So the two are mutually exclusive? We can only have software that is perfectly written or software that addresses the needs of the users?
There is software out there that's waiting until it's perfect and addresses the needs of the users before it gets released, you just don't know about it because it hasn't been released yet, and the users' needs keep changing while the developers try to perfect the software.
Show me just one piece of software that runs perfectly, regardless of whether it meets the user's needs. The fact is that software, like any system, is temporal: it addresses a need at a given point in time. If the developers waited to release their software until it was perfect, the need would be filled by somebody else and users would use that solution.
Rider bills are crucial to the way that democracies work. Sorry, it really is that simple. When your country has a population of several hundred million people, the potential for anybody getting a bill passed is next to nothing. So your elected representatives get together and agree on a series of of compromises: I'll vote for your pet bill, if you'll vote for mine. When the stakes are high, and you don't think your pet bill will pass (like the one in question), you attach it to a bill that your opponents don't want to vote against.
None of this is new, and none of it is going away, ever. The founding fathers all knew that this is the way democracies can actually function (as opposed to being constantly in gridlock), which is why riders are allowed: they make it easier for a bunch of folks who don't trust each other (politicians) to get something done.
As an aside, there's a part of the constitution in my state (Minnesota) that does banish riders that have nothing to do with the primary subject of a bill. This was used recently to throw out a law making getting concealed-carry gun permits much easier (it's now hard to get the permits again). Legislative gridlock has hamstrung Minnesota for several years, mostly because neither of the two main parties (republican and democrat-farmer-labor) can trust the other to follow through with their promises. It's a mess.
So yes, riders cause crap like the legislation mentioned in the article to get passed, but it's all part of the process that keeps things moving. If you look back, a lot of legislation that US citizens enjoy was also passed as a rider, or had riders attached to it.
Don't blame the process just because you don't like the outcome: the process has been around for centuries. Instead, blame the folks who tacked on the legislation, and have your reps oppose it.
Actually, that's not true. SOX has little to do with CEOs and a lot to do about proper accounting... not just of financials but other systems integral to making a business work. I've worked on R&D portfolios ("tell me what we're budgeting for all R&D projects scheduled to come to market in 2008") and systems that let suppliers offer discounts to retailers. Both of these really needed proper accounting of whom can see what, and SOX was the reason that the accounting was actually built (instead of being swept under the rug, as so often happens in business application development).
SOX helps to protect investors from some schmo in IT selling secrets to select investors (not you). In that, it's truly valuable.
Anybody know how to use the ACL stuff on an HFS+ volume? I tried 'chmod a+ "foo allow write" bar', but all I get is "Operation not supported". ACLs are a big deal, but not if they're not supported on the standard file system. Do I need to switch to UFS or HFS+ Case-Sensitive?
I think you've just about answered your own question. People don't want to waste their time organizing everything -- that's why they bought a computer.
I know I'll still tend to keep my stuff organized in folders, but for my wife (a pretty typical user) I know Spotlight's a godsend. Hell, it's a godsend for me too, and I'll tell you why: Spotlight lets me quickly find anything my computer knows about a topic. I don't always remember if that photo is in iPhoto, or an email message, or wherever. I installed Tiger last night, and after indexing my machine (which took about an hour, with the Dev tools installed), it was immediately apparent that Spotlight is really a life-changing event.
And yes, spotlight is available from the command line: mdfind for search, mdls to list metadata for a file, mdutil for turning Spotlight on/off for a particular volume, etc.
Some people waste their time watching "American Idol." Others waste their time high on drugs, while still others waste their time trying to make the rest of us believe in their deity of choice. Even if the guy is paranoid, it's his time to waste.
I can confirm that spammers often try to send your mailserver's IP address as a HELO message, in the hopes that dumb sysadmins will think the message came from their own networks. I set up a postfix policy to reject these messages before the DATA command is sent (thus they never consume my bandwidth with the message), saving my users from a few hundred spams. Most MTAs will put not only the HELO message but also the actual IP address that sent the message in a Received: line, for diagnostic purposes.
I used to play other DNS games to fool spammers, like putting bogus MX records that point to nowhere, and giving them high indexes. The spammers in an effort to bypass Postini-like filters often try to send to higher MXs first, rather than lower ones like the spec says.
I guess the threat of legal action can be pretty "overwhelming."
