Well, in a "sterile" security zone, one unapproved person can ruin everything. Even if you find him/her, they may have given an weapon to somebody else who was screened earlier and passed.
Oh, fuck, is there anyone who really believes that airport security prevents weapons from getting through? I personally have forgotten pocket knives in my carryon luggage twice in the past year, and neither time were they detected. The airports are nowhere close to being a sterile zone. Never have been, never will be.
As Steve McConnell noted a long time ago, one of the major reasons you supply free coffee and free pop is to keep your employees close to their desks. If people walk across the street to starbucks twice a day, or even to the cafeteria, , that's 30 minutes of productivity per day you lost. Assuming $70k a year for a developer, those walks across the street cost you $4300/year. It's a lot cheaper to buy a coffee machine.
I disagree. The special effects/CGI was relevant to the plot. The 3-D was icing on the cake, and I found it uncomfortable to watch. This may have been in part due to the poor seats we had (close and to the side). The plot itself of course was fairly mundane, but it was a fun movie.
How new is a discipline which can now claim that at least three biological generations of man have been involved in it? Consider Hoare and Turing, Kernighan and Ritchie, and the current class of students. Heck, there have been three generations involved simply since I first laid hands to keyboard in the 70's.
As a Greybeard myself, I have repeatedly run into these types of dismissals of the value of my experience and that of my aged peers. These dismissals usually come from the youngest in the room. While it's good to challenge assumptions, it's also good to consider the possibility that you may not have been the first to do so, and that many folks before you may have done so and come to the conclusion that the assumption is still valid. I think it's logically risky to conclude that everyone before you was a freaking idiot, and that you are now the first person to see the light.
And please, if you work on my team, comment the big pieces of code.
We do our builds on a pool of linux machines, in a continuous build cycle, so that isn't really a problem.
In the case I noted, the gal turned the AV off specifically because she needed to move some files around, and was thinking it was taking too long. The real problem was the ancient hub that her machine was plugged into.
The stated complaint was that she was having to copy a set of large files around, and it was taking too long. Since I spend a lot of my time copying many more and larger files in the same environment, I'm skeptical of the basis for her complaint. Our AV software isn't too onerous. Her team doesn't work -any- overtime, so I'm unsympathetic.
We maintain a development network and a QA network. The dev and QA teams have admin on the server machines in these networks. This is useful/necessary because we are constantly spinning up and tearing down virtual machines for various scenarios. Devs have local admin on their workstations. In general this has worked fine, except for one moron who used the privilege to turn off her virus scanning.
Production is subject to more structured control in theory, but in practice, I and another couple of guys have/sudo/root on the prod machines, because our corporate admins don't want to learn enough about the software to be useful. So much for PCI...
I'm pretty sure I'm not unique in having picked up such things at that age.
You're not unique, but you are unusual. I helped in my son's 5th grade class when they used NQC (not quite C) for programming lego style robots, and most of the kids struggled a bit, despite this being a class of brighter kids. One of the kids picked it up immediately, but he is certifiably genius material (5th grade at 8 years old). My son, who is just your average run of the mill 99th percentile student, was able to accomplish the robot tasks, but didn't really grok the larger 'program' thang.
On the larger topic, I think python is a pretty good choice for teaching kids. The NetBeans IDE will likely be a good choice when they get the python addons stable (don't know if they are yet, a few months ago they were rocky. If you're not scared of spending a little money, the Komodo IDE from activestate is a good IDE for Python/Perl.
I also think VB would be a good choice, again if you're not afraid of spending money, but anyone trying to teach a 12 year old programming is likely to be teaching them Linux soon as well, and VB won't be portable.
I'm talking totally impossible, acid trip inspired creatures and landscapes.
You're saying this like it's a bad thing.
Me, I'm looking forward to blowing a bowl and seeing it with the kids this weekend.
Re:Lower G = Weaker Lifeforms and another thing...
on
The Science of Avatar
·
· Score: 1
We have lasers, NOW, why on Earth would we still be using bullets in 140 years?
