Forgot your password?
typodupeerror

Comment: Re:So... (Score 1) 1017

by Dalcius (#36764902) Attached to: Women Arrested For Refusing TSA Search of Children

...forced DUI checkpoints and they DO draw blood if they want to...

In Texas, they have to get a court issued warrant to draw blood. It is considered, as I understand it, by our supreme court as a violent act - extracting part of your body against your will. Is it different in any other states? Can the officer on the scene make that determination? Links? Something else to rage about today... :

Comment: Re:GPL is the problem (Score 2) 1075

by Dalcius (#35603490) Attached to: Apple Remove Samba From OS X 10.7 Because of GPLv3

Let's remember that originally the point of the GPL was to allow people to share source freely, so that you could pass your work on and be assured that other users could pass it on too. It prevented restrictions on the sharing of something you created. It made your work open and free.

If I understand this right, and GPLv3 requires the allowance of "modifications in place", the GPLv3 is going far beyond that. It's no longer about keeping code open and free, it's forcing others to make their property open and free. It's no longer about sharing your work, it's about how your work is used.

Regardless of how you feel about "tivoization" -- personally I hate it -- this is telling someone else what to do with what they created. That's not making a statement about your own property, it's making a statement about somebody else's.

I'm a developer. Developers have the right and justification to release software under whatever license they choose! If a dev wants to restrict against "Tivoization", that's fine.

But let's not kid ourselves that "modifications in place" is about sharing software. This is going much further, and people with an interest in engineering things for the world to benefit from and making a living in the process have a very well qualified criticism.

Comment: QDB says it best (Score 1) 184

by Dalcius (#35522066) Attached to: Gtk 3.2 Will Let You Run Applications In a Browser
http://www.qdb.us/305324
<Pomax> 20 years from now, someone is going to have the radical idea to give users access to the underlying OS, rather than to the browser API, and he will be heralded a revolutionary.
<Pomax> All manner of programming languages will pop up that work outside "the browser", giving access to "offline" applications, storing files in "user space", even perhaps running in something called "kernel mode".
<Pomax> It'll be a brave new world.
<Mirell> It's scary that's believable.

Comment: Real Security accounts for social factors (Score 1) 409

by Dalcius (#35152918) Attached to: Are You Sure SHA-1+Salt Is Enough For Passwords?

You're spot on. All it takes is one $0.02 sticky note with a Mult1pl3.R3str1c71Ons.En4rced password written on it to make all this huff and bluster worthless in most IT environments.

People seem to forget that Users use computers. Not Security Nuts. Not IT staff.

Real security accounts for social factors. The reason the Sup3r!Pa55w0rd policy fails is the same reason the easiest way into a network is often social engineering. Users. Security is not purely technological problem.

Security starts with taking your weakest link into account. Hint: It isn't that your "10 character minimum, 2 character subset" requirement is too weak.

Comment: Re:we have the same policy at work (Score 1) 446

by Dalcius (#34325808) Attached to: When Your Company Remote-Wipes Your Personal Phone

Employees should backup their own data. If they are uncomfortable with the possibility of Employer wiping their personal phone, then they should not connect their personal phone to work email.

This is stupid.

There should absolutely, absolutely be a way to wipe a corporate account off a phone. That data is the property of the corporation.

But wiping everything is just inane. There is absolutely no reason to wipe pictures, personal contacts, emails, etc. This is software we're talking about. Just wipe the account(s) in question.

The only thinkable reason to wipe data outside of the corporate account is "you could have copied work content elsewhere," and that argument applies no more to phones than to personal computers. Hell, it applies to printed material too. Had any former employers snooping through your house lately?

No, the onus is on the corporation to restrict dissemination of corporate data if the risks are too high. Allowing a remote account wipe is a luxury afforded by software, not a corporate right over personal property.

Comment: Re:Cool (Score 3, Insightful) 344

by Dalcius (#33656010) Attached to: PostgreSQL 9.0 Released

A sincere thank you for the reply.

