I've never used VB or C#, but I'll venture a guess. The reason "VB sucks" is brandied about is mostly because database design is hard, and programming is hard, period. They are just difficult tasks to accomplish and to do both "right" requires at minimum a smidgen of talent and incredible amounts of experience.
However, VB's syntax, dev environment and marketing makes it easier for certain people, that is, people who haven't dedicated large portions of their waking hours to programming for years, to dig in and hack something that works okay most of the time. Thus, the majority of VB code tends to be written by relatively inexperienced programmers, since us burly types all tend to stick with really masochistic languages like C++ that are less forgiving.
So, whenever a capital P Programmer comes across most VB, her eyes will roll over, she'll throw up a little in her mouth, and then post it on worsethanfailure.com and we'll all guffaw on how most people haven't taken a course on data structures, or seem to totally misunderstand OOP, or some other fundamental concept. Thus, VB has a bad rap.
In reality, there is no limitation to what you can do in VB. It's a language, a Turing complete one at that, and thus by definition (google Turing-Church hypothesis) anything you can describe in C# you can similarly describe in VB. Whether or not the implementation of the language or underlying hardware will limit you or not, is a different story.
I've never watched a Microsoft, IBM, Oracle, Nvidia, AMD, Intel, Creative Labs, Google, Sony, HP or Dell CEO keynote addresses (to name a few off the top of my head), aside maybe from Ballmer shouting "Developers!".
I've been on Linux-only for 4 years now. I've never owned a mac, tho I did do support for them at one point. All I have is a 1st gen ipod I got refurbished. For some reason, I know when WWDC and Macworld hit (June & January), and on keynote days I too refresh slashdot and ars technica (which have HUGE coverages of these events) continuously. I know TONS of people who do the same.
Whatever it is, they're doing something right. I wish more companies had that kind of flair.
There are all sorts of forums for proposing and discussing open Web technologies including the IETF, W3C, OASIS and even ECMA. Until all of the underlying technologies in OpenSocial have been handed over to one or more of these standards bodies, this is a case of the proprietary pot calling the proprietary kettle black.
Hahahahaha. As if anyone, and Microsoft of all companies, ever really bothers to follow all that the ECMA and the W3C have to say. Ah yes, I'll now go and happily write some javascript-to-the-spec and some CSS-to-the-spec that'll work across browsers. Clearly, that's the kind of world we live in.
Unfortunately, I'm a CS undergrad, so I'm not sure I'd be a good candidate for judging whether "good science" is getting accomplished here. Here's a cache link to the first paper for those of you without university-paid subscriptions to the journal, since the posted pdf is now 404'ing.
The title & the abstract lead me to think that it's not the pseudo-science kind of psychology getting practiced here.
The ability to create and hold a mental schema of an object is one of the milestones in cognitive development. Developmental scientists have named the behavioral manifestation of this competence object permanence. Convergent evidence indicates that frontal lobe maturation plays a critical role in the display of object permanence, but methodological and ethical constrains have made it difficult to collect neurophysiological evidence from awake, behaving infants. Near-infrared spectroscopy provides a noninvasive assessment of changes in oxy- and deoxyhemoglobin and total hemoglobin concentration within a prescribed region. The evidence described in this report reveals that the emergence of object permanence is related to an increase in hemoglobin concentration in frontal cortex.
If you fucking need photoshop, go out and buy it. Case closed.
If you're really that concerned with the Gimp's feature set, either check out the latest-trunk and get cracking, or fucking come to terms with the fact that thousands of highly educated man-hours doesn't come cheap.
Honestly, people, what's with bashing software people are releasing for free? I personally think it'd be nice if everything were open source, but there are only two solutions when FOSS software can't compete for your specific use case: - Put your money where your mouth is, and code it - Go out and buy the software that does do what you want.
Well, for one, it's pretty hard to get your name, address and phone number from the details of your hardware and what software you have installed. There's just nothing linking back to you; even if it got your hard drive serial numbers, you'd still have to access to every hard drive manufacturer's sales database before it could be used to pinpoint which continent you're on.
Microsoft isn't in the business of selling security, it's in the business of selling a platform you can run your apps on (and, well, office too).
They'd be incredibly silly if they didn't bend over backwards to make sure no apps get broken 'cos of these patches. If your mission-critical XYZ app suddenly stops working, you have every right to be pissed off!
(whereas mission-critical XYZ could also be called "that photo sharing app grandma learned how to use five years ago".)
