Thats funny, coz after programming C# for 6 years I started to use java, and I find that the libraries available are much better. C# is a nicer language, but Java has tons of really good open source "stuff", like spring, hibernate, and mina. The XML stuff bothered me at first, because I'm used to Visual Studio: if I had classes referenced in XML and I refactored I was fucked. With any java editor worth its salt, e.g. IntelliJ, Eclipse, any given XML format is understood and refactored accordingly. Add Maven2 to that and I spend my time solving problems, not reinventing the wheel.
1. No client talks to any other client directly: managed routers. 2. Servers run A/V. 3. IDS, e.g. snort (free) 4. Firewall departments as well as outside world 5. Patch users machines regularly for the major exploit targets: IE, Firefox, Adobe Acrobat, Flash 6. A $299 netbook, in a safe, that is the only machine used to admin salesforce and other online services.
There are two ways that your organization can be infected before you can react to it:
1. A local network worm, i.e a TCP/UDP from one client to another. 2. An email worm, i.e. Outlook.
Either of these can and will bypass *any* security solution implemented on the client.
Most attacks are neither: they are attacks intended to compromise a single machine. 80% of these are things like Adobe PDF exploits.
Stopping a local network worm is simple: Clients do not talk to each other. All it takes is a managed router. Clients talk to servers. Specifically their own servers.
Stopping an Outlook worm is more complex, unless you want to piss people off. Its pretty easy to strip everything but plain text out of email. But there are other methods. First email spamming the whole company gets quarantined, and the user told (automatically) that mail doesnt work like that. Second, any email to a distribution list is refused if it has an attachment. Use an in-house equivalent of sendthisfile.com, or sharepoint (!), or something like that. That may take some getting used to, so an alternative may be that such email is distributed slowly, e.g. after 30 seconds. Or the user has to confirm it with a second email. There are good reasons not to have users passing around documents in email but instead to have some kind of centralized document management system. There are also good reasons to allow them to. So you are going to have to use your judgment on this. Any solution that *you* write, is going to be immune to automated worms (unless someone with inside knowledge targets you deliberately).
Why NAC/NAP/SEM is a waste of money:
1. The chance of anyone being infected in an organization is fairly small. 2. The chance of the whole organization being infected if just one is infected: very high. 3. When running things like NAC/NAP/SEM, users' machines get pretty slow. 4. NAC/NAP/SEM simply don't offer complete protection against attacks. 5. Running NAC/NAP/SEM etc reduces users productivity when there are no attacks. 6. NAC/NAP/SEM cost a lot of money.
Herley uses an example of an exploit that affects 1 percent of users per year and takes 10 hours of clean-up time per user. So implementing any security advice, he argues, should incur only 0.98 seconds per user per day to actually reduce the time involved. But it eats up much more time than that, which demonstrates that security advice provides a poor cost-benefit trade=off to users, he argues.
All that other bullshit adds huge costs to your company, and doesn't stop bots. I worked at a company that used SEM or something like it. We got a worm. Still had to bring routers down. Still lost days of network while it was cleaned up. Here's the *big* question: if it works, why is it not guaranteed? If you pay for something like this, and you get a worm, Semantec should come to your building and clean up all your computers for free. Why don't they offer that? Because they would go bankrupt in a month.
Increasingly, small business use things like Salesforce and online services. Online attacks are going to be aimed at stealing users passwords. So the most important thing is getting it into the bosses head that his day-to-day account should not be the one that has full control, i.e. add/delete users, etc. But most successful businessmen are rational, and when you explain that there are viruses that do nothing other than steal salesforce passwords, as you type them, then he/she will get it. Try to persuade him/her to have one machine that is for admin only. It can be a $299 netbook. Tell him to keep it in his safe at home.
#1. Don't allow users to be Admins of their own machines. I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.
There are plenty of root escalation attacks, on plenty of operating systems, including linux.
#2. Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing. This can be any number of centrally managed tools. if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use. I know with SEP you can manage the firewall portions and prevent worms from auto spreading.
That's one way, if you want to spend a ton of money on software that can be easily bypassed. Question for you: why are you windows machines all talking to each other? Question 2: *how* are they talking to each other?
#3. Transparent, Layer 7 filtering at the network edge. Whether you want to use a proxy or a firewall for this is up to you. Juniper makes some pretty nice layer 7 devices for this purpose.
Ok, yes, a firewall might be a good idea.
#4. NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.
Policeman: Hello, are you a thief? Thief: No. Policeman: On your way then.
Here is the bottom line: Client machines cannot be trusted. If you think installing anything on the client machine will improve security then you've already failed. You think Semantec can do a better job the Microsoft?
What to do about that?
1. Clients only talk to servers. Share C$ all you like, but other windows machines can't see it. How? Managed routers. 2. Servers run anti-virus, especially on the email side. 3. Intrusion Detection, e.g. Snort.
