... steganography! Hide the key as noise in a random pic or MP3 on your hard-drive. When you need to decrypt something, you select a file at the same time as entering a pass phrase. There is no way anyone with even physical access to the machine and an army of Crays will be able to obtain your private key if the passphrase is also used as a key in the steganographic phase... is there?
That's a really good point. Like electric cars... sure, they may be 100% emissions free, but what about all the coal/oil/uranium that must be consumed to produce that energy.
iirc you cannot just flick a nuclear reactor or a coal/oil plant on and off. I remember some documentary saying that the electric cars could just soak up electricity wasted during the off-peak hours. Also, the electric car can be topped up from renewable sources, such as solar, when at rest. At the moment the big money is on fuel cell technology as the Next Big Thing.
So why are "money hungry" programmers any less driven than freebie bedroom programmers?
Some reasons spring to mind:
they get paid by the hour therefore recognition is not upon results alone
they are wasting time on petty internal political battles instead of coding
working towards M$ certification is more important than towards a successfull software project
they don't program for the love of it... in fact they may have done an arts degree but did a quickie convertion because computers are where the money is
They are probably more motivated on occasion (money, moolah, ca$h), and may actually have achieved a higher degree of academic excellence to get their high-paying jobs in the first place.
Academic excellence != good programmer. Even most of a degree in Computer Science you will never use in industry. I did some really weird and academic modules that were useless. As for high paying jobs, I've found that pay tends to be inversely proportional to the challenge. My choices between jobs have been pretty well divided along the lines of 'interesting' or 'well paid'. I always pick the former as it pushes me more and builds up skills I can always trade in later if I get wife/house/kids/etc.
Does anyone else think it ironic that a page charting an object crashing to Earth from space has "Technology sponsored by Iridium" on the right of the page?
The problem of the supply of hydrogen will be solved very quickly once there is demand for it. By the time only a few percent of vehicles are hydrogen powered, that is still a massive demand which will spur research into new or more efficient ways of producing hydrogen.
>> Me and my engineering buddies were laughing our asses off over this article. I like the 36 year old "programmer" who listed his skills as c, java, xml, cgi, js, fortran, basic. That sentence is like a giant red flag
Agreed. Jack of all trades, master of none...
I don't see what the big deal is. I have pretty much the same list and you can throw in Pascal and ARM assembler into the mix. As a kid I was brought up on BASIC. I was taught Pascal then C at University with which I went into industry writing OS and client server code. I then trained myself across to Java. JS, SQL and PHP all took me about a day each to pick up (the first and last borrow heavily on what you already know). CGI is a very simple way of interfacing your C or Java program. All though I am in the middle of a major PHP project, I feel most at home with C and Java. It seems the asses of ignorant people are easily amused?
At any rate, the British experiment sounds exciting. It will give us an opportunity to see how things work under such a system.
Excuse posting several times on one subject, but I feel I should point out that this isn't an experiment for us. We are sticking to what has proved very successful ever since we invented the digital computer all those years ago. Software is protected under copyright, which is how it should remain in my opinion (I have been publishing software for over 12 years).
I'm less sanguine about them trying to push this through the EU, and the EU in general.
The EU does tend to be volatile, with money slopping around beneath the surface of Brussels, and if the EU decides to support software patents then the UK will be forced to bin all its current laws and rewrite them to support software patents. This is why countries such as Denmark consistently vote to remain out of the EU.
One World govt. and economy is wrong for the same reason monoculture crops are wrong. One disease could kill the whole lot
Never thought about it that way but it's an interesting concept. Without competition from the Soviets, you'd never have put a man on the moon.
It was not a court decision but a government consultation, carried out by the patent office on behest of the government. In this country we have a powerful civil service, which is independant of any political party (and is secretly suspected by everyone of really running the country;-)).
The way many of our laws are created is that the civil service invite comments from the public. These are then taken on board, summarised, and legislation drafted to suit our needs. This doesn't always work, with politicians using various techniques such as switching clauses they want to steamroller through at the last minute into small clauses in bills already going through etc, but often it works well. This UK law has been determined by myself and 285 other people that live, work and care passionately about both IT and the country we live in. Perhaps our DTI (Department of Trade and Industry) has read Frederick Brooke's "Mythical Man Month" and taken the tip from the software industry that the earlier you correct a mistake the cheaper and less painful it is?
Not true. The software is not patentable but the technological innovation is. The criteria for the patent detailed here have not changed. It is saying that if the technological innovation must be implemented in software it should not be excluded. Very different from the software being patented. Personally I am very relieved, working for a small innovative software house, that the government has seen what has happened in the US and taken the best course of action. Now if only they will abolish the RIP bill...
