This article is very misleading. It implies (to my reading at least) that a connection secured at the server side only is not secure in some general sense.
This is not true, as far as I understand these things. Consider connecting to Amazon (say). You verify the certificate and give your credit card number. This is enough to guarantee that:
(1) you are connected to the person that has the private key associated with Amazon (ie that this is Amazon or they have had a security breach - the private key cannot be obtained by sniffing alone)
(2) man in the middle attacks are not possible.
What is not guaranteed is that you are you - all the server knows is that someone is giving your credit card number. But that's OK - no-one else has that number (at least, they didn't get it by sniffing this transaction).
This *is* a problem if you are using SSL to secure a link to your own computer for root access, for example, because then it is important that you are you. In that case you do need the server verify the client. But that's not the same as shopping...
Dont forget the chemical spewing plastics factory to produce PokemonPlasticPrizes for Happy Meals.
This comment wouldn't be coming from the country that consumes those Happy Meals? That recently killed an agreement to control global warming? That consumes more per capita than any other country in the world...?
I expect she'll ultimately do very well there because she's a fast learner
So even though you wouldn't have given her that chance, you think she'll succeed! Can't you see that you're not being consistent? It sounds like she wanted a challenging job, you weren't prepared to give her one (or didn't understand what whe wanted) and now you're making excuses.
If someone leaves and makes a success of a better job how is it them at fault? Aren't people supposed to want to improve? Aren't you supposed to give them the opportunity? OK, if you thought she'd be a disaster then both of you are happy. But this way, *you've* lost (and don't seem to want to take the blame).
In other words, it was your job to keep her. You failed. Don't blame her - she's gone on to make a success of a more interesting job. What did you expect?!
I'm a software engineer. If the code doesn't work, I take the responsibility. It's not my manager's job to code. It *is* my manager's job to keep me happy. If they don't then I either leave (last company) or - if I think they'll listen (current employers) - complain and sort things out. But either way, if I'm not happy it's my manager's responsibility. That's what they are paid for (they don't actually make anything, do they...?).
On the English page of the LOTE site they give the average age of employees as 27.6. This struck me as a bit odd - not the value, but the idea that this is important. I guess they want to project the image that they are a "dyamic" company, but why can't older people be dynamic? They will also have more experience (not of the latest technology, but of more general skills....)
Or maybe I just can't cope with being older than the average age:-)
(Is this a particularly Japanese/Asian thing - is the startup/tech community even more ageist over there?)
Surely the most sensible approach is to use neither Serpent nor any other AES candidate for a year or two until they've been well studied. Why don't you use 3DES if you really concerned about security?
But the interesting part is that there is now a physical theory (proposed by someone else, not Rees) that might be testable, rather than just the ususal vague waffling about many possible universes. It's the testability that makes it interesting, as Rees pointed out.
The "point" of the article is harder to pin down - maybe the 6 numbers book has just been released in the USA or has just come out in paperback, or something. It's been available for ages in the UK.
OK, my claim to insight is that my partner was fourth author on this paper and I used to be an astronomer - but don't let either of those fool you into believing I know what I am talking about....
What the article doesn't explain very well is that this is the (or one of the?) smallest BH found. There has been a lot of speculation that small galaxies contained small BHs, but that they didn't emit X-Rays because they didn't accrete matter. But NGC4395 shows that they do (well, at least one does).
As far as efficiency goes - it's not very efficient (less efficient than many (most? all?) of the supermassive BHs), but more efficient than would be expected if "all" small galaxies had small BHs like this (otherwise you'd see a lot more emission from small galaxies).
Does that make sense? The important point is that they have detected emission from a small BH, which means that earlier *speculation* about small, non-emitting, BH in other small galaxies has to be re-thought.
For a spherically symmetric distribution of matter, gravity is *not* "diluted" by an outer shell. If you are inside an isolated hollow shell, for example, there is no gravitation field from the shell (if you are near one side then the pull from the close stuff is equally balanced from the larger amount, but more distant, remainder of the shell to the other side of you).
And, if I remember correctly, Hawking radiation is a tiny effect. It is insignificant compared to the accretion rate for any BH that is visible - it's only important once the BH has accreted everything and is floating around in empty space by itself.