Of course, they've already lost their rights to distribute under the GPL (once you've violated the GPL, you lose all distibution rights, even if you come clean), so the PearPC folks could still legally enjoin them from distributing even in open source form.
The reason that software projects aren't tested before deployment the way that bridge designs are is because the cost of rebuilding a bridge that fails (requiring it be rebuilt) is so much higher than the cost of rebuilding software (which is essentially zero). There was a whole series of articles about this
here.
Basically as long as management requires short deadlines in lieu of quality, they'll get what they ask for.
I'd be tempted to stick the thing in the microwave or otherwise nuke the tag, but for the fact that the bureaucracy that would then ensue would keep me stuck in some nasty little office for several hours whenever I tried to clear customs...
I've been googling, checking the source and my web proxy logs, and despite the fact that prefetching is enabled and it's not working.
There's no attribute in the document that comes down from google, there's no Link: header in the response, and (most convincingly) there's no entry in the proxy log. Nothing else is being downloaded, so it's not the browser waiting for idle time. I think Google's just not really using prefetch right now, despite their claims to the contrary.
This is under Windows Firefox 1.0.2 with prefetch enabled, searching with the FF search widget as well as through google directly.
"Sosumi" was the name of the sound, and it came from the equally amusing battle between Apple Computer and Carl "Billions and Billions" Sagan.
It seems Apple code-named the Power Mac 7500 "Sagan". Not that they were going to call the shipping unit by that name mind you, but just internally they needed to call it something, so they named it after the great scientist, probably out of respect.
In any case, somebody with Carl's crew found out about it and got torqued, and filed a lawsuit. Apple, after an initial WTF? reaction, obliged, and changed the name to the supposedly innocuous "BHA". Turns out that BHA stood for Butt Head Astronomer, at which point more saber-rattling was heard in the Sagan camp.
In any case, the System Software released with the Power Mac 7500 included a new sound, "sosumi." I don't recall it having anything to do with Apple Music.
Please, please please be sure to donate to the creators of this software (not only clamxav, but also clamav on which it is based). These folks work their butts off making our lives better (I cannot even imagine how many hours this software has saved when installed on a mail server (it hooks straight into amavis)), and I can't think of any free software more deserving of my money.
If you want to see more great, usable free software, donate! You can't imagine the impact you'll have.
I think it's fasctinating how "hacker" terminology has entered the mainstream, making it all the way up to the highest levels of government. Granted, the bill in question is dealing with a highly technical topic, but still I'm amazed that the acronym junkies in the Capitol basement didn't come up with a more governmentesque term for phishing.
So far, we've got Spam, Phishing, anybody recall other techno-terms that have made it into the government lexicon?
Flying on someone else's ticket is trivial. Here's how trivial it would be (I've never actually flown this way, or allowed anyone else to fly on my ticket this way):
1. Have John Citizen buy you the plane ticket you want, on an airline that supports web-based checkin (where you can print your own boarding pass). Several airlines support this today.
2. Have John Citizen go through the checkin process, but instead of printing his boarding pass, save it as HTML, and include the graphics that come with it (IE and Moz both support this, not sure about the rest).
3. Take the HTML, and put your name in place of John Citizen. Print the boarding pass. I've verified that this works, but I've never ever tried to fly on an altered boarding pass.
4. Take the boarding pass and display it at the airport with your photo ID. You're in!
The security folks don't ever check to see if your name is on the terrorist watch list, they assume that the airline's reservation systems did that. All they do is ensure that the photo ID you present matches the boarding pass you present. Since the ticket was purchased under John Citizen's name, your name will never be known to anybody at the airline or the government! Also, the gate agent doesn't check to see if the name on the boarding pass matches the name on the reservation (although if they did, you could always carry a copy with John Citizen's name on it).
Again, this just reinforces Gilmore's argument that the ID requirement is rediculous. Even somebody on the terrorist watch list could fly this way, assuming they weren't smart enough to get phony credentials.
I've been working on an app that has a complex (multi-page (from the user's perspective, hiding/showing DIVs is okay), interdependent, hierarchical data) form that I'd like to get and post as XML. The issue I'm facing now is how to build the DOM for the UI and bind it into some kind of JS "controller" that takes events from the view and updates the model or does other controller logic.
