Uhhh... no? I think what you meant to say is that 100% of Microsoft's OS customers paid for Windows. Many (if not most) Windows users are not Microsoft customers.
What, if anything, do you use as an alternative? Hulu (Plus)? Torrents? Youtube? Slashdot? I don't use Netflix either, but it's more a matter of not having the time or attention span for movies than anything else.
You call that lazy and smart. The rest of the world calls that a terrible application (see also: java applets). It may work well enough, but it will by no means be good. You get what you pay for, including when 'payment' refers to your time.
OK, but I would imagine that he would be after the highest ticket items in the store - consoles of every flavor.
That just seems foolish to me, after thinking about it for five seconds. Sure, the consoles are going to bring the most value per item, so it makes sense at face value. It would also be harder to move stolen consoles without raising suspicion. It really makes sense to go for games and accessories. Nobody is going to question a bunch of new games being sold, especially this time of year ("I got them for Christmas but they didn't interest me"), and a small handful of games - five or so - is going to easily meet or exceed the value of a console, and you can stuff a hell of a lot more games in a bag than you can consoles.
Of course, if you're going to attempt a stunt pulled from any number of Jason Statham movies, then at least watch one of them and go for somewhere that has gold, cash, or jewelry.
The point of the exercise is to give them a weekend to tinker around, not get them running a blog. If that was the goal, they'd just sign up for a free account at wordpress.com. Although if all they get out of the task is knowing that typing "install [tool]" into their distro's package manager has at least a 50% chance of working for any random collection of software, they still come out ahead.
I suppose it depends on the person. I knew just enough about linux (specifically the CLI; GUIs are all similar enough) to get around, but I didn't really start to get to know well it until about a year ago. It wasn't a lack of interest by any means, just a lack of needing to do it. This is mostly a result of changing from a managed to an unmanaged server environment, and the resulting need to fiddle more with config files and various extensions that were specific to the application I develop. People tend to use what they know, and if the basic programming class they took in high school covered only Windows-based development, they'll probably have had no need to become familiar with Linux. That doesn't make them incapable, just inexperienced. It's not necessarily their fault that they've never had a need to get their hands dirty - after all, you can get a WAMP stack up and running in about three minutes and start working on building some sort of web app without ever having seen a command line. Not terribly practical for the real world, but that's kind of the point of being a student.
Learning from experience out of need is very practical for this kind of thing. Assign some arbitrary task designed to teach this kind of thing. Spin up a "clean" VM for every student in the class on RackCloud or wherever, give them an SSH login, and let them know they have three days to have a working Wordpress install online; bonus points if they're doing it with something other than Apache. It's not terribly in depth, but it should teach how to move around the filesystem, use package mangers, install and configure some sort of LAMP-like stack, some basic CLI text editor use, etc. More importantly, those who succeed will actually have a decent understanding of how to google for the right information, since that's half of the 21st-century learning process.
I'm pretty sure that having two mosquito-transmitted diseases is, in fact, worse than our current situation of having one. Unless your goal happens to be fixing overpopulation, in which case it's perfect.
Of course they wouldn't - that's higher than even PayPal's pricing, and way higher than standard merchant processing rates (I think they start around 2.5%+30c and go down with volume and negotiation; I haven't seen our pricing recently but it's certainly less than that). With Amazon's volume, it's probably something like 1.6%+15c, almost zero on stuff purchased on Amazon's own Visa cards, and a fairly low flat fee on certain cards if they're able to process them as pinless debit.
No, it's definitely a California sales tax thing. Buy any subsidized cell phone, and pay (the absurdly high rate) tax on the MSRP. I suspect this works differently for subsidized pricing rather than straight discounts, since you only get the subsidized price if you sign the contract and otherwise get the privilege of paying full MSRP./got screwed this way on a cell phone upgrade/wishes he was back in tax-free New Hampshire
Last time I jailbroke my iPhone, I had full root access. I don't have enough time to perform the required tinkering, but that should grant me the ability to do Whatever The Fuck I Want. It doesn't magically turn it into open source so it may not be _easy_ to achieve whatever goals I may have, but it's certainly possible.
Of course it was probably two years ago since I jailbroke, so it's possible things have changed in that time.