My understanding is that MS doesn't really care whether other people will implement the standard or not. Those 6000 pages they shat out and called a standard read like someone grepped the Office source tree for comments, removed all of the profanity and made the format serializable to xml.
In effect, the format seems to be horribly convoluted, since it evolved over the past 15 years (makes you admire the motivation of people working on OO.o or poi), and requires a large amount of reverse engineering. MS knows the standard is completely useless.
So why bother? This way they can tell governments like Massachusetts that their software won't create vendor lock-in - why, it's based off a standard approved by the ISO - and totally neuter a large body of arguments for switching away from Microsoft.
Why would you? No vendor lock-in (supposedly), already established (so switching has an inherent cost), etc etc. It's the best of both worlds. No politician - or major decision maker - will ever page through the standard themselves.
And if bad publicity on how shitty the standard is worked, we wouldn't be a few countries away from having the thing successfully fast tracked through the ISO in the first place.
Do you really think that many people have read it?
I've only read Shame, but I'm pretty sure that I missed out on a very large quantity of cultural references and perhaps a large part of the satire. From what a friend told me, 'The Satanic Verses' is somewhat inaccessible if you don't have a familiarity with Islam and India/Pakistan. I'm not sure I'd understand any references to Khomeini, either.
(IAmNotADoctor, but) Actually, that sounds like your mum god triaged differently.
People with different needs get prioritised differently; for a while, they thought my girlfriend might've had some form of cancer in the brain. Within a week or two she got an MRI, which for people with say something not life threatening might take months to get seen.
You were either in worse shape or your condition was more threatening to your quality of life than whatever your mother had. Or maybe your remaining life expectancy is also a factor they take into consideration.
Yeah except that's a misplaced candidate name is a highly visible change and easy to prove and enforce. You take a picture of the screen and cry bloody murder and it'll get fixed; if the machine registers your vote erroneously and you don't have a paper trail, you're SOL. It's your word against the official record.
Laziness on the part of the "system administrator" should under no circumstances be grounds for the little twit to bring you up on criminal or civil charges.
The difference would be in that with Wifi, unlike with satellite signals, you won't just be a passive receiver of signal; by definition you have to interact with their equipment when you send requests for, say, websites. Ergo, it can be easily construed that you cost them some form of their resource: bandwidth, excess electricity, and even the degradation of their own service (as the number of clients increases, or so what I know, the amount of simultaneous wireless connections it can sustain at once decreases).
As such, it is not in the same class per se, as satellite signal "theft", encrypted or unencrypted, which is to a victim-less crime if you're willing to ignore any immeasurable, arbitrary number of potential sales lost. It directly has immediately quantifiable consequences and should be treated as accordingly.
At any rate, it's not like it's hard to verify whether the SSID says "Hey! Free use!" or not. If someone wants it to be used, it's easy enough to advertise it so without being ambiguous in any way or shape. As such, I don't really get the sentiments that it's a free arena and someone else's fault; you clearly know that you're taking advantage of some little twit whose router just happens to shout "Linksys" to everyone in the area while being none the wiser. It's not so hard to respect someone else's resource, if it's not interfering with your own affairs.
Hm. I'd prefer "evolved" over "designed". My understanding is that what we currently know as Unix has come about through normal trial and error over the past thirty years.
As far as I know, as I'm no researcher in the field, security is a bit of a state of mind. It's mostly a measurement of how much time and effort/money you're willing to invest in it; you can code for it in your specs, but it'll depend on how much time you put into debugging it (which, in turn, has diminuishing returns as time wears on: you don't know how many bugs you have at the start and it takes too long to test a comprehensive list of situations). Not to mention the law of unintended consequences, where a bug in an underlying system (which could be anything from your compiler to your processor architecture) exposes something that you didn't want exposed.
So, it all depends on what you mean by security. It's very hard if not impossible to guarantee that your system is attack-proof, 100% of the time. However, 99% or 95% is a lot easier, in comparison, and for most cases, iunno, 80% is good enough. If your system can only be broken by the top 20% of attackers, the likelihood of anyone of them visiting your specific system may be too low to be worth investing your time and effort in (case in point: your average blog).
As such, if you're shooting for the top percentile, I guess that does mean you can't trust your users. You have a whitelist of programs for your users, you routinely inspect logs and the second you realise something was compromised, you wipe it clean and restore it from backups - after figuring out how to prevent the same thing fom happening again.
Effectively, this also means that you can't really just point at a system and declare it more secure. The unix security model happens to be less permissive than the single-user model windows evolved around, and over time was developed with the explicit knowledge that several people you might not trust will be using it. The NSA pointed out that it's still not that great, and gave us in turn SE Linux modules.
