I'd like to be the first to say... huh? I'm sure Java will become a legacy language some day, but hipsters don't really define much of anything. Hipsters are against anything that's popular (because popularity by definition isn't hip), and go for the obscure things. That's why PBR became popular. It's not good, but among the younger set microbrews are very popular, so a hipster has to go for something unpopular to distinguish themselves from what's popular.
20 years ago people used to say that about C. C is dying, C is going to be replaced, etc, etc. Didn't happen. By popularity C has a lot more competition, but it's alive and well and not going away. People hate COBOL because it was a badly designed language. If anything is the new COBOL, it's PHP. I've known several PHP programmers, and many of them have switched to another language not because of a lack of jobs, but because they hate the language. I'm not old enough to have been around for the COBOL era, but I'd guess it was the same then.
The death of a language starts when developers leave it in droves for something else. I don't see that happeneing for Java. Do you?
Sure, you're probbably right that documenting skills and coding skills are mostly orthogonal to one another. But my point is more that the documenting at the very end is the wrong approach. Producing documentation should be integral into the process, not an afterthought. That doesn't mean it has to be done by the same person, only that it's not the last thing you do, and has to be overcome with people feeling like they're asking "dumb questions"
The programmer you're referring to has a very narrow scope. Software development is big, and we don't all have the same problems. People are often very narrow in their view of the world, and assume THEIR view of the world and their problems are the only one that exists. Thus the C programmer who thinks that Java programmers are inferrior because they don't have to deal with memory management. (i.e. you don't feel our pain, so you're not one of us).
I can equally tell you that C programmers don't understand OO principles. If you don't do OO, that's fine. Just like if you don't need to deal with all the memory management issues, that's fine too.
Your programmer is just doing the same cultural bullshit that's been going on for decades "These kids these days aren't any good because they have/didn't-have BLAH-1. Back in MY day we had BLAH-2". 40 years ago (and outside of the software world) it was that doggone rock music.... "back in my day we appreciated Henry Miller, not these blasted Beatles and their long hair!"
People become attached to their view of the world and can't imagine it without it. This is the pitfall of age and experience.
The article says he won' be eligible for $2500-$3000. It's hardly worth it. Getting worldwide attention, and a good reputation for finding a major security vulnerability in a major website is worth a LOT more than $3000, especially when you've waited 60 days after disclosing it.
I'd say the bounty should be about 10x for major problems like this that are easily reproducible, and have a high impact.
Coders are too busy writing code and making changes to what they write to give time for accurate documentation to be written....
In the age of using github as a distribution and code changes between today and tomorrow, the documentation is suddenly invalid before it's written. Even then, it requires a lot of stupid questions asked by the documentation staff to coders who think they have better things to do.
You've just described an extremely flawed development model. For some reason you can still get away with this with documentation since it's still thought of as not all that important and can be done last. People used to think of security in the same way (and some people still do this), but 20 years of people saying you have to bake security in at the start has resulted in nobody seriously considering doing that as a last step. But yet we still think of documentation this way, by and large.
The point being, if you want documentation, it needs to be part of the process, and part of the job. If a developer changes a major part of how people interact with the software, everyone in the project should know about that and it shouldn't just be this big surprise at the end.
I think what you've discovered is that you can't put up ads for something similar to what people are searching for, thinking they'll consider buying your product instead. Searching for somethng is a very narrow task. "Is THAT what I want?... no. Is THAAAT what I want?". It's not really a time when people are open to new ideas.
So I don't think Google adswords is a "scam". If it was, Google would have been out of business long ago. What you need to realize about marketing is you need to get the consumer at the right TIME. There's periods of time when people are far more open to something new and interesting. But it's most certainly not when they're looking for something specific.
Shit, if people actually DO that, I'd put out ads specifically so competitors would go try to click on them. Why? Because every minute they spend clicking on ads is a minute they aren't doing any work trying to compete with me.
1) This service will survive for all of two weeks tops - it's him against the collective power of Google. I put my money on Google.
