Hey, folks, calm down. This is a memo from a couple of developers with their hair on fire, writing a purposefully inflammatory internal memo to get attention.
(Which they have done. I wouldn't be surprised if they're having a rather painful meeting when word gets back in Sun that this got published externally.)
I used to be a Sun Java Architect and I worked on both internal and external projects on both Solaris and Windows. I posted a lot of bug reports myself, and got some of those "will not fix" replies.
What these guys are primarily complaining about is not that Java isn't good for some things, but that Sun developers have a perpetual problem that they're almost always the cobbler's children that go barefoot. As someone else mentioned, the Windows implementation of Java seems to get priority for most things -- although, as I recall, the advanced Hot Spot optimizer was available for Solaris first (makes sense, the x86 instruction set architecture is such a pig.)
But there is a second thing going on here that you might not undderstand, which is that ever since Scott began to push Java, the old C/C++ programmers have been scrounging for reasons to us C instead of Java. Sometimes tht's appropriate, but a lot more often the difficulties are the result of someone trying to write C in Java.
In fact, this memo describes several problems that are clearly just such problems: for example, the notion that a Java-based shell should fork a new JVM for each command line execution. This is the natural way to handle the problem in C; fork()/exec() was invented for this. But it isn't the appropriate idiom in Java for exactly the reason they describe -- it means starting a whole new JVM, which is expensive. (The appropriate idiom, by the way, is class-load by name and invoke a method.) As I understand it the 1.5 JVM will have a extension that will make it easy to create virtual address spaces within the JVM for running sub-programs, which is probably a response to the issue.
The most important thing the memo is pointing out really is a problem: the freakin' language and evironment changes every time some propellor-head gets a slick idea. I posted a couple of days ago complaining about just this in the case of the for(String s: c) idiom and a couple of other such things in 1.5. This, and the way things break between Solaris and Windows, and among minor version changes, really is a problem that makes developing large-scale, multi-version applications in Java difficult.
It's someone or others' law that all programming languages eventually grow too many features to remember. (Hell, it might even be my law.)
So, let's see --
we're getting:
templates from C++;
a new style of emun that does everything the Pascal enum does with a syntax that looks like a C enum except that it can have methods, AND MORE;
a whole new foreach syntax that has the stellar advantage that the syntax doesn't resemble anything on God's green earth except Smalltalk, which is a pure prefix language like Lisp instead of an algol block language like C, C++, Java, C-hash, pascal or Ada (where the other features come from);
generics using the template model from C++, which was a horrible hack on top of C++ because it was hard to make a backward compatible syntax (so instead we got ANOTHER class of macro to add to the #define) when C++ was a horrible hack on top of C so that at least C++ could compile C programs (except now it can't);
a grammar that is going to be about LL(497) (doesn't anyone remember how ugly parsing C++ got to do templates, and how long it was before it worked?);
and a whole wonderful new term ("autoboxing") for the notion that primitive types and class types ought to both have all the properties of types.
I know I'm probably just getting old, but Jesus!, why do we need to repeat all the mistakes of the past?
... in this business you'll eventually hear everything twice (or more). If you look back to (eg) Parnas, et al, and the A-7 project, you'll discover that back in the late 70's and early 80's a key notion was that both the OS and the language were part of the "hardware hiding" layer.
On the IBM System/3 in the later 60's and early 70's, the RPG/II compiler generted a binary that was booted onto bare iron to run. (If you were really down-scale, like I was, the compiler was a bootable 4-foot deck of punch cards and the result was a freshly punched deck of cards that was itself bootable.) This included the code for both the "program" -- the business logic -- and the "operating system" that allowed the program to control card reader, printer, and disk drive.
On the IBM 1401, people had decks of program cards that did specialized things, like control the printer; you added them to your program. I'm sure Goldstein and von Neumann had something similar.
What I wonder sometimes, though, is whether this repetition of the same old idea, generation by generation, proves that "computer science" is essentially a dead topic?
Ask Ginny Heinlein -- a super-proficient woman who (at least once upon a time) dressed provocatively and appears to have agreed with his beliefs to a very large degree.
As someone said above, the formal standards (IEEE, DoD2167a, etc) are way too heavyweight and complex for your environment. There are many many books on methodologies, but for small projects (say < 10 people for 1 year) you will want something very lightweight. One thing that's fashionable right now, and actually works, is "Extreme Programming". See http://www.extremeprogramming.org for a starting point.