XForms does this really well: it's declarative in your view how it (the UI) binds to the XML in your model. I haven't seen a good way to do this using JS.
The other thing I see a lot of in this Ajax kind of model are race conditions: what happens when your XSL finishes loading before the XML needed for the model? All that asynchronicity is nice for interactive stuff, but it's a major PITA for dealing with things that have complex interdependencies. I know very well there are workarounds, but I'm wondering how people tackle these issues.
The thing I see with google, amazon, et al is that all of their applications have rich data that is primarily view only. What I'm looking for are robust solutions that have considerably more complex data that the user can interact with.
I said we have a central LDAP database. I didn't say we had only a single instance of it. Besides, we're talking about a *small* IT shop, remember? And yes, we have offsite warm servers just in case.
I never said anything about *radical* centralization, but simply doing a few practical things like this has helped us reduce maintainance a ton.
Sheesh! The way you guys talk you'd think it's a good idea to have everybody try to remember 15 different passwords to get at your enterprise. Know what happens then? Everybody uses the same password on all 15 directories! Then, when that one password is compromised, you need to lock down 15 different systems! Same happens when you need to fire somebody: one account to disable, not 15. Sounds like a much better solution to me!
Many of the things we do are oriented around centralization... having a single directory in LDAP that all applications authenticate against, having a single unified network across locations (via VPN) that allows access to anything from anywhere, etc. Just removing the apparent complexity reduces operational costs a ton.
You're missing the point. If you write once, compile everywhere then you've got another pile of issues to deal with: Is the bug in the compiler? an #include? byte ordering? some library?
There are a huge bevy of tools for dealing with this for C. Other compiled languages have similar problems. With Java all of that goes away: you know whatever problem crops up, it's definitely not the build, because you did that once, at your location, and gave everybody the same binary.
*sigh* I can't remember the last time I had issues with code because I changed platform, OS, or even JVM version. It's to the point where I don't think about it anymore.
Maybe if you're talking GUI code (desktop/applet), but for web or backend it's just not been an issue for me in some time. I've been developing on Java professionally for nine years now, and have have production systems in place for eight. I remember when you used to need to test every single VM, but by and large that time is done.
For example, I just finished working on a project running on J2EE 1.2 on Websphere 4 (jdk1.3.1) on Windows to running Websphere 5 (jdk1.4.1) on Z-Linux. The *only* thing I had to change was code that was written out of spec (a few JSPs forgot to import java.util.Vector). If the developers of the app hadn't been sloppy, there would have been no code change at all. This is an app that hits databases on Oracle, DB2, Teradata, and LDAP (with updated drivers for all of those, too).
I can think of plenty of counterexamples, but for most server-side business apps it really is write once, run anywhere.
All JSON does is make it easier to have your JavaScript call in to your application and parse the results. If you're just interested in presentation, just have your JS call up, get some HTML, and replace the affected HTML. This decreases the amount of JS and increases your re-use (since you don't need to build your UI twice: once is (PHP|Java|.Net|Ruby|.*), and once in JS). You just call your (\1) code on the server from the JS and have it generate the HTML.
I understand that sometimes there are advantages to the programmatic approach that JSON (and XML-RPC, which the browsers support) extoll, but I don't think many developers even realize the UI-based alternative.
Maybe degrees can make you more flexible, but for me it came down to opportunity cost. When in college, I picked up most of my CS credits, and decided to bail. I'm a very self-directed learner, and the college classes didn't seem to offer much of interest to me.
Now (14 years later) there's no way I'd give up my job to go back and pick up the degree: it wouldn't help me at all professionally (I'm pretty much at the top of my field), but the loss of several hundred thousand dollars of income while I finish off 3+ years of schooling to gain... nothing? No thanks.
I interview a fair number of college kids for entry-level positions, and I can tell you that the school you come from only matters for your first job out of school (and for many companies, it doesn't matter then either). After that, it all boils down to attitude (how much you enjoy what you do) and aptitude (how well you can actually do it).
So I guess my advice would be to stick it out if you don't mind it, but I wouldn't bother transferring, unless you're doing poorly, in which case the school on your resume might carry you a bit further.
If you really want to get ahead, do some internships before you get out: many companies like mine won't consider candidates without prior work experience.
