How is the record number a credential? The record number refers to the item to be retrieved. Using the record number as a credential (sent with the request or not) is terrible design -- you're literally saying that the credential to retrieve the record is the same as the identifier of the record, which reduces to an unauthenticated GET request. This isn't even one-factor authentication, it's no-factor authentication.
By this logic, the developers of pleaserobme.com, which (before they decided they'd made their point and went to an informational site) mashed up Foursquare and Twitter data to determine when people had themselves voluntarily disclosed that they were out of their homes, should also be in prison.
In other words, your analogy, along with AC's in reply to you, commit the logical fallacy of proving too much.
The GPL variants and the BSD licenses all contain a disclaimer of warranty (the part that reads "THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE" or similar), which addresses the county's concerns. By releasing code under a license with such a disclaimer, you are asserting that no one can sue you if the code breaks, even if your code breaking caused them some kind of loss.
Okay, fair enough - but the statement still holds. If the language you are trying to validate is context-free or stronger, do not use a regex to try to validate it.
No, no, no, no, NO. DO NOT use regular expressions to validate context-free languages. The only way to validate SQL using regular expressions is to use Perl-style regular expressions with backreferences, and those are actually pushdown automata. They're also next to impossible to read.
I'll toot my own horn and point out that context-free validation can be done sanely... though it would be easier for everyone else if I actually had the time to keep up with releases. Dan's asked me to port that project to MySQL, which I'm actually working on right now along with cleaning up some of the dumber design decisions I made five years ago.
Strong typing across languages is the difficult part, particularly with string interpolation. Interpolique is aiming to preserve a form of strong typing (where there are two types, "safe" and "unsafe") across the inter-language boundary.
Yep, that would be me. It's been a long strange trip, but eventually I ended up in the CS department at the University of Iowa.
My Query By Example project uses a support vector machine (a type of machine learning algorithm) to learn classification rules based on the set of examples you specify. Those rules then get applied to the rest of the data points in whatever table you're looking at. So, yes, there's a lot of big nasty math -- at its core it's a quadratic programming problem. I didn't want to get into that in the interview because I figured nobody would get it.:P
How would it work for a site like OKCupid? Their matching algorithm is based on users' responses to multiple-choice questions -- assume each response has some numeric (enumerated) value. Throw all those values into a table, probably via a join, such that each row is a user and each field corresponds to a question. (Let NULL values correspond to questions a user hasn't answered.) You in front of your computer will be looking at people's profiles, but the system operates under the assumption that the person will answer questions in a manner consistent with their profile, so if you mark several people that you're interested in and several that you're not interested in, based on their profiles, the system can train a classifier based on their answers to questions and find people whose responses are similar.
I don't think OKCupid is using the same math I'm using, but their approach is probably pretty similar.
I'm one of the SoC'ers who's doing a project for Google (as opposed to, say, Apache or the Python Software Foundation), and I'm enjoying it immensely. Most of the projects people are doing this summer are geared toward well-known open source projects -- mine adds example-driven clustering and ranking to WHERE and ORDER BY clauses in PostgreSQL, for instance -- but there are also some interesting standalone projects which are closer to pure research than they are to application. It's cool to see large projects receiving support (both money and the work of smart people), but it's even cooler to see support given to small projects that might never have gotten off the ground otherwise.
It kind of reminds me of the patronage system that existed between rich people and artists during the Renaissance. The artists (coders) get paid and have a good reason to do their very best work -- you know people are going to see the results, so you want it to be good engineering, not the rushed-together job you might do for a class where it only matters that it runs -- and the patrons get what they're paying for plus street cred.
There have been some frustrations, mostly having to do with taxes and verification of student status, but I've really enjoyed working with my mentor (even got to visit the Google campus on a recent trip to the Bay Area -- the food is as good as their webpage claims!) and will definitely apply again if they decide to renew the program.
You think that's a shock? Jathan used to be the graduate secretary for the CS department. (He quit at the end of the '03-'04 school year to take classes. I was the grader for his Discrete Structures class.)
Out of curiosity, I looked at the entry for the University of Iowa, where I'm a grad student, and was rather surprised at the results. For instance, UI gets a "no" on "Is there a wireless network?" -- perplexing, since we've had 802.11b since at least early 2002. (Granted, it's got quirky TTLS-based authentication that breaks under WinXP SP2 with the instructions they give you, and before that it had quirky LEAP authentication that required you to have either a Cisco card or an Apple AirPort, but it works.)