Sorry, but no. While in theory it's a valid point, it would still be Google's decision as to whether a handset should receive an upgrade. Nothing in Google's contracts with the carriers or the manufacturers would prevent Google from holding back an upgrade. It merely changes the dynamic from "Sorry, we want you to buy new hardware, so we're going to prevent you from getting the software that you want because the new hardware has it" to "Uh, you know your five-year-old hardware can't run that, right? I mean, if you really want to... but consider yourself warned". Granted, it would be a logistical nightmare for Google unless they get really good at coming up with reasonable and accurate system requirements. There's no reason they couldn't say "If your device meets the system requirements, you must make it available within 30 days of release to owners of that device. Should you discover a reason that causes you to deem the update unsuitable for the device, you have 15 days to inform Google at which point they must address the issue or grant an exception for this release".
That said, I think your second point is absolutely right. So long as at least one manufacturer isn't going to be a dick, it offers consumers at least some degree of choice. If that's what people want, the others should catch on in time. It's not quite as bad as the "pick your poison" option we have with the actual carriers.
I'm not at all bothered by my long hours (I'm at the office a bare minimum of 60 hours a week, often 80+; I probably spend another third of my not-at-work waking hours thinking about work).
However, this only works because: a) I have stock. A lot (first employee, plus I worked for pure stock until we got funded) - more than some of our investors. With many startups, this doesn't really mean a lot because many fizzle or don't exit for enough for anyone with 10% of the company to walk away with anything substantial. I don't expect that to be the case with mine. b) I really enjoy the work. I'm always doing something fresh and interesting, although it's generally contained to a specific area (but I also have the freedom to change things up completely if I need a break) c) It's a very pleasant and relaxed work environment. I'll come in at a reasonable hour, throw on my headphones, and hide behind my 30" monitor while posting to Slashdot. Yet the time I spend doing real work (both hours and percentage) is far higher than anywhere else I've worked. d) My immediate family and most other personal obligations are on the other side of the country. This has its downsides (holiday travel, anyone?) but overall is a net positive. e) I'm young, single, and generally don't enjoy partying. Typical introverted programmer, in short. f) I don't spend all day doing actual programming, nor is that the expectation. It's simply not possible to maintain that level of concentration all day for extended periods without your brain turning to mush*.
But without all of the above being true, it almost certainly wouldn't work out. Not everyone at the office is here nearly as much as I am, and we're OK with that.
If you want to get that kind of commitment from developers, you need a really rewarding and supportive workplace. We have lunch catered daily, and I can expense dinner if we don't order that as well. Whatever snacks and drinks people want. Flexible schedule. My salary is nothing special, but the options make up for it (but for that to work, you need either a really promising startup or really foolish employees; the former is true but I'm also at a point in my life where taking the risk has very few downsides).
So to answer the original question: no. Profitability means almost nothing to employees unless a) they have stock or b) you're on the verge of bankruptcy (in which case any employee worth keeping is looking elsewhere). Unless it's just a month off and everyone's promised a bonus upon hitting that milestone, you're asking employees to give you something for nothing.
* In our very early days, I was probably doing 90-100 hour weeks for about three months straight. It was absurdly productive, but the ensuing burnout basically left me incapable of doing any sort of real work for probably a solid month, if not more. And it wasn't boring, repetitive work either - it was creating version 1 from nothing at all.
Or just email the magic SMS emails. phonenumber@vtext.com and things of that nature. (See 'List of SMS Gateways' on Wikipedia, slashdot has somehow prevented me from pasting the url into the damn box)
You probably wouldn't do it directly, but as soon as you do any math on the value it will get cast to a float (or int, depending on the values). I'd bet a lot of database abstraction layers will do just such a thing, among plenty of other tools.
Get a real host. Or for an extra dollar a month or so, use any one of a great number of cloud offerings and have complete control over your installation. That same host that doesn't have multibyte support also probably has safe_mode turned on, which will cause far more problems than a bad result from strlen.
Fraud detection doesn't need microsecond timing. Fraud detection is based on good data, not "fast data"
Sorry, but that's just wrong. Fraud analysis on credit transactions needs to be performed extremely quickly (and payment sites that process ACH need to do that quickly as well) in order for the networks to be usable. So while it requires good data, it also needs fast data - and a lot of it. At a minimum, it often looks at the user's complete payment history, the history on that credit card (did the user suddenly change? if so, the card number was probably stolen) not specific to the user, the activity at that IP address and other IPs that user has logged in from (which may include many other users and/or cards), etc. There's a lot of work to be done in less than a second or two.
I don't care how big your CUDA cluster is it'll still take eons to brute force a SHA256 of a decent password.