Slashdot Mirror
There is software out there that's waiting until it's perfect and addresses the needs of the users before it gets released, you just don't know about it because it hasn't been released yet, and the users' needs keep changing while the developers try to perfect the software.
Show me just one piece of software that runs perfectly, regardless of whether it meets the user's needs. The fact is that software, like any system, is temporal: it addresses a need at a given point in time. If the developers waited to release their software until it was perfect, the need would be filled by somebody else and users would use that solution.
Rider bills are crucial to the way that democracies work. Sorry, it really is that simple. When your country has a population of several hundred million people, the potential for anybody getting a bill passed is next to nothing. So your elected representatives get together and agree on a series of of compromises: I'll vote for your pet bill, if you'll vote for mine. When the stakes are high, and you don't think your pet bill will pass (like the one in question), you attach it to a bill that your opponents don't want to vote against.
None of this is new, and none of it is going away, ever. The founding fathers all knew that this is the way democracies can actually function (as opposed to being constantly in gridlock), which is why riders are allowed: they make it easier for a bunch of folks who don't trust each other (politicians) to get something done.
As an aside, there's a part of the constitution in my state (Minnesota) that does banish riders that have nothing to do with the primary subject of a bill. This was used recently to throw out a law making getting concealed-carry gun permits much easier (it's now hard to get the permits again). Legislative gridlock has hamstrung Minnesota for several years, mostly because neither of the two main parties (republican and democrat-farmer-labor) can trust the other to follow through with their promises. It's a mess.
So yes, riders cause crap like the legislation mentioned in the article to get passed, but it's all part of the process that keeps things moving. If you look back, a lot of legislation that US citizens enjoy was also passed as a rider, or had riders attached to it.
Don't blame the process just because you don't like the outcome: the process has been around for centuries. Instead, blame the folks who tacked on the legislation, and have your reps oppose it.
Actually, that's not true. SOX has little to do with CEOs and a lot to do about proper accounting... not just of financials but other systems integral to making a business work. I've worked on R&D portfolios ("tell me what we're budgeting for all R&D projects scheduled to come to market in 2008") and systems that let suppliers offer discounts to retailers. Both of these really needed proper accounting of whom can see what, and SOX was the reason that the accounting was actually built (instead of being swept under the rug, as so often happens in business application development).
SOX helps to protect investors from some schmo in IT selling secrets to select investors (not you). In that, it's truly valuable.
That's why I love it as a consultant! Your PITA is my $$$! SOX is the ISO-9000 of the 21st century! Woohoo!
I, as an investor, think Sarbanes-Oxley is a Good Thing(tm).
Of course as a consultant I think it's friggin' awesome!
Anybody know how to use the ACL stuff on an HFS+ volume? I tried 'chmod a+ "foo allow write" bar', but all I get is "Operation not supported". ACLs are a big deal, but not if they're not supported on the standard file system. Do I need to switch to UFS or HFS+ Case-Sensitive?
I think you've just about answered your own question. People don't want to waste their time organizing everything -- that's why they bought a computer.
I know I'll still tend to keep my stuff organized in folders, but for my wife (a pretty typical user) I know Spotlight's a godsend. Hell, it's a godsend for me too, and I'll tell you why: Spotlight lets me quickly find anything my computer knows about a topic. I don't always remember if that photo is in iPhoto, or an email message, or wherever. I installed Tiger last night, and after indexing my machine (which took about an hour, with the Dev tools installed), it was immediately apparent that Spotlight is really a life-changing event.
And yes, spotlight is available from the command line: mdfind for search, mdls to list metadata for a file, mdutil for turning Spotlight on/off for a particular volume, etc.
Some people waste their time watching "American Idol." Others waste their time high on drugs, while still others waste their time trying to make the rest of us believe in their deity of choice. Even if the guy is paranoid, it's his time to waste.
/.
At least he's not wasting his time reading
I can confirm that spammers often try to send your mailserver's IP address as a HELO message, in the hopes that dumb sysadmins will think the message came from their own networks. I set up a postfix policy to reject these messages before the DATA command is sent (thus they never consume my bandwidth with the message), saving my users from a few hundred spams. Most MTAs will put not only the HELO message but also the actual IP address that sent the message in a Received: line, for diagnostic purposes.
I used to play other DNS games to fool spammers, like putting bogus MX records that point to nowhere, and giving them high indexes. The spammers in an effort to bypass Postini-like filters often try to send to higher MXs first, rather than lower ones like the spec says.
