Yeah, yeah, yeah, you've answered my question with an answer to a completely different, unrelated question. How typical! Perhaps I should be more specific in what I'm saying then.
When I say "user-space" I'm not just saying that the memory is a different area from what the kernel is using (that's fairly obvious). I mean that the program/firewall/whatever is being run as a separate process, one that can be crashed without necessarily crashing the kernel. THUS, you can kill the firewall without crashing the O/S, THUS it's not as secure.
Everyone on slashdot is so arrogant. You always call other people stupid when they don't agree with you. It's childish, don't you think?
Still, you haven't answered my question. If I start windows, and the network comes up while Norton antivirus and Norton Personal Firewall are still not activated (and then, for several seconds while they're disabled, if the icon in the taskbar is telling the truth), what's protecting the system in that ten to fifteen seconds?
If the firewall code is in the kernel, it runs whenever the kernel is running, period. So it's always on, always available, always acting as a firewall. If your firewall is running in user-space, IT CAN BE SHUT DOWN without shutting down the kernel. Which of course would leave you wide open. Which is a good reason why unix does it in the kernel.
Next up: If the firewall is running in the kernel and has some kind of devastating crash, it'll probably bring down the kernel with it. You think that's a bad thing, but I think it isn't. After all, the box is no longer accessible, now, is it?
On the other hand, if I manage to crash your user-space firewall, your kernel is still running, and available to me.
Which is more secure again? A box that has effectively shut down? Or a box whose user-space firewall has crashed and is now WIDE OPEN?
Just thinking "aloud"...
P.S. The "appeal to authority" is a logical fallacy as every freshman philosophy student knows. Besides, you can say you have ten years experience, blah blah, but for all I know you're a fourteen year old. Ok, here's one: I've been programming in Unix since 1925! So I know everything! Boo-yah.
Let's say you're using a third-party firewall. You install it and configure it to run all the time. So far so good, right? You're on windows, you're using a user-space firewall, and if you're RIGHT, all is well.
So you boot your machine. Your machine is connected to the network, of course, by an ethernet cable. At first when windows boots, no user is logged in. Thus, no firewall is running.
So you log in. Ever watch the order in which things come up? For example, I have Norton Internet Security running on a windows 2000 box. I know, I know -- Norton??? But let me continue.
First, sound, graphics card, etc, all come up and you get the cutesy little icons in the task bar.
Then, the network comes up. Packets start getting sent back and forth, evidenced by the pretty little lit up screens in the icon in the taskbar.
Then, the firewall starts up.
Then, the antivirus.
At first the firewall isn't even enabled (dig that groovy red "x"). Ditto for antivirus. After a few seconds, they finish their init and they're running.
So, the riddle is:
What about the ten or so seconds in which the network is running before your user-space firewall comes up? Just as an example, mind you. Call me curious.
Because if the firewall is running in user-space, and all user apps get shut down when the user logs out, and then restarted when the user logs back in, there's a window, now, isn't there?
When I was in the sixth grade, I had a voracious appetite for all sorts of books (well, I still do, but I used to read even more). I used to read everything I could get my hands on, you know? So as a result I had a pretty good vocabulary, and a pretty solid understanding of sentence structure. Well, I had this totally evil teacher named Mr. Gilbert. He sometimes used to hit kids; I remember once this kid Larry defied him by putting his feet up on his desk, and Gilbert socked the kids feet so they flew off the desk and he nearly got flung on the floor. Larry jumped up, Gilbert threw him bodily back into his chair, Larry tried again, Gilbert used more force. The man was evil.
Anyway, I wrote a paper about something we were reading (I don't remember what the subject was) and at some point, I had used the phrase "alas, it wasn't meant to be". I got a zero on the paper. I asked him what the hell he meant by that, and he yelled at me that of course I cheated, "no sixth grader uses the word 'alas'!" It was just more abuse after a whole season of abuse, and it got me kicked out of the classroom, sent to the principal's office, hollered at all over the place...
I've hated him ever since. He's probably one of several teachers I can still name to this day who directly led to my complete and utter distrust and rejection of authority.
The worst thing about a false accusation is that you can't unring a bell. Even if you're wrong, the accusation sits there like a black mark forever, and people remember it.
Well, that's pretty interesting... So you figure the case was hobbled long before Bush dropped it? Well, that's interesting because the case had ALREADY BEEN WON, and Microsoft had ALREADY BEEN FOUND GUILTY. So, how do you figure Reno let them off the hook?
It was your hero, President Bush, who decided not to pursue the case any further, because he is 100% pro-big-business and where will you find a bigger business than Microsoft? Bush took a case that had ALREADY BEEN WON and basically, let Microsoft off the hook.
Think of it in terms of fishing. Janet Reno and her crew caught a twenty-foot marlin, wrestled it into the boat, and picked up the club to bash it in the head. Then, before the death blow, the boat changed crews -- Clinton, et al, got off and Bush, et al, got on. Bush looked down at the marlin, asked "what's that doing here? Get that thing off my boat..."
When Netscape was ascendant, there was some talk about using it as an applications development platform. This freaked out Bill Gates, who then directed his minions to destroy Netscape by producing a competing browser for nothing. Antitrust issues threatened their plan, so they decided to bind the browser to the O/S so it could no longer be separated. When it came to court, several professors demonstrated that IE *could* be separated from the O/S, but you know how the legal system is... Even though Microsoft lost, Bush's DOJ stopped pursuing the case and that was that. Nothing ended up being done. And, here we are, with an IE that's totally intertwined with Windows, building security problems right into the O/S, all so Bill could kill off Netscape as an applications development platform and quit worrying about his pet O/S becoming irrelevant.
