513 posts • joined 21 Sep 2010
Re: because DBAs insist on people doing CRUD operations via stored procs...
"Isn't it because there's no risk of sql injection if you don't "parse SQL on the hoof"?"
For the record I am of the opinion that you don't pass in SQL from external sources, maybe you take carefully validated field values from forms - you definitely don't pass it through. I was pretty surprised when I found out that web programmers were doing that as standard practice tbh. In those dark days I even got chewed out by the office's self-appointed web-security guru when I expressed that opinion too. ;)
Anyway, Web Client -> SQL is not among the reasons I had in mind. One of the reasons was that the DB engines used to burn lots of CPU parsing the SQL and then fail at optimising the query. In scenarios where this became a problem sometimes DB access was restricted to a set of carefully optimised SPs.
The fact is business requirements change, and the apps to support them should evolve alongside them. If you write half your app in SQL you are locked into doing things in an SQL friendly way, in some cases is this a non-optimal if not pessimal way to build an application. The Finance industry is littered with this kind of wreckage today.
"There is a difference between very good and optimal. Have you ever done any migrations from one SQL database to another and see what difference it makes?"
Have you ? (I'm asking because you seem to be long on opinion and short on facts so far).
Of course the guys in the article don't really have much of a problem, because the majority of their business logic will be in their code rather than their database.
By contrast most SQL->SQL migrations I have undertaken have been quite a lot of work, usually because the developers decided to write their business logic in SQL, and as a consequence have produced a complex, slow, unreliable and unmaintainable morass. Typically this happens because DBAs insist on people doing CRUD operations via stored procs because the DB they are using is shit at parsing SQL on the hoof.
What I find strange is that the only people I've seen attacking PostgreSQL are salesmen and people who haven't used it. I wonder why that is.
"If IBM really wants the GSS to be a success, it needs a scaleable and supported NAS gateway in front of it: it needs to be simple to manage. It needs integration with the various virtualisation platforms and IBM needs to simplify the GPFS licence model … when I say simplify, I mean get rid of the client licence cost."
I haven't had a chance to kick the tires of GPFS yet, but I got the impression it was mounted like a bog standard filesystem, so anything that uses the stock file system API can hook up to it. Running an NFS services & Samba on a host with a GPFS filesystem mounted doesn't seem hard to me. Are you able to provide a bit more detail on what's hard about it ?
It strikes me that Munich were awfully fortunate to avoid the Windows Vista, 7, then 8 migration path. When I look at it that way it's hard to fault the folks clinging to XP as it sinks below the waves.
Re: now more than ever
"We need a law that taints evidence gained by the NSA"
I question your sanity.
We see enforcement agencies failing to secure prosecutions against rich & powerful folks all the time, we regularly see investigations into the crimes and failings of authorities and corporations derailed through sabotage and wilful malpractice (eg: the pathologist examining the newspaper seller beaten to death by a Policeman on his way home).
How is a new law going to help if it going to be enforced by the very same mechanisms that have been shown to fail through wilful self-interest time and time again ?
"Not Z. Please, $deity, not Z."
Someone has built a Z compiler?"
Last I heard they were (re?) animating Z specs. :P
Re: The real problem is C
"Not Z. Please, $deity, not Z."
I liked the idea of Z, but in practice I could never get away from the fact that I could achieve the same ends expressing the same constraints using some carefully written C++ unit tests. :)
Note: There are things Z can do which carefully written C++ can't, and of course it's possible to have bad tests fail to detect bugs in bad code... That said, it's pretty rare that people can write Z accurately either. :(
Legislation is only as good as it's enforcement.
"while critics charge that the law will further enable the NSA to gather personal information on citizens en masse for its oft-criticized domestic and international surveillance programs."
It's hard to see how any legislation will further enable the NSA (et al) to gather personal information.
Even here in the bohemian UK the authorities already have enough legislation to kick down your front door at 3AM, frog march you out into the street stark naked at gunpoint, and incarcerate anyone who objects for indefinite periods without a public hearing or trial.
Besides, they ignore the legislation and oversight requirements when it suits them anyway...