Defending against adversarial strategy 4 – modify detection code. The security against adversarial strategy 4 follows directly from assumption 2 (code optimality), with the exception of a “kamikaze strategy” in which the adversary corrupts the execution of some of the steps (as described in section 3), and then willingly loads legitimate code and removes itself. Such an adversary could only corrupt step 1 of the process, as it will have to be overwritten during step 2 to avoid detection. Moreover, it needs to correctly perform the setup in step 1; this means that the only harm it can do is to cause an incorrect state to be swapped out in step 1. It can write anything it wants to to swap space. It can place a copy of itself in the swap space, or a copy of a legitimate but vulnerable application, with an input triggering an opportunity for malware to be loaded. However, the swap space will be scanned along with all other memory during step 5, and any known malicious configuration will be detected.
If an adversary corrupts stage 1, there is no stage 2, just a fake stage 2.
Holy shit. Seriously. Did this guy also certify the DRM for Ass Creed 2?
I visited a meditation garden with my family. It was a very beautiful place. Our children were excited and making quite a bit of noise. A polite lady asked us if we could keep our children quiet because people were meditating. We agreed. It had walls, this garden. And a gate. We will be going back.
At the store, Roark had never been told that his HTC Eris has Android 1.5, nicknamed “Cupcake.” Until told by a reporter, he had no idea what features he’s missing as a result. For instance, free turn-by-turn navigation is available in the latest version, Android 2.1 (”Eclair”), but is only available to Cupcake users for $10 a month from Verizon.
The carriers have been fucking us for years. Half the talk on forums is how to uninstall the shitty bloatware that carriers install on the android phones. Hey, at least with an android phone you *can* do it, unlike every other motorola, nokia slow-fest.
The iphone is the best phone i've ever had. It has an alarm that works, and I can set for only weekdays. How hard is that???? It has a battery life of more than a few hours (I'm looking at you, my Samsung windows mobile phone). It has a headset with a NORMAL HEADSET JACK. It charges by plugging into my USB. How is it that such simple pleasures make this the best phone ever? Because all the others are corrupted bloatware pocket fillers, courtesy of the "carriers".
The iPhone works because Apple took on the carriers. The various Droid market is failing because carriers are worse than M$. Between you and google is a carrier. Good luck with that!
The iPad is a slap in the face to what Apple is supposed to stand for.
Apple is a business. It is legally required to stand for its shareholders. I'm not sure where you get this "supposed to" bit. It may be what Woz used to stand for. I doubt its ever what Steve stood for. You seem quite upset or disappointed by this.
When they do that, I'll stop complaining.
Do you find this form of communication to be effective? I think you might feel better if you just let go. The openness that you describe as the Apple ][ is alive and well. Its called Linux. Be happy.
Really? We don't need cars anymore? Or railroads? Or food? Or houses? Or TVs?
The fact is that those jobs could very easily "come back". Why is it that we can protect "Intellectual Property" with draconian international treaties, but we can't protect jobs?
And before you laugh at me for "basic international economics", I advise you to go and, say, spend a year at a university actually studying it, maybe a good one, like Cambridge, like I have.
These "basic international economics" that we all hold to be true and self evident, are simply the repeated recipes of the international rich for making money while your country goes to shit. Closing our borders to international trade stifles growth, they will tell you. I see. Is that a good argument? How is that housing growth 2001-2008 working out for you?
We live in a country where 15% (15%!!!!) of houses are EMPTY. 18.7 MILLION HOUSES are empty. And I can't afford to buy a house.
So the next time someone tells you that closing borders stifles growth, that does not *automatically* mean that it is bad. Ok?
Here is the key question: In a *democracy*, do you believe that:
a) the poor masses will vote for increasing social benefits, that rely on increasing taxation, and increased payments to "social partnership" industries (i.e. for profit beneficiaries of government programs), or b) the USA will roll back social programs, thereby holding tax levels in check, and deal with the multiplying poor by some other means (e.g. churches, riot police) etc.
For years we have heard of the benefits of offshoring, and indeed there are benefits. But the downside is that your entire country either ends up with 70% taxation, or class war, or both. The UK is about 30 years ahead of the US in this regard.
Very simply, we are funding China into the 21st century. We are paying them to make us things, and paying ourselves unemployment benefits. Instead, we should be paying *our* unemployed to make things, and let China deal with 4 billion unemployed.
But that isn't as profitable for our super rich.
Frankly, the only good thing I see coming out of this is when the ultra rich of European ancestry attempt to move to the next world empire, they'll discover that the Chinese have got hundreds of years of white peoples racism to pay back. It was easy for the rich to ditch the British Empire (remember that?) to move to the US Empire. Would love to be a fly on the wall when they go to China.
