The sort of developers who continue to make this mistake will make it even in that language -- how do you generate a SanitizedString?
The correct response is to make it easy to do right. A good ORM in pretty much any language should help with this -- there's plenty of support for parameterized SQL in Rails, but you can (and should) avoid even that problem entirely by not writing any SQL at all.
Strong typing might help, but even there, the solution is the same -- syntactic sugar on the Right Thing, syntactic vinegar on the Wrong Thing, and focus on making it easy to do right, rather than hard to do wrong, since people will find a way to do it wrong anyway.
Yes. Now weight the pretty much non-existent benefits
Eliminating botnets is a "non-existent benefit"?
Yeah. Namely, that it's impossible - even actual experts get hacked [gulker.com].
If I understand that story, Mitnick launched a direct, targeted attack against this individual. Grandma was hit with a drive-by. She didn't have to be an expert, she just had to keep herself patched and read dialog boxes -- basic stuff which anyone should know before using a computer.
For that matter, if she was the target of a deliberate attack, I'd think she would want to know about it and do something about it.
One of these days a bot will contact your machine before it can apply an update, and then you're p0wned.
Contact my machine how? Through what listening service? And before I make an outgoing connection, I patch. It'd have to be a zero-day exploit, probably of my browser, and then it'd have to get lucky enough that I happen to hit that particular website.
Reducing the attack surface area to about that has serious consequences for botnet authors. If this was true for everyone, it would mean you would have to be incredibly lucky and incredibly skilled in order to start to build a botnet -- and as soon as anyone notices you, ISPs start killing the bots. I don't see how that could possibly remain profitable.
And yes, if this does happen to me one day, I'd like to know about it. It'd be bloody inconvenient to be offline, but that's also something I'd want anyway, since whichever machine is infected also has all sorts of personal data I don't want sent out.
Even if you use Linux, your web browser is bound to have bugs, and those allow bots to your machine...
I use Chrome, which means most of those bugs are going to be sandboxed.
or perhaps one manages to break into a package repository.
It's not enough to "break into" the repository servers. Every package is signed, and often areas of the package tree will belong to different users. So you not only need to break into the repository servers, you also need to get access to very specific people's signing keys.
And the kernel itself has had holes before, and likely still does.
It absolutely still does, and they're discovered and patched all the time. The thing is, it's been a long time since anyone's found viable remote exploits, and as much as APK would love to believe otherwise, the kind of local exploits Linux has now aren't nearly as serious, and also aren't that relevant to this discussion.
A local exploit could be what gets them out of, say, the Chrome sandbox. But this means they now need two zero-day exploits.
All ecological niches get fulfilled, that's one of the basic laws of nature. The Internet is an ecosystem...
That's a pretty metaphor, but does it actually fit?
Actually, yes, somewhat. Ecological niches get filled. They can also be created or destroyed. So...
botnets have a niche, they will continue to exist as long as computers can run code not approved by some authority...
What does "approved by some authority" have to do with anything, especially when you were pointing out that repositories could be pwned? What's stopping someone from pwning the iTunes store?
But no, I don't see this happening -- again, they need to be economically viable. If botnet creation requires an incredibly high level of skill, timing, and luck in order to, say, slip something into a Linux repository (or iTunes, or Windows Update), and the botnet then lasts a few days, maybe a few weeks before those machines are taken offline and cleaned, I don't see that being economically viable, I see it being worse than playing the lottery. If it instead requires a ton of labor to add each bot by hand, by deliberately targeting that machine the way Kev
Well, more than that, access to the local account is usually sufficient. This is why additional sandboxes (like Chrome's, or App Armor) are still useful.
Its a good day on./ when someone stands up and offers to train all the grandmothers, non-geek, and anyone else who doesn't know computers well enough to relaize Microsoft is a bane on you system and lack of security is your fault.
I'd certainly be willing to offer classes, but this problem is not going to be solved -- ever -- until those people start seeing some consequences to their lack of security. In this case, grandma calls her ISP because she can't get online. Her ISP says "Oh, you can't get online because your machine's infected." She takes it to her local geek relative or computer shop to get it cleaned, so there is now one less bot in the world.
Maybe she keeps it clean. But maybe, a few weeks later, it happens again. Sooner or later, she's going to decide that enough is enough and decide to make a point of learning something about security.
I don't really see a better solution. Or are you suggesting that botnets are OK?
I mean really how did grandma know that her 8yr old grandson was surfing porn and got her machine infect.
She didn't, the first time. But she might notice if every time he comes to visit, she gets booted offline.
The easiest thing she could possibly do is forbid her grandson from using her computer -- which also avoids all of the above training. So now we have one less bot in the world, and the grandson has felt some consequences to surfing porn unsafely, which means there's one less asshat who infects computers by surfing porn.
Or, if she learns something about security, she at least gets a decent browser and keeps it patched so that whether she knows where he's going or not, her grandson isn't going to infect her by surfing porn.
Yeah, it does kind of suck for grandma, but what's your alternative, other than botnets forever?
Not quite. For these hashes to be useful, you also need to be aware of the current state of the network -- you can't mine offline. Also, in order to cash in, you need to broadcast the resulting hash as far as you can through the network before someone else beats you to it with their own hash. So it does generate traffic -- not a lot, but some.
However, there's nothing stopping this botnet from distributing bitcoin network updates via its own encrypted communication, minimizing the number of nodes it needs to be connected to the actual bitcoin network. Also, even if every node were connected, it's still not easy to distinguish a legitimate bitcoin node from one of these bots. By contrast, if they're using it to spam, it should be quite easy.
Unless it's a massive bitcoin mining operation or some actual spyware of the sort which steals credit card data, there's not a lot I can think of that they would want those machines for which would be able to work with entirely encrypted communication. In particular, if they're spam zombies, the flood of email should be a clue.
Then again, there is the problem of knowing that a given attack was a DDoS, and knowing whether a given machine which participated in that attack was a botnet zombie or a legitimate user with bad timing.