Ditto for "does the school support handheld computers" -- what does this mean? They sell them in the university bookstore; if the survey means "does the university provide tech support for handheld computers," I have to wonder who expects minimum-wage university-helpdesk drones to be able to answer a hardware-specific question better than minimum-wage hardware-manufacturer-tech-support drones. At least the manufacturer's drones have access to training materials.
They also got "does the school stream audio or video of any courses" dead wrong; we have about half a building outfitted for broadcast-enabled classrooms, and I ended up skipping about half of the lectures for my programming language foundations class because it was easier to watch the webcast later.
I don't think he does much open-source development himself, but the person who introduced me to OSS was a guy named Randall Severy, whom I met through the Artemis Society. His company actually develops proprietary content-management systems, but when I was in the Arctic and needed to do an Internet audio broadcast, he helped me come up with a free, open-source way to do it after our field sysadmin said "no way."
That incident has always symbolised the entire Open Source movement to me -- distributed thinking and determination coming up with a powerful solution, despite all the naysayers' opinions.
"Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright."
Reference is also made to "the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes" -- to which "remix[ing] a few seconds of a Hollywood movie into a home movie project" certainly applies, and argument could be made that that remixing constitutes criticism, comment, or even teaching (video editing is a skill, too).
Between Valenti making claims like these, and the American Library Association going head-to-head with the Business Software Alliance to combat their misinformation about copyright, I have to wonder whether these guys realise the long-term damage they're doing to their reputations, since eventually, the truth will out.
Anyway, the law exists, just in case anyone was wondering. Kthxbye.
That, plus lines like "It may be possible to so infect a movie with some kind of circuitry that allows people to copy to their heart's content...", gave me a desperately-needed morning laugh. DRM on a DVD, certainly... but please, Jack, show me the DRM that'll survive analog transfer.
On the plus side, so long as these managerial types are the ones in charge, we can't lose. The entire exchange puts me in mind of Dilbert's boss looking for the token ring.
Not so -- not so at all. Chimpanzees have been observed conducting raids on rival chimp troops, kidnapping the offspring of these rival groups and killing, frequently eating, their victims. The rival group will conduct a retributive raid, killing the offspring of the original group, and so on and so forth.
While googling around, I also found this article about bluejays exacting revenge on a dog.
Finally, in a somewhat more embarrassing anecdote: My ex-husband had a cat who sometimes seemed to take his anger into her own hands (paws?). Not too long before I moved out, we'd been fighting almost constantly, and one night I woke up in bed to discover the sheets wet and stinky and the cat placidly walking away. It had jumped up on the bed and peed on me.
I have no idea what it was thinking, but it certainly didn't seem random.
You're certainly right. Of course, what I didn't mention in my original post is that a lot of that software is difficult to turn into an independent release (it's an awful lot easier to open-source an application or a library than, say, an abstraction layer) and a lot of it is so business-specific that it wouldn't be of use to the OSS community.
OK, so the latter is a design issue -- a lot of stuff that could be rewritten to be robust and reusable is instead written quickly, off-the-cuff and site-specific. I suspect a lot of that is the bastard child of time demands -- writing good software is hard and takes planning! -- but I also wonder how many in-house developers who could be writing reusable code aren't because they're not thinking about it in that way.
I also wonder how many legal departments actually would say "screw off, not a line of this code is getting outside this company" and how many just haven't been asked. Pretty much all my dev work has been in academia or for companies with a rather academic mindset, so I'm not the one to ask.
The article restricts itself to how companies whose primary focus is software development can profit while giving code away. This is just about the only note that ever gets sung in the open-source/profitability debate, and I'm getting awfully tired of it.
Software companies are not the only companies which write software. I defy anyone to show me a company with over 50 employees which doesn't use some kind of home-brewed software somewhere in its operations (and, yes, I mean other than HTML content). This is especially the case in scientific research, where if the budget's tight and a needed tool is either nonexistent or too expensive, the answer is "Write your own." I work for the bioinformatics department of a biotech firm, where I am paid to write free software.
Up until recently, that's been free as in beer; we have a suite of DNA development apps that we provide as web services, so our clients are doing their research with our cycles instead of shelling out $4000 a seat for a closed-source solution. Lately, however, I've been working on a tool (for site-directed mutagenesis, if anyone really cares) which will be both integrated into the web toolkit and released as a stand-alone GPLed app. The legal department's behind it. I am stoked beyond comprehension.
