My company doesn't have a strong policy - we all try to keep costs down, but we don't go crazy. There are two primary reasons I won't go to a hotel that blocks my use of my phone +/or ipad as a hotspot:

1) security - this is actually pretty much a company policy. We never use public wifi anywhere except in a few rare cases where there was no choice (typically because the cell signal was too weak). If we had a corporate VPN to run everything through it might be less dangerous.

2) bandwidth - in the few times I've actually tried to use the hotel's wifi, or a convention center's wifi, the bandwidth was so bad that it was unusable.

and also, 3) they actually charge for this? Every place I've been to in the last year has had free wifi, and in some cases free hardwired ethernet. Hmm. I am a member of Hilton's HHonors, so I get the wifi for free if I want it. I guess they do charge otherwise. HHonors doesn't cost anything so there's no reason I know of not to be a member. Same goes for Marriott, etc.

Your example reminds me of a powerful understanding I came to a while back. Every program we write defines an "application specific language" that is composed of the text, or the actions if a GUI, that the application supports. This linguistic approach to user interfaces can be a very useful viewpoint from which to define how a user interacts with our program. (where "user" may be a device, or software, or actual person, or whatever). We are constructing a language by which that user "talks" to our program.

Funny, back in the 1990s I purposely didn't learn Perl beyond the minimal amount I needed to maintain an early web app. To me it all looked like somebody sneezed on the page. But in the last 1/2 decade or so I've become pretty proficient at PCRE - Perl-Compatible Regular Expressions, the very essence of page-sneezing.

I once idly wondered how hard it would be to build a parser/compiler for another language using PCRE. PCRE-Perl? PCRE-PHP? PCRE-Ruby? Of course, PCRE-C could be the first one, and the others just built running GCC through PCRE-C. I'm a sick puppy! :P

Yes. For one, the true value of having two different block begin and end tokens is similar to the value of double entry bookkeeping. In Python there is only one "token" denoting a change of block (in this case the token is just the change in number of indent spaces). As a result, ambiguities and outright errors can be impossible for the parser to recognize.

... and slide rules! And use Mayan or Aztec measurements. Although Register Standards would also be acceptable. (actual data starts at about 1:45).

As a long time developer, I would say that nobody should be planning to use C for anything but where it's apparently still considered almost mandatory - kernels, device drivers, maybe compilers & interpreters. Application coders (your "in-between") should almost never waste time and mental effort making up for the lack of memory management and features like bounds checking of more "modern" languages. And I would argue that with most hardware being designed using advanced CAD, the hardware design should be well enough characterized that even device drivers may soon become something that could be almost automatically generated from the hardware specification, eliminating that job.

* footnote: In the 1960s, Burroughs Corporation used Language-directed design for their computers. For at least some of their designs, the entire system was defined and modeled in a high level software language (typically ALGOL) and internal specification language, and then the hardware/software interface was defined according to performance requirements and the hardware was built to implement the originally software-defined low level functionality.

Regardless of other aspects, if you want to learn something new, I would suggest trying one of the functional languages, such as Erlang or Haskell. Not because you actually want to get a job doing that, but because it will rearrange your brain and get you thinking about programs in a different, and I would argue, better way. I have never gotten around to becoming proficient in either one, but the limited effort I made to learn Erlang has greatly changed the way I write in other languages.

Your -ism is wrong. :) Sorry, they all are. Every -ism is an attempt to impose a (usually) rational construct on an inherently arational system to which measures of rationality do not apply. IMHO this is especially true of any social or biological system. The best models of these are more closely related to neural networks and similar bottom-up decision systems based on convergence toward an apparent/semi-local optimum. As the number of nodes increases, the math increasingly looks like fluid dynamics.

NSA's Information Assurance Division (not the spooks) works hard to help and to convince Big Corp to clean up their act. They recognize that financial IT security is fundamental to national security. Also, the FBI has a group that works to help companies improve security. So you might reach out to one of them.

The fundamental problem is typified by Home Depot's management - as a Redditor noted, when IT asked for budget to implement essential security, their upper management said, "We sell nails and hammers. We don't need that." Now it may well cost them $1 billion.

Here are a couple of rules of thumb you can tell your management. These are straight from web security and biometrics people I work with. A website breach (e.g. Target, Ebay, Home Depot, JPM) costs the company an average of $178 per customer (not website user - _customer_). That is a number that should invoke heart palpitations in the CFO - multiplied by the number of customers, it's probably more than the value of the company.

In the healthcare industry, a single lost or misplaced laptop will cost a minimum of $2.5 million in fines (HIPAA violations), liability, paying for patients to get identity theft insurance, etc. - even if no data is actually compromised and the laptop is recovered! If data actually makes it into the black hat world, the price goes up by multiples.