It's not that sites like Dice aren't honest: it's that they're vulnerable to being gamed. The "same old job postings" you mention are being reposted nightly by a bot, so they show up as new postings. I looked at a few some months ago and discovered that they even change by a few unimportant characters, which thwarts simple-minded attempts to catch this.
It's the "secure" distributed part that's important.
The internet as it stands has highly robust routing -- if you drop a bomb on Cleveland it won't prevent routing to Akron. But (as someone already pointed out) the hierarchical DNS name protocol has it's problems, because there is effectively a small number of "masters" and those masters become a point of vulnerability.
The internet itself (IP4) doesn't provide some other useful things, though, like:
Authenticated paths
Protection against interposer ("man in the middle") attacks.
Reliable distributed naming.
They mention one other point in the article, which is that they hope to build a reliable distributed storage scheme. So once you put a file or object into the distributed store, it isn't local to one place -- kind of like an internet RAID system.
The RIAA is gonna plotz, though: this makes it just that much harder to track down and eliminate all the copies....
First off, your diabetic, sicky, infected, catheterized patient was pretty much on death's door anyway (and the staph my have been a blessing -- diabetics in that kind of condition often die, literally, by inches as the doctors cut gangrenous chunks off.)
Second, there's more than one way to skin a cat, or a bacterium. "Augmentin", for example, is a common antibiotic that many bugs are immune to, augmented with an enzyme that blocks the mechanism that make the bacteria immune.
It's also worth remembering that we survived for hundreds of thousands of years without antibiotics, anyway.
\Flout\, v. t. [imp. & p. p. Flouted; p. pr. & vb. n. Flouting.] [OD. fluyten to play the flute, to jeer, D. fluiten, fr. fluit, fr. French. See Flute.] To mock or insult; to treat with contempt.
Two reasons: it's amazingly cheap per item -- direct mail costs up to $5 per item, "carrier-route" main in the neighborhood of 50 cents an item, spam approaches free; and the spam-mailing companies lie about the effectiveness to unsophisticated users -- obviously unsophisticated, since sophisticated users know that spammers are a plague, anathema, and a hissing throughout the land.
Right. And basic commodities will run out by 1990. And the US will suffer millions of deaths from famine in the '80s. And single-family housing will be illegal by 1990.
Don't bet any money on these predictions.
Re:If you don't want it known, don't do it in publ
on
Surveillance Update
·
· Score: 1
If you have expectations of being left alone in public, you're a fool.
Give it a moment's thought: in public. In other words, if you're doing something out where anyone could see you, the Feebies are allowed to see you.
As I said, there's plenty to get exercised about, including the more "liberal" rules on wiretapping and monitoring. Don't waste effort on this stuff.
If you don't want it known, don't do it in public.
on
Surveillance Update
·
· Score: 1
Look, morons, all this does (as the Cato folks have rightly pointed out) is allow the Feebies to look in otherwise public places, like mosques etc.
If you don't want then to see what you're doing, don't do it in public.
And if you're going to get all exercised about something, do it about the PATRIOT Act things the Feebies can get at that that aren't public.
My theory is that the original poster is actually a government agent trying to get people caught up in this conspiracy theory, so that they don't have time to follow the real problems.
... and such a shame that it's nonsense. No question Spiderman is doing great boxoffice... but Episode II is beating it this weekend with only about 85 percent as many theaters. Or, to put in another way, Episode II is making more than $25000 per theater, which is about doubleSpiderman's $12,000.
(Check out Daily Variety http://www.variety.com/index.asp?layout=b_o_weeken d&dept=Film
for details.)
The difficulty with this argument is that security isn't a feature you can assign one small group to build in; you need to consider the issues from the time you start specifying the system, all the way through to making sure you have appropriate audit features available, and making sure they are used appropriately in operation. Code reviews won't do it -- although, God knows, Microsoft could do with better code reviewing too.
Microsoft's real security problems are deeper than that. ActiveX components are inherently treated as trusted code: once you agree to let them load at all, they own you. The Visual BASIC extension language gives pretty nearly any script the possibility of taking control of all your applications, which leads to the continuing plague of "Snow Whites" that show up in my email. (Thankfully, EMACS GNUS and LINUX laughs at them.) And all of these are not just coding errors -- they are intrinsic to the architecture of Windows and Microsoft applications.
The notion that Microsoft has actually reviewed all 38 million lines of XP -- not to mention IIS, Outlook, etc -- for problems like exploitable buffer-overflow defects is merely laughable. But the notion that there is some way to make ActiveX and the various kinds of visual Basic hooks into all of Microsoft's applications actually secure is one that the FTC ought to investigate as "false and misleading advertising".
