| last updated:02 Feb 2004 19:53 UK time |
 |
| JOS Statistics - Recent Comments (Comments added for week ending Sun 01 Feb 2004) | View Other Weeks |
| Recording software | Sun 01 Feb | Ronnie Omuga |
| Hallo there, Im looking for a software thats able to record,convert,edit,burn and manipulate music, something in the calibre of Cool Edit Pro 2.0 but better. Any suggestions |
| Sun 01 Feb | Damian | Sound Forge http://www.sonicfoundry.com/ |
| Sun 01 Feb | Caliban Tiresias Darklock | Better how? CoolEdit Pro is not a music application, it's a SOUND application. SoundForge is, too. If you are working with sound, you may be surprised to learn thet CoolEdit and CoolEdit Pro are completely different beasts and the base CoolEdit may be exactly what you need. (Check the demo.) If you're working with MUSIC, i.e. you want to work with measures and beats and notes instead of seconds and samples and frequencies, you're asking a whole different question and I'll need to know more about what you want. |
| Sun 01 Feb | www.marktaw.com | CEP2 is good, what do you want to do with it? It's the standard recording application at Clearvision radio stations. How much money do you want to spend anyway? |
| Sun 01 Feb | no name | pro tools, garage band, logic, cubase, peak, sound forge. google is your friend. |
| Sun 01 Feb | www.marktaw.com | (ps visit my website for a large overview of this kind of software) |
| Specifying IE Settings from Group Policy | Sun 01 Feb | Chris Ormerod |
| Hi all, I have a web application that supports Integrated Windows Authentication. In IE6 on Windows XP the tick box on the advanced tab of IE Options called Enable Integrated Windows Authentication is ticked on by default. In Windows 2000 this tick box is off by default. Now one of our customers had an issue with the single sign on mechanism of our application that we now know to be caused by this tick box being unticked. We have informed them that turning this tickbox on will resolve the problem they are having BUT I am predicting that it is only a matter of hours before we get a call exclaiming that they cant be expected to go around to 12,000 PCs and turn this option on and that we will need to find a different resolution. So my question to you all here is - is it possible to specify this setting using group policy? I have been fiddling with the GP on our domain and I can disable the Advanced tab completely and I can do mean things like disable the media player activex control. but I cant find an option to actually specify the Advanced settings (this tick box in particular) from the policy. Chris. |
| Sun 01 Feb | Caliban Tiresias Darklock | I would take another approach to this. When the application starts, I would *check* the setting of that option to make sure it was on. If it was off, I would tell the user it was off. If I could legitimately and securely turn it on, I would offer to turn it on for the user. If I couldn't, I would instruct the user in how to turn it on. I would NOT turn it on automatically, because it requires a reboot before it works. This setting is described in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/AdvancedOptions/CRYPTO/NEGOTIATE/ and apparently can be enabled by writing a key called ValueName with a value of CheckedValue to the registry path specified in RegPath. I assume that if you check RegPath and do not find ValueName, the setting is currently DefaultValue. I don't feel like rebooting repeatedly to play with this, so I'll let you do that if you like. |
| writing a paper on software developed? | Sun 01 Feb | Confused |
| I have been involved in writing a data mining system for information retrevial and text parsing of very large databases. In course I have developed some heuristic algorithms combining and modifying other peoples work for the requirements of the project. In the end my results are by and large comparable with the software which is the industry standard in use, developed by some people at one of the worlds top universities. I am not an academic(BS in cs), but in the course of the project read many papers and came up with interesting approaches to various problems. I think the work is quality enough that it can be published as a paper, unfortunately this is a real world live system developed for a company which owns the work. Publishing a paper would be something which my boss wont definitely allow. But its something I feel will help advance my career, as the whole system has been developed by me from scratch( design,development and testing). While its not perfect, it rivals the industry standard software tool most of the time. Is there any way I can publish a paper or article on this work? My boss will definitely say no, and I dont want to do anything unethical. Anybody have an idea on this? the source code is owned by the company, but all the ideas,algorithms, techniques have been developed from scratch using a bunch of AI and statistical techniques. Any comments appreciated |
| Sun 01 Feb | Tom H | Most employers rightfully expect to review anything job related that you publish, mostly just to ensure it doesn't contain anything proprietary or unflattering. Try selling the idea of a paper to your manager; it should be good publicity for the company. |
| Sun 01 Feb | no name | You are right that your work is probably worthy of a paper. A lot of serious software development is similar to academic work. However it would be commercial suicide for companies in competitive markets to disclose the details of their work. If you want to write papers, you need to get a job in a university. |
| Sun 01 Feb | Philo | Is the ability of the algorithms something by which your company directly earns money? If so, give it up now. Think of the reaction if the head chemist at Coca-Cola wanted to publish a paper on 'a new taste developed by combining simple household ingredients' [grin] However, if the algorithms are tangential or even orthogonal to how the company earns profits (for example, their HR system or an accounting system) then there may be room to negotiate a paper. Best of luck, Philo |
| Sun 01 Feb | Confused | No it's not a way that they earn money currently, but they might incorporate it with their revenue model |
| Sun 01 Feb | C Rose | You are probably correct that your work is worth of publication. However, you need to be aware that most employment contracts state that intellectual property that an employee generates belongs to the company (even if it is developed in their own time). This is even the case in academia (in the UK, if not elsewhere). It sucks, but that's what happens. It you give away company secrets, you may not only get fired, but possibly sued, too. In the US, I believe that it is possible to patent ideas such as yours (check with an IP lawyer!). After getting a patent, you could then publish the paper, and would be protected under patent law. This has several benefits: 1. You get a publication! 2. You get a patent! 3. Your company possibly gets to license the technology to other companies. 3. Your company gets to claim it has state-of-the-art technology. 4. Your company may get interest from companies and universities. 5. Your company may get to collaborate with a university. While I don't advocate patents on mathematical ideas (since that allows patent holders to prevent others from using mathematics, which is a very bad idea), in your situation, this may be to your benefit. If you enjoy this kind of thing, have you though about doing a PhD? |
| Sun 01 Feb | Caliban Tiresias Darklock | > In the US, I believe that it is possible > to patent ideas such as yours It is worth noting that patents are considered intellectual property, so any patentable idea would more than likely belong to the company. |
| Sun 01 Feb | Warren Henning | Maybe you could talk this over with a professor at a local university who works on database stuff? |
| Sun 01 Feb | Koz | If your boss wants to patent the ideas / algorithms he'll need to disclose most of the valuable IP anyways. After that's happened, the incremental effect of a paper is minimal. I'd convince the boss to patent the algorithms, then once he's done, sell him on the 'prestige' of getting the company's work published. |
| How common are sniffers, anyway? | Sun 01 Feb | Philo |
| Every security protocol will explicitly forbid sending authentication data in the clear. SSL, SFTP, SSH - all manner of methods are established to protect data streams. But Im curious - how often does this happen? How many documented cases of cracking via sniffing over the internet are there? Im not saying its not a risk, and Id never advise anything but secure protocols; Im just wondering. Philo |
| Sun 01 Feb | veal | How common are sniffers? Pretty common in shopping malls and, I'd wager, grade schools. Parents really nead to teach their kids earlier how to blow their noses. |
| Sun 01 Feb | veal | Seriously though... sniffers are pretty damn common here in the US. The federal government has them installed at all the major ISPs and on the major backbones. In fact, some poor analyst somewhere is probably evaluating this post right now, after some baysian filter flagged it as suspicious. Hi, whoever you are. Keep up the good work. :-) |
| Sun 01 Feb | Joe Blandy | 'In fact, some poor analyst somewhere is probably evaluating this post right now, after some baysian filter flagged it as suspicious.' At least the tinfoil hat keeps him from reading your thoughts though, right. ;) |
| Sun 01 Feb | Matt Conrad | The recent Debian compromise started with a sniffed password. |
| Sun 01 Feb | Mike Swieton | A server at the same colo facility as my company's was compromised, and a sniffer was installed there. The hosting company is no longer in business. |
| Sun 01 Feb | anon | One can mitigate the effects of network sniffers with the use of decent switching technology, e.g. If you make each port its own VLAN. That doesn't make it impossible for the sniffer to operate, something similar to 'overflow the switch' to revert it to default 'hub' operation or arp cache poisoning will (possibly) circumvent this, but it makes it a bit harder. |
| Sun 01 Feb | hoser | I sniff and log the wire all the time at home. Keeping an eye on who is surfing what and when. I can watch the IM chat in real-time if I like. At work, we sniff the wire as a matter of routine - we do networked hardware products and often analyze the round trip response time of packets as we attempt to understand performance issues. A 'sniffer' is nothing more than ethereal, an ethernet hub and physical access to the last router or switch. |
| Sun 01 Feb | Philo | Hoser - I know that, but it's the 'physical access' part that makes me think that's why it's not that common; not that people aren't bothering, but that they simply can't get to where they need to be to do it. Philo |
| Sun 01 Feb | veal | Ahh... secure by lucky happenstance. |
| Sun 01 Feb | Wayne | If all you have is a switch, then the only traffic you should be able to sniff will be your own and broadcasts right? Is there a way to get around this? I'm asking because I was using ethereal in my office and I couldn't see anything but that. |
| Sun 01 Feb | anon | Yes, at least that's the theory. If someone manages to hijack your router/end point and gets it to log all packets (no doubt some routers do this for diagnostic purposes, I really don't know, though) then it's game over man, f'ing game over !! [leading space added for extra effect ;-)] In theory you can poison the arp caches of other hosts on the switch, i.e. tell them to associate the IP address of the router with your Ethernet MAC address (this assumes an Ethernet) and log packets on their way through, before forwarding them on to the real router. This is basically a man-in-the-middle attack and a similar effect could be achieved one level up the protocol stack (in the OSI model) by using an ICMP redirect. In that case, you'd only get IP traffic, though. At a very (and I do mean very) basic level, a switch is just a hub with a lookup table mapping port number -> IP address. It is, in theory, possible to overflow the lookup table and make the switch revert to a hub-like operation. There's probably some info about this in some issue of phrack, though I imagine it depends very much on the switch manufacturer. More advanced switches allow the administrator to dedicate a port or a group of ports to be a VLAN. As an aside, there are some interesting ways to detect sniffers on the network. Try and ping an IP address that doesn't exist on the network and if a sniffer is running it will probably send out an ARP request for the Ethernet address. This is more a side-effect of the Ethernet card being in promiscuous mode than a software sniffer running. I believe the l0pht wrote a utility to detect sniffers that used the round trip time of ping under heavy network load, the idea being that if a machine is logging loads of packets it would take it longer to respond, I think. |
