This is right on the money. FB's security model is poorly thought out, and the indifference of the CEO to privacy concerns probably has a lot to do with it. In generally, the ad-hoc revisions of their privacy settings (which have at times forced users to opt out of more permissive settings) are indicative of a poorly thought out security model.
The kind of "attack" that is effective (and has been used against FB users) is the "viral app" -- basically, the typical facebook "app" requires that the app is able to perform actions on behalf of the user and see the users data, so most users don't think twice about checking these boxes.
This is a fallacy -- because it assumes that the "number of seats" is a fixed quantity. As long as the foreign students pay for their education it's probably a win for the American students. As long as there is more money coming in, there will be a way to increase capacity.
Grad school programs in the US are pretty good. People come from all over the place. Students from other countries (UK, Europe, Australia) are usually better prepared than their US counterparts. The US education system isn't so much uniformly "bad", it's just quite variable. Some students take first year grad courses in their final year and come out with a very strong background, but others are taking 9th grade math in college.
Some students also come over because it's a reasonable path to immigration, so even if the programs themselves weren't very good, being in the country can open doors.
the border between work and leisure time is rather blurred for me.
But perhaps that's the problem. Maybe if you distinguished the two, you'd find that you had more leisure time.
Our judicial system is fucked if they don't bring charges against Mr. Chase for slandering Mr. Siegenthaler.
The way civil law (which libel falls under) works, it's up to Siegenthaler to sue Chase, if he chooses to do so. So if Siegenthaler doesn't wish to sue (he doesn't, RTA), then the case doesn't go to court regardless of how meritorious a hypothetical libel argument would be.
Well, duh. Ever heard of a Bonferroni correction? Morons.
I think the point is that if 20 people do the same study, one of those people will publish the wrong result by chance. This is a bit silly in practice, because if the results contradict the majority of findings, the authors will probably be asked to explain this (and once it does get published, the lit reviews and meta analyses can address these apparent contradictions between different studies). If they find the opposite of everyone else and their effect size is small, they will probably be more cautious in their conclusions.
That is, of course, the solution this particular problem. It's a chicken-egg problem. In order to compete, they think they have to do it. If they all agreed not to do it, would that be illegal? I don't know, but I know they don't do it because they're afraid the other guy will capture market share.
The real problem here is that the person who selects the book isn't making a purchasing decision, so the book market doesn't obey the laws of price competition. I'd argue that if the publishers had to compete on price, they'd find a way to make prices lower.
The institutions are part of the problem. There is no need to make a course heavily dependent on a particular textbook (in the sense that it's almost impossible to pass the course without the book because homework assignments are set from it). Maybe there's not much that can be done about dependency on a particular book (since most students will need the set text anyway), but there's usually very little need for dependency on a particular edition.
C# is much more than a "Windows programming language". There is a vast amount of C# code available on Mac and Linux, and C# is a standard, not just a MS language. Mono, heard of it?
Yes, I have heard of Mono, which last I checked does not include major parts of the core C# libraries. How many major linux applications are written in C# ? I agree that it's a standard. But it is originally designed, and implemented, as a Windows programming language. For example, it is designed to run on an operating system that has a number of features including support for graphical user interfaces and multithreading. It is not a general purpose programming language in the same sense that C++ is.
Because sometimes you want to write something quickly without having to worry about managing memory, pointers, etc.
That doesn't in itself call for a "successor" to C++, that calls for a tool with fundamentally design goals. Such tools already exist, go right ahead and use them.
but in most cases you can get away with a little bit more CPU usage with the benefit of code maintainability.
"Most cases" is different for different people. But your example doesn't call for a "successor" to C++ anyway. Simpler languages, and safer languages
already exist, but they're not really "successors" to C++.
Compare it to CPAN (perl) or Java. It can't do very much.
The aim of the standard library is not to "do as much as possible". The problem with canonizing a library in the standard, is that once it's there, you have a huge amount of code that depends on it, so you're stuck with it.
