No one wants to do something that puts themselves at risk of not being re-elected if they arn't expecting to see the benifits before their term is up and especially if it involves immediate sacrifice (while they are in office) for long term (after the next election) gains.
I agree with your other points, however I do think a lot of their problems were technical in nature.
The submission nails it.. bunch of kids with limited real world experience. The whole execution was amateurish and it really showed.
For instance, their problem with security wasn't that their software has some security holes, or a lot of security holes.. it was that the fundemental core design didn't take security into account at all. Good security creates a low level priviledged layer that you audit the crap out of, with upper layers limited (by a token based auth system for instance.. ), such that a bug in an upper layer is limited in what it can do. They just threw in some if statements and called it a day. A big selling point was supposed to be security.. but it was very clear to anyone who actually looked at the code that they didn't have a clue what they were doing. It is impossible to make an app secure the way they went. You can patch all the holes.. but the fundemental structure is insecure so new holes will be introduced constantly.
As programmers, we all look at something and say "pff, I could do better". Maybe we do it less as we gain more experience in seeing simple stuff turn wildly complex. This seems a case of that where some kids did that, then got way more attention then they should, and ended up looking like idiots.
Do you wait for that to happen or do you start to try and mitigate it now while there is still decades of time before the really bad stuff happens?
In my case, we get our power from a coal plant.. so I wouldn't be helping much there..
As for the actual question, it's in the nature of our society to procastinate until things get really, really bad. You can have as much charts and graphs as you can make showing with absolute certainty that something bad will happen, but people won't even think seriously about a solution until it does.
We do this in less critical stuff as well. IPv6 is a good example.. that's not going to be adopted in any serious capacity until the internet actually breaks.
Like most environmentally friendly alternatives, it's not even close to ready for mainstream. The masses buy things when they make sense. This stuff doesn't make sense yet.
Luckily you always have people who are motivates by things other than practicality (early adopters). In this case, you have hippies;p
The same can be said with computer technology. A lot of stuff is impractical or overpriced when it first comes out.. but there are enough people who are enthusiastic about the tech and willing to buy it knowing it's not quite there yet.
I have another, less known example: Continuus/CM/Synergy. A VCS which is very expensive, and needs expensive servers to run on, but which has been surpassed in capacity by open source version control and issue systems a long time ago.
Throw clearcase and (ir)Rational Rhapsody into that pile as well.
The motto should be "tools you succeed not because of, but inspite of!"
My gut says even that approach wouldn't work.. as SAPs UI is highly dynamic (read: random) and inconsistent.
It baffles me that SAP is as popular as it is. I have yet to hear anyone who actually uses it say anything more flattering than "it's a huge piece of junk". Entire companies have gone bankrupt trying to implement it (seriously), it adds significant overhead to just about everything, and while I assume it must provide _some_ kind of value to someone.. it's certainly not to the peons who have to actually use the damn thing.
I'm still wary of any full time telecommuting type jobs. Much as I love the idea of working from home all the, I think a little face time with the people you are working with is irrationally necessary. Especially if others arn't telecommuting, as I suspect you'd start to be viewed as kind of outsourced labour, given shit jobs, and first out the door when money gets tight.
That said, I'd love to be able to telecommute occasionally (bad weather, feeling kinda off, waiting for a package, whatever..).
My understanding (which is very limited) of active cancellation is that it works great when you know exactly where the sound is coming from.. but less great when it's kinda everywhere (as is the situation here).
Would be nice if such a solution existed. I'd love an actively canceled computer (I'm a silent pc freak...)
You can't outright block access to an account after a certain number of tries because that creates an easy way to denial of service (someone can lock you out of your account just by entering a few bogus passwords). So you either block after a certain number of failed attempts (at which point botnets come into play) or install a captcha (at which point standard spam-level anti-captcha stuff comes into play.
But my original point was that there are so many much easier ways to get accounts, why is anyone going to go through all that trouble.
