375 posts • joined 2 Jul 2008
Re: $10K bounty
Smells like a way to search and hire good coders. They already have the source code to the raspberry pi part, after all. Why not simply release that too?
If they were to discover devs the traditional way, they'd pay at least twice that to the recruiter and still not be sure. This way, there's less risk and they get to find people they'd never have come across.
Digo bienvenida a nuestra jefes supremas bovinas...
Re: Climate Atheists
Unfortunately, eugenics, brought to the fore by the origin of species, was used, repeatedly, as a reason for conquest, and to justify genocide.
People can be horrible, no matter their belief system.
And seriously, what kind of inept company did they use if they left all their logging in the release build? I mean, some logging stays in sure, but nothing on the sensitive data. After this I don't think I'd ever use the app no matter how many 'security updates' they release.
Thats not the problem, logging shouldn't matter one bit.
The problem here is that the communication between client and server is not correctly secured and authorised. The server should enforce security in all cases. The client can do so too, but their issue is server side.
Re: Why not compile the Dart environment into JS?
Check out source maps. They let you debug code that is running in JS in the original language.
Google seemed to be deeply enamoured with Java and the JVM up until a couple of years ago when Oracle kicked off over android. Since then they've thrown all their development into alternate languages and runtimes, Dart, Go etc.
A shame, if they'd improved GWT at the rate they've been improving Dart, it could've been great by now.
Re: Just think - this could have been VBscript
No, it really isn't crap. You make the mistake of conflating polyglot with integration, and integration with middleware, and if you take it further, thence to the fable ESB, which is the evil everyone should really fear.
I'm talking doing some processing in one language, then other processing in a different language. how you shift data between them is certainly a problem, but it is a solved problem.
If yoou have one runtime environment that permits many languages, the problem is solved. If you want to use a language that isn't in that same environment then you require some form of integration. Depending on your needs there are many different forms they can take, middleware is only one of them, and not a particularly nice one at that.
In a JVM system I could write my DB integration in Groovy, data transformation in Clojure and threading code in Scala, with each language helping me perform that task, and no integration code required.
So, is this crap? Or were you being a little... rapid in your judgements?
Re: Just think - this could have been VBscript
Sounds like I saved myself a ton of hassle by never going down the J2EE + EJB road. I was spoiled rotten by 25 years in the cozy, insulated and isolated AS/400 world, which had all the built-in services that J2EE promised, so I never got excited by it. Today, Tomcat + JSP works for me on the backend, JS on the front. But who knows, maybe node.js tomorrow?
If you want the threading model from node (reactor is it's name), try Vert.x. Again, JVM, can use JS if you want, or build it in Groovy or Java.
JSP is ok-ish, but there's much improved view tech now. Thymeleaf comes to mind as a particularly good one, the offline support is good
Then try Clojure and it's Ring library. It's really, really nice.
JSON->Clojure data transform -> MongoDB all in a half dozen lines of lisp awesomeness.
It's Lisp! on the JVM, what's not to like.... ;-)
If all that fails, then JS on the server has a place I think, it really depends on your application needs.
Re: Just think - this could have been VBscript
It's not yet a language that is particularly coherent or set up for large scale development in the way that it works. I have great hopes for the next version of ecma script, it looks good and fixes these problems.
The world should be polyglot, many languages doing what is best for them to do.
I like the idea of asm.js. It's kind of similar to GWT before it, but more standardised at a lower level with the possibility to optimise.
Some interesting comments on the tinternets about supporting GWT on top of asm.js, something about having to implement a full GC subsystem in asm.js compatible JS. :-)
32gb ram to service 500 concurrent users in java?
Either this is made up, or someone has done a truly awful job...
Re: Noise cancelling headphones
This is why you should always carry Noise canceling headphones.
When the noisy person starts up, you pop a fresh battery in, press the button on the top, wait for the red light to come on indicating that the unit is ready, then ram the whole shebang down their gullet until the noise stops.
You hostess has thoughtfully provided a little plastic package of "cheese" to keep their jaw open if they start biting your fingers, or just get another passenger to help - you'd be surprised how public spirited your fellow passengers can be.