Presumably the point of the legislation is to allow NSA figureheads to claim that they haven't broken any laws should they face a disciplinary hearing at their golf club.
Re: Up the creek without paddle... @Steve Crook
"I rest my case m'lud."
Refusing to identify yourself has earned you 10 years in the clink for contempt of court. ;)
Re: Back to basics?
"Given the number of phones that Sammy make, isn't is about time they offered two top enders, one in the mould of the S5, and the other a sealed battery, fixed storage, metal chassis device to take on the Sony and HTC top enders?"
Given the market share Sammy have doing what they are already doing I doubt they'd get enough return on it to make it worth while... Besides they would give Apple's Lawyers and Fanbois some "Samsung Copies" ammunition when they are trying to fight a court battle. Remember, fanbois and judges find it hard to distinguish between round-edged rectangular electronic widgets, large manufacturer's logos plastered on the front notwithstanding.
Re: Not supercomputers - not even close
"...the GS21 chips mentioned in the first several paragraphs are legacy 31-bit processors for mainframes"
Thanks for the schooling (have an upvote). :)
The latent pedant that lies neglected within me would like it known that I did preface my twaddle with an 'if'...
Re: Not supercomputers - not even close
"These are proprietary mainframe processors, not supercomputer chips. There's a very, very big difference there..."
Err, if they get put in super computers they are "supercomputer chips", in exactly the same way that Intel Xeons, AMD Opterons and GPUs are...
Why do you think those Fujitsu chips are less supercomputery than an Opteron slotted into a Cray XK7 ?
Why do we care about Stewart Baker's opinion ?
From his 'profile': "Former government official now practicing law"
That didn't inspire confidence, and as it turns out his blog post was wishful thinking and ignorance masquerading as utter tripe.
"It is quite possible he died due to a stupid error"
Doesn't it strike you as extremely unlikely that a smart well educated man would accidentally ingest cyanide at his home ? In a lab where they are swapping the labels on bottles for shits and giggles maybe, but cyanide shouldn't really be knocking about at home.
"but if he did commit suicide it was his own decision and not remotely forced upon him."
That assertion has less evidence to back it up that the conspiracy theory.
Turing wasn't some random coke snorting trader, or celebutard, he was one of the key brains involved in cracking codes. In a Cold War you would want those kinds of guys fighting for you, and if one of those guys dies before his time you really *should* be trying to work out exactly what happened - so you can make sure it doesn't happen again.
As it turns out they didn't work out what exactly happened, they chose not to investigate further pretending that nothing happened and everything was OK. It's exactly the same stunt they pulled with Kim Philby...
Nothing to see here, move along - all those dead soldiers and spies are nothing to worry about...
Re: Wasting taxpayer's money again
"As has been pointed out before in this thread, the majority of students use IT as a means to an end, mainly to write up their work and ultimately their thesis."
"They don't use Linux and they don't program, because they don't need to. Those that do need access to Unix or Linux will get it."
I get where you are coming from, and I imagine believe it to be a pragmatic approach, but surely there are occasions where students really don't need to use a Windows box. Unix isn't just for programmers, and I know from first hand experience that a lot of 'ordinary' folks can get on just fine using a UNIX box and in some cases they actually prefer it...
To my way of thinking Universities should equip students with the tools they need to adapt and thrive in the real world, locking them into the world of Microsoft through ignorance of alternatives for the next 10 years of their working lives isn't helping anyone but Microsoft. :(
"If anyone had shown this level of inertia, sloth and general incompetence in the private sector they would rightly be out on their ear."
The evidence is against that.
For example, one of the longest serving chaps at previous employer used to fall asleep and snore (loudly) for entire meetings and when awake at his desk he would while away the hours browsing the totally NSFW websites. He survived long after I left having managed his team, coded & delivered his project. ;)
Re: That´s the Spirit ...
Perhaps you should introduce them to a gentleman from Lagos specialising in IT training. They might find that the bitcoin malarkey has a bit more scope to it than an AK47 bullet. That said, scorching PII boxes is understandable though, scorching PIIIs would be crossing a line. :)
"What is this - the 1990s? Did I install Linux by mistake?"
Clearly not, because Linux would have "just worked". :)
"By the sound of it MS are on their way to making something that makes me happy."