Still, if there's a way to single these machines out, I agree with the original poster -- join a botnet, get disconnected.
I doubt that someone concerned with creating Debian packages will find the information on the Nullsoft Scriptable Install System very useful, or vice versa.
While I love living in the world of web apps, where I can simply point people at the latest Chrome or Firefox for their chosen platform, I would certainly find both of these things helpful if I ever need to develop a non-trivial cross-platform native application. In fact, if you're going to cover Debian packages at all, any developer interested in those is probably also (unfortunately) interested in some sort of installer for Windows.
But this is, of course, why I prefer web apps. Otherwise I'd also have to deal with building a Mac.app or.mpkg, whatever iOS and Android support, and an RPM at least, if not also packages for Arch, Gentoo, and others, plus a simple tarball with some sort of install script or instructions for anyone I left out.
The question is, will they be able to learn it from scratch at all, and how long will it take?
I'd say that depends on the person.
And I'd say that the quality of the person's education is a factor, depending how you're defining "person" here. But now we're going in circles.
It's learning an idea, or more than that, a way of thinking and a point of view, to where you can answer questions like "How might Descartes respond to Hume's position on miracles?"
Except for the last part, it is more or less memorization.
Some memorization is involved, but this is, in fact, the majority of what I spent my time in Philosophy doing. It's really not hard to remember the name Descartes, or to associate it with some opinions -- that's the memorization part. The actual philosophy is in actual argumentation.
I mean, you realize you're either saying that all classes are memorization -- in which case, I'm surprised you made it through school at all -- or that all classes except those directly related to computer science are memorization.
Neither. I just don't care about them.
No, you were saying that, whether or not it's what you intended to say.
If you're instead going to say that you just don't care about them, but that they are not memorization, then this part makes no sense:
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who memorized (and somehow remembered) a random assortment of things but wasn't as good at the position that I was hiring for as the other person is...
To make this relevant, we'd have to reword it to:
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who took a broad array of courses I don't personally care about but wasn't as good at the position...
In fact, if we revise it further -- if this second person took a broad array of courses they didn't personally care about -- then they've shown they can do decently well even at a job they don't like. I'd hope I'd have an inspiring project all the time, but you want your best people to be doing both the exciting new features and the ugly grunt work that no one wants to do.
But, many people don't do this. Just talk to a typical Creationist.
As I said, open-minded people are probably rare. I wouldn't say that they can't do this. I would say that they don't want to.
When did you say this? This is the first time the words "open-minded" or "rare" appear in this thread...
Anyway, it's a distinction without a difference. A Creationist who has a dogmatic refusal to make the slightest effort to wrap their minds around what evolution actually means and implies and continues to drop lines like "Dogs don't give birth to cats!" (when such an event would in fact falsify evolution)... This person is functionally indistinguishable from the person who actually can't understand, and it's hard enough to distinguish the two of them from the person who is willing to lie in order to "win" the debate.
This isn't even about being open-minded, it's about being able to understand your opponents' perspective, even if you continue to disagree. I've met exactly one person who actually appears to understand evolution, and rejects it nonetheless -- and even he didn't understand how evolutionary theory could remain valid without requiring any valid theory of abiogenesis.
Passing a philosophy course requires developing and using this skill, and if it's a good course, it might also offer an explanation of why this is useful. It's certainly possible to gain that elsewhere, and also possible to pass a philosophy course and remain
Whether it's having to use horrid languages like JavaScript or PHP,
JavaScript isn't a bad language. It's not a great language, but it's much better than it's given credit for.
PHP is, however, a pretty bad language. Maybe it's gotten better recently, but it's not a great choice -- especially when, on the server, you have options.
or dealing with broken browsers like IE6,
That does suck. Last time I did web development, it took something like an hour a week. But that's really not bad, in the scheme of things.
We also eventually decided to drop IE6 when we noticed how little of our traffic included it -- we targeted at least IE7, which was much better in that respect.
or dealing with shitty MySQL databases "designed" by people who didn't understand even basic relational theory,
In this case, you're in the same boat as with PHP -- that is, you're working with legacy code developed by shitty developers. You find the same shit everywhere.
Or you can use languages that are actually enjoyable on the server side, and work with designers who actually do understand databases.
At least native applications are often built using real programming languages like C and C++.
I'd prefer JavaScript to C++, but then, I hate static types. But I'm confused that anyone in their right mind would prefer C to JavaScript. C, really?
Even semi-native languages...
What do you mean "even"? I mean...
like Java, C# and, dare I say it, VB.NET,
Are you really saying C and C++ are more enjoyable than the above?
And people are taking you seriously?
I could see the argument that they are more "powerful", in some sense. More efficient, certainly, in the hands of someone who knows what they're doing. But more enjoyable?
I enjoy not having to debug segfaults anymore. Let's start with that.
or dealing with broken HTML,
How is this any worse than, say, dealing with a broken GUI widget?
or fighting with stylesheets.
This is probably the worst part of web development right now, so I do agree with you there.
But I'd still rather fight with stylesheets than fight with manual memory allocation in C and C++, or with making Java, C#, and VB.NET programs actually cross-platform -- or even be sure they work on everyone's machine. There are far fewer popular browsers than there are ways people will fuck up Windows.
Everything about it was decades behind where native applications were at the time, and things still haven't changed.
Oh, they have changed.
There are aspects which are decades ahead of native apps now, but there are also aspects which are decades behind.
I think people overestimate the value of IQs and far too often correlate it with actual "intelligence."
I think this has something to do with the fact that it's one of the best ways we've got to measure "intelligence" in any sort of quantifiable way. By "intelligence", I am talking about the capacity to learn, to think and reason, and there are real differences here that go beyond just a knack for a single field.
No matter how high someone's IQ is, it (as far as I know) won't make them good at everything (they will have to learn from scratch anyway).
The question is, will they be able to learn it from scratch at all, and how long will it take?
which is a generally useful thing to be able to do
Repeating what someone said?
