Because they did not *completely* rewrite it it seems. They know there tools, they probably have made the decision to go without Garbage Collection. There could be many many other reasons.
BTW, this is the wrong thread for this discussion. Even so, people are entitled to their meaning mods, modding this flamebait is taking it a bit far.
As long as the context of s and c is understood (in other words, if they are part of a local loop without any other variables that could become s or c) then that is fine. Even then I personally believe that verbose variable names are better, if only because it lowers the learning curve.
You are over-generalizing as much as the GP. Hiring people is a great idea if they have more knowledge on a subject, especially while testing. They will find bugs and even architectural errors before you start to test in the field. They won't find every bug, but alpha/beta testing certainly won't find all bugs either. In the end there will always be gamma bugs left (that you find by, eh, field testing). The trick is to iron out as many of them as you can find.
Yup, that's why I insisted that for my security relative, impossible to update (embedded) software a specialized test team was created. I would not be surprised (actually I'm quite sure) that the test costs are about 10 times that of development.
But even that does not solve the problems with testing. Because the test team needs to consult the development team/domain expert and requires to take the architecture/implementation in mind, many tests will *still* only cover those already envisioned by the development team.
In the end, you'll have to throw it in the pond and see if it floats. Of course, a highly complex, temporary pond is the best for ironing out the ironic bugs still present after development testing. Of course, the issues that are found should become part of the software tests, if only to prevent regression.
Sorry, I've got no recommendations. But I don't doubt that there are many good ones that get modded up, I've already mailed a few of them to my work mail address to see if we can put an OS solution instead of the thing that is SharePoint. I have to work with SharePoint since my company does not let me use anything else and it has left some deep scars. Unfortunately I'm not the one making the choices (or fortunately, evaluating this kind of software aint my thing).
SharePoint is underrated???? Oh, my god. It's vastly overrated. It's Microsofts proprietary, not well thought of solution on how to do distributed, eh, things with Office document. I've had horrible problems even when doing any kind of version control on documents. I mean, isn't that the whole point of SharePoint? I can delete a document, upload a new one with the same name and it will *revert back* to the old version! Oh, yeah, you can do it online, if you use IE *and* know how to do it.
Recently I've been using the discussion board of SharePoint to distribute programming tips. I've never had a program refuse *those* particular (perfectly valid) HTML tags - without any warning whatsoever of course. I've made a howto on how to read the posts on the discussion board - never mind posting your own. You ask: what's that got to do with it? Well, the whole implementation of SharePoint lets any apt programmer scream Nooooooooooohhhhhhhhh from behind it's terminal. It's simply *that* bad.
I mean, I cannot even find anything using the software. I created the discussion board, and I could not get it to the front page, neither could the administrator. It's just a horrible mess. I mean, this is software that refuses to put a PDF icon in front of PDF files! Oh, yee gods, I hate that piece of crap.
As for the signing and verifying - the request of the Ask SlashDot: do you say that there is a good method of doing just that? Because I haven't seen it, but that might be because it is there and I refused to RTFM - if only to skip reading the EULA that's undoubtedly put right in front of it.
Yes, and many people here are all to ready to let the key only activate the starter, and not the airbag, traction control and radio too, and call them bloat to boot.
Pfft, all bureaucratic nonsense that, look at the map, it's *close*. We'll go around the active volcanoes. Mod P up and GP down mods, what kind of nerd takes that kind of stuff seriously?
Ultimately none of course. If religions would be disbanded because they are incompatible with science or simple truths, we would have rather less religions (if not none). Religions die out if people start to believe in other religions, by force or not.
Oh, I was just in time to correct "there" to "their" in a post that brings the same point as you do. I see it as a clear indication that I am viewing Slashdot too much.
Interesting story, but I don't see how the nickel really aided in the capture of the spy. He was turned over by a defector and they found espionage equipment in his home. What was the link?
Nah, Bruce is fine. He has always had things like that on his blog, letting people make up their own mind about them. It's probably the idea persons start to think that scanning people for SD cards is utter stupidity. And trust me, there are a lot of institutions (like mine) where this kind of thing still goes on.
That must be a specific kind of information that I'm not so familiar with. Sure thing, there are things you can *do* with information that can harm stability or people, but to blame information itself always strikes me as madness.
