* Posts by C. Fuhrman

16 publicly visible posts • joined 25 Mar 2008

Audacity users stick the knife – and fork – in to strip audio editor of unwanted features

C. Fuhrman

Not Dacity

or NaughtDacity?

Coding unit tests is boring. Wouldn't it be cool if an AI could do it for you? That's where Diffblue comes in

C. Fuhrman

Agree that tests are supposed to drive the development, so tests can come first. They also document what code is supposed to do, so I think the AI angle is broken.

Although I personally like to test first, research has shown that testing first or last really doesn't make much difference. It appears to be the development process having small steps (small test granularity) that is beneficial, and this helps with the quality and design.


Don't bother with that degree, say IT pros

C. Fuhrman

Investment pays off over time

I am a self-taught programmer who also got his diploma, and I agree the diploma doesn't help in terms of skills.

However, the comments about HR are true. The world's simply not fair and whining about it only makes the truth more painful.

Another scenario I saw more than once proves my point. The self-taught non-diploma guru reaches mid-life in a consulting company. He has a good reputation, maybe even manages some coders, but the new hires (with diplomas) make his salary starting out! This is especially true in sectors where jobs are contracted to the government. Allowable billed rates are based on measurable education levels, at least with the US government. Such people have a harder time going back to school because they have families, mortgages, and tuition is more expensive than it was 15-20 years prior.

Google Go boldly goes where no code has gone before

C. Fuhrman

Does Go make it easier to program bug-free concurrent code?

One of the biggest problems with concurrent programming is writing code that is free of deadlocks, livelocks, race conditions, etc.

There's no mention of how Go makes this easier, so I'm guessing it doesn't?

The forgotten, fat generation of Mac Portables

C. Fuhrman
Thumb Up

Nobody can feel the weight in outer space

Mac Portable in zero-G action...


Mozilla service detects insecure Firefox plugins

C. Fuhrman
Thumb Up

Too bad that Firefox had to raise the bar, but at least they did it.

How many times has Adobe's Flash and Reader plug-in had exploitable vulnerabilities, and yet there are no auto-update features? Actually, Adobe Acrobat has an update that works if you buy the full version (not the free reader).

Check out another useful tool: Secunia PSI (works for more than just plug-ins, and finds all third-party software on your PC that is at risk and needing updates).

U2 tracks disappear from YouTube

C. Fuhrman
Paris Hilton

@Peter Lee (Close the windows next time!)

Well, if I were a member of U2 and rehearsing new tunage, I would not be doing it in a place that others can hear it.

They can afford to rehearse in a Swiss atomic shelter (every building has one of those in Switzerland). You can't hear jack when the 2' door is closed.

Paris, for the brilliance of leaving the windows open when you're rehearsing new material.

MS DNS patch snuffs net connection for ZoneAlarm users

C. Fuhrman

Maybe this is why there was not enough "testing" of the patch...


"Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses."

C. Fuhrman
Gates Halo

@Craig questionable security practices

I don't want to take sides, but Microsoft has "yielded" to the complaining of 3rd parties for years (since NT days) about security practices. There are tight ways of doing things for security, which some of MS OS has tried to incorporate and push (probably badly) onto 3rd party producers. There are even examples of this in Vista where they caved because of griping from vendors. The fact is, if you allow 3rd parties to do things in a shady way, they get dependent on that and gripe about changing. Both sides are to blame, IMO.

I have to say that the conflicts like this ZoneAlarm thing are pretty rare, despite how complex software is these days.

Ohio table-shag man gets six months

C. Fuhrman

More info

From a Toledo Ohio news channel's web site: http://www.wtol.com/Global/story.asp?S=8082496

Phlashing attack thrashes embedded systems

C. Fuhrman


Sadly I think the "PHad" is here to stay

30 years of Spam - and we ain't finished yet

C. Fuhrman
Thumb Up

@Anonymous Coward

Your analysis makes a lot of sense.

I think the 95% is misleading to most users because they don't see what goes on "behind the inbox" at the SMTP server-level.

Whitehats tackle The Great Botnet Dilemma

C. Fuhrman

Vigilante justice?

I totally agree that it's unethical to shut down the Kraken Trojan. But I think the real reason isn't "life support" ROFL but rather Tipping Point getting sued.

On the other hand, ISPs don't do their part, even when IPs get reported as infected. End user's don't do their part by installing proper firewall software or enabling automatic updates. Programmer's don't do their part by writing software that doesn't have security flaws.

Just waiting for the Register to publish an article about Vigilante Zombie Killer groups that can't get sued (like the whitehats can).

Move over Storm - there's a bigger, stealthier botnet in town

C. Fuhrman

RE: ISPs could help

ISPs could monitor traffic, but other systems diagnose zombies pretty fast. Spam-sending bots usually draw attention on SpamCop.net. That means that the ISP of the machine in question gets at least one report saying the IP address is responsible for sending spam. It's easy to spot the zombie when you get a spam. It's usually the last IP on the "received" headers of the email, and it's an IP address in a block of IPs reserved for home machines. There are block-lists keeping track of zombie IPs. The ISPs could use all of this info. If an IP is sending 100,000 spams/day, which is often the case, you can imaging the ISP gets MORE THAN ONE report from SpamCop about it. But one report is enough to tell them it's a zombie.

I use SpamCop a lot, but rarely does an ISP show that they are taking out the zombies. I get "confirmations" from Sky.net on a regular basis. It takes them 3-5 days (from the time they get the SpamCop reports) to take out a zombie. That's frankly too slow. That's 300,000-500,000 extra spam messages per zombie on their network.

Mac is the first to fall in Pwn2Own hack contest

C. Fuhrman
Black Helicopters

All programmers cut from the same (holey) cloth

If anything, this contest confirms that no OS is any safer than the others. It's the same basic education system that goes into making up the coders, whether it's Apple, Windows, Linux. Unless universities change fundamentally how coders learn about what good security coding is, and static analysis tools are used to find security flaws, etc. software such as browsers with enough complexity is always going to have lots of holes.

Enraged AT&T spam filter eats legitimate mail

C. Fuhrman
Thumb Up

I suspect that ATT are using PBL on SpamHaus

People with DNS2Go don't have static IP addresses (that's why they use dns2Go). Email should not be coming from dynamic IP addresses. Spam is sent by zombie computers, which are mostly running on dynamic IP addresses. Because home users (also on dynamic IPs) don't install updates, allowing hackers to turn their PCs into spam-sending zombies.

Maybe ATT finally got a clue and are using SpamHaus' PBL to block the traffic.

Don't talk to SMTP senders who are on ISPs that say their dynamic IP blocks don't send SMTP except through their local server. This is what PBL is all about. I bet DNS2Go users have been getting a free ride until now.