As for CPAN, last I checked, nothing in CPAN (or indeed perl!) was part of any formal standard in the same sense as the C++ library. CPAN is a collection of contributed libraries for Perl. There are also an enormous number of third party libraries for C++.
The bottom line is that putting a particular library in the standard gives it a sort of canonization/elevation that is probably not desirable as far as GUI libraries is concerned. I doubt it would be possible to get everyone to agree on a single true C++ GUI library, and neither should they.
1. Member function pointers. Implementation dependent and messy syntax that few people even know about.
I agree that these are a hassle. The adapters help, but don't completely solve the problem (IIRC tr1 improves the state of affairs with adapters)
2. The "virtual =0" syntax instead of something nice like "abstract" or "interface" is just weird.
Well, yeah, but I don't think this is a killer bug. btw, "interface" is a bad choice for a pure virtual anyway. After all, a non-virtual function is also part of the interface (and a private virtual function is not part of the interface for anyone besides the class author)
3. Operator new and delete were designed by someone on crack.
placement versions are seldom used by non-experts (in fact seldom used in general). delete doesn't and shouldn't take parameters. The destructor needs to be a nothrow operation, so it shouldn't do anything besides release resources. You take care of the stuff that needs parameters before you call the destructor -- there really is good reason to make these separate calls.
There is a "typeid" operator but no "typeof" operator.
This is on top of the list for new language additions, the main debate seems to be about how to do it, not whether it's a good idea (see "auto")
Give me a break. Java was the successor to C++, and C# is the successor to Java.
C++ is a general purpose standard programming language that scales up or down. The same is not true of either C# (Windows programming language) or java (not standard, requires substantial runtime support)
I don't understand why languages that take someone like me hours and minutes to learn fully have to be changed will-nilly every ten to twenty years.
I agree with you -- but if you read the article, you'll notice that Bjarne's point of view (and for that matter, the prevailing view in the community) is also consistent with yours. Basically, changes in the language are to be as minimal as possible. The changes that he proposes will not make life harder or more confusing. The "new C++" is going to be much the same as the old C++, but with a larger standard library.
The place where more substantial changes will occur (in fact have already occurred in TR1) is in the library. Libraries do change, that's a basic fact of life. The C++ standard library is still much simpler than other standard libraries.
C. "Innovation" does not mean "invention". Applying existing technologies and discoveries to create new implementations that do what was not possible before - is also innovation.
Fine, but that's setting the bar pretty low. By this standard, many (I would argue, in fact, most) MS development tools are "innovative". They combine and integrate existing paradigms in an interesting way. VS.net/C# is a pretty good example of that. It's true that none of the individual bullet points are terribly new, but the fact remains that it does combine things in ways they haven't been combined before (basically, it does the same thing as Java, and has some advantages of its own)
Several of these are off-base.
Many of the supposed "open source" innovations were inherited from proprietary unix. These include most desktop features, and diff/patch.
I wouldn't really call gcc "innovative" (portability is not in itself an innovation, neither is supporting multiple languages), but it is a very good compiler.
I wouldn't call python, perl and ruby "innovative". There are programming languages that predate these which are more innovative (common lisp, smalltalk). I like and use python, but most of its good features are judicious implementations of prior work in functional programming languages.
One open source tool I would call truly innovative is the TeX typesetting system. I don't think anything else that was around at the time even came anywhere near it.
Smalltalk wannabies. They wanted to create an illusion of persistent development environment where application is being developed and live at the same time. That already existed in Smalltalk since its very beginning.
Seems to me that a different bar is being set for "MS innovation" as opposed to "OSS innovation". For example, perl, Ruby and python have been cited as "innovative" in this article. Now Ruby and python are great programming languages (I'll spare you my thoughts on perl), but what does it bring to the table technology-wise, that languages like Common Lisp and Smalltalk didn't do years ago ?