Because projectile weapons might still have the combat advantage due to the weight of the ammunition required. A laser weapon (or phaser, or blaster, etc) will require some source of power. Making a significant source of power small enough for a handheld weapon is non-trivial. Even a taser is bulky compared to a regular pistol.
To illustrate the import of this, the M-16 was chambered for the.223 (5.56mm NATO) over the.308 (7.62mm NATO) cartridge primarily because the light weight of the cartridge would allow troops to carry more rounds/shots of ammunition. This cartridge allows you to kill someone up to 400 yards away, yet weighs just a few grams. A laser would have to be pretty good to beat this.
Fair enough, and I agree with your prior statement, which was that C is not hard to learn. I'm old enough to have worked extensively in C because we didn't have the more modern alternatives. Even C++ was new, dinosaurs were still leaving tracks in the mud, and Kernighan was still dating.
I have not recently encountered many problems where I needed to take on C or C++ to create a sufficiently efficient solution. I have nothing against C, indeed I loved working in it back in the day. I never worked with C++ to become comfortable with the libraries, so I just steer clear of it. Java/Scala have worked well enough for anything that was intensive, and Python is just easier for everything else. It's a rare problem in my world where developer efficiency isn't a primary goal, and that hardware can't be used to solve the rest of the need for speed (assuming a reasonably efficient implementation). I know there are many cases where that isn't true, they're just rare in my work.
While I'm sympathetic to your overall point, I can't help but wonder about your example. I used python to create a 500 M record test dataset this past week, and we were in in the range of 20 minutes, not 220 hours. You can write bad code in scripting languages as well.
So true. I had to defend a guy who worked for me some years ago on this type of shit. We had a first go round where this gal who was a contractor to us (friend of the VP of Marketing) filed a complaint because the guy had a lewd password. He did have a poor choice of passwords (EatMe69). The gal figured out what his password was by watching his fingers as he typed it . He was typing it on her machine beause he was trying to get her connected to our network on her machine, and was connecting to his account for a test. A bunch of asterisks on the screen were sufficient for her to feel harrassed. And our evil bitch HR VP bought into it. She wanted a Harrassment case to set an example, and my guy was a convenient target.
After I spent a week reviewing the facts with everyone up to and including the CEO, I got that complaint dismissed and gave him instructions that if he ever came into contact with her again, and anything went sideways, to come find me. So in a few days, he did just that, and she filed another complaint for him "making her feel uncomfortable for not talking to her" as she was ranting at him in front of witnesses.
Against the wishes of our HR department, I pulled her behind closed doors, and explained to her that she was dealing with a geek, for whom she was one intimidating bitch, and that I had told him that if he didn't feel emotionally equipped for the discussion to come find me. I pointed out that she was borderline on the edge of harrassing the handicapped, and asked if we couldn't just talk a bit. She actually broke down and started crying, indicating to me that there were exterior issues contributing to her mindset. After our conversation, she backed off, and my guy kept his job.
but their ability to exert lock-in in the medium term is pretty weak
Which is related to their strength, for me. I use them precisely because of the short term availability. We ran a test job just today on their service to test the scalability of a routine. Bought 20 2 core machines for 4 hours for I think $64 or so. I'd have to have at least 4 big multi-core servers lying around idle to have that available for a test bed, best case about $12,000 for the bunch (I've priced them in the last month, this is the best choice I found. That's 4 separate servers in a single 2U chassis. I have several boxes from these guys, they are very solid, are 2/3 the price of Dell, and don't need a blade cabinet.)
I wouldn't use EC2 for long term use, but for short term, or speculative use, it's a pretty good deal. I've found them to be pretty stable and easy to use.
I don't much about electricity, but it seems like the power companies could support more standards for devices to connect? It's so inconvenient to have to use an ac/dc converter....