Since you quoted me out-of-context, let me provide the context (again):
learning not just random facts, but random past philosophers' opinions well enough that you can argue from their point of view,
Even this much is far more than just "repeating what someone said." It's not regurgitation by rote. It's learning an idea, or more than that, a way of thinking and a point of view, to where you can answer questions like "How might Descartes respond to Hume's position on miracles?" Given that Hume was born some 60 years after Descartes died, this isn't in any way repeating what Descartes said, since he never said anything of the sort. It is requiring you to think -- knowing what you know about Descartes, try to think like him and predict what he might say if the two philosophers were ever to meet.
The more important point is that the skill of actually listening to someone and understanding their point of view well enough that you can argue from it, perhaps even win arguments from that point of view, without actually adopting it yourself. As you say:
You merely need to comprehend and read/listen to what they are saying. I'd be surprised if many people didn't have this ability.
But, many people don't do this. Just talk to a typical Creationist. Perhaps they have the latent ability to do this, but if they actually took the time to understand their opponents' position, we wouldn't have crap like the Crocoduck.
In fact, it seems like many interpersonal issues people have are a result of exactly this: Failing to really listen. The difficulty of resolving these issues suggests that if people have this ability, it's not something which can be turned on at will.
Or that, despite taking them, I've found zero use in them. Also, memorization is essentially what happens (memorizing procedures and facts).
Having taken them, I don't see the same thing you do, so that leaves us with, "You're at a pretty terrible school." It's also possible that despite taking them, you missed the point -- maybe you got more out of them than you thought, or maybe you actually missed out on what they do have to offer.
There are classes in which we only memorize facts which are unlikely to be useful. I haven't had English, Philosophy, or Math be like that at all.
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who memorized (and somehow remembered) a random assortment of things but wasn't as good at the position that I was hiring for as the other person is, then, personally, I'd pick the former.
As would I, but this isn't what we're talking about.
I mean, you realize you're either saying that all classes are memorization -- in which case, I'm surprised you made it through school at all -- or that all classes except those directly related to computer science are memorization. Education-through-regurgitation exists, but there are a lot of classes which are not like that at all.
That's a nice philosophy, but it doesn't work in practice. NONE of the browsers properly render the standards 100%.
They are, however, close enough that browser-specific hacks are uncommon, and until recently, mostly IE. (Probably still mostly IE.) I last did serious web development several years ago, and things have gotten better since then. Even then, it was reasonably possible (especially if you use things like jQuery) to develop an app on your browser of choice (so long as it's not IE) and have it just work everywhere except IE. Then you apply the IE-specific hack once a week or so, and you're good.
So the, admittedly less than ideal, options are to pick one target to develop against, or to limit yourself to the subset of features that work properly across all browsers at that particular moment in time -- and pray that none of the browsers break them later.
If you're willing to restrict yourself to reasonably-modern browsers, the above is still true. The closer you stick to actual standards, the more likely it is to not break in the future.
One thing I really don't want to see is IE becoming the only corporate choice again -- and Firefox is the biggest reason web development is no longer "best on IE6". I'd hate to see it be the biggest reason for web development to become "best on IE9" again.
I actually don't care about Firefox specifically in the enterprise, but there need to be options. Having a group that large locked to one vendor's idea of what the Web should be is detrimental to the Web as a whole.
What if I'm on a road trip in my brand new Series 6 Gran Coupe and something goes wrong with the 4.4-liter twin-turbocharged V8 and I'm 400 miles from the nearest BMW dealer?
I imagine there are solutions for that, but they wouldn't exactly be cheap. But then, that's the point -- the BMW dealer is going to be much more expensive. They can be, because if you've got a shiny new BMW, you have no choice.
This is why my father recently traded in his BMW convertible for a newer Nissan Maxima. He's no longer interested in servicing it himself, but he can take it down to Bob's Automotive and have them service it for a fraction of what the BMW would cost, and it seems to need less servicing overall -- though that probably has more to do with the new car not being a convertible than with it not being a BMW.
I only learned about this because I was trying to use a car analogy to explain to him why he shouldn't buy iStuff, and should prefer platforms at least as open as Windows, if not actually open source platforms. "Would you buy a car with the hood welded shut? Would anyone consider buying a car anywhere near as locked-down as Apple products are?" Yes, apparently, but talking about it and thinking about it, he's changed his mind -- he's much more likely to get Android if he gets a smartphone, and he doesn't have the BMW anymore.
And I'd say that memorizing a bunch of information that they probably won't use is not what makes someone intelligent.
I'd almost agree, if it wasn't for the fact that learning a language (which involves a lot of memorizing information you probably won't use) will likely increase your IQ.
This also isn't the vast majority of these other classes, and you've even admitted that this is oversimplified. For instance, philosophy courses are going to require learning not just random facts, but random past philosophers' opinions well enough that you can argue from their point of view, which is a generally useful thing to be able to do -- if you can see Hume or Descartes' point of view, you might just be able to see your co-worker's point of view, or at least where you disagree.
I wouldn't be terribly sad to see my school's "library" course go away, but to suggest everything liberal-artsy and not directly related to your actual degree is "memorizing a bunch of information that they probably won't use" tells me that either you've deliberately avoided even trying those courses, or you're at a pretty terrible school.
Yes. "What if" questions. How nice. I'd rather the individual be able to choose whether they want to take that risk or not.
And they can -- that's what tech schools are for. Still, even the basic liberal-arts stuff like, I don't know, english, are also invaluable to programming, which is still at least as much communication as it is math.
Also, if I'm looking for someone to hire, I'd much rather hire someone who's shown that sort of versatility, which is why people look for a BS anyway.
That's nice, but what if the person in question is someone who does not enjoy other things?
Really? There's nothing they enjoy other than programming?
First, that's a sad individual.
Second, as I said, it's going to suck for them when (not if) they're forced to adapt. It's not clear that there will always be programmers, but it seems likely that if the field still exists, it will continue to change rapidly. Unless you're content being a mainframe programmer -- but there's a tech school for that.