| Sun 01 Feb | Ori Berger | Many switches can designate one (or more) of their ports as 'span ports', which get _every_ packet that arrives at the switches (except when their buffer overflows, etc. ). If your switch doesn't have a span port, you can try to force it into hub mode by arp poisining and similar techniques, or connect an ethernet 'tap', which is a passive device that goes in the middle of an ethernet cable, and connects to two ethernet ports, through which you can sniff the ingoing and outgoing communication respectively. Sniffers are common; Keyboard loggers are _much_ more common, and -- from a hacker's point of view -- much more useful. Who cares about encryption when you can tap into the data before it's encrypted? |
| Sun 01 Feb | www.marktaw.com | It depends on who you're concerned with sniffing your conversations. The government probably (echelon/carnivore anyone?), AOL probably, your corporate firewall probably, your wife, maybe. Hackers? I dunno. Why, afraid Bill Gates is reading your lovey-dovey AOL messages? And what are you doing on AIM anyway, you should be on MSN messenger! |
| Sun 01 Feb | Philo | No, it's just that at various points in time, due to various lapses, I've had SMTP servers hijacked and FTP servers tagged. In both cases it's happened when I allowed relaying or anonymous FTP 'just for a little while' - I think it generally takes hours. But due to client requirements, I've sent usernames/ passwords in cleartext for years and never been hacked. That doesn't make it good practice or advisable, but knowing that you generally need either physical access to a switch or malignant code on the machine, it makes me wonder how often cleartext passwords are actually grabbed. And now that I think of it, I've been 'reprimanded' several times for using standard FTP, but nobody ever says a word about allowing anonymous FTP access... Philo |
| Sun 01 Feb | Voice of rationality | I've always personally thought the anxiety over sniffing was a silly one, but am gradually giving it more credence. I'm still highly skeptical of anyone who tells me that I'm at risk from my home DSL or dial-up connection. Is someone really going to install a sniffer at my ISP? Well, the FBI, sure. (google on Carnivore). But I doubt anyone else. And my online banking service told me there's never (i.e. NEVER) been a case of someone using sniffed credit credit for a false transaction. They're probably telling the truth. But what has me now worried are the following trends. (1) Corporations monitoring Internet access by their employees (one of my clients, for example) (2) People who sit in Internet cafes and grab wireless packets. (a guess, but a likely one) and (3) There's documented cases of people installing keyboard loggers at public internet sites like Kinkos. (c.f. http://www.theregister.co.uk/content/55/31832.html ) So, it's worth being careful. Especially on a public internet terminal or over a wireless link. |
| Exception handling: where to put initialization | Sun 01 Feb | Me |
| Easy in C++: RAII pattern, right? In C# or Java we have two alternatives: ItemContext ctx = null; try { ctx = ItemContext.Open (@\machine\Legal Documents); [...] } finally { if (ctx != null) ctx.Dispose(); } ..or.. ItemContext ctx = ItemContext.Open (@\machine\Legal Documents); try { [...] } finally { ctx.Dispose(); } Which one do you prefer? Why? |
| Sun 01 Feb | Gwyn | I must be missing something because I'd obviously prefer the first because it actually catches the error! With the second you're potentially going to end up with an unhandled exception (unless you're proposing the method that called this one will have a try..catch block in it. I'd still go for the first and catch the error at the most specific level where I can probably give some more meaningful diagnostics. |
| Sun 01 Feb | Joe | With the second you're potentially going to end up with an unhandled exception (unless you're proposing the method that called this one will have a try..catch block in it. ??? neither version catches the error, presumably the intention is that it's caught further up the call stack. I'd have a slight preference for the second variant, but better than either is the using statement: using (ctx = ItemContext.Open (@'\machine\Legal Documents') { [...] } |
| Sun 01 Feb | somebody | I concur with Joe. 'using' is the way to go. |
| Sun 01 Feb | Gwyn | Sorry! See I knew I must have missed something! Glossed over the absence of the Catch statement! Rereading it I can't really find a preference. The second approach (or its using variant) looks attractive but surely it depends... it must depend on the number of different objects I create within that method, espeically if they have different lifetimes within the method, e.g. Create A Create B Dispose A Create C Dispose B Dispose C In this case you're really have to go for the first option and in your finally block do a possible free of all 3. Of course the way I manage my objects could be non-standard (I am my own mentor and guide on these sorts of things!) and perhaps it is more normal to wait until the end before disposing: Create A Create B Create C Dispose A,B,C In fact, I really should go and look up a bit more detail about disposing in .Net as I'm still a bit ignorant about all the implications. |
| Sun 01 Feb | veal | I consider the second to be absolutely the proper Java idiom for ensuring release of a resource. Obviously, neither is outright wrong. The first example contains pointless activity and clutter, and is therefore inferior. However, the first one has one minor 'advantage' in that nested allocations of resources can be cleaned up, albeit somewhat carelessly, in a single finally. I see that done all the time, and I don't usually give the programmer any grief over it. With JDBC, you often must nest releases three deep. (Connection, Statement, ResultSet.) Doing all these close calls in a single finally, using the null check of example 1, tends to work, as none of the JDBC close methods seem to ever throw exceptions in practice. (It's still not truly correct though, and is can be burned by an unusual but properly behaving driver.) I've found that average Java programmers get really unconmfortable around the nested finally for some reason. In fact, merely having try without a catch seems to often baffle them. Still, I'd rather the second example by far. If you make an exception to the typical Java coding-style rules to plop the release all on a line, it also reads quite clean once you're familiar with it. Connection connection = dataSource.getConnection(); try { Statement statement = connection.... try { // do work } finally { statement.close(); } } finally { connection.close(); } |
| windows Update not working? | Sun 01 Feb | |
| Is windows update not working for anyone else at the moment. It just locks up IE when I go to the page. Also cant register my WinXP. |
| Sun 01 Feb | Brad Wilson | Just used it to update one of my W2K3 VPCs. Worked fine. You know, if you're using the well know cracked key for Windows XP, you're locked out of Windows Update as well as service packs. Hope that's not the case. ;) |
| Sun 01 Feb | no name | I'm using the Windows XP that I recieved with my MSDN subscription. Maybe I should try reinstalling it. |
| Sun 01 Feb | Tim Lara | >>Maybe I should try reinstalling it.<< That's the only thing that fixed it for me. (Doing the 'upgrade' over the existing install.) Check out: http://discuss.fogcreek.com/joelonsoftware/default.asp?cmd=show&ixPost=99021 |
| Sun 01 Feb | no name | Thanks for the link Tim, I'll try the upgrade thing. |
| Throwing the Baby Along with the Water | Sun 01 Feb | Shlomi Fish |
| There was an IIS bug some time ago, in which IIS could accept paths with ../../../ etc. leading to other documents in the hard-disk. (e.g: http://myhost.com/../../../windows/system.ini) Microsoft fixed this bug by saying that it wont allow a path component which starts with a dot in it URLs. Thus, I cannot serve http://myhost.com/~shlomi/.vimrc - I have to rename it. Now, Microsoft is ruling that Internet Explorer will not accept a username on the URL, because it had some security vulnerabilities in handling it. These fixes do not remedy the bug or increase the code quality. And they harm the users due to the developers incompetence. Its like throwing the baby along with the water. |
| Sun 01 Feb | Row | Microsoft also produces extremely high quality software. Yes, it has some problems, but all software has some problems. We must look at the global picture, not at small features. |
| Sun 01 Feb | Simon Lucy | Well you could also consider that .xxxx files are also generally hidden on *nix and that they shouldn't be expressly displayed by default. |
| Sun 01 Feb | Lou | You should probably serve that file as vimrc.txt, or serve it as a gzipped file with the .vimrc file inside of it. Your server probably defaults the mime type to text for the .vimrc file, but these solutions make sure it gets served the way you want it (as text) and retains enough of the name to make it identifiable and useful as well as servable from an Apache host if you ever decide to move your server. |
| Sun 01 Feb | Shlomi Fish | Simon Lucy: yes, but if I do 'less $HOME/.bashrc' I see the contents of .bashrc. Similarly, I expect that if a web server has a file lilke that I can do a 'wget http://myhost.com/~shlomif/.bashrc', I'll retrieve the file, whether I may or may not see it in http://myhost.com/~shlomif/. In IIS however, I cannot do that, and it sucks, because I may want to. I know it causes problems with potentially serving Subversion repositories with such files over IIS. Lou: why should I bother renaming the file? I'm not looking for workarounds, I'm looking for fixes that fix the bugs and not avoid the problem, and make life worse for the users. Imagine telling a webmaster which has thousands of accounts on his machine, telling all the people there to rename their files. If you have a problem fix it, but don't disable otherwise legitimate functionality. |
| Sun 01 Feb | son of parnas | Row, the problem is that bugs are a good indicator of other bugs and poor design and implementation. Work arounds do work around the bugs you don't know about. Given the stream of bugs poor quality must be the case. They need to fix it in the code for anyone to feel secure. Work arounds should make you feel less secure. |
| Sun 01 Feb | son of parnas | Should read Work arounds do NOT work around bugs... |
| Sun 01 Feb | Dennis Forbes | 'Microsoft 'fixed' this bug by saying that it won't allow a path component which starts with a dot in it URLs. ' While I've never had the need, a quick test (IIS 5.1 fully patched) just confirmed that IIS has no such limitations -- it'll happily serve up . prefaced files successfully. Do you have IIS Lockdown with URLScan installed? If so, URLScan is rule driven -- if you think that that rule is unnecessary then change the rules to allow it. |
| Sun 01 Feb | old fart | ln -s /home/shlomif/.vimrc /home/shlomif/vimrc.txt |
| Sun 01 Feb | Tony Chang | Ah shit. I am going to have to change every single page on all my web sites. I used HREF="../../index.html" type links everywhere in my documentation webs to refer back to parent pages so that my pages work as well on a local folder as they do in a hosted browser. |
| Sun 01 Feb | Tony Chang | I agree with Shlomi that this is not a fix for the stated bug - it is a horid and poorly thought out hack by the code monkeys at MS. .. links don't go above the web directory on any web server I've ever used - I guess IIS is some freaky exception. The way to fix it was to fix it (a single line of code I imagine), not to break 20% of the web. |
| Sun 01 Feb | Jorel on Software | It's don't throw out the baby with the bath water. |
| Sun 01 Feb | Tony Chang | 'Microsoft also produces extremely high quality software.' How do you define quality Row? |
| Sun 01 Feb | Tony Chang | 'Given the stream of bugs poor quality must be the case. They need to fix it in the code for anyone to feel secure. Work arounds should make you feel less secure.' son of parnas, this is a fantastically lucid statement. Couldn't have said it better myself. |
| Sun 01 Feb | sgf | 'Microsoft also produces extremely high quality software.' Great news. Must have missed those titles. Tell me what they are and I'll switch to using them. :) |