And if that were the matchup, I'd agree. But remember Google is an enormous company, with many problems. This is a minor little annoying fly buzzing around the office. If the fly lies low, it can survive for quite a while. If it bites the wrong person, or becomes too annoying, it's going to get swatted rather quickly.
So far it looks like the fly has managed to lie low enough to not be much of a concern (The article mentions the service has been around for 2 1/2 years).
>("Getting the job done" does not, and has never required being abusive to others. Getting the job done while being abusive is not proof that being abusive is required or even was part of, "getting the job done.")
Hmmm.. I'm going to disagree here. Being verbally abusive is a technique to demand change in an organization. We all like to think leaders all command respect and everyone just follows them because they're the leader. Bullshit. One technique, employed by MANY leaders is being a total fucking asshole, at least part of the time. You think anyone would be talking about this GCC bullshit (and if what Torvalds says is right, it's really completely fucked up, and not excusable) if Linus just put a nice, politely worded request to just fix shit? I don't think so. But even if he was nice and polite, and got the thing fixed, there's little or no consequence for the fuckup, so it can happen again. If you're coding GCC, maybe you might at least sub-consciously think "boy, I better not release utter shit, or I'll catch some serious shit from that asshole Linus Torvalds... what a cock gobbling asshole that Torvalds is".
This idea you have that everything can work in a nice polite society where everyone has mutual respect for each other can work sometimes, in limited capacities. But the norm is for assholes like Linus to sometimes throw shit-fits, and others to work in fear of having a shit-fit thrown at them sometimes.
Is that the ONLY way to run an organization? Probably not, but as another thread points out, it's a common pattern of effective leaders.
The post was about comparing a woman looking at a mans strength, to a man looking at a linebackers strength. It wasn't about men being stronger than women, which is obvious.
The claim, at least as someone else could find out, was totally false. So yes, I think scrutinizing peoples claims is extremely important.
Ha. You make me laugh. People such as yourself have bad memories, or lived in some kind of sheltered environment. Every generation is convinced that the generation after them are the spawn of satan, and when THEY were that age they were all just perfect angels, or at the very least a HELL of a lot better than the current lot of miscreants. The attitude you're projecting has been common for at least the last 60 years.
Uhh.. when _I_ was that age about 20 years ago people were hacking into the computer science workstations, sniffing passwords, hacking root, running a bazillion processes on the box, etc. The only thing that's changed is now it's Linux machines, not SunOS machines.
If your users can't play nice together, the solution isn't to treat the place like a prison with automated systems enforcing a hard and fast set of rules.
The solution is for users to create their own enforcement. If some guy tries to take all the resources across your network with distcc, then the people affected should be able to notice that and tell the guy to knock that the fuck off.
In other words, give the users the freedom to break stuff, but also the knowledge to find out who'd breaking their stuff. It'll serve them far better than creating a walled garden where someone else has the responsibility to enforce social rules.
Slashdot and reddit work this way. Neither go around trying to enforce how people behave, they give the users the power to do that themself.
Many of them, however, have to follow outdated and impractical guides forced upon them by government standards in order to comply with HIPA, SOX, or PCI.
Don't blame the goverment for that. SOX doesn't specify passwords, it's an accounting standard that leaves that to the accounting industry. PCI is a credit card processing standard, and isn't set by the goverment.
Your instincts are simply incorrect. You think bad standards==government. Pure BS. Bad standards are bad standards and they're set all the time by large organizations. Much of what you're complaining about are bad standards set by accountants who really have no business setting these standards. It's the IT industry that needs to push on these people to change.
I don't believe I mentioned the number of people, merely that upgrading when nobody was using the system creates another risk that you won't know about till much later.
People in IT seem to want the "perfect" solution, which doesn't exist, or at the very least a black/white kind of thinking. Everything is tradeoffs and it's important to understand what those tradeoffs are. I've also seen people seem to think all situations and organizations are the same. (Obviously very, very wrong).