BTW, I am surprised that no-one appears to have cited TeX as an example of OSS innovation (though someone mentioned LyX. Hahahaha... maybe it's a sign that slashdot is getting taken over by whiny kids)
This does not apply, legally or morally, to breach of contract, because the contract only creates an obligation (legal and moral) for the people who signed it.
The fact that you want to separate the roles of the "beneficiary" and the "infringer" who can remain anonymous while the "beneficiary" goes about his business in the light of day,
does not mean that the beneficiary is not party to the breach. Indeed, without someone playing the role of beneficiary, there is no breach.
Actually, IMO your aim is to protect both the beneficiary and the infringer, the point is that the separation of roles benefits the infringer as well because it makes it easier for him to commit his crime behind the veil of anonymity (after all, he only needs to surface for long enough to leak a single copy). I bet that if the infringer were caught, you would be the last person calling for his head on a plate.
And again, this is the reason we have laws against receiving stolen goods -- it's so that someone can not sell goods that are obviously stolen in broad daylight. You could make your NDA argument about the seller of stolen goods-- that it's the thiefs fault, etc. I've already discussed why that argument doesn't hold water.
It's only analagous if we consider theft analagous to breach of contract.
BTW, the analogy has nothing to do with whether or not you think that malicious breach of contract deserves leniency. The point is that there are reasons (legal and moral) that committing a crime via a thin layer of indirection is still committing a crime. The fact that you modularise responsibilities (for example, by having one guy steal the car and another guy sell them) does not (morally or legally) contain the guilt to the "module" committing the obvious crime (in this case, the car thief). In this case, the crime is different, but the idea is the same.
It's only analagous if we consider theft analagous to breach of contract.
We're not talking about breach of contract in the benign sense here (as in, failure to fulfil ones obligations), this is an example of a malicious breach of contract. It's similar to deliberately violating an NDA (which you could be sued badly for) I suppose it's more analogous to vandalism (-;
However, entering a contract intending to stick to it, then changing your mind later, is not fraud.
Come on, that's just silly. That's like selling something, then deciding after the buyer has paid that you "change your mind" and "don't want to" send them the product any more.
In that case, the person who receives a copy is in the clear, since any breach of the contract is a matter to be settled between the parties to the contract. Glad we agree.
Since we're talking about morality as opposed to legality, I'll point out that they're guilty of something analogous to receiving stolen goods. They aren't a party to the contract, but they are a beneficiary of a willful breach of contract.
Fraud is different from breach of contract,
Entering a contract with the intent to breach it is fraud.
The contract is a private agreement between two people. It's simply ridiculous to expect third parties to be bound by contracts they didn't sign.
No-one is forced to be bound by something they didn't sign. The point is that people shouldn't profiteer from fraud.
And frankly, I'd say it's unreasonable to punish a receiver of stolen goods any further than by having him return the goods, unless he was somehow involved with committing or arranging the theft.
[example snipped]
Your example is a straw man. Receiving stolen goods laws typically apply when you
knowingly receive stolen goods. How do you "prove" someone knew ? Again, reasonable person tests could apply. Your example is neither analogous to the discussion at hand (regarding willful software/music piracy) nor relevant to laws regarding receiving stolen goods.
An artist starts their career on the strengths of an initial album release that can be played live in almost it's entirety - otherwise, how does an artist have a set long enough to entertain an audience for long enough? Music downloaders who buy their music by the song are probably not people who go to see specific bands perform live - it just isn't worth paying for a concert ticket to hear the two or three tracks you like performed.
OK, but I'm not sure how you go to there, to the idea that fans of whole albums will suddenly "convert" and become fans of "one or two songs" as opposed to the other "filler" due to the availability of downloads (legal or otherwise).
We have actually had downloads for a few years now, is there an emerging trend that downloads are cannabilizing album sales ? I though the only "conclusion" reached was that work was fairly inconclusive. No-one has established a causal link between declining album sales and downloads anyway.
Precisely what I said, you obviously need to read my posting again. It's the album buyers that make the musicians money, not the legal downloaders.
