How do you spot an extrovert programmer? He's looking at your shoes while you talk.

Seriously, self-promoting incompetents are a hazard in any technical field, but in proper engineering disciplines objective assessment can make up for a lot of bull. Because software development isn't yet mature enough as an industry for that to work, it's relatively easy for a snake oil salesman to do well (almost invariably at the expense of the colleagues who are constantly clearing up his mess and ultimately the organisation they all work for).

The remarkable thing is that the executive management team are often so disconnected from the reality of their business (read: ignorant and incompetent) that they haven't even noticed their company's job ads are literally asking for things like five years of experience with Leading Programming Toolkit 2014. I'm guessing the global pool of qualified candidates by that standard is... sparsely populated.

Yes. IMHO this is what most often gets overlooked when people debate university CS/SE as a mostly-theoretical discipline as distinct from practical experience in industry.

You can study practical skills in using a certain language or library or tool, and you can become somewhat productive. But without sufficient theoretical understanding, you're just doing cookie cutter coding, and you will always have a relatively low glass ceiling on how much you can achieve.

Put more bluntly, practical skills are what you pick up to get from incompetent newbie to vaguely useful programmer in the first year or two on the job, but improving your theoretical understanding is what gets you from there to seriously useful senior developer a few years after that when you're no longer just writing simple GUI logic in C# or trivial ORM code for a Ruby on Rails web site back end.

Indeed, but someone with good theoretical understanding will pick up any given tool based on that theory fairly quickly.

Now, at no point in this post did I imply that getting a degree is either necessary or sufficient to achieve a good understanding of the theory. As far as I'm concerned, you absolutely can get there with time, effort and an open mind.

However, I think even autodidacts will find the process significantly easier if they've developed rigorous mathematical thinking and the ability to read and digest technical writing first one way or another. Also, for better or worse, the reality is that having that degree certificate will probably get you better jobs early in your career, which in turn will give you better experience and better colleagues to learn from at work.

In any case, just reading lots of casually written tutorial blog posts by people who've been playing with a tool for six months longer than you have certainly won't get you to that level of understanding alone. It's very easy to spend a lot of time doing that in a field like software development, feel like you've learned a lot and can be super-productive, and never even know how much you're missing if you've never found the right course of study or mentor or on-line learning resource to open your eyes. That, IMHO, is the biggest risk for people who haven't studied formal CS/SE one way or another, and sadly you can always find plenty of examples in the on-line forums for whatever the latest shiny technology is (currently I'd say it's front-end web development).

I'm not the one bitching and moaning about the bugs. I'm just pointing out the reality that very few people are going to go through the onerous bug reporting process that (some) Firefox developers/fans want them to, and that if they run into too many bugs in Firefox then they might choose to use another browser instead of choosing to help make Firefox better.

Unfortunately, I think your post is too close to the truth the be funny...

When all the developers move to the same platform with its non-standard implementations of everything, you get IE6.

It's not the first time they've done this "we know best" thing, unfortunately. There are cases involving HTTPS/HSTS where Firefox literally will not let you view a page it has decided is insecure, even if you explicitly want to ignore whatever the security problem is (for example, because it's a site you work on, and it's in active development and currently not fully configured).

Security warnings when encountering a likely threat = good. Overriding the user's explicit wishes = bad, always.

But there is another option for the users: they can use other software.

I sympathise with the frustrations of software developers, but the idea that any normal user (most of whom aren't going to be programmers or sysadmins themselves) is going to set up a virtual machine, reduce a bug they see down to a minimal test case, and then file a detailed bug report is crazy. It just isn't going to happen.

If a project has to keep relying on this, instead of being able to do good quality control and testing itself, the inevitable result is perpetually beta quality software, and getting left behind by other projects that are capable of doing proper quality control and testing.

This is all way off-topic by now, but my point is still the same: MojoKid's position is probably correct. There are significant costs for servers and for bandwidth for any site that scales up, and they can easily become more than it's reasonable to expect a hobbyist to pay out of their own pocket if the site becomes popular.

Of course, this is all before there is any actual content on the site! Doing the planning and research and writing and editing and presentation of original material takes about as much time and money on a web site as in any other medium.

You know somewhere that provides reliable hosting for five servers supplying 40MB/s each for less than 5-10 bucks? I doubt that very much. For the dedicated servers I use on one of the commercial sites I mentioned, I'd be running at over $1,000 per day for that kind of traffic.

Obviously no-one running at that kind of scale is still on the same kind of hardware and pricing set up that my little site is on, but dedicated/unmetered lines aren't cheap either. In any case, you get the point: the servers aren't the problem for high traffic sites, the network bandwidth is.

I suspect in reality that the best sites would continue, but there would be a lot more paywalls around, probably less editorial integrity on open sites as things like product placements and affiliate referral fees became more reliable revenue streams, and maybe over time we'd eventually get somewhere with micropayments. In some ways, moving to more "honest" funding via paywalls and/or micropayments might be a better long-term model for the people who do produce good content and run valuable sites than what we have today, though no doubt it would be a painful transition with many casualties.

