See: Working Effectively with Legacy Code book review (2008) for a book of that title by Michael Feathers (PDF article) on that very topic.
There is even a summary of key points at Programmers @ StackExchange. Hundreds if not thousands of programmer's blogs address this very topic.
You're welcome. Now get back to work.
They should be 140 characters or fewer.
Er. No, not quite.
Reference: http://www.oxforddictionaries....
Less is also used with numbers when they are on their own and with expressions of measurement or time,
As anyone who has experienced Dorothea Lange's "Migrant Mother" can attest, while the subject has never been described as classically "beautiful," the photograph is normally described as beautiful (and powerful) by almost everyone who has seen it.
... who make excellent works of art but capturing the decisive moment
... by capturing the decisive moment
Oops.
So photographers who aren't subscribers of the f/64 school of photography (to critically summarized: technical skill of taking and making the photo is what transforms a good photograph into a great photograph) are losers. I'll keep Nan Goldin, Cindy Sherman, Henri Cartier-Bresson, Garry Winogrand, Robert Frank, Man Ray, and thousands of other photographers who make excellent works of art but capturing the decisive moment (H.C.B. and Winogrand) or obtain a level of intimacy with and about their subjects (Goldin) or selves (Sherman) that any technical shortcomings are mere distractions to the gravity of their works.
Those photographers I've mentioned are quite "accessible"* to people outside of the fine art community, though nearly all of them do include nudes or nudity in some of their works, so are can be NSFW browsing, hence no links.
* By accessible I mean you do not need to have a comprehensive background in fine art or photographic criticism, history, or art theory to understand. They works are often considered to be appreciable by "outsiders," like myself.
but in principle I agree with what Google is doing. In effect they are trying to destroy the market for zero day exploits and forcing the companies involved to not site on their hands and hope nobody uses them.. like cybercriminals and the various three letter agencies.
From the article:
In the bug tracker for the impersonation vulnerability, Google said it had queried Microsoft on Wednesday, asking when the flaw would be patched and reminding its rival that the 90 days were about to expire.
"Microsoft informed us that a fix was planned for the January patches but [had] to be pulled due to compatibility issues," the bug tracker stated. "Therefore the fix is now expected in the February patches."
The next Patch Tuesday is scheduled for Feb. 10.
So 90 days is an appropriate time to wait but not 106 days?
Here is what Google use to say (circa 2010) from most of the same people who make up the Project Zero team (Chris Evans, Michel Zalewski, and others) AFAIK.
Rebooting Responsible Disclosure: a focus on protecting end users:
Update September 10, 2010: We'd like to clarify a few of the points above about how we approach the issue of vulnerability disclosure. While we believe vendors have an obligation to be responsive, the 60 day period before public notification about critical bugs is not intended to be a punishment for unresponsive vendors. We understand that not all bugs can be fixed in 60 days, although many can and should be. Rather, we thought of 60 days when considering how large the window of exposure for a critical vulnerability should be permitted to grow before users are best served by hearing enough details to make a decision about implementing possible mitigations, such as disabling a service, restricting access, setting a killbit, or contacting the vendor for more information. In most cases, we don't feel it's in people's best interest to be kept in the dark about critical vulnerabilities affecting their software for any longer period.
Somewhere along the way they appear to have lost their senses, and enshrine 90-days as some written-in-stone deadline that makes no sense, and is counter to their stated objectives.
Where the FBI submit a swore affidavit that Kim DotCom is Dread Pirate Roberts to the New Zealand courts in a bid to further his extradition to US, because surely those sheep-loving Kiwis can't possibly resist the War-on-Drugs(tm) as a legitimate reason to let the MPAA/RIAA go after Kim DotCom for digital piracy[1].
If he wasn't under so much financial pressure (freezing of assets) I'd expect him to make a press release suggesting it himself.
But the conspiracy theorists will posit that John McAfee is the real Dread Pirate Roberts. I mean he was found in Belize of all places. What do you think it was really doing there? Creating his second, pseudonyms fortune, this time without the IRS insisting on payments. Hell, half of software multimillionaires who have been in tufts with the IRS themselves would likely support his venture on the down low.
[1] Okay, infringement of intellectual property doesn't have the same sense of dire urgency does it.
Well, you're right from a formal logic perspective. In spoken languages, though, there's often an implicit 'either' attached to the 'or', causing 'or' to essentially mean 'xor'.
Yes, everyone should be expected to go read Principia Mathematica before posting to Slashdot, far better than any captcha in use today.
The first large scale availability of virtualisation was with the IBM 370 series, dating from June 30, 1970, but it had been available on some other machines in the 1960's.