There is an argument for brute forcing when someone has broken into a server and stolen a list of hashed passwords (as then they can crank away at them all they want) so limiting to 16 chars kinda makes that a bit easier.. but I still think given hotmails user base they could easily just check against hashes for "password123" and get more than enough hits to make it not worth going further...
Stupid as this whole thing is, Microsoft does make one good point.
With the ease of phishing and harvesting passwords from other services where the user has used the same one.. who is gonna bother brute forcing a password.
It's like if your car has a notoriously easy to pick lock.. but you park in a parking lot where no one else even bothers locking theirs (and some have even had their doors removed for even more convenience..)
Even in larger shops I don't see the same kind of heavy architect / programmer seperation as much. It's still there, but a lot of the mindless code has been replaced by libraries, and most entry level coding positions still have a design component to them. Of course the natural progression is as you said, focusing more on design and less on the lower level nuts and bolts, but you make it sound like some kind of line you jump over one day. I see it more as natural career evolution, and at minimum I would still consider myself a "programmer".
It's one of those cases where re-inventing a wheel that has been invented a whole bunch of times made sense. I have fairly simple finances, nothing out there seemed to do what I wanted (either too complicated or too simple or too much of a hassle for what I needed) and by writing up my own app I got exactly what I wanted.
Thanks to lazy employers and various other circumstances
Well.. there's lazy and realistic.
Most employers do spend a fair amount of time and energy selecting between a few shortlisted candidates.. however there's no way an employer is going to have time to weed through hundreds of thousands of resumes from every kid who taught himself html and pick out which are bullshit and which are even worth interviewing. A degree makes an (imperfect) was of filtering that list down to a managable number.
That's just a basic skill
Which isn't taught in high school any more. It should be, but that's not the point.
Personally I don't think they should be decoupled.
My experience has been most people out of uni with a CS degree can't do either well. I'd rather someone in an architect role who worked their way up from code monkey and thus has a solid foundation in the realities of actual software projects (rather than someone spewing stuff out from their design patterns book).
Most of the really good programmers I know were largely self taught. They probably did a lot of coding in their spare time through high school, THEN went on to get a degree and finally a job..
This is of course why there is a thing between getting a degree and getting hired.. it's called a job interview! An interest in programming prior to formal education is usually seen as a good quality and will put you ahead of a similar candidate who didn't know what a c++ was till his second year. You probably won't even get in the door at most places without the degree however... so still worth getting one until there is a massive (not just one recruiter) shift in thinking among the HR departments of the world.
Also university isn't just about learning a trade (that's trade school). It's about getting a rounded education in stuff you probably don't give a shit about, building non-technical skills that are important (writing for instance), proving that you can tackle non-trivial problems with minimal supervision, and proving that you can handle a certain level of stress.
Which is something the vast majority of users don't care about.
Privacy and data ownership are big issues to the slashdot crowd.. not to the masses (lest we forget, facebook is all about blasting your personal info out to the world..). It's not even that people don't understand the issue, in a lot of cases they do, but have a different set of priorities.
As a previous poster said.. avoid the university "sawdust on floor" type joints and the pickup joints. They are usually fairly obviously marked. Here in Atlantic Canada we have lots of nice cozy historic pubs. Great atmosphere, live music, good food.. it's a great place to unwind with the guys after work.
And when there is a game on, nothing beats a sports bar... again.. avoid the university crowd and it can be a great time.
I have to assume they are using some clunky windows analysis program or something that lacks the ability to accept multiple directories or something.
Either way, the aufs (or whatever they use) bit seems to be the least of their worries. They bought an installed a bunch of gear and are just now looking into what to do with it, and they've decided they want it to boot in 30 seconds (protip: high end gear can take this long just doing it's self checks, which is a good thing! Fast booting and file server don't go well together).
Probably a summer student or the office "tech guy" running things. They'd be better off bringing in someone qualified.
Perfect, no... but I suspect there are companies where if required to justify what they did to protect the end users (was the thought of security even a consideration at any point..) would pretty much give a blank stare.