As much as we may bitch and moan about how stupid the One-Click patent may be, is it so much different than an invention that allows one-button starting of a car?
In my opinion yes. 1-click shopping is blindingly obvious for a start. I implemented something exactly the same for a company I worked for before (AFAICR) Amazon implemented theirs (for digital works and not tangible goods, and from a prepaid account). And I didn't think I was doing anything new. For me it was a simple extension of the bar tab concept, and that has been around for hundreds of years.
Anyway, I'd be surprised at anything as broad as "one-button starting of a car" could be patented. Otherwise I would go to every country and patent a car being started by button press, RF, microwave, IR , etc.
I disagree totally. Software is a way of expressing ideas. Software is *not* a machine. The only discernable difference between software and natural language is that it is usually terser in syntax and effort has been made to make it unambigious (though not always true, eg C and/* which can mean start comment or divide by a number pointed to by a pointer). If it is deterministic (which usually follows from being unambiguous, ignoring hardware issues) and has a condition and branch instruction then it is as powerful as any language in existance.
By itself, Math is nothing. It's just a framework that people use for applying thought.
By itself, software is nothing. It's just a framework for people applying thought. Without a compiler (which depends on the compiler authors interpretation of how it should be converted to machine code) and a processor (with its own architecture and way of doing things) and supporting hardware infrastructure, software is just writing on a page.
In no case, however, is the software simply a set of abstract concepts intended to facilitate human navel-contemplation
Just because the control mechanism of a machine has moved from a purely physical implementation to an electronic one does not diminish the truth of its mechanical nature
Surely a non-mechanical mechanical nature is a contradiction in terms?
We allow the patenting of physical machines and industrial processes [...] Why should logical ones not receive equal protection?
We don't. We patent a technological innovation which is implemented in a physical machine or an industrial process. You can still patent a technological innovation in the UK if it is implemented in software. It's not the software you are patenting though but the innovation itself.
Can I conclude with the point that anyone who has studied computer science will have written software by hand on paper (in an exam) to express ideas to another human being (the examiner) who then understood that expression of ideas without a machine intermediary.
"You can do more damage by looking directly at the sun than by looking at one of these things," he says.
Well that's reassuring. Looking at the sun will damage your eyesight but this will damage your eyesight slightly less? I'm sure they are safe but that is an awful placation.
The original poster had it right judging from my experience. The laptop goes straight from docking station at work to docking station at home (and yes the individuals switch it on at home and yes they plug it into a nice large monitor). It virtually never gets used on the daily commute, only on very long journeys.
So for many people it could replace their laptop. In reality, would someone rather show off to their colleagues a shiny small box or the latest Sony Vaio?
I can see it would be useful for presentations. With a good IR/radio mouse and keyboard, you could actually tape the box to the overhead projecter. Don't people always trip over the PC leads in the dark no matter how carefully you try and tuck them away?
I like this idea, especially where it would be just as useful from the command line. Eg "locate -u --tracking" would output:
locate:complete=10%
locate:complete=20%
etc
In this format it would be easy to track even a complex statement of piped commands. It would also be easy for a GUI application to parse this and display it visually.
I don't think there is a joke in the world that doesn't offend someone somewhere. When we tell people jokes, we filter out from our mental joke jukebox anything we think they might find offensive. The first joke that comes to mind down the pub with my football mates probably isn't the first one I'd trot out to a new female employee to make her feel more relaxed.
With the web being accessible to everyone that filter is no longer there and the onus is on the end user to "get it". Complaining on Slashdot that it's obviously a joke is unfortunately preaching to the converted. Most of us here are intelligent and have some formal education. Sadly out there are many that are more limited, with knee-jerk reaction so fast that makes you wonder if the impulse came from the brain at all. We can hardly complain though when the same power that allows the joke to reach so many is also used by its opponents to whip up hysteria and misinformation.
People talk about disclaimers spoiling the deadpan nature but most deadpan material sits on satire news sites which is a disclaimer in itself. People can publish anything they like on the net, and jokes like this help to make people a little less credulous of the things they read. In an age when even journalists seem to have stopped checking their facts I can only see the existance of this web site as a good thing.
There are some applications and pages that try and learn your sense of humour and deliver jokes appropriate to you. I used to run eLOL (RIP) which was very good. However, the things that make you laugh the hardest are the things that take you from surprise.
I've been passed up for management positions, promotions, and raises all due to lack of experience. Never mind that I was clearly a better technician than my peers
Does being a better technician make you more suitable for management?
It's a sad fact that Age=Experience in a lot of people's eyes
There should be a correlation between age and experience though, with so many people piling into the industry through conversion courses and calling themselves 'experts' and 'consultants' because they can smell money, I think our industry is one where this holds the least true.