It didn't work anyway. Mozilla grew into what Netscape was trying to become. But most people still use Windows because of Microsoft's OEM licensing programs (quite a competitive advantage, that).
What are you gonna do? It's the system, it's bankrupt and senseless, and it is what it is.
How depressing! Well, I'd have to get even with whoever gets assigned to it. I'd schedule a call to a web browser pointing at the goatse guy to go off twice an hour, fullscreen. "Aaaaaaaigh! My eyes!!!!" "Take THAT, PHB-boy..."
If you know what you're talking about, why is it you think that a user-space firewall is more secure than a kernel-space firewall?
When the firewall runs in the kernel, the firewall sees incoming packets FIRST, and can drop them on the spot. When the firewall runs in user-space, incoming packets come in, get handled by a kernel process (which may have a vulnerability), and THEN get handled by the firewall. So if there's a vulnerability in the kernel, the packet has already nailed you before the firewall has "seen" it. It's why every single Unix puts its firewall in the kernel, and has done so for decades.
How did you scan your machine? Did you use nmap? Did you try all the different scans available (there are at least a few dozen).
I'm not trying to give you a hard time, here, I just think you're trusting XP a little too much for your own good.
Pretty good points, and people should be educated about the dangers of social engineering, but I'm not sure if I'd add a PHB computer to the mix. At least not across the board; maybe in an isolated test setup on the far side of the room with "PHB" in big letters over the workstation...
Not to upset/depress you, but you DO know that all firewalls in the windows world run in userspace (whereas Unix/Linux firewalls run in the kernel) so they're not quite as bulletproof as you might think?
By the way, your windows box is listening on a whole range of ports you don't even know about. And, you have to trust that Microsoft has truly locked down that "firewall" of yours. Considering that they opened up all those weird ports in an end-user machine in the first place (why?) you might want to ask yourself whether they'd firewall themselves out of the very ports they left open in the first place.
Database - Middleware server - Intranet web server (inside firewall) - Firewall (separate machine) - Web server (DMZ machine) - Client boxes
You might want to set up a few common architectures:
Oracle and SQL Server databases on backend / Windows 2000 middleware / Firewall (hardware? an enterprise special-purpose firewall?) / Windows 2000 web server (Note that this architecture could be duplicated, one set with traditional ASP and COM+, and one with.Net across the board; you might not want to mix them on the same set of servers, because you're interested in vulnerabilities, right? So you might have older ASP/MTS server setups, and newer.Net ones).
Oracle, MySQL, and PostGresql databases on backend / Linux or FreeBSD based middleware / Linux or FreeBSD based firewall / Linux or FreeBSD based Apache web server (Note that this architecture probably would be java based, so you could use JBoss as your app server, etc)
Of course, this is just off the top of my head, but my thinking is, if you duplicate what people are actually using out in the world, then you'll learn more about the vulnerabilities and the countermeasures that are out there...
Most of the windows vulnerabilities are vulns that affect both server and end-user machines, and they're on by default. Hard to turn off, too, without affecting random things in the O/S, and you have to be able to read the list of umpteen million running services (knowing what they are, in other words) in the admin tool MS provides.
Most of the Unix/Linux vulnerabilities affect servers primarily. Most end-users would have these services turned off (workstations wouldn't be running apache or an SSH server, for example). And, it's easy enough to go into/etc/ and just turn off any services that you found on.
When I tried to install System Shock 2 it said it couldn't install direct X (I think it was version 6, it was a while ago) so it couldn't proceed. But if you got it to work on Windows 2000, then, maybe it was a glitch! So that's a good thing for me, eh? I'll give it another whack...
Games are simulations. All the programmers are doing is setting down the basic rules of the simulation; guards have patrol areas and walk certain patterns in their posts, guards will respond to sound, they'll move in formation (this sometimes is actually researched), they'll open fire on certain types of targets, shots in the body are more dangerous than to the arms/legs and head shots are instant kills... All a programmer has done is set up the basic ground rules by which his "world" works.
Gamers who play the simulation are actually in a sense doing empirical research. When, say, there are five guards in three positions around a building you would like to enter, and they're all well armed and wearing body armor, three by the door and two roving, what is the best way to assault the building? How about when there are security cameras covering certain approaches? How about when all you have is a knife? It is the playing of the game itself that refines the gameplay, not the experience of the programmers.
Over time, and it's been about ten years now, people playing one game after another refine their gameplay and their tactics. In turn, the programmers (who are usually gamers themselves) learn what works and what doesn't, and the games get more sophisticated, the AI better. In turn, the gamers develop more sophisticated tactics. It's a mental game, really. How to I get from here to "in there" while taking no hits and defeating my five enemies? Probably, by sneaking up on the first roving guard with a knife while he's isolated, then doing the second roving guard with the knife, taking both their weapons, and if one of them had a grenade, use that to deal with the three at the door. Right?
Now, let's consider. If all games are basically combat simulators (and the army and marine corps agree with me on this, because that's how they're using them) and people have been playing them for over ten years (doom came out in '93), and the gameplay gets more refined every year... Isn't that at least something like a laboratory for developing assault tactics? And, isn't any experienced gamer fairly comfortable with developing a strategy for assaulting any kind of obstacle he might want to? Before you say "naw, of course not" think about it; every FPS gamer out there does this sort of thing virtually every single day of his life. I remember a friend of mine who played one of those online team-based games, I think it was Navy Seals. He and a bunch of friends in Brooklyn challenged an actual Marine Corps fireteam to an online match one night, and the match went for over an hour because the Brooklyn kids were being stealthy and just sneaking around the marines (who were using USMC tactics, walking in fireteam delta, doing everything right...) Well, the kids from Brooklyn set up an ambush in a swamp, and totally wasted the jarheads. Cut them to pieces from high ground while they were waist deep in water. One guy, a sergeant, asked my friend who he was. He seemed pretty impressed, but it makes sense, you know? Most marines didn't grow up as gamers. The gamers had been doing this sort of thing since before they hit puberty.