It's not about having perfect security imo, but rather about at least making an effort proportional to the risk you are putting users in.
Realistically you would need a standard (or set of standards) defining what "secure software" is... and good luck with that!
I would venture that in the case of a huge vulnerability, the company would be required to show "what they did" to secure the software (what kind of testing they did, review, etc..) and a jury would decide if they were negligent (excessively negligent would be the lead dev cracking on the stand about how the boss kept shouting "ship it or you get the cane again!".)
It'll have very little impact on actual code quality.
All that will happen is: - software prices will increase - a whole insurance industry will spring up around it (think malpractice insurance).. - people will specifically seek out stuff developed by small shops and try to break it specifically so they can sue.. - producing software will become so expensive and require so much up-front investment that indie devs will be SOL - the big guys will keep producing shit, and just protect themselves behind lawyers (and feed the cost back to the customer)
I think excessively poor software should result in some form of negligence... but general “can happen to anyone” type bugs.. no.
You can buy software with a (real) warrantee attached. In general this costs a fuck tonne of money because they are accepting a fair amount of liability. Even in a very horizontal market, the price increase for accepting that liability is going to be way more than anyone can afford.
You get what you pay for. Want software that is very secure and unlikely to have serious bugs.. you can get it.. but it’s gonna cost more than you are willing to pay if you don’t really _need_ that level of support.
You finally won.. you finally made me google gamemaker and find out what the hell it is (I vaguely knew of it’s existence.. but didn’t really know the details).
I don't normally like to feed trolls, but I felt congradulations were some how in order in this case...
Adding a few words to a disclaimer and accepting a little mockery is a hell of a lot cheaper than the lawsuit when someone, somehow manages to kill themselves with a software change...
Slashdot Mirror
Sure, but governments are the worst offenders.
No one wants to do something that puts themselves at risk of not being re-elected if they arn't expecting to see the benifits before their term is up and especially if it involves immediate sacrifice (while they are in office) for long term (after the next election) gains.
I agree with your other points, however I do think a lot of their problems were technical in nature.
The submission nails it.. bunch of kids with limited real world experience. The whole execution was amateurish and it really showed.
For instance, their problem with security wasn't that their software has some security holes, or a lot of security holes.. it was that the fundemental core design didn't take security into account at all. Good security creates a low level priviledged layer that you audit the crap out of, with upper layers limited (by a token based auth system for instance.. ), such that a bug in an upper layer is limited in what it can do. They just threw in some if statements and called it a day. A big selling point was supposed to be security.. but it was very clear to anyone who actually looked at the code that they didn't have a clue what they were doing. It is impossible to make an app secure the way they went. You can patch all the holes.. but the fundemental structure is insecure so new holes will be introduced constantly.
As programmers, we all look at something and say "pff, I could do better". Maybe we do it less as we gain more experience in seeing simple stuff turn wildly complex. This seems a case of that where some kids did that, then got way more attention then they should, and ended up looking like idiots.
Do you wait for that to happen or do you start to try and mitigate it now while there is still decades of time before the really bad stuff happens?
In my case, we get our power from a coal plant.. so I wouldn't be helping much there..
As for the actual question, it's in the nature of our society to procastinate until things get really, really bad. You can have as much charts and graphs as you can make showing with absolute certainty that something bad will happen, but people won't even think seriously about a solution until it does.
We do this in less critical stuff as well. IPv6 is a good example.. that's not going to be adopted in any serious capacity until the internet actually breaks.
Like most environmentally friendly alternatives, it's not even close to ready for mainstream. The masses buy things when they make sense. This stuff doesn't make sense yet.
Luckily you always have people who are motivates by things other than practicality (early adopters). In this case, you have hippies ;p
The same can be said with computer technology. A lot of stuff is impractical or overpriced when it first comes out.. but there are enough people who are enthusiastic about the tech and willing to buy it knowing it's not quite there yet.