Most of the major Android manufacturers have committed themselves to selling devices with unlocked bootloaders. This means it's not terribly difficult for you to install the OS upgrade yourself, and there's also nothing stopping you from downloading the latest source, compiling that, and installing it.
So there's also nothing stopping you from installing a version which doesn't wipe software without your permission.
All of this also means it's fairly unlikely Google will start trying to wipe software without your permission, since it's clear that this would piss people off, and anyone really determined would be able to get it back anyway.
Or when you replace your phone?
This is the part I'm not sure about. I would assume the app purchase is tied to your Google account, so you'd normally transfer apps that way. However, if you've rooted your device -- which, reading the above again, is no longer equivalent to jailbreaking an iPhone, it's actually a fairly standard feature -- I would expect you have some options.
I can't guarantee it, though, which is why I'd be wary of buying any app that cost any amount of money I couldn't afford to spend on that one phone. There are enough free and open source apps, and I'm a programmer, so I'd be more than happy to scratch my own itches here.
I don't really see the difference when the manufacturer of a device can tell you what you can and cannot do with that device.
They aren't -- see above.
That said, be careful. When you buy a new Android device, get one with an unlocked bootloader. Bonus points: Ask for it in the store, to make carriers more aware that people do want this. (Of course, do your research -- it's entirely possible the salesperson will lie to you without having any idea what "unlocked" means.)
I'm trying to think of other products where the manufacturer can make such decisions without your permission. Any ideas?
It takes a computing device of some sort to actually enforce this, but oddly enough, there do exist devices which are similarly locked down. Newer BMWs can only be serviced at a BMW dealer, because BMW actively locks them down, while other cars can be serviced at any local dealer, and much more cheaply.
It's also extremely rare that any device actually makes a decision like this. The only time I can remember it happening in recent history is when it's actually malware, or with Amazon pulling 1984 from Kindles -- but Kindles aren't smartphones.
I definitely agree with your motivation, but you can actually own your phone and the software in it, you just have to put a bit of care into the choice of both. It is possible to buy an Android device locked-down enough that there will be software you don't want on it, and software you want will either not be there or could be removed later -- but this isn't true of all Android devices.
If you want programming experience or new languages then there are many avenues (self taught and other).
Granted, but I'd be slightly wary of being self-taught, and I can't stress this part enough, learn Ruby before Rails. Same goes for any language -- learn a language well, and learn the fundamentals of programming, and only then should you consider picking up a framework, particularly one which does as much for you as Rails.
CS is mostly abstract - algorithms, math, etc.
Depends where it is. The program I'm going through now had us doing actual programming for at least the first two years. The harder stuff is going to be the theoretical components (math, algoritms, etc), but that's certainly not the extent. I mean...
you could get a good CS education without needing a computer.
The better CS programs simply will not allow this. Aside from that, my non-CS courses are starting to require computers for other reasons, also.
It's like the difference between medical school and being a doctor. If you want to be a better doctor then going back to med school wont' make any difference.
But before you become a doctor, you need some medical school.
but that they are helpful for both of those things.
I'd say that that depends on the individual and what their goals are.
Wait, really?
Education is helpful for you to become a more "intelligent" individual, depending on what your goals are?
How does that work? What sort of goals would alter that statement? Maybe this is the part that depends on the individual, but not on goals.
A wide education of some sort, formal or otherwise, is almost by definition what you need if you're going to survive a career change
That depends on what someone plans on doing.
That's just it, though -- you might not be deliberately planning on a career change. Your career could just disappear.
Notice the number of people who complained loudly about their work being offshored to India? Suppose they actually had managed to offshore every single coding job? Now your tech degree is useless, as is whatever programming skill you've learned on your own, unless you're also going to India -- in which case, it seems like you've chosen a path where you will only have work where it's cheap to live.
And that would be a best-case scenario. No matter what job you've chosen, you can't predict when your skills will become as useful as the buggy-whip manufacturers'.
The point here is that if you have a broad education, you're much more prepared for what you don't plan on.
That works, but the simplest mechanism I've found is just to watch the HTTP traffic. Chrome makes this easy -- open dev tools, refresh the page, watch Flash try to stream that video, copy the URL, and often wget will work. (At which point, I close the Flash player to save bandwidth.
The only real advantage to JavaScript in this case is to capture the cycles of the sort of people who wouldn't trip that control -- which means anonymous visitors, which means I'd have to opt out.
If they made it opt-in, they could just as easily link to boinc.
It was merely an oversimplified description. I believe that there's more to it than that.
For what it's worth, philosophy has taught me quite a lot about logic and reasoning, which has been useful in comp sci and math. I don't like pointless memorization, but I also have some amount of freedom to choose my gen-eds, so I go for the ones that will make me think, rather than memorize. When I can, anyway -- I'm still going to have to learn a foreign language.
...many of the posts I've replied to here seem to be implying that these classes are absolutely essential in order for you to be good at your job (or for you to be an "intelligent" individual).
I think the idea isn't that these are necessary, but that they are helpful for both of those things. A wide education of some sort, formal or otherwise, is almost by definition what you need if you're going to survive a career change -- and CS is the sort of field which moves quickly enough that it seems likely you'll need that at some point.
Slashdot Mirror
The sort of developers who continue to make this mistake will make it even in that language -- how do you generate a SanitizedString?
The correct response is to make it easy to do right. A good ORM in pretty much any language should help with this -- there's plenty of support for parameterized SQL in Rails, but you can (and should) avoid even that problem entirely by not writing any SQL at all.
Strong typing might help, but even there, the solution is the same -- syntactic sugar on the Right Thing, syntactic vinegar on the Wrong Thing, and focus on making it easy to do right, rather than hard to do wrong, since people will find a way to do it wrong anyway.
Yes. Now weight the pretty much non-existent benefits
Eliminating botnets is a "non-existent benefit"?