I'm going to reserve judgement on that one until braver folks have had a chance to cut their teeth on it.
In my view Microsoft are in a pretty good place in terms of having a broad spectrum of technologies, some of them able to play in the consumer space. They seem to be throwing a mix of R&D projects while reacting to the (negative) feedback of Win 8, this could actually help folks out *and* move their myriad of platforms forward.
We'll see, but if anyone can pull off a turn around like this I think it's MS with Bill Gates lending a bit of drive & vision - it's still a long shot though.
I really can't believe I just wrote all that. I want to point out that I still don't like the way MS conduct their business, and I hope that they can live along side Open Source / Free Software through harnessing their R&D brain trust rather than trying to crush it through legislation & taxation.
Gimpmask because I think there are good odds that this post will come back to haunt me.
Re: Took them long enough...
"Ignoring X11 for a moment… which has similarly been around almost as long as I've been alive."
Have an upvote, I was going to include X11 but I thought, let's not dilute the point... But while we're at it, how about some of the newbies like zlib, STL, libTIFF, OpenGL, OpenSSL, ... and so on... ? ;)
Have a beer for the freedom and free beer !
P.S. I recall a TV item on the MIT team working on X - and their 1MIP, 1Megapixel workstation - the specs seemed fantastic at the time, but I felt they were way too low for what they were trying to achieve. Then along came Apollo, Sun et al and suddenly you had hi-res full colour UIs on monster monitors. A Windows 3.1 PC was a bit of a let down after experiencing an Apollo Domain box for 15 minutes. :P
Took them long enough...
But it's nice that they care enough about their jobs to actually deliver 90% of a consistent target for developers to aim at.
POSIX must have outlived more MS APIs than I've had hot dinners by now. :P
"That's a false choice, since there is no inconsistency in saying most of the R&D effort was against iPhone and that the dev team was shockingly small."
That can only be consistent if migrating two lines of hardware, an OS, developer community and software from PPC -> x86 in the same timeframe could be done with a tiny fraction of the R&D budget.
You will probably find more people who think that Steve Jobs was the second incarnation of Jesus than you will find engineers who agree with that picture...
Re: Apple Requires Competition. Deceitful Liars And Plagiarists Need Not Apply.
"Rip Samsung to shreds please. Make room for REAL competition. That is what we *all* require."
Ironically, given the title you chose, you totally lied - perhaps that was a joke I missed ?
Personally I don't require a bunch of overpaid toffs debating how best to wipe out any semblance of free-market competition.
Presumably this is the same Phil that claimed Apple sunk most of the firm's R&D effort into the iPhone, yet we have Greg Christie on record as saying the dev team was "shockingly small"... To be fair Phil's claims could be correct if Apple had a very small R&D budget and outsourced the vast majority of their development work...
So Phil, which is it ? Perjury or Apple outsources the majority of it's product development ?
Re: LinkedIn are dangerous amateurs
"Well done, you actually had me look at this before I discovered you're just trolling.... no address to be found on the ones I checked."
He's not trolling, that trick actually does work (I just tried from the UK), consequently I fully agree with the assessment that they are dangerous amateurs. Sadly they didn't even bother obfuscating the @. :(
You are not the only one to be Clueless though, the oft quoted Clueley concluded that "I really don’t feel as if [linked in] have handled this situation badly at all"...
Do you have some interest in Linked In publishing it's customer's email addresses on publicly viewable pages ?
Re: What I find mysteriously unexplained...
"...is the conspicuous lack of news of heart attack / stroke related fatalities in the higher ranks of NSA immediately after Snowden started doing its thing. "
The reason for that is that the culture of secrecy conveniently extends into the domains of accountability and taking responsibility. ;)
Got to wonder what the yields & MTBF (at package level) are going to be like with zillions of TSVs hooking up a bunch of hot dies.
Best of luck to them. :)
Re: Head to head
"It is by far and a way the most stable and usable OS. Unlike Linux, Windows will run all your current software."
That is simply not true, Windows fails to run any of my OpenBSD or Linux binaries...