I don't know if this applies to your problem, but I slow down as a problem becomes more complex. This is a big hint that documentation has insufficient detail - so I go back to documenting what I should be doing. This soon leads to checking parts of code against documentation, correcting errors and getting a better overview of the problem. That gives me a new map to follow and I'm off again...
As far as burn-out goes, I enjoy programming and often do it in my spare time as well as at work. But when work becomes heavy I back off programming at home and do other things (apart from getting married, building electronics or doing DIY are fun...:-).
If I'm not stressed, but still feel bored with programming that's normally a sign that I need to learn a new language or technique....
Toontalk at http://www.toontalk.com/ looks neat, but they may think it's too childish (but I'd like to play with it!) - it's an intro to programming via animation.
Computer Programming for Everybody at http://www.python.org/doc/essays/cp4e.html is an interesting paper that discusses how to introduce people to programming (it is biased towards Python, but that's not necessarily a Bad Thing - my own personal opinion is that Python is the best you'll find).
There's an earlier related discussion on Slashdot at http://slashdot.org/askslashdot/99/02/03/147222.sh tml
Ask Tim on the Oreilly site also discussed this: http://www.oreilly.com/ask_tim/programming_1199.ht ml and http://www.oreilly.com/ask_tim/programming_1199.co mments.html
But most important of all, whatever the language, is having a good project. If you really *need* a program, then you'll learn to program to do it. If you're just "learning to program" with no aim in mind, you'll soon be bored....
That you have a problem at all is worrying. You should be able to discuss this with your boss - he or she should understand the problem, respect your rights, and help you look for a solution.
In my grim experience, copyright abuse is all too common in industry - in a "good" company there should be no come-back for complaining about it (and the answer should be either "thanks - we'll fix it" or "yes, we know, and are already fixing it"). If you don't feel this is possible then, again, you have a problem.
So, what to do?
I'd recommend two things:
First, start looking for another job. If people are using your home-brew software then you're obviously a pretty good programmer. Getting a new job should be easy, so take your time and cherry-pick. At interviews, don't just look for money, but find out what kind of company it would be to work at. For example, after feeling very uncomforable in a homophobic and sexist environment I found a much better company by stating near the top of my CV that I wanted to work for a company that promoted equal opportunities - I didn't even want to waste time going to interviews with companies that thought someone who asked that was a troublemaker (and it worked - I found a good job with good coworkers).
Second, you have to talk to someone, preferably your immediate boss, and be very diplomatic. I'm sure other posts here will have suggestions. If I were you, I'd point out that the program was not for commercial use, but that you would be willing to give them a licence if they let you have the rights. If it's for internal use (not for reselling) that should be acceptable. Ask for a paper record - it doesn't have to be very formal, just something that records what has happened. Don't mention that you have already coded many of the requirements (this avoids you looking bad if they refuse to co-operate - see below).
Keep your temper, keep calm, don't make threats, and don't make absolute statements!
If you try talking and are blanked out, then make very sure that you keep any further modifications completely separate - implement the modifications separately at work, don't bring any code in and don't take any out. To protect your back, make sure that your improved version is published. Post yourself a recorded delivery copy and don't open it. Write the improvements your company wants at work, in their time, and get paid for it. Don't mention or offer your fixes - that will just drag you in deeper.
Unlike other people here I don't think you should fight if they won't co-operate. At least, not until you have another job. Just put it down to experience.
And really, look for better employers - you should be able to deal comfortably with this kind of problem at work. It's your manager's job to provide an environment in which you can talk about these things....
Good luck, Andrew
PS One other thing - in future, develop home-brew software in areas unrelated to your employers. In this case you were unlucky (unless your company writes web software), but there are many interesting problems out there looking for code... For example, I am paid to write software to help financial transactions on the internet - on my web pages you'll find lots of code, but nothing related to that!
I've written something similar (it filters cookies, but you can run two in series to block ads). It doesn't come with a list of sites to block - you must decide yourself. For more info, check out http://www.andrewcooke.free-online.co.uk/jara/alfa jor/index.html
If anyone is interested, I recorded how I got my first job in computing a couple of years ago at http://www.andrewcooke.fre e-online.co.uk/andrew/job.html (Preview seems to add a space in the middle of that, but the link works...)
