Posts by JohnFen 5648 publicly visible posts • joined 20 Feb 2015
"I dislike seeing comments in code except as headers on methods saying what they do and offering information about parameters"
Me too -- those sorts of comments are harmful. But I disagree with you about comments in code being a red flag of some sort.
A bad comment is one that tells you what's happening (the code already tells you that). A good comment is one that tells you why it's happening.
" I'm sure someone will pop up shortly to say that if you're a good programmer and write tests for everything as you go along etc. then you will never have bugs"
Anyone who says that is demonstrably wrong. All nontrivial programs, without exception, have bugs. Skill & good process can reduce the number of them, but they can never reduce the number to zero.
Also there's something that academics are well aware of but the general public too often isn't: a single study means little. It only becomes significant after other independent researchers replicate the results. It may sound wasteful, but it's an important protection against error.
This seems too simplistic of a premise to me. Different languages have different strengths and weaknesses, and as a result are best suited for different sorts of tasks -- that, at the heart of it, is why discussions about "good" and "bad" languages are suspect right up front -- a given language can be the best choice for one sort of task and the worst for another.
If you're using a language for a task that it isn't well-suited for, you're going to have to write more (and more complex) code in order to make it work. I would expect that doing this would result in a higher defect rate. Using the same language for a task that it's designed for means that you'll have to write less (and less complex) code, which I would expect to result in a lower defect rate.
A study that just tallies defect rates with language use, but fails to take into account whether or not the language was suited for the task, means little. I would expect that sort of study would average out the defect rates and result in more-or-less the same "quality" score across the board.
Which appears to be the actual result in this study.
I've been a "hacker" for decades, and in the past have never noticed a serious gulf between academic security researchers and non-academic security researchers. Yes, they each have their own different playgrounds, but I've not noticed cases where either side simply discounts the other's efforts. More typically, they have each informed the other.
Has this changed and I didn't notice?
Yes, really. I didn't just make that up. The problem almost always comes in the form of tabs vs spaces, and is VERY hard to spot. I could be mistaken, of course -- but even if I am, whitespace issues have cost me at least as much time as programming errors.
It would be helpful if the Python interpreter could call out that specific sort of error, but it can't (or at least, the ones that I use don't), so it just ends up being a mysterious failure.
Yes, the problem you cite is a very serious one. Unfortunately, "defensive" patents are things that are effectively unavailable to anyone but the very well-funded. If you can't defend your "defensive" patent -- which takes money -- then it's all but useless.
The patent system has devolved to the point where it only provides benefits to large corporations and the very wealthy. It no longer performs the function that it was intended to perform.
"Daniel Berlin observed in a Hacker News discussion, the patent claims Apple has made are "worrying.""
I agree. It's extremely worrying -- and ensures that I won't be using Swift until the patent expires.
Apple may have a good record and good intentions. But the history of software patents makes it very clear that having good intentions is not reassuring. You never know what the future holds. Apple may change its mind, or may transfer the ownership of the patents to another company that is less well-intentioned.
With patents (like contracts), the only thing that matters is their legal meaning. Intentions or how saintly the parties involved are mean nothing in the face of the written language.
If Mozilla actually manages to block the things that are effectively impossible for me to block myself (supercookies and fingerprinting are the most obvious things), that might actually convince me to use the new Firefox. Although I strongly dislike the new Firefox because of unfixable usability issues, the ability to stop that sort of thing would likely be enough to make me suffer the UI in exchange for protection I can't get anywhere else.
"as far as I can tell, what Apple did was actually well-intentioned."
Maybe. It's honestly hard to know. But let's say they were well-intentioned. If so, it only highlights the abhorrent Apple attitude of "we know what's best for you, and we'll make all the decisions for you. Suck it up."
The truly sad thing is how far this same attitude has permeated from Apple into the wider computer industry. I see it everywhere these days, and it's horrible.
This. As a person who doesn't value warranties, I don't pay attention to how long they last. I certainly don't consider them an indication of expected lifespan. If Apple is making the claim that the duration of the warranty is an indication of expected lifespan, then that immediately rules out buying any Apple product for me, as it makes them even more overpriced than I thought they were before.
"Sorry you don't like the fact that we knocked down the wall to the lounge and installed a new air vent through the ceiling, but that's just how it is."
This is faulty logic. If you hire a contractor to do renovations, and the contractor determines that it's necessary to do work that was outside the original deal (such as having to knock down a wall to install a new air vent), the contractor will explain it to you and get your permission before taking that wall out.
Apple's own analogy demonstrates that they were in the wrong.
"Actually, they ARE aware - just dont give a crap."
There have been numerous studies trying to address this, and so far they all indicate that the vast majority (80%+) of facebook users aren't aware of this at all, and get upset (or refuse to believe) when they are informed.
In my opinion. encrypting DNS communications is badly needed. However, doing it through HTTPS is a terrible, terrible idea. To be useful, any such encryption scheme must be done in a way that doesn't prevent users from being able to monitor and manage their interactions with DNS.
Also, overloading the HTTPS (or HTTP, for that matter) with non-web-related services is bad on many levels, and ultimately harmful for both the web and the internet.
"If they treated it like Apple does fingerprints for Touch ID, where it generates what amounts to a 'hash' of your fingerprint, so it can compare A to B to see if they match, but would be unable to produce a copy of your fingerprint"
That's how 99% of all fingerprint scanners work (and is a big part of why it's easy to spoof them). To do otherwise rapidly becomes prohibitively expensive. So I would be very surprised if this one worked any other way.
"To be fair to the street cops who've dealt with me, they are actually the least likely to demand compliance"
Yes, this has been my experience as well. Although I imagine that they probably go directly to demanding compliance if they have reason to think that you, specifically, are engaging in a crime.
"Should we disable all javascripts on unknown sites?"
Yes.
But I'm one who takes it a step further, and disables (mostly) javascript on ALL sites by default. If a site carries ads, it can't be trusted enough to allow Javascript to run without examination.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
