Posts by Ed

Whiteboard refreshing

In addition to the whiteboard marker trick, which may take several applications in the face of an excessively zealous board cleaning crew (we had one board that was cleaned so well it virtually glowed white), there's another trick that'll work. Actually, 'trick' is the wrong word to use, because this is the real way to fix it...

Whiteboard reconditioner is actually made to do this job. Now, it works best if it's used on a clean board, and if it's a really improperly cleaned board (such as our phosphorescent board mentioned above), it could take two coats. But it's generally a lot easier to use it than to use the marker trick, if you have an entire whiteboard which has a problem.

Note that if it's just old whiteboard marks or indelible marks, whiteboard cleaner (basically, bottles of the solvent used in the whiteboard markers) tends to work much better than whiteboard reconditioner (which seems somewhat similar to the solvent used in the whiteboard markers with a fair amount of silicone liquid added.) Of course, this isn't a particularly bofhish solution.

The bofhish solution is replacing all of the whiteboard markers with indelible markers, and relying on my secret stash of whiteboard cleaner and reconditioner to use the boards as intended...

How many magic schools are there?

I've read english private school stories before, and they're always incredibly myopic - most of them admit to no public schools, and many of them admit to very, very few other private schools. If they're so broad-minded that they admit to other countries, nearly all (if not all) other private schools will be located in other countries.

Combining this with the fact that magic hides so much even from practitioners of magic, I think it's fairly safe to say that there are actually hundreds, if not thousands, of magic schools in England - many of which the students at Hogwarts simply disregard if they're even aware of, and some of which the students at Hogwarts couldn't find out about because they're not in the right families, and don't have sufficient skill to locate - even if they tried, which they haven't. There is also the age-old practice of apprenticeship, which may still go on among the poorer practitioners of magic - although, given access to schools with multiple teachers, few would choose to have only one teacher.

Of course, there's still the problem that with all of these other schools, there are other joke sellers. We may not see them in the books - after all, nearly everywhere we've seen has either been muggle territory or Hogwarts territory, and it's doubtful that the author would even condescend to recognize the existance of people who graduated from "lesser" schools - but that doesn't mean they aren't there. Since most of the rest of the magical world would likely not be so fabulously wealthy, many of the Weasleys' competitors would probably have cheaper prices - possibly even much cheaper. There may not be many outside of the graduates of the schools mentioned in the books who would be willing to pay George and Ron's prices. However, there are probably plenty of practitioners of magic to help out the overall economy, and every so often, someone of lesser means may still save up to buy a genuine Weasley.

Critique fundamental to Open Source.

We do need to adapt - some people in the OS community are far too harsh in their criticisms; too much destruction, not enough construction. That having been said, some activity that many Asians see as confrontation are *fundamental* to the open source process. If someone cannot manage to tell an open source project manager that they're going the wrong direction, that person cannot effectively contribute to the project. If someone cannot stand to hear people saying that their code isn't perfect cannot effectively contribute to open source - they will quickly break down.

If that level of confrontation is removed, the whole process breaks down - feedback is critical to the process. No feedback, no magic.

This may sound like a harsh rebuke - I hope not; I am trying to make it as light as possible. However, I feel that the article author appears to have a really serious misunderstanding regarding how open source works. It's not magic. Someone writes code. Somebody else reviews that code, and points out flaws. Someone writes code that attempts to fix those flaws (this someone could be the first person, the second person, or a third person.) If the reviewer cannot bear to point out flaws, they fail. If the person who wrote the first code cannot bear to have flaws pointed out, they fail. It's as simple as that.

Note that the anecdote above regarding the seriousness of 'breaking face' indicates a pathological problem with the afflicted Asian cultures; if a subordinate cannot tell their superior when the subordinate thinks the superior is in error, every serious mistake of the superior will result in catestrophic problems unless the superior manages to realize his mistake in time, and when the subordinate is wrong, the subordinate will not learn why they were wrong, only that they were. Even without outside influence, that culture will eventually collapse on its own; it's just a matter of time.

Note that in the above paragraph, I am not forgetting that women exist; my experience - which I realize is not statistically significant - suggests that the issue is primarily a thing with a male superior. In the rare instances when a woman is in charge, they are apparently more willing to accept critique given to them privately - more afraid that someone else will notice the issue before it's fixed than they are annoyed that someone noticed the issue. While I personally think that is still a problematic approach, so long as the critique is accepted in some way, progress can still be made. Note that my sample size, in this case, is 6 asian men and 2 asian women; all of these individuals were born in Asia (mostly Tiawan), but were in the US when I was exposed to them. I've met many other asians in positions of power, but they did not exhibit any of the symptoms of being concerned with 'face' in my presence.

Lousy programming practices

The author suggests that optimisation will always make code harder to read. My two most common optimisations to make do not do this:

1. Remove completely useless, irrelevant code. This *really* should not be my most common optimisation. However, most of the time when I get a new program or applet which has performance problems, the issue is that there's a significant block of do-nothing code. I find this to be insane, but true. This optimisation always makes the code easier to read. It is either a sign that the original coder was not attempting to do the simplest thing that could work, or did not refactor after a major code modification.

2. Algorithm optimisations. Sometimes these result in less legible code, but not always. Over the last few years, the most common algorithm optimisations I've performed have been changing to using associative arrays instead of numerical, in instances where numerical arrays are not helpful.