It's like those people that say you cannot study homo-sexuality because the outcome could have severe consequences. By now we know that homo-sexuality does seem to imply physical manifestations. Personally I don't think that information has changed much in how we treat homo-sexual persons at all (for good or for worse).
Even in the western world there seems to be way too much information that gets hidden away for such purposes, e.g. for national security. In almost all cases that don't directly involve e.g. names of persons in sensitive operations, it's poppy-cock. And even then the information should be open to the public directly after that kind of information is not directly harmful those involved.
People modding this insightful should get a clue-stick. The best defense is relying on systems that have more security build in, not on the end user. The end user will always be clueless and rightfully so. The end user has stopped being computer fanatic for almost 2 decades. And there is a lot of things that can be improved. Buffer overruns should be a thing of the past, applications should not start out with permissions that lie outside their intended use (MS implemented that for IE, which was a seriously good move).
Of course, anyone should still have control over their computer and so there will be users that continue to be a thread. We should of course point out to the users that what they are doing is stupid. But we should also build systems that protect the users as much as possible, and (if that does not help) systems that protect against user stupidity.
Hey, thanks, it is only displayed in the settings as "compact querty". OK, it's a bit deep down and for some reasons not in the keyboards settings, but I'll try it out, I can always turn the display in the few cases that it does not suffice.
Why can't they use X.509 certificates like everybody else does? Are they too complex for SSH? Why no smart card support for those really secure connections?
Maybe we should just use OpenSSL & telnet or something similar, at least OpenSSL has PKCS#11 support nowadays. The only other thing required is a way to multiplex multiple protocols over SSL, but that certainly sounds doable.
My provider XS4ALL runs a ssh daemon on port 443 of their server. Using a HTTP (Netscape) proxy works just as well (another good reason to keep the ISP's proxy in the air). Thanks for the remote DNS hint, didn't think about that (DNS at our company is non-restricted).
Fortunately I did not have to use it for a while, nowadays the proxy settings of the company proxy are more reasonable. Before that I had trouble retrieving many web pages with "bad words". Including those necessary to do my work.
I'm now a proud owner of a HTC Hero android phone. I absolutely love the way you can type on it. It does not have two letters on each soft key - but the idea is more or less the same. If I mistype one or two characters I just select the right word that is displayed on top (most of the time it is the default). The keyboard auto-adapts to the input required and it is relatively easy to switch languages. web-addresses can be a bit of a hassle though, since auto-predict is useless for most pages. The input seems to really capture the center of my finger though, so I don't mistype much. This is fortunate since the otherwise excellent capacitive screen *does* require a special stylus, which seems to be unavailable in the Netherlands.
Of course, nothing is perfect. A language indicator/switching button would be nice. The vibration during typing could be slightly faster. Some tricks like swiping for capitals might be interesting to be able to turn on. But for searching in documents, SMS and short emails, it's more than adequate. And if in a tight spot I turn the device and I can touch type in landscape using larger keys. Of course, that means I've got less screen estate but I don't actually need much screen estate while typing.
Copying and pasting is a bit horrible though - I would love to have an additional keyboard layout for navigation, copy & paste.
There are ways to attack that kind of problem: you sign the data on the card. Of course, this would mean that you would have to distribute the certificates somehow, e.g. by putting them on an SSL protected server.
If you don't want the complete data to be copied you also include a key pair on the card. You make sure that the private key is hard to extract and sign the public key along with the data. You can use the private key for a challenge response protocol.
This is more or less what the current ePassports do...
You can work fine without #ifdefs anyway you spin it. If you control the platform then you should have an API that lets you explore the capabilities of the system. After that it is as easy as switching in the classes.
It's not the time anymore where a virtual call takes so much of your CPU that you have to revert to #ifdevs. And if you still need #ifdefs because the capabilities do not map to specific modules/classes then the design is worthless.
At my company we've banned #ifdefs except for very specific cases. Having the software compile on a different platform certainly is not one of them. You don't have to program XNA to see that this is the sane way to do things.
Slashdot Mirror
Because they did not *completely* rewrite it it seems. They know there tools, they probably have made the decision to go without Garbage Collection. There could be many many other reasons.