I have another, less known example: Continuus/CM/Synergy. A VCS which is very expensive, and needs expensive servers to run on, but which has been surpassed in capacity by open source version control and issue systems a long time ago.
Throw clearcase and (ir)Rational Rhapsody into that pile as well.
The motto should be "tools you succeed not because of, but inspite of!"
My gut says even that approach wouldn't work.. as SAPs UI is highly dynamic (read: random) and inconsistent.
It baffles me that SAP is as popular as it is. I have yet to hear anyone who actually uses it say anything more flattering than "it's a huge piece of junk". Entire companies have gone bankrupt trying to implement it (seriously), it adds significant overhead to just about everything, and while I assume it must provide _some_ kind of value to someone.. it's certainly not to the peons who have to actually use the damn thing.
I'm still wary of any full time telecommuting type jobs. Much as I love the idea of working from home all the, I think a little face time with the people you are working with is irrationally necessary. Especially if others arn't telecommuting, as I suspect you'd start to be viewed as kind of outsourced labour, given shit jobs, and first out the door when money gets tight.
That said, I'd love to be able to telecommute occasionally (bad weather, feeling kinda off, waiting for a package, whatever..).
My understanding (which is very limited) of active cancellation is that it works great when you know exactly where the sound is coming from.. but less great when it's kinda everywhere (as is the situation here).
Would be nice if such a solution existed. I'd love an actively canceled computer (I'm a silent pc freak...)
It's kind of a back and forth game..
You can't outright block access to an account after a certain number of tries because that creates an easy way to denial of service (someone can lock you out of your account just by entering a few bogus passwords). So you either block after a certain number of failed attempts (at which point botnets come into play) or install a captcha (at which point standard spam-level anti-captcha stuff comes into play.
But my original point was that there are so many much easier ways to get accounts, why is anyone going to go through all that trouble.
There is an argument for brute forcing when someone has broken into a server and stolen a list of hashed passwords (as then they can crank away at them all they want) so limiting to 16 chars kinda makes that a bit easier.. but I still think given hotmails user base they could easily just check against hashes for "password123" and get more than enough hits to make it not worth going further...
Stupid as this whole thing is, Microsoft does make one good point.
With the ease of phishing and harvesting passwords from other services where the user has used the same one.. who is gonna bother brute forcing a password.
It's like if your car has a notoriously easy to pick lock.. but you park in a parking lot where no one else even bothers locking theirs (and some have even had their doors removed for even more convenience..)
Even if they started using cane sugar rather than HFCS, it might make a difference.
I blame the prevelance of really shitty food and the difficulty of finding decent food more than the packaging it comes in.
Even in larger shops I don't see the same kind of heavy architect / programmer seperation as much. It's still there, but a lot of the mindless code has been replaced by libraries, and most entry level coding positions still have a design component to them. Of course the natural progression is as you said, focusing more on design and less on the lower level nuts and bolts, but you make it sound like some kind of line you jump over one day. I see it more as natural career evolution, and at minimum I would still consider myself a "programmer".
I built my own.
It's one of those cases where re-inventing a wheel that has been invented a whole bunch of times made sense. I have fairly simple finances, nothing out there seemed to do what I wanted (either too complicated or too simple or too much of a hassle for what I needed) and by writing up my own app I got exactly what I wanted.
Thanks to lazy employers and various other circumstances
Well.. there's lazy and realistic.
Most employers do spend a fair amount of time and energy selecting between a few shortlisted candidates.. however there's no way an employer is going to have time to weed through hundreds of thousands of resumes from every kid who taught himself html and pick out which are bullshit and which are even worth interviewing. A degree makes an (imperfect) was of filtering that list down to a managable number.
That's just a basic skill
Which isn't taught in high school any more. It should be, but that's not the point.
Personally I don't think they should be decoupled.
My experience has been most people out of uni with a CS degree can't do either well. I'd rather someone in an architect role who worked their way up from code monkey and thus has a solid foundation in the realities of actual software projects (rather than someone spewing stuff out from their design patterns book).