Marketing told us: 'Justin Bieber is a fad. He’s not going to last.' – Company formerly known as RIM
I may be showing my age but I have to ask, isn't he a fad?
I hope so.
Re: Man in the middle?
Without knowing the implementation they've used, asymmetric/ public key transfers are designed specifically to prevent man in the middle attacks over insecure networks.
It allows the creation of trust over a public network, and it does work, both theoretically and practically.
It has been subverted in a few ways :-
* Brute force decrypt the messages. Frankly highly unlikely, the good algorithms have an average decrypt time in the millions of years using todays hardware.
* Inject a flaw into the original crypto algorithm.
* Impersonate the remote by taking control of the trust key chain.
The last two are what the NSA does. If you are generating your own keys, then that leaves only the second, as there is no trust chain.
Re: Exclsive rights
Yes, I think that is the issue really. Their process for accepting submissions appears to be fully automated, which is the mistake here.
Re: Good job Iain-Duckegg-Smith doesn't work at Tescos.
While the implementation is obviously going quite wrong, the core idea is really quite sound.
The way that the current benefits system is constructed is a poverty trap. Once you are in, its really difficult to get out.
The reason is that you received many different benefits at once, housing, job seekers, income support etc. When you earn a pound more than the threshold, a pound is removed from each of your benefits. So earning a pound leaves you several pounds worse off. You have to get a large increase in income at once to get beyond the hump, essentially replacing all the benefit payments in one go, or you end up worse off for working harder. So, a poverty trap.
The core idea with this is to have a single benefit calculation that tapers properly, so earning that pound is actually worth it.
If it could work just like that, it will be better. If.
I wonder, is there any particular direction that you need to look to see back that far? according to my pretty patchy understanding of the current theories of the creation of the universe, galaxies are all moving, generally away from the big bang that formed spacetime. So, would it be that you should look backwards along the direction of travel of the milky way to see farthest back?
Or is that too simplistic?
Re: Apple/Samsung buying ARM
Last time I heard, many of the major licensees each already holds significant shareholdings in ARM, enough for just a couple of them to block a takeover by one of the others.
They are all invested in the continuing independence of ARM.
This is good.
Re: I AM ANONYMOUS !
Unfortunately, that renders you merely Pseudonymous. Which is still pretty cool; you don't get a pre-fabbed mask, but you get to choose your own icon.
In a somewhat revolutionary stance (cue jokes about legend in own wardrobe etc), I have chosen my pseudonym to be precisely the same as my current real name.
Bosh is an automation/ lifecycle management tool, analogous to chef.
The message bus in cloud foundry is custom made, and called NATS, and the 'service broker' responsibility is shared between a few cloud foundry components, communicating via NATS. Last time I checked, cloud foundry proper has no knowledge of Bosh whatsoever.
+1 for crashplan.
I back up desktops to a server/ NAS combo using it, and then to a second remote NAS.
I signed up for their pay service/ remote cloud thing too, so it all streams up to the interwebs. Took a few weeks to get synced properly, but it worked really well.
Got a dropbox daemon running against a section of it (documents), so I can get the benefits of that system as well.
Re: a simple thought experiment
You've missed the point of this a little.
The experiment is like this.
Sample 1, starts at 20c. Put it in a freezer, time how long it takes to freeze, that's result A.
Sample 2, starts at 60, put it in a freezer. Time from the moment it hits 20c until it freezes, that's result B.
You would expect them to be the same, being the time taken to freeze water from 20c, but it isn't. B < A.
Water that starts warmer will take a shorter time to freeze from a given temperature than water that starts at that same given temperature.
Re: Here we go again...
iphones cost that much for a new 5s. (£549 in the apple shop)
Top end androids cost around this, or more.
I've bounced around several fields of programming, from banking, utilities, small software shops and general consultancy.
I have never been asked to implement an algorithm of this nature, I asked around my known peeps a bit, and the general agreement was this.
The only people who will do this are either language library developers or developers on products that require this.