| Sun 01 Feb | Caliban Tiresias Darklock | Shlomi, relax. You are not going to have any problem with user directories or dot-files. IE is removing support for RFC-1738 'user:pw@' syntax, which is a monumentally stupid idea anyway. The people using this for legitimate purposes ought to know better, and are probably NOT using IE or IIS. Nothing is going to break. http://support.microsoft.com/?id=834489 Furthermore, the use of '..' in path names through ASP code may be disabled on IIS 5 and earlier, and is disabled by default in IIS 6. You can still turn it back on, and it only affects ASP code anyway. http://support.microsoft.com/?id=332117 Any announcement that 'Microsoft is about to make all of our web sites stop functioning' should generally be rephrased as 'Microsoft is going to make everyone stop using their web browser' which is such an incredibly absurd concept that you will intuitively give it precisely the attention and credit it deserves. |
| Sun 01 Feb | i like i | Damn, plain-text authentication is perfectly acceptable for many situations, e.g. forums. I have appropriate bookmarks set to username:password@forum.whatever.com to keep things simple for me. The idea of having to periodically type it in again is annoying. |
| Sun 01 Feb | veal | I'm rather embarassed to post, when I sense that I missed a joke. But... I really hope, Row, you were being ironic and we just missed the joke, because that response is ridiculous. (Just on the off chance that you weren't being ironic... exactly which big picture could possibly justify such a shameful workaround?) Shlomi, if you didn't have reason already, that sounds like reason enough to dump IIS. There are plenty of much better web servers, even on Windows. |
| Sun 01 Feb | Brad Wilson | 'Damn, plain-text authentication is perfectly acceptable for many situations, e.g. forums. I have appropriate bookmarks set to username:password@forum.whatever.com to keep things simple for me. The idea of having to periodically type it in again is annoying.' Considering Windows will remember these passwords for you, why don't you just let the browser do the work instead of contriving the URL? It's not like it's that big a deal to hit enter when prompted with the already-filled-in user and password information... ;) |
| Sun 01 Feb | Zahid | Because then the browser will periodically transmit my password information to Microsoft, allowing Bill Gates to surf my favorite porn sites while spoofing as me. |
| Sun 01 Feb | H. Lally Singh | Zahid: that's it, he's crossed the line! DOWN WITH GATES!!! |
| ASP.NET better than asp? | Sun 01 Feb | redguard |
| Now we are developing an asp.net project. I already developed some old asp project. Now I just doubt why asp.net is better than asp in soft engineering view? We just follow the microsoft s team guide to configure our project. Now we met a few problems. 1. .net consumes too much memory (800M) when .net, iis is running on my pc (no database server) 2. It took 8 minutes to build the project (30-40 pages, no complicated dependent relations) 3. .NETs smart sourcesafe addin is too hard to understand, operate and easy to corrupt. 4. I can not edit code when debugging mode 5. Its smart configuration file almost kill us. 6. seems not easy to debug client script. Yes, I do like some language syntax, data structure improvement in vb.net (we use vb to develop asp.net). but .nets ide is too friendly. In old days, we use simple editor+microsoft script debugger. simple, free and easy to use. redguard http://www.d2ksoft.com |
| Sun 01 Feb | Matthew Lock | I hear you. ASP.NET has certainly more features and power than ASP classic, but it is much harder to understand and as a consequence I think most non-professional time coders such as a graphic designers and people looking to add a little functionality to their sites will be migrating to PHP rather than ASP.NET. I can't help feeling that abandoning the simple and straightforward ASP classic will be a terrible strategic move for Microsoft. I like ASP.NET but it lacks what Larry Wall calls 'whipupitude.'. The ability to whip things up in a few minutes. |
| Sun 01 Feb | Matthew Lock | Actually this guys states it better than me: http://groups.google.com.au/groups?hl=en&lr=&ie=UTF-8&oe=utf-8&safe=off&selm=3E559B0D.100CE4C1%40hal-pc.org&rnum=6 |
| Sun 01 Feb | NNL | I'm not quite sure that PHP will stay that simple. Look what PHP developers are preparing for the next version (5.0): http://www.php.net/zend-engine-2.php Somehow it looks like ASP.NET or JSP/Java: Object-orientation everywhere! It's the price for being more powerful and being able to develop bigger and more complicated systems. And it's good - PHP developers are doing the right thing. Otherwise, PHP would have a reputation of being just an entry solution for simple web applications. Anyway, with smart spplication architecture (ie. with XML/XSLT) you can still make it easy for a designer to make her designs while not be forced to learn abstract classes and methods or copy constructors (both PHP 5.0 features). And, regarding that usenet thread: There's something that Microsoft and Sun haven't told to all the people who aren't software developers. YOU NEED TO KNOW OO TO USE OUR PLATFORM. Since ASP.NET release I'm reading similar posting: My ASP.NET application falls apart! Why is that? Well, a closer look reveals the lack of good OO design and good architecture. The principles of script programming don't apply anymore and, to be honest, I'm happy with that because I hated every day I needed to spend with those ASP include files. A problem I mitigated with WSC's (Window Scripting Components - basically scripting components with COM interface). PS - PHP syntax looks more and more like C++ (with all those __FILE__ where different number of underscores means something else) which is a bad thing. Even for Java/C# programmers :))) |
| Sun 01 Feb | Brad Wilson | Something is wrong. We have an ASP-model business. Our application runs on ASP.NET. An entire application, not just a web site. When IIS is running, it takes perhaps 25M of RAM for our application. Compiling the hundreds of thousands of lines of code takes no more than 30 seconds on ridiculously slow hardware, and on our typical development machines, only about 7-8 seconds for a full rebuild, and about 1 second for an incremental build. Allow me to repeat: something is wrong. |
| Sun 01 Feb | Matthew Lock | >> YOU NEED TO KNOW OO TO USE OUR PLATFORM. Since >> ASP.NET release I'm reading similar posting: My ASP.NET >> application falls apart! Why is that? Well, a closer look >> reveals the lack of good OO design and good architecture. I'm not going to deny that OO is a great tool for abstraction in the right hands but why does a graphic designer for example. need to understand OO just to whack together an guestbook, or email form? They don't, yet ASP.NET will now force them to understand it. Hence the migration I can see to languages that don't make OO compulsary, such as PHP, perl, Python etc. |
| Sun 01 Feb | NNL | A graphic designer who wants to put a page counter or a guestbook together can still do it in good ol' ASP. It's there, delivered with every IIS installation just like everyone can use simple PHP features for simple tasks and scale to the more complicated ones. One must know the difference between a simple screwdriver and a screwgun machine (ie. http://www.hilti.com/holcom/modules/prcat/prca_navigation.jsp?OID=-10079) and use them accordingly. |
| Sun 01 Feb | Matt Conrad | I agree with the other guy that your performance problems don't sound typical. We don't see anything like that here. I love ASP.NET. I can write complicated stuff SO much quicker than I could with ASP, and it's much nicer looking code when I'm done. It's an abstraction layer, and comments about leaking surely apply here. Some things, like the ASP.NET validators, just don't work the way I think they oughta. But working around those oddments is a trivial cost compared to the overall benefits. MS did a brilliant job of abstracting the web development process. I really hope the Mono guys can get their version polished up and ready for the real world. If I had spent a couple years doing serious ASP development, and had a nice little toolkit built up that I was very happy with, I'd probably keep using that most of the time. I'm not religious about it or anything. But I didn't, and so ASP.NET is a godsend. I would look into your performance problems as something to be troubleshot, not part of the normal price tag for ASP.NET. Sorry I don't have any more specific advice. |
| Sun 01 Feb | Greg Hurlman | Is it possible that your first foray into ASP.Net programming yielded some sort of memory leak? I have never seen an ASP.Net app take up 800MB of memory unless working under large stress or with very large files/objects. Perhaps this leak is contributing to the horribly slow build times you are experiencing. Other points: - The VSS 'smart' add-in you're talking about is terribly slow and prone to corruption because, well, it's VSS. I have high hopes for VSS 2004, but I'm not holding my breath. - If you prefer debugging ASP.Classic over ASP.Net, you've been living in scriptland entirely too long. Coming from a compiled software dev background, I personally think it's a godsend. - The 'smart' configuration file? Are you talking about the web.config/machine.config/app.config files? What about them is all that difficult? - If you're attached to the process running on the server, yes, it will be impossible to debug the client script. If you want free, try the ASP.Net Web Matrix (http://www.asp.net/webmatrix/default.aspx?tabIndex=4&tabId=46). If you want easy, perhaps you should stick with what you know. |
| Sun 01 Feb | Mark Hoffman | '1. .net consumes too much memory (800M) when .net, iis is running on my pc (no database server)' This is atypical. Most likely, something has been misconfigured on your end. I'm responsible for dozens of servers running ASP.NET and I've not seen this happen. '2. It took 8 minutes to build the project (30-40 pages, no complicated dependent relations)' Once again, something is wrong here. This isn't normal ASP.NET behavior. '3. .NET's 'smart' sourcesafe addin is too hard to understand, operate and easy to corrupt.' Hard to understand? You right click a source item and select check in or check out. I've not used in any other source control system with VS.NET, so maybe there is one that is easier, but VSS seems pretty straightforward. As far as the corruption goes..I hear ya on that. This is why it's sometimes known as SortaSafe. '4. I can not edit code when debugging mode' This is the nature of the beast. It's compiled, not interpreted like ASP. I've heard that Whidbey will offer this somehow, but I'm not certain about that. |
| Sun 01 Feb | Philo | 'why does a graphic designer for example. need to understand OO just to whack together an guestbook, or email form' They don't, and ASP.Net doesn't make them. In fact, you've pointed out one of the huge reasons ASP.Net is better than ASP - far better separation of business logic from presentation design. I worked for two years with a UI guy - he did all the forms layout, I did the coding behind the scenes. We worked very well together in ASP.Net. As for 'whipitupitude' - I suspect the issue with ASP.Net here is simply getting used to the new paradigm. I just 'whipped up' a pretty nice looking datagrid based on a fairly complex query in five minutes, all from within VS.Net: Use the Server Explorer to browse to your database, drag a table, view, or stored procedure to a blank ASP.Net form, create a dataset, set a few properties, write two lines of code, run. Philo |
| Sun 01 Feb | Matthew Lock | Philo, out of interest how long does MS plan to keep shipping ASP classic with IIS? |
| Amnesty human rights blasts Microsoft (Wrongly?) | Sun 01 Feb | karthik |
| http://observer.guardian.co.uk/business/story/0,6903,1136045,00.html I dont think they are right. I mean what kind of software would that be?. From what i remember, the Saudi Government also blocks sites that are against their religion. Is this a software or is this a simple setting at the main server end? Can someone elaborate? |
| Sun 01 Feb | Lou | Agreed, Amnetsy International is wrong on this one. Should Microsoft allow companies to prevent access to site with explicit content but prevent the prevention of access to sites with "democracy"? And how would they go about defining the words a user couldn't define? Seems like a case of wanting to point the finger of blame so badly one fails to think of how the accused could have prevented the crime. |
| Sun 01 Feb | sgf | How much of the "Microsoft" software running in China is even legitimate, anyway? Much as I dislike M$, can't blame them for how their software is used, especially if it has been pirated. |
