16 publicly visible posts • joined 25 Mar 2008
Agree that tests are supposed to drive the development, so tests can come first. They also document what code is supposed to do, so I think the AI angle is broken.
Although I personally like to test first, research has shown that testing first or last really doesn't make much difference. It appears to be the development process having small steps (small test granularity) that is beneficial, and this helps with the quality and design.
I am a self-taught programmer who also got his diploma, and I agree the diploma doesn't help in terms of skills.
However, the comments about HR are true. The world's simply not fair and whining about it only makes the truth more painful.
Another scenario I saw more than once proves my point. The self-taught non-diploma guru reaches mid-life in a consulting company. He has a good reputation, maybe even manages some coders, but the new hires (with diplomas) make his salary starting out! This is especially true in sectors where jobs are contracted to the government. Allowable billed rates are based on measurable education levels, at least with the US government. Such people have a harder time going back to school because they have families, mortgages, and tuition is more expensive than it was 15-20 years prior.
How many times has Adobe's Flash and Reader plug-in had exploitable vulnerabilities, and yet there are no auto-update features? Actually, Adobe Acrobat has an update that works if you buy the full version (not the free reader).
Check out another useful tool: Secunia PSI (works for more than just plug-ins, and finds all third-party software on your PC that is at risk and needing updates).
Well, if I were a member of U2 and rehearsing new tunage, I would not be doing it in a place that others can hear it.
They can afford to rehearse in a Swiss atomic shelter (every building has one of those in Switzerland). You can't hear jack when the 2' door is closed.
Paris, for the brilliance of leaving the windows open when you're rehearsing new material.
"Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.
Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses."
I don't want to take sides, but Microsoft has "yielded" to the complaining of 3rd parties for years (since NT days) about security practices. There are tight ways of doing things for security, which some of MS OS has tried to incorporate and push (probably badly) onto 3rd party producers. There are even examples of this in Vista where they caved because of griping from vendors. The fact is, if you allow 3rd parties to do things in a shady way, they get dependent on that and gripe about changing. Both sides are to blame, IMO.
I have to say that the conflicts like this ZoneAlarm thing are pretty rare, despite how complex software is these days.
I totally agree that it's unethical to shut down the Kraken Trojan. But I think the real reason isn't "life support" ROFL but rather Tipping Point getting sued.
On the other hand, ISPs don't do their part, even when IPs get reported as infected. End user's don't do their part by installing proper firewall software or enabling automatic updates. Programmer's don't do their part by writing software that doesn't have security flaws.
Just waiting for the Register to publish an article about Vigilante Zombie Killer groups that can't get sued (like the whitehats can).
ISPs could monitor traffic, but other systems diagnose zombies pretty fast. Spam-sending bots usually draw attention on SpamCop.net. That means that the ISP of the machine in question gets at least one report saying the IP address is responsible for sending spam. It's easy to spot the zombie when you get a spam. It's usually the last IP on the "received" headers of the email, and it's an IP address in a block of IPs reserved for home machines. There are block-lists keeping track of zombie IPs. The ISPs could use all of this info. If an IP is sending 100,000 spams/day, which is often the case, you can imaging the ISP gets MORE THAN ONE report from SpamCop about it. But one report is enough to tell them it's a zombie.
I use SpamCop a lot, but rarely does an ISP show that they are taking out the zombies. I get "confirmations" from Sky.net on a regular basis. It takes them 3-5 days (from the time they get the SpamCop reports) to take out a zombie. That's frankly too slow. That's 300,000-500,000 extra spam messages per zombie on their network.
If anything, this contest confirms that no OS is any safer than the others. It's the same basic education system that goes into making up the coders, whether it's Apple, Windows, Linux. Unless universities change fundamentally how coders learn about what good security coding is, and static analysis tools are used to find security flaws, etc. software such as browsers with enough complexity is always going to have lots of holes.
People with DNS2Go don't have static IP addresses (that's why they use dns2Go). Email should not be coming from dynamic IP addresses. Spam is sent by zombie computers, which are mostly running on dynamic IP addresses. Because home users (also on dynamic IPs) don't install updates, allowing hackers to turn their PCs into spam-sending zombies.
Maybe ATT finally got a clue and are using SpamHaus' PBL to block the traffic.
Don't talk to SMTP senders who are on ISPs that say their dynamic IP blocks don't send SMTP except through their local server. This is what PBL is all about. I bet DNS2Go users have been getting a free ride until now.