The problem for you is the attribute that is both a blessing and a curse: youth has yet to learn its own limits. Some of the greatest works were written by people too young to know something is impossible, eg Napster. On the other hand many claim that more is learnt by failing at something than succeeding. Youth implies that you have not had the time to see as many projects through and learned how to overcome the kinds of problems projects going awry can throw up.
The solution? My advice is to obtain the same respect inside the company as you received it upon applying for the job: your CV. Put in as much detail as possible into it and then point people to it as often as possible. Put it up on your intranet. Put a link to it on your.sig.
If that fails then act like a spoilt prima donna. Swap desks with someone in a better position without asking anyone, demand loudly that the Coke vending machine be moved 5 foot closer to your desk, do a 48hr stint then don't turn up for 3 days, etc. The people around will assume you are a hotshot child prodigy and give you newfound respect. (don't really do this!)
256MB x 3 = 768MB. That would only cost 3x71.50ukp (ie 214ukp total) over here, and the Netfinity can take 32GB of memory, I'd suggest it's a typo meaning 768MB.
How many more buffer overflows and compromises of key Internet infrastructure is it going to take to finally convince people that it is irresponsible to write security-critical software in C or C++?
Isn't the Linux kernal written in C/C++? And most of OpenBSD? And TrustedBSD? etc etc. You have some disdain for "C/C++ hackers" but there are also a number of C/C++ professional software engineers.
How on earth did this get moderated up when is just a rehash of the old BIND argument with absolutely nothing new to say?
I'm not going to repeat the same arguments *again*.
[snip good opinion neither of us can prove one way or other]
My whole point is that the technology exists today to prevent this kind of situations. There's no kind of excuse for this kind of bugs anymore
I strongly oppose your suggestion that you can make programmers work harder and code better (if you know how, you're going to be rich). It hasn't happened in the past and I guarantee you it won't happen in the future. It's the technology that's fundamentally flawed and not the programmer.
It's no secret. Software engineering is a fusion of cutting code with process. The fact is that some programmers are better than others. The better a team is, the less process they need. Frederick Brookes recommends 40/60 coding:testing ratio (afaicr). With a good team you can reverse this ratio. Large consultancies make money by cutting costs and hiring code monkeys but enforcing lengthy process to ensure the code reaches a certain bugs-per-thousand-lines limit. You could make it part of your process to have each all submitted code audited by two other programmers for buffer over-runs. Perfectly valid alternative solution. Not as elegant a solution, but it may be more cost-effective than rewriting an entire application in a new language.
The fact is you can make programmers code better, the ones that are willing to learn. The rest you just put through more process so that better code comes out the other end. You are evidently a very good technical person thus you see technology as the flaw. I have been guilty myself of focussing on technology too much and getting tunnel vision. The danger is in losing sight of the bigger picture as we are starting to do now.
Let's suppose your fairy godmother appears and offers to use her magic to make your system safe and secure.
As part of the way the magic works, in order to remove all buffer overflows and memory leaks and the like, it will cause all your programs to use twice as much cpu horsepower.
Would you take her up on the offer? Is it worth sacrificing some horsepower for security and safety?
I would take her up on it as soon as I had independant evidence it was true, I wouldn't take her word for it. As the efficiency and scalability improves we will see more and more shifting over but it will be tiered. First the non mission-critical applications (eg offline batch processing), then those where maintainability and development are more important (eg application server modules) and the critical applications will come last.
Let's take a look at CGI development. Initially all CGI scripts were written in C. Then they moved to Perl as this provided more power. Finally there was a divergance as it moved to PHP/ASP/JSP and Servlet/AppServer/(insert code rather than page orientated here) but they both offered increased security and maintainability. However, the progression only happened once the technology matured enough to be stable and provide enough oomph.
Cold Fusion appeared early in fairy godmother trappings, promising much, and was successful for small enterprises but fell over when large corporates tried to deploy it.
You can program completely safely in assembly langage -- heck, even directly in binary using a hex editor. It's just not productive to do so. The high level C does so much of the bookkeeping for you. Similarly, using even higher level languages to achieve type safety, bounds checkinging, automatic memory management, etc. is just an extension of getting the computer to automate more of the tedious bookkeeping of programming. Isn't it worth it? For *most* applications (esp. bind) is the efficiency of C *so* inmportant?
Answered elsewhere.
Not trying to start a flamewar. Just some thoughtless remarks to piss off people who hate high level languages.
Hope that's not aimed at me, I'm currently working on a rather large and complex PHP project:-) I have worked through OS development, to applications, to pure web (see my CV).
I suspect a Java implementation would perform acceptably too.