It would appear that most people have responded with knee jerk "my language is better than yours" without actually reading the question, or the referenced material. Well done, all of you have just failed your job/contractors interview.
Short answer: Use C. Teach them it well. Teach them about data. Teach them about "restrict". Challenge them to win.
Long answer:
First observation: This is not a "programming" competition. Its a mathematical computing competition.
Second: There are winners and losers. Therefor not everyone gets 100%. Either contestants write code that fails to do the job, or contestants write code that doesn't do it fast enough. Finally, in the event of a tie, the judges may select winners based on other criteria (than just pass or fail) and therefor they could conceivable use execution time as a decided. Do you know if they have done so?
Much of the judges’ input data will be far more taxing than the sample input given in the question statements, and may push your program over the time limit. In this way, efficient programs will be rewarded.
But:
Programs written in Visual Basic, Java, PHP or Python may run slower due to the overhead of the associated interpreters and/or virtual machines. The judges may at their discretion increase the time limits for these languages accordingly. Contestants should note that this will not give these languages an advantage.
Well, that sounds completely and utterly arbitrary. When dealing with C-like java, which is what you will use for the problems you'll face in the competition, java is not much slower than C if its compiled, but it may not be. And VB.NET (NOT VB6) can be as fast as C. Python is always interpreted.
How will the judges increase the limits?
Its likely that the judges will they will benchmark their ideal solutions against each other. If the java version of the same solution in C takes 20% extra, then that is the extra time they allow. So it should be safe to write in java or python if you want to.
But why?
I assume from your choice of competition that you are teaching students to go on to mathematical and scientific endeavours, not programming. This is an important difference. For example, until "recently", you were better of programming large data sets in FORTRAN, because C was unable to optimize properly thanks to pointer aliasing. However, the GNU C++ compiler that they are using will support the restrict keyword, so it can handle large data sets. Java, python, etc are languages for the web, not for scientists. (Ok, unless you are using java as a scripting language to drive something like Mathematica, but this is NOT what we are discussing here).
Teach them C. The competition specifies GCC/C++ 3.4.4 or later, which means you can use the __restrict__ keyword also, if they get the hang of writing algorithms.
Here are some more of the rules, for my peers whose internet connections cannot reach Australia.
Program Restrictions
Students should write a computer program to solve each problem.
Programs should read input only from the input file(s) specified in the question statements, and should send output only to the output file(s) specified in the question statements. The input and output files should be assumed to be in the current directory. Any output to the screen will be ignored, and no input from the keyboard will be supplied.
The format of the input file will be specified in each problem statement.
The desired format of the output file will also be specified in each problem statement. If you do not adhere to this output format, you may lose marks for your solution. The only exception to this will be that judges will ignore any spaces at the beginning and end of each output line.
Each solution should be a single source file, written in one of the following languages: – C – C+
And such things cannot be done by newbies in java and python? I suppose it takes real experts to code up a massive memory leak in java (*cough* meta data not unloaded in apache *cough*).
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself.
Further assume that this detection algorithm, running in kernel mode, must be loaded into memory itself. Then further assume that the compromised kernel on which it is running has not modified the detection algorithm. (Because noone writes kernel malware) Then further further assume that no one will spot this really obvious flaw before publishing it.
Except the FDA's job is to make sure that big pharma can maintain its patents. If any doctor can just cure you, where will Athersys and their "stem cell derived drug", be? Hell no. You will get your cure from a properly paid up lobbying company, not a couple of geniuses who have the nerve to avoid indentured service and signing away their ideas.
The Autodesk decision has nothing to do with this. The author is willing to give them the finished binary. Just not the source code. The Autodesk judgement did not require Autodesk to give the *source code* away along with the binary copy.
You forgot to add IANAL, though perhaps that would be redundant.
You bring up the idea of "industry practice" and existing law.
At best, after a fun time in court, the client could hope to get the binary, functioning application and costs. More likely, since US copyright law and industry practice is unarguably on the side of the developer, the client would be counter sued for non-payment, lost profits and legal costs, and lose. Except no lawyer would take the client's case without a hefty retainer (knowing they'd lose), so its moot.
BTW, IANAL either. But I do do this for a living, so I have consulted one.
This chap is in the UK, so its a whole different kettle of fish.
In the USA, he owns his own work. Without an explicit contract to the contrary, he still owns it, and even with a contract, he still owns it. As a result, any contract over here where the client really wants the code will include the language along the lines of "even if the law determines that you own the copyright, we the client gets an exclusive, permanent license to use it, and you don't get to give it to anyone else". Its also why my contracts are clear about what they, the client, do get, and what they don't.