But does this work? Oh hell yeah, if you go by the bottom line and by the number of calls my boss gets every week from bioinfo startups trying to convince him to provide 45-day free-trial downloads of their software on our site. (Use our bandwidth to promote your closed-source code? I don't think so, bitch.) Obviously, people could visit the site (the tool suite doesn't require registration or anything like that), design a primer, then order it from one of our competitors, and I'm sure some people do; but why bother when there's a convenient, unobtrusive "Order now" button just below your results? I'm sure we could sell our software, but in the long run, the customer goodwill we build up (along with the increased orders) by providing this for free is more important to the CEO than whatever short-term quick bucks we could squeeze out by hawking SciTools. In the end, providing free software is the game-winning solution.
I'm sure this can't be the only example of a situation where this tactic works, though I haven't given a lot of thought to where else it would be appropriate. Hmm, maybe I should post this as an Ask Slashdot.
DroidQuest is a Java recreation of the old game Robot Odyssey -- kind of a sequel to the even older game Rocky's Boots. Rocky's Boots was an introduction to electronics and Boolean logic; Robot Odyssey took the concept and extended it to integrated circuits.
FYI, it requires JRE1.4.2 and is free for personal or educational use.
did you actually connect to one and use it successfully without paying?
Yup. In fact, I'd successfully used more than one without paying (or indeed any indication that payment was necessary), so I'd assumed they were all free. More fool me, but most fool the people who didn't set it up "correctly";)
Public WiFi at rest stops is neat and everything, but I've started noticing open WAPs at truckstops as well. For some chains, like Flying J, it appears to be a deliberate choice on the part of the company -- they all have 'flyingj' as their SSID. (Added bonus: at one where I refuelled in Michigan, I couldn't pull an IP under Windows, but it worked just fine under Linux.)
I go to school in Iowa and my parents live in Texas, so I drive across both states pretty frequently. TxDOT doesn't spend a lot of money on rest stop maintenance, so there may be WiFi, but the bathrooms are nasty. (Iowa rest stops are very nicely outfitted, however, but that's not too surprising, since I-80 is one of the major freight corridors in the US.)
The article's tone is particularly amusing -- it's as if both the author and Russinovich himself are patting him on the back for presaging developments like the Linux kernel becoming re-entrant (apparently he bitched about this six years ago). And I do wonder how many people won't even bother to RTFA, instead simply chattering on about surface issues like user interface (which, let's face it, M$ can afford to hire all the HCI experts it can get its hands on, and the Linux community generally must rely on volunteer expertise to develop).
But I'm particularly entertained by the fact that security is the lead-in -- "Security and the way windowing is handled remain two of the diminishing differences between Linux and Windows" -- and then isn't mentioned AT ALL until the very end of the article, with no examples whatsoever, and no indication as to which OS is playing catch-up.
Except the article has bugger-all to do with UI; it's about similarities in the kernel, and ostensibly about similarities in approaches to security (not that any of the latter are actually described).
I don't quite follow why that's even so interesting, though. RNA inhibition is a pretty hot topic; we've known about antisense RNA (which is produced by DNA to complement mRNA and inhibit translation) for about 30 years now, RNAi for about five, and microRNA for probably two (the latter two, again, regulate gene expression by interfering with mRNA, though RNAi cleaves the mRNA in the process and microRNA doesn't).
Of course, most people reading a Reuters article probably don't even know what RNA is, much less RNA inhibition. But it seems odd that the article would make such a big deal about it, unless it's some new kind of interference that we haven't seen before.
Slashdot Mirror
How is the record number a credential? The record number refers to the item to be retrieved. Using the record number as a credential (sent with the request or not) is terrible design -- you're literally saying that the credential to retrieve the record is the same as the identifier of the record, which reduces to an unauthenticated GET request. This isn't even one-factor authentication, it's no-factor authentication.
By this logic, the developers of pleaserobme.com, which (before they decided they'd made their point and went to an informational site) mashed up Foursquare and Twitter data to determine when people had themselves voluntarily disclosed that they were out of their homes, should also be in prison. In other words, your analogy, along with AC's in reply to you, commit the logical fallacy of proving too much.