Re: Prior Art
"The problem with that app is Apple have an army of weasels that would argue that black is white,
So they'll get killed on the next zebra crossing, no? How appropriate."
Lovely thought, but sadly those particular Weasels don't do stuff like being pedestrian. ;)
Re: @Fido L Dido
"I've seen many a skilled developer, who left to his own inventions produces a lot, most of which is of little or no value to the business."
You have seen skilled developers produce valuable stuff despite being given no support or guidance as to what the business requires. In those cases the business got more value than it should expect in the absence of effective management IMO.
Ask yourself : Is it reasonable to expect stuff of value if you don't communicate what you actually want ?
"If you have middle management (or even bottom management as you state) earning more than people higher up the ladder, your company is a messed up."
With all due respect, that is twaddle.
"Meanwhile someone higher up the tree may be responsible for decisions that can affect the company by millions of pounds a year. This person is always going to be worth (and paid) a lot more than that middle manager doing a sterling job."
That is a natural consequence of self-interest (aka greed) and feeding the money in at the top of a tree and letting it trickle down to the minions. It is possible to imagine other ways of distributing wages that have different properties. For example, I think it likely that many celebs earn *more* than their management team.
Re: Seems strange...
"It is only "illegal" if their secret court says it is."
Strictly speaking that is not the case, the laws are set elsewhere and the court is there to oversee that they are adhered to. That said the court clearly doesn't provide adequate oversight.
"What really worries me is what the NSA considers illegal, because some of what they consider is legal is really horrible, so imagine what they consider illegal."
I'm pretty sure they think stuff like whistleblowing on illegal mass surveillance is illegal. Terrible crime that one.
Re: Seems strange...
"Whether they have backdoor or not, allowing China to put in the communications equipment that our defense and infrastructure rely on is the height of stupidity!
Somethings you don't do , even if they can do it cheaper!"
I hesitate to place my delicate person in front of the freight train of down-votes for the above post but...
The man does have a point. If you have some absolute-funting-lutely-must-not-fail-or-be-hacked traffic, you would naturally prefer to run that traffic over kit that is produced in your own backyard. It's a question of confidence, visibility and control. Producing all the components offshore, in a countries that you are in direct competition with (for resources, power, etc) is taking quite a big risk however you slice it.
Looking at the long game placing your neck on someone else's chopping block is a pretty big show of trust and perhaps that will lead to a more peaceful more productive world over the very long haul... Unless of course a nation gives in to temptation and swings the axe...
Interestingly the Open Compute stuff does offer some short-cuts and a small cost-saving to subsidize the development of that home-grown trust-worthy hardware. Because it's standard form-factor and standard designs, your suppliers can sell the exact same hardware to other customers - and that may go some way towards mitigating the costs through greater volume.
Re: Seems strange...
"If the NSA wanted to know if Huawei kit is/was sending information back to the Chinese government could they not have determined that technically through looking at the packets being sent, stripping a machine down to look for secret transmitters and so on?"
Yes, and it would have been more effective because they wouldn't have had to break the law and troll through tons of machines and people to find the information they were looking for. On the other hand hacking the vendor enables you to do some corporate espionage and sabotage, I suspect the NSA did both.
The thing that surprises me is that all these awfully powerful apparatchiks who are so keen to FUD Huawei seem to have collectively failed to arrange a demo of some of these alleged backdoors in action. Even if the backdoors don't exist, they could fake them fairly trivially and lend weight to their FUD. Given the half-arsed nature of the attacks on Huawei and the people doing the attacking (ie: apparatchiks with minimal to zero technical credibility) I suspect they really don't know of any backdoors (there could still be some backdoors of course!).
So at the end of the day, there doesn't seem to be any evidence of these alleged backdoors. On the other hand there is circumstantial of evidence of some incentive lubricating the FUD effort in political circles, because all of a sudden we have a bunch of folks who have zero track record of being interested or qualified to comment on hacking speaking up...
"I hope this sueball breaks Target, it deserves to be made an example. To all those CEOs who think "outsourcing will take care of security"."
Careful what you wish for. All those folks who are out of jobs as a result of Target failing will look for jobs elsewhere. Those same could end up looking after your bank account... :)
"Even if it does Oracle may end up being Wang a few decades later."