I'm not sure it would, though I have no evidence either way. Until recently Java applications have been fairly resource intensive, and the garbage collection has been variable (eg flushing at inconvenient times and bringing the system temporarily to a crawl). On the other hand, the progress in JVMs has been marvelous! I'm a Java programmer by profession so would love to see it get to the point where we can rewrite some of the more fundamental infrastructure apps in Java but I'm just not sure it's there yet.
If you want to volounteer your enterprise server, feel free to try dnsjava:-)
BTW. I disagree that this is a low level application. Device drivers are lowlevel applications. You typically find them at the bottom layer of the OSI model. Bind would classify for the application layer (almost at the top).
I'm sure you're not deliberately misunderstanding me, and I'm not going to get into an argument about semantics. Yes you are right it's at the application layer. By low level I meant (sorry if I wasn't clearer) a process just left running in the background that isn't visibly noticed or really changed 99% of the time.
Then, you hammer down the fact that it is possible to create safe programs in C. But then my simple question is: why the hell do we have all these security leaks? Bind isn't an incident, it's just the latest leak to be found. Probably a solution will be provided in the form of a patch. However, this patch won't fix the fundamental problem, it will just fix the symptom and in the future more bugs will be found.
We've been over why we have security leaks previously in this thread. We have identified fundamental problem which is we need to (a) make sure programmers do not make basic mistakes or (b) ensure programmers use tools to catch these mistakes or (c) use a compiler or interpreter (note: not language) that catches these automatically.
It appears to me to be a straight shoot-out between C and Java, unless you can give us some of the "plenty of alternatives to C" (preferably ones with comprehensive libraries). Can someone who has worked on implementing a JVM indicate the performance of a machine with nameserver (along with httpd, ftd, etc) all written in Java?
Educate people to write better code. So far there hasn't been much progress here: possibly there has been negative progress.
My guess is that this is because programming has moved from enthusiasts becoming programmers as a natural progression to an influx of new converts who have heard that "computer are where the money is, innit". Hopefully the dot-com shakeout will have shed a few jobsworths?
Start writing critical software in languages which check array bounds both at compile time where possible -- which can eliminate runtime overhead -- and at runtime where needed, and handle out-of-bounds accesses gracefully.
How about:
include some more standard library functions that does the checking for you (are the number of uses for a generic function too limited?)
similar to the style guide for code layout, have a set way of writing certain security-critical operations as standard practice. Even give it a xxx-compliant label if the software conforms.
It is valuable to discuss moving to a new language, and the pros and cons of the various target languages, but surely there is something we can do to improve the immediate extensive base of C code?
Cut the crap, one of the most important tools on the internet broke down because of a memory leak.
Incorrect. It was a potential buffer over-run exploit and not a memory leak. A memory leak is when memory is reserved by a program, and then the program forgets to release it. eg a function uses malloc() to reserve an area of memory for some temporary string manipulation and then forgets to free() that memory area before the function ends. If this function is called repeatedly then the program starts to soak up more and more memory until it (or in some primitive operating systems the OS itself) falls over. There are tools available to detect memory leaks in C programs such as Purity. Some languages deal with freeing up memory automatically, such as Java, using garbage collection.
A buffer over-run is where an area of memory is allocated and data is written to that area with no safeguards to ensure that the size of the data written is not greater than the size of the reserved memory area itself. This usually happens in cases where the data entered is not under the control of the software author, eg user-entered data. Once the data starts writing past the area reserved, it starts scribbling over areas reserved for other programs and for the OS itself.
Of course it is possible to create good programs if you don't make any errors, duh. The problem is that humans do make errors. And since C provides little or no protection against these errors it is unsafe.
The checks are either made by humans, or an automated tool that simulates the checks that human would have made. This applies as much to any 'safe' language as to C and associated software tools. If a programmer wishes to use C then they will have to learn to sanitise and bound user data. To cut down a sapling it doesn't matter which end you pick up a saw with. Those that cut down large trees quickly learn the business end of a running chainsaw.
As long as we will use C for implementing these kind of things, there will be memory leaks. Of course C is a very performance efficient language, however, things like this make it unsuitable for security critical apps because you can never be 100% sure it doesn't have memory leaks.
Substituting memory leaks for buffer over-runs, as explained above, it is simply a case of those writing security critical apps needing a little more dicipline and a lot more help auditing. Buffer over-runs are one of many things to watch for. There are many surprises that users can catch you with. In the trade-off between security, performance, available libraries, pervasiveness (you won't get code review if no-one understands the language) and flexibility, can you suggest another language that scores higher than C for such a low-level application?
