Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Camel = Horse designed by committee... (Score 1) 644

It's more of a task-switching thing for me.

I have multiple contexts I work in during the day. Each time I change tasks, but don't want to close the windows for the task I was doing before, I move to a new desktop. That, plus one desktop devoted entirely to communications (email, social media, etc), and I can switch between contexts with one or two ctrl-alt-arrow key combos, rather than painstakingly reconstructing the window layout each time I switch.

Until the OS supports saving a group of apps, complete with window position, open documents, etc (which would require a lot of app support), this is the best solution to task switching I've got.

KDE Activities?

Comment Re:Lack of basic research (Score 1) 306

Sigh, Commander Taco, I'm not sure how familiar you are with basic research.

I'm not familiar with basic research in the computer sciences (although I enjoy reading the papers), but I am familiar with basic research in chemistry.

Unless you've had a sudden, brilliant insight, all research is painstakingly build on someone else's work. In fact, as a grad student you're often asked to write a review article in your area of research before you begin actual research. This gets you familiar with the lay of the land (knowledge), the direction of the field, and some of the major players in your chosen area of research. Plus, you and your research adviser might get a publication out of it.

I took a look at some of the topics mentioned on Wyvern's home page. A couple of them caught my eyes:

  • Safely Composable Type-Specific Languages. Cyrus Omar, Darya Kurilova, Ligia Nistor, Benjamin Chung, Alex Potanin, and Jonathan Aldrich. Proc. European Conference on Object-Oriented Programming, 2014.
  • Language-Based Architectural Control. Jonathan Aldrich, Cyrus Omar, Alex Potanin, and Du Li. In International Workshop on Aliasing, Capabilities, and Ownership (IWACO '14), 2014.
  • Type-Directed, Whitespace-Delimited Parsing for Embedded DSLs. Cyrus Omar, Benjamin Chung, Darya Kurilova, Alex Potanin, and Jonathan Aldrich. In Globalization of Domain Specific Languages (GlobalDSL), 2013.

I don't know enough about the research space to know if these topics are derivative, progressive, or ground-breaking. I like the ideas that seem to be embedded in the titles, and the focus on creating safer languages / systems from an architectural point rather than brutally enforced by a compiler (see ADA).

I work in the space of HTML / CSS / Javascript / Java / SQL / Map-Reduce / Linux. It's a mess, with security, performance, reliability issues both at the boundaries and within the various containers. Something that makes life a little better in that space should be a good thing. As it is, I see front end developers not understanding back end constraints, data source developers delivering data in not-usable blobs, system admins without the necessary background to troubleshoot platform performance issues.

As a systems architect, I try to herd everything in one general direction, but to the specialists my statements can sound restrictive, demanding, and somewhat arbitrary (they're usually none of the above). If we had a common architecture / language, we might be able to converge on a better, safer application in less time, with less friction.

Don't talk to me about UML. I like it, but I don't know many who do or use it much past the design phase (if that).

In short, it looks interesting and ambitious. I'll be interested in seeing how far this gets.

--- end Sunday night rant

Comment Re:Licensing, Lack of Options, Screwing business a (Score 1) 406

Unfortunately I can't recommend cloud based products to my clients. Having a hard dependency on network connectivity to the internet is a non-starter for most people.

I agree with this. While it's nice, and I recommend cloud servers for a lot of use cases, office infrastructure is currently not one of them. My major issue is not that the ISPs are not reliable, cost effective, or secure.

My major issue is one of network connectivity. "Business class" broadband ISP offerings in the US are pretty awful, which is why I put business class in quotes. Either service or speed (and often both) are incompatible with business requirements. Talking to first (and often second) level support is pointless once you explain to them that you're trying to run an office of 4-5 developers utilizing a cloud-based configuration management, issue tracking, and continuous build environment.