| Sun 01 Feb | Mark Hoffman | Oh good grief. ''[Microsoft] should be more concerned about human rights abuses and should be using its influence to lift restrictions on freedom of expression and get people out of prison. ' Um..no..They should be fixing their bugs in their code. We'd be happy with that. Let the knuckleheads at the UN use their influence to 'lift restrictions on freedom....' 'Amnesty believes Microsoft is in violation of a new United Nations Human Rights code for multinationals which says businesses should 'seek to ensure that the goods and services they provide will not be used to abuse human rights'. ' Another great piece of wonderment to come out of the UN. That sounds all nice, warm and fluffy on paper and makes it's creators feel better about themselves, but how in the hell do they plan on having companies do this? Are companies supposed to have entire regulatory divisions like the government to enforce proper use of the equipment they sell? |
| Sun 01 Feb | Andrew Cherry | Although, on the other hand, witness the recent controversy about Photoshop CS, where you can't open or work on any image containing a scan or picture of an official banknote (US dollars, Euros, etc.) It does seem that some companies ARE trying to enforce laws with their software... The line between this, DRM, and stopping China blocking sites on democracy, is quite blurry I would think... |
| Mike Rowe Soft The Final Chapter (Redux) | Sat 31 Jan | www.marktaw.com |
| http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3382073018&category=2312 His book of legal documents is up to $100,000 on ebay & still has 5 days left. |
| Sat 31 Jan | no name | That can't be right, can it? |
| Sat 31 Jan | Dennis Atkins | One check in the hand is worth an infinite number of bids over $10,000 on ebay. |
| Sat 31 Jan | Schlemeil | A bid of $100,000 is not the same as actually collecting $100,000. I suspect that Mike is in for a bit of disappointment. |
| Sat 31 Jan | Belmont Park Born | I used to live in that part of town. Getting $100k US (and climbing) will be like winning the lotto. That's not to say ... Good on 'im. That is if he gets it. |
| Sat 31 Jan | T.J. | Well, with 251,000+ viewed on that site... might as well find a sucker big enough... |
| Sat 31 Jan | Mark Hoffman | It's interesting that the person who just bit over $100K most recent purchase on eBay was for a $40 GeForce 3 video card... |
| Sun 01 Feb | Dennis Forbes | He knew that if no other joker didn't outbid him, he could just make himself a new account and outbid himself. There is so little real accountability of Ebay bids that it amazes me that these sorts of auctions (like the town in California, or Eminem's childhood home, etc) get any interest at all -- It's bogus people. There is no real onus on a bidder to pay squat. |
| Sun 01 Feb | T. Norman | He may not be able to collect from the high bidder, but once that fails he can go to the second-highest bidder, and on down the line. There is a good chance he will be able to collect at least the $10K he originally wanted from Microsoft. |
| Sun 01 Feb | Andy | I can just imagine the person who wins it poring over the legal documents. What fun. Some people have way too much money on their hands. |
| Sun 01 Feb | Simon Lucy | If you place a bid of over $15k then you have to have some form of id and value, like a credit card. For a high profile auction like this it wouldn't be too hard to evaluate whether someone has the money to back it up. I notice that its up to 117k now. |
| Sun 01 Feb | no name | >> 'Sorry, I will not be accepting bidders with 0 feedback. If you have 0 feedback and are serious, please contact me via the contact seller link at the top of this auction so that I may verify your intentions.' ROFL. What a naive piece of shit that Mike Rowe. Hey Mike! You have no feedback either dumbass. |
| Sun 01 Feb | www.marktaw.com | > Hey Mike! You have no feedback either dumbass. Have you seen his new advertising company? Visit MikeRoweSoft.com and check out the blurb on the page. |
| Sun 01 Feb | no name | Pfft... I bet that site lasts like 6 months. One freak experience doesn't account for much... |
| Sun 01 Feb | GuyIncognito | 'I have joined together with students from Princeton University and the University of Pennsylvania 's top ranked Wharton School of Business to form a freelance marketing agency. I've seen first hand the power of technology and the media to bring any business the attention its owners desire. My partners and I have become experts in utilizing these tools to develop and deliver truly original concepts at the lowest possible cost. ' I'll be looking for your Superbowl commercial tonight... :) |
| Sun 01 Feb | www.marktaw.com | You know they're just going to tell you to register a controversial domain name. |
| Sun 01 Feb | MR | There is no way his 'ordeal' justifies a $200K+ reward. Does anyone think he naively thought that Microsoft wouldn’t come after him? $10 says that he started this purposely to cause all this commotion. But, I’m just jealous I don’t have a get-rich-quick scheme like this, too. :( |
| Sun 01 Feb | a cynic writes... | Just as I thought this whole thing couldn't get any sillier, other people are getting in on the act. There is, would you believe, an official Microsoft parking ticket being auctioned. This is going for 16c at the moment. Meanwhile you know who's letter and WIPO book is up at $200k. I suspect someone's pulling his leg. It's all got deeply, deeply silly. |
| Single Server Security in Colocation | Sat 31 Jan | anon b/c i am admitting i have a security hole. |
| Let me preface this question with the admission that I am being cheap. I have a single server that I am about to deploy in a collocation facility. I am trying to avoid paying for their PIX firewall, (@$75.00 a month.) Is there a software firewall that is robust enough that can sit on the same server as the Web/SQL/Application server that it would need to protect. I have changed all the default ports, but that alone isn’t enough. I’ll pay the $75, if there is not another viable alternative, but welcome any suggestions. |
| Sat 31 Jan | Wayne Earl | ipchains/iptables under Linux. ipf under *BSD. Dunno about Windows. Perhaps ZoneAlarm? You didn't specify the platform. Actually (this might seem a bit harsh, but that is not my intention - just a statment based on my experience), your biggest security hole is your apparant lack of security knowledge, not necessarily your lack of a firewall. |
| Sat 31 Jan | anon b/c i am admitting i have a security hole. | Is a windows box. I can lock down the box pretty easily with a pix, my weakness is not knowledge, but cash, or the desire to preserve what revenue I am generating. |
| Sat 31 Jan | Joel Spolsky (Fog Creek Software) | Windows 2000 servers have something called Routing and Remote Access. If you turn it on you can set up input filters which are basically like a packet filter, not quite a firewall. |
| Sat 31 Jan | christopher baus (www.baus.net) | ipcop.org |
| Sat 31 Jan | Thought du jour. | So again. Windows costs more, not less. |
| Sat 31 Jan | suggestion | Why don't you pay somebody a one-time fee to harden your box for you, or show you how? |
| Sat 31 Jan | Brad Wilson | On Windows 2000 and later, if you know what you're doing, you can use IPsec to lock things down. That's what we've done (as part of defense in depth that includes an actual hardware firewall, by the way), and it works splendidly. |
| Sun 01 Feb | Li-fan Chen | This is just my observation, but if a cohost isn't particular about having you bring in a few mini routers to a dual server operation (I know, your question is about a single server operation), you might consider bringing in a mini-firewall too. They go for around the USD$500 price point coming from professional firewall companies and USD$20 from LinkSys and are just a little bit bigger than those mini 5 port routers. I am sure there is a difference in throughput and quality somewhere worth observing but for now that's for you to research. |
| Sun 01 Feb | Li-fan Chen | Brad, I know you qualified your IPSec recommendation with mentioning that it's behind a hardware firewall. I just want to point out that IPSec do little or nothing for regular services fronting on the NIC card for public services like port 80 and friends. What comes with Windows 2000 is stateless TCP/UDP port blocking if I remember correctly, and they may or may not kick into operation early enough (before services are bound) in the boot up sequency (someone correct me if I am wrong on this). IPSec WILL do wonders for remote authorized personnels running LTP+IPSec who needs secure tunneling to all authorized services. With or without IPSec, a real firewall of some sort is still critical. |
| Sun 01 Feb | Li-fan Chen | You'll have to know what you are getting into paying for the $75 security tax. Is the PIX firewall shared or dedicated to protecting your NIC card? Will they put in the time to upgrade all firewalls with patches? Maybe $75 is a great deal if you are too lazy to patch your firewalls? Do you prefer to read hours of documentations to understand a new exploit that's flooding your server RIGHT NOW or call them up knowing they are familiar with adding that one IOS command that will just plug it? Not often asked: A dedicated firewall? The custom ASICs/fabrics firewalls depend on have thru-put limits, figure out if they promise to out do what you can pump out via web protocols or receive via mail protocols (and secured ftp and ipsec). Did they get enough firewall oomph to do anything for your busy servers? |
| Sun 01 Feb | Brad Wilson | 'I just want to point out that IPSec do little or nothing for regular services fronting on the NIC card for public services like port 80 and friends.' Sorry, that's not true. IPsec is layers below any service, an integrated part of the IP stack. |
| Sun 01 Feb | fw | A firewall? Fair enough. Windows already has port filtering built in if that's what you want. But no firewall is going to protect you if you're using IIS for example with 100000 holes in it. Don't trust a firewall for security, it's a step, a feature, and not even a great one. I like to put out boxes which I have to secure, and no rely on some firewall. For example, make mssql listen on 127.0.0.1 only, and let your app connect to that. Make sure you stay up to date with anything that is open, get on announce lists for everything that is open. I've seen so many people piss away so much money on retarded things like firewalls, and still run a default out of the box IIS 4 webserver. |
| Sun 01 Feb | | What type of performance hit, if any, is there on TCP/IP filtering? |
| Sun 01 Feb | Gwyn | I recently set a Win2K3 box up as a colo. I didn't want to fork out for the extra either so I'm just using the basic port protection that comes with 2003. Plus of course simple things like setting a SQL Server SA password! I've only got the absolute minimum of ports open, but this includes VPN so that I can use Remote Admin over that. The server is not a life or death thing for me right now so I'm happy to see it get hacked. At least I can learn from that so that when I do put important stuff on it it'll be better protected. Anyone on this list who wants to can 'have a go' at it: 80.82.141.141. But please leave a calling card rather than trashing it! |
| Sun 01 Feb | | Nice, Bring it on Mentality. Security is just insurance, you get what you pay for and common sense goes a long way. |
| Sun 01 Feb | Rich | I've used SecurIIS (by eEye, I think) that only lets URLS with certain patterns make it through to the IIS server. This limits buffer overflow attacks like Code Red. |
| External Hard Drive for backup | Sat 31 Jan | Prakash S |
| what do you guys usually do for backup? I am thinking of getting an External hard drive. Any recomendations or alternate solutions? thanks, |
| Sat 31 Jan | Philo | For a desktop? Or a laptop? If tape it out of your budget, my general recommendation would be to get a pair of large hard drives and a hot-swap enclosure. Put the drives in carriers, then switch them every night Philo |
| Sat 31 Jan | Eric Debois | I have my own server for this specific purpose. I simply zip my work folders and upload them over FTP or the network depending on where I am. |
| Sat 31 Jan | Krish | Prakash, If I remember correctly, you have a Laptop. I use an external USB hard drive with OneTouch backup for my laptop. Whenever I want it (mostly once a week) I press the OneTouch button and back it up. |
| Sat 31 Jan | Prakash S | Philio: yeah, I have a laptop. Eric, do you do a backup of that server? Krish, Which one do you use, and how much did you pay for it? thanks guys. |
| Sun 01 Feb | Brad Wilson | +1 for the external Maxtor OneTouch drives. I love mine! |
| Sun 01 Feb | Cybersuraa | -1 for the Maxtor One touch 160 GB drive. It crashed 3 months after I got it, and it cost a bundle to recover all the data off of it. |