JPM's audits have been "qualified" by PWC for the last couple of years, because (despite inhouse reports) the CIO has refused to implement proper controls. People in JPM who have reported these problems have been fired - from what I've heard, three heads of Risk Management have been fired in the last three years, each time after telling the CIO that he needs to fix these before their pension fund clients have to take action.

... then nothing comes out the back.

When I went back to school in 2003, the CS department had a grand total of zero (0) US women in the graduate program. There may have been one woman in the undergrad program. This despite the following: the department head was a woman; almost 1/2 of the instructors were women; about 1/4 of the foreign students were women; and the _founder_ of the department in the 1970s was a woman. There weren't that many US men either - probably 3/4 of the grad program were foreign students. These folks were there, paying full tuition and working hard, because coming from other countries they knew that for them this was the difference between a comfortable middle class life, and dirt poverty. The plain fact is that engineering, if taught correctly, is hard, and many people don't feel the need to work hard for a distant goal, especially when that work involves technical knowledge and analysis. Plus, not everyone has the analytical bent, and that's OK. We need other talents as well.

It's easy for me to think / assume that part of the problem lies in the way education is done. If a real engineering and analytics approach with the self-discipline to think the hard thoughts were imbued into students early - primary grades, at least - perhaps the pipeline would have something going in the front. I'm hoping that our future robotic/AI childhood learning specialists that will be replacing much of the education system will be able to make a difference.

Six_phases_of_a_big_project

  1. Enthusiasm,
  2. Disillusionment,
  3. Panic and hysteria,
  4. Hunt for the guilty,
  5. Punishment of the innocent, and
  6. Reward for the uninvolved.

I like this! :D

I'd like to see both awarded a minimum number of flights (say 1/4 or 1/3 of total planned) at a fixed maximum price, and the price of all additional flights negotiated down from that maximum price, relatively close to the date when the hardware has to be built - say a year before flight. This would also leave an opening for other competitors to come in later. It would probably be beneficial to allocate in lots of, say, three or four up to 10 at a time. I would also require all vendors / vehicles to use the same interfaces - mount points, power, fluid, and data connections, etc. so any vehicle could be swapped out for any other on short notice. Of course, some vehicles are going to have to have special equipment, but that could also be handled using a modular system.

The net result of this would be a continuing reduction in the design, manufacturing, and launch costs, as more components become commoditized to fit all vehicles - all vehicle vendors will benefit. Soon any launch vehicle could be used to launch any 'standard' vehicle. The result of this would be an increase in the economic feasibility of space launches for both NASA and others private and public, making the market larger. Outcome: boom in space development. Boeing and SpaceX would both benefit from this approach in the long term, and possibly others as well. The key to economic space development is just this kind of commoditization, repeatability and increased reliability that long production runs with continuing improvements can provide.

[shameless plug, but apropros] - my company's Kaje Picture Passwords for the Web would have prevented these attacks almost completely. (I say "almost" because, well, "never say never".) We published a press release about this two weeks ago: Bright Plaza offers “Kaje” Website Security Solution to Russian Hacker Password Breach. Using Kaje, the password is no longer stored on the website so these breaches could not have exposed the passwords. Kaje never knows anything about the user other than the anonymous ID sent by the website.

Had all those websites been using Kaje, these breaches would not have resulted in the huge potential liability and recovery costs that so many businesses will be facing. From Sony a few years ago to Target and EBay recently, and now this Russian thing, password breaches are causing billions of dollars in damages, often borne by website owners - in some cases thousands of dollars per user. Health care and financial services websites are particularly subject to financial penalties from regulatory bodies as well as civil litigation. In comparison, the Kaje service costs fractions of a cent per use for large users.

A Picture Password, which was demonstrated to be easier to use and more secure than text passwords by NIST as early as 2003 (using an earlier, less secure methodology), is more difficult to crack as well as resistant to man-in-the-middle attacks. The Kaje service has an HTTPS RESTful API, is compatible with OpenID, SAML, and other SSO systems, and plugins are available for Drupal and WordPress with others coming soon. Using Kaje basically requires SSL, one or two additional columns for the anonymous ID sent to Kaje by the website The first 10,000 uses are free, so smaller websites can use it for years without paying anything, while larger ones can try it out, do testing and prototyping with no cost or obligation.

If anyone is interested, check out Kaje or contact me through the website. We're looking for both website (customers) and web services (hosting, CMS vendors, developers), who can apply to be Kaje Affiliates and receive a commission from us by offering discounts to their customers.