But I will say this. In some cases the best solution might be to upgrade the system when people are still using it that it can be switched back quickly.
say the patch unexpectedly breaks another critical function of the server. It happens, if you have been in IT any time you have seen it happen
Yes, this happens all the time. And really it's a case for doing the upgrade when people are actually using the system. If the patch happens at 2am (chosen because nobody is using it at 2am), nobody is going to notice it until the morning. The morning, when the guy who put in the patch is still trying to recover from having to work at 2am. At the very least groggy, and not performing at his/her best.
All those erase cycles would wear out the flash memory much faster.
The wear limits, and wear leveling on flash memory are such that even with heavy usage you'd still outlive the lifetime of the phone by an order of magnitude at least. (on the order of 1,000,000 erases). A phone is never even going to approach heavy usage. So I reject the idea that we can't erase because it'll wear out the flash memory prematurely.
Why do we still talk like we're in middle school? Why the code talking? "personal pictures", "manhood"? Can't we just say they found pictures of guys penises, and nude to semi-nude women?
People take nude photos of themselves, don't realize it's still on the phone, and sell the thing. The fault lies with the cell phone makers who aren't actually doing real deletes of pictures. That's just dumb. Back when storage medium was on a hard drive, and computers do a LOT of IO, deleting the reference to the file made sense to improve performance. But all phones use flash as storage, and there's simply not a lot of IO that's going on in your typical phone usage. The OS should be wiping the file, or at the very least remove the reference, and wipe the file at a later (but soon) time after (like perhaps while the user is typing something and is otherwise idle).
The reality is phones get stolen, and the data is far less secure than on a PC. The OS needs to keep up with that. Deleting data for good should mean actually deleting the data. The shortcuts that've been done in the past should be a thing of the past.
Bad developers are bad no matter what. But good developers make less mistakes in a language where there's less freedom and ease to make mistakes. The recent openSSL bug is a good example. The person who made the mistake isn't a bad programmer, but he did make a dumb mistake. Something that wouldn't have even been possible in an intepreted language.
Tools DO make a difference. They can very easily save you from yourself and not allow you to do things that you really shouldn't be doing.
Which tells me that something is wrong with the warning systems if Pilots are ignoring them. Pilots aren't idiots, but a warning system that's too sensitive is useless. If the check-engine light on your car comes on all the time because your gas cap isn't tight enough, do you start ignoring it? Then when it comes on for a legitimate reason, you're probbably going to still ignore it.
I don't know what's going on here, but the fact that two different pilots ignored warning systems in the same plane that led to disasters tells me the problem might not be with the pilots, but with the warning systems. Why are the pilots ignoring them? Hubris is one answer, but a warning system that trains you to ignore it is another.
Finally an excuse to re-make the terrible movie Maximum Overdrive. If you're one of the 99% of the population that's never heard of it, it's a movie where the trucks go crazy, drive themselves, and try to kill all of humanity. An interesting concept, but horribly executed. Based on a book by Stephen King, some nut let him direct it.
Umm.. you do realize that if the Google technology is all that great, then the experienced cabbies can just get one of the traffic broadcast tools.
Which is better, experienced London cabbie+technology, or some random guy+technology?
The london cabbie is also regulated on price. Ueber has "surge" pricing, so you can suddenly be gouged by Ueber when they detect a period when they can get away with charging more.
So.. Microsoft let governments of the world look at the source code at your special center, and then double-dog-swears that there's nothing fishy going on between then, and compiling the source code, like say a patch applied somewhere in the build process? Riiiight.
If you WERE to put a backdoor in, that's probably how it'd be done. Would you really want a backdoor explicitly in the code for a developer to find? Of course not, you'd put in something only a few people know about. The secret to secret keeping is limiting the amount of people who know.
The other way to hide the backdoor is to make it a hard to find bug. Plausible deniability is quite high.
I have to believe this is good news though. It means a lot of foreign governments are suspicious of closed source software, to the point where Microsoft has had to announce a plan to make their code however less closed source.
Slashdot Mirror
Java is becoming the new COBOL.