I'm not saying a gamer could actually sneak up on a real soldier with a knife. That would probably not go very well unless the gamer had actual military experience (although many of us DO). But any gamer has an advantage at least where it comes to the mental part of a fight, because he's got a lot of experience thinking about approaches to difficult, testy situations.
It's an interesting thing. Of course, then there's paintball, which is a whole other ball of wax; that simulation is physical as well as mental.
Fine, but how is iPersonIDNumber more clear than personIDNumber? If you call it "i" something, you're basically saying it's a number. But it's not a number until you use it as one, because everything in Perl derives from the context. My feeling is that the whole use of prefixes with a language like Perl is bizarre, like trying to put handlebars on a horse. It just doesn't fit, you know?
But my biggest problem with the sysadmin from hell was that he wanted me to not just name the variables with his prefixes; he wanted me to USE them that way, too. So, instead of having a single context-based Perl variable, I'd have at least two, an "int" and a "string" (nevermind that the whole typing thing would be totally artificial in Perl). And, extra code to convert back and forth as I worked with the variable.
All this so VB-Boy could read the perl more easily. Grr... Evil...
Having said all that, I do see the utility of using prefixes in strongly-typed languages. Although, again, I'd personally prefer to just use more mnemonic identifiers, but that's more of a matter of taste I think...
But, if you're really trying to "squeeze more productivity out of a group of programmers" then why don't you break a program into a set of discrete, modular units, have the programmers develop them simultaneously (with all programmers working at the same time), unit test them, and integrate them after they pass their unit tests (then you do integration testing of course)... Using two programmers for two problems instead of one seems more productive to me. And, if you really DO unit code and test, and don't just give it lip service, AND you have a healthy policy of peer review, you'll have the same reliability you're claiming with XP.
Having said that, you can achieve your goal of outing bad programmers with peer review of each module as it passes its unit tests. Not that the bad programmers you're talking about will meet their deadlines anyway, so I guess I don't understand why you think it's XP that outed them.
BTW: Nice comment about my posting to slashdot! People in glass houses shouldn't throw stones, eh?
Well... I can see what you're saying, maybe how the pair programming works out depends on the programmers more than anything else. I don't think it would work out for me, though -- I'm more of a solitary sort. I'm not against team efforts, of course, I'm involved in several, but we generally divide the work up into loosely coupled blocks and code them independently. I find that a very comfortable working style.
I'm still not sure I buy into the "pair programming = fewer bugs" theorem, but at least the woman you mentioned seems to be testing it empirically, which is kinda cool. I think I can see how having two people look at the code might result in fewer errors. But I think this can be achieved equally well with parallel coding and peer review, which I think might go a little faster (e.g. we break our project into modules, we each go back to our cubes and code our modules, then we trade and peer-review them, get back together and discuss during a meeting).
I should say that I'm not totally anti-XP, I'm just not comfortable with pair programming itself. And, I have a different way of testing. I like to unit code and test, basically, break the project into discrete units, code the units, then test each unit by feeding it test data and checking the results. It's not that different from XP, but you do the design and coding first, then the test(s). It's worked pretty well for me so far.
1. So I have a different point of view than you do about testing. Big whoop. I reject your basic premise, that because you read some buzzword-book you somehow know more about software development than I do. I've been in this business a while, and my methods work just fine.
2. You said "How sad. If you don't see anything wrong with the situation, there isn't anything anyone can do to help. I'm pretty certain we have a lot more fun than you do at work."
And, the ad hominem attacks start. Are you proud of yourself? Go take a philosophy course and find out why ad hominem is not considered a valid argument technique. In the meantime, you should know that I have a great time at work, my coworkers and I like each other quite a bit, and the privacy and quiet of our cubicles are a comfort to us all (not just me). The style followed where I work is programmers get a little privacy and quiet to do their work in, and we're all much more productive for it. I wouldn't trade places with you on a bet. I bet you work in one of those Stalinesque "open office" layouts, don't you? Tsk, tsk...
3. You kept on with the ad hominem with "Everyone needs peace and quiet from time to time. If you have so little respect for your coworkers that anything they say is 'constant yammering', then I submit that the problem is not with your coworkers."
Obviously you misunderstood my point. Where I work, there IS no "constant yammering" because programmers are left alone to do their work, without constant chatter interrupting their chain of thought. My coworkers do not yammer; when we're not busy, we chat, but when we're busy, we leave each other alone. We consider this "common decency". It's an interesting concept, I think it might be making a comeback.
4. Then you dropped the ad hominem attacks to make a totally unsubstantiated comment, expressing opinion as fact: "If you actually looked into the economics of it you'd find that pair programming only increases the initial cost of the code. Over the life cycle of the application, the reduction in bugs brings the cost down so pair programming beats separate programming"
Sure. Whatever. This is what all you XP fanatics always trot out to management. Of course, this is totally unsubstantiated, with only a handful of anecdotal pieces of "evidence" (and I use the term loosely) to back it up. You have no proof that ANY programming method is better than any other. I suspect it comes down to the individual programmers, not the buzzword of the week.