Slashdot Mirror
... steganography! Hide the key as noise in a random pic or MP3 on your hard-drive. When you need to decrypt something, you select a file at the same time as entering a pass phrase. There is no way anyone with even physical access to the machine and an army of Crays will be able to obtain your private key if the passphrase is also used as a key in the steganographic phase... is there?
Phillip.
That's a really good point. Like electric cars... sure, they may be 100% emissions free, but what about all the coal/oil/uranium that must be consumed to produce that energy.
iirc you cannot just flick a nuclear reactor or a coal/oil plant on and off. I remember some documentary saying that the electric cars could just soak up electricity wasted during the off-peak hours. Also, the electric car can be topped up from renewable sources, such as solar, when at rest. At the moment the big money is on fuel cell technology as the Next Big Thing.
Phillip.
So why are "money hungry" programmers any less driven than freebie bedroom programmers?
Some reasons spring to mind:
They are probably more motivated on occasion (money, moolah, ca$h), and may actually have achieved a higher degree of academic excellence to get their high-paying jobs in the first place.
Academic excellence != good programmer. Even most of a degree in Computer Science you will never use in industry. I did some really weird and academic modules that were useless. As for high paying jobs, I've found that pay tends to be inversely proportional to the challenge. My choices between jobs have been pretty well divided along the lines of 'interesting' or 'well paid'. I always pick the former as it pushes me more and builds up skills I can always trade in later if I get wife/house/kids/etc.
Phillip.
Does anyone else think it ironic that a page charting an object crashing to Earth from space has "Technology sponsored by Iridium" on the right of the page?
Phillip.
The problem of the supply of hydrogen will be solved very quickly once there is demand for it. By the time only a few percent of vehicles are hydrogen powered, that is still a massive demand which will spur research into new or more efficient ways of producing hydrogen.
Phillip.
>> Me and my engineering buddies were laughing our asses off over this article. I like the 36 year old "programmer" who listed his skills as c, java, xml, cgi, js, fortran, basic. That sentence is like a giant red flag
...
Agreed. Jack of all trades, master of none
I don't see what the big deal is. I have pretty much the same list and you can throw in Pascal and ARM assembler into the mix. As a kid I was brought up on BASIC. I was taught Pascal then C at University with which I went into industry writing OS and client server code. I then trained myself across to Java. JS, SQL and PHP all took me about a day each to pick up (the first and last borrow heavily on what you already know). CGI is a very simple way of interfacing your C or Java program. All though I am in the middle of a major PHP project, I feel most at home with C and Java. It seems the asses of ignorant people are easily amused?
Phillip.
At any rate, the British experiment sounds exciting. It will give us an opportunity to see how things work under such a system.
Excuse posting several times on one subject, but I feel I should point out that this isn't an experiment for us. We are sticking to what has proved very successful ever since we invented the digital computer all those years ago. Software is protected under copyright, which is how it should remain in my opinion (I have been publishing software for over 12 years).
I'm less sanguine about them trying to push this through the EU, and the EU in general.
The EU does tend to be volatile, with money slopping around beneath the surface of Brussels, and if the EU decides to support software patents then the UK will be forced to bin all its current laws and rewrite them to support software patents. This is why countries such as Denmark consistently vote to remain out of the EU.
One World govt. and economy is wrong for the same reason monoculture crops are wrong. One disease could kill the whole lot
Never thought about it that way but it's an interesting concept. Without competition from the Soviets, you'd never have put a man on the moon.
Phillip.
It was not a court decision but a government consultation, carried out by the patent office on behest of the government. In this country we have a powerful civil service, which is independant of any political party (and is secretly suspected by everyone of really running the country ;-)).
The way many of our laws are created is that the civil service invite comments from the public. These are then taken on board, summarised, and legislation drafted to suit our needs. This doesn't always work, with politicians using various techniques such as switching clauses they want to steamroller through at the last minute into small clauses in bills already going through etc, but often it works well. This UK law has been determined by myself and 285 other people that live, work and care passionately about both IT and the country we live in. Perhaps our DTI (Department of Trade and Industry) has read Frederick Brooke's "Mythical Man Month" and taken the tip from the software industry that the earlier you correct a mistake the cheaper and less painful it is?
Phillip.
Not true. The software is not patentable but the technological innovation is. The criteria for the patent detailed here have not changed. It is saying that if the technological innovation must be implemented in software it should not be excluded. Very different from the software being patented. Personally I am very relieved, working for a small innovative software house, that the government has seen what has happened in the US and taken the best course of action. Now if only they will abolish the RIP bill...
Phillip.
As much as we may bitch and moan about how stupid the One-Click patent may be, is it so much different than an invention that allows one-button starting of a car?