This is one of those things that shows up regularly -- and aw, Bullwinkle, that trick never works!
First off, it's eaasy to show that this isn't as strong as a "one time pad" unless the "set of equations" is at least as large as the data set to be encrypted. (This follows through Chaitin complexity theory and if you're not careful I'll write the proof.) But then, this just reduces to a one-time pad, so it doesn't add anything.
But it's worse than that: whatever this "set of equations" is, its effectively a pseudorandom number generator. There do exist cryptographically strong random number generators, but they are just as difficult to compute as a standard strong encryption, so this scheme reduces under this condition to being a standard encryption with a slightly modified key exchange process. (They're exchanging a whole equation, rather than just the key parts.) So it's neither more efficient in encryption speed, nor more effective in terms of difficulty to break, than the equivalent encryption scheme.
But wait! There's more! If the PRNG is not cryptographically strong, then the encryption won't be very strong either, as there are well-known ways of decrypting a ciphertext encrypted using weak PRNGs. (There is a very close relationship between a PNRG and an encryption algorithm that guarantees this will work.)
So, it clearly belongs in Schneier's "snake oil" section.
Actually, nothing has changed except someone at the LA Times decided to get overheated about it. One of those things that people forget (repeatedly) is that there's this whole great big five-sided building in the DC area full of people asking "what if this happens?" and working out the answers. Undoubtedly, there are also plans for using nuclear weapons against Israel and even France, if you just check the right file drawer.
My new boss stood up, said basically, and firmly, 'We are not letting him go, he stays. if you have a problem with what my department does, bring it up with me. It's not up to you to hire/fire my staff. That's why you hired me as the Director of IT'. This was in front of the CEO, etc.
What you've got there is a real manager.
I hope you followed him to the next job when the VP fired him (he said cynically.)
Its funny how the only posters who seem to believe him (with a couple exceptions) are themselves under 20.
I'm one of those exceptions -- I'm nearing 47. I started working professionally in computers on 1 November 1969.
Certainly it'd be worth questioning -- just like someone who claims a PhD at 23 -- but to simply assume one couldn't start at 14 is ignorance and bias, pure and simple.
I know of no business that would trust thier [sic]computer network to a 14 year old, no matter how good he was.
Ignorance isn't evidence. I was trusted with a $5 million/year company's accounting computer, and this was (a) when I was 14, (b) way back when "accounting computer" meant $100K worth of hardware in a special fishbowl room, and (c) when both $5 million and $100K were serious money.
I wouldn't blame him if he did take it a little personally, because this is an example of exactly the kind of ignorant bias he's fighting.
That's not necessarily true. I started doing real live professional paid-for computer work (operating and programming) at 14. Built real applications, eg Payroll, ran production jobs, etc. It happened that I had an in on this (in 1969) because it was my family business, but I'm certainly not alone in having done this kind of work at 14.
If you are doing production work, and you're getting paid to do it (or the equivalent) it's professional experience, no matter how old you are.
Slashdot Mirror
Looks real to me, and I worked for Sun.
Hey, folks, calm down. This is a memo from a couple of developers with their hair on fire, writing a purposefully inflammatory internal memo to get attention.
(Which they have done. I wouldn't be surprised if they're having a rather painful meeting when word gets back in Sun that this got published externally.)
I used to be a Sun Java Architect and I worked on both internal and external projects on both Solaris and Windows. I posted a lot of bug reports myself, and got some of those "will not fix" replies.
What these guys are primarily complaining about is not that Java isn't good for some things, but that Sun developers have a perpetual problem that they're almost always the cobbler's children that go barefoot. As someone else mentioned, the Windows implementation of Java seems to get priority for most things -- although, as I recall, the advanced Hot Spot optimizer was available for Solaris first (makes sense, the x86 instruction set architecture is such a pig.)
But there is a second thing going on here that you might not undderstand, which is that ever since Scott began to push Java, the old C/C++ programmers have been scrounging for reasons to us C instead of Java. Sometimes tht's appropriate, but a lot more often the difficulties are the result of someone trying to write C in Java.