I don't think it makes much sense for MSFT to support a lot of different standards for Exchange connectivity. If they have standard, published APIs for the various types of platforms we use, which they appear to do, I think that's a pretty good place for us to be. Not so many years ago, the MSFT party line was pretty much, you can connect with us if and only if you use our software. Now, I can get to my company e-mail/calendar using my phone, my windows machines, my linux machines, and with a web browser running firefox or other non-MSFT browser. That's not too bad.
But what you want, and what is going to happen are two different things. IMO, the -only- robust thing you can do is teach your kids well, and keep communications lines open so that they can talk about what happens to them.
I'm also curious as to what other things you are worried about. I've been fairly exploratory, and I can't think of anything I've come across that I consider to be so horrible that I would lay up at nights worrying about it. What am I not thinking of? I have thought of warez sites, execution sites, pro-ana sites, hate groups, and religious cults. Please educate me if I'm being too naive.
On a side note, I am of the opinion that the risk associated with the internet and kids is overstated. The data is overwhelming that the vast majority of pedophilic encounters are via friends, family, teachers, and youth activities. Kids that are enticed via the internet are already at risk.
Preach it, brother. I have done the same with my kids. Further, we've had many conversations around the notion that the religious factions in the US have made talk of sex 'dirty' when it really is simply a natural, pleasurable act that unfortunately can also have some unfortunate side effects (STD, pregnancy, heartbreak). I've told them that I don't particularly think porn is anything that unusually evil, and I don't spend a single minute worrying about them finding some 'bad' place on the internet. As a result, we're able to be pretty open about it, they don't seem to be hung about it, and thus far, at 14 and 17, we've had no issues.
A couple of generations ago, people learned about sex by seeing it in the barnyard, or by hearing their parents across the room before we were all well enough off to have separate bedrooms. It's only in recent years that people have been able to pretend that sex doesn't happen.
Your math is good. I didn't make these numbers up.
What happened, I suspect, is that the underlying backlog numbers were re-estimated by the outsource team, based on their rate of progress. So this is in large part the effect of an experienced team familiar with the applications being replaced by an inexperienced team, combined with the additional process load of an external team working with an internal team. It was likely exacerbated by a remaining work force that was pissed off at the process, who had no motivation to make the outsourcers look good. As Gomer Pyle would have said, "Surprise, surprise, surprise."
That being said, will the person at microsoft who decided that the first or default account is an administrator please stand up. You need to be beaten.
Yeah, I agree. That would be as bad as, say, having the admin user be the first user you set up on a linux box, or giving it a UID of 1. Wait...
The protections won't get set by the sender - they're set by the user settings, or by what the mail program causes them to be set as it saves the file to disk. These are usually managed through the umask settings.
It's possibly to get a key logger to run on a *nix system, but getting the logger onto the system is quite a bit less convenient for the bad guy, IMO. That said, if a user who would hit 'OK' to any random UAC popup is running on Linux, there is probably a way to social engineer them into doing something similar on the linux box.
If some some one sells you a car with defective locks, aren't they somewhat liable?
Car door locks are pretty weak, easily bypassed in most cars with appropriate tools. In many not so old cars, all that is needed is a screwdriver. They also don't prevent the car from being stolen by being towed, or broken into by breaking the glass. All of these are recognized and dealt with as criminal acts, and are insured against as an inevitable occurrence in a world that has the occasional nasty person in it. We don't hold the car manufacturer liable for the existence of car thieves, why is Microsoft liable for the existence of bot-herders?
Microsoft has a continual stream of security updates, an easy to use automated update system, that it supplies for free to literally hundreds of millions of people. They create fixes, on their nickel, and proactively push those to the machine. You have to actively resist the updates (or not be connected to the network, in which case the point is moot) in order to not have them applied.
I realize Microsoft is easy to hate, but if there were any reasonable case for liability on Microsoft's part, don't you think some lawyer would have found a way to sue them already?
It only took our company 6 months to figure this out, and they ended up hiring back 400+ people that they had RIF'd. It took Accenture only that long to blow up a 4 month work backlog into a 2 year backlog.
Slashdot Mirror
Well, in a "sterile" security zone, one unapproved person can ruin everything. Even if you find him/her, they may have given an weapon to somebody else who was screened earlier and passed.
