiously monitor the person and/or computer as the person votes, then the secrecy of the vote is broken, period, without any regard to unique ID's.
Issue "b" presents a new trade-off for voters: after voting, an individual may choose one of two strategies:
b.1) Keep the code and subsequently use it to validate the election results. This is appropriate if (1) the user trusts his own ability to safe-guard the ID and (2) the user does not trust the vote authority to accuratley tally the votes.
b.2) Immediately destroy the code and lose the record of the vote. This is appropriate if (1) the user does not trust himself to safe-guard the ID and (2) the user does trust the vote authority to accurately tally the votes.
The choice is not perfect, but it seems like an improvement to me: Under the current scheme, all voters must choose "b.2." An alternative scheme like the grandparent's can preserve approach b.2 while also enabling b.1. As long as some non-trivial percentage of voters choose "b.1", we will have a stronger ability to detect and deter fraud.
I have seen this question raised by some liberal blogfolk. The conversation that I saw went a bit like this:
[Semi]Techie: Someone has data recovery abilities. Why don't the Democrats get them? This is outrageous!
Non-techie: OMG! Totally!
[Semi]Techie #2: Totally!
Non-techie #2: Totally!
Now, I generally don't pay much attention to the hardware issues, so I may be speaking out of turn, but it seems like quite a leap to go from
Someone somewhere has done an experiment in which they managed to recover some bytes that were overwritten 9 times.
to
We can provide accountability for our government officials by shipping these drives out to some website.
Yes, it may be possible, but:
Just how robust is the technology? Can we really read data that was deleted from a heavily trafficked mail server -- 2-8 months after the fact?
Are we prepared to have a public, political discussion about the quality of the technology? What will that discussion look like?
How do we ensure that the data recovery process is done in a manner that ensures public trust? How do we authenticate recovered emails?
When do we publicly announce that we're using this recovery technology? Right now? Maybe we only announce if we actually get data?
Most importantly, you have to put this into context: Democrats need to publicly demonstrate malfeasance by Republican officials. One way to do that is with this uncertain approach of recovering data, examining messages, and then building a case. Another way is to point out the deleted emails and show that the admitted deletions were illegal.
IIRC, prior art declared during a patent application cannot be cited by the defense in a patent-infringement suit. A patent applicant who declares prior art will get a leg up in litigation, and that's a non-trivial incentive for an earnest patent applicant to declare as much prior art as he can.
Of course, it only matters if the patent applicant expects that his patent will wind up in court. A patent applicant could bank on the significant cost and anxiety associated with court cases -- i.e. submit an incomplete patent application under the assumption that any prospective competitor/licensee would rather pay for a license than a trial.
Slashdot Mirror
I suspect that most HTTP client implementations bundled with languages aim to be stateless by default. For anything that looks like state, the buck gets passed downstream. There is merit in this -- it gives the downstream developer a lot of flexibility. But then we have the problem: several standard HTTP behaviors that we usually take for granted are unworkable by default (i.e. HTTP cookies, HTTP caching, and CRL/OCSP -- which needs caching to perform reasonably).
Typically, a developer wants to say something simple (http.get("http://example.com/the/data")) rather than
cookieStore = new FileCookieStore("/var/lib/my-app-dir-that-someone-has-to-configure/cookies");
cacheStore = new FileCacheStore("/var/lib/my-app-dir-that-someone-has-to-configure/cache");
certValidator = new CachingCertificateValidator(cacheStore, {crl => true, ocsp => true});
httpClient = new HttpClient(cookieStore, cacheStore, certValidator);
httpClient.get('http://example.com/the/data');
Who wants to be responsible for administering/documenting/supporting all those fiddly bits of state?
But you still get free medical care afterwards.
eco-comunism
The word itself is priceless.
Calling C++ "the Windows ME of programming languages" is like calling the Catholic Church "the Facebook of religious institutions." Both metaphors are trapped in a temporal-distortion field.
Speaking from my experience with the Deitels' C++ book in my first-year programming course, I'll agree that the book perhaps lacked some academic artfulness, that it might not help an already-skilled practitioner, and that I wouldn't read it again. But I loved it at the time -- it was fun to read, it had a sort of progression or flow that was easy but rewarding. More importantly, all those lengthy code snippets help the reader become *conversant* in the language. It's one thing to learn the grammar and basic vocabulary of a new language (which you can do quickly); it's another thing to read a novel, write a poem, watch a movie, or chat up a stranger in a new language.
Ah, but this is Slashdot. Nothing goes without being said.
For example, cheese-whiz.
It's the best forken office suite on the planet...
I was wondering about that -- how much did the office of the minority whip spend to put together this program?