On the whole, stuff that we agree that they are going to "own", I keep copyright, and they get permanent, exclusive, right to assign etc. Then there's stuff that I give them a non-exclusive source code license for, and then there's stuff that they only get binary rights to, and for all of that they may or may not have the right to sublicense, redistribute etc etc. There is no excuse not have this clear.
There are memorandums of understanding, and even without paper, there are conversations to be had (and *documented* that I had them if it ever gets ugly which is unlikely if I have them at all). Conversations are an opportunity to explain what they get and why, and why this is a benefit for them. Also, its an opportunity for me to learn if they just want me to do all the hard work and then give it to a script kiddy, or whether they want to establish a relationship. And sometimes the rest of the work will only require a script kiddy, and I'd be bored to tears anyway, even subcontracting it out - and if that's the case, we can work out a price. Its called negotiation.
The other issue in the USA is the IRS. The IRS doesn't care about what a contract says on paper. If I am were to work as an employee would, then I would be an employee as far as the IRS is concerned. So if the client owned what I produce (all of it), that's one big check box on the IRS's duck test. The penalties are significant. For the employer, they would have to pay me as an employee and would owe more tax. As an employee, I would lose the ability to write off my expenses.
I initially thought this was unfair. But after consideration, I think it is quite fair. If a programmer don't have the guts to turn down contracts that basically make them a wage slave, then they don't get to pretend they are an independent business and reap the tax benefits that those of us taking a risk do get. At least be clear that an employer/employee relationship exists, and negotiate accordingly. I could say that pretending otherwise "hurts us all", but while it does to an extent, it *really* hurts those who the IRS look at. I go to great lengths to make sure that what I want to own, I own, and I am taking financial risks to do that. I see it as investment.
Lose and don't pay, and men with guns come to your house and take your physical stuff.
Therefor, in this reality, non-physical stuff has value as does physical stuff.
Copyright law says I own it.
Copyright law says if you want it, you pay what I say, or you don't get it. (see above about guns)
Market forces says you pay what we agree its worth, not what you think it cost me to develop it.
That is why GPL exists. For example, the GCC toolkit *has* value. That value has "already been paid for". But if you want to modify the toolkit for your own purposes, you agree to give your modifications back to the community. It is a *trade*. Your new value for their "paid for" value. Just because something has already been paid for does not mean it is now free. Quite the opposite.
Do you pay them as employees also, with W-2's and withholding or do you have a special IRS-proof scheme that you've actually tested with the IRS? Or are you not in the USA?
In drafting their contract to encourage Customers to demand of the Developers that the code is bug free, they chose to provide this at the top:
"DISCLAIMER
THIS DOCUMENT SHOULD BE CONSIDERED GUIDANCE ONLY. IT IS STRONGLY RECOMMENDED THAT YOU CONSULT A QUALIFIED ATTORNEY TO HELP YOU NEGOTIATE A SOFTWARE CONTRACT.
Please be advised that there is no warranty, expressed or implied, and no assumption of any legal liability or responsibility for any third party's use, or the results of such use of this Document."
I guess code can be made 100% accurate, but not legal contracts, huh?
"The Vendor shall be responsible for verifying that all members of the developer team have been successfully trained in secure programming techniques.
Pre-contract award, the Vendor shall document the process including training courses that their application developers have taken prior to developing applications.
Pre-contract award, the Vendor shall certify to the Purchaser that only application developers who have received appropriate level of formal training on secure application development and passed a competency test on application security shall be involved in the Contract."
Translation:
We, the security consultants, are going out of business and need to sell more training courses. We, the managers of big companies, are going out of business and need someone to blame. You know that we will still accept the lowest bid, and we know that you're qualifications will be faked, but at least when the shit hits the fan we can point at you and say it wasnt our fault.
And yet look at what they were able to come up with. WPF and Silverlight don't give you a nice widget set. They give you a f***-ton of functionality. Plenty of rope, basically.
Not that this is a bad thing, however. As a developer, anything that makes it harder for newbies to get in the game is fine with me:-)
Not really. Took me a few goes to learn how to drive a car. But now I'd say its pretty easy to use. On the other hand, the good old-fashioned corkscrew was obvious first time, but its a real bitch to get the cork out.
Slashdot Mirror
Are you some M$ schlep paid to get a post on here so you can say "Look, even the slashdot kids think java sucks!"
Android: java.
GWT: java.
Groovy: JVM.
Shouldn't the article be "The struggle to keep windows relevant?" or "the desktop"?
I'm writing java right now (ok, no, not *right now*) because it has the tools I need to get shit done. I use C#, C++, PPC, ARM, etc when I need to.
Am I missing something? Is java going tits up?
Jamie
Thats funny, coz after programming C# for 6 years I started to use java, and I find that the libraries available are much better. C# is a nicer language, but Java has tons of really good open source "stuff", like spring, hibernate, and mina. The XML stuff bothered me at first, because I'm used to Visual Studio: if I had classes referenced in XML and I refactored I was fucked. With any java editor worth its salt, e.g. IntelliJ, Eclipse, any given XML format is understood and refactored accordingly. Add Maven2 to that and I spend my time solving problems, not reinventing the wheel.