Oh, fuck, is there anyone who really believes that airport security prevents weapons from getting through? I personally have forgotten pocket knives in my carryon luggage twice in the past year, and neither time were they detected. The airports are nowhere close to being a sterile zone. Never have been, never will be.
As Steve McConnell noted a long time ago, one of the major reasons you supply free coffee and free pop is to keep your employees close to their desks. If people walk across the street to starbucks twice a day, or even to the cafeteria, , that's 30 minutes of productivity per day you lost. Assuming $70k a year for a developer, those walks across the street cost you $4300/year. It's a lot cheaper to buy a coffee machine.
The phrase "false economy" comes to mind.
I disagree. The special effects/CGI was relevant to the plot. The 3-D was icing on the cake, and I found it uncomfortable to watch. This may have been in part due to the poor seats we had (close and to the side). The plot itself of course was fairly mundane, but it was a fun movie.
Agreed. I found the 3-d distracting more than additive to the movie. It was neat, but not relevent to the plot.
Software engineering is a new discipline
How new is a discipline which can now claim that at least three biological generations of man have been involved in it? Consider Hoare and Turing, Kernighan and Ritchie, and the current class of students. Heck, there have been three generations involved simply since I first laid hands to keyboard in the 70's.
As a Greybeard myself, I have repeatedly run into these types of dismissals of the value of my experience and that of my aged peers. These dismissals usually come from the youngest in the room. While it's good to challenge assumptions, it's also good to consider the possibility that you may not have been the first to do so, and that many folks before you may have done so and come to the conclusion that the assumption is still valid. I think it's logically risky to conclude that everyone before you was a freaking idiot, and that you are now the first person to see the light.
And please, if you work on my team, comment the big pieces of code.
Her boss said, "keep it on, and deal with it."
We do our builds on a pool of linux machines, in a continuous build cycle, so that isn't really a problem.
In the case I noted, the gal turned the AV off specifically because she needed to move some files around, and was thinking it was taking too long. The real problem was the ancient hub that her machine was plugged into.
She is about 28, and is really cute, too...
The stated complaint was that she was having to copy a set of large files around, and it was taking too long. Since I spend a lot of my time copying many more and larger files in the same environment, I'm skeptical of the basis for her complaint. Our AV software isn't too onerous. Her team doesn't work -any- overtime, so I'm unsympathetic.
We maintain a development network and a QA network. The dev and QA teams have admin on the server machines in these networks. This is useful/necessary because we are constantly spinning up and tearing down virtual machines for various scenarios. Devs have local admin on their workstations. In general this has worked fine, except for one moron who used the privilege to turn off her virus scanning.
Production is subject to more structured control in theory, but in practice, I and another couple of guys have /sudo/root on the prod machines, because our corporate admins don't want to learn enough about the software to be useful. So much for PCI...
I'm pretty sure I'm not unique in having picked up such things at that age.
You're not unique, but you are unusual. I helped in my son's 5th grade class when they used NQC (not quite C) for programming lego style robots, and most of the kids struggled a bit, despite this being a class of brighter kids. One of the kids picked it up immediately, but he is certifiably genius material (5th grade at 8 years old). My son, who is just your average run of the mill 99th percentile student, was able to accomplish the robot tasks, but didn't really grok the larger 'program' thang.
On the larger topic, I think python is a pretty good choice for teaching kids. The NetBeans IDE will likely be a good choice when they get the python addons stable (don't know if they are yet, a few months ago they were rocky. If you're not scared of spending a little money, the Komodo IDE from activestate is a good IDE for Python/Perl.
I also think VB would be a good choice, again if you're not afraid of spending money, but anyone trying to teach a 12 year old programming is likely to be teaching them Linux soon as well, and VB won't be portable.
I'm talking totally impossible, acid trip inspired creatures and landscapes.
You're saying this like it's a bad thing.
Me, I'm looking forward to blowing a bowl and seeing it with the kids this weekend.