Yeah. Namely, that it's impossible - even actual experts get hacked [gulker.com].
If I understand that story, Mitnick launched a direct, targeted attack against this individual. Grandma was hit with a drive-by. She didn't have to be an expert, she just had to keep herself patched and read dialog boxes -- basic stuff which anyone should know before using a computer.
For that matter, if she was the target of a deliberate attack, I'd think she would want to know about it and do something about it.
One of these days a bot will contact your machine before it can apply an update, and then you're p0wned.
Contact my machine how? Through what listening service? And before I make an outgoing connection, I patch. It'd have to be a zero-day exploit, probably of my browser, and then it'd have to get lucky enough that I happen to hit that particular website.
Reducing the attack surface area to about that has serious consequences for botnet authors. If this was true for everyone, it would mean you would have to be incredibly lucky and incredibly skilled in order to start to build a botnet -- and as soon as anyone notices you, ISPs start killing the bots. I don't see how that could possibly remain profitable.
And yes, if this does happen to me one day, I'd like to know about it. It'd be bloody inconvenient to be offline, but that's also something I'd want anyway, since whichever machine is infected also has all sorts of personal data I don't want sent out.
Even if you use Linux, your web browser is bound to have bugs, and those allow bots to your machine...
I use Chrome, which means most of those bugs are going to be sandboxed.
or perhaps one manages to break into a package repository.
It's not enough to "break into" the repository servers. Every package is signed, and often areas of the package tree will belong to different users. So you not only need to break into the repository servers, you also need to get access to very specific people's signing keys.
And the kernel itself has had holes before, and likely still does.
It absolutely still does, and they're discovered and patched all the time. The thing is, it's been a long time since anyone's found viable remote exploits, and as much as APK would love to believe otherwise, the kind of local exploits Linux has now aren't nearly as serious, and also aren't that relevant to this discussion.
A local exploit could be what gets them out of, say, the Chrome sandbox. But this means they now need two zero-day exploits.
All ecological niches get fulfilled, that's one of the basic laws of nature. The Internet is an ecosystem...
That's a pretty metaphor, but does it actually fit?
Actually, yes, somewhat. Ecological niches get filled. They can also be created or destroyed. So...
botnets have a niche, they will continue to exist as long as computers can run code not approved by some authority...
What does "approved by some authority" have to do with anything, especially when you were pointing out that repositories could be pwned? What's stopping someone from pwning the iTunes store?
But no, I don't see this happening -- again, they need to be economically viable. If botnet creation requires an incredibly high level of skill, timing, and luck in order to, say, slip something into a Linux repository (or iTunes, or Windows Update), and the botnet then lasts a few days, maybe a few weeks before those machines are taken offline and cleaned, I don't see that being economically viable, I see it being worse than playing the lottery. If it instead requires a ton of labor to add each bot by hand, by deliberately targeting that machine the way Kev
You know, I think I like the "botnets forever" option better.
Oh, and it doesn't solve the problem. "Hey, here's a cool app to install! But Apple banned it, so you'll just have to..."
Well, more than that, access to the local account is usually sufficient. This is why additional sandboxes (like Chrome's, or App Armor) are still useful.
Its a good day on ./ when someone stands up and offers to train all the grandmothers, non-geek, and anyone else who doesn't know computers well enough to relaize Microsoft is a bane on you system and lack of security is your fault.
I'd certainly be willing to offer classes, but this problem is not going to be solved -- ever -- until those people start seeing some consequences to their lack of security. In this case, grandma calls her ISP because she can't get online. Her ISP says "Oh, you can't get online because your machine's infected." She takes it to her local geek relative or computer shop to get it cleaned, so there is now one less bot in the world.
Maybe she keeps it clean. But maybe, a few weeks later, it happens again. Sooner or later, she's going to decide that enough is enough and decide to make a point of learning something about security.
I don't really see a better solution. Or are you suggesting that botnets are OK?
I mean really how did grandma know that her 8yr old grandson was surfing porn and got her machine infect.
She didn't, the first time. But she might notice if every time he comes to visit, she gets booted offline.
The easiest thing she could possibly do is forbid her grandson from using her computer -- which also avoids all of the above training. So now we have one less bot in the world, and the grandson has felt some consequences to surfing porn unsafely, which means there's one less asshat who infects computers by surfing porn.
Or, if she learns something about security, she at least gets a decent browser and keeps it patched so that whether she knows where he's going or not, her grandson isn't going to infect her by surfing porn.
Yeah, it does kind of suck for grandma, but what's your alternative, other than botnets forever?
Not quite. For these hashes to be useful, you also need to be aware of the current state of the network -- you can't mine offline. Also, in order to cash in, you need to broadcast the resulting hash as far as you can through the network before someone else beats you to it with their own hash. So it does generate traffic -- not a lot, but some.
However, there's nothing stopping this botnet from distributing bitcoin network updates via its own encrypted communication, minimizing the number of nodes it needs to be connected to the actual bitcoin network. Also, even if every node were connected, it's still not easy to distinguish a legitimate bitcoin node from one of these bots. By contrast, if they're using it to spam, it should be quite easy.
Unless it's a massive bitcoin mining operation or some actual spyware of the sort which steals credit card data, there's not a lot I can think of that they would want those machines for which would be able to work with entirely encrypted communication. In particular, if they're spam zombies, the flood of email should be a clue.
Then again, there is the problem of knowing that a given attack was a DDoS, and knowing whether a given machine which participated in that attack was a botnet zombie or a legitimate user with bad timing.
Still, if there's a way to single these machines out, I agree with the original poster -- join a botnet, get disconnected.
At which point do we get to call ecofascism by its proper name?
When it starts being anti-human, instead of pro-environment, which is also pro-human.
Slippery-slope fallacy is fallacious.
I doubt that someone concerned with creating Debian packages will find the information on the Nullsoft Scriptable Install System very useful, or vice versa.