1. No client talks to any other client directly: managed routers.
2. Servers run A/V.
3. IDS, e.g. snort (free)
4. Firewall departments as well as outside world
5. Patch users machines regularly for the major exploit targets: IE, Firefox, Adobe Acrobat, Flash
6. A $299 netbook, in a safe, that is the only machine used to admin salesforce and other online services.
There are two ways that your organization can be infected before you can react to it:
1. A local network worm, i.e a TCP/UDP from one client to another.
2. An email worm, i.e. Outlook.
Either of these can and will bypass *any* security solution implemented on the client.
Most attacks are neither: they are attacks intended to compromise a single machine. 80% of these are things like Adobe PDF exploits.
Stopping a local network worm is simple: Clients do not talk to each other. All it takes is a managed router. Clients talk to servers. Specifically their own servers.
Stopping an Outlook worm is more complex, unless you want to piss people off. Its pretty easy to strip everything but plain text out of email. But there are other methods. First email spamming the whole company gets quarantined, and the user told (automatically) that mail doesnt work like that. Second, any email to a distribution list is refused if it has an attachment. Use an in-house equivalent of sendthisfile.com, or sharepoint (!), or something like that. That may take some getting used to, so an alternative may be that such email is distributed slowly, e.g. after 30 seconds. Or the user has to confirm it with a second email. There are good reasons not to have users passing around documents in email but instead to have some kind of centralized document management system. There are also good reasons to allow them to. So you are going to have to use your judgment on this. Any solution that *you* write, is going to be immune to automated worms (unless someone with inside knowledge targets you deliberately).
Why NAC/NAP/SEM is a waste of money:
1. The chance of anyone being infected in an organization is fairly small.
2. The chance of the whole organization being infected if just one is infected: very high.
3. When running things like NAC/NAP/SEM, users' machines get pretty slow.
4. NAC/NAP/SEM simply don't offer complete protection against attacks.
5. Running NAC/NAP/SEM etc reduces users productivity when there are no attacks.
6. NAC/NAP/SEM cost a lot of money.
You should read this: End Users Buck Security Advice For Economic Reasons
Herley uses an example of an exploit that affects 1 percent of users per year and takes 10 hours of clean-up time per user. So implementing any security advice, he argues, should incur only 0.98 seconds per user per day to actually reduce the time involved. But it eats up much more time than that, which demonstrates that security advice provides a poor cost-benefit trade=off to users, he argues.
All that other bullshit adds huge costs to your company, and doesn't stop bots. I worked at a company that used SEM or something like it. We got a worm. Still had to bring routers down. Still lost days of network while it was cleaned up. Here's the *big* question: if it works, why is it not guaranteed? If you pay for something like this, and you get a worm, Semantec should come to your building and clean up all your computers for free. Why don't they offer that? Because they would go bankrupt in a month.
Increasingly, small business use things like Salesforce and online services. Online attacks are going to be aimed at stealing users passwords. So the most important thing is getting it into the bosses head that his day-to-day account should not be the one that has full control, i.e. add/delete users, etc. But most successful businessmen are rational, and when you explain that there are viruses that do nothing other than steal salesforce passwords, as you type them, then he/she will get it. Try to persuade him/her to have one machine that is for admin only. It can be a $299 netbook. Tell him to keep it in his safe at home.
#1. Don't allow users to be Admins of their own machines. I know in this day and age it's harder to push this one on people, but the ultimate reality is that if the user can't infect the system then they aren't going to get very far.
There are plenty of root escalation attacks, on plenty of operating systems, including linux.
#2. Managed, host-based firewalls on each of the machines that have rules for incoming and outgoing. This can be any number of centrally managed tools. if you're on XP, your best solution is likely something from say Symantec, Mcafee, or whichever company you want to use. I know with SEP you can manage the firewall portions and prevent worms from auto spreading.
That's one way, if you want to spend a ton of money on software that can be easily bypassed. Question for you: why are you windows machines all talking to each other? Question 2: *how* are they talking to each other?
#3. Transparent, Layer 7 filtering at the network edge. Whether you want to use a proxy or a firewall for this is up to you. Juniper makes some pretty nice layer 7 devices for this purpose.
Ok, yes, a firewall might be a good idea.
#4. NAC/NAP. Again, useful technologies--prevent systems from communicating on the network that don't register as having proper updates or AV settings.
Policeman: Hello, are you a thief?
Thief: No.
Policeman: On your way then.
Here is the bottom line: Client machines cannot be trusted. If you think installing anything on the client machine will improve security then you've already failed. You think Semantec can do a better job the Microsoft?