| Sun 01 Feb | Immature programmer | I bought an ACOM Data USB 2.0 / FireWire HDD (80GB/5400RPM) a while back. That + Norton Ghost 2003 has served all my backup needs well. |
| Sun 01 Feb | Eric Debois | >>Eric, do you do a backup of that server? Sort of. I occationally burn all the zips to a CD, but its more in the way of archiving than backing up so to speak. But since all the zips exist both on my laptop and the server, I figure its enough. Ive been thinking about putting in an extra HD in the server and either have a software raid or just put a script in there that copies the zips to the second drive, but I havent really felt the need to do that. (But then again, you only 'feel the need' for a stronger backup scheme when something has already gone wrong.) |
| Sun 01 Feb | Len Holgate (www.lenholgate.com) | I have 3 x 20gb Lacie firewire pocket drives. I have a script that does an xcopy backup of my data. At present I get around 2.5 complete backups per drive, uncompressed. I keep one of the drives on my desk for the next backup, one in my safe and one in a safe at my dad's office. I don't rotate them as often as I should which means the offsite one gets a bit out of date sometimes. Not the cheapest option, but it seems to work pretty well. Faster and easier to restore from than the tape drive I used to use. The machine I'm backing up from has multiple drives and the important stuff is stored in a CVS repository on one drive and worked on in a working area on another drive... |
| Sun 01 Feb | Andy Norman | I too take the network backup approach. There is a Win2k server here in my home office that I store all my data on. I also have a small Linux box here that handles my email and DNS services. I built a very cheap (under £350) and silent http://www.mini-itx.com/ box, installed Linux on it and installed it in the home office of an understanding friend (he doesn't have to be too understanding as the box really is silent when the disk is spun down). We both have DSL. I then use a rsync script running on my local Linux box at 4am each morning that mounts the Win2k box's data share via smb and syncs any changes to the remote server. I have another script that does things the other way so that my understanding friend has a samba share on the mini-itx box that he can use to back his data up. In theory you could do this between two Windows boxes, but I have found rsync on Windows to be too unreliable (it freezes during transfers). My original plan involved the Win2k box communicating directly with the remote Linux box using rsync, but that was unreliable which is why I do the somewhat less efficient thing of mounting the Win2k share on the local Linux box and syncing from that. I found tapes and CDs too unreliable (mainly that I couldn't be relied on to put the right media in at the right time). This way I know that all my data on my Win2k box is backedup remotely every day. The only flaws in my plan at the moment are: - I have to make sure I copy any data on my laptop to the Win2k server for backups (must get rsync running on the laptop or write some scripts to do it) - there are no historical backups (altough I do keep anything that gets deleted as the rsync scripts are set up not to mirror deletes) - I'm not backing up any open files (with my SQL server I backup the databases to files within the data share to get round this problem) I plan to add another mini-itx box at another friends house at some point (and again will backup their data onto my local server for them). |
| Sun 01 Feb | crusty admin | '+1 for the external Maxtor OneTouch drives. I love mine!' Nice and easy, but slow on USB. But if it's just for backups not a big deal. If you actually want to use files on it or move stuff back and forth regularily, the firewire Lacie D2 is MUCH nicer. |
| Sun 01 Feb | Brad Wilson | Mine is Firewire and USB 2.0. You are right that it's quite a bit slower on USB 2.0 (and hardly usable at all on USB 1.1), but it's as fast as an internal drive when used via Firewire. |
| Amazingly stupid, simple C++ question | Sat 31 Jan | No way. I feel like an idiot already. |
| I need to write a very, very simple program that writes out the computers name a text file and then copy this file out to a shared drive. Its been eons since Ive done C++, and Im struggling with strings. Here is a code snippet: char* temp = \r\n; outfile.write(temp,sizeof(temp)); Now..I know this wont work, because sizeof is gonna return 4, because it considers temp to be a pointer and does a sizeof on the pointer itself. So, how do I write a string like this to disk? How do I need to declare it so that I can use sizeof on it? Also...my code snippet to get the computer name (Were talking Windows here) is: char szBuffer[256]; DWORD dwNameSize=256; GetComputerName(szBuffer, &dwNameSize); this works, but the szBuffer will always be 256 bytes long. How do I trim this? Is there a better way to call this? Please..be gentle..I havent used C++ in years and I just need to finish this tiny app, then I promise I leave your language alone and go back to my C#! |
| Sat 31 Jan | mackinac | char temp[] = '\r\n'; outfile.write(temp,sizeof(temp) - 1); Or something like that. |
| Sat 31 Jan | Mike Swieton | Why not use a string class, such as the C++ standard one? For the file I/O, why not use the stream operators? Then you wouldn't need to know the length when you output it (it'll output to the null character, with c-strings, and it'll use the stored length in STL strings). Unless you are using some MS specific class? If GetComputerName takes a pointer to an already allocated char buffer, the docs should say how big that buffer is expected to be. And it looks like the length written to the buffer will be stored in dwNameSize (since you pass it as a pointer). At least, that'd be my guess, you should check the documentation. I don't know much about windows development, but on unix I'd accomplish your task with a shell script. I know windows has *some* scripting capabilities, so it may be simpler to use them. Hell, you could probably pull the computer name from an environment variable and use echo in a batch file to accomplish your task. |
| Sat 31 Jan | Dennis Atkins | Gawd macinac don't say if you don't know. First, that's not a minus you want there. Here's the C++ way: outfile << '\r\n'; and here's the C way: fprintf(outfile, '\r\n'); |
| Sat 31 Jan | No way. I feel like an idiot already. | Thanks Dennis! That was much simpler and works great. I've still got some weirdness with the computer name and trailing characters, but I think I can Google that and figure it out. thanks again |
| Sat 31 Jan | Caliban Tiresias Darklock | > this works, but the szBuffer will always be 256 bytes > long. How do I trim this? Is there a better way to call > this? Yes. The size parameter is also an OUTPUT parameter. ----- char *szBuffer=NULL; DWORD dwNameSize=0; // Fails, because buffer too small GetComputerName(szBuffer,&dwNameSize); // Necessary buffer size is in dwNameSize szBuffer=new char[dwNameSize+1]; // ALWAYS CHECK NEW OBJECTS if(szBuffer!=NULL) { // Buffer is now big enough GetComputerName(szBuffer,&dwNameSize); // Some Win32 APIs don't null-terminate szBuffer[dwNameSize]='\0'; } ----- I can never keep track of which Win32 APIs do and don't null-terminate strings, so I always assume they don't. |
| Sat 31 Jan | No way. I feel like an idiot already. | Ok..one more simple question that has me confused. What is the best way to turn a number into a string? I've generated a random number using rand, and I want to use this as my filename. Do I use the ostringstream class? I see some stuff on Google, but I also see concerns about memory leaking. I just need to be able to take my usigned int, convert it to a string and add an .xml extension to it. This seems so simple, but I see about 43,213 ways of doing it. |
| Sat 31 Jan | Caliban Tiresias Darklock | char str[12]; srand(time(NULL)); int num=rand(); sprintf(str,'%d',num); |
| Sat 31 Jan | Caliban Tiresias Darklock | Oh yeah... your .xml extension. Sorry. That last line ought to be: sprintf(str,'%d.xml',num); There are more C++ ways to do it, of course, but I don't mess with those too much. |
| Sat 31 Jan | Mike Swieton | A few things: Don't use sprintf. Ever. Under any circumstances. This is because it is difficult to tell whether or not the buffer you give it will be big enough. If you must use an sprintf method, use snprintf, which can check the size. It's not a standard method, so you may have to go and find an implementation. Two: std::string is your friend. You won't leak memory with a stringstream and output to a std::string object. Don't fight C++ :) If you're using C++, at least consider doing it the C++ way. Basically everything C++ adds was meant to make it easier to develop good software in than C. Whether it acheived it or not is debatable, of course. Extremely debatable. As I recall: std::stringstream formatter; std::string output; formatter << someNum << '.xml'; formatter >> output; |
| Sat 31 Jan | Dennis Atkins | I like sprintf myself and find it is perfectly safe... when used appropriately. 'Never use'? I hope you are exaggerating... Me, I'd say , 'whenever' you use sprintf, make sure there is absolutely no possibilty of overflowing the input buffer. The * operator in the printf language is your friend. |
| Sat 31 Jan | Caliban Tiresias Darklock | But snprintf() truncates your string. So when your buffer is too small, you don't get an access violation -- you get the wrong filename. At least an access violation tells you that something is wrong. |
| Sat 31 Jan | Mister Fancypants | I agree with the other posts in this thread that you're better off using streams and the standard string class, but since I didn't see anyone mention it previously, what you were really looking for in the original post was strlen() rather than sizeof(). Assuming your char pointer string is null terminated, strlen will return the number of characters in it. If you want to be pedantic you can then multiply that number by sizeof(char) to get the size of the string data, but other than in very odd environments sizeof(char) will always be 1. |
| Sat 31 Jan | No way. I feel like an idiot already. | Thanks everyone for the helpful posts! I really appreciate it. If I had gone to the newsgroups with such a simple question, I would be have been yelled at with comments such as 'RTFM you newb!!' Thus ends my quick adventure with C++. I'm now retreating back to the land of C# where I actually feel like I know what I am doing. Thanks again. |
| Sat 31 Jan | Mike Swieton | Caliban: You only *might* get an access violation. You could just overwrite other variables in the stack, or if it's coming from user input, it could just smash the stack and run arbitrary code. Snprintf will usually tell you when it truncates, too. According to my linux manpage, the GNU libc up through 2.0.6 return -1 when the buffer was exceeded, and after 2.1 follows the C99 standard which specifies that it returns the length it would have written, had it not truncated, which can then be compared against the buffer size to see if a problem occured. |
| Sat 31 Jan | Caliban Tiresias Darklock | > According to my linux manpage But this is a Windows program. Besides, if you're not paying attention to your buffer sizes, you're certainly not checking your return values. Anyone smart enough to check the return from snprintf() is smart enough to add up the maximum buffer size they need for sprintf(). |
| Sat 31 Jan | Andy | This is a little known (or under-known) distinction in C/C++. void f() { char* temp = 'crap'; // sizeof( temp ) = size of any pointer, commonly 4 } The above declares a pointer on the stack, which points to a string in memory, some data segment. void f() { char temp[] = 'crap'; // same as char temp[5] = { 'c','r','a','p','\0' }; // sizeof( temp ) = 5 } Declares an array of characters on the stack, and the compiler counts the characters and determines how big the array should be. But the answer is that why use sizeof -- you can should use strlen(). I guess for a string known at compile time, sizeof is more efficient, but you don't know the computer's name at compile time. |
| Sun 01 Feb | Koz | > smart enough to add up the maximum buffer size they need for sprintf(). That's a dangerous attitude to take. How many more Buffer Overflows will we need before people learn to *never* take those risks. Sure, if you're writing embedded software then the few ops it saves you are worth the time. However, if you're writing *anything* that gets used on the network or on a desktop PC, you should steer clear of sprintf and his other non-n function friends. |
| Sun 01 Feb | Bill P. | 'There are no stupid questions, only stupid people.'