The GPL variants and the BSD licenses all contain a disclaimer of warranty (the part that reads "THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE" or similar), which addresses the county's concerns. By releasing code under a license with such a disclaimer, you are asserting that no one can sue you if the code breaks, even if your code breaking caused them some kind of loss.
Okay, fair enough - but the statement still holds. If the language you are trying to validate is context-free or stronger, do not use a regex to try to validate it.
No, no, no, no, NO. DO NOT use regular expressions to validate context-free languages. The only way to validate SQL using regular expressions is to use Perl-style regular expressions with backreferences, and those are actually pushdown automata. They're also next to impossible to read.
I'll toot my own horn and point out that context-free validation can be done sanely ... though it would be easier for everyone else if I actually had the time to keep up with releases. Dan's asked me to port that project to MySQL, which I'm actually working on right now along with cleaning up some of the dumber design decisions I made five years ago.
However, I don't know a real language where it's easy enough to write new types to make this feasible.
Ada, but it's unlikely you'll be using Ada unless you're working for DoD or something.
Strong typing across languages is the difficult part, particularly with string interpolation. Interpolique is aiming to preserve a form of strong typing (where there are two types, "safe" and "unsafe") across the inter-language boundary.
Yep, that would be me. It's been a long strange trip, but eventually I ended up in the CS department at the University of Iowa.
My Query By Example project uses a support vector machine (a type of machine learning algorithm) to learn classification rules based on the set of examples you specify. Those rules then get applied to the rest of the data points in whatever table you're looking at. So, yes, there's a lot of big nasty math -- at its core it's a quadratic programming problem. I didn't want to get into that in the interview because I figured nobody would get it.How would it work for a site like OKCupid? Their matching algorithm is based on users' responses to multiple-choice questions -- assume each response has some numeric (enumerated) value. Throw all those values into a table, probably via a join, such that each row is a user and each field corresponds to a question. (Let NULL values correspond to questions a user hasn't answered.) You in front of your computer will be looking at people's profiles, but the system operates under the assumption that the person will answer questions in a manner consistent with their profile, so if you mark several people that you're interested in and several that you're not interested in, based on their profiles, the system can train a classifier based on their answers to questions and find people whose responses are similar.
I don't think OKCupid is using the same math I'm using, but their approach is probably pretty similar.
It kind of reminds me of the patronage system that existed between rich people and artists during the Renaissance. The artists (coders) get paid and have a good reason to do their very best work -- you know people are going to see the results, so you want it to be good engineering, not the rushed-together job you might do for a class where it only matters that it runs -- and the patrons get what they're paying for plus street cred.
There have been some frustrations, mostly having to do with taxes and verification of student status, but I've really enjoyed working with my mentor (even got to visit the Google campus on a recent trip to the Bay Area -- the food is as good as their webpage claims!) and will definitely apply again if they decide to renew the program.
You think that's a shock? Jathan used to be the graduate secretary for the CS department. (He quit at the end of the '03-'04 school year to take classes. I was the grader for his Discrete Structures class.)
Ditto for "does the school support handheld computers" -- what does this mean? They sell them in the university bookstore; if the survey means "does the university provide tech support for handheld computers," I have to wonder who expects minimum-wage university-helpdesk drones to be able to answer a hardware-specific question better than minimum-wage hardware-manufacturer-tech-support drones. At least the manufacturer's drones have access to training materials.
They also got "does the school stream audio or video of any courses" dead wrong; we have about half a building outfitted for broadcast-enabled classrooms, and I ended up skipping about half of the lectures for my programming language foundations class because it was easier to watch the webcast later.
It's called research, people. Try it sometime.
Just for the record, that's about four grand.
That incident has always symbolised the entire Open Source movement to me -- distributed thinking and determination coming up with a powerful solution, despite all the naysayers' opinions.
"Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright."
Reference is also made to "the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes" -- to which "remix[ing] a few seconds of a Hollywood movie into a home movie project" certainly applies, and argument could be made that that remixing constitutes criticism, comment, or even teaching (video editing is a skill, too).
Between Valenti making claims like these, and the American Library Association going head-to-head with the Business Software Alliance to combat their misinformation about copyright, I have to wonder whether these guys realise the long-term damage they're doing to their reputations, since eventually, the truth will out.
Anyway, the law exists, just in case anyone was wondering. Kthxbye.