Well, it turns out that the House publishes their expenses every three months at http://disbursements.house.gov/ . "YouCut" doesn't appear to be explicitly budgeted. (Congress could learn a lesson from the NSF about transparency -- the NSF publishes expenditures for particular projects.)
So that leaves us to do some sleuthing and guesswork. Here are some puzzle-pieces that I found with about 10 minutes of searching:
If the above facts are indicative of the project and its decision-making, then the project operates on a low-budget basis. Kudos for that.
Of course, "low budget" isn't good enough -- we need to get a return on investment. So what do we get? If the project produces an actively-engaged public which critically and broadly considers the costs and benefits of the national budget, then that would be a good return. If the project elevates the national discourse, then that would be a good return.
But I don't think we'll get that return. Look at the format of the site: each week, a Republican operative edits a list of 3-5 items that he thinks should be cut. This list includes options like "Prohibit Hiring New IRS Agents to Enforce Health Care Law" or "Terminate Taxpayer Funding of National Public Radio." Next, the list is published, and "the public" is asked to vote among these biased options. A week later, the tallies come in and -- surprise! -- the winning option is a Republican talking-point!
So what return will the public get on its investment in YouCut? Well, I guess we'll have some fodder to toss into the Republican machine, and that might help the Republican machine manufacture more outrage.
To recap, the public is investing an unknown (but relatively small) amount in the YouCut program to manufacture Republican outrage. Is that a good investment?
I agree with your reaction to the article on "earthweb" -- it's a thin argument. Like you, I also thought about occasional, odd comments that I've put in code, and I tried to judge the listed examples. Of course, there's not enough information to reach my own judgement, so I emoted and projected a little... and now I give this unnamed, undefended developer the benefit of the doubt. He's my comrade in arms and spirit. Surely "Right Round" makes sense in context. Perhaps he was commenting a spinlock in a multithreaded media player with visual animations. The visual animations kept drawing tiedyed ellipsoid upon overlapping, tiedyed, dizzying ellipsoid until the loop finally, mercifully terminated. In this case, his comment is multi-layered, beautiful, astute.
There's a very strong norm against publishing phone numbers, addresses, etc in journalism (esp. criminal and political journalism). I readily agree with this norm -- it seems that publishing such information can invite vigilantism and generate life-long problems for the accused without the benefit of a fair trial. I would generally expect journalists to abide this norm in news reports on robbery, drug trafficking, arson, embezzlement, etc.
Never-the-less, I felt a twinge of satisfaction while reading phone numbers and street addresses in TSG's article. I wouldn't mind if these serial harassers received a series of harassing phone calls.
Then again, TSG accuses Pranknet of systematically violating the informal norms that their victims rely on; is it proper for TSG to turn around and break an informal norm of journalism?
I'd like to better understand the ethical question here. Perhaps TSG's approach is the only way to deal with Pranknet? Perhaps it's poetic justice? Has TSG made a special ethical judgement regarding Pranknet? On what basis? Does TSG habitually violate journalistic ethics? Do the participants in Pranknet deserve worse treatment than anyone else accused of crime? How would our opinion change if TSG had presented the story differently?
I was once solicited by a firm that sold a wrapper for email-to-SMS gateways. Their sales team said that they'd been relaying a high volume of traffic for few years without incident. The claim seemed credible (although I felt the firm was slightly shady).
In any case, there's a lot of issues with email-to-SMS that can be resolved by negotiating a relationship with a gateway/carrier. As you mentioned, the content provider needs to maintain information about the user's carrier. Other differentiators:
Don't get me wrong. The carriers' price structures are extor-- ridic-- not favorable to content providers. But they do offer more functionality.
The benefits of a netbook are basically the same as any laptop -- you want a functional computer for use at meetings, cafes, conferences, airports, etc. I think the differentiating issue is how you commute.
If you typically commute among home, office, clients, cafes, grocery store, etc. by car, then you need a portable computer that you can carry to the car. Once it's in the car, the size and weight don't matter. Any laptop will fit the bill.
If you commute by bike, metro-train, metro-bus, or foot, then you need a portable computer that fits in your bag (backpack, briefcase, messenger bag, purse). Your bag is critical because it goes almost everywhere that you go. A conventional laptop monopolizes your bag, slows you down, and requires careful handling. A netbook shares space with your other stuff.
I did a quick test with this product a few weeks ago, and it sync'd well with my phone. My only concern was that Microsoft appears to assert patent claims relating to ActiveSync. Anyone have thoughts or experiences on using this product in the US market?
Whatever happened to Mallory anyway, she was sort of cute...