Individual connections actually seem much better. If you're going to move to a cloud-based infrastructure for the above use case, it's probably better to have everyone work from home, access protected resources via VPN, and use a distributed configuration management model to minimize connectivity down time.

The push by Microsoft towards SkyDrive and Microsoft Live accounts is also a really bad decision for consumers given the state of broadband in the US. Who's to say that Microsoft won't shut down these services in the future when/if it's no longer profitable.

Comment Lockstep (Score 1) 165

What I gathered from the memo is two-fold:

1, Drive as much business as they can to the subscription model
2. All products will be tightly integrated and dependent on proprietary interactions

The first gives them the constant revenue stream. The second one destroys modular computing in that if you upgrade one area running Microsoft software, you are almost forced to upgrade all areas. That cost (we used to call it the forklift upgrade in mainframe days) will drive more businesses towards the subscription model.

Once they have a critical mass on the subscription model, they can then dictate technology to customers. Obviously, they plan on doing this from top to bottom (mobile, consoles, hardware, software, cloud). There will once again be open standards and Microsoft standards.

It's all about driving the market rather than being market-driven.

Comment Re:Moron Alert! Moron Alert! (Score 1) 280

Yep, good Java development tools are free (won't start the NetBeans versus Eclipse flamefest here).

Java application servers are free. Pick one, many are good, and you can buy support if you want it.

For those people stuck with .NET, SharpDevelop is free. I'm learning how to integrate .NET, IIS, and a servlet application. The boilerplate configuration is pretty easy. What I'm working on now is learning enough .NET to create a non-trivial application, and integrate that with the existing servlet application. My only real issue with SharpDevelop is that it doesn't appear to have a packaging option so I can create a zip file and import it into my IIS server. If SharpDevelop provided that, I'd be set.

Does SharpDevelop compete well with Visual Studio Professional and above? It doesn't appear to. However, it's not $500+ to obtain, either.

Comment Re:M. Folwer said it best: Don't do scrum w/o XP (Score 3, Insightful) 597

Yep. Getting stakeholders to face reality is always the challenging part. We managed to do it (OK, mostly do it) by running some extensive JAD sessions. No one left until things were agreed to and signed off by people who could make that commitment.

It doesn't mean that things didn't change down the road, but at least people understood the change, the weight of the change, and what that change would cost. Sometimes the change was documented and pushed out, and at other times the change was important enough to drop other aspects of the project. It still meant some gear grinding, but next time we had a better idea of the problem space, made fewer requirement mistakes, and consequently fewer whiplash changes.

As for daily stand up meetings - no one really liked them, but we made them serve a slightly different purpose. First of all, ours lasted about 15 minutes. Second of all, we focused on upcoming issues, especially those that might need additional resources to run smoothly. Doing so made it possible for those resources to be obtained in a timely fashion. Business types appreciate it when they're not whipsawed.

Day to day communication was handled a lot by IM. Rules were - don't bother someone whose status is "do not disturb", and don't set "do not disturb" as the default status. A couple of people sort of abused the "do not disturb" status, but in general that worked well.

I don't know if the above really classifies as agile (we patterned our process more on a DSDM path), but the result is we generated a lot of good stuff, released regularly, and the business people knew what they were getting ahead of time. Was it smooth sailing all of time time? Nope. Was it exhausting? Yep. In the end, was the process only used for mission - critical projects or ones where corporate - wide sign-off was needed? Absolutely.

Comment Re:And they still don't know the initial vector (Score 3, Informative) 136

There are quite a number of ways to harden access

1. pam-abl (as noted above)
2. denyhosts
3. VPN (openvpn works for me)
4. Hosting ISP firewall

Also as noted above, do not permit direct remote root access. Doing anything less is just advertising yourself as a platform for malware.

The first three are quite easy to set up. There is really no excuse for not setting up a least a minimum level of security on your system. That plus careful use of mod_security, and you've done quite a bit towards thwarting the casual drive-by cracker.