What to do about that?
1. Clients only talk to servers. Share C$ all you like, but other windows machines can't see it. How? Managed routers.
2. Servers run anti-virus, especially on the email side.
3. Intrusion Detection, e.g. Snort.
Defending against adversarial strategy 4 – modify detection code. The security against adversarial strategy 4 follows directly from assumption 2 (code optimality), with the exception of a “kamikaze strategy” in which the adversary corrupts the execution of some of the steps (as described in section 3), and then willingly loads legitimate code and removes itself. Such an adversary could only corrupt step 1 of the process, as it will have to be overwritten during step 2 to avoid detection. Moreover, it needs to correctly perform the setup in step 1; this means that the only harm it can do is to cause an incorrect state to be swapped out in step 1. It can write anything it wants to to swap space. It can place a copy of itself in the swap space, or a copy of a legitimate but vulnerable application, with an input triggering an opportunity for malware to be loaded. However, the swap space will be scanned along with all other memory during step 5, and any known malicious configuration will be detected.
If an adversary corrupts stage 1, there is no stage 2, just a fake stage 2.
Holy shit. Seriously. Did this guy also certify the DRM for Ass Creed 2?
I visited a meditation garden with my family. It was a very beautiful place. Our children were excited and making quite a bit of noise. A polite lady asked us if we could keep our children quiet because people were meditating. We agreed. It had walls, this garden. And a gate. We will be going back.
At the store, Roark had never been told that his HTC Eris has Android 1.5, nicknamed “Cupcake.” Until told by a reporter, he had no idea what features he’s missing as a result. For instance, free turn-by-turn navigation is available in the latest version, Android 2.1 (”Eclair”), but is only available to Cupcake users for $10 a month from Verizon.
Read More http://www.wired.com/gadgetlab/2010/03/android-version-confusion/#ixzz0iJv1DstU
The carriers have been fucking us for years. Half the talk on forums is how to uninstall the shitty bloatware that carriers install on the android phones. Hey, at least with an android phone you *can* do it, unlike every other motorola, nokia slow-fest.
The iphone is the best phone i've ever had. It has an alarm that works, and I can set for only weekdays. How hard is that???? It has a battery life of more than a few hours (I'm looking at you, my Samsung windows mobile phone). It has a headset with a NORMAL HEADSET JACK. It charges by plugging into my USB. How is it that such simple pleasures make this the best phone ever? Because all the others are corrupted bloatware pocket fillers, courtesy of the "carriers".
The iPhone works because Apple took on the carriers. The various Droid market is failing because carriers are worse than M$. Between you and google is a carrier. Good luck with that!
The iPad is a slap in the face to what Apple is supposed to stand for.
Apple is a business. It is legally required to stand for its shareholders. I'm not sure where you get this "supposed to" bit. It may be what Woz used to stand for. I doubt its ever what Steve stood for. You seem quite upset or disappointed by this.
When they do that, I'll stop complaining.
Do you find this form of communication to be effective? I think you might feel better if you just let go. The openness that you describe as the Apple ][ is alive and well. Its called Linux. Be happy.
Really? We don't need cars anymore? Or railroads? Or food? Or houses? Or TVs?
The fact is that those jobs could very easily "come back". Why is it that we can protect "Intellectual Property" with draconian international treaties, but we can't protect jobs?
And before you laugh at me for "basic international economics", I advise you to go and, say, spend a year at a university actually studying it, maybe a good one, like Cambridge, like I have.
These "basic international economics" that we all hold to be true and self evident, are simply the repeated recipes of the international rich for making money while your country goes to shit. Closing our borders to international trade stifles growth, they will tell you. I see. Is that a good argument? How is that housing growth 2001-2008 working out for you?
We live in a country where 15% (15%!!!!) of houses are EMPTY. 18.7 MILLION HOUSES are empty. And I can't afford to buy a house.
So the next time someone tells you that closing borders stifles growth, that does not *automatically* mean that it is bad. Ok?
Here is the key question: In a *democracy*, do you believe that:
a) the poor masses will vote for increasing social benefits, that rely on increasing taxation, and increased payments to "social partnership" industries (i.e. for profit beneficiaries of government programs), or
b) the USA will roll back social programs, thereby holding tax levels in check, and deal with the multiplying poor by some other means (e.g. churches, riot police) etc.
For years we have heard of the benefits of offshoring, and indeed there are benefits. But the downside is that your entire country either ends up with 70% taxation, or class war, or both. The UK is about 30 years ahead of the US in this regard.
Very simply, we are funding China into the 21st century. We are paying them to make us things, and paying ourselves unemployment benefits. Instead, we should be paying *our* unemployed to make things, and let China deal with 4 billion unemployed.
But that isn't as profitable for our super rich.