|
| Sun 01 Feb | Caliban Tiresias Darklock | > How many more Buffer Overflows will we need before > people learn to *never* take those risks. If you know it will never fail, it's not a risk. Look at this code. char s[12]; srand(time(NULL)); int num=rand(); sprintf(s,'%d',num); Where is the risk of buffer overflow? 1. The format specification is changed. 2. The int type is larger than 32 bits. Okay, so we have two potential risks. If they do not exist at compile time, will they exist at run time? No! So there's no risk. I know when the program is compiled whether the risk is there, and since I will undoubtedly fix it, the risk will simply never exist on the end user's system. The only other person who can introduce these risks is a programmer who modifies and recompiles the code, in which case he should understand the risks and do something about them. If he doesn't, it's not my fault. |
| Sun 01 Feb | Xaja | 'The only other person who can introduce these risks is a programmer who modifies and recompiles the code, in which case he should understand the risks and do something about them. If he doesn't, it's not my fault.' I'm not sure that it wouldn't be your fault. The person modifying the code might not understand the risks. Perhaps they're rushed; perhaps they're not a C programmer. It's up to you to write code that is not only safe now, but will be resistant to future error. (Okay, I'm not fussed about this particular example, just thought I'd comment on that attitude in general.) |
| Sun 01 Feb | Tony Chang | Wow! That's a new one! So I write good, bug-free code and later, somebody who doesn't know how to program comes along and changes it introducing bugs. And its my fault since I should have written 'code that is impervious to errors when modified'. Just out of curiosity, xapa, what country do you live in? |
| Sun 01 Feb | Mark Hoffman | When coders collide... |
| Sun 01 Feb | Mike Swieton | Sorry guys, I still say you should code defensively. There's a difference between writing bug-impervious code, and code that just begs for bugs to be introduced. Use of unchecked buffers is always less safe than the alternative. It is a ridiculous argument to try to excuse dangerous code (of which perhaps this simple sprintf usage is not a perfect example, but I think we can agree that fragile code does exist) by saying that 'well, you can't expect perfect code!' No, I can't expect perfect code. But I can fully expect you to write code that guards against known dangers. No, you can't perfectly future-proof your code, but that doesn't mean you shouldn't try. |
| Sun 01 Feb | Andy | Yeah, that is taking a pretty naive attitude to say "well *I* did it right, it was the other guy's fault." Maybe so, but don't you care about your product? Wouldn't you want to take some perfectly reasonable precautions to make it a little better? AT LEAST add an assert after the sprintf. Let's get real here. |
| Sun 01 Feb | Caliban Tiresias Darklock | > It's up to you to write code that is not only > safe now, but will be resistant to future error. It is. If you make an error in that code, it will break. You will have to either fix it or ship broken code. If you ship broken code, people will notice that it's broken and either fix it or stop using it. Then there won't be an error, because either the code will be fixed, or people will not run the code that causes it. This also gives the modifying programmer a reputation. If he fixes his problems and ships good code, then he gets a good reputation, and is encouraged to write more code. If he just ships broken code, then he gets a bad reputation, and is encouraged to Stop That. The alternative is to allow bad programmers a way to ship good code, which gives them false confidence and a false reputation. That false reputation may allow them to get onto a major project where they will mess everything up and cause major headaches for the whole team. Furthermore, it prevents good programmers from earning good reputations based solely on their code, because good code is no longer the sole province of a good programmer. |
| Sun 01 Feb | Andy | Yeah, sometimes I purposely insert bugs in my code, just to make sure that the next guy who comes along won't accidentally gain a good reputation. |
| Sun 01 Feb | Caliban Tiresias Darklock | Of course he will. He'll fix them. You, on the other hand, will not score many points with your buggy code. Which evens everything out just the way it's supposed to be. The guy who writes crap gets a bad reputation, and the guy who fixes it gets a good one. |
| TN visa | Sat 31 Jan | Banjo |
| Any Canadians working in US on TN visas in this board? Is it easy to get an TN at the border? |
| Sat 31 Jan | Mongo | It's easy (although stressful) if you're qualified. Under what classification? |
| Sat 31 Jan | Dennis Forbes | Isn't the TN visa under the auspice of free trade (i.e. NAFTA)? Under such it shouldn't be difficult, presuming that you have the necessary qualifications. Having said that, there are designated list of professions that fall under the TN visa, and I distinctly recall (from back in the days when the US would be a good destination career-wise for a software developer) that computer programming, or any related discipline, is _not_ covered. |
| Sat 31 Jan | Mongo | ... computer programming, or any related discipline, is _not_ covered. Sort of. Computer programming is explicitly denied, but Computer Systems Analyst is a perfectly valid category. I believe this is due to the cheapening of the term 'programmer' from when it meant what we call analyst today to Excel macro writer, HTML 'coder', etc. You will need a 4 year degree in the field or a two year degree and three years experience. In the field can mean CS, MIS, or Mathematics as a slam dunk. If you don't have these, it's increasingly unlikely under this category. What's worse, it can depend entirely on the mood of the immigration inspector. I've had four Systems Analyst TNs, but have had to switch to Management Consultant, since immigration has since determined my Philosophy degree doesn't count any more (one INS inspector entry asked me about my 'sociology' degree - grrrr). |
| Sat 31 Jan | Dennis Atkins | And this is supposed to be easier because of special NAFTA privledges? It's easier than that to emigrate to New Zealand and we don't have any treaties with them. |
| Sat 31 Jan | Banjo | Mongo, I have a 4 year degree in cs, but do the immigration officials at the border cause any trouble, that is can I be rejected? |
| Sat 31 Jan | Mongo | What can I say? Only the government could screw up something so simple so badly. |
| Sat 31 Jan | Mongo | Banjo: They can always cause trouble, and you can also be rejected, but ... A 4 year in CS should be fine as long as your documents are in order, the paperwork is done correctly (e.g. - it does _not_ say or describe a programming position per se), you don't have a criminal record, etc. Also, if they ask about your job,make sure you talk about things like ... You might check out http://www.grasmick.com/dot.htm#Analyst Given that the TN visa has to be applied for by the company who has offered you the job (a US company has offerred you a job, no?), they should take care of all this. You just have to go to the border, look professional, submit your stuff, and off you go. Remember, they're beaurocrats, so if you don't give them a reason to reject you, they rarely will. Even if you are rejected (unlikely) at one port of entry, you can just go try at another. If you're _really_ worried, though,you should get a lawyer to help you. I really, really doubt you need one though. |
| Sat 31 Jan | Mongo | Banjo: Another thought. I've heard the Niagara crossing port has a bad reputation for hassling TNs, as does the BC peace arch port. Rumours only, but I thought I'd share them. Where are you from, BTW? I'm sort of from Calgary, myself. |
| Sat 31 Jan | Banjo | Nova Scotia, Halifax, will try the New Brunswick border |
| Sat 31 Jan | Banjo | Mongo, just another thing, my degree has mispelling in the last name, from my passport, do u think it will be trouble? |
| Sat 31 Jan | Now a U.S. citizen | I got my TN visa in about 10mins at Ogdensburg, south of Ottawa. I just showed my degree, job offer and paid $50. This was in 1994 though... |
| Sat 31 Jan | Mongo | Banjo: No, I don't think it'd be a problem, but I'd get it fixed anyway. The university should be willing to do this for a nominal fee. If that's a hassle, a letter from the registrar or the department head should work just as well. |
| Sat 31 Jan | coresi | Check the forums on this site: http://grasmick.com/board/ I didn’t use their services otherwise, but I bought the book and read the forums before I applied for a TN1 in 2001. You can find there more information pertaining to Canadians working in US than pure visa questions. Pay special attention if you want to import your car to US. I did not have any problems crossing the border at Buffallo in 2001 but I was quite well prepared. |
| Sun 01 Feb | jedidjab79 | I got a tn-1 visa last year back in March. A few points: 1) Ogdensburg -- it still works, two other friends of mine got theirs there before we went to work in Florida 2) Regardless of where you get it, you'll need your original degree (4-years+) and a letter from your employer. This is the fun part; depending on who you get at customs, your letter may or may not state enough things about the company. If you decide to get it at the airport/border, make sure you have the phone number for the company you're going to work for so they can fax a letter with whatever the customs officer wants to see on it right away. Besides that..it's pretty easy. I went in and out of the states several times with my canadian passport and tn-1 stapled in. Don't let anyone take it from you ... to be on the safe side, just photocopy it before you leave. btw - i'm from pei :) how's the weather in the maritimes these days? ;) |
| Sun 01 Feb | Banjo | Not bad at all in the maritimies, especially last week.. |
| "Top grades and a track record of success" | Sat 31 Jan | Shlomi Fish |
| Reading from the Fog Creek summer internship page: http://www.fogcreek.com/Jobs/SummerIntern.html One of the requirements for an applicant are: <<< Top grades and a track record of success >>> Now, what does it mean? I am studying in the Technion where the tests are very hard and many times unfair. The global test average is 70%, and the average of the students is between 70% and 80%. (taking into account taking the second chance exam, or taking a course again). I have an average of 82%. However, cum laude students are considered those with an average of 85 and above and summa cum laude those with an average of 90 and above. While I was a cum laude students in several semesters, I will not graduate with a cum laude degree. Some of my grades are high or very high. I also have some other less flattering grades, some of which were received due to the unfairness of the test. I also have a policy of not taking a test again if I suceeded to get a passing grade. (its simply not worth the aggravation) On the other hand: * I have several years of proven experience at workplaces and many more of just experiencing on my own. * I wrote or contributed to several open-source projects (Freecell Solver, MikMod for Java, Quad-Pres, and contributions to Perl, Subversion and the GIMP) * I am one of the administrators of one of the servers of the local Linux user groups. * I wrote many presentations about technical topics to various local clubs, including a four part series of Perl for Perl Newbies with very verbose explanations. * I maintain a personal web-site and many other web-sites. For everybodys information, even someone who is smart enough to get a %70 average in the Technions Electrical Engineering department, is well above the average intelligence. So, would I or would I not be a very good candidate for this job? What do top grades have to do with it? The Technion is a very hard place to get good grades in. Im not ashamed of my grades, but they are not super-spectacular. Its just that I have better things to do in my team than study non-stop. (Note that this entire message was hypothetical. I do not wish to apply to the summer internship position.) |
| Sat 31 Jan | A Teacher | There is a direct relationship between the grade you recieve for the class and the amount of work or effort you put into it. A = A lot of work and studying F = No work - goof off This is the way school works. You should have put more effort into studying, more effort into your assignments and generally more effort all around. I hate it when students complain about 'tough tests.' There is no such thing. If you know your stuff you'll do fine. If not you won't. If you want to challenge that a question is wrong or worded poorly, I will hear you out. Other than that there are no excuses. Whining about, 'I went to a tough school... etc etc' doesn't cut it either. |
| Sat 31 Jan | Ali | Grading standards differ in different countries. An 'A' classification in the US is awarded for a more than 90% normalized grade, whereas an 'A' classification in the UK is awarded for a more than 70% normalized grade. Note that these 2 examples are the same grade, calculated exactly the same way, but the numbers are different. Someone who naively looks at a UK student's grade, not realizing that he has to scale up, will say: '70? That Sucks! I'm looking for 90% people around here!' - and miss a student of exactly the 'A' grade caliber he was looking for. I think this plays a big role in the effect the OP was describing. |
| Sat 31 Jan | Mongo | Shlomi Fish said: ... cum laude students are considered those with an average of 85 and above and summa cum laude those with an average of 90 and above. While I was a cum laude students in several semesters, I will not graduate with a cum laude degree. ... I also have some other less flattering grades, some of which were received due to the unfairness of the test. Hmm, 'unfairness of the test ... ' So, did no one in your class graduate summa cum laude or even cum laude? |
| Sat 31 Jan | FredF | Not only do standards differ, but they differ in the way they work. The US and Japan love multiple-choice questions, while other countries don't and present student with open questions, with pratically no chance of ever getting a 100% grade since professors always come up with an excuse not to give your a full grade :-) That's something to take into account when hiring students/workers from overseas... |