So the idea that "newer machines have support for virtualisation" is a bit old.
This point has been made since the first virtualization software on microcomputers were being experimented with. Those who don't know history are doomed to repeat it (or something similar depending how diligent your citation tracking it).
I'm still waiting for someone tell us that IBM discovered perceptional acceptable lossy compression, such as JPEG, MP3, and MPEG, back in the mid-1960s mainframe era to generate image and videos for punchcards distribution.
And Xerox PARC labs had a portable MP3 player prototype with a seamless white case with a steering-wheel styled interface, locked in its vaults of time.
but doctors act a lot more like technicians than scientists or researchers.
Doctors are much more like technicians. You don't want doctors "experimenting" on you unless you really, really need that.
To clarify the doctors or physicians you are referring to medical practitioners in medical parlance. There is two additional medical "communities," which are linked, the medical teaching and research specialties though two these tend to be more intertwined. In many cases they share hospitals, labs, institutions.
Physicians are typically not brought up in a 'science' environment (question assumptions, learning how to research a topic, critical thinking.) Doctors are brought up in 'cram mode'. Dump a lot of into down your throat. You're expected to believe it. They are increasingly taught to 'follow the protocol' which amazingly, is what technicians do.
That is a gross over-generalization. A good physician is trained to be scientifically minded, to take careful observations (utilizing medical testing), question assumptions for faulty assumptions and correlations, and be critical in what they do. They are expected to learn and memorize a large body of knowledge that they will likely need to do their job on a daily basis, and was the first profession AFAIK to have formal continuing education requirements to keep their medical license in many jurisdictions. All bio-chemical scientists follow a protocol so that they have a consistent and reliable testing methodology to reduce mistakes, attempt to be as objective as possible, and to be comparable.
Yes, there are 'physician scientists' but they aren't treating the majority of patients and you don't want them to be ('hey that looks interesting, what happens when I tug on it?').
If you are being treated by a medical researcher, then either there is no known effective or reliable treatment, or there are testing for a new hopefully better treatment. It means you are the test subject, normally not an ideal situation.
This case is interesting as the husband of the patient kicked the docs out of 'technician' mode. And, of course, used a 3D printer.
ALWAYS ask your doc questions about stuff you don't understand.
Interesting, yes, but it bugs me more in that I fear the deniers of vaccine safety, and those who want to consumer-ize their medical experience ("the customer is always right" is a horrible mantra for any legitimate medical practice) will use it as evidence to vindicate their positions. Most of the medical drama was in fact about miscommunication, inconsistent practice, and the need to be your own advocate for medical treatment.
From working with physical scientists, I know that 3 and higher dimensional visualization is still often lacking in being easy to interpret with advanced computer visualization techniques. The results while sometime can be made to look pretty, that has little correlation with how quickly and easily the visualization can be interpreted to extract the relevant information.
So it's fair to say that Chrony isn't suitable for running on stratum 1 servers, of which there are a few hundred, maybe up to at most a few thousand publically available in the world[1]. For the millions of Linux servers, laptops and desktops that aren't and will never be stratum 1 NTP servers Chrony should be just fine, shouldn't it?
Yes, I think Chrony is fine for most typical unauthenticated leaf-node (client-only) usage, but I still don't recommend it for the thousands of public stratum 2 or higher (see pool.ntp.org, most are stratum 2 or 3) servers, or the thousands of corporate and organizational NTP servers. For usage as a server, with a full-time network connection, I don't know of any compelling reason to use Chrony over NTPD or OpenNTPD.
Personally I can't see any reason to believe Chrony is more secure than either NTPD or OpenNTPD. Being new, or even saying that Chrony is secure, and programming really, really carefully, doesn't make it so.
Chrony is a complete working implementation of the NTP protocol.
You mean complete except for broadcast/multicast mode, or authentication based on public-key cryptography. Some basically it's a good client and a unauthenticated / inefficient (network) server.
It also makes some pretty misleading claims; Chrony can usually synchronise the system clock faster and with better time accuracy except it never explains how it can possibly achieve better time accuracy than NTPd.
Chrony does handle a number of client usage scenarios better than NTPD (namely non-permanent network connection, and laptop-like environments) as far as I know, but it does not achieve better accuracy for the usage scenarios NTPD was primarily designed for (e.g. network connected servers).
NTPD gets its knickers in a twist at the slightest excuse and sometimes ends up stepping the time even though it has perfectly good Internet connectivity and a reasonably good internal clock.