Frankly, the only good thing I see coming out of this is when the ultra rich of European ancestry attempt to move to the next world empire, they'll discover that the Chinese have got hundreds of years of white peoples racism to pay back. It was easy for the rich to ditch the British Empire (remember that?) to move to the US Empire. Would love to be a fly on the wall when they go to China.
It would appear that most people have responded with knee jerk "my language is better than yours" without actually reading the question, or the referenced material. Well done, all of you have just failed your job/contractors interview.
Short answer: Use C. Teach them it well. Teach them about data. Teach them about "restrict". Challenge them to win.
Long answer:
First observation: This is not a "programming" competition. Its a mathematical computing competition.
Second: There are winners and losers. Therefor not everyone gets 100%. Either contestants write code that fails to do the job, or contestants write code that doesn't do it fast enough. Finally, in the event of a tie, the judges may select winners based on other criteria (than just pass or fail) and therefor they could conceivable use execution time as a decided. Do you know if they have done so?
Much of the judges’ input data will be far more taxing than the sample input given in the
question statements, and may push your program over the time limit. In this way, efficient
programs will be rewarded.
But:
Programs written in Visual Basic, Java, PHP or Python may run slower due to the overhead
of the associated interpreters and/or virtual machines. The judges may at their discretion
increase the time limits for these languages accordingly. Contestants should note that this
will not give these languages an advantage.
Well, that sounds completely and utterly arbitrary. When dealing with C-like java, which is what you will use for the problems you'll face in the competition, java is not much slower than C if its compiled, but it may not be. And VB.NET (NOT VB6) can be as fast as C. Python is always interpreted.
How will the judges increase the limits?
Its likely that the judges will they will benchmark their ideal solutions against each other. If the java version of the same solution in C takes 20% extra, then that is the extra time they allow. So it should be safe to write in java or python if you want to.
But why?
I assume from your choice of competition that you are teaching students to go on to mathematical and scientific endeavours, not programming. This is an important difference. For example, until "recently", you were better of programming large data sets in FORTRAN, because C was unable to optimize properly thanks to pointer aliasing. However, the GNU C++ compiler that they are using will support the restrict keyword, so it can handle large data sets. Java, python, etc are languages for the web, not for scientists. (Ok, unless you are using java as a scripting language to drive something like Mathematica, but this is NOT what we are discussing here).
Teach them C. The competition specifies GCC/C++ 3.4.4 or later, which means you can use the __restrict__ keyword also, if they get the hang of writing algorithms.
Here are some more of the rules, for my peers whose internet connections cannot reach Australia.
Program Restrictions
Students should write a computer program to solve each problem.
Programs should read input only from the input file(s) specified in the question statements,
and should send output only to the output file(s) specified in the question statements. The
input and output files should be assumed to be in the current directory. Any output to
the screen will be ignored, and no input from the keyboard will be supplied.
The format of the input file will be specified in each problem statement.
The desired format of the output file will also be specified in each problem statement. If
you do not adhere to this output format, you may lose marks for your solution. The only
exception to this will be that judges will ignore any spaces at the beginning and end of each
output line.
Each solution should be a single source file, written in one of the following languages:
– C
– C+
And such things cannot be done by newbies in java and python? I suppose it takes real experts to code up a massive memory leak in java (*cough* meta data not unloaded in apache *cough*).
Assume now that we have a detection algorithm that runs in kernel mode, and that swaps out everything in RAM. Everything except itself.
Further assume that this detection algorithm, running in kernel mode, must be loaded into memory itself.
Then further assume that the compromised kernel on which it is running has not modified the detection algorithm. (Because noone writes kernel malware)
Then further further assume that no one will spot this really obvious flaw before publishing it.
Except the FDA's job is to make sure that big pharma can maintain its patents. If any doctor can just cure you, where will Athersys and their "stem cell derived drug", be? Hell no. You will get your cure from a properly paid up lobbying company, not a couple of geniuses who have the nerve to avoid indentured service and signing away their ideas.
The Autodesk decision has nothing to do with this. The author is willing to give them the finished binary. Just not the source code. The Autodesk judgement did not require Autodesk to give the *source code* away along with the binary copy.
You forgot to add IANAL, though perhaps that would be redundant.
You bring up the idea of "industry practice" and existing law.
At best, after a fun time in court, the client could hope to get the binary, functioning application and costs. More likely, since US copyright law and industry practice is unarguably on the side of the developer, the client would be counter sued for non-payment, lost profits and legal costs, and lose. Except no lawyer would take the client's case without a hefty retainer (knowing they'd lose), so its moot.
BTW, IANAL either. But I do do this for a living, so I have consulted one.
Then why does FSF require GCC contributors to assign copyright?
This chap is in the UK, so its a whole different kettle of fish.