I'd like to be the first to say... huh? I'm sure Java will become a legacy language some day, but hipsters don't really define much of anything. Hipsters are against anything that's popular (because popularity by definition isn't hip), and go for the obscure things. That's why PBR became popular. It's not good, but among the younger set microbrews are very popular, so a hipster has to go for something unpopular to distinguish themselves from what's popular.
20 years ago people used to say that about C. C is dying, C is going to be replaced, etc, etc. Didn't happen. By popularity C has a lot more competition, but it's alive and well and not going away. People hate COBOL because it was a badly designed language. If anything is the new COBOL, it's PHP. I've known several PHP programmers, and many of them have switched to another language not because of a lack of jobs, but because they hate the language. I'm not old enough to have been around for the COBOL era, but I'd guess it was the same then.
The death of a language starts when developers leave it in droves for something else. I don't see that happeneing for Java. Do you?
Sure, you're probbably right that documenting skills and coding skills are mostly orthogonal to one another. But my point is more that the documenting at the very end is the wrong approach. Producing documentation should be integral into the process, not an afterthought. That doesn't mean it has to be done by the same person, only that it's not the last thing you do, and has to be overcome with people feeling like they're asking "dumb questions"
The programmer you're referring to has a very narrow scope. Software development is big, and we don't all have the same problems. People are often very narrow in their view of the world, and assume THEIR view of the world and their problems are the only one that exists. Thus the C programmer who thinks that Java programmers are inferrior because they don't have to deal with memory management. (i.e. you don't feel our pain, so you're not one of us).
I can equally tell you that C programmers don't understand OO principles. If you don't do OO, that's fine. Just like if you don't need to deal with all the memory management issues, that's fine too.
Your programmer is just doing the same cultural bullshit that's been going on for decades "These kids these days aren't any good because they have/didn't-have BLAH-1. Back in MY day we had BLAH-2". 40 years ago (and outside of the software world) it was that doggone rock music.... "back in my day we appreciated Henry Miller, not these blasted Beatles and their long hair!"
People become attached to their view of the world and can't imagine it without it. This is the pitfall of age and experience.
The article says he won' be eligible for $2500-$3000. It's hardly worth it. Getting worldwide attention, and a good reputation for finding a major security vulnerability in a major website is worth a LOT more than $3000, especially when you've waited 60 days after disclosing it.
I'd say the bounty should be about 10x for major problems like this that are easily reproducible, and have a high impact.
Coders are too busy writing code and making changes to what they write to give time for accurate documentation to be written....
In the age of using github as a distribution and code changes between today and tomorrow, the documentation is suddenly invalid before it's written. Even then, it requires a lot of stupid questions asked by the documentation staff to coders who think they have better things to do.
You've just described an extremely flawed development model. For some reason you can still get away with this with documentation since it's still thought of as not all that important and can be done last. People used to think of security in the same way (and some people still do this), but 20 years of people saying you have to bake security in at the start has resulted in nobody seriously considering doing that as a last step. But yet we still think of documentation this way, by and large.
The point being, if you want documentation, it needs to be part of the process, and part of the job. If a developer changes a major part of how people interact with the software, everyone in the project should know about that and it shouldn't just be this big surprise at the end.
I think what you've discovered is that you can't put up ads for something similar to what people are searching for, thinking they'll consider buying your product instead. Searching for somethng is a very narrow task. "Is THAT what I want?... no. Is THAAAT what I want?". It's not really a time when people are open to new ideas.
So I don't think Google adswords is a "scam". If it was, Google would have been out of business long ago. What you need to realize about marketing is you need to get the consumer at the right TIME. There's periods of time when people are far more open to something new and interesting. But it's most certainly not when they're looking for something specific.
Shit, if people actually DO that, I'd put out ads specifically so competitors would go try to click on them. Why? Because every minute they spend clicking on ads is a minute they aren't doing any work trying to compete with me.
1) This service will survive for all of two weeks tops - it's him against the collective power of Google. I put my money on Google.
And if that were the matchup, I'd agree. But remember Google is an enormous company, with many problems. This is a minor little annoying fly buzzing around the office. If the fly lies low, it can survive for quite a while. If it bites the wrong person, or becomes too annoying, it's going to get swatted rather quickly.