I read it just fine. How do you know that the album buyers are going to turn into one or two track downloaders ? Not only is this an unsupported (indeed, unstated) assumption you're making, the available empirical data appear to contradict it.
I don't buy it. I don't buy it that the people who are only interested in purchasing one or two tracks are the sort of people who were funding the sort of "classic albums" that you like to listen to. And I don't buy the argument that bands that are primary live acts are beholden to the whims of the downloaders -- how does that work ? If most of their money is made playing live, I doubt they'll suddenly make more money with the download model.
Basically, your comments about "real music by real musicians" make my argument for me -- the ipod/mplayer cardio bunnies not only aren't listening to the music you're interested in, they never were.
Slashdot Mirror
This is right on the money. FB's security model is poorly thought out, and the indifference of the CEO to privacy concerns probably has a lot to do with it. In generally, the ad-hoc revisions of their privacy settings (which have at times forced users to opt out of more permissive settings) are indicative of a poorly thought out security model. The kind of "attack" that is effective (and has been used against FB users) is the "viral app" -- basically, the typical facebook "app" requires that the app is able to perform actions on behalf of the user and see the users data, so most users don't think twice about checking these boxes.
This is a fallacy -- because it assumes that the "number of seats" is a fixed quantity. As long as the foreign students pay for their education it's probably a win for the American students. As long as there is more money coming in, there will be a way to increase capacity.
Grad school programs in the US are pretty good. People come from all over the place. Students from other countries (UK, Europe, Australia) are usually better prepared than their US counterparts. The US education system isn't so much uniformly "bad", it's just quite variable. Some students take first year grad courses in their final year and come out with a very strong background, but others are taking 9th grade math in college. Some students also come over because it's a reasonable path to immigration, so even if the programs themselves weren't very good, being in the country can open doors.
the border between work and leisure time is rather blurred for me. But perhaps that's the problem. Maybe if you distinguished the two, you'd find that you had more leisure time.
The way civil law (which libel falls under) works, it's up to Siegenthaler to sue Chase, if he chooses to do so. So if Siegenthaler doesn't wish to sue (he doesn't, RTA), then the case doesn't go to court regardless of how meritorious a hypothetical libel argument would be.
I think the point is that if 20 people do the same study, one of those people will publish the wrong result by chance. This is a bit silly in practice, because if the results contradict the majority of findings, the authors will probably be asked to explain this (and once it does get published, the lit reviews and meta analyses can address these apparent contradictions between different studies). If they find the opposite of everyone else and their effect size is small, they will probably be more cautious in their conclusions.
Only if the probabilities of each instance being right are independent.
The real problem here is that the person who selects the book isn't making a purchasing decision, so the book market doesn't obey the laws of price competition. I'd argue that if the publishers had to compete on price, they'd find a way to make prices lower.
The institutions are part of the problem. There is no need to make a course heavily dependent on a particular textbook (in the sense that it's almost impossible to pass the course without the book because homework assignments are set from it). Maybe there's not much that can be done about dependency on a particular book (since most students will need the set text anyway), but there's usually very little need for dependency on a particular edition.
Yes, I have heard of Mono, which last I checked does not include major parts of the core C# libraries. How many major linux applications are written in C# ? I agree that it's a standard. But it is originally designed, and implemented, as a Windows programming language. For example, it is designed to run on an operating system that has a number of features including support for graphical user interfaces and multithreading. It is not a general purpose programming language in the same sense that C++ is.
That doesn't in itself call for a "successor" to C++, that calls for a tool with fundamentally design goals. Such tools already exist, go right ahead and use them.
but in most cases you can get away with a little bit more CPU usage with the benefit of code maintainability.
"Most cases" is different for different people. But your example doesn't call for a "successor" to C++ anyway. Simpler languages, and safer languages already exist, but they're not really "successors" to C++.