It looks as though Oracle have been firmly wanged in the short and curlies by AMD + Open Source of all people. If a sufficiently detailed white paper is published I suspect this will develop into a Tsunami of woe for Larry.
"Alternative scenario, having stolen the sourcecode, they've read it and seen how terrible it is, and decided its got so many backdoors they don't want to risk it on US soil."
I think you would have to admit that is pretty far fetched given that their efforts seem to have overlooked folks like Cisco et al. Do you have any vulnerability stats to back that hypothesis up ?
Re: Back doors, Back doors, Back doors
"Look, I know this goes on between gentlemen of a particular persuassion,
But, do I have to have this shoved in my face/mail-box every day?"
It is your patriotic duty as a loyal citizen to have your backdoors smashed in, confidential information stolen and your secrets discussed around a water cooler in Virginia (or over a cup of tea in Cheltenham).
It never made sense to me that the copyright infringement prosecutions appeared to target the small fry whereas folks like Yahoo and Google are (mostly) left alone by the authorities. I guess we now have a reason for it: the authorities value the mass surveillance opportunity more highly than keeping the record industry execs happy.
Re: Playing the long game.
"5) Start with a cost-benefit analysis of each app in use. If you can't justify the cost, it goes.
So what cost-benefit do you place on saving a life? 'X bit of kit only saved 2 lives last year - bin it'?"
Firstly: Fair question - but you are asking the wrong person, ask the NHS trusts.
Secondly: NHS Trusts have to make that kind of call all the time, as you well know they don't have infinite resources to throw at making everyone well all the time.
Thirdly: Cost-benefit analysis is not a synonym for getting rid of stuff that makes lives easier. In fact if it's done correctly and the decisions made are rational it should actually *improve* the situation, at the worst you'll find out that you've done as well as you can and nothing needs to change. ;)
"Um... Wouldn't this break various laws? Just because it's not supported on Win7 or Linux means it's ok to reverse engineer it?"
Depends on where you are working, the EU tends to view reverse engineering as a legitimate activity. Also keep in mind that I was responding to a post about software that isn't supported and the vendor is either not interested or not around any more. In those circumstances, I think that is perfectly OK to reverse engineer it.
"So, my Trust has a dev team as you suggest, in collaboration with every other trust we re-write everything we need to it's all open source."
I am not advocating rewriting *everything* in-house and open sourcing it, so that straw man can screw itself and the post that it rode in on.
"Pay them >=2x the graddy salary contract style on a 3 month rolling basis" idea would never happen unless you were happy to cut staff elsewhere."
The software is not going to be migrated by magic. At some point folks are going to have to do some work, and the chances are they won't work for free. So you have a simple choice of developing in house (pay salaries) or outsource the work (pay salaries + vendor's profit margin).
While paying 2x the going rate seems a bit generous, most undergrads & recent grads are paid sweet f.a, so 2x of f.a. isn't actually that much and it also will attract a bigger and better pool of candidates to select from.
Ultimately it depends on whether getting the job done is more important than keeping the headcount down. Either way you're going to spend money - and most likely more money if you pay a vendor for the work.
"Try working in the sector, using spit and baling wire to hold ropey systems together because there just isn't anything else that does the job."
I've found plenty of workplaces outside of the NHS where the only materials to hand are spit and bailing wire. It's not a problem unique to the NHS. For the record both my parents worked in and around the NHS for the majority of their careers, I chose not to because I figured there was no future for a developer in the NHS...
"we know it's not sustainable but whos life do you want to make that little bit worse by deciding X system is not worth running anymore?"
You know it is not sustainable but you are not prepared to change the way you work, stress, misery and failure is inevitable with that approach.
I don't want to make anyone's life worse, but equally I see the status quo is making lives worse, and I see nothing to suggest that peoples lives will get any better in the future as a result of continuing to run unsupported software on end-of-lifed platforms.
Re: Playing the long game.
4. 10 years later, the clinician has made his money and no longer supports the application, having retired at 50 to somewhere sunny. Unfortunately the app only runs on WinXP"
5) Start with a cost-benefit analysis of each app in use. If you can't justify the cost, it goes.