| Sat 31 Jan | ajs | I read an account of a MIT professor who didn't automatically hire 'straight-A' students, he preferred to see a couple of F's in their grades. Why? The idea was that these students had priorities, they passed what mattered to them, and ignored the rest. That explains my low marks for accounting! Bleh. The 'straight-A' students, on the other hand, simply do what is necessary to pass the course. |
| Sat 31 Jan | Shlomi Fish | A Teacher: <<< There is a direct relationship between the grade you recieve for the class and the amount of work or effort you put into it. >>> I wish this was true for the Technion. I can testify that there were many courses I knew the material perfectly for (did all the assignments, solved past tests, and in general mastered the material), and then they were followed by tests that were either too long or had no connection with the material at hand, or whatever. Sometimes, I failed to receive the grade, because I could not recall a certain technique or whatever. (at this case I was actually OK with it, and accepted my grade). But the Technion gives tests that can widely diverge from what students are expected to know or master. <<< This is the way school works. You should have put more effort into studying, more effort into your assignments and generally more effort all around. >>> I've placed a lot of effort into studying, a lot of efforts into assignments. There were several courses for which my partners and I spent days on ends working on the assignments. In other courses, I just solved all the assignments, usually successfully. <<< I hate it when students complain about 'tough tests.' There is no such thing. If you know your stuff you'll do fine. If not you won't. If you want to challenge that a question is wrong or worded poorly, I will hear you out. Other than that there are no excuses. >>> There is too, at least in the Technion. Some tests are too long. Some tests test on techniques with no similarity to such that the students have ever encountered. Some tests test on material that wasn't studied in class. I'll give you an example: in EE we have a course titled 'Introduction to Data Structures and Algorithms'. It is a basic course, with no correction proofs or whatever, just to give the basic taste of basic data structures and algorithms. (The more advanced course is called 'Design and Analysis of Algorithms'). My friend's test was littered with assignments to give correction proofs! They weren't shown in class, or assigned in assignments, and were never given in a past test. How can you explain that? <<< Whining about, 'I went to a tough school... etc etc' doesn't cut it either. >>> I'm not whining about it. I'm stating it as a fact. I'm just saying that if I: 1. Went to an easier university. And/or 2. Took Computer Science instead of Electrical Engineering. I would have fared better. And my GPA is _not_ so bad. Maybe you haven't been to the Technion, but that's the way it is. People who are super-smart and study hard can get awful grades there. Seriously. |
| Sat 31 Jan | FredF | >People who are super-smart and study hard can get awful grades there. Seriously But then, any knowledgeable HR person knows the Technion is a very good school, so would keep this in mind when reviewing your grades before hiring you. |
| Sat 31 Jan | Caliban Tiresias Darklock | I've never found grades to be terribly useful, because most classes fall into one of two camps. You have 'fact' classes, where parroting what the teacher tells you is all you need to do. And then you have 'opinion' classes, where you need to AGREE with the teacher. Parroting what the teacher tells you will still work, usually, but the teacher doesn't always tell you. What was the turning point of the Hundred Years War? Well, define 'turning point'. It started on the basis of trade, was joined in earnest with the defeat of the French fleet at Sluys, the English longbow made its famous stand at Crecy, the French king was captured at Poiters, and a treaty was signed in 1360. Most people would say that Crecy was the turning point, but the key problem here is that you need to agree with the teacher. Agreeing with your superiors is certainly a valuable skill, but I don't know that I would consider it *useful* in most jobs. Good grades, to me, means that you're good at playing certain real-world games. These games are very useful in politics and large corporate structures, but realistically they don't serve much useful purpose anywhere else. I think if we really think about it, we probably all want to hire people who got the same sort of grades we wanted. If we wanted to get straight A's, we'll hire people who got straight A's. If we wanted to get A's in science and math, we'll hire people who got A's in science and math. If we didn't care what we got, we don't care what our applicants got. |
| Sat 31 Jan | A Teacher | >> 'My friend's test was littered with assignments to give correction proofs! They weren't shown in class, or assigned in assignments, and were never given in a past test. How can you explain that?' What about your test? I don't care about your friend's test. I find it hard to believe that an instructor would test you on material that he did not cover in class. If it was in the syllabus and he still did not cover it then it is your responsibility to learn it. If it is a fact that it is not in your textbook and it is not in the syllabus then it would behoove you to speak with this professor. I personally don't like or trust third person accounts. My friend said this or that... My friend's test had this or that... |
| Sat 31 Jan | Shlomi Fish | Mongo: many people (some of which I know) graduate as cum laude or summa cum laude in the Technion. However, they are not the majority. I heard that about a quarter are cum laude or summa cum laude students. The reasons I'm not a cum laude student is because I'm: 1. I'm studying Electrical Engineering, which I am less fluent at than Computer Science. 2. I don't try to correct the low grades I received by going to the second chance exams, or taking the course again. (I know someone who never settles on grades below 80% and someone who always wants to get grades higher than 94%). 3. I don't invest a very large amount of my time in studying. I have other priorities as well. 4. I couldn't care less what my GPA is. Really, I know that it doesn't say squat about how good an engineer I am, which is what matters to me. Other people do more than I do. Generally, I many time prefer to hack on open source software, maintain web-sites, read my mail and surf the web, knowing that these activities contribute more to my quality as an engineer, than studying. |
| Sat 31 Jan | Philo | An unqualified 'I want to see high grades' generally means either the author isn't writing what they really mean, or else they haven't put a lot of though into what they're writing. I find it hard to believe that Joel would prefer a 4.0 from Podunk U to a 3.0 from MIT. However, let me also point out that when you're interviewing college students, all you pretty much have to go on are grades. But that prompts the question - would you prefer a 4.0 with no outside activities to a 3.0 who's running their own website at a profit? Is the real answer 'if you don't have anything else to show us, you'd better have damn good grades'? ;-) Philo |
| Sat 31 Jan | no name | It seems completely plausible that a Prof., Teacher, Instructor could give unfair tests. I have been subjected to several of them. As a group, they are like every other sector of society. Some good, some bad, some malicious, vindictive, sadistic pricks. I took a Certification Prepatory course years ago, when I thought that they had some value. I scored a 65% on the final. I knew the subject completely based on the lecture notes and the text. I pointed out to the instructor that there was a dramatic disparity between what was presented in class and the test questions. I believe his exact response was: 'Waaah!' So I dropped him in his shoes and proceeded with a pyrrhic dance... just kidding. I went to write the Cert. with very little confidence, as you can imagine. 96% So friggin' easy, I couldn't believe it. Moral, pricks are everywhere. |
| Sat 31 Jan | Shlomi Fish | A Teacher: my test for this particular course was very much OK, and I received a 100% in it. (And no, correction proofs are not in the syllabus of the course. ) But I can tell you about some of the tests which I personally experienced. One of them was too damn long. It was a multiple-choice test in 'Linear Circuits'. I knew the material perfectly, but it simply took me a long time to do all the calculations. The test did not test understanding or knowledge - just mere calculations. At the end, I ended up guessing all the stuff. I received 57% and the grade was factored. I was told the second chance test was even worse and that there was a 30% factor there. Another test was one in 'Processing and Analysis of Images'. In this case, we were given two questions (that together had over 55% percent of the grades) which we never encountered. Not even something remotely similar. I ended up failing the test, despite the fact it had a huge factor. This is beause I simply freaked out and did not know what to do. My friend (same one) was more cool-minded and simply wrote junk there to confuse the teachers and as a result got an above 80% grade. But the test was still very unfair. |
| Sat 31 Jan | Shlomi Fish | Caliban Teresias Darklock: I disagree here. When studying Electrical Engineering, there are many courses that test for the understanding and implementation of the material at hand. So I need to encounter problems which I did not ecnounter before in the test, and make sure I can solve them using the tools I learned throughout the course. What you describe may be more the case for Humanistic studies, but I be damned if I know, because I only seriously studied it in High School. |
| Sat 31 Jan | Mongo | Shlomi: I understand, and respect, that you have made conscious choices to prioritize on other things you feel are more valuable to you than high grades. However, the point I was driving at is that while some tests/courses you have taken feel arbitrary and unfair to you, it's clear that they are having, at least to some extent, the desired outcome for the institution: they are 'grading' the students based on some formalized criteria, just as inspectors grade raw materials for industrial products. That's why the scores in classes are called grades. All else being equal, people choosing a product will prefer higher graded products than lower graded products. Of course, the basis for grading is highly debatable, and 'all else being equal' perhaps more so, as you point out. Still, to deliberately choose to market yourself as a lower grade product to a potential employer on the basis of challenging the grading process strikes me as a high risk strategy. One interpretion of a potential employer hearing an explanation of lower grades of the form 'I had higher priorities than studying, etc.' is 'I will have higher priorities than working for you'. I'm not saying you're wrong, but you should not blame a potentialemployer for looking for a higher grade product for his or her business. As Philo has pointed out, the quality of the institution will likely bear on theinterpreation of the GPA, as well. Still, from Joel's personal resume: Yale University, New Haven, CT BS summa cum laude in Computer Science, with honors in major, May 1991. GPA 3.91. Elected to Phi Beta Kappa as a Junior |
| Sat 31 Jan | A Teacher | Shlomi Fish said: 3. I don't invest a very large amount of my time in studying. I have other priorities as well. 4. I couldn't care less what my GPA is. Really, I know that it doesn't say squat about how good an engineer I am, which is what matters to me. Other people do more than I do. =============== You don't care and you don't study? When you are going to school, school is your priority and you had better care about it and you had better study. What makes you think you are a good engineer? The fact that you present yourself as lazy is a big warning sign to me. |
| Sat 31 Jan | Noname | "knowledgeable HR person"? Isn't that an oxymoron? |
| Sat 31 Jan | Caliban Tiresias Darklock | > When studying Electrical Engineering, there are > many courses that test for the understanding > and implementation of the material at hand. But do they test *well*? I don't know. Your grade in a course is not entirely under your control. It's an agreement between you and your instructor. You do a job, and the instructor evaluates it, and then an essentially arbitrary letter gets written in a book. If you're lucky, your instructor will use fair and equitable grading policies that really do indicate your ability. On the other hand, maybe he's throwing dice and consulting astrological charts and marking your grade down because someone scratched his car in the parking lot and it sort of looked like your friend Bill. I prefer to look at things that *are* under your control. What classes you chose to take, for example. If you take a class in EE and fail, do you take it again? Do you take another EE class? Or do you run off and take 'Japanese Interior Decorating'? That's really much more indicative of how I can expect you to behave in a business setting. |
| Sat 31 Jan | Philo | So how come Joel doesn't just visit the campuses of the top five engineering schools and interview their BSCS cum laudes? Why even bother putting the ad on the website? Surely a targeting mailing would save him a lot of time? Philo |