5. You jumped back into the ad hominem again, claiming "You're certainly not the only one who hates XP. And certainly not the only one who hates it without actually knowing anything about it." But of course, you don't know anything about me, so you have no right to make this assumption. But this is pretty typical Slashdot fare, so let's move along; you're in character.
6. You wrapped up with a rhetorical: "Questions:
How many open bugs are there on your current project? Or,... maybe it would be easier this way: How many digits do you need to represent your bug count?
If you could reduce your bug count to zero, or so close to zero that it almost didn't matter, would that be worth something to you? Would it be worth reconsidering your blind rejection of something that has been shown to work?"
My "bug count" is extremely low, FYI. This is because I do plenty of up-front design, and I unit test everything (remember "unit code and test"? I know it's not fashionable or anything...). Then I go back in and do a code audit to make sure I didn't miss anything. My boss likes me; my stuff works, and doesn't cause problems.
Just because I'm not an XP convert doesn't mean I'm a shitty programmer, and you're a creep for suggesting that I am.
Now, I don't expect you to back off from any of the twaddle you threw at me, because after all this IS Slashdot. However, I think I've addressed your "concerns". And, I still dislike XP.
See, that I could have lived with. But what he wanted me to do was use separate variables for integers, floats, etc, use the hungarian prefix for each, copy the data into the new variable whenever I was going to do something else with it, and so on. It was horrible. Of course, there were a lot of other really bizarre things in his "coding standard", like he wanted me to write all of my function calls in this weird way, with return values that went totally against all normal Perl practice... It was just bizarre. I quit over it. I told my boss, "Come on, man, if I program this way, all the other Perl programmers are going to laugh at me; I'm not going to be able to show this code to anyone without looking like a complete doofus." He didn't sympathize. You can't expect a manager to understand that you don't want to do something patently stupid, and have it become a permanant part of your body of work, you know? They just think, "you get paid either way, so what do you care?"
But I agree with you, that used in the way you describe, it could be useful. In fact, right now I'm doing.Net programming, and when I have a private class variable, I use an "i" prefix (for internal) and name the property without the "i" (like, iMyPhoneNumber and myPhoneNumber). I don't remember where I read that idea, but it's nice.
A number? Not right away it isn't. If I read it in as a string, it isn't a number until I do a few things to make SURE it's a number. For example, run it through a regexp and do a little math on it, etc. So it's a string until its a number, dig? We're talking about input from a web page. Nothing is guaranteed. You can ask for a birthdate and get the answer "Baptist". You have to make SURE.
I just KNEW I was going to have to take heat on this one. But it's cool. It's like a sport.
Yes, but HE wanted me to create an extra string to use with regexps, and an extra float if I used it as a float, and so on, and so on. It gets pretty stupid pretty fast.
Most Perl programmers use either all lowercase with underscores between the words, or initial caps with no underscores for their variables, and just name their variables after their content, like clientPrimaryPhone (for vars, first letter always lowercase).
Anyway, he and I hated each other. It was pretty much guerilla warfare, a skirmish here, a skirmish there. He used to like rewriting my code at night without telling me, so that it would just be broken the next day. Once I figured out what was going on, I started backing up all my code to a zipdisk at night, and deleting and restoring it in the morning, which took care of THAT.
Well, that's true, but it's still worth saying. My new iBook is GORGEOUS! And, it's letting me kill off my windows PC finally, which is going to please me to no end.
Just looking at the thing makes me happy. I mean, above and beyond the durability, the apps, and everything it does, man, it just plain looks good.
I've got an older 300Mhz blueberry iBook for travelling, too, which I've had for a few years. That one's going strong too.
Ya gotta love Apple. They sure know how to put a computer together...
I agree; most of XP isn't bad, although I don't like the idea of writing tests first either (I think you should figure out your approach first, then do some coding, then figure out how best to test your idea, but that's just me). But here's why I hate pair programming:
1. I'm antisocial. I definitely do NOT want to hang around with some other programmer day in, day out. I would be extremely uncomfortable with the constant presence of another person.
2. Pair programming basically means that one person is actually coding while the other harasses him, making him explain every little thing he's doing. I'd last about an hour in this sort of arrangement; then I'd probably do something unspeakably rude. Nobody likes to be constantly nagged, and no one likes to be second guessed.
3. While I'm on the subject, I need peace and quiet to think. I need a cubicle where I can stretch out and just ponder what I'm doing every now and then; to reflect on a bug, for instance, and let ideas come rolling in out of my subconscious. The constant yammering of another person would eliminate any chance of any of that.
4. Finally, two people on one computer? Shouldn't they be breaking up their modules and programming in parallel, getting done in half the time? Why is only one person coding at a time, and why doesn't anyone think the second person is mostly being wasted?
It's so nice to find out that I'm not the only person who hates this idea...
I'm a VB.Net programmer who started out in C and C++, then Perl and Java, and ended up in VB6 because of the rotten economy. When I had the chance to escape VB6 and move to.Net, I almost wept with joy. People can say whatever they like about the huge change between VB6 and VB.Net, but I adore it. It made the language palatable for the first time, and saved my sanity. Now I'm happy at work again.
Of course, all the older, pure-VB6 guys are tearing their hair out. But what can you do? Life's like that.
Slashdot Mirror
Yeah, yeah, yeah, you've answered my question with an answer to a completely different, unrelated question. How typical! Perhaps I should be more specific in what I'm saying then.
When I say "user-space" I'm not just saying that the memory is a different area from what the kernel is using (that's fairly obvious). I mean that the program/firewall/whatever is being run as a separate process, one that can be crashed without necessarily crashing the kernel. THUS, you can kill the firewall without crashing the O/S, THUS it's not as secure.