Yet chrony can't detect rouge or fix broken time servers. Beyond possibly having better handling for clients of dynamic clock frequencies (i.e. SpeedStep, and various other power saving features that modify one or more of the several frequency oscillators in a computer.). I say possibly because I am not certain of the state of affairs in the current NTPD code base, I know it was lacking when dynamic clock frequencies originally appeared in systems, but I am not sure that it still is naive about that.
Chrony keeps steady time even if Internet access is intermittent. It never gets confused and picks a falseticker pretending to be stratum one instead of a stratum 3 with correct time, unlike NTPD.
While it does appear Chrony has improved greatly from a simple SNTP client for intermittent network connectivity it was when I first heard about it, that is still its forté, and likely the best client for many end-users' cases. Still it is not a robust general purpose replacement of NTPD.
It even has interfaces to GPS clocks or other hardware clocks, so you can run your stratum 1 server on Chrony if you want.
And YouTube is full of people doing stupid, reckless, and/or unwise things too. That's perhaps too harsh, but that's those "features" are quite incomplete.
Having PPS (Pulse Per Second) optional support is a good start, it is not a comprehensive solution to running a quality stratum 1 server. I expect a stratum 1 server to have improved or at least quantified oscillator ("clock") parameters, such as ideally TCXO (Temperature-Compensated crystal Oscillators) or OCXO (Oven-Controlled crystal Oscillator) for the stratum 1 system's time-keeping. For commercial systems I would suggest looking at a professional NTP server network appliance, there are several vendors including Spectracom, Symmetricom, Meinberg, and others.
Of course, its audio quality compared to a CD is debatable [...]
No, it isn't debatable. Due to physical limitations of cutting a groove in the record surface, and interpreting using a needle during playback, vinyl recordings ("LP" or other form factors such as 7 inch 45's) are physically constrained, preventing the recording of some low-frequency sounds and effects. Such sounds and effects are/were featured in electronic music ("techno", "dance", etc.). This was the reason behind the RIAA equalization curve used to de-emphasize the bass frequencies, it allowed closer spacing of the groove (which lengthen play time, the major justification / selling point of the LP format). There are also pre- and post- echos of loud passages if preceded / followed by a very quiet section. Vinyl is an analog recording using techniques developed in the 1950s, and suffers from numerous limitations of the physical limitations of the medium, with no inherit noise reduction or error correction possible, so the vinyl format has absolutely no objective superiority in accurate sound reproduction.
There is one complicating factor, which is not inherit in the vinyl format itself. Modern ("revival") LPs do excel in that they often use a better quality final mix with a wider dynamic range, whereas final mixes for CDs and digital formats typically are highly or over- compressed (due to the auditory perception of "louder" will intuited as "better", the basis of the "Loudness Wars") before being transferred for commercial duplication.
Some well mastered (retain a full dynamic range between quiet and loud passages) CDs and digital recordings do exist, but sadly too many studios still over-compress the recordings.
There was the comical case of Guitar Hero, where digital recordings shipped with the game were of better (dynamic range) quality than were available as CDs or discrete available for purchase digital format (MP3, AAC, etc.).
Or....... not carrying guns at all.
This is highly effective in several countries around the world, but it does have one key criteria. The availability of firearms to the criminal and/or general public has to be low initially for this to be an effective policy.
And I believe nearly all countries where regular police / peace officers do not carry a firearm, they do have special units that can be activated in the rare event of (suspected) firearm / deadly weapon usage or widespread violence or mob/mass rioting.
In my youth I was told by a police officer during a tour of police facilities that they were trained to only draw their weapon to fire it or to clean it. To the best of my knowledge, based on my own very limited experience, the majority of officers I have seen still operate under that basic premise. A firearm is a means of lethal force to be used only as a last resort. It is not perfect, but I do believe it has lead to far more lives being saved on both sides than the alternative of officers drawing their weapons sooner as a method of deterrent or preparation.
I support the law enforcement officers goal of making it home alive always, but I also value their efforts in not escalating scenarios, and respecting the lives of others.
If the University is fining them instead of blocking their access and is failing to prevent the copyright violations that it is benefiting financially from
Some universities already have copyright clearance agreements in place, due to concerns of copyright material being duplicated in libraries, these agreements may allow the university or library to generate income as a means of cost recovery of any expenses from administering the program, and an incentive for enforcement.
Since approximately 1% (or less than $1000 total, divided amongst all the Top of the Pops artists for the past 6 years) of the proceeds would likely end being paid to the artists, songwriters, and/or performers; really what difference does it actually make?
Old programmers never die, they just hit account block limit.