. . . . just my two cents

Comment Re:I block SWF and only SWF (Score 1) 978

Yep, Flashblock is the way to go. Back when I had a lowly P4 with only 1.5 GB of ram (still have it as my XP browser test machine / Linux server), a Flash-heavy page would slow the computer to a crawl.

I don't mind non-intrusive ads. I don't even mind (too much) the more "content after the jump" ads. I'l even grudgingly put up with the "press skip to continue" ads. What I won't put up with are ads that cover the page, ads that play music, ads that have intrusive animation that I cannot control, and other interactive ads that I must interact with before viewing content (skip ads above excluded).

When I encounter such ads, the organization behind the web site, the advertising company (if I can figure out who produced the ad), and the company who's product is being advertised all get fairly acerbic letters from me. Repeat offenses mean I will not purchase or recommend those products, and will not visit those web sites. I let the three groups responsible know this as well.

I know, one person writing email to a PR / marketing drone in a large company does virtually nothing. I'm sure it probably does nothing other than generate a chuckle for people at an advertising agency. I think an advertising agency's entire business model is centered around being annoying.

Possibly many people writing would do something — I have seen fewer "take over your screen interactive flash ads" recently.

For the TL;DR crowd . . . I visit sites for the content, not your advertisements. Make the advertisements relevant to the content, my interests, and less the center of attention than the content. Do that, keep out the malware, and you might even get some clicks from me. Fail to do that, and I just won't visit a site, nor use the products you advertise.

Comment Re:I can slack off anywhere (Score 2) 529

Yep, it takes discipline (he says as he posts on Slashdot while working from home).

Actually, I'm more productive at home than I am in the office for the most part. I'm a systems architect, but I still get both programming and system admin queries from colleagues. Pulling my head out of an architectural problem and back into the detail that programming or system admin requires creates lots of lost time (insert pulling my head out of other place jokes here). That level of interruption happens less when I work from home rather than at the office.

I say less, because I'm still connected. At least one of my VPN connections is always active (we use two, incompatible VPNs, a problem I hope to have resolved by June), cell phone is always on and available, mail is automatically checked every 5 minutes, and Skype / Google Talk are on. I'm usually being productive by 7:30 AM (today was 8:02 AM), with a 5 minute break at around 9:30, lunch at 12:30, and an afternoon break around 3 PM.

What I find is that people try to solve some of the less complex problems on their own first before emailing / calling / IM'ing me when I work from home. When I do get contacted with a problem, the person is usually much more focused in solving the problem. Sure, there's usually a bit of chat (mostly around craft beers these days), but much less so than in the office.

Do I miss the camaraderie of the office? Sometimes, yes. I go in occasionally, and we have off-site all-hands meetings as well. It's not quite as connected as the "all office, all the time" environment, but I find it works well for the type of stuff I do.

The only thing I miss is a large, printing whiteboard. Sadly, no room to put one in my home office. The best that I can do (and I'm thinking about it) is to mount a 4'x8' whiteboard sheet on the wall. That or get a Wacom tablet . . .

Comment Re:SPSS (Score 1) 332

If you want a free data analysis system, there's always R.

It's a bit of a beast to learn (at least for the non-statistician that I am), but it worked pretty well when teaching someone how to do ecology analysis. There are GUI front ends for KDE (RKward on Linux) and R Commander on a bunch of platforms. I have used RKward and ESS (Emacs speaks statistics) to work with R.

R has an entire repository much like CPAN. It's called CRAN, for the Comprehensive R Archive Network. If you've thought of it (statistical analysis), it's probably already written, tested, documented, and there may be academic papers out that use it.

Comment Re:The stupidity hurts my head. (Score 1) 270

I am currently a systems architect, and work on making flexible systems. I know this is a bit far afield, but on the Windows 7 I'm working on, I have both JRE 6 and JRE 7 installed. I can convince my system to switch back and forth at will by fiddling with the Java Control Panels (for the browser) and some environment variables (PATH, JRE_HOME, JAVA_HOME) for the actual Java. This seems to satisfy the browsers, my IDEs, Tomcat, Glassfish, and some random desktop applications I have. I don't know how this would impact your system.