In fact, this memo describes several problems that are clearly just such problems: for example, the notion that a Java-based shell should fork a new JVM for each command line execution. This is the natural way to handle the problem in C; fork()/exec() was invented for this. But it isn't the appropriate idiom in Java for exactly the reason they describe -- it means starting a whole new JVM, which is expensive. (The appropriate idiom, by the way, is class-load by name and invoke a method.) As I understand it the 1.5 JVM will have a extension that will make it easy to create virtual address spaces within the JVM for running sub-programs, which is probably a response to the issue.
The most important thing the memo is pointing out really is a problem: the freakin' language and evironment changes every time some propellor-head gets a slick idea. I posted a couple of days ago complaining about just this in the case of the for(String s: c) idiom and a couple of other such things in 1.5. This, and the way things break between Solaris and Windows, and among minor version changes, really is a problem that makes developing large-scale, multi-version applications in Java difficult.
- templates from C++;
- a new style of emun that does everything the Pascal enum does with a syntax that looks like a C enum except that it can have methods, AND MORE;
- a whole new foreach syntax that has the stellar advantage that the syntax doesn't resemble anything on God's green earth except Smalltalk, which is a pure prefix language like Lisp instead of an algol block language like C, C++, Java, C-hash, pascal or Ada (where the other features come from);
- generics using the template model from C++, which was a horrible hack on top of C++ because it was hard to make a backward compatible syntax (so instead we got ANOTHER class of macro to add to the #define) when C++ was a horrible hack on top of C so that at least C++ could compile C programs (except now it can't);
- a grammar that is going to be about LL(497) (doesn't anyone remember how ugly parsing C++ got to do templates, and how long it was before it worked?);
- and a whole wonderful new term ("autoboxing") for the notion that primitive types and class types ought to both have all the properties of types.
I know I'm probably just getting old, but Jesus!, why do we need to repeat all the mistakes of the past?Martin Caiden wrote a book about just such an "underwater plane" probably 40 years ago....
... in this business you'll eventually hear everything twice (or more). If you look back to (eg) Parnas, et al, and the A-7 project, you'll discover that back in the late 70's and early 80's a key notion was that both the OS and the language were part of the "hardware hiding" layer.
On the IBM System/3 in the later 60's and early 70's, the RPG/II compiler generted a binary that was booted onto bare iron to run. (If you were really down-scale, like I was, the compiler was a bootable 4-foot deck of punch cards and the result was a freshly punched deck of cards that was itself bootable.) This included the code for both the "program" -- the business logic -- and the "operating system" that allowed the program to control card reader, printer, and disk drive.
On the IBM 1401, people had decks of program cards that did specialized things, like control the printer; you added them to your program. I'm sure Goldstein and von Neumann had something similar.
What I wonder sometimes, though, is whether this repetition of the same old idea, generation by generation, proves that "computer science" is essentially a dead topic?
Ask Ginny Heinlein -- a super-proficient woman who (at least once upon a time) dressed provocatively and appears to have agreed with his beliefs to a very large degree.
As someone said above, the formal standards (IEEE, DoD2167a, etc) are way too heavyweight and complex for your environment. There are many many books on methodologies, but for small projects (say < 10 people for 1 year) you will want something very lightweight. One thing that's fashionable right now, and actually works, is "Extreme Programming". See http://www.extremeprogramming.org for a starting point.
It's not that sites like Dice aren't honest: it's that they're vulnerable to being gamed. The "same old job postings" you mention are being reposted nightly by a bot, so they show up as new postings. I looked at a few some months ago and discovered that they even change by a few unimportant characters, which thwarts simple-minded attempts to catch this.
The internet as it stands has highly robust routing -- if you drop a bomb on Cleveland it won't prevent routing to Akron. But (as someone already pointed out) the hierarchical DNS name protocol has it's problems, because there is effectively a small number of "masters" and those masters become a point of vulnerability.
The internet itself (IP4) doesn't provide some other useful things, though, like:
They mention one other point in the article, which is that they hope to build a reliable distributed storage scheme. So once you put a file or object into the distributed store, it isn't local to one place -- kind of like an internet RAID system.
The RIAA is gonna plotz, though: this makes it just that much harder to track down and eliminate all the copies ....
If not, we must have survived the plague somehow.
First off, your diabetic, sicky, infected, catheterized patient was pretty much on death's door anyway (and the staph my have been a blessing -- diabetics in that kind of condition often die, literally, by inches as the doctors cut gangrenous chunks off.)
Second, there's more than one way to skin a cat, or a bacterium. "Augmentin", for example, is a common antibiotic that many bugs are immune to, augmented with an enzyme that blocks the mechanism that make the bacteria immune.