BTW, this is the wrong thread for this discussion. Even so, people are entitled to their meaning mods, modding this flamebait is taking it a bit far.
As long as the context of s and c is understood (in other words, if they are part of a local loop without any other variables that could become s or c) then that is fine. Even then I personally believe that verbose variable names are better, if only because it lowers the learning curve.
You are over-generalizing as much as the GP. Hiring people is a great idea if they have more knowledge on a subject, especially while testing. They will find bugs and even architectural errors before you start to test in the field. They won't find every bug, but alpha/beta testing certainly won't find all bugs either. In the end there will always be gamma bugs left (that you find by, eh, field testing). The trick is to iron out as many of them as you can find.
Yup, that's why I insisted that for my security relative, impossible to update (embedded) software a specialized test team was created. I would not be surprised (actually I'm quite sure) that the test costs are about 10 times that of development.
But even that does not solve the problems with testing. Because the test team needs to consult the development team/domain expert and requires to take the architecture/implementation in mind, many tests will *still* only cover those already envisioned by the development team.
In the end, you'll have to throw it in the pond and see if it floats. Of course, a highly complex, temporary pond is the best for ironing out the ironic bugs still present after development testing. Of course, the issues that are found should become part of the software tests, if only to prevent regression.
Sorry, I've got no recommendations. But I don't doubt that there are many good ones that get modded up, I've already mailed a few of them to my work mail address to see if we can put an OS solution instead of the thing that is SharePoint. I have to work with SharePoint since my company does not let me use anything else and it has left some deep scars. Unfortunately I'm not the one making the choices (or fortunately, evaluating this kind of software aint my thing).
SharePoint is underrated???? Oh, my god. It's vastly overrated. It's Microsofts proprietary, not well thought of solution on how to do distributed, eh, things with Office document. I've had horrible problems even when doing any kind of version control on documents. I mean, isn't that the whole point of SharePoint? I can delete a document, upload a new one with the same name and it will *revert back* to the old version! Oh, yeah, you can do it online, if you use IE *and* know how to do it.
Recently I've been using the discussion board of SharePoint to distribute programming tips. I've never had a program refuse *those* particular (perfectly valid) HTML tags - without any warning whatsoever of course. I've made a howto on how to read the posts on the discussion board - never mind posting your own. You ask: what's that got to do with it? Well, the whole implementation of SharePoint lets any apt programmer scream Nooooooooooohhhhhhhhh from behind it's terminal. It's simply *that* bad.
I mean, I cannot even find anything using the software. I created the discussion board, and I could not get it to the front page, neither could the administrator. It's just a horrible mess. I mean, this is software that refuses to put a PDF icon in front of PDF files! Oh, yee gods, I hate that piece of crap.
As for the signing and verifying - the request of the Ask SlashDot: do you say that there is a good method of doing just that? Because I haven't seen it, but that might be because it is there and I refused to RTFM - if only to skip reading the EULA that's undoubtedly put right in front of it.
The plus side is - of course - that it also removes the engrams from your system.
Good, I'll install it on my PC at work and mail the security officer that it's ok because it is from filehippo.com.
Yes, and many people here are all to ready to let the key only activate the starter, and not the airbag, traction control and radio too, and call them bloat to boot.
Pfft, all bureaucratic nonsense that, look at the map, it's *close*. We'll go around the active volcanoes. Mod P up and GP down mods, what kind of nerd takes that kind of stuff seriously?
In case someone does not get the joke embedded in the title:
http://www.badmovies.org/movies/killtomato/killtomato-song.wav
Attaaaaaaack of the killer electrons!
Ultimately none of course. If religions would be disbanded because they are incompatible with science or simple truths, we would have rather less religions (if not none).
Religions die out if people start to believe in other religions, by force or not.
Oh, I was just in time to correct "there" to "their" in a post that brings the same point as you do. I see it as a clear indication that I am viewing
Slashdot too much.
Interesting story, but I don't see how the nickel really aided in the capture of the spy. He was turned over by a defector and they found espionage equipment in his home. What was the link?
Nah, Bruce is fine. He has always had things like that on his blog, letting people make up their own mind about them. It's probably the idea persons start to think that scanning people for SD cards is utter stupidity. And trust me, there are a lot of institutions (like mine) where this kind of thing still goes on.