In the USA, he owns his own work. Without an explicit contract to the contrary, he still owns it, and even with a contract, he still owns it. As a result, any contract over here where the client really wants the code will include the language along the lines of "even if the law determines that you own the copyright, we the client gets an exclusive, permanent license to use it, and you don't get to give it to anyone else". Its also why my contracts are clear about what they, the client, do get, and what they don't.
On the whole, stuff that we agree that they are going to "own", I keep copyright, and they get permanent, exclusive, right to assign etc. Then there's stuff that I give them a non-exclusive source code license for, and then there's stuff that they only get binary rights to, and for all of that they may or may not have the right to sublicense, redistribute etc etc. There is no excuse not have this clear.
There are memorandums of understanding, and even without paper, there are conversations to be had (and *documented* that I had them if it ever gets ugly which is unlikely if I have them at all). Conversations are an opportunity to explain what they get and why, and why this is a benefit for them. Also, its an opportunity for me to learn if they just want me to do all the hard work and then give it to a script kiddy, or whether they want to establish a relationship. And sometimes the rest of the work will only require a script kiddy, and I'd be bored to tears anyway, even subcontracting it out - and if that's the case, we can work out a price. Its called negotiation.
The other issue in the USA is the IRS. The IRS doesn't care about what a contract says on paper. If I am were to work as an employee would, then I would be an employee as far as the IRS is concerned. So if the client owned what I produce (all of it), that's one big check box on the IRS's duck test. The penalties are significant. For the employer, they would have to pay me as an employee and would owe more tax. As an employee, I would lose the ability to write off my expenses.
I initially thought this was unfair. But after consideration, I think it is quite fair. If a programmer don't have the guts to turn down contracts that basically make them a wage slave, then they don't get to pretend they are an independent business and reap the tax benefits that those of us taking a risk do get. At least be clear that an employer/employee relationship exists, and negotiate accordingly. I could say that pretending otherwise "hurts us all", but while it does to an extent, it *really* hurts those who the IRS look at. I go to great lengths to make sure that what I want to own, I own, and I am taking financial risks to do that. I see it as investment.
Reality:
Copyright is Law.
Break the Law and get sued and lose.
Lose and don't pay, and men with guns come to your house and take your physical stuff.
Therefor, in this reality, non-physical stuff has value as does physical stuff.
Copyright law says I own it.
Copyright law says if you want it, you pay what I say, or you don't get it. (see above about guns)
Market forces says you pay what we agree its worth, not what you think it cost me to develop it.
That is why GPL exists. For example, the GCC toolkit *has* value. That value has "already been paid for". But if you want to modify the toolkit for your own purposes, you agree to give your modifications back to the community. It is a *trade*. Your new value for their "paid for" value. Just because something has already been paid for does not mean it is now free. Quite the opposite.
It is called an *investment*.
Do you pay them as employees also, with W-2's and withholding or do you have a special IRS-proof scheme that you've actually tested with the IRS? Or are you not in the USA?
In drafting their contract to encourage Customers to demand of the Developers that the code is bug free, they chose to provide this at the top:
"DISCLAIMER
THIS DOCUMENT SHOULD BE CONSIDERED GUIDANCE ONLY. IT IS STRONGLY RECOMMENDED THAT YOU CONSULT A QUALIFIED ATTORNEY TO HELP YOU NEGOTIATE A SOFTWARE CONTRACT.
Please be advised that there is no warranty, expressed or implied, and no assumption of any legal liability or responsibility for any third party's use, or the results of such use of this Document."
I guess code can be made 100% accurate, but not legal contracts, huh?
"The Vendor shall be responsible for verifying that all members of the developer team have been successfully trained in secure programming techniques.
Pre-contract award, the Vendor shall document the process including training courses that their application developers have taken prior to developing applications.
Pre-contract award, the Vendor shall certify to the Purchaser that only application developers who have received appropriate level of formal training on secure application development and passed a competency test on application security shall be involved in the Contract."
Translation:
We, the security consultants, are going out of business and need to sell more training courses.
We, the managers of big companies, are going out of business and need someone to blame. You know that we will still accept the lowest bid, and we know that you're qualifications will be faked, but at least when the shit hits the fan we can point at you and say it wasnt our fault.
And yet look at what they were able to come up with. WPF and Silverlight don't give you a nice widget set. They give you a f***-ton of functionality. Plenty of rope, basically.
Not that this is a bad thing, however. As a developer, anything that makes it harder for newbies to get in the game is fine with me :-)
Not really. Took me a few goes to learn how to drive a car. But now I'd say its pretty easy to use. On the other hand, the good old-fashioned corkscrew was obvious first time, but its a real bitch to get the cork out.
I thought the vapor *was* Vista. Didn't they promise an amazing new OS with tons of new features, awesome usability, and the end of windows XP?