Everyone on slashdot is so arrogant. You always call other people stupid when they don't agree with you. It's childish, don't you think?
Still, you haven't answered my question. If I start windows, and the network comes up while Norton antivirus and Norton Personal Firewall are still not activated (and then, for several seconds while they're disabled, if the icon in the taskbar is telling the truth), what's protecting the system in that ten to fifteen seconds?
Oh, and PART II:
Tell me:
If the firewall code is in the kernel, it runs whenever the kernel is running, period. So it's always on, always available, always acting as a firewall. If your firewall is running in user-space, IT CAN BE SHUT DOWN without shutting down the kernel. Which of course would leave you wide open. Which is a good reason why unix does it in the kernel.
Next up: If the firewall is running in the kernel and has some kind of devastating crash, it'll probably bring down the kernel with it. You think that's a bad thing, but I think it isn't. After all, the box is no longer accessible, now, is it?
On the other hand, if I manage to crash your user-space firewall, your kernel is still running, and available to me.
Which is more secure again? A box that has effectively shut down? Or a box whose user-space firewall has crashed and is now WIDE OPEN?
Just thinking "aloud"...
P.S. The "appeal to authority" is a logical fallacy as every freshman philosophy student knows. Besides, you can say you have ten years experience, blah blah, but for all I know you're a fourteen year old. Ok, here's one: I've been programming in Unix since 1925! So I know everything! Boo-yah.
Tag, you're it.
Uh, huh. So, riddle me this, batman:
Let's say you're using a third-party firewall. You install it and configure it to run all the time. So far so good, right? You're on windows, you're using a user-space firewall, and if you're RIGHT, all is well.
So you boot your machine. Your machine is connected to the network, of course, by an ethernet cable. At first when windows boots, no user is logged in. Thus, no firewall is running.
So you log in. Ever watch the order in which things come up? For example, I have Norton Internet Security running on a windows 2000 box. I know, I know -- Norton??? But let me continue.
First, sound, graphics card, etc, all come up and you get the cutesy little icons in the task bar.
Then, the network comes up. Packets start getting sent back and forth, evidenced by the pretty little lit up screens in the icon in the taskbar.
Then, the firewall starts up.
Then, the antivirus.
At first the firewall isn't even enabled (dig that groovy red "x"). Ditto for antivirus. After a few seconds, they finish their init and they're running.
So, the riddle is:
What about the ten or so seconds in which the network is running before your user-space firewall comes up? Just as an example, mind you. Call me curious.
Because if the firewall is running in user-space, and all user apps get shut down when the user logs out, and then restarted when the user logs back in, there's a window, now, isn't there?
Just curious. Lay it on me, yoda.
When I was in the sixth grade, I had a voracious appetite for all sorts of books (well, I still do, but I used to read even more). I used to read everything I could get my hands on, you know? So as a result I had a pretty good vocabulary, and a pretty solid understanding of sentence structure. Well, I had this totally evil teacher named Mr. Gilbert. He sometimes used to hit kids; I remember once this kid Larry defied him by putting his feet up on his desk, and Gilbert socked the kids feet so they flew off the desk and he nearly got flung on the floor. Larry jumped up, Gilbert threw him bodily back into his chair, Larry tried again, Gilbert used more force. The man was evil.
Anyway, I wrote a paper about something we were reading (I don't remember what the subject was) and at some point, I had used the phrase "alas, it wasn't meant to be". I got a zero on the paper. I asked him what the hell he meant by that, and he yelled at me that of course I cheated, "no sixth grader uses the word 'alas'!" It was just more abuse after a whole season of abuse, and it got me kicked out of the classroom, sent to the principal's office, hollered at all over the place...
I've hated him ever since. He's probably one of several teachers I can still name to this day who directly led to my complete and utter distrust and rejection of authority.
The worst thing about a false accusation is that you can't unring a bell. Even if you're wrong, the accusation sits there like a black mark forever, and people remember it.
Well, that's pretty interesting... So you figure the case was hobbled long before Bush dropped it? Well, that's interesting because the case had ALREADY BEEN WON, and Microsoft had ALREADY BEEN FOUND GUILTY. So, how do you figure Reno let them off the hook?
It was your hero, President Bush, who decided not to pursue the case any further, because he is 100% pro-big-business and where will you find a bigger business than Microsoft? Bush took a case that had ALREADY BEEN WON and basically, let Microsoft off the hook.
Think of it in terms of fishing. Janet Reno and her crew caught a twenty-foot marlin, wrestled it into the boat, and picked up the club to bash it in the head. Then, before the death blow, the boat changed crews -- Clinton, et al, got off and Bush, et al, got on. Bush looked down at the marlin, asked "what's that doing here? Get that thing off my boat..."
Bush bashing? No. I'm calling a spade a spade.
When Netscape was ascendant, there was some talk about using it as an applications development platform. This freaked out Bill Gates, who then directed his minions to destroy Netscape by producing a competing browser for nothing. Antitrust issues threatened their plan, so they decided to bind the browser to the O/S so it could no longer be separated. When it came to court, several professors demonstrated that IE *could* be separated from the O/S, but you know how the legal system is... Even though Microsoft lost, Bush's DOJ stopped pursuing the case and that was that. Nothing ended up being done. And, here we are, with an IE that's totally intertwined with Windows, building security problems right into the O/S, all so Bill could kill off Netscape as an applications development platform and quit worrying about his pet O/S becoming irrelevant.