Looks like any other folder!
That must be a specific kind of information that I'm not so familiar with. Sure thing, there are things you can *do* with information that can harm stability or people, but to blame information itself always strikes me as madness.
It's like those people that say you cannot study homo-sexuality because the outcome could have severe consequences. By now we know that homo-sexuality does seem to imply physical manifestations. Personally I don't think that information has changed much in how we treat homo-sexual persons at all (for good or for worse).
Even in the western world there seems to be way too much information that gets hidden away for such purposes, e.g. for national security. In almost all cases that don't directly involve e.g. names of persons in sensitive operations, it's poppy-cock. And even then the information should be open to the public directly after that kind of information is not directly harmful those involved.
People modding this insightful should get a clue-stick. The best defense is relying on systems that have more security build in, not on the end user. The end user will always be clueless and rightfully so. The end user has stopped being computer fanatic for almost 2 decades. And there is a lot of things that can be improved. Buffer overruns should be a thing of the past, applications should not start out with permissions that lie outside their intended use (MS implemented that for IE, which was a seriously good move).
Of course, anyone should still have control over their computer and so there will be users that continue to be a thread. We should of course point out to the users that what they are doing is stupid. But we should also build systems that protect the users as much as possible, and (if that does not help) systems that protect against user stupidity.
Hey, thanks, it is only displayed in the settings as "compact querty". OK, it's a bit deep down and for some reasons not in the keyboards settings, but I'll try it out, I can always turn the display in the few cases that it does not suffice.
Why can't they use X.509 certificates like everybody else does? Are they too complex for SSH? Why no smart card support for those really secure connections?
Maybe we should just use OpenSSL & telnet or something similar, at least OpenSSL has PKCS#11 support nowadays. The only other thing required is a way to multiplex multiple protocols over SSL, but that certainly sounds doable.
My provider XS4ALL runs a ssh daemon on port 443 of their server. Using a HTTP (Netscape) proxy works just as well (another good reason to keep the ISP's proxy in the air). Thanks for the remote DNS hint, didn't think about that (DNS at our company is non-restricted).
Fortunately I did not have to use it for a while, nowadays the proxy settings of the company proxy are more reasonable. Before that I had trouble retrieving many web pages with "bad words". Including those necessary to do my work.
Meh, I just feel fat.
I'm now a proud owner of a HTC Hero android phone. I absolutely love the way you can type on it. It does not have two letters on each soft key - but the idea is more or less the same. If I mistype one or two characters I just select the right word that is displayed on top (most of the time it is the default). The keyboard auto-adapts to the input required and it is relatively easy to switch languages. web-addresses can be a bit of a hassle though, since auto-predict is useless for most pages. The input seems to really capture the center of my finger though, so I don't mistype much. This is fortunate since the otherwise excellent capacitive screen *does* require a special stylus, which seems to be unavailable in the Netherlands.
Of course, nothing is perfect. A language indicator/switching button would be nice. The vibration during typing could be slightly faster. Some tricks like swiping for capitals might be interesting to be able to turn on. But for searching in documents, SMS and short emails, it's more than adequate. And if in a tight spot I turn the device and I can touch type in landscape using larger keys. Of course, that means I've got less screen estate but I don't actually need much screen estate while typing.
Copying and pasting is a bit horrible though - I would love to have an additional keyboard layout for navigation, copy & paste.
There are ways to attack that kind of problem: you sign the data on the card. Of course, this would mean that you would have to distribute the certificates somehow, e.g. by putting them on an SSL protected server.
If you don't want the complete data to be copied you also include a key pair on the card. You make sure that the private key is hard to extract and sign the public key along with the data. You can use the private key for a challenge response protocol.
This is more or less what the current ePassports do...
You can work fine without #ifdefs anyway you spin it. If you control the platform then you should have an API that lets you explore the capabilities of the system. After that it is as easy as switching in the classes.
It's not the time anymore where a virtual call takes so much of your CPU that you have to revert to #ifdevs. And if you still need #ifdefs because the capabilities do not map to specific modules/classes then the design is worthless.
At my company we've banned #ifdefs except for very specific cases. Having the software compile on a different platform certainly is not one of them. You don't have to program XNA to see that this is the sane way to do things.