So far it looks like the fly has managed to lie low enough to not be much of a concern (The article mentions the service has been around for 2 1/2 years).
>("Getting the job done" does not, and has never required being abusive to others. Getting the job done while being abusive is not proof that being abusive is required or even was part of, "getting the job done.")
Hmmm.. I'm going to disagree here. Being verbally abusive is a technique to demand change in an organization. We all like to think leaders all command respect and everyone just follows them because they're the leader. Bullshit. One technique, employed by MANY leaders is being a total fucking asshole, at least part of the time. You think anyone would be talking about this GCC bullshit (and if what Torvalds says is right, it's really completely fucked up, and not excusable) if Linus just put a nice, politely worded request to just fix shit? I don't think so. But even if he was nice and polite, and got the thing fixed, there's little or no consequence for the fuckup, so it can happen again. If you're coding GCC, maybe you might at least sub-consciously think "boy, I better not release utter shit, or I'll catch some serious shit from that asshole Linus Torvalds... what a cock gobbling asshole that Torvalds is".
This idea you have that everything can work in a nice polite society where everyone has mutual respect for each other can work sometimes, in limited capacities. But the norm is for assholes like Linus to sometimes throw shit-fits, and others to work in fear of having a shit-fit thrown at them sometimes.
Is that the ONLY way to run an organization? Probably not, but as another thread points out, it's a common pattern of effective leaders.
The post was about comparing a woman looking at a mans strength, to a man looking at a linebackers strength. It wasn't about men being stronger than women, which is obvious.
The claim, at least as someone else could find out, was totally false. So yes, I think scrutinizing peoples claims is extremely important.
Can you please post those stats, and a source? When people make claims like this, it's important to back them up and they be scrutinized.
And if you're reply is "look them up yourself", well, I'm not the one making the claim. It's your responsibility to provide evidence.
Ha. You make me laugh. People such as yourself have bad memories, or lived in some kind of sheltered environment. Every generation is convinced that the generation after them are the spawn of satan, and when THEY were that age they were all just perfect angels, or at the very least a HELL of a lot better than the current lot of miscreants. The attitude you're projecting has been common for at least the last 60 years.
Uhh.. when _I_ was that age about 20 years ago people were hacking into the computer science workstations, sniffing passwords, hacking root, running a bazillion processes on the box, etc. The only thing that's changed is now it's Linux machines, not SunOS machines.
If your users can't play nice together, the solution isn't to treat the place like a prison with automated systems enforcing a hard and fast set of rules.
The solution is for users to create their own enforcement. If some guy tries to take all the resources across your network with distcc, then the people affected should be able to notice that and tell the guy to knock that the fuck off.
In other words, give the users the freedom to break stuff, but also the knowledge to find out who'd breaking their stuff. It'll serve them far better than creating a walled garden where someone else has the responsibility to enforce social rules.
Slashdot and reddit work this way. Neither go around trying to enforce how people behave, they give the users the power to do that themself.
Many of them, however, have to follow outdated and impractical guides forced upon them by government standards in order to comply with HIPA, SOX, or PCI.
Don't blame the goverment for that. SOX doesn't specify passwords, it's an accounting standard that leaves that to the accounting industry. PCI is a credit card processing standard, and isn't set by the goverment.
Your instincts are simply incorrect. You think bad standards==government. Pure BS. Bad standards are bad standards and they're set all the time by large organizations. Much of what you're complaining about are bad standards set by accountants who really have no business setting these standards. It's the IT industry that needs to push on these people to change.
I don't believe I mentioned the number of people, merely that upgrading when nobody was using the system creates another risk that you won't know about till much later.
People in IT seem to want the "perfect" solution, which doesn't exist, or at the very least a black/white kind of thinking. Everything is tradeoffs and it's important to understand what those tradeoffs are. I've also seen people seem to think all situations and organizations are the same. (Obviously very, very wrong).