It didn't work anyway. Mozilla grew into what Netscape was trying to become. But most people still use Windows because of Microsoft's OEM licensing programs (quite a competitive advantage, that).
What are you gonna do? It's the system, it's bankrupt and senseless, and it is what it is.
How depressing! Well, I'd have to get even with whoever gets assigned to it. I'd schedule a call to a web browser pointing at the goatse guy to go off twice an hour, fullscreen. "Aaaaaaaigh! My eyes!!!!" "Take THAT, PHB-boy..."
If you know what you're talking about, why is it you think that a user-space firewall is more secure than a kernel-space firewall?
When the firewall runs in the kernel, the firewall sees incoming packets FIRST, and can drop them on the spot. When the firewall runs in user-space, incoming packets come in, get handled by a kernel process (which may have a vulnerability), and THEN get handled by the firewall. So if there's a vulnerability in the kernel, the packet has already nailed you before the firewall has "seen" it. It's why every single Unix puts its firewall in the kernel, and has done so for decades.
How did you scan your machine? Did you use nmap? Did you try all the different scans available (there are at least a few dozen).
I'm not trying to give you a hard time, here, I just think you're trusting XP a little too much for your own good.
Pretty good points, and people should be educated about the dangers of social engineering, but I'm not sure if I'd add a PHB computer to the mix. At least not across the board; maybe in an isolated test setup on the far side of the room with "PHB" in big letters over the workstation...
Not to upset/depress you, but you DO know that all firewalls in the windows world run in userspace (whereas Unix/Linux firewalls run in the kernel) so they're not quite as bulletproof as you might think?
By the way, your windows box is listening on a whole range of ports you don't even know about. And, you have to trust that Microsoft has truly locked down that "firewall" of yours. Considering that they opened up all those weird ports in an end-user machine in the first place (why?) you might want to ask yourself whether they'd firewall themselves out of the very ports they left open in the first place.
But I'm sure you thought of that.
A traditional multi-tier enterprise setup:
.Net across the board; you might not want to mix them on the same set of servers, because you're interested in vulnerabilities, right? So you might have older ASP/MTS server setups, and newer .Net ones).
Database
-
Middleware server
-
Intranet web server (inside firewall)
-
Firewall (separate machine)
-
Web server (DMZ machine)
-
Client boxes
You might want to set up a few common architectures:
Oracle and SQL Server databases on backend / Windows 2000 middleware / Firewall (hardware? an enterprise special-purpose firewall?) / Windows 2000 web server (Note that this architecture could be duplicated, one set with traditional ASP and COM+, and one with
Oracle, MySQL, and PostGresql databases on backend / Linux or FreeBSD based middleware / Linux or FreeBSD based firewall / Linux or FreeBSD based Apache web server (Note that this architecture probably would be java based, so you could use JBoss as your app server, etc)
Of course, this is just off the top of my head, but my thinking is, if you duplicate what people are actually using out in the world, then you'll learn more about the vulnerabilities and the countermeasures that are out there...
Most of the windows vulnerabilities are vulns that affect both server and end-user machines, and they're on by default. Hard to turn off, too, without affecting random things in the O/S, and you have to be able to read the list of umpteen million running services (knowing what they are, in other words) in the admin tool MS provides.
/etc/ and just turn off any services that you found on.
Most of the Unix/Linux vulnerabilities affect servers primarily. Most end-users would have these services turned off (workstations wouldn't be running apache or an SSH server, for example). And, it's easy enough to go into
Hmm...
When I tried to install System Shock 2 it said it couldn't install direct X (I think it was version 6, it was a while ago) so it couldn't proceed. But if you got it to work on Windows 2000, then, maybe it was a glitch! So that's a good thing for me, eh? I'll give it another whack...
Beware: System Shock 2 wouldn't install on Windows 2000 because of some kind of direct X issue (I wept! and gnashed my teeth, too!).
Does it work on XP? That might be enough reason for me to get an XP-based laptop I've been looking at for a while...
But, you're forgetting something.
Games are simulations. All the programmers are doing is setting down the basic rules of the simulation; guards have patrol areas and walk certain patterns in their posts, guards will respond to sound, they'll move in formation (this sometimes is actually researched), they'll open fire on certain types of targets, shots in the body are more dangerous than to the arms/legs and head shots are instant kills... All a programmer has done is set up the basic ground rules by which his "world" works.
Gamers who play the simulation are actually in a sense doing empirical research. When, say, there are five guards in three positions around a building you would like to enter, and they're all well armed and wearing body armor, three by the door and two roving, what is the best way to assault the building? How about when there are security cameras covering certain approaches? How about when all you have is a knife? It is the playing of the game itself that refines the gameplay, not the experience of the programmers.
Over time, and it's been about ten years now, people playing one game after another refine their gameplay and their tactics. In turn, the programmers (who are usually gamers themselves) learn what works and what doesn't, and the games get more sophisticated, the AI better. In turn, the gamers develop more sophisticated tactics. It's a mental game, really. How to I get from here to "in there" while taking no hits and defeating my five enemies? Probably, by sneaking up on the first roving guard with a knife while he's isolated, then doing the second roving guard with the knife, taking both their weapons, and if one of them had a grenade, use that to deal with the three at the door. Right?