In my opinion yes. 1-click shopping is blindingly obvious for a start. I implemented something exactly the same for a company I worked for before (AFAICR) Amazon implemented theirs (for digital works and not tangible goods, and from a prepaid account). And I didn't think I was doing anything new. For me it was a simple extension of the bar tab concept, and that has been around for hundreds of years.
Anyway, I'd be surprised at anything as broad as "one-button starting of a car" could be patented. Otherwise I would go to every country and patent a car being started by button press, RF, microwave, IR , etc.
Phillip.
Software is not math. Software is a machine.
/* which can mean start comment or divide by a number pointed to by a pointer). If it is deterministic (which usually follows from being unambiguous, ignoring hardware issues) and has a condition and branch instruction then it is as powerful as any language in existance.
I disagree totally. Software is a way of expressing ideas. Software is *not* a machine. The only discernable difference between software and natural language is that it is usually terser in syntax and effort has been made to make it unambigious (though not always true, eg C and
By itself, Math is nothing. It's just a framework that people use for applying thought.
By itself, software is nothing. It's just a framework for people applying thought. Without a compiler (which depends on the compiler authors interpretation of how it should be converted to machine code) and a processor (with its own architecture and way of doing things) and supporting hardware infrastructure, software is just writing on a page.
In no case, however, is the software simply a set of abstract concepts intended to facilitate human navel-contemplation
With the Unlambda Functional Programming Language I rest my case m'lud.
Just because the control mechanism of a machine has moved from a purely physical implementation to an electronic one does not diminish the truth of its mechanical nature
Surely a non-mechanical mechanical nature is a contradiction in terms?
We allow the patenting of physical machines and industrial processes [...] Why should logical ones not receive equal protection?
We don't. We patent a technological innovation which is implemented in a physical machine or an industrial process. You can still patent a technological innovation in the UK if it is implemented in software. It's not the software you are patenting though but the innovation itself.
Can I conclude with the point that anyone who has studied computer science will have written software by hand on paper (in an exam) to express ideas to another human being (the examiner) who then understood that expression of ideas without a machine intermediary.
Phillip.
"You can do more damage by looking directly at the sun than by looking at one of these things," he says.
Well that's reassuring. Looking at the sun will damage your eyesight but this will damage your eyesight slightly less? I'm sure they are safe but that is an awful placation.
Phillip.
The original poster had it right judging from my experience. The laptop goes straight from docking station at work to docking station at home (and yes the individuals switch it on at home and yes they plug it into a nice large monitor). It virtually never gets used on the daily commute, only on very long journeys.
So for many people it could replace their laptop. In reality, would someone rather show off to their colleagues a shiny small box or the latest Sony Vaio?
I can see it would be useful for presentations. With a good IR/radio mouse and keyboard, you could actually tape the box to the overhead projecter. Don't people always trip over the PC leads in the dark no matter how carefully you try and tuck them away?
Phillip.
Does anyone else find it ironic that eReferee sounds a pretty good name for an online arbitration site?
Phillip.
I like this idea, especially where it would be just as useful from the command line. Eg "locate -u --tracking" would output:
locate:complete=10%
locate:complete=20%
etc
In this format it would be easy to track even a complex statement of piped commands. It would also be easy for a GUI application to parse this and display it visually.
Phillip.
I'm currently working on getting my command history to trail the mouse pointer with a nice elastic swooshy effect.
Phillip.
I don't think there is a joke in the world that doesn't offend someone somewhere. When we tell people jokes, we filter out from our mental joke jukebox anything we think they might find offensive. The first joke that comes to mind down the pub with my football mates probably isn't the first one I'd trot out to a new female employee to make her feel more relaxed.
With the web being accessible to everyone that filter is no longer there and the onus is on the end user to "get it". Complaining on Slashdot that it's obviously a joke is unfortunately preaching to the converted. Most of us here are intelligent and have some formal education. Sadly out there are many that are more limited, with knee-jerk reaction so fast that makes you wonder if the impulse came from the brain at all. We can hardly complain though when the same power that allows the joke to reach so many is also used by its opponents to whip up hysteria and misinformation.
People talk about disclaimers spoiling the deadpan nature but most deadpan material sits on satire news sites which is a disclaimer in itself. People can publish anything they like on the net, and jokes like this help to make people a little less credulous of the things they read. In an age when even journalists seem to have stopped checking their facts I can only see the existance of this web site as a good thing.
There are some applications and pages that try and learn your sense of humour and deliver jokes appropriate to you. I used to run eLOL (RIP) which was very good. However, the things that make you laugh the hardest are the things that take you from surprise.
Phillip.
I've been passed up for management positions, promotions, and raises all due to lack of experience. Never mind that I was clearly a better technician than my peers
.sig.