I guess the threat of legal action can be pretty "overwhelming."
Of course, they've already lost their rights to distribute under the GPL (once you've violated the GPL, you lose all distibution rights, even if you come clean), so the PearPC folks could still legally enjoin them from distributing even in open source form.
Basically as long as management requires short deadlines in lieu of quality, they'll get what they ask for.
I'd be tempted to stick the thing in the microwave or otherwise nuke the tag, but for the fact that the bureaucracy that would then ensue would keep me stuck in some nasty little office for several hours whenever I tried to clear customs...
I've been googling, checking the source and my web proxy logs, and despite the fact that prefetching is enabled and it's not working.
There's no attribute in the document that comes down from google, there's no Link: header in the response, and (most convincingly) there's no entry in the proxy log. Nothing else is being downloaded, so it's not the browser waiting for idle time. I think Google's just not really using prefetch right now, despite their claims to the contrary.
This is under Windows Firefox 1.0.2 with prefetch enabled, searching with the FF search widget as well as through google directly.
Any idea what gives?
That's a great story, pity it's not true, IIRC.
"Sosumi" was the name of the sound, and it came from the equally amusing battle between Apple Computer and Carl "Billions and Billions" Sagan.
It seems Apple code-named the Power Mac 7500 "Sagan". Not that they were going to call the shipping unit by that name mind you, but just internally they needed to call it something, so they named it after the great scientist, probably out of respect.
In any case, somebody with Carl's crew found out about it and got torqued, and filed a lawsuit. Apple, after an initial WTF? reaction, obliged, and changed the name to the supposedly innocuous "BHA". Turns out that BHA stood for Butt Head Astronomer, at which point more saber-rattling was heard in the Sagan camp.
In any case, the System Software released with the Power Mac 7500 included a new sound, "sosumi." I don't recall it having anything to do with Apple Music.
Please, please please be sure to donate to the creators of this software (not only clamxav, but also clamav on which it is based). These folks work their butts off making our lives better (I cannot even imagine how many hours this software has saved when installed on a mail server (it hooks straight into amavis)), and I can't think of any free software more deserving of my money.
If you want to see more great, usable free software, donate! You can't imagine the impact you'll have.
I think it's fasctinating how "hacker" terminology has entered the mainstream, making it all the way up to the highest levels of government. Granted, the bill in question is dealing with a highly technical topic, but still I'm amazed that the acronym junkies in the Capitol basement didn't come up with a more governmentesque term for phishing.
So far, we've got Spam, Phishing, anybody recall other techno-terms that have made it into the government lexicon?
Flying on someone else's ticket is trivial. Here's how trivial it would be (I've never actually flown this way, or allowed anyone else to fly on my ticket this way):
1. Have John Citizen buy you the plane ticket you want, on an airline that supports web-based checkin (where you can print your own boarding pass). Several airlines support this today.
2. Have John Citizen go through the checkin process, but instead of printing his boarding pass, save it as HTML, and include the graphics that come with it (IE and Moz both support this, not sure about the rest).
3. Take the HTML, and put your name in place of John Citizen. Print the boarding pass. I've verified that this works, but I've never ever tried to fly on an altered boarding pass.
4. Take the boarding pass and display it at the airport with your photo ID. You're in!
The security folks don't ever check to see if your name is on the terrorist watch list, they assume that the airline's reservation systems did that. All they do is ensure that the photo ID you present matches the boarding pass you present. Since the ticket was purchased under John Citizen's name, your name will never be known to anybody at the airline or the government! Also, the gate agent doesn't check to see if the name on the boarding pass matches the name on the reservation (although if they did, you could always carry a copy with John Citizen's name on it).
Again, this just reinforces Gilmore's argument that the ID requirement is rediculous. Even somebody on the terrorist watch list could fly this way, assuming they weren't smart enough to get phony credentials.
I've been working on an app that has a complex (multi-page (from the user's perspective, hiding/showing DIVs is okay), interdependent, hierarchical data) form that I'd like to get and post as XML. The issue I'm facing now is how to build the DOM for the UI and bind it into some kind of JS "controller" that takes events from the view and updates the model or does other controller logic.