Now, let's consider. If all games are basically combat simulators (and the army and marine corps agree with me on this, because that's how they're using them) and people have been playing them for over ten years (doom came out in '93), and the gameplay gets more refined every year... Isn't that at least something like a laboratory for developing assault tactics? And, isn't any experienced gamer fairly comfortable with developing a strategy for assaulting any kind of obstacle he might want to? Before you say "naw, of course not" think about it; every FPS gamer out there does this sort of thing virtually every single day of his life. I remember a friend of mine who played one of those online team-based games, I think it was Navy Seals. He and a bunch of friends in Brooklyn challenged an actual Marine Corps fireteam to an online match one night, and the match went for over an hour because the Brooklyn kids were being stealthy and just sneaking around the marines (who were using USMC tactics, walking in fireteam delta, doing everything right...) Well, the kids from Brooklyn set up an ambush in a swamp, and totally wasted the jarheads. Cut them to pieces from high ground while they were waist deep in water. One guy, a sergeant, asked my friend who he was. He seemed pretty impressed, but it makes sense, you know? Most marines didn't grow up as gamers. The gamers had been doing this sort of thing since before they hit puberty.
I'm not saying a gamer could actually sneak up on a real soldier with a knife. That would probably not go very well unless the gamer had actual military experience (although many of us DO). But any gamer has an advantage at least where it comes to the mental part of a fight, because he's got a lot of experience thinking about approaches to difficult, testy situations.
It's an interesting thing. Of course, then there's paintball, which is a whole other ball of wax; that simulation is physical as well as mental.
Fine, but how is iPersonIDNumber more clear than personIDNumber? If you call it "i" something, you're basically saying it's a number. But it's not a number until you use it as one, because everything in Perl derives from the context. My feeling is that the whole use of prefixes with a language like Perl is bizarre, like trying to put handlebars on a horse. It just doesn't fit, you know?
But my biggest problem with the sysadmin from hell was that he wanted me to not just name the variables with his prefixes; he wanted me to USE them that way, too. So, instead of having a single context-based Perl variable, I'd have at least two, an "int" and a "string" (nevermind that the whole typing thing would be totally artificial in Perl). And, extra code to convert back and forth as I worked with the variable.
All this so VB-Boy could read the perl more easily. Grr... Evil...
Having said all that, I do see the utility of using prefixes in strongly-typed languages. Although, again, I'd personally prefer to just use more mnemonic identifiers, but that's more of a matter of taste I think...
But, if you're really trying to "squeeze more productivity out of a group of programmers" then why don't you break a program into a set of discrete, modular units, have the programmers develop them simultaneously (with all programmers working at the same time), unit test them, and integrate them after they pass their unit tests (then you do integration testing of course)... Using two programmers for two problems instead of one seems more productive to me. And, if you really DO unit code and test, and don't just give it lip service, AND you have a healthy policy of peer review, you'll have the same reliability you're claiming with XP.
Having said that, you can achieve your goal of outing bad programmers with peer review of each module as it passes its unit tests. Not that the bad programmers you're talking about will meet their deadlines anyway, so I guess I don't understand why you think it's XP that outed them.
BTW: Nice comment about my posting to slashdot! People in glass houses shouldn't throw stones, eh?
Well... I can see what you're saying, maybe how the pair programming works out depends on the programmers more than anything else. I don't think it would work out for me, though -- I'm more of a solitary sort. I'm not against team efforts, of course, I'm involved in several, but we generally divide the work up into loosely coupled blocks and code them independently. I find that a very comfortable working style.
I'm still not sure I buy into the "pair programming = fewer bugs" theorem, but at least the woman you mentioned seems to be testing it empirically, which is kinda cool. I think I can see how having two people look at the code might result in fewer errors. But I think this can be achieved equally well with parallel coding and peer review, which I think might go a little faster (e.g. we break our project into modules, we each go back to our cubes and code our modules, then we trade and peer-review them, get back together and discuss during a meeting).
I should say that I'm not totally anti-XP, I'm just not comfortable with pair programming itself. And, I have a different way of testing. I like to unit code and test, basically, break the project into discrete units, code the units, then test each unit by feeding it test data and checking the results. It's not that different from XP, but you do the design and coding first, then the test(s). It's worked pretty well for me so far.
Ok, taking your points one by one:
... maybe it would be easier this way: How many digits do you need to represent your bug count?
1. So I have a different point of view than you do about testing. Big whoop. I reject your basic premise, that because you read some buzzword-book you somehow know more about software development than I do. I've been in this business a while, and my methods work just fine.
2. You said "How sad. If you don't see anything wrong with the situation, there isn't anything anyone can do to help. I'm pretty certain we have a lot more fun than you do at work."
And, the ad hominem attacks start. Are you proud of yourself? Go take a philosophy course and find out why ad hominem is not considered a valid argument technique. In the meantime, you should know that I have a great time at work, my coworkers and I like each other quite a bit, and the privacy and quiet of our cubicles are a comfort to us all (not just me). The style followed where I work is programmers get a little privacy and quiet to do their work in, and we're all much more productive for it. I wouldn't trade places with you on a bet. I bet you work in one of those Stalinesque "open office" layouts, don't you? Tsk, tsk...
3. You kept on with the ad hominem with "Everyone needs peace and quiet from time to time. If you have so little respect for your coworkers that anything they say is 'constant yammering', then I submit that the problem is not with your coworkers."
Obviously you misunderstood my point. Where I work, there IS no "constant yammering" because programmers are left alone to do their work, without constant chatter interrupting their chain of thought. My coworkers do not yammer; when we're not busy, we chat, but when we're busy, we leave each other alone. We consider this "common decency". It's an interesting concept, I think it might be making a comeback.