But I will say this. In some cases the best solution might be to upgrade the system when people are still using it that it can be switched back quickly.
say the patch unexpectedly breaks another critical function of the server. It happens, if you have been in IT any time you have seen it happen
Yes, this happens all the time. And really it's a case for doing the upgrade when people are actually using the system. If the patch happens at 2am (chosen because nobody is using it at 2am), nobody is going to notice it until the morning. The morning, when the guy who put in the patch is still trying to recover from having to work at 2am. At the very least groggy, and not performing at his/her best.
All those erase cycles would wear out the flash memory much faster.
The wear limits, and wear leveling on flash memory are such that even with heavy usage you'd still outlive the lifetime of the phone by an order of magnitude at least. (on the order of 1,000,000 erases). A phone is never even going to approach heavy usage. So I reject the idea that we can't erase because it'll wear out the flash memory prematurely.
Ahh programmers. Always taking things far too literally.
Why do we still talk like we're in middle school? Why the code talking? "personal pictures", "manhood"? Can't we just say they found pictures of guys penises, and nude to semi-nude women?
People take nude photos of themselves, don't realize it's still on the phone, and sell the thing. The fault lies with the cell phone makers who aren't actually doing real deletes of pictures. That's just dumb. Back when storage medium was on a hard drive, and computers do a LOT of IO, deleting the reference to the file made sense to improve performance. But all phones use flash as storage, and there's simply not a lot of IO that's going on in your typical phone usage. The OS should be wiping the file, or at the very least remove the reference, and wipe the file at a later (but soon) time after (like perhaps while the user is typing something and is otherwise idle).
The reality is phones get stolen, and the data is far less secure than on a PC. The OS needs to keep up with that. Deleting data for good should mean actually deleting the data. The shortcuts that've been done in the past should be a thing of the past.
Bad developers are bad no matter what. But good developers make less mistakes in a language where there's less freedom and ease to make mistakes. The recent openSSL bug is a good example. The person who made the mistake isn't a bad programmer, but he did make a dumb mistake. Something that wouldn't have even been possible in an intepreted language.
Tools DO make a difference. They can very easily save you from yourself and not allow you to do things that you really shouldn't be doing.
Which tells me that something is wrong with the warning systems if Pilots are ignoring them. Pilots aren't idiots, but a warning system that's too sensitive is useless. If the check-engine light on your car comes on all the time because your gas cap isn't tight enough, do you start ignoring it? Then when it comes on for a legitimate reason, you're probbably going to still ignore it.
I don't know what's going on here, but the fact that two different pilots ignored warning systems in the same plane that led to disasters tells me the problem might not be with the pilots, but with the warning systems. Why are the pilots ignoring them? Hubris is one answer, but a warning system that trains you to ignore it is another.
Finally an excuse to re-make the terrible movie Maximum Overdrive. If you're one of the 99% of the population that's never heard of it, it's a movie where the trucks go crazy, drive themselves, and try to kill all of humanity. An interesting concept, but horribly executed. Based on a book by Stephen King, some nut let him direct it.
Umm.. you do realize that if the Google technology is all that great, then the experienced cabbies can just get one of the traffic broadcast tools.
Which is better, experienced London cabbie+technology, or some random guy+technology?
The london cabbie is also regulated on price. Ueber has "surge" pricing, so you can suddenly be gouged by Ueber when they detect a period when they can get away with charging more.
So.. Microsoft let governments of the world look at the source code at your special center, and then double-dog-swears that there's nothing fishy going on between then, and compiling the source code, like say a patch applied somewhere in the build process? Riiiight.
If you WERE to put a backdoor in, that's probably how it'd be done. Would you really want a backdoor explicitly in the code for a developer to find? Of course not, you'd put in something only a few people know about. The secret to secret keeping is limiting the amount of people who know.
The other way to hide the backdoor is to make it a hard to find bug. Plausible deniability is quite high.
I have to believe this is good news though. It means a lot of foreign governments are suspicious of closed source software, to the point where Microsoft has had to announce a plan to make their code however less closed source.
Anyone cosidering PHP should read this the now infamouns "PHP is a fractal of bad design".
http://eev.ee/blog/2012/04/09/...