Even the darling of OSS security, OpenBSD, can only do what they do because they consider it their utmost priority: they openly sacrifice portability and system speed and efficiency because, in their routine code audits (which no one else bothers or can afford to do) they optimise for security.
On my machine (I am the only user), you're right. Anything getting full user powers could run servers, access/modify/delete all my documents and so on. To fix it, yeah I'd have to wipe my user and start again. But I'd only have to wipe my user. I wouldn't have to reinstall all my apps and reconfigure the machine.
I was thinking specifically about rootkits. My point is that while in theory that's how it works (normal users don't have root priviliges, end of story) the reality of things is a bit different. In most cases, if not the absolute majority, it's perfectly okay to wipe your user account and make a new one.
However, if it's security you have in mind, you have *no* guarantees whatsoever that your machine isn't rooted, unless you painfully run a hash check against every system binary and recompile your kernel from fresh sources. Until you do that, as far as you know whoever took over your user account also got around to rooting your machine. The least painful way to be absolutely sure is to start afresh with a new system.
Maybe I'm just paranoid, but I like to be absolutely certain whenever possible.
It kind of depends on your definition of "taking control of your computer". If you mean that exploiting a cursor library alone won't let you gain root, that is true as libraries don't run with that sort of privilege. However, if you were to define "control of your computer" as being able to delete all your data, set up a spambox or an irc/web/ftp server on your machine and so on, well that's quite possible, given that these libraries run with user privileges.
The problem is that, in practical terms, those two "levels of exploitation" are indistinguishable. Once an attacker possesses user privileges on your machine, she is then free to find and use exploits that would give her root on your box, upon which you're just as owned.
While the moral victory is nice, in that we UNIXy types don't worry as much, it's all irrelevant as in both cases the only really safe thing to do is wipe the machine clean and start fresh.
I just noticed that too, when file-roller told me it didn't know what to do. Who the fuck uses those anymore? I imagine using a mac is almost prereq for a design major, but still...
Actually, I'm not so sure it's so bad. I mean, you're not always gonna get returns of 50% more memory every two years, but on the other hand you *did* just gain an extra 50 gigs.
Iunno about you, but that's a still a very usable improvement curve.
Slashdot Mirror
I've never used VB or C#, but I'll venture a guess.
The reason "VB sucks" is brandied about is mostly because database design is hard, and programming is hard, period. They are just difficult tasks to accomplish and to do both "right" requires at minimum a smidgen of talent and incredible amounts of experience.
However, VB's syntax, dev environment and marketing makes it easier for certain people, that is, people who haven't dedicated large portions of their waking hours to programming for years, to dig in and hack something that works okay most of the time. Thus, the majority of VB code tends to be written by relatively inexperienced programmers, since us burly types all tend to stick with really masochistic languages like C++ that are less forgiving.
So, whenever a capital P Programmer comes across most VB, her eyes will roll over, she'll throw up a little in her mouth, and then post it on worsethanfailure.com and we'll all guffaw on how most people haven't taken a course on data structures, or seem to totally misunderstand OOP, or some other fundamental concept. Thus, VB has a bad rap.
In reality, there is no limitation to what you can do in VB. It's a language, a Turing complete one at that, and thus by definition (google Turing-Church hypothesis) anything you can describe in C# you can similarly describe in VB. Whether or not the implementation of the language or underlying hardware will limit you or not, is a different story.
I've never watched a Microsoft, IBM, Oracle, Nvidia, AMD, Intel, Creative Labs, Google, Sony, HP or Dell CEO keynote addresses (to name a few off the top of my head), aside maybe from Ballmer shouting "Developers!".
I've been on Linux-only for 4 years now. I've never owned a mac, tho I did do support for them at one point. All I have is a 1st gen ipod I got refurbished. For some reason, I know when WWDC and Macworld hit (June & January), and on keynote days I too refresh slashdot and ars technica (which have HUGE coverages of these events) continuously. I know TONS of people who do the same.
Whatever it is, they're doing something right. I wish more companies had that kind of flair.
Hahahahaha. As if anyone, and Microsoft of all companies, ever really bothers to follow all that the ECMA and the W3C have to say.
Ah yes, I'll now go and happily write some javascript-to-the-spec and some CSS-to-the-spec that'll work across browsers. Clearly, that's the kind of world we live in.