While I love living in the world of web apps, where I can simply point people at the latest Chrome or Firefox for their chosen platform, I would certainly find both of these things helpful if I ever need to develop a non-trivial cross-platform native application. In fact, if you're going to cover Debian packages at all, any developer interested in those is probably also (unfortunately) interested in some sort of installer for Windows.
But this is, of course, why I prefer web apps. Otherwise I'd also have to deal with building a Mac .app or .mpkg, whatever iOS and Android support, and an RPM at least, if not also packages for Arch, Gentoo, and others, plus a simple tarball with some sort of install script or instructions for anyone I left out.
I mean, before the change, people were stuck with white.
If you are doing manual memory management in C++ you are either doing it wrong, or doing some hardcore low-level stuff.
If you aren't, it seems like you lose much of the advantage of C++ in the first place over something like Java.
The question is, will they be able to learn it from scratch at all, and how long will it take?
I'd say that depends on the person.
And I'd say that the quality of the person's education is a factor, depending how you're defining "person" here. But now we're going in circles.
It's learning an idea, or more than that, a way of thinking and a point of view, to where you can answer questions like "How might Descartes respond to Hume's position on miracles?"
Except for the last part, it is more or less memorization.
Some memorization is involved, but this is, in fact, the majority of what I spent my time in Philosophy doing. It's really not hard to remember the name Descartes, or to associate it with some opinions -- that's the memorization part. The actual philosophy is in actual argumentation.
I mean, you realize you're either saying that all classes are memorization -- in which case, I'm surprised you made it through school at all -- or that all classes except those directly related to computer science are memorization.
Neither. I just don't care about them.
No, you were saying that, whether or not it's what you intended to say.
If you're instead going to say that you just don't care about them, but that they are not memorization, then this part makes no sense:
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who memorized (and somehow remembered) a random assortment of things but wasn't as good at the position that I was hiring for as the other person is...
To make this relevant, we'd have to reword it to:
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who took a broad array of courses I don't personally care about but wasn't as good at the position...
In fact, if we revise it further -- if this second person took a broad array of courses they didn't personally care about -- then they've shown they can do decently well even at a job they don't like. I'd hope I'd have an inspiring project all the time, but you want your best people to be doing both the exciting new features and the ugly grunt work that no one wants to do.
But, many people don't do this. Just talk to a typical Creationist.
As I said, open-minded people are probably rare. I wouldn't say that they can't do this. I would say that they don't want to.
When did you say this? This is the first time the words "open-minded" or "rare" appear in this thread...
Anyway, it's a distinction without a difference. A Creationist who has a dogmatic refusal to make the slightest effort to wrap their minds around what evolution actually means and implies and continues to drop lines like "Dogs don't give birth to cats!" (when such an event would in fact falsify evolution)... This person is functionally indistinguishable from the person who actually can't understand, and it's hard enough to distinguish the two of them from the person who is willing to lie in order to "win" the debate.
This isn't even about being open-minded, it's about being able to understand your opponents' perspective, even if you continue to disagree. I've met exactly one person who actually appears to understand evolution, and rejects it nonetheless -- and even he didn't understand how evolutionary theory could remain valid without requiring any valid theory of abiogenesis.
Passing a philosophy course requires developing and using this skill, and if it's a good course, it might also offer an explanation of why this is useful. It's certainly possible to gain that elsewhere, and also possible to pass a philosophy course and remain
Whether it's having to use horrid languages like JavaScript or PHP,
JavaScript isn't a bad language. It's not a great language, but it's much better than it's given credit for.
PHP is, however, a pretty bad language. Maybe it's gotten better recently, but it's not a great choice -- especially when, on the server, you have options.
or dealing with broken browsers like IE6,
That does suck. Last time I did web development, it took something like an hour a week. But that's really not bad, in the scheme of things.
We also eventually decided to drop IE6 when we noticed how little of our traffic included it -- we targeted at least IE7, which was much better in that respect.
or dealing with shitty MySQL databases "designed" by people who didn't understand even basic relational theory,
In this case, you're in the same boat as with PHP -- that is, you're working with legacy code developed by shitty developers. You find the same shit everywhere.
Or you can use languages that are actually enjoyable on the server side, and work with designers who actually do understand databases.
At least native applications are often built using real programming languages like C and C++.
I'd prefer JavaScript to C++, but then, I hate static types. But I'm confused that anyone in their right mind would prefer C to JavaScript. C, really?
Even semi-native languages...
What do you mean "even"? I mean...
like Java, C# and, dare I say it, VB.NET,
Are you really saying C and C++ are more enjoyable than the above?
And people are taking you seriously?
I could see the argument that they are more "powerful", in some sense. More efficient, certainly, in the hands of someone who knows what they're doing. But more enjoyable?
I enjoy not having to debug segfaults anymore. Let's start with that.
or dealing with broken HTML,
How is this any worse than, say, dealing with a broken GUI widget?
or fighting with stylesheets.
This is probably the worst part of web development right now, so I do agree with you there.
But I'd still rather fight with stylesheets than fight with manual memory allocation in C and C++, or with making Java, C#, and VB.NET programs actually cross-platform -- or even be sure they work on everyone's machine. There are far fewer popular browsers than there are ways people will fuck up Windows.
Everything about it was decades behind where native applications were at the time, and things still haven't changed.
Oh, they have changed.
There are aspects which are decades ahead of native apps now, but there are also aspects which are decades behind.
I think people overestimate the value of IQs and far too often correlate it with actual "intelligence."
I think this has something to do with the fact that it's one of the best ways we've got to measure "intelligence" in any sort of quantifiable way. By "intelligence", I am talking about the capacity to learn, to think and reason, and there are real differences here that go beyond just a knack for a single field.
No matter how high someone's IQ is, it (as far as I know) won't make them good at everything (they will have to learn from scratch anyway).
The question is, will they be able to learn it from scratch at all, and how long will it take?
which is a generally useful thing to be able to do
Repeating what someone said?
