Doesn't sound so ethical to me.

He's running a business. That means he ought to abide by the rules we expect to apply to businesses. In this case, obtain prior consent, agree on charges/fees/rewards up-front, and do not copy what isn't yours to copy.

(A lot of businesses don't abide by these rules, but that's why we get all pissed at them for being unethical.)

It doesn't look like this "student/business owner" bothered with any of that, and got in trouble for it. Not really much of a story there.

Why Facebook isn't being lambasted for their shoddy system is another matter. Their breach of ethics for failing to design a reasonably secure system is arguably more significant than this unethical 'ethical hacker'.

We don't let banks get away with designing bank vaults made of 3/8" drywall over 2x2 studs. We expect banks to put forth a level of effort securing the valuables in their care proportional to the value of what's being protected. If they do a shoddy job and fake it, and get robbed, we'll punish the robbers, sure... and then ensure that heads roll at the bank.

Basically, "size does matter".

None of my liberal friends are supportive of the president's current stance on civil liberties. Every one of them are unhappy about it.

What's odd is that all of my conservative friends and family who happily supported Bush's attacks on civil liberties are now suddenly *for* civil liberties. What's sad is that it doesn't take much work to get them to both dismiss the need for civil liberties and to bemoan the loss of civil liberties within five minutes. (I have been prohibited from doing this with family.)

Apparently I'm a moderate troublemaker.

Sorry, I was not clear that my base assumption is that we're already trying to use the best language for the problem at hand. There are *still* going to be problems that are large, hairy, and complex, given the other constraints we might be working under.

If you don't consider at least three viable different languages for a new project, you're not doing your due diligence.

(Unless, of course, the project is 'use language X on a real-ish problem to see how it really works', and the end result is just a happy side-effect of giving language X an honest go.)

Second, we as humans don't really have much success expressing exactly what we want. It's why the most insidious bugs are not in code, but in specification. We so often don't know quite what we want that restrictive languages are actually beneficial, in that they force us to reason consistently.

Oh, god, yes.

One of the more important development skills to have is to be able to extract consistent requirements from stakeholders, and then to be able to write them down in such a way that the requirements will be correct and the stakeholder will agree with them.

When it comes to programming languages, give me a language suited to the problem (all the one-language bigots can go pound sand) that's easier to debug than to rewrite. Large, hairy, complex solutions should eventually result in a new programming language that makes those sorts of things much smaller, far smoother, and simpler.

Hm. I have an iPhone 3G and an HTC Android.... the android phone needs to be plugged in every day at worst, every other day at best. The iPhone needs to be charged twice a week. All of this is under fairly light load.

This is the problem I have with iPhone-vs-Android debates. The Android suffers from a variety of hardware vendors who can screw up the user experience, and the whole platform suffers as a result.

I really want to like the Android more than I do... but I can't. And it's probably not the fault of the software, but as a consumer, I don't really care about that.

"The market for users who care about their privacy is way too small to count. "

Just so. I've been considering buying an Android device, and in preparation was playing with Android in a VirtualBox VM. I found it very difficult to find ANY apps I was willing to run, because things that obviously should not require internet access (or some other permission) did require it.

Work has provided me with an Android phone, so I've been looking through the Applications, and most of 'em I won't install because the application (or rather, the developer of the application) demands access far beyond what is needed. It's not so much that an application requires a permission, but how many permissions many of them require.

I want a way to easily change the permissions granted to an application, without the application's knowledge. If I decide that an application has no business making or receiving a text message, I should be able to disable that capability, all without the application being aware that it's attempt to send a text message failed.

Then, I became absolutely bewildered that (apparently!) many millions of people will let some unknown app X have access to capabilities it absolutely should not need to do what it purports to do. To me that means instant distrust. I don't know what everybody else is thinking ... wish I did.

I'm sure that they're thinking that they don't have a choice.

It's *hard* maintaining a decent policy of "Don't Use Apps That Demand Stupid Things". People get tired of it all. So they say "screw it!" and forget about it, and basically wish really hard that they get lucky and don't get compromised, or have their data splashed about. (Then, to make themselves feel better about their lax policy, they harangue others for not "taking advantage" of their similiar device. They scoff at the hesitation of others in allowing unknown and untrusted third parties to have full and unfettered access to personal data. Peer pressure eventually wins.)

Most people don't have much self-discipline, after all.

Whatever your app is, kudos for taking the high road.

Seconded.

The problem you describe isn't one of developers being lazy... it's a problem of developers being *stupid*, and failing to learn anything from the languages they've previously programmed in. Every language you use in anger should inform you about viewpoints and techniques for every subsequent language, even if they don't directly apply.

This is why all programmers should start with a language like Pascal, so they learn the basics of structured programming, lexical scoping, and what the hell the difference is between pass-by-reference and pass-by-value. It would be best if at least one other language were to be learned before the programmer attemps to learn Java.

I would never recommend that any programmer learn C++, except as an example of what NOT to do when designing a language. Learning C is a good idea, so the programmer can learn what a high-level assembler looks like.

A language like Smalltalk or Self should be thrown into the mix somewhere, just for contrast.

Some sort of prolog should prove useful as well. (Although, if you seriously think that adopting the prolog viewpoint for general computing, you need to be shot in the face.)

And if trying all these languages doesn't improve your code... you're in the wrong job.

(As for laziness... that's a virtue, according to Larry Wall, and he's likely right.)

Personally, I found that once Generics and Annotations were imposed on Java, the language became a lot harder to read and maintain. They might as well just gone ahead and mandated the abomination that is hungarian notation and made the language completely stupid.

But then, Java was something like language #11 that I learned. So my viewpoint is biased.