And this is different from bcrypt how, exactly? All of these systems are preventative measures to take such that if your password storage is to leak, it will be impractical to retrieve those passwords. So plaintext is obviously worthless. Typical encryption (two-way) is lousy since as soon as the attacker compromises the key, everything else is lost (and if the attacker has an account on the site, that probably won't be exceedingly difficult, all things considered). SHA1 and MD5 are better than nothing, especially when salted, but I can run about a million attempts per second on my laptop on either of those hashes. SHA256 is better, but it's only marginally slower to build rainbow tables. bcrypt allows me to specify the cost per run, and you can make it damned expensive. Pick a cost between 4 and 31 - 4 is three orders of magnitude slower than SHA1 (on my machine), a cost of 10 is 5OOM. 14 took over a second per pass. I stopped my testing at 22 when it took over five *minutes* to get the output from a very short password (6 lowercase letters, I think) and it doubles with each increase.
Suffice to say, it will take quite a while to bruteforce that.
It depends hugely on your driving patterns. My father has a long commute (50+ miles each way) that's almost entirely highway driving and conceivably a single stop, so he'd get almost nothing out of this. On the other hand, I have a very short (3 miles, less if I skip coffee) commute through mostly residential areas so I could easily stop ten times in that short space. I consistently get at least the claimed 37MPG on the highway, but my commute is so stop-and-go that I get about 26MPG during the week instead of the claimed 32 city (which I tend to get on the weekends during more typical city driving). As it is, I still only have to fill up once every 4-6 weeks and have a small tank so it's not much of a problem. Still, it's a bit of a shame that I don't have the English version of my car, which has this feature already.
If that were the case, banks would never clear inter-bank payments over $500 or so until the entire window where the payment can be charged back has elapsed. That means all your large funds transfers take three to six months to clear (bad) or the window in which you can dispute a payment shrinks (bad). By overhauling our arcane and dilapidated ACH system to work more like how our credit networks function - specifically with regard to real-time authorizations - we can eliminate a lot of the big problems without creating a whole new set. Scammers would need access to a bank account with enough funds to cover the amount of money their scam involves and also allows debiting funds into arbitrary accounts. This gets rather fiddly when you're talking about international transfers, but if I'm going to dream about improvements to the ACH network I might as well go all the way with it.
Slashdot Mirror
Uhhh... no? I think what you meant to say is that 100% of Microsoft's OS customers paid for Windows. Many (if not most) Windows users are not Microsoft customers.
That worked great before Google existed. /queue DMCA takedown notice
What, if anything, do you use as an alternative? Hulu (Plus)? Torrents? Youtube? Slashdot? I don't use Netflix either, but it's more a matter of not having the time or attention span for movies than anything else.
You call that lazy and smart. The rest of the world calls that a terrible application (see also: java applets). It may work well enough, but it will by no means be good. You get what you pay for, including when 'payment' refers to your time.
OK, but I would imagine that he would be after the highest ticket items in the store - consoles of every flavor.
That just seems foolish to me, after thinking about it for five seconds. Sure, the consoles are going to bring the most value per item, so it makes sense at face value. It would also be harder to move stolen consoles without raising suspicion. It really makes sense to go for games and accessories. Nobody is going to question a bunch of new games being sold, especially this time of year ("I got them for Christmas but they didn't interest me"), and a small handful of games - five or so - is going to easily meet or exceed the value of a console, and you can stuff a hell of a lot more games in a bag than you can consoles.
Of course, if you're going to attempt a stunt pulled from any number of Jason Statham movies, then at least watch one of them and go for somewhere that has gold, cash, or jewelry.
The point of the exercise is to give them a weekend to tinker around, not get them running a blog. If that was the goal, they'd just sign up for a free account at wordpress.com. Although if all they get out of the task is knowing that typing "install [tool]" into their distro's package manager has at least a 50% chance of working for any random collection of software, they still come out ahead.
I suppose it depends on the person. I knew just enough about linux (specifically the CLI; GUIs are all similar enough) to get around, but I didn't really start to get to know well it until about a year ago. It wasn't a lack of interest by any means, just a lack of needing to do it. This is mostly a result of changing from a managed to an unmanaged server environment, and the resulting need to fiddle more with config files and various extensions that were specific to the application I develop. People tend to use what they know, and if the basic programming class they took in high school covered only Windows-based development, they'll probably have had no need to become familiar with Linux. That doesn't make them incapable, just inexperienced. It's not necessarily their fault that they've never had a need to get their hands dirty - after all, you can get a WAMP stack up and running in about three minutes and start working on building some sort of web app without ever having seen a command line. Not terribly practical for the real world, but that's kind of the point of being a student.