Respectfully, I believe you're going down a bad road. For a small application, and a developer who isn't asleep at the wheel, what you're suggesting can work OK; I imagine it hasn't been a problem for you.

Generally, for everything else, it tends to blow up down the road. And even for smaller projects, the benefits of keeping your logic out of the DB (faster, cleaner, clearer, easier to learn, easier to update) are significant.

I sincerely want to make an effort to be useful to folks who may not have worked with larger projects before. Please take this post in that spirit. It's a long, and I hope informative, post.

Make your code's intent clear ... alternatively, write logic in the right context
The biggest problem is code intent and flow control. Databases model data, GUIs model user actions, but neither necessarily model business logic. You've got business logic code for that -- like your permissions handling.

Code has a logic-centric view. Databases have a data-centric view. If you write logic in the DB, you're abstracting what you're writing from what you're actually trying to accomplish.

Error handling is a great example for flow control. Trapping an error in the DB, correctly identifying the problem and bubbling it up in a user-appropriate way in a clean fashion, as you said, is difficult.

Keep your code together
Another big problem is finding all the right code. For a newbie or a dev who hasn't looked at a bit of code in 6 months, this is very important.
Breaking your code up into different buckets based on what data it modifies makes your logic - your flow - hard to follow for anyone who isn't intimately familiar with the project.

Consider two implementations for a feature:

1) Application code triggers an update to three tables. A bunch of magic spread across several triggers on those three different tables and written in (depending on your implementation) three different schema files, or one huge file with your entire schema, updates three additional tables. E.G.: "most complex updates are performed using triggers and rules"

2) One function in one file that, in a transaction, updates six tables.

Which is easier to follow? From which implementation can you get a clear vision of the intent of the code? Which is easier to skim? If a new developer looks at your code, in which implementation is he more likely to miss something the feature touches?

Don't make interoperability harder
If you push logic into your DB, interoperability becomes harder, not easier. Before, you had just data, and two different applications could use it differently and have different requirements -- as long as what they did was consistent with the data model (your schema).

Now, with logic in the DB, anyone wanting to share your data has to work around your triggers, or co-opt them, or write entirely new triggers, procedures, and generally muck up your application to accomplish their goals.

Keep your platform flexible
Pushing logic into the DB, you may have made it easier to switch languages (although you still have a bunch of "front end" code you'd have to convert/maintain), but now it is much harder to switch databases. What was once merely data is now jumbled up with your application. If Oracle, MSSQL, etc. becomes a necessity, you're not just switching databases, you'll likely be refactoring significant chunks of your app.

Most business needs won't demand you switch languages (worst case, cross-compile or use IPC). Some business needs will demand you switch databases -- my company is now porting our app to MSSQL.

Your database is likely your bottleneck
In my experience, the first serious scalability problems most apps encounter are in the database. And the solution is always "more hardware." Beefier machines.

Then comes horizontal scaling ("moar servers plz"), which is almost always easier to do with your application than your database.

Why add more to your DB load? Write your logic in your application and run your DB on a dedicated machine. Then you're free to implement caching , an option you don't have with your logic in the DB. Then if you have scaling problems, buy beefier hardware and eventually, in big implementations, scale horizontally.

Don't complicate updates and debugging
Multiple instances of our application server can be run against the same database. This makes testing code changes or debugging a very complicated production issue possible without modifying the application in production.

When your app is built into your DB, inserting debug statements amounts to modifying production. Running another instance becomes very challenging (spare replicated server?) if not impossible.

--

A lot of people have had success implementing their applications like you've suggested. Our parent company did... and they gross in the hundreds of millions each year.

The problem is that this is 1990's technology, and it almost always grows out of small implementations (along the lines of why some terribly complicated applications use MS Access).

Ultimately, it's important that people learn why to avoid this methodology, and how it directly improves what you do - even for small projects.

Best wishes

Comment: Re:Cool (Score 3, Insightful) 344

by Dalcius (#33651294) Attached to: PostgreSQL 9.0 Released

The problem wasn't that the databse was used in a wrong way.