XForms does this really well: it's declarative in your view how it (the UI) binds to the XML in your model. I haven't seen a good way to do this using JS.
The other thing I see a lot of in this Ajax kind of model are race conditions: what happens when your XSL finishes loading before the XML needed for the model? All that asynchronicity is nice for interactive stuff, but it's a major PITA for dealing with things that have complex interdependencies. I know very well there are workarounds, but I'm wondering how people tackle these issues.
The thing I see with google, amazon, et al is that all of their applications have rich data that is primarily view only. What I'm looking for are robust solutions that have considerably more complex data that the user can interact with.
I said we have a central LDAP database. I didn't say we had only a single instance of it. Besides, we're talking about a *small* IT shop, remember? And yes, we have offsite warm servers just in case.
I never said anything about *radical* centralization, but simply doing a few practical things like this has helped us reduce maintainance a ton.
Sheesh! The way you guys talk you'd think it's a good idea to have everybody try to remember 15 different passwords to get at your enterprise. Know what happens then? Everybody uses the same password on all 15 directories! Then, when that one password is compromised, you need to lock down 15 different systems! Same happens when you need to fire somebody: one account to disable, not 15. Sounds like a much better solution to me!
Many of the things we do are oriented around centralization... having a single directory in LDAP that all applications authenticate against, having a single unified network across locations (via VPN) that allows access to anything from anywhere, etc. Just removing the apparent complexity reduces operational costs a ton.
You're missing the point. If you write once, compile everywhere then you've got another pile of issues to deal with: Is the bug in the compiler? an #include? byte ordering? some library?
There are a huge bevy of tools for dealing with this for C. Other compiled languages have similar problems. With Java all of that goes away: you know whatever problem crops up, it's definitely not the build, because you did that once, at your location, and gave everybody the same binary.
*sigh*
I can't remember the last time I had issues with code because I changed platform, OS, or even JVM version. It's to the point where I don't think about it anymore.
Maybe if you're talking GUI code (desktop/applet), but for web or backend it's just not been an issue for me in some time. I've been developing on Java professionally for nine years now, and have have production systems in place for eight. I remember when you used to need to test every single VM, but by and large that time is done.
For example, I just finished working on a project running on J2EE 1.2 on Websphere 4 (jdk1.3.1) on Windows to running Websphere 5 (jdk1.4.1) on Z-Linux. The *only* thing I had to change was code that was written out of spec (a few JSPs forgot to import java.util.Vector). If the developers of the app hadn't been sloppy, there would have been no code change at all. This is an app that hits databases on Oracle, DB2, Teradata, and LDAP (with updated drivers for all of those, too).
I can think of plenty of counterexamples, but for most server-side business apps it really is write once, run anywhere.
All JSON does is make it easier to have your JavaScript call in to your application and parse the results. If you're just interested in presentation, just have your JS call up, get some HTML, and replace the affected HTML. This decreases the amount of JS and increases your re-use (since you don't need to build your UI twice: once is (PHP|Java|.Net|Ruby|.*), and once in JS). You just call your (\1) code on the server from the JS and have it generate the HTML.
I understand that sometimes there are advantages to the programmatic approach that JSON (and XML-RPC, which the browsers support) extoll, but I don't think many developers even realize the UI-based alternative.
You must mean OS/2. But they didn't sell that off. I don't even think they could give that thing away, much less sell it.
Maybe degrees can make you more flexible, but for me it came down to opportunity cost. When in college, I picked up most of my CS credits, and decided to bail. I'm a very self-directed learner, and the college classes didn't seem to offer much of interest to me.
Now (14 years later) there's no way I'd give up my job to go back and pick up the degree: it wouldn't help me at all professionally (I'm pretty much at the top of my field), but the loss of several hundred thousand dollars of income while I finish off 3+ years of schooling to gain... nothing? No thanks.
I interview a fair number of college kids for entry-level positions, and I can tell you that the school you come from only matters for your first job out of school (and for many companies, it doesn't matter then either). After that, it all boils down to attitude (how much you enjoy what you do) and aptitude (how well you can actually do it).
So I guess my advice would be to stick it out if you don't mind it, but I wouldn't bother transferring, unless you're doing poorly, in which case the school on your resume might carry you a bit further.
If you really want to get ahead, do some internships before you get out: many companies like mine won't consider candidates without prior work experience.