Learning from experience out of need is very practical for this kind of thing. Assign some arbitrary task designed to teach this kind of thing. Spin up a "clean" VM for every student in the class on RackCloud or wherever, give them an SSH login, and let them know they have three days to have a working Wordpress install online; bonus points if they're doing it with something other than Apache. It's not terribly in depth, but it should teach how to move around the filesystem, use package mangers, install and configure some sort of LAMP-like stack, some basic CLI text editor use, etc. More importantly, those who succeed will actually have a decent understanding of how to google for the right information, since that's half of the 21st-century learning process.
I'm pretty sure that having two mosquito-transmitted diseases is, in fact, worse than our current situation of having one. Unless your goal happens to be fixing overpopulation, in which case it's perfect.
Of course they wouldn't - that's higher than even PayPal's pricing, and way higher than standard merchant processing rates (I think they start around 2.5%+30c and go down with volume and negotiation; I haven't seen our pricing recently but it's certainly less than that). With Amazon's volume, it's probably something like 1.6%+15c, almost zero on stuff purchased on Amazon's own Visa cards, and a fairly low flat fee on certain cards if they're able to process them as pinless debit.
[citation needed]
No, it's definitely a California sales tax thing. Buy any subsidized cell phone, and pay (the absurdly high rate) tax on the MSRP. I suspect this works differently for subsidized pricing rather than straight discounts, since you only get the subsidized price if you sign the contract and otherwise get the privilege of paying full MSRP. /got screwed this way on a cell phone upgrade /wishes he was back in tax-free New Hampshire
Last time I jailbroke my iPhone, I had full root access. I don't have enough time to perform the required tinkering, but that should grant me the ability to do Whatever The Fuck I Want. It doesn't magically turn it into open source so it may not be _easy_ to achieve whatever goals I may have, but it's certainly possible.
Of course it was probably two years ago since I jailbroke, so it's possible things have changed in that time.
Sorry, but no. While in theory it's a valid point, it would still be Google's decision as to whether a handset should receive an upgrade. Nothing in Google's contracts with the carriers or the manufacturers would prevent Google from holding back an upgrade. It merely changes the dynamic from "Sorry, we want you to buy new hardware, so we're going to prevent you from getting the software that you want because the new hardware has it" to "Uh, you know your five-year-old hardware can't run that, right? I mean, if you really want to... but consider yourself warned". Granted, it would be a logistical nightmare for Google unless they get really good at coming up with reasonable and accurate system requirements. There's no reason they couldn't say "If your device meets the system requirements, you must make it available within 30 days of release to owners of that device. Should you discover a reason that causes you to deem the update unsuitable for the device, you have 15 days to inform Google at which point they must address the issue or grant an exception for this release".
That said, I think your second point is absolutely right. So long as at least one manufacturer isn't going to be a dick, it offers consumers at least some degree of choice. If that's what people want, the others should catch on in time. It's not quite as bad as the "pick your poison" option we have with the actual carriers.
Tests. Write some.
I'm not at all bothered by my long hours (I'm at the office a bare minimum of 60 hours a week, often 80+; I probably spend another third of my not-at-work waking hours thinking about work).
However, this only works because:
a) I have stock. A lot (first employee, plus I worked for pure stock until we got funded) - more than some of our investors. With many startups, this doesn't really mean a lot because many fizzle or don't exit for enough for anyone with 10% of the company to walk away with anything substantial. I don't expect that to be the case with mine.
b) I really enjoy the work. I'm always doing something fresh and interesting, although it's generally contained to a specific area (but I also have the freedom to change things up completely if I need a break)
c) It's a very pleasant and relaxed work environment. I'll come in at a reasonable hour, throw on my headphones, and hide behind my 30" monitor while posting to Slashdot. Yet the time I spend doing real work (both hours and percentage) is far higher than anywhere else I've worked.
d) My immediate family and most other personal obligations are on the other side of the country. This has its downsides (holiday travel, anyone?) but overall is a net positive.
e) I'm young, single, and generally don't enjoy partying. Typical introverted programmer, in short.
f) I don't spend all day doing actual programming, nor is that the expectation. It's simply not possible to maintain that level of concentration all day for extended periods without your brain turning to mush*.
But without all of the above being true, it almost certainly wouldn't work out. Not everyone at the office is here nearly as much as I am, and we're OK with that.
If you want to get that kind of commitment from developers, you need a really rewarding and supportive workplace. We have lunch catered daily, and I can expense dinner if we don't order that as well. Whatever snacks and drinks people want. Flexible schedule. My salary is nothing special, but the options make up for it (but for that to work, you need either a really promising startup or really foolish employees; the former is true but I'm also at a point in my life where taking the risk has very few downsides).