Everyone else does systems problems. Things like different data consistency models, message ordering/handling lossy data, optimising through put over latency in code or vice versa and differing concurrency models are vastly more important than algorithmic work for the vast majority.
I was never taught these at uni, and it would've
We need some way to improve the fertility of the bacon producing pigs.
So we can get more bacon.
Something that requires some melted cheese to become perfection.
Bacon and melted cheese improve any meal.
Possibly with a nice habanero/ scotch bonnet sauce, if you fancy.
Re: One hopes ...
I'm currently helping to teach the new Computer Science GCSE that is replacing the ICT qualifications.
I'm also a programmer with 10 years exp in a variety of languages running a UK wide software consultancy doing work in big and small companies on system structure and design </appeal_to_authority>
The course is good, very good in fact. There are a couple of rough edges (notably the software life cycle bit), but overall its excellent. The kids are engaged and excited about making the computer do things they didn't know were even an option for them.
This is a tremendous success story for UK and everyone who pushed for it over the years, including the government, deserves a big pat on the back.
We have adopted python 3, as thats what the other schools in the area are using and resources are available for. The kids are amused by me teaching myself python in front of them, and they learn it all the better.
It will have replaced ICT at the GCSE level totally within another year, and across the region within another couple, as far as I can see, and is being pushed further down in the curriculum.
Just a few years from now, every child coming through school will have been exposed to programming and have seen and used imperative languages, mobile apps, declarative (HTML essentially) and made web pages from the bottom up.
This year 10 GCSE group is learning python and making simple programmes already, and they will each have made a game, with graphics and sound, by the end of the academic year, and understand how and why it works.
Now, you may say, there is a shortage of teachers, however there is not. There is a shortage of skills, certainly, and a big push is in progress to give the needed skills to teachers and provide them with help. Guess why I'm there? I provide the technical assistance until the teacher is confident enough to do things alone.
So, you cynics, get off your arses, stop complaining about ICT, and go and change things. The possibilities are there now --> See http://www.computingatschool.org.uk/
Run by Simon Peyton Jones aka, Mr Haskell (a very very clever chap, and all round nice guy).
Schools need programmers to go and help. (Reg staff, fancy promoting this more?)
It is the UK, no territorial sovereignty is ceded to an embassy whatsoever, its confusing who owns the territory over who is permitted to control what goes on.
The vienna conventions, which the UK is signed up to, allow embassies and embassy staff to be temporarily excluded from certain laws and regulations.
Notably, the convention says that the host country cannot enter the embassy without the permission of the ambassador/ consul (can't remember which).
So, the UK retains ownership of the territory in all cases, but in some cases permits, through an act of parliament, the ambassador to control what goes on.
The law as it stands here is that any member of the embassy staff, the ambassador, and the embassy itself, can have its status revoked with notice can cause. This is what the home secretary threatened at the time, but backed down when they realised it would be far more productive to simply let him stew.
it does illuminate the sovereignty question though that this is possible.
Re: FACT talking bollocks
What ever happened in the case?
Re: Variety is the spice of life
Its describing all the bits of an entire stack explicitly rather than just saying 'we used oracle'.
The original oracle solution will have all of these bits too, just wrapped in proprietary boxes, or possibly as hardware (eg, a hardware load balancer rather than HA Proxy)
On python, the vast majority of time spent in this style of applications is in IO, normally with a database or messaging system. The application language is very rarely the cause of a slow down, as its not doing anything particularly algorithmic.
The world is full of naysayers isn't it?
When you are presented with a major screw up, you find the good things and build on them, you do _not_ throw good money after bad.
This appears to be doing that.
FWIW, Basho (who make Riak), seem to be good at what they do, and so they'd be able to get this right as far as the infrastructure goes. The application side (tornado/ python and the JS web front end) leave more questions open, but the tech stack as said here is certainly high performance and very rapid to build services in.
BJSS is quite well known in the banking field for developing high performance trading systems, so they are certainly the correct type of company to build a large scale heavily loaded transactional system.
Or would you rather a better known company, like Capita say?