For example, a recent applet maintained a sorted list of records which could potentially include over 10,000 elements. The language provided a sort mechanism for simple arrays, but it provided no way to provide a comparator, and so the author wrote his own max sort routine, and included code in the various update routines to maintain sorted order. The fact that the list was sorted was actually never used - the search through the list was a simple linear search, which did not abort on finding the result; it simply stored it, and continued looking (despite the fact that only one result could ever be found.)

I converted it to use associative arrays, which were provided by the language. That eliminated the 30 lines for the sort routine, and it eliminated the half dozen or so lines at every insertion or deletion operation to maintain sorted order. It also eliminated the 10 lines for the search routine. Finally, it eliminated all of the overhead associated with that code.

The kicker: the language in question doesn't actually support numerical arrays. Instead, it fakes them with associative arrays. As such, there was no increased cost per access of data, even if the list size was 1; instead, the cost was reduced, because instead of having to reference into the array element's record structure to get the key, to see if it was the element I wanted, I just check for the key I want.

I've seen many programmers waste a lot of time on optimisations. Generally, those programmers were doing it incorrectly anyway. For example, the programmer who spent hours optimising the options processing on a program, using a wall clock to time the entire program executions after each code change. For reference, the options processing took less than a tenth of a second at the start of each execution; the rest of the execution took at least 15 minutes - and the program would skip the rest of the processing if the last option was --help.

Note that the last person I saw doing that was inspired by a prior optimization that I had made in the same program: removing a routine at startup which sorted an array of data that was no longer referenced anywhere else in the program, using an algorithm which gave its worst performance when working on already sorted data.

Real costs

Per computer charges are not to replace the hardware - every computer cracked requires investigation. As I understand it, this work is usually given to external contractors, as the US gov IT staff is generally already booked solid through the next decade - and most of them probably wouldn't be up to it.

Even if the investigations were performed by people already on the payroll, time spent on the investigations is time not spent on other, more productive work. Because of this, the cost of the emplyees' time cannot legitimately be 'discounted'.

I know just enough about what goes on in these situations to suspect that, in fact, the cost per computer is inaccurate - it's lowballed. Realize that not only are they looking to find out how he got in and patch that, but they're also looking to see if he used the system to jump to any other systems. As such, every system that talked to the cracked system from the time the attack started until the cracked system was isolated from the network needs to be reviewed as well.

Just to touch on the example of the 'I love you' virus mentioned above - the impact of that bug varied greatly between companies. In the company where I was working at the time, the virus was blocked after it was in the wild about two hours; it infected several hundred systems, cluttered the mailbox of around 10,000 more, and cost approximately 200 man hours of contract labor to block and clean up. (Yes, it was less than a man hour to clean each system - but the contractor had to walk to each system to clean it - and locating the system wasn't always trivial, as sometimes people had moved machines without updating the systems registry.) One of my friends, however, had a decidedly different experience - it wasn't blocked the first day, it overloaded the company mailserver, and they effectively had no email for a week. Approximately 300 man hours (in a company of 250 employees) were spent attempting to use the email system without success before it was declared dead. Around 200 additional man hours were spent fixing the mail server, and around 50 man hours spent cleaning or re-imaging machines. Even if you assume that email is an unnecessary luxury (they certainly found it was not a luxury), that's 550 man hours (13 man weeks) of wasted time.

Of course, if the cracks were due to default passwords... I've heard that passing security clearances is far more important to the military's hiring process than competency. I have certainly met some very capable and competent people who work for the military - but their stories of coworker incompetence usually beat mine. This isn't meant to excuse, but to explain. Various branches of the US government and military are reputed to have state-of-the-art systems and incredibly brilliant people running them - and they do. However, they also have the inverse situation as well.

Old news

Databases have been a commodity for about 10 years now - anyone who wants one can pick one up for a song - or less.

That being said, there's still a lot of differentiation at the upper levels, and aside from a few basic standards - SQL, BerkeleyDB, LDAP - there is a surprising lack of consistency for an area otherwise as mature as this one.

Of course, not all databases are created equal - there are things that hierarchical databases can do that relational databases can't do, there are things that relational databases can do that hierarchical can't, there are things object oriented databases can do that neither hierarchical nor relational databases can do, and I'm sure there are things that hierarchical databases can do easily that object oriented databases either cannot do or cannot do easily or efficiently and things that relational databases can do easily that object oriented databases either cannot do or cannot do easily or efficiently.

Of course, this also depends on what one means by 'commodity'. To me, it means one can easily acquire the item fairly cheeply, because competition has driven most of the profit out of the business - at least, for the basic product. It does not mean that one can simply switch out a different product and get the same results - that can only be had by standarization, a completely separate maturity process. It also does not mean there are no premium versions available - machine screws are clearly a commodity, but titanium-plated machine screws were not, last I checked (of course, it's been a while since I've checked).

So when did the DA get those requested records?

I am curious - how long did the innocent student remain in jail after the DA found the evidence that indicated he didn't do it?

I don't know that it happened in this case, but I have heard of prior cases where a suspect is held for several days after being found innocent by the investigators - and it always distresses me significantly (well, ok, there was one case I heard about where it wasn't so bad - the suspect was informed that he was found innocent, but would he mind staying for a bit longer, to give them an edge on tracking down the real criminal - and he was compensated for his time.)

However, in this case, I think it was shoddy work all along, in any event - the student's actual call should have been recorded as 2:12am EDT by the school's phone system. Of course, with due dilligence, they would have still arrested the kid, but after having found the message that he *did* leave, they would have let him go an hour later.