Does being a better technician make you more suitable for management?
It's a sad fact that Age=Experience in a lot of people's eyes
There should be a correlation between age and experience though, with so many people piling into the industry through conversion courses and calling themselves 'experts' and 'consultants' because they can smell money, I think our industry is one where this holds the least true.
The problem for you is the attribute that is both a blessing and a curse: youth has yet to learn its own limits. Some of the greatest works were written by people too young to know something is impossible, eg Napster. On the other hand many claim that more is learnt by failing at something than succeeding. Youth implies that you have not had the time to see as many projects through and learned how to overcome the kinds of problems projects going awry can throw up.
The solution? My advice is to obtain the same respect inside the company as you received it upon applying for the job: your CV. Put in as much detail as possible into it and then point people to it as often as possible. Put it up on your intranet. Put a link to it on your
If that fails then act like a spoilt prima donna. Swap desks with someone in a better position without asking anyone, demand loudly that the Coke vending machine be moved 5 foot closer to your desk, do a 48hr stint then don't turn up for 3 days, etc. The people around will assume you are a hotshot child prodigy and give you newfound respect. (don't really do this!)
Phillip.
PS You want to be promoted up into management???
768 GB of RAM? Is that a typo?
256MB x 3 = 768MB. That would only cost 3x71.50ukp (ie 214ukp total) over here, and the Netfinity can take 32GB of memory, I'd suggest it's a typo meaning 768MB.
Phillip.
How many more buffer overflows and compromises of key Internet infrastructure is it going to take to finally convince people that it is irresponsible to write security-critical software in C or C++?
Isn't the Linux kernal written in C/C++? And most of OpenBSD? And TrustedBSD? etc etc. You have some disdain for "C/C++ hackers" but there are also a number of C/C++ professional software engineers.
How on earth did this get moderated up when is just a rehash of the old BIND argument with absolutely nothing new to say?
I'm not going to repeat the same arguments *again*.
Phillip.
[snip good opinion neither of us can prove one way or other]
My whole point is that the technology exists today to prevent this kind of situations. There's no kind of excuse for this kind of bugs anymore
I strongly oppose your suggestion that you can make programmers work harder and code better (if you know how, you're going to be rich). It hasn't happened in the past and I guarantee you it won't happen in the future. It's the technology that's fundamentally flawed and not the programmer.
It's no secret. Software engineering is a fusion of cutting code with process. The fact is that some programmers are better than others. The better a team is, the less process they need. Frederick Brookes recommends 40/60 coding:testing ratio (afaicr). With a good team you can reverse this ratio. Large consultancies make money by cutting costs and hiring code monkeys but enforcing lengthy process to ensure the code reaches a certain bugs-per-thousand-lines limit. You could make it part of your process to have each all submitted code audited by two other programmers for buffer over-runs. Perfectly valid alternative solution. Not as elegant a solution, but it may be more cost-effective than rewriting an entire application in a new language.
The fact is you can make programmers code better, the ones that are willing to learn. The rest you just put through more process so that better code comes out the other end. You are evidently a very good technical person thus you see technology as the flaw. I have been guilty myself of focussing on technology too much and getting tunnel vision. The danger is in losing sight of the bigger picture as we are starting to do now.
Phillip.
Let's suppose your fairy godmother appears and offers to use her magic to make your system safe and secure.
:-) I have worked through OS development, to applications, to pure web (see my CV).
As part of the way the magic works, in order to remove all buffer overflows and memory leaks and the like, it will cause all your programs to use twice as much cpu horsepower.
Would you take her up on the offer? Is it worth sacrificing some horsepower for security and safety?
I would take her up on it as soon as I had independant evidence it was true, I wouldn't take her word for it. As the efficiency and scalability improves we will see more and more shifting over but it will be tiered. First the non mission-critical applications (eg offline batch processing), then those where maintainability and development are more important (eg application server modules) and the critical applications will come last.
Let's take a look at CGI development. Initially all CGI scripts were written in C. Then they moved to Perl as this provided more power. Finally there was a divergance as it moved to PHP/ASP/JSP and Servlet/AppServer/(insert code rather than page orientated here) but they both offered increased security and maintainability. However, the progression only happened once the technology matured enough to be stable and provide enough oomph.
Cold Fusion appeared early in fairy godmother trappings, promising much, and was successful for small enterprises but fell over when large corporates tried to deploy it.
You can program completely safely in assembly langage -- heck, even directly in binary using a hex editor. It's just not productive to do so. The high level C does so much of the bookkeeping for you. Similarly, using even higher level languages to achieve type safety, bounds checkinging, automatic memory management, etc. is just an extension of getting the computer to automate more of the tedious bookkeeping of programming. Isn't it worth it? For *most* applications (esp. bind) is the efficiency of C *so* inmportant?