Note to self: next time scroll down before doing this sort of thing.
http://science.slashdot.org/comments.pl?sid=340667&cid=21127661
Unfortunately, I'm a CS undergrad, so I'm not sure I'd be a good candidate for judging whether "good science" is getting accomplished here. Here's a cache link to the first paper for those of you without university-paid subscriptions to the journal, since the posted pdf is now 404'ing.
The title & the abstract lead me to think that it's not the pseudo-science kind of psychology getting practiced here.
Why the fuck are you comparing it to Photoshop?
If you fucking need photoshop, go out and buy it. Case closed.
If you're really that concerned with the Gimp's feature set, either check out the latest-trunk and get cracking, or fucking come to terms with the fact that thousands of highly educated man-hours doesn't come cheap.
Honestly, people, what's with bashing software people are releasing for free? I personally think it'd be nice if everything were open source, but there are only two solutions when FOSS software can't compete for your specific use case:
- Put your money where your mouth is, and code it
- Go out and buy the software that does do what you want.
Well, for one, it's pretty hard to get your name, address and phone number from the details of your hardware and what software you have installed. There's just nothing linking back to you; even if it got your hard drive serial numbers, you'd still have to access to every hard drive manufacturer's sales database before it could be used to pinpoint which continent you're on.
However, the stuff you type in google tends to be far more intimate and personally revealing just by itself.
Of course, this is all moot given a good IP address and a willing ISP, but that's a different story (and nothing to be concerned about).
Microsoft isn't in the business of selling security, it's in the business of selling a platform you can run your apps on (and, well, office too).
They'd be incredibly silly if they didn't bend over backwards to make sure no apps get broken 'cos of these patches. If your mission-critical XYZ app suddenly stops working, you have every right to be pissed off!
(whereas mission-critical XYZ could also be called "that photo sharing app grandma learned how to use five years ago".)
The 100 proofs against God was obviously satire. I doubt whoever wrote it expected anyone to take it seriously.
My understanding is that MS doesn't really care whether other people will implement the standard or not. Those 6000 pages they shat out and called a standard read like someone grepped the Office source tree for comments, removed all of the profanity and made the format serializable to xml.
In effect, the format seems to be horribly convoluted, since it evolved over the past 15 years (makes you admire the motivation of people working on OO.o or poi), and requires a large amount of reverse engineering. MS knows the standard is completely useless.
So why bother? This way they can tell governments like Massachusetts that their software won't create vendor lock-in - why, it's based off a standard approved by the ISO - and totally neuter a large body of arguments for switching away from Microsoft.
Why would you? No vendor lock-in (supposedly), already established (so switching has an inherent cost), etc etc. It's the best of both worlds. No politician - or major decision maker - will ever page through the standard themselves.
And if bad publicity on how shitty the standard is worked, we wouldn't be a few countries away from having the thing successfully fast tracked through the ISO in the first place.
Do you really think that many people have read it?
I've only read Shame, but I'm pretty sure that I missed out on a very large quantity of cultural references and perhaps a large part of the satire. From what a friend told me, 'The Satanic Verses' is somewhat inaccessible if you don't have a familiarity with Islam and India/Pakistan. I'm not sure I'd understand any references to Khomeini, either.
(IAmNotADoctor, but) Actually, that sounds like your mum god triaged differently.
People with different needs get prioritised differently; for a while, they thought my girlfriend might've had some form of cancer in the brain. Within a week or two she got an MRI, which for people with say something not life threatening might take months to get seen.
You were either in worse shape or your condition was more threatening to your quality of life than whatever your mother had.
Or maybe your remaining life expectancy is also a factor they take into consideration.
Yeah except that's a misplaced candidate name is a highly visible change and easy to prove and enforce.
You take a picture of the screen and cry bloody murder and it'll get fixed; if the machine registers your vote erroneously and you don't have a paper trail, you're SOL. It's your word against the official record.
What happens when you genuinely want to say, "I was in a Hotel in Lima with a beautiful view of the Delta dancing Tango with a guy named Oscar"?
Considering how much I just spent on "bussiness casual" clothing for my Bank job, that start-up is looking mighty interesting now...
That is silly, and still homophobic to boot, dude.
The difference would be in that with Wifi, unlike with satellite signals, you won't just be a passive receiver of signal; by definition you have to interact with their equipment when you send requests for, say, websites. Ergo, it can be easily construed that you cost them some form of their resource: bandwidth, excess electricity, and even the degradation of their own service (as the number of clients increases, or so what I know, the amount of simultaneous wireless connections it can sustain at once decreases).