Since you quoted me out-of-context, let me provide the context (again):
learning not just random facts, but random past philosophers' opinions well enough that you can argue from their point of view,
Even this much is far more than just "repeating what someone said." It's not regurgitation by rote. It's learning an idea, or more than that, a way of thinking and a point of view, to where you can answer questions like "How might Descartes respond to Hume's position on miracles?" Given that Hume was born some 60 years after Descartes died, this isn't in any way repeating what Descartes said, since he never said anything of the sort. It is requiring you to think -- knowing what you know about Descartes, try to think like him and predict what he might say if the two philosophers were ever to meet.
The more important point is that the skill of actually listening to someone and understanding their point of view well enough that you can argue from it, perhaps even win arguments from that point of view, without actually adopting it yourself. As you say:
You merely need to comprehend and read/listen to what they are saying. I'd be surprised if many people didn't have this ability.
But, many people don't do this. Just talk to a typical Creationist. Perhaps they have the latent ability to do this, but if they actually took the time to understand their opponents' position, we wouldn't have crap like the Crocoduck.
In fact, it seems like many interpersonal issues people have are a result of exactly this: Failing to really listen. The difficulty of resolving these issues suggests that if people have this ability, it's not something which can be turned on at will.
Or that, despite taking them, I've found zero use in them. Also, memorization is essentially what happens (memorizing procedures and facts).
Having taken them, I don't see the same thing you do, so that leaves us with, "You're at a pretty terrible school." It's also possible that despite taking them, you missed the point -- maybe you got more out of them than you thought, or maybe you actually missed out on what they do have to offer.
There are classes in which we only memorize facts which are unlikely to be useful. I haven't had English, Philosophy, or Math be like that at all.
If I had a choice between someone who was highly specialized to do a job (which was related to that specialization) or someone who memorized (and somehow remembered) a random assortment of things but wasn't as good at the position that I was hiring for as the other person is, then, personally, I'd pick the former.
As would I, but this isn't what we're talking about.
I mean, you realize you're either saying that all classes are memorization -- in which case, I'm surprised you made it through school at all -- or that all classes except those directly related to computer science are memorization. Education-through-regurgitation exists, but there are a lot of classes which are not like that at all.
First
That's a nice philosophy, but it doesn't work in practice. NONE of the browsers properly render the standards 100%.
They are, however, close enough that browser-specific hacks are uncommon, and until recently, mostly IE. (Probably still mostly IE.) I last did serious web development several years ago, and things have gotten better since then. Even then, it was reasonably possible (especially if you use things like jQuery) to develop an app on your browser of choice (so long as it's not IE) and have it just work everywhere except IE. Then you apply the IE-specific hack once a week or so, and you're good.
So the, admittedly less than ideal, options are to pick one target to develop against, or to limit yourself to the subset of features that work properly across all browsers at that particular moment in time -- and pray that none of the browsers break them later.
If you're willing to restrict yourself to reasonably-modern browsers, the above is still true. The closer you stick to actual standards, the more likely it is to not break in the future.
Please don't use Linux or other Open Source OSes where Firefox is the only real option.
Even disregarding the stranger browsers like Konqueror (or Rekonq), Epiphany, etc...
Chrome has a pretty damned good Linux version.
Retarded release schedule that constantly breaks addons.
While Chrome's release schedule is a bit weird, it also doesn't seem to be breaking my addons. Maybe Firefox is Doing It Wrong.
Retarded basic browser UI designs for no goddamn reason.
Chrome's UI is a bit weird at first, but it's also not changing that much over time -- just little tweaks here and there.
I like options, too, so I hope Firefox continues to be an option, but they haven't been the only one for awhile.
One thing I really don't want to see is IE becoming the only corporate choice again -- and Firefox is the biggest reason web development is no longer "best on IE6". I'd hate to see it be the biggest reason for web development to become "best on IE9" again.
I actually don't care about Firefox specifically in the enterprise, but there need to be options. Having a group that large locked to one vendor's idea of what the Web should be is detrimental to the Web as a whole.
What if I'm on a road trip in my brand new Series 6 Gran Coupe and something goes wrong with the 4.4-liter twin-turbocharged V8 and I'm 400 miles from the nearest BMW dealer?
I imagine there are solutions for that, but they wouldn't exactly be cheap. But then, that's the point -- the BMW dealer is going to be much more expensive. They can be, because if you've got a shiny new BMW, you have no choice.
This is why my father recently traded in his BMW convertible for a newer Nissan Maxima. He's no longer interested in servicing it himself, but he can take it down to Bob's Automotive and have them service it for a fraction of what the BMW would cost, and it seems to need less servicing overall -- though that probably has more to do with the new car not being a convertible than with it not being a BMW.
I only learned about this because I was trying to use a car analogy to explain to him why he shouldn't buy iStuff, and should prefer platforms at least as open as Windows, if not actually open source platforms. "Would you buy a car with the hood welded shut? Would anyone consider buying a car anywhere near as locked-down as Apple products are?" Yes, apparently, but talking about it and thinking about it, he's changed his mind -- he's much more likely to get Android if he gets a smartphone, and he doesn't have the BMW anymore.
And I'd say that memorizing a bunch of information that they probably won't use is not what makes someone intelligent.
I'd almost agree, if it wasn't for the fact that learning a language (which involves a lot of memorizing information you probably won't use) will likely increase your IQ.
This also isn't the vast majority of these other classes, and you've even admitted that this is oversimplified. For instance, philosophy courses are going to require learning not just random facts, but random past philosophers' opinions well enough that you can argue from their point of view, which is a generally useful thing to be able to do -- if you can see Hume or Descartes' point of view, you might just be able to see your co-worker's point of view, or at least where you disagree.
I wouldn't be terribly sad to see my school's "library" course go away, but to suggest everything liberal-artsy and not directly related to your actual degree is "memorizing a bunch of information that they probably won't use" tells me that either you've deliberately avoided even trying those courses, or you're at a pretty terrible school.