Answered elsewhere.
Not trying to start a flamewar. Just some thoughtless remarks to piss off people who hate high level languages.
Hope that's not aimed at me, I'm currently working on a rather large and complex PHP project
Phillip.
I suspect a Java implementation would perform acceptably too.
:-)
I'm not sure it would, though I have no evidence either way. Until recently Java applications have been fairly resource intensive, and the garbage collection has been variable (eg flushing at inconvenient times and bringing the system temporarily to a crawl). On the other hand, the progress in JVMs has been marvelous! I'm a Java programmer by profession so would love to see it get to the point where we can rewrite some of the more fundamental infrastructure apps in Java but I'm just not sure it's there yet.
If you want to volounteer your enterprise server, feel free to try dnsjava
BTW. I disagree that this is a low level application. Device drivers are lowlevel applications. You typically find them at the bottom layer of the OSI model. Bind would classify for the application layer (almost at the top).
I'm sure you're not deliberately misunderstanding me, and I'm not going to get into an argument about semantics. Yes you are right it's at the application layer. By low level I meant (sorry if I wasn't clearer) a process just left running in the background that isn't visibly noticed or really changed 99% of the time.
Then, you hammer down the fact that it is possible to create safe programs in C. But then my simple question is: why the hell do we have all these security leaks? Bind isn't an incident, it's just the latest leak to be found. Probably a solution will be provided in the form of a patch. However, this patch won't fix the fundamental problem, it will just fix the symptom and in the future more bugs will be found.
We've been over why we have security leaks previously in this thread. We have identified fundamental problem which is we need to (a) make sure programmers do not make basic mistakes or (b) ensure programmers use tools to catch these mistakes or (c) use a compiler or interpreter (note: not language) that catches these automatically.
It appears to me to be a straight shoot-out between C and Java, unless you can give us some of the "plenty of alternatives to C" (preferably ones with comprehensive libraries). Can someone who has worked on implementing a JVM indicate the performance of a machine with nameserver (along with httpd, ftd, etc) all written in Java?
Phillip.
My guess is that this is because programming has moved from enthusiasts becoming programmers as a natural progression to an influx of new converts who have heard that "computer are where the money is, innit". Hopefully the dot-com shakeout will have shed a few jobsworths?
Start writing critical software in languages which check array bounds both at compile time where possible -- which can eliminate runtime overhead -- and at runtime where needed, and handle out-of-bounds accesses gracefully.
How about:
It is valuable to discuss moving to a new language, and the pros and cons of the various target languages, but surely there is something we can do to improve the immediate extensive base of C code?
Phillip.
Cut the crap, one of the most important tools on the internet broke down because of a memory leak.
Incorrect. It was a potential buffer over-run exploit and not a memory leak. A memory leak is when memory is reserved by a program, and then the program forgets to release it. eg a function uses malloc() to reserve an area of memory for some temporary string manipulation and then forgets to free() that memory area before the function ends. If this function is called repeatedly then the program starts to soak up more and more memory until it (or in some primitive operating systems the OS itself) falls over. There are tools available to detect memory leaks in C programs such as Purity. Some languages deal with freeing up memory automatically, such as Java, using garbage collection.
A buffer over-run is where an area of memory is allocated and data is written to that area with no safeguards to ensure that the size of the data written is not greater than the size of the reserved memory area itself. This usually happens in cases where the data entered is not under the control of the software author, eg user-entered data. Once the data starts writing past the area reserved, it starts scribbling over areas reserved for other programs and for the OS itself.
Of course it is possible to create good programs if you don't make any errors, duh. The problem is that humans do make errors. And since C provides little or no protection against these errors it is unsafe.
The checks are either made by humans, or an automated tool that simulates the checks that human would have made. This applies as much to any 'safe' language as to C and associated software tools. If a programmer wishes to use C then they will have to learn to sanitise and bound user data. To cut down a sapling it doesn't matter which end you pick up a saw with. Those that cut down large trees quickly learn the business end of a running chainsaw.
As long as we will use C for implementing these kind of things, there will be memory leaks. Of course C is a very performance efficient language, however, things like this make it unsuitable for security critical apps because you can never be 100% sure it doesn't have memory leaks.
Substituting memory leaks for buffer over-runs, as explained above, it is simply a case of those writing security critical apps needing a little more dicipline and a lot more help auditing. Buffer over-runs are one of many things to watch for. There are many surprises that users can catch you with. In the trade-off between security, performance, available libraries, pervasiveness (you won't get code review if no-one understands the language) and flexibility, can you suggest another language that scores higher than C for such a low-level application?
Phillip.