Re: So one 0 day vuln in the JVM and...
ah, I see what your point was now, and it wasn't sidestepped, it was that I don't see this as an issue.
Yes, I would expect people to run multiples of these on the same hypervisor, however, the hypervisor is in charge of protecting itself, and does so. It stops its guests from doing naughty things, whether they are fully fledged multi tasking OS' or something very different, like these app container things.
Eg, You can run your custom OS on AW (which uses Xen), but you wouldn't expect to be able to take over host, no matter what guest OS you run.
Re: So one 0 day vuln in the JVM and...
OK, but I think you guys are missing a really important point here. I very much doubt that people will buy a server and run just ONE of these JVMs, it would be a very expensive way to host apps. What they are more likely to do is to run > 1 of these JVMs and in this more likely scenario the rest of the JVMs ...
Ok, a few things have gone awry with this thread.
First, most app deployments at scale run a single application service per VM/ server. There will be other OS services on the machine, but only ever 1 application service per machine. This model fits perfectly, strip away the OS overhead and allow the single app instance direct access to the hypervisor, increasing speed and also security.
When talking about Java security problems, these almost exclusively refer to java applets and desktop Java. Applets especially are broken and have no place in the world today. Server side Java on the other hand has an excellent security record and model.
Giving a JVM access to the hypervisor and removing everything else will reduce the attack surface available against that instance, not increase it. If a JVM becomes compromised, then that is the application compromised, no matter if the host OS is safe or not. The application is the valuable thing, not the host OS, thats just a commodity necessary to run an app.
So removing the host and all its services will reduce the vectors available to attack an application.
Re: No need to worry...
Better the Devil you know ? Thats what made this kind of mess in the first place.
No thanks. Risk management shouldn't be about identifying risks, it should be about trying to reduce them, by trying new things in a controlled way.
My issue with the reporting is that only 2 weeks after the earthquake, you wouldn't know that 10,000+ people had just been washed out to sea, more 10s of thousands were left injured, 100s of thousands left homeless.
Effluent, heavy metals and industrial waste washed over towns and polluting the water table, soil and food on a grand scale.
but no, the reporting was all about a nuclear emergency.
Now, while obviously a nuclear emergency is a big deal, the way a potential disaster assumed the spotlight to the exclusion of the very real tragedy around it was sick, and still is.
I truly think that much of the discussion around databases, and the scalability thereof, really misses the point.
Barely anyone really needs to scale. Most applications will never saturate a single, untuned mysql server, let alone anything with a bit more oomph.
The question I always encourage people to ask is, what is the data model that you need? Choose a database that implements the data model you need. Bending your app into the data model of a database you chose because it was 'scalable' is stupid.
Many applications don't fit the relational model, and many do.
If you design your application cleanly, and with the correct data model, it can be cleanly optimised to scale. If you try to ram your app into a shape that doesn't fit, it will be hard to optimise.
There is always the option of using more than one database, with different data models, at once, for different purposes.
NoSQL covers everything that is not SQL, not just key/ value.
Key value is just one model, others are graph (neo4j) and document (mongodb, couchdb).
So, nosql is a bit of a silly name, defining what something isn't, rather than what something is.
Because Android is so popular, it's likely that Google has plaintext wifi passwords for the majority of password-protected wifi networks in the world...
Re: Bad idea
Much Java enterprise development is completing its move away from JEE now.
Servlets are the last bit thats not been replaced. Most Java web frameworks are removing them, and so a reliance on tomcat or its ilk, or have done already.
May it moulder in pieces.
Re: PC-like servers revenue is dying
Given that we are discussing servers, the story of the last 20 years is that of Linux and to a lesser extent windows pushing the other server OS' into various niches.
Are you thinking desktops?
Re: Old Age
Right wing does not equal centralised control.
Stalin was hard left wing in economic and social ideology, and was totally centrally controlled. Similarly, the Italian fascist government of mussollini was hard right wing in economic and social ideology, but also applied total centralised control.
The axis of political thought that you are looking for is totalitarian <--> libertarian, with the power being vested totally in the state or the individual.
This is orthogonal to both economic and social ideology.