Yes. "What if" questions. How nice. I'd rather the individual be able to choose whether they want to take that risk or not.
And they can -- that's what tech schools are for. Still, even the basic liberal-arts stuff like, I don't know, english, are also invaluable to programming, which is still at least as much communication as it is math.
Also, if I'm looking for someone to hire, I'd much rather hire someone who's shown that sort of versatility, which is why people look for a BS anyway.
That's nice, but what if the person in question is someone who does not enjoy other things?
Really? There's nothing they enjoy other than programming?
First, that's a sad individual.
Second, as I said, it's going to suck for them when (not if) they're forced to adapt. It's not clear that there will always be programmers, but it seems likely that if the field still exists, it will continue to change rapidly. Unless you're content being a mainframe programmer -- but there's a tech school for that.
Until the next OS upgrade perhaps?
Most of the major Android manufacturers have committed themselves to selling devices with unlocked bootloaders. This means it's not terribly difficult for you to install the OS upgrade yourself, and there's also nothing stopping you from downloading the latest source, compiling that, and installing it.
So there's also nothing stopping you from installing a version which doesn't wipe software without your permission.
All of this also means it's fairly unlikely Google will start trying to wipe software without your permission, since it's clear that this would piss people off, and anyone really determined would be able to get it back anyway.
Or when you replace your phone?
This is the part I'm not sure about. I would assume the app purchase is tied to your Google account, so you'd normally transfer apps that way. However, if you've rooted your device -- which, reading the above again, is no longer equivalent to jailbreaking an iPhone, it's actually a fairly standard feature -- I would expect you have some options.
I can't guarantee it, though, which is why I'd be wary of buying any app that cost any amount of money I couldn't afford to spend on that one phone. There are enough free and open source apps, and I'm a programmer, so I'd be more than happy to scratch my own itches here.
I don't really see the difference when the manufacturer of a device can tell you what you can and cannot do with that device.
They aren't -- see above.
That said, be careful. When you buy a new Android device, get one with an unlocked bootloader. Bonus points: Ask for it in the store, to make carriers more aware that people do want this. (Of course, do your research -- it's entirely possible the salesperson will lie to you without having any idea what "unlocked" means.)
I'm trying to think of other products where the manufacturer can make such decisions without your permission. Any ideas?
It takes a computing device of some sort to actually enforce this, but oddly enough, there do exist devices which are similarly locked down. Newer BMWs can only be serviced at a BMW dealer, because BMW actively locks them down, while other cars can be serviced at any local dealer, and much more cheaply.
It's also extremely rare that any device actually makes a decision like this. The only time I can remember it happening in recent history is when it's actually malware, or with Amazon pulling 1984 from Kindles -- but Kindles aren't smartphones.
I definitely agree with your motivation, but you can actually own your phone and the software in it, you just have to put a bit of care into the choice of both. It is possible to buy an Android device locked-down enough that there will be software you don't want on it, and software you want will either not be there or could be removed later -- but this isn't true of all Android devices.
If you want programming experience or new languages then there are many avenues (self taught and other).
Granted, but I'd be slightly wary of being self-taught, and I can't stress this part enough, learn Ruby before Rails. Same goes for any language -- learn a language well, and learn the fundamentals of programming, and only then should you consider picking up a framework, particularly one which does as much for you as Rails.
CS is mostly abstract - algorithms, math, etc.
Depends where it is. The program I'm going through now had us doing actual programming for at least the first two years. The harder stuff is going to be the theoretical components (math, algoritms, etc), but that's certainly not the extent. I mean...
you could get a good CS education without needing a computer.
The better CS programs simply will not allow this. Aside from that, my non-CS courses are starting to require computers for other reasons, also.
It's like the difference between medical school and being a doctor. If you want to be a better doctor then going back to med school wont' make any difference.
But before you become a doctor, you need some medical school.
but that they are helpful for both of those things.
I'd say that that depends on the individual and what their goals are.
Wait, really?
Education is helpful for you to become a more "intelligent" individual, depending on what your goals are?
How does that work? What sort of goals would alter that statement? Maybe this is the part that depends on the individual, but not on goals.
A wide education of some sort, formal or otherwise, is almost by definition what you need if you're going to survive a career change
That depends on what someone plans on doing.
That's just it, though -- you might not be deliberately planning on a career change. Your career could just disappear.
Notice the number of people who complained loudly about their work being offshored to India? Suppose they actually had managed to offshore every single coding job? Now your tech degree is useless, as is whatever programming skill you've learned on your own, unless you're also going to India -- in which case, it seems like you've chosen a path where you will only have work where it's cheap to live.
And that would be a best-case scenario. No matter what job you've chosen, you can't predict when your skills will become as useful as the buggy-whip manufacturers'.
The point here is that if you have a broad education, you're much more prepared for what you don't plan on.
That works, but the simplest mechanism I've found is just to watch the HTTP traffic. Chrome makes this easy -- open dev tools, refresh the page, watch Flash try to stream that video, copy the URL, and often wget will work. (At which point, I close the Flash player to save bandwidth.
The only real advantage to JavaScript in this case is to capture the cycles of the sort of people who wouldn't trip that control -- which means anonymous visitors, which means I'd have to opt out.
If they made it opt-in, they could just as easily link to boinc.
It was merely an oversimplified description. I believe that there's more to it than that.
For what it's worth, philosophy has taught me quite a lot about logic and reasoning, which has been useful in comp sci and math. I don't like pointless memorization, but I also have some amount of freedom to choose my gen-eds, so I go for the ones that will make me think, rather than memorize. When I can, anyway -- I'm still going to have to learn a foreign language.
...many of the posts I've replied to here seem to be implying that these classes are absolutely essential in order for you to be good at your job (or for you to be an "intelligent" individual).
I think the idea isn't that these are necessary, but that they are helpful for both of those things. A wide education of some sort, formal or otherwise, is almost by definition what you need if you're going to survive a career change -- and CS is the sort of field which moves quickly enough that it seems likely you'll need that at some point.