Mallory is a guy. Don't ask me why.
Personally, I'm waiting for the Third Edition of Applied Cryptography. Rumor is that Mallory will be replaced by Amy Acker.
The KDE project plans to release an easy-to-use GUI version that offers GNUke functionality to a range of unsophisticated users. The program will be called KUKE.
we should all simply develop photosynthesis to fuel our bodies instead.
Okay, sounds good. I'll need a cost estimate on that for Monday's meeting.
Also, do you know any consultants who have done this before?
Thanks,
Management
In related news, Apple's Mac OS X, iTunes, and iLife products will be ported to the Asus EEE by an informal group of enthusiasts. The rag-tag hackers will operate under the name IEEE.
"Faceboogle" is a classic example of the phenomenon I call "world wide web portmanteau." That name is a bit long; for short, I've coined a new term, "wwwortmanteau."
Thank you, thank you. I'll be here again Thursday night.
e.g.
1. We will cease customizations through our "Dell Home" program but will continue with it in our "Dell Large Business" program.
2. We will cease customizations for our "Dimension" line but continue customizations for our "Optiplex" and "PowerEdge" lines.
2. We will continue supporting some customizations (e.g. RAM and HD) but cease support for other customizations (e.g. anti-virus software).
3. We will increase the price on customized models and decrease the price on prepackaged models in order to reshape demand.
Man, if I had some popcorn for everytime some nutty defense department flunky suggested an airborne laser cannon, I would... have a whole lot of popcorn. I mean, a lot. I couldn't even fit it all in my house. It would be a lot.
Good points!
Of course, it's not that simple. I'll take a stab explaining this (although IANBS and I haven't thought much about this in a long time.)
Under the scheme described by the grand-parent, the secrecy of the ballot depends on the confidentiality of the unique ID number: if an attacker can correlate the unique ID to a particular person, then the secrecy is compromised. If no attacker can make those correlations, then the secrecy is protected.
It is feasible to assign a unique ID to each voter during the election process -- e.g. allow each person to make up their own 16 digit code. The user is the only person who types in or sees the code. For an attacker to correlate the code with the person, he must either:
a) surreptitiously monitor the person and computer as the person enters the code
b) obtain the unique ID directly from the user after the vote (e.g. by stealing the paper receipt or monitoring the voter when the voter attempts to verify the correctness of the vote)
Issue "a" doesn't seem like a regression to me. If the attacker has the ability to surreptitiously monitor the person and/or computer as the person votes, then the secrecy of the vote is broken, period, without any regard to unique ID's.
Issue "b" presents a new trade-off for voters: after voting, an individual may choose one of two strategies:
b.1) Keep the code and subsequently use it to validate the election results. This is appropriate if (1) the user trusts his own ability to safe-guard the ID and (2) the user does not trust the vote authority to accuratley tally the votes.
b.2) Immediately destroy the code and lose the record of the vote. This is appropriate if (1) the user does not trust himself to safe-guard the ID and (2) the user does trust the vote authority to accurately tally the votes.
The choice is not perfect, but it seems like an improvement to me: Under the current scheme, all voters must choose "b.2." An alternative scheme like the grandparent's can preserve approach b.2 while also enabling b.1. As long as some non-trivial percentage of voters choose "b.1", we will have a stronger ability to detect and deter fraud.
There are four iPhone articles on the front page. Enough. Just let it go. Please. For your own good. I'll trade you some karma if you just let it go.
I have seen this question raised by some liberal blogfolk. The conversation that I saw went a bit like this:
[Semi]Techie: Someone has data recovery abilities. Why don't the Democrats get them? This is outrageous!
Non-techie: OMG! Totally!
[Semi]Techie #2: Totally!
Non-techie #2: Totally!
Now, I generally don't pay much attention to the hardware issues, so I may be speaking out of turn, but it seems like quite a leap to go from
to
Yes, it may be possible, but:
Most importantly, you have to put this into context: Democrats need to publicly demonstrate malfeasance by Republican officials. One way to do that is with this uncertain approach of recovering data, examining messages, and then building a case. Another way is to point out the deleted emails and show that the admitted deletions were illegal.
IIRC, prior art declared during a patent application cannot be cited by the defense in a patent-infringement suit. A patent applicant who declares prior art will get a leg up in litigation, and that's a non-trivial incentive for an earnest patent applicant to declare as much prior art as he can.
Of course, it only matters if the patent applicant expects that his patent will wind up in court. A patent applicant could bank on the significant cost and anxiety associated with court cases -- i.e. submit an incomplete patent application under the assumption that any prospective competitor/licensee would rather pay for a license than a trial.