The aim of the standard library is not to "do as much as possible". The problem with canonizing a library in the standard, is that once it's there, you have a huge amount of code that depends on it, so you're stuck with it.
As for CPAN, last I checked, nothing in CPAN (or indeed perl!) was part of any formal standard in the same sense as the C++ library. CPAN is a collection of contributed libraries for Perl. There are also an enormous number of third party libraries for C++.
The bottom line is that putting a particular library in the standard gives it a sort of canonization/elevation that is probably not desirable as far as GUI libraries is concerned. I doubt it would be possible to get everyone to agree on a single true C++ GUI library, and neither should they.
I agree that these are a hassle. The adapters help, but don't completely solve the problem (IIRC tr1 improves the state of affairs with adapters)
2. The "virtual =0" syntax instead of something nice like "abstract" or "interface" is just weird.
Well, yeah, but I don't think this is a killer bug. btw, "interface" is a bad choice for a pure virtual anyway. After all, a non-virtual function is also part of the interface (and a private virtual function is not part of the interface for anyone besides the class author)
3. Operator new and delete were designed by someone on crack.
placement versions are seldom used by non-experts (in fact seldom used in general). delete doesn't and shouldn't take parameters. The destructor needs to be a nothrow operation, so it shouldn't do anything besides release resources. You take care of the stuff that needs parameters before you call the destructor -- there really is good reason to make these separate calls.
There is a "typeid" operator but no "typeof" operator.
This is on top of the list for new language additions, the main debate seems to be about how to do it, not whether it's a good idea (see "auto")
C++ is a general purpose standard programming language that scales up or down. The same is not true of either C# (Windows programming language) or java (not standard, requires substantial runtime support)
I agree with you -- but if you read the article, you'll notice that Bjarne's point of view (and for that matter, the prevailing view in the community) is also consistent with yours. Basically, changes in the language are to be as minimal as possible. The changes that he proposes will not make life harder or more confusing. The "new C++" is going to be much the same as the old C++, but with a larger standard library.
The place where more substantial changes will occur (in fact have already occurred in TR1) is in the library. Libraries do change, that's a basic fact of life. The C++ standard library is still much simpler than other standard libraries.
Yes.
Simply updating one shared library (libz.so or zlib.dll) will fix the problem for all of your installed applications. No?
No. Some applications ship their own zlib and/or statically link to it, circumventing the benefits of modularity.
Fine, but that's setting the bar pretty low. By this standard, many (I would argue, in fact, most) MS development tools are "innovative". They combine and integrate existing paradigms in an interesting way. VS.net/C# is a pretty good example of that. It's true that none of the individual bullet points are terribly new, but the fact remains that it does combine things in ways they haven't been combined before (basically, it does the same thing as Java, and has some advantages of its own)
Several of these are off-base. Many of the supposed "open source" innovations were inherited from proprietary unix. These include most desktop features, and diff/patch. I wouldn't really call gcc "innovative" (portability is not in itself an innovation, neither is supporting multiple languages), but it is a very good compiler. I wouldn't call python, perl and ruby "innovative". There are programming languages that predate these which are more innovative (common lisp, smalltalk). I like and use python, but most of its good features are judicious implementations of prior work in functional programming languages. One open source tool I would call truly innovative is the TeX typesetting system. I don't think anything else that was around at the time even came anywhere near it.
Seems to me that a different bar is being set for "MS innovation" as opposed to "OSS innovation". For example, perl, Ruby and python have been cited as "innovative" in this article. Now Ruby and python are great programming languages (I'll spare you my thoughts on perl), but what does it bring to the table technology-wise, that languages like Common Lisp and Smalltalk didn't do years ago ?
BTW, I am surprised that no-one appears to have cited TeX as an example of OSS innovation (though someone mentioned LyX. Hahahaha ... maybe it's a sign that slashdot is getting taken over by whiny kids)
The fact that you want to separate the roles of the "beneficiary" and the "infringer" who can remain anonymous while the "beneficiary" goes about his business in the light of day, does not mean that the beneficiary is not party to the breach. Indeed, without someone playing the role of beneficiary, there is no breach.