People might like to check out Van Der Linden's "Expert C Programming (Deep C Secrets)" - it's a very odd book, full of many random snippets, but it does contain some nuggets of useful wisdom.
Thanks for the review - I'll have a look for this book next time are out shopping...
Slashdot Mirror
This article is very misleading. It implies (to my reading at least) that a connection secured at the server side only is not secure in some general sense.
This is not true, as far as I understand these things. Consider connecting to Amazon (say). You verify the certificate and give your credit card number. This is enough to guarantee that:
(1) you are connected to the person that has the private key associated with Amazon (ie that this is Amazon or they have had a security breach - the private key cannot be obtained by sniffing alone)
(2) man in the middle attacks are not possible.
What is not guaranteed is that you are you - all the server knows is that someone is giving your credit card number. But that's OK - no-one else has that number (at least, they didn't get it by sniffing this transaction).
This *is* a problem if you are using SSL to secure a link to your own computer for root access, for example, because then it is important that you are you. In that case you do need the server verify the client. But that's not the same as shopping...
If anyone thinks I'm wrong I would love to know!
Cheers,
Andrew
This comment wouldn't be coming from the country that consumes those Happy Meals? That recently killed an agreement to control global warming? That consumes more per capita than any other country in the world...?
I expect she'll ultimately do very well there because she's a fast learner So even though you wouldn't have given her that chance, you think she'll succeed! Can't you see that you're not being consistent? It sounds like she wanted a challenging job, you weren't prepared to give her one (or didn't understand what whe wanted) and now you're making excuses. If someone leaves and makes a success of a better job how is it them at fault? Aren't people supposed to want to improve? Aren't you supposed to give them the opportunity? OK, if you thought she'd be a disaster then both of you are happy. But this way, *you've* lost (and don't seem to want to take the blame). In other words, it was your job to keep her. You failed. Don't blame her - she's gone on to make a success of a more interesting job. What did you expect?! I'm a software engineer. If the code doesn't work, I take the responsibility. It's not my manager's job to code. It *is* my manager's job to keep me happy. If they don't then I either leave (last company) or - if I think they'll listen (current employers) - complain and sort things out. But either way, if I'm not happy it's my manager's responsibility. That's what they are paid for (they don't actually make anything, do they...?).
Your comments suggest that democracy shouldn't work either. Maybe recent events prove you right ;-)
Curious (and in the UK, so possibly ill-informed ;-),
Andrew
Or maybe I just can't cope with being older than the average age :-)
(Is this a particularly Japanese/Asian thing - is the startup/tech community even more ageist over there?)
Surely the most sensible approach is to use neither Serpent nor any other AES candidate for a year or two until they've been well studied. Why don't you use 3DES if you really concerned about security?
The "point" of the article is harder to pin down - maybe the 6 numbers book has just been released in the USA or has just come out in paperback, or something. It's been available for ages in the UK.
Andrew
What the article doesn't explain very well is that this is the (or one of the?) smallest BH found. There has been a lot of speculation that small galaxies contained small BHs, but that they didn't emit X-Rays because they didn't accrete matter. But NGC4395 shows that they do (well, at least one does).
As far as efficiency goes - it's not very efficient (less efficient than many (most? all?) of the supermassive BHs), but more efficient than would be expected if "all" small galaxies had small BHs like this (otherwise you'd see a lot more emission from small galaxies).
Does that make sense? The important point is that they have detected emission from a small BH, which means that earlier *speculation* about small, non-emitting, BH in other small galaxies has to be re-thought.
More info is here
On your other points:
For a spherically symmetric distribution of matter, gravity is *not* "diluted" by an outer shell. If you are inside an isolated hollow shell, for example, there is no gravitation field from the shell (if you are near one side then the pull from the close stuff is equally balanced from the larger amount, but more distant, remainder of the shell to the other side of you).
And, if I remember correctly, Hawking radiation is a tiny effect. It is insignificant compared to the accretion rate for any BH that is visible - it's only important once the BH has accreted everything and is floating around in empty space by itself.