We have lasers, NOW, why on Earth would we still be using bullets in 140 years?
Because projectile weapons might still have the combat advantage due to the weight of the ammunition required. A laser weapon (or phaser, or blaster, etc) will require some source of power. Making a significant source of power small enough for a handheld weapon is non-trivial. Even a taser is bulky compared to a regular pistol.
To illustrate the import of this, the M-16 was chambered for the .223 (5.56mm NATO) over the .308 (7.62mm NATO) cartridge primarily because the light weight of the cartridge would allow troops to carry more rounds/shots of ammunition. This cartridge allows you to kill someone up to 400 yards away, yet weighs just a few grams. A laser would have to be pretty good to beat this.
Fair enough, and I agree with your prior statement, which was that C is not hard to learn. I'm old enough to have worked extensively in C because we didn't have the more modern alternatives. Even C++ was new, dinosaurs were still leaving tracks in the mud, and Kernighan was still dating.
I have not recently encountered many problems where I needed to take on C or C++ to create a sufficiently efficient solution. I have nothing against C, indeed I loved working in it back in the day. I never worked with C++ to become comfortable with the libraries, so I just steer clear of it. Java/Scala have worked well enough for anything that was intensive, and Python is just easier for everything else. It's a rare problem in my world where developer efficiency isn't a primary goal, and that hardware can't be used to solve the rest of the need for speed (assuming a reasonably efficient implementation). I know there are many cases where that isn't true, they're just rare in my work.
While I'm sympathetic to your overall point, I can't help but wonder about your example. I used python to create a 500 M record test dataset this past week, and we were in in the range of 20 minutes, not 220 hours. You can write bad code in scripting languages as well.
So true. I had to defend a guy who worked for me some years ago on this type of shit. We had a first go round where this gal who was a contractor to us (friend of the VP of Marketing) filed a complaint because the guy had a lewd password. He did have a poor choice of passwords (EatMe69). The gal figured out what his password was by watching his fingers as he typed it . He was typing it on her machine beause he was trying to get her connected to our network on her machine, and was connecting to his account for a test. A bunch of asterisks on the screen were sufficient for her to feel harrassed. And our evil bitch HR VP bought into it. She wanted a Harrassment case to set an example, and my guy was a convenient target.
After I spent a week reviewing the facts with everyone up to and including the CEO, I got that complaint dismissed and gave him instructions that if he ever came into contact with her again, and anything went sideways, to come find me. So in a few days, he did just that, and she filed another complaint for him "making her feel uncomfortable for not talking to her" as she was ranting at him in front of witnesses.
Against the wishes of our HR department, I pulled her behind closed doors, and explained to her that she was dealing with a geek, for whom she was one intimidating bitch, and that I had told him that if he didn't feel emotionally equipped for the discussion to come find me. I pointed out that she was borderline on the edge of harrassing the handicapped, and asked if we couldn't just talk a bit. She actually broke down and started crying, indicating to me that there were exterior issues contributing to her mindset. After our conversation, she backed off, and my guy kept his job.
but their ability to exert lock-in in the medium term is pretty weak
Which is related to their strength, for me. I use them precisely because of the short term availability. We ran a test job just today on their service to test the scalability of a routine. Bought 20 2 core machines for 4 hours for I think $64 or so. I'd have to have at least 4 big multi-core servers lying around idle to have that available for a test bed, best case about $12,000 for the bunch (I've priced them in the last month, this is the best choice I found. That's 4 separate servers in a single 2U chassis. I have several boxes from these guys, they are very solid, are 2/3 the price of Dell, and don't need a blade cabinet.)
I wouldn't use EC2 for long term use, but for short term, or speculative use, it's a pretty good deal. I've found them to be pretty stable and easy to use.
I don't much about electricity, but it seems like the power companies could support more standards for devices to connect? It's so inconvenient to have to use an ac/dc converter....