In fact, life on this particular machine is more complicated than that. It seems that even though I'm running a 64 bit system, at least 2 of my browsers are 32 bit. Thus, I have four JREs and two JDKs installed. Swapping around to the right one is a bit of a pain, but possible. I just have to find the right Java Control Panel, run it as Administrator, and I can switch things around.

However, at no point in all of these installs did the Java installer prompt me to uninstall a different version. True, I can no longer easily run multiple versions of JRE 6 or JRE 7 (without changing the target directory), but I normally don't do that. I used to do that with JRE 5.

Granted, doing all of this requires administrator privileges, and is much more cumbersome than it is on Linux, but it appears to be possible. Without knowing more about the particulars of your environment, it's hard to say why the Java installer is prompting you to uninstall JRE 6. Again, I've never seen that behavior, with the possible exception of installing on Linux via an RPM. I believe even in that environment you have the option of choosing with Java platform to use via the alternatives command. However, I tend to install Java by hand on Linux (for a small number of systems) and by custom script (for a large number of systems). I've found the alternatives system to be somewhat incomplete in maintaining multiple JDK/JRE combinations for development and testing.

Your mileage may vary of course. This just works for the systems I'm responsible for.

Oh, and as for hard-coding stuff. You have my condolences. I suggest finding the developer, and assigning him or her remedial system administrator / help desk duty for the rest of his / her career. I'm only being just a bit hyperbolic here . . .

Comment Re:The stupidity hurts my head. (Score 1) 270

Right now I have some software that will not build in Java 7. The developers decided to use some Sun - proprietary APIs that no longer exist in 7. There were big warnings about this when the code was built using JRE/JDK 6, as well as warning all over the Javadocs. However, these developers knew better. Now the code won't build in Java 7 until the dependency on these proprietary APIs is replaced. It will run just fine on Java 7, but you cannot do maintenance on the code using Java 7 until the code is fixed.

Comment Re:The stupidity hurts my head. (Score 4, Insightful) 270

On what screwed up platform is this?

Seriously, I have 1.6.0_39 and 1.7.0_13 happily running together on all the platforms that I'm responsible for (Linux, Windows, UNIX of various flavors).

This patch was rather important in that there are some server side security issues being patched as well as browser plugin issues.

I'm seeing all of this hate, but you know what, I just don't get it. Software of any complexity has bugs. Microsoft used to be the champion of security exploits. Now it's Java. And lest anyone forget, there are myriads of PHP / Ruby / Python security bugs that allow systems to be exploited. I'm not even sure that there's a secure Ruby on Rails platform at this point, for example. I don't know for certain about Ruby, since the only Ruby platform I have right now is for Redmine.

I guess though everyone likes the Faux News mentality of computer security reporting. It garners page clicks, makes people feel important and is a lot easier than actually doing any work. It's like the hit piece someone at InfoWorld did on a Spring Framework bug that could possibly be exploited (albeit not very easily). The sensationalist piece completely overlooked the fact that the issue had been addressed over a year ago. The "journalist" at InfoWorld was too busy jumping on the "all things Java are evil and insecure" bandwagon to do the tiny bit of research needed to write intelligently about the problem . . .

Just like people are now doing about the current issue . . .

My favorite comment so far has been along the following lines

Sure, they may have fixed these security flaws, but there's no guarantee that this will fix future security flaws. It's better that you just go ahead and uninstall Java now.

Sure, [insert-least-favorite-software-of-the-day] may be patched now, but will it remain patched?

I thought at least professionals were a bit more intelligent than this. I guess not.

Slashdot Top Deals

Refreshed by a brief blackout, I got to my feet and went next door. -- Martin Amis, _Money_