The thing that makes me a little sad inside is that the aggressive, irresponsible advertisers have spoiled the model for the moderate, responsible ones. Because of the former group, I do block very aggressively when I'm browsing, and I don't feel any guilt about it because my motivations are security, privacy and performance. However, I also have no problem with people who just want to make a bit of money from running a decent site, and I wouldn't block their ads if there were a reliable way to allow those while still eliminating the rest. Unfortunately, I don't see that being possible any time soon, which is why none of the commercial sites I've ever run myself has relied on ads as a business model.

Sure you can. I've run various personal or social group sites over the years that just paid a little to keep things running, without expecting any sort of income in return. For the personal sites, I do it for the satisfaction of giving something back, and sometimes starting enjoyable discussions with others who share my interests.

I also run some commercial sites, aiming at a wider audience, charging real money for signing up. This is a completely different scale of commitment in terms of hardware, connectivity, and operating costs.

If you're running a discussion forum that you share with 50 friends, sure, it can be in the first category and you can do it for peanuts and enjoy all the high quality interaction you like. But running a significant news or social networking site with thousands of participants? Not even close.

What I'd really like with modern trends is more emphasis on "private clouds". I want to put my data on my own server on my own network, so it can be accessed from any of my devices around the house and over VPN if I'm out, but with the data always securely under my control and backed up according to my wishes.

This is easy for some formats, including plain files obviously. However, it's surprisingly awkward for stuff like e-mail, where there are plenty of relevant concepts like IMAP and mail stores and smart hosts and web mail systems, but actually setting them up in a useful combination if you're not an experienced sysadmin is quite a challenge.

Sadly, it seems even the best FOSS client software is dying out these days, often because "everyone has Google Whatever". As far as I know there hasn't yet been a lot of movement in the FOSS world towards having easily-deployable private clouds for e-mail, shared documents, and so on, which always surprises me given the implicit freedom, independence, privacy and security.

You might not have much recourse even if it's a commercial service you're using. Ironically, on-line back-up services are among the worst offenders. If you use one, go ahead and check its terms, and see whether any of those lovely restoration options they offer will still be there if they decide to close down on a whim. (Hint: Probably they won't, and all you'll get is maybe 48 or 72 hours to download as much as you can at the same time as every other customer they have is trying to do the same.)

If it matters, back it up on systems you control yourself. If it's private, don't upload it to anything, and encrypt the back-ups. It's really that simple. Then again, so is "make sure you back up your important files", and how many people don't do that because it's mildly inconvenient? Maybe those on-line back-up services aren't quite so bad after all...

Indeed, and yet I'm dozens of posts into this discussion before you were the first person I saw even notice. :-(

This could in theory be used to prevent something like a phone triggering a bomb, though if there is a genuine threat of something like that happening, I would think that restricting or turning off transmission over the network was a much more reliable method than assuming that someone willing to blow up a bomb was also obliging enough not to mod their phone to ignore the kill switch.

Meanwhile, it has now been demonstrated beyond any doubt that video recording of police officers at work reduces both complaints of excessive force against officers and instances of violence toward officers, both of which are surely good things. It has also been demonstrated on numerous occasions that officers who did cross the line may then attempt to destroy evidence such as photographs or recordings on electronic devices held by passers by. Obviously if all it takes is accessing some centralised police system with insufficient safeguards and oversight to remotely destroy that evidence, as opposed to potentially physically confronting someone who is just an innocent third party and making their situation worse, there is less deterrent to the minority of officers who do abuse their position.

Ah, I see. I had intended the IPS/DLP example to demonstrate both the fact that it was technically possible to MITM SSL traffic if you have control of the client and the fact that this is actually done in practice. I didn't mean to imply that routine logging was necessarily going on in any particular organisation; I don't expect that it is in most places, at least not intentionally, for all the reasons we've talked about. Apologies if that wasn't clear.

Likewise.

You can post credentials as much as you like. I've worked in the industry, and I know who some of the big customers are. (Given your background and the nature of the discussion, I hope you'll take my word for that and understand why I'm not going to post a list similar to yours here.)

I said before but will repeat: your liability concerns are fair and valid. In fact, there is a significant side market in devices that can pick out parts of the network traffic that might be sensitive one way or another and mask out or truncate the unwanted details, and that market is driven in party by exactly the kinds of liability concerns you mentioned.

The fact remains that from a technical point of view, if corporate IT want to log your traffic and if you're working on a company machine and talking over the company network, there are tools available that will do that for them and you would never know it was happening without inside information. Everything else is down to legal issues and how much you trust your employer to behave responsibly.

I get the feeling that we would agree about the fundamental ethics of the situation anyway. This little discussion started when BitZtream argued that a good sysadmin can control "what his company does and doesn't see on company time, company equipment, and company networks". Zero__Kelvin seemed to think SSL would be a barrier to that. It is not.