6) For the unsupported crapola stick it on a VM, and reverse engineer it with suitably motivated (smart) undergrads/grads overseen by a chilled greybeard. Pay them >=2x the graddy salary contract style on a 3 month rolling basis. The output of this is process is an automated test suite that will accurately model the behaviour of the system.
7) Bring in some seasoned app devs and get the buggers developing the replacement. You can test the results using all those automated tests from the reverse engineering effort.
8) Open source it, mitigate the on going costs with offering support contracts, paid-for-development etc.
The key bit is keeping the effort very focussed and making sure that 99.99% of the testing can be automated. Everyone could make a very healthy wage and a decent career out of that process and it really would not have to cost the earth to implement. If you open source the process then other trusts can see what you're doing and contribute/collaborate and hopefully re-use stuff. The re-use will promote the spread of common interfaces, protocols and conventions - and through that organisations will be able to standardise processes and software.
If this process is replicated across a large number of organisations & applications you'll see knowledge spread (driving costs down), bad apps being culled through competition and good apps thriving - while allowing space for multiple solutions tailored for specific scenarios to flourish as well. By Crikey ! That's an ecosystem.
This isn't revolutionary, it has been happening for at least 50 years, and while the $payware guys get all the limelight, open-source & other collaborative efforts have been thriving in the background (particularly in cash-poor specialist environments)...
"Equally, setting a one-year limit on the NHS deal is important to force health-service organisations to get off Windows XP."
That statement and reality are poles apart.
Those same health-service organisations had several years notice that XP was due to be End-of-Lifed, yet they failed to migrate away from it, there is no reason to believe that they will migrate away from XP within the next 12 months either.
There is insufficient evidence...
There is insufficient evidence showing that the ICO is fit for purpose or competent. They should return their pay and shuffle off down to the job centre.
Re: This is UNCONSTITUTIONAL!
"So why has that not happened?"
It's quite simple: A Government won't tolerate any domestic threat to their power. An outfit like the NSA provide a number of services that help the Government combat domestic threats and maintain a strong power base, so from the Government's point of view there is a strong incentive NOT to punish the NSA's transgressions.
As for suspected nuances, the folks wielding the power and owning the country appear to be content to allow the current scenario to continue.
"The other thing these 'rich lists' tend to ignore (partly because it's much more difficult to find out) is how much debt the wealthy have."
Finding out the debts held by the toffs & celebutards won't happen often because a significant chunk of their income depends on them being perceived as being "successful" or "wealthy"... You can't run a personality cult/ponzi scheme any other way. ;)
Re: Er, What?
"to see the problems with having application software directly interfacing to hardware rather than via a defined set of BIOS calls."
FYI PC BIOS calls are *very* rarely used these days - most OSes talk direct to the hardware via drivers. The reasons for that include performance, and working around broken PC BIOS design. Not really sure how you could reasonably expect a 16bit PC BIOS to work well with a 64bit OS...
OTOH if you have a static description of the hardware and the OS provides the drivers then you are not tied into using 16bit PC BIOS calls for the next 40 years...
Re: But then we'd need hardware standards @Roo
"I think you are confusing interface specifications with firmware. Interface specifications treat the devices on either side of the interface as black boxes; firmware resides within the black box."
That rather misses the point I was making, ie: that it's possible to have vendors make hardware behave to a standard...
Re: Accident or Malicious?
"Stating that religion is devoid of logic isn't bigotry, it's a statement of fact."
Quite correct, however the original post did not make that statement.
OTOH slandering folks who *may* have actually been trying to save the aircraft on the basis of their religious beliefs is bigotted and hiding behind AC is spineless.
Re: Accident or Malicious?
"Take a few kufars with them and then have some virgins in paradise."
Perhaps you could fly out to Malaysia and put that theory to the authorities there. I'm sure they'd the love the input of a spineless bigot & creep.
Re: Comparison with DirectX?
"Be good to see how the two technologies stack (hah) up against each other on mobile."
Fill your boots, write a benchmark and port it to WinPhone and Android. You should be able to find a pair of Winphone and Android handsets that share the same (if not very similar) chipset and display resolution...
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*