Debasing the meaning of words does no one any favours.
Re: "No thank you, I've probably already switched supplier several hundred times today."
Speaking as a software developer. I would love to develop the back end that serviced that.
It would be epic.
Re: What about our copyrights?
"off-topic @Daivid Dawson: what kind of answer is that? It's ok for the government to take things away since they created it?
If one day the UK is to be hit by a meteorite, and the UK government decided to suspend all telecommunications, air and cross-channel traffic to prevent panicks and to only allow the "privileged" to safely escape the country, according to your reasoning, it's ok to do that since they created much of what modern society is made up of.
I didn't realise we're still a bunch of serfs under the feudal system."
In this country, Parliament is sovereign, so yes, if the government chose to do that, then that would be legal, which is a different thing to 'ok'. Legal and moral/ ethical are separate concepts I'm afraid.
Sorry you had to find out this way. I wish they would teach this kind of thing in school.
"Er, and other governments. The UK government can pass laws overriding the copyright it grants, but not that granted by the USA, France, Germany, China..."
Only so far as the law in this country respects those other countries laws. Which is what sovereign means. This is an important distinction! The UK has signed up to copyright treaties, so I imagine they would be respected...
Re: What about our copyrights?
Copyright is a legally granted monopoly given to the creator of a work.
Its not something that naturally exists, its a collection of laws passed by HM Government.
So, if the Government of the day chooses to alter how copyright is assigned to allow the British Library to scrape the UK portion of the internet, it is perfectly legal for it to do that, as it created the entire concept of copyright in UK law in the first place.
Re: Systems architect here
Then again, he once built a 3 ft extension to his house using the same design techniques he uses for bridges, so perhaps he was serious...
It is the most robust extension I've ever seen though. I'm pretty sure it will out last the house. All 3ft of it.
Windows desktop VDI
Hello. this is a question for a _potential_ project I'm about to embark on.
There's a charity that I have some association with, they've got around 30 windows desktops that are fast approaching the end of their working life.
They have to use windows for various reasons, but don't really have the cash to upgrade en masse.
So, I did a little pondering and thought, virtualisation.
If we could get a nice fat server (which we can) to host VMs, then the desktops can be kept, or gradually replaced with a rasberry pi or whatever.
The conundrum is what to install on the server. A full windows server 2012 is quite expensive, and I'm not sure if thats the way to go anyway (having very little recent experience of windows servers).
So, does anyone know what the best approach might be? My ideal would be something like openstack + some provisioning layer (thats free or cheap).
I've had a good look around and come across a few different projects, foss-cloud and its ilk.
I'm just wondering if anyone has any direct experience of VDI that could recommend a basic approach.
My ideal would be for some users to log into the thin client and be presented with their own desktop, including installed applications.
The other group of users should be given freshly minted VMs each time, although with their own desktop prefs from AD (or samba...)
Because Windows forces you to choose a secure password - and has far fewer remote exploits than Linux. 99% of Windows exploits require user interaction, whereas 99% of Linux exploits don't. This is why Windows get desktop viruses and Malware, but is far more secure and less likely to be hacked as a server system than Linux is.
Goodness me! Really? 99%. OH MY GOD.
We need to get those linux servers off the internets. now! Who's with me?? If we each take a datacentre, we can yank the network cables in the space of a few days. We'll save the world!
Oh.. er.. wait...
You made those numbers up, didn't you? well?
My note 1 has an in the air hover with the s pen working well.
Not a finger though.
Re: Why are the KDE desktop shortcuts penned in?
The 'penned' area is a plasma widget, same as any other, called a folder view. The background can contain as many folder view, or any other plasma widgets as you like.
I tend to have several pinned open on my desktop showing different folders, documents, downloads, dev root etc.
A single folder view could be expanded to fill the entire desktop, if you so chose, or to fill a small, vertical strip down one side of the window, with another folder down the other side.
The answer to your question is, thats the default look on startup, its totally modifiable, and very easy to do.
It actually appears that they would work very well for you :-)
Re: So... what happened to te water?
Heh, that would be solar wind, not state.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?