I don't think it makes much sense for MSFT to support a lot of different standards for Exchange connectivity. If they have standard, published APIs for the various types of platforms we use, which they appear to do, I think that's a pretty good place for us to be. Not so many years ago, the MSFT party line was pretty much, you can connect with us if and only if you use our software. Now, I can get to my company e-mail/calendar using my phone, my windows machines, my linux machines, and with a web browser running firefox or other non-MSFT browser. That's not too bad.
But what you want, and what is going to happen are two different things. IMO, the -only- robust thing you can do is teach your kids well, and keep communications lines open so that they can talk about what happens to them.
I'm also curious as to what other things you are worried about. I've been fairly exploratory, and I can't think of anything I've come across that I consider to be so horrible that I would lay up at nights worrying about it. What am I not thinking of? I have thought of warez sites, execution sites, pro-ana sites, hate groups, and religious cults. Please educate me if I'm being too naive.
On a side note, I am of the opinion that the risk associated with the internet and kids is overstated. The data is overwhelming that the vast majority of pedophilic encounters are via friends, family, teachers, and youth activities. Kids that are enticed via the internet are already at risk.
Well, duh, if you color the inside of the tinfoil black with magic marker, it defeats these. Moron.
Preach it, brother. I have done the same with my kids. Further, we've had many conversations around the notion that the religious factions in the US have made talk of sex 'dirty' when it really is simply a natural, pleasurable act that unfortunately can also have some unfortunate side effects (STD, pregnancy, heartbreak). I've told them that I don't particularly think porn is anything that unusually evil, and I don't spend a single minute worrying about them finding some 'bad' place on the internet. As a result, we're able to be pretty open about it, they don't seem to be hung about it, and thus far, at 14 and 17, we've had no issues.
A couple of generations ago, people learned about sex by seeing it in the barnyard, or by hearing their parents across the room before we were all well enough off to have separate bedrooms. It's only in recent years that people have been able to pretend that sex doesn't happen.
Your math is good. I didn't make these numbers up.
What happened, I suspect, is that the underlying backlog numbers were re-estimated by the outsource team, based on their rate of progress. So this is in large part the effect of an experienced team familiar with the applications being replaced by an inexperienced team, combined with the additional process load of an external team working with an internal team. It was likely exacerbated by a remaining work force that was pissed off at the process, who had no motivation to make the outsourcers look good. As Gomer Pyle would have said, "Surprise, surprise, surprise."
That being said, will the person at microsoft who decided that the first or default account is an administrator please stand up. You need to be beaten.
Yeah, I agree. That would be as bad as, say, having the admin user be the first user you set up on a linux box, or giving it a UID of 1. Wait...
The protections won't get set by the sender - they're set by the user settings, or by what the mail program causes them to be set as it saves the file to disk. These are usually managed through the umask settings.
It's possibly to get a key logger to run on a *nix system, but getting the logger onto the system is quite a bit less convenient for the bad guy, IMO. That said, if a user who would hit 'OK' to any random UAC popup is running on Linux, there is probably a way to social engineer them into doing something similar on the linux box.
If some some one sells you a car with defective locks, aren't they somewhat liable?
Car door locks are pretty weak, easily bypassed in most cars with appropriate tools. In many not so old cars, all that is needed is a screwdriver. They also don't prevent the car from being stolen by being towed, or broken into by breaking the glass. All of these are recognized and dealt with as criminal acts, and are insured against as an inevitable occurrence in a world that has the occasional nasty person in it. We don't hold the car manufacturer liable for the existence of car thieves, why is Microsoft liable for the existence of bot-herders?
Microsoft has a continual stream of security updates, an easy to use automated update system, that it supplies for free to literally hundreds of millions of people. They create fixes, on their nickel, and proactively push those to the machine. You have to actively resist the updates (or not be connected to the network, in which case the point is moot) in order to not have them applied.
I realize Microsoft is easy to hate, but if there were any reasonable case for liability on Microsoft's part, don't you think some lawyer would have found a way to sue them already?
It only took our company 6 months to figure this out, and they ended up hiring back 400+ people that they had RIF'd. It took Accenture only that long to blow up a 4 month work backlog into a 2 year backlog.