As far as burn-out goes, I enjoy programming and often do it in my spare time as well as at work. But when work becomes heavy I back off programming at home and do other things (apart from getting married, building electronics or doing DIY are fun... :-).
If I'm not stressed, but still feel bored with programming that's normally a sign that I need to learn a new language or technique....
Glad to hear things picked up,
Andrew
Hi,
Toontalk at http://www.toontalk.com/ looks neat, but they may think it's too childish (but I'd like to play with it!) - it's an intro to programming via animation.
Computer Programming for Everybody at http://www.python.org/doc/essays/cp4e.html is an interesting paper that discusses how to introduce people to programming (it is biased towards Python, but that's not necessarily a Bad Thing - my own personal opinion is that Python is the best you'll find).
There's an earlier related discussion on Slashdot at http://slashdot.org/askslashdot/99/02/03/147222.s
Ask Tim on the Oreilly site also discussed this: http://www.oreilly.com/ask_tim/programming_1199.h
But most important of all, whatever the language, is having a good project. If you really *need* a program, then you'll learn to program to do it. If you're just "learning to program" with no aim in mind, you'll soon be bored....
Good luck,
Andrew
Hi,
That you have a problem at all is worrying. You should be able to discuss this with your boss - he or she should understand the problem, respect your rights, and help you look for a solution.
In my grim experience, copyright abuse is all too common in industry - in a "good" company there should be no come-back for complaining about it (and the answer should be either "thanks - we'll fix it" or "yes, we know, and are already fixing it"). If you don't feel this is possible then, again, you have a problem.
So, what to do?
I'd recommend two things:
First, start looking for another job. If people are using your home-brew software then you're obviously a pretty good programmer. Getting a new job should be easy, so take your time and cherry-pick. At interviews, don't just look for money, but find out what kind of company it would be to work at. For example, after feeling very uncomforable in a homophobic and sexist environment I found a much better company by stating near the top of my CV that I wanted to work for a company that promoted equal opportunities - I didn't even want to waste time going to interviews with companies that thought someone who asked that was a troublemaker (and it worked - I found a good job with good coworkers).
Second, you have to talk to someone, preferably your immediate boss, and be very diplomatic. I'm sure other posts here will have suggestions. If I were you, I'd point out that the program was not for commercial use, but that you would be willing to give them a licence if they let you have the rights. If it's for internal use (not for reselling) that should be acceptable. Ask for a paper record - it doesn't have to be very formal, just something that records what has happened. Don't mention that you have already coded many of the requirements (this avoids you looking bad if they refuse to co-operate - see below).
Keep your temper, keep calm, don't make threats, and don't make absolute statements!
If you try talking and are blanked out, then make very sure that you keep any further modifications completely separate - implement the modifications separately at work, don't bring any code in and don't take any out. To protect your back, make sure that your improved version is published. Post yourself a recorded delivery copy and don't open it. Write the improvements your company wants at work, in their time, and get paid for it. Don't mention or offer your fixes - that will just drag you in deeper.
Unlike other people here I don't think you should fight if they won't co-operate. At least, not until you have another job. Just put it down to experience.
And really, look for better employers - you should be able to deal comfortably with this kind of problem at work. It's your manager's job to provide an environment in which you can talk about these things....
Good luck,
Andrew
PS One other thing - in future, develop home-brew software in areas unrelated to your employers. In this case you were unlucky (unless your company writes web software), but there are many interesting problems out there looking for code... For example, I am paid to write software to help financial transactions on the internet - on my web pages you'll find lots of code, but nothing related to that!
I've written something similar (it filters cookies, but you can run two in series to block ads). It doesn't come with a list of sites to block - you must decide yourself. For more info, check out http://www.andrewcooke.free-online.co.uk/jara/alfa jor/index.html
Andrew
If anyone is interested, I recorded how I got my first job in computing a couple of years ago at http://www.andrewcooke.fre e-online.co.uk/andrew/job.html (Preview seems to add a space in the middle of that, but the link works...)
Andrew
People might like to check out Van Der Linden's "Expert C Programming (Deep C Secrets)" - it's a very odd book, full of many random snippets, but it does contain some nuggets of useful wisdom.
Thanks for the review - I'll have a look for this book next time are out shopping...
Cheers,
Andrew