Support for other languages in the JVM might be nice, but I really don't see the point.

Add-ons are the only reason I use Firefox. If they simply start breaking at random I might as well just use Chrome.

I use NoScript, It's All Text, and Greasemonkey.

If a magical upgrade breaks these, I'll be unhappy, and I'll be unhappier still without an ability to indicate to what version I need to roll back TO in order to get 'em to work again. I can see this sort of frustration resulting in simply removing FF from the system entirely, and never bothering to look at subsequent releases again. It's not like I haven't already done that with certain OTHER browsers already.

If some other browser (Opera? Safari?) rolls these add-ins in to their core browser in some form or another, I'll probably seriously look into jumping off the FF ship.

Everyone has way too many things to do, so your argument that you have way too many things to do is a bit specious.

Let's look at this logically, on a case-by-case basis:

0) You don't have email.

This is the degenerate case. In this situation, it doesn't matter what I do, you don't have email, you're not going to get them anyway. No problem.

1) You run your own mail-server.

This is a non-typical case, but since you're on /., you're presumably technically astute, so it's a possibility.

If you're running your own mail server, you *choose* which blacklists to use, and you have final control over what is or is not accepted on your system. The responsibility is yours to configure your system to accept valid email, not to blindly follow the dictates of some blacklist service.

2) You use someone else's mailserver.

(a) You have contact information for your service provider.

If I'm sending you email, and your service's mailserver is ignoring my valid email because the blacklist they're using is painting large swaths of the 'net with a rather wide brush, then the fault is theirs. It is your responsibility to contact your service provider and notify them of this problem, and leave it up to them to fix the problem.

(b) You have no contact information for your service provider.

You're doomed. Any sort of problem with your mail will cut you off from the rest of the world. Not getting my email is the least of your problems. and nobody else on the Internet can be expected to take the time to cater to your screwed up situation. Remember, everyone has way too many things to do.

* * * * *

Now, all of this is predicated on a few assumptions that should be called out and made clear. First of all, there's a presumption that I'm running a proper mailserver, and I'm not running an open relay, or spamming people, or engaging in other unsavory activities.

Should my system engage in activities that would get my system blacklisted with good reason, then it *does* become my responsibility to remove my system from the blacklist(s) in question. Why my system is engaged in unsavory activities is irrelevent -- it doesn't matter if my system was compromised, or if I'm actually using it to spam people. My system, my problem.

Second, there's a presumption that my system is abiding by the appropriate network standards and protocols. If I'm sending out email with illegal formats, there's no guarantee that anyone should accept it. Bringing my system into compliance is my responsibility, not yours, or anyone else's.

Third, we're talking about blacklists, and not about the content of the message being sent wrongly being identified as spam. That's a separate issue, and requires a modicum of agreement between the sender and the receiver that's outside of this situation. (It can be a worthwhile discussion all on its own.)

* * * * *

I'm not sure I understand your analogy about a government accepting packages.

Well, duh. Don't start using a personal mailserver for business.

Keep business and personal life separate. If you don't, you'll be screwed in more ways than having email be more unreliable.

The minute you hit operation, you'll find that you might already be on spam lists, and that you have to fight to get yourself off of them. The minute you find that you're off the lists, you'll probably end up back on them because someone three ip addresses away has been sending welcome emails from his web site, and someone forgot that they asked for one.

It's partially a matter of what you want to deal with, and how comfortable you are with making some issues somebody else's problem. Set up your own system. Tell friends, family, and employers your new set of email addresses.

If they can't send you email because you're on some blacklist, have *them* tell *you* how to get off that blacklist.

Follow these instructions once, if reasonable.

After that, tell them that their mail server is broken, and it's their problem, not yours. Then stop worrying about it. "YOUR service put ME on a blacklist without cause. YOU should use a better service if you want to hear from me."

Online vendors are even better. They have an incentive to make sure they receive email from you. If they use a blacklist service that drops you... take your business elsewhere. Call them if they have a 1-800 number to tell them about the issue of you're feeling nice.

Part of the problem here is that a lot of people have set up email servers for a commercial enterprise, and they bring home the set of best practices and habits -- so that when they set up their home system, they forget that it isn't a commercial system.

Remember, telling a friend, relative, or business "*Your* system is rejecting my RFC-complaint emails. *You* should look into fixing that if you want to hear from me." is perfectly acceptable, even though a business telling you exactly the same thing isn't.

Not retaliation. Vengance is not justice.

But those involved, and those who managed those involved, should lose their jobs, pensions, and freedom, as punishment for their misdeeds.

For a business with the resources to make an internship useful, the difference between minimum wage and nothing is lost in the noise.

You need to sit back and look at your language, and what it says about what you're trying to do.

You have a team that's trusted by customers, and you want to *empower* *them* to think like salespeople? When your corporate culture has produced salespeople so lacking in integrity that your own customer base has come to the conclusion that those salespeople are only interested in "alleviating them of their money"?

Your technical team is working *fine*. Don't break it.

Your sales team sounds dysfunctional and broken. Fix it.

As a general rule, fix what's broken before you mess with what works. This is counter to most corporate cultures (which has a tendency to kill the goose laying the golden eggs by trying to 'fix' the goose to lay larger eggs), so don't try to ape others without some analysis.

In the end, the best sales technique is to make it trivially easy for someone to give you money, and to make something that someone would want to give you money for. In this world, making it easy for the technical staff to say "oh, we have a product that'll solve that problem, let me give you a single-user ninety-day license for that." would go a long way towards exposing your products to your customers without spoiling your technical team's reputation.

(And WTF is this 'service orientated' crap? I doubt the technical team would describe themselves that way, although they might say 'service oriented'.)