Self taught and degree arn't mutally exclusive.
Most of the really good programmers I know were largely self taught. They probably did a lot of coding in their spare time through high school, THEN went on to get a degree and finally a job..
This is of course why there is a thing between getting a degree and getting hired .. it's called a job interview! An interest in programming prior to formal education is usually seen as a good quality and will put you ahead of a similar candidate who didn't know what a c++ was till his second year. You probably won't even get in the door at most places without the degree however... so still worth getting one until there is a massive (not just one recruiter) shift in thinking among the HR departments of the world.
Also university isn't just about learning a trade (that's trade school). It's about getting a rounded education in stuff you probably don't give a shit about, building non-technical skills that are important (writing for instance), proving that you can tackle non-trivial problems with minimal supervision, and proving that you can handle a certain level of stress.
Which is something the vast majority of users don't care about.
Privacy and data ownership are big issues to the slashdot crowd.. not to the masses (lest we forget, facebook is all about blasting your personal info out to the world..). It's not even that people don't understand the issue, in a lot of cases they do, but have a different set of priorities.
Totally disagree..
As a previous poster said.. avoid the university "sawdust on floor" type joints and the pickup joints. They are usually fairly obviously marked. Here in Atlantic Canada we have lots of nice cozy historic pubs. Great atmosphere, live music, good food.. it's a great place to unwind with the guys after work.
And when there is a game on, nothing beats a sports bar... again.. avoid the university crowd and it can be a great time.
I have to assume they are using some clunky windows analysis program or something that lacks the ability to accept multiple directories or something.
Either way, the aufs (or whatever they use) bit seems to be the least of their worries. They bought an installed a bunch of gear and are just now looking into what to do with it, and they've decided they want it to boot in 30 seconds (protip: high end gear can take this long just doing it's self checks, which is a good thing! Fast booting and file server don't go well together).
Probably a summer student or the office "tech guy" running things. They'd be better off bringing in someone qualified.
Perfect, no... but I suspect there are companies where if required to justify what they did to protect the end users (was the thought of security even a consideration at any point..) would pretty much give a blank stare.
It's not about having perfect security imo, but rather about at least making an effort proportional to the risk you are putting users in.
That of course is a huge issue.
Realistically you would need a standard (or set of standards) defining what "secure software" is... and good luck with that!
I would venture that in the case of a huge vulnerability, the company would be required to show "what they did" to secure the software (what kind of testing they did, review, etc..) and a jury would decide if they were negligent (excessively negligent would be the lead dev cracking on the stand about how the boss kept shouting "ship it or you get the cane again!".)
It'll have very little impact on actual code quality.
All that will happen is:
- software prices will increase
- a whole insurance industry will spring up around it (think malpractice insurance)..
- people will specifically seek out stuff developed by small shops and try to break it specifically so they can sue..
- producing software will become so expensive and require so much up-front investment that indie devs will be SOL
- the big guys will keep producing shit, and just protect themselves behind lawyers (and feed the cost back to the customer)
I think excessively poor software should result in some form of negligence ... but general “can happen to anyone” type bugs.. no.
You can buy software with a (real) warrantee attached. In general this costs a fuck tonne of money because they are accepting a fair amount of liability. Even in a very horizontal market, the price increase for accepting that liability is going to be way more than anyone can afford.
You get what you pay for. Want software that is very secure and unlikely to have serious bugs.. you can get it.. but it’s gonna cost more than you are willing to pay if you don’t really _need_ that level of support.
You finally won.. you finally made me google gamemaker and find out what the hell it is (I vaguely knew of it’s existence.. but didn’t really know the details).
I don't normally like to feed trolls, but I felt congradulations were some how in order in this case...
Adding a few words to a disclaimer and accepting a little mockery is a hell of a lot cheaper than the lawsuit when someone, somehow manages to kill themselves with a software change...