It's also worth remembering that we survived for hundreds of thousands of years without antibiotics, anyway.
Phillida flouts me. --- Walton.
Three gaudy standards flout the pale blue sky. --- Byron.
Source: Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc.
Two reasons: it's amazingly cheap per item -- direct mail costs up to $5 per item, "carrier-route" main in the neighborhood of 50 cents an item, spam approaches free; and the spam-mailing companies lie about the effectiveness to unsophisticated users -- obviously unsophisticated, since sophisticated users know that spammers are a plague, anathema, and a hissing throughout the land.
Yes, it is obvious. If you have smaller targeted mailing lists, it raises the probability of a hit on each mail item.
Don't bet any money on these predictions.
Give it a moment's thought: in public. In other words, if you're doing something out where anyone could see you, the Feebies are allowed to see you.
As I said, there's plenty to get exercised about, including the more "liberal" rules on wiretapping and monitoring. Don't waste effort on this stuff.
If you don't want then to see what you're doing, don't do it in public.
And if you're going to get all exercised about something, do it about the PATRIOT Act things the Feebies can get at that that aren't public.
My theory is that the original poster is actually a government agent trying to get people caught up in this conspiracy theory, so that they don't have time to follow the real problems.
(Check out Daily Variety http://www.variety.com/index.asp?layout=b_o_weeken d&dept=Film
for details.)
Microsoft's real security problems are deeper than that. ActiveX components are inherently treated as trusted code: once you agree to let them load at all, they own you. The Visual BASIC extension language gives pretty nearly any script the possibility of taking control of all your applications, which leads to the continuing plague of "Snow Whites" that show up in my email. (Thankfully, EMACS GNUS and LINUX laughs at them.) And all of these are not just coding errors -- they are intrinsic to the architecture of Windows and Microsoft applications.
The notion that Microsoft has actually reviewed all 38 million lines of XP -- not to mention IIS, Outlook, etc -- for problems like exploitable buffer-overflow defects is merely laughable. But the notion that there is some way to make ActiveX and the various kinds of visual Basic hooks into all of Microsoft's applications actually secure is one that the FTC ought to investigate as "false and misleading advertising".
But it's worse than that: whatever this "set of equations" is, its effectively a pseudorandom number generator. There do exist cryptographically strong random number generators, but they are just as difficult to compute as a standard strong encryption, so this scheme reduces under this condition to being a standard encryption with a slightly modified key exchange process. (They're exchanging a whole equation, rather than just the key parts.) So it's neither more efficient in encryption speed, nor more effective in terms of difficulty to break, than the equivalent encryption scheme.
But wait! There's more! If the PRNG is not cryptographically strong, then the encryption won't be very strong either, as there are well-known ways of decrypting a ciphertext encrypted using weak PRNGs. (There is a very close relationship between a PNRG and an encryption algorithm that guarantees this will work.)
So, it clearly belongs in Schneier's "snake oil" section.
Actually, nothing has changed except someone at the LA Times decided to get overheated about it. One of those things that people forget (repeatedly) is that there's this whole great big five-sided building in the DC area full of people asking "what if this happens?" and working out the answers. Undoubtedly, there are also plans for using nuclear weapons against Israel and even France, if you just check the right file drawer.
What you've got there is a real manager.
I hope you followed him to the next job when the VP fired him (he said cynically.)
Its funny how the only posters who seem to believe him (with a couple exceptions) are themselves under 20.
I'm one of those exceptions -- I'm nearing 47. I started working professionally in computers on 1 November 1969.
Certainly it'd be worth questioning -- just like someone who claims a PhD at 23 -- but to simply assume one couldn't start at 14 is ignorance and bias, pure and simple.
I know of no business that would trust thier [sic]computer network to a 14 year old, no matter how good he was.
Ignorance isn't evidence. I was trusted with a $5 million/year company's accounting computer, and this was (a) when I was 14, (b) way back when "accounting computer" meant $100K worth of hardware in a special fishbowl room, and (c) when both $5 million and $100K were serious money.
I wouldn't blame him if he did take it a little personally, because this is an example of exactly the kind of ignorant bias he's fighting.
That's not necessarily true. I started doing real live professional paid-for computer work (operating and programming) at 14. Built real applications, eg Payroll, ran production jobs, etc. It happened that I had an in on this (in 1969) because it was my family business, but I'm certainly not alone in having done this kind of work at 14.
If you are doing production work, and you're getting paid to do it (or the equivalent) it's professional experience, no matter how old you are.