So to answer the original question: no. Profitability means almost nothing to employees unless a) they have stock or b) you're on the verge of bankruptcy (in which case any employee worth keeping is looking elsewhere). Unless it's just a month off and everyone's promised a bonus upon hitting that milestone, you're asking employees to give you something for nothing.
* In our very early days, I was probably doing 90-100 hour weeks for about three months straight. It was absurdly productive, but the ensuing burnout basically left me incapable of doing any sort of real work for probably a solid month, if not more. And it wasn't boring, repetitive work either - it was creating version 1 from nothing at all.
Or just email the magic SMS emails. phonenumber@vtext.com and things of that nature. (See 'List of SMS Gateways' on Wikipedia, slashdot has somehow prevented me from pasting the url into the damn box)
You probably wouldn't do it directly, but as soon as you do any math on the value it will get cast to a float (or int, depending on the values). I'd bet a lot of database abstraction layers will do just such a thing, among plenty of other tools.
$ php -a
Interactive shell
php > var_dump('1.1');
string(3) "1.1"
php > var_dump('1.1' + 0);
float(1.1)
Get a real host. Or for an extra dollar a month or so, use any one of a great number of cloud offerings and have complete control over your installation. That same host that doesn't have multibyte support also probably has safe_mode turned on, which will cause far more problems than a bad result from strlen.
Just like any language or tool that's easy to learn. See also: Ruby on Rails.
Fraud detection doesn't need microsecond timing. Fraud detection is based on good data, not "fast data"
Sorry, but that's just wrong. Fraud analysis on credit transactions needs to be performed extremely quickly (and payment sites that process ACH need to do that quickly as well) in order for the networks to be usable. So while it requires good data, it also needs fast data - and a lot of it. At a minimum, it often looks at the user's complete payment history, the history on that credit card (did the user suddenly change? if so, the card number was probably stolen) not specific to the user, the activity at that IP address and other IPs that user has logged in from (which may include many other users and/or cards), etc. There's a lot of work to be done in less than a second or two.
I don't care how big your CUDA cluster is it'll still take eons to brute force a SHA256 of a decent password.
And this is different from bcrypt how, exactly? All of these systems are preventative measures to take such that if your password storage is to leak, it will be impractical to retrieve those passwords. So plaintext is obviously worthless. Typical encryption (two-way) is lousy since as soon as the attacker compromises the key, everything else is lost (and if the attacker has an account on the site, that probably won't be exceedingly difficult, all things considered). SHA1 and MD5 are better than nothing, especially when salted, but I can run about a million attempts per second on my laptop on either of those hashes. SHA256 is better, but it's only marginally slower to build rainbow tables. bcrypt allows me to specify the cost per run, and you can make it damned expensive. Pick a cost between 4 and 31 - 4 is three orders of magnitude slower than SHA1 (on my machine), a cost of 10 is 5OOM. 14 took over a second per pass. I stopped my testing at 22 when it took over five *minutes* to get the output from a very short password (6 lowercase letters, I think) and it doubles with each increase.
Suffice to say, it will take quite a while to bruteforce that.
It depends hugely on your driving patterns. My father has a long commute (50+ miles each way) that's almost entirely highway driving and conceivably a single stop, so he'd get almost nothing out of this. On the other hand, I have a very short (3 miles, less if I skip coffee) commute through mostly residential areas so I could easily stop ten times in that short space. I consistently get at least the claimed 37MPG on the highway, but my commute is so stop-and-go that I get about 26MPG during the week instead of the claimed 32 city (which I tend to get on the weekends during more typical city driving). As it is, I still only have to fill up once every 4-6 weeks and have a small tank so it's not much of a problem. Still, it's a bit of a shame that I don't have the English version of my car, which has this feature already.
For future reference, posting as AC is quite pointless when it's so easy to perform a whois lookup, Brett.
But props for *actually* buying the domain. Usually when I involve money in a Slashdot comment, it's from posting an affiliate link or something.
If that were the case, banks would never clear inter-bank payments over $500 or so until the entire window where the payment can be charged back has elapsed. That means all your large funds transfers take three to six months to clear (bad) or the window in which you can dispute a payment shrinks (bad). By overhauling our arcane and dilapidated ACH system to work more like how our credit networks function - specifically with regard to real-time authorizations - we can eliminate a lot of the big problems without creating a whole new set. Scammers would need access to a bank account with enough funds to cover the amount of money their scam involves and also allows debiting funds into arbitrary accounts. This gets rather fiddly when you're talking about international transfers, but if I'm going to dream about improvements to the ACH network I might as well go all the way with it.
grep and some crazy perl scripts?