Actually, IMO your aim is to protect both the beneficiary and the infringer, the point is that the separation of roles benefits the infringer as well because it makes it easier for him to commit his crime behind the veil of anonymity (after all, he only needs to surface for long enough to leak a single copy). I bet that if the infringer were caught, you would be the last person calling for his head on a plate.
And again, this is the reason we have laws against receiving stolen goods -- it's so that someone can not sell goods that are obviously stolen in broad daylight. You could make your NDA argument about the seller of stolen goods-- that it's the thiefs fault, etc. I've already discussed why that argument doesn't hold water.
BTW, the analogy has nothing to do with whether or not you think that malicious breach of contract deserves leniency. The point is that there are reasons (legal and moral) that committing a crime via a thin layer of indirection is still committing a crime. The fact that you modularise responsibilities (for example, by having one guy steal the car and another guy sell them) does not (morally or legally) contain the guilt to the "module" committing the obvious crime (in this case, the car thief). In this case, the crime is different, but the idea is the same.
We're not talking about breach of contract in the benign sense here (as in, failure to fulfil ones obligations), this is an example of a malicious breach of contract. It's similar to deliberately violating an NDA (which you could be sued badly for) I suppose it's more analogous to vandalism (-;
However, entering a contract intending to stick to it, then changing your mind later, is not fraud.
Come on, that's just silly. That's like selling something, then deciding after the buyer has paid that you "change your mind" and "don't want to" send them the product any more.
Since we're talking about morality as opposed to legality, I'll point out that they're guilty of something analogous to receiving stolen goods. They aren't a party to the contract, but they are a beneficiary of a willful breach of contract.
Fraud is different from breach of contract,
Entering a contract with the intent to breach it is fraud.
No-one is forced to be bound by something they didn't sign. The point is that people shouldn't profiteer from fraud.
And frankly, I'd say it's unreasonable to punish a receiver of stolen goods any further than by having him return the goods, unless he was somehow involved with committing or arranging the theft.
[example snipped]
Your example is a straw man. Receiving stolen goods laws typically apply when you knowingly receive stolen goods. How do you "prove" someone knew ? Again, reasonable person tests could apply. Your example is neither analogous to the discussion at hand (regarding willful software/music piracy) nor relevant to laws regarding receiving stolen goods.
You didn't, neither did I.
An artist starts their career on the strengths of an initial album release that can be played live in almost it's entirety - otherwise, how does an artist have a set long enough to entertain an audience for long enough? Music downloaders who buy their music by the song are probably not people who go to see specific bands perform live - it just isn't worth paying for a concert ticket to hear the two or three tracks you like performed.
OK, but I'm not sure how you go to there, to the idea that fans of whole albums will suddenly "convert" and become fans of "one or two songs" as opposed to the other "filler" due to the availability of downloads (legal or otherwise).
We have actually had downloads for a few years now, is there an emerging trend that downloads are cannabilizing album sales ? I though the only "conclusion" reached was that work was fairly inconclusive. No-one has established a causal link between declining album sales and downloads anyway.
Precisely what I said, you obviously need to read my posting again. It's the album buyers that make the musicians money, not the legal downloaders.
I read it just fine. How do you know that the album buyers are going to turn into one or two track downloaders ? Not only is this an unsupported (indeed, unstated) assumption you're making, the available empirical data appear to contradict it.
I don't buy it. I don't buy it that the people who are only interested in purchasing one or two tracks are the sort of people who were funding the sort of "classic albums" that you like to listen to. And I don't buy the argument that bands that are primary live acts are beholden to the whims of the downloaders -- how does that work ? If most of their money is made playing live, I doubt they'll suddenly make more money with the download model. Basically, your comments about "real music by real musicians" make my argument for me -- the ipod/mplayer cardio bunnies not only aren't listening to the music you're interested in, they never were.