While the database platform may have been a problem, the first, biggest problem wasn't the hardware. It was (bolded for effect): business logic does not belong in your DB, excepting a handful of cases.

I wouldn't normally have replied -- I agree with your point about hardware -- but this deserves to be underscored because so many people fundamentally do not get it.

I work for a company that was just bought out. Our new parent company develops a well known (in its industry) enterprise desktop application. The entirety of their business logic is written in the DB.

It's a maintenance nightmare, difficult to integrate with outside systems, and the system does not scale. Scalability is kicking their ass... because they can't.

Our company spends much less on hardware (and software, cheers for PostgreSQL), and our application is a billion times easier to develop and maintain. We use triggers - but only a handful.

People develop middle layers for a reason. Better code organization and flow control, much, much better speed, scalability, and flexibility.

Use a DB for what it's good at (ACID, data integrity).

Comment: Re:flawed by design (Score 1) 156

by Dalcius (#33565704) Attached to: New Crypto Attack Affects Millions of ASP.NET Apps

save the time and other expenses of a database or key-value store lookup of a session id on every request.

So you save time on a cache/DB lookup by doing crypto processing instead ... after which your web application will begin processing the user's request... in most cases querying the database, updating user history, etc.

This seems to me like missing the forest for the trees.

Doing a hash lookup on your cached session is near constant time, avoids security holes introduced by sensitive data client-side, and avoids stacking session data on top of *every request* to the webserver.

That's not even tackling the more serious issue of trusting a user ID from the client without a password because "it's encrypted".

Comment: Re:Ahh, the NYT (Score 1) 368

by Dalcius (#33229622) Attached to: Portugal Gives Itself a Clean-Energy Makeover

Heh. I live in Texas, one of the few "deregulated" electricity markets in the US.

Our local power lines are owned and maintained by regulated monopolies which set prices per area for monthly maintenance fees.

Power companies then contract with the local infrastructure owner to provide power to the grid. And as a homeowner, I choose which power company I give money to; I pay them for how much electricity I use from the grid, and they generate the electricity. I also pay the maintenance fee passed from the local owner through my power company.

When I chose a power company, I was able to look up JD Power reviews and pick the best company. I had a choice.

How many people can say that?

Comment: Re:I LOVE perl! (Score 1) 878

by Dalcius (#33008882) Attached to: Google Engineer Decries Complexity of Java, C++

It might be worth clarifying: Perl is great to learn, but terrible when you work on code written by people who don't think like you do.

Perl code can be simple, straightforward, very easy to pick up and hit the ground running. It's when you start coding with other programmers that it becomes painful.

The problem resolving this issue in the language design is that people will code they way they think, regardless of your restrictions. What happens when you put a C developer in a Java shop? Instead of writing beautiful, flowing OO code that glows with elegance, they'll write clunky, low-level functional code that steps through their thought process procedurally.

Ditto if you put a Java developer in the world of C. They'll prefer to write large data structures and significantly abstract their code, which will drive a lot of C developers nuts.

My point is, I think the result of requiring a programmer to jump through language hoops often means the resulting code is not only written in a different style, it's now obfuscated further because the programmer dodged your language hoops to do it.

--

I will say, however, that some Perl programmers happen to really love their esoteric, obfuscated language tricks, things like this. I definitely see what is being accomplished -- implicit but short code is often easier to skim and understand than long and explicit where you lose the meaning -- but I think Perl hackers tend to take this much too far.

Comment: Re:WTF (Score 1) 709

by Dalcius (#33006404) Attached to: GOP Senators Move To Block FCC On Net Neutrality

Sarbanes-Oxley? Really?

You fight for this nonsense, thinking that it restricts big corporations. It does. ...just like everyone else. Including, and *especially*, newcomers.

Who does it really affect more? The company with a professional staffed legal team, entire departments dedicated to training, procedure, and lots of liquid assets to cope?

Or the little guy?

Spend some time thinking before you "shoot the buy guy to make things even." You're aiming at everyone.

"But this one goes to eleven." -- Nigel Tufnel

Working...