As such, it is not in the same class per se, as satellite signal "theft", encrypted or unencrypted, which is to a victim-less crime if you're willing to ignore any immeasurable, arbitrary number of potential sales lost. It directly has immediately quantifiable consequences and should be treated as accordingly.
At any rate, it's not like it's hard to verify whether the SSID says "Hey! Free use!" or not. If someone wants it to be used, it's easy enough to advertise it so without being ambiguous in any way or shape. As such, I don't really get the sentiments that it's a free arena and someone else's fault; you clearly know that you're taking advantage of some little twit whose router just happens to shout "Linksys" to everyone in the area while being none the wiser. It's not so hard to respect someone else's resource, if it's not interfering with your own affairs.
Hm. I'd prefer "evolved" over "designed". My understanding is that what we currently know as Unix has come about through normal trial and error over the past thirty years.
As far as I know, as I'm no researcher in the field, security is a bit of a state of mind. It's mostly a measurement of how much time and effort/money you're willing to invest in it; you can code for it in your specs, but it'll depend on how much time you put into debugging it (which, in turn, has diminuishing returns as time wears on: you don't know how many bugs you have at the start and it takes too long to test a comprehensive list of situations). Not to mention the law of unintended consequences, where a bug in an underlying system (which could be anything from your compiler to your processor architecture) exposes something that you didn't want exposed.
So, it all depends on what you mean by security. It's very hard if not impossible to guarantee that your system is attack-proof, 100% of the time. However, 99% or 95% is a lot easier, in comparison, and for most cases, iunno, 80% is good enough. If your system can only be broken by the top 20% of attackers, the likelihood of anyone of them visiting your specific system may be too low to be worth investing your time and effort in (case in point: your average blog).
As such, if you're shooting for the top percentile, I guess that does mean you can't trust your users. You have a whitelist of programs for your users, you routinely inspect logs and the second you realise something was compromised, you wipe it clean and restore it from backups - after figuring out how to prevent the same thing fom happening again.
Effectively, this also means that you can't really just point at a system and declare it more secure. The unix security model happens to be less permissive than the single-user model windows evolved around, and over time was developed with the explicit knowledge that several people you might not trust will be using it. The NSA pointed out that it's still not that great, and gave us in turn SE Linux modules.
Even the darling of OSS security, OpenBSD, can only do what they do because they consider it their utmost priority: they openly sacrifice portability and system speed and efficiency because, in their routine code audits (which no one else bothers or can afford to do) they optimise for security.
I was thinking specifically about rootkits. My point is that while in theory that's how it works (normal users don't have root priviliges, end of story) the reality of things is a bit different. In most cases, if not the absolute majority, it's perfectly okay to wipe your user account and make a new one.
However, if it's security you have in mind, you have *no* guarantees whatsoever that your machine isn't rooted, unless you painfully run a hash check against every system binary and recompile your kernel from fresh sources. Until you do that, as far as you know whoever took over your user account also got around to rooting your machine. The least painful way to be absolutely sure is to start afresh with a new system.
Maybe I'm just paranoid, but I like to be absolutely certain whenever possible.
Not quite.
It kind of depends on your definition of "taking control of your computer". If you mean that exploiting a cursor library alone won't let you gain root, that is true as libraries don't run with that sort of privilege. However, if you were to define "control of your computer" as being able to delete all your data, set up a spambox or an irc/web/ftp server on your machine and so on, well that's quite possible, given that these libraries run with user privileges.
The problem is that, in practical terms, those two "levels of exploitation" are indistinguishable. Once an attacker possesses user privileges on your machine, she is then free to find and use exploits that would give her root on your box, upon which you're just as owned.
While the moral victory is nice, in that we UNIXy types don't worry as much, it's all irrelevant as in both cases the only really safe thing to do is wipe the machine clean and start fresh.
I just noticed that too, when file-roller told me it didn't know what to do.
Who the fuck uses those anymore? I imagine using a mac is almost prereq for a design major, but still...
It's spooky how relevant your comment is to me.
Everyone made due with the 5 megs Hotmail threw your way; Yahoo, when paid, would give you some 10 megs?
Hundred meg mailboxes were things to be feared by sysadmins and only existed if you worked in a large company or hosted your own.
Then all of the sudden Gmail came out on April Fools with a 1 gig mailbox. Everyone sorta giggled and assumed they were joking, too!
Actually, I'm not so sure it's so bad.
I mean, you're not always gonna get returns of 50% more memory every two years, but on the other hand you *did* just gain an extra 50 gigs.
Iunno about you, but that's a still a very usable improvement curve.
Shouldn't it be coat hanger shaped then?