On the plus side, so long as these managerial types are the ones in charge, we can't lose. The entire exchange puts me in mind of Dilbert's boss looking for the token ring.
Not so -- not so at all. Chimpanzees have been observed conducting raids on rival chimp troops, kidnapping the offspring of these rival groups and killing, frequently eating, their victims. The rival group will conduct a retributive raid, killing the offspring of the original group, and so on and so forth.
While googling around, I also found this article about bluejays exacting revenge on a dog.
Finally, in a somewhat more embarrassing anecdote: My ex-husband had a cat who sometimes seemed to take his anger into her own hands (paws?). Not too long before I moved out, we'd been fighting almost constantly, and one night I woke up in bed to discover the sheets wet and stinky and the cat placidly walking away. It had jumped up on the bed and peed on me.
I have no idea what it was thinking, but it certainly didn't seem random.
OK, so the latter is a design issue -- a lot of stuff that could be rewritten to be robust and reusable is instead written quickly, off-the-cuff and site-specific. I suspect a lot of that is the bastard child of time demands -- writing good software is hard and takes planning! -- but I also wonder how many in-house developers who could be writing reusable code aren't because they're not thinking about it in that way.
I also wonder how many legal departments actually would say "screw off, not a line of this code is getting outside this company" and how many just haven't been asked. Pretty much all my dev work has been in academia or for companies with a rather academic mindset, so I'm not the one to ask.
Software companies are not the only companies which write software. I defy anyone to show me a company with over 50 employees which doesn't use some kind of home-brewed software somewhere in its operations (and, yes, I mean other than HTML content). This is especially the case in scientific research, where if the budget's tight and a needed tool is either nonexistent or too expensive, the answer is "Write your own." I work for the bioinformatics department of a biotech firm, where I am paid to write free software.
Up until recently, that's been free as in beer; we have a suite of DNA development apps that we provide as web services, so our clients are doing their research with our cycles instead of shelling out $4000 a seat for a closed-source solution. Lately, however, I've been working on a tool (for site-directed mutagenesis, if anyone really cares) which will be both integrated into the web toolkit and released as a stand-alone GPLed app. The legal department's behind it. I am stoked beyond comprehension.
But does this work? Oh hell yeah, if you go by the bottom line and by the number of calls my boss gets every week from bioinfo startups trying to convince him to provide 45-day free-trial downloads of their software on our site. (Use our bandwidth to promote your closed-source code? I don't think so, bitch.) Obviously, people could visit the site (the tool suite doesn't require registration or anything like that), design a primer, then order it from one of our competitors, and I'm sure some people do; but why bother when there's a convenient, unobtrusive "Order now" button just below your results? I'm sure we could sell our software, but in the long run, the customer goodwill we build up (along with the increased orders) by providing this for free is more important to the CEO than whatever short-term quick bucks we could squeeze out by hawking SciTools. In the end, providing free software is the game-winning solution.
I'm sure this can't be the only example of a situation where this tactic works, though I haven't given a lot of thought to where else it would be appropriate. Hmm, maybe I should post this as an Ask Slashdot.
FYI, it requires JRE1.4.2 and is free for personal or educational use.
Yup. In fact, I'd successfully used more than one without paying (or indeed any indication that payment was necessary), so I'd assumed they were all free. More fool me, but most fool the people who didn't set it up "correctly" ;)
I go to school in Iowa and my parents live in Texas, so I drive across both states pretty frequently. TxDOT doesn't spend a lot of money on rest stop maintenance, so there may be WiFi, but the bathrooms are nasty. (Iowa rest stops are very nicely outfitted, however, but that's not too surprising, since I-80 is one of the major freight corridors in the US.)
But I'm particularly entertained by the fact that security is the lead-in -- "Security and the way windowing is handled remain two of the diminishing differences between Linux and Windows" -- and then isn't mentioned AT ALL until the very end of the article, with no examples whatsoever, and no indication as to which OS is playing catch-up.
Way to hide your biases, ZDNet.
Except the article has bugger-all to do with UI; it's about similarities in the kernel, and ostensibly about similarities in approaches to security (not that any of the latter are actually described).
Of course, most people reading a Reuters article probably don't even know what RNA is, much less RNA inhibition. But it seems odd that the article would make such a big deal about it, unless it's some new kind of interference that we haven't seen before.
#include
#include <p_equals_np.h>
#include <do_what_i_mean_not_what_i_said.h>