4. Then you dropped the ad hominem attacks to make a totally unsubstantiated comment, expressing opinion as fact: "If you actually looked into the economics of it you'd find that pair programming only increases the initial cost of the code. Over the life cycle of the application, the reduction in bugs brings the cost down so pair programming beats separate programming"
Sure. Whatever. This is what all you XP fanatics always trot out to management. Of course, this is totally unsubstantiated, with only a handful of anecdotal pieces of "evidence" (and I use the term loosely) to back it up. You have no proof that ANY programming method is better than any other. I suspect it comes down to the individual programmers, not the buzzword of the week.
5. You jumped back into the ad hominem again, claiming "You're certainly not the only one who hates XP. And certainly not the only one who hates it without actually knowing anything about it." But of course, you don't know anything about me, so you have no right to make this assumption. But this is pretty typical Slashdot fare, so let's move along; you're in character.
6. You wrapped up with a rhetorical: "Questions:
How many open bugs are there on your current project? Or,
If you could reduce your bug count to zero, or so close to zero that it almost didn't matter, would that be worth something to you? Would it be worth reconsidering your blind rejection of something that has been shown to work?"
My "bug count" is extremely low, FYI. This is because I do plenty of up-front design, and I unit test everything (remember "unit code and test"? I know it's not fashionable or anything...). Then I go back in and do a code audit to make sure I didn't miss anything. My boss likes me; my stuff works, and doesn't cause problems.
Just because I'm not an XP convert doesn't mean I'm a shitty programmer, and you're a creep for suggesting that I am.
Now, I don't expect you to back off from any of the twaddle you threw at me, because after all this IS Slashdot. However, I think I've addressed your "concerns". And, I still dislike XP.
Nyah, nyah. Tag, you're it.
See, that I could have lived with. But what he wanted me to do was use separate variables for integers, floats, etc, use the hungarian prefix for each, copy the data into the new variable whenever I was going to do something else with it, and so on. It was horrible. Of course, there were a lot of other really bizarre things in his "coding standard", like he wanted me to write all of my function calls in this weird way, with return values that went totally against all normal Perl practice... It was just bizarre. I quit over it. I told my boss, "Come on, man, if I program this way, all the other Perl programmers are going to laugh at me; I'm not going to be able to show this code to anyone without looking like a complete doofus." He didn't sympathize. You can't expect a manager to understand that you don't want to do something patently stupid, and have it become a permanant part of your body of work, you know? They just think, "you get paid either way, so what do you care?"
.Net programming, and when I have a private class variable, I use an "i" prefix (for internal) and name the property without the "i" (like, iMyPhoneNumber and myPhoneNumber). I don't remember where I read that idea, but it's nice.
But I agree with you, that used in the way you describe, it could be useful. In fact, right now I'm doing
A number? Not right away it isn't. If I read it in as a string, it isn't a number until I do a few things to make SURE it's a number. For example, run it through a regexp and do a little math on it, etc. So it's a string until its a number, dig? We're talking about input from a web page. Nothing is guaranteed. You can ask for a birthdate and get the answer "Baptist". You have to make SURE.
I just KNEW I was going to have to take heat on this one. But it's cool. It's like a sport.
Yes, but HE wanted me to create an extra string to use with regexps, and an extra float if I used it as a float, and so on, and so on. It gets pretty stupid pretty fast.
Most Perl programmers use either all lowercase with underscores between the words, or initial caps with no underscores for their variables, and just name their variables after their content, like clientPrimaryPhone (for vars, first letter always lowercase).
Anyway, he and I hated each other. It was pretty much guerilla warfare, a skirmish here, a skirmish there. He used to like rewriting my code at night without telling me, so that it would just be broken the next day. Once I figured out what was going on, I started backing up all my code to a zipdisk at night, and deleting and restoring it in the morning, which took care of THAT.
Well, that's true, but it's still worth saying. My new iBook is GORGEOUS! And, it's letting me kill off my windows PC finally, which is going to please me to no end.
Just looking at the thing makes me happy. I mean, above and beyond the durability, the apps, and everything it does, man, it just plain looks good.
I've got an older 300Mhz blueberry iBook for travelling, too, which I've had for a few years. That one's going strong too.
Ya gotta love Apple. They sure know how to put a computer together...
I agree; most of XP isn't bad, although I don't like the idea of writing tests first either (I think you should figure out your approach first, then do some coding, then figure out how best to test your idea, but that's just me). But here's why I hate pair programming:
1. I'm antisocial. I definitely do NOT want to hang around with some other programmer day in, day out. I would be extremely uncomfortable with the constant presence of another person.
2. Pair programming basically means that one person is actually coding while the other harasses him, making him explain every little thing he's doing. I'd last about an hour in this sort of arrangement; then I'd probably do something unspeakably rude. Nobody likes to be constantly nagged, and no one likes to be second guessed.
3. While I'm on the subject, I need peace and quiet to think. I need a cubicle where I can stretch out and just ponder what I'm doing every now and then; to reflect on a bug, for instance, and let ideas come rolling in out of my subconscious. The constant yammering of another person would eliminate any chance of any of that.
4. Finally, two people on one computer? Shouldn't they be breaking up their modules and programming in parallel, getting done in half the time? Why is only one person coding at a time, and why doesn't anyone think the second person is mostly being wasted?
It's so nice to find out that I'm not the only person who hates this idea...
I'm a VB.Net programmer who started out in C and C++, then Perl and Java, and ended up in VB6 because of the rotten economy. When I had the chance to escape VB6 and move to .Net, I almost wept with joy. People can say whatever they like about the huge change between VB6 and VB.Net, but I adore it. It made the language palatable for the first time, and saved my sanity. Now I'm happy at work again.
Of course, all the older, pure-VB6 guys are tearing their hair out. But what can you do? Life's like that.