| Sat 31 Jan | The Ted | 'When you are going to school, school is your priority and you had better care about it and you had better study.' Spoken like somebody from a college educated family whose parents paid for their school. I was the first person in my family to go to college and the only person from my high school class that went to college. During that time, my mother developed cancer & emphysema. When you are poor and from a rural area (population 300), and your parents never went to college, you are playing in a totally different ballgame. Since most of my teachers had grown up in the same area, I was urged to go to Northwestern Podunk State University. Didn't have a clue that I should try to get into the best college possible. I was told that except for the Ivy league, pretty much all undergraduate colleges were the same. I had heard of Harvard and Yale, of course, but I wouldn't have gone even if I had gotten in simply because it was so far away. I didn't understand what a difference that could make in your life. When you grow up in a place that only has farmers and teachers, you miss out on a lot (this was 1989 - about 6 years before I found the internet). I also wouldn't have been able to afford plane tickets to go home to see my family. Not only was my mother sick, but I had a girlfriend! So... I went, met kids from other little podunk towns, eventually graduated from Central State University. Note to any future kids I may have: 1. Get study materials for the ACT/SAT. I was able to jump from the top 10% to the top 3% on my GMAT simply by getting to know the makeup of the test. 2. Once in college, join as many organizations as you can. Since I will be paying for your room & board, you won't have to worry about having a place to sleep or food to eat. Use that time to establish a network. This is how you will get a job when you graduate. Join a fraternity/sorority. Get internships instead of jobs. Never do what I did and place your job ahead of your classes. I had to pay my own way to survive, you don't. 3. Learn an actual skill. Liberal arts classes are wonderful, but don't believe the brochures about being able to land jobs after graduation. If you're going to major in English anyway, at least pick up a teacher certification. 4. If you're not going to professional school, good grades and good connections will help you land your first job. Learn about the elite companies that conduct interviews on your campus and see what they are looking for. Your first job will be a springboard for the rest of your career. You can decide to leave McKinsey to work on main street, but rarely will you be able to do the opposite. Pick a company that is known for training its employees, ala McKinsey. 5. If you are going to professional school, go back to #1 and repeat. |
| Sat 31 Jan | Shlomi Fish | A Teacher said: <<< You don't care and you don't study? When you are going to school, school is your priority and you had better care about it and you had better study. What makes you think you are a good engineer? The fact that you present yourself as lazy is a big warning sign to me. >>>> School is a priority of mine not _the_ priority. My priority is to become the best Shlomi Fish I can become. As such investing 100% of my time in school will be a complete disaster as far as this goal is concerned. I know very well I am a good engineer, but I don't expect you to believe me. In any case, the following links all of which I maintain may prove my point: http://t2.technion.ac.il/~shlomif/ http://fc-solve.berlios.de/ http://quad-pres.berlios.de/ http://better-scm.berlios.de/ http://perl-begin.berlios.de/ http://vipe.technion.ac.il/~shlomif/lecture/Perl/Newbies/ http://vipe.technion.ac.il/~shlomif/lm-solve/ and the list goes on. The code or content is there and I'll let you be the judge. As for lazy: I can testify that I'm not lazy. Even on my courses I invest a lot of effort (as much as it takes) in going over the material. I just don't invest an insane amount of effort, as I have other things to do. Please don't label people. |
| Sat 31 Jan | A Teacher | 'The Ted': I also grew up in a small town on a farm and went to a state university. Every last penny paid for by myself, thank you very much. My mom and dad both died when I was 12. My dad died of colon cancer and my mom was hit by a drunk driver 5 weeks after my dad passed away. Don't even think that I have had an easy life. If you go to school and you want a job and you don't have connections, you had better give priority to the books even if you have to work. If you go to school for fun on mommy and daddy's money then I suppose you don't know what it means to work for something. |
| Sat 31 Jan | Shlomi Fish | Mongo: I try to become the best engineer possible out of the time I invest to actually become a better engineer. One of the finest products on the market. If this means, I invest less time in studying - so be it. Some extra-corricular activities I did in the course of my studying were very time consuming, but taught me a lot about programming and made me a much better hacker. Many workplaces I worked in were very happy with me when I worked there, even though I did many times diverged from work. My output is very good, and of good quality. It should satisfy any business who realizes that one's work is not one's life. I believe the value of a worker is not entirely proportional to his grades' average. Like I said, there were several measures I could have taken to increase my grade, but I'd rather not taken. I'd like to work in a workplace that accepts the fact that I am an 82% student, who has accomplished a lot outside of school, and preferred to do so. If they think that a summa cum laude student who has no experience in practical programming outside of school, is better than I am, then I would not want to work there in the first place. Other than that, I was able to find some job opportunities, and some of them did not even ask me for my grade. As for Joel, that's impressive. I wonder if he would have got the same result if he studied in the Technion for Electrical Engineering. (or if I would have done better if I studied CS at Yale). Don't know and couldn't care less. |
| Sat 31 Jan | A Teacher | You labeled yourself Shlomi Fish. Read what you wrote. I did not saying invest 100% of your time in studying. I said you better make it a priority. |
| Sat 31 Jan | no name | I hate to break it to you Shlomi Fish, but those links don't prove anything except maybe you know Perl and HTML and how to ftp files to a website. You're studying to be a what again? Electrical Engineer? If this is the case then you need to hit the books. Maybe claiming you are good webmaster or that you are proficient in HTML and Perl would be a more accurate statement. |
| Sat 31 Jan | Lee | 'A teacher' wrote: 'you had better give priority to the books even if you have to work' You don't know sh*t what you're talking about. I worked 40 hours a week at wal-mart while I went to school full-time. However, the first year of school I was on scholarship. If you had a clue, and weren't just talking out of your a**, you would understand what a crock your statement is. There's a big difference in what you're able to do with your studies when you're not working 40 hours per week. If I didn't work, I didn't eat and didn't have a place to live. Where's the f*cking priority in that!????! |
| Sat 31 Jan | A Teacher | I worked 40+ hrs per week when I was going to school also. When I got off work I gave priority to school and school work. I'm not talking out of my ass. I'm speaking from experience. |
| Sat 31 Jan | Lee | Dude, Then you understand there's a big difference in the grades you will be able to make. RIGHT?! |
| Sat 31 Jan | A Teacher | It depends on the person. I personally never made work an excuse for my grades. I took the workload I could handle and I did well. I don't believe there is a correlation between working and how well you do in school. Each person knows there own limits and they know if they have exceeded that threshold. Each individual knows their level of determination. I was very determined to succeed and to do well in school. That was just me. Making my schoolwork a priority was one thing that I think helped me out. |
| Sat 31 Jan | stfu whiners | 'A Teacher' is right. You don't even have to be especially smart to receive good grades, it's 90% effort. As for the whiners complaining about unfair tests, what would you consider a fair test? I've noticed a lot of people consider anything short of being given the answers prior to the test 'unfair'. It's your responsibility to educate yourself, the teacher is only a guide. If you find something on a test the teacher hasn't covered then maybe you didn't apply yourself to learning the subject as much as you should have. Besides, it rewards those students that DO make the effort. |
| Sat 31 Jan | Lee | 'I don't believe there is a correlation between working and how well you do in school. ' 'A teacher' is officially labeled a 16 year old troll. |
| Sat 31 Jan | Philo | 'Each person knows there own limits and they know if they have exceeded that threshold' If you have someone that knows this at the age of 19, they are very mature, and definitely worth hiring if you can. Philo |
| Sat 31 Jan | Caliban Tiresias Darklock | Shlomi, just a bit of constructive criticism here... and this *is* supposed to be constructive... You come across as childish, inexperienced, and belligerent. Nothing you have written interests me. What little sticks out in my mind is not positive. You sniff at the college for not having a standards-compliant web page, as if anyone really cares. You sneer at CVS for not having a few minor features, as if anyone really cares. You solve a few basic puzzles, and build a presentation generator that you use to create a bad Perl tutorial. Then you come in here and say you know you're a good engineer. Unfortunately, you're not. You're just a competent Perl programmer. But engineers solve problems; if you expect to impress me with your work, do something that's relevant to someone other than yourself. Why in the world would I want to read your ramblings about SCHEME or run some program you wrote to solve mazes? I know why I would want to read *my* ramblings about SCHEME or run some program *I* wrote to solve mazes -- because I'm arrogant and self-involved. I love writing stupid little things for no good purpose, just because I can. Every engineer does. But a *good* engineer knows that nobody else gives a flying leap about it. Maybe you might find some other engineer and say 'hey, check this out -- it's a distributed dynamic top-down splay tree of self-sorting linked lists!' and the two of us... um, I mean, the two of *you* can sit around and giggle like schoolgirls and discuss its scalability. But engineers are WEIRD. Everybody else will look at you like a deer in headlights and have no freaking idea what you're saying. |
| Sat 31 Jan | A Teacher | Like I said, I worked 40 hours per week and could handle my credit load. Maybe you took too many credits or something else threw you off course. I don't know, I am not you. Granted I did 'grow up fast' but this was out of necessity due to the death of my parents. Maybe I was a little more mature than most of the people my age at school but I also shouldered the responsibility of running a dairy farm with my brothers throughout my teen years and even into my twenties. I've got nothing against you Lee, but you do need to express your thoughts in a more coherent fashion. Calling people names and throwing insults at them only indicates anger or frustration. If you can provide an argument against my statement instead of repsonding by calling me a '16 year old troll', I will gladly hear you out. |
| Sat 31 Jan | Dennis Atkins | Shlomi, I graduated Summa Cum Laude with less than 90%. It was a tough school. I was worried about even graduating and turns out I graduated with top honors. Anyway, intelligent employers like Joel understand that top grades differ by school. A bit of advise. Where you said, 'due to the unfairness of the test' - drop that routine AND the attitude behind it. That's life. Unfair. Unfair to you AND to the other students no doubt. Or what about the other students who cheated? Surely it is unfair that they got better grades than you right? Nope, it's life. Suck it up. Griping about stuff flags you as a whiner who is full of excuses. There are people with excuses. And there are people who get things done. The two groups do NOT have a common subset. |
| Sat 31 Jan | Dennis Atkins | 'The US and Japan love multiple-choice questions' I have no information on Japan but if you think that serious US engineering schools are full of tests with multiple choice questions, you are sadly mistaken. |
| Sat 31 Jan | Dennis Atkins | 'I don't invest a very large amount of my time in studying.' And thus it is likely you would not spend a lot of time studying after you graduated either. Keeping up with the trade is a prerequisite for being a good engineer. 'I couldn't care less what my GPA is.' And thus it is likely you couldn't care less what your bug count is or whether customers are able to use your software. 'Really, I know that it doesn't say squat about how good an engineer I am' That is not true. Those things do say a great deal about how good a engineer you are - you are not very good. 'I many time prefer to hack... maintain web-sites, read my mail and surf the web' Right. The only way to become a good engineer is to do good engineering. Anyone who says otherwise is not a good engineer. |
| Sat 31 Jan | Shlomi Fish | Caliban Tiresias Darklock: <<< You sniff at the college for not having a standards-compliant web page, as if anyone really cares. >>> This web-site (of my department, not the university) is not only non-standards compliant it also dysfunctional for Mozilla and Konqueror and anything else besides MSIE and Netscape 4.7 and Netscape 7.x. My sites, on the other hand are fully functional in all browsers (including lynx). What I did do on my site is create a script to extract the relevant HTML out of it and present it in a good, portable way. It's not the main thing of the site. <<< You solve a few basic puzzles >>> Do you refer to LM-Solve? Well, that is rather a hack. Whatever, forget it. But how about Freecell Solver ( http://fc-solve.berlios.de/ )? I challenge you to learn the rules of Freecell and to write a program to solve it within one week. (without looking at what I or anyone else did) Then I want you to compare which program (mine or yours) has more features, is faster, is better documented, has an equally comprehensive web-site, and so forth. (and, BTW, Freecell Solver is written in ANSI C. I know many other languages besides Perl and HTML: http://t2.technion.ac.il/~shlomif/SFresume.html ) <<< and build a presentation generator that you use to create a bad Perl tutorial. >>> I don't think my Perl tutorial is bad. It's your flamatory opinion. I know of two people who learned Perl out of it, and was told it was used by Intel Israel to teach engineers Perl there. <<< But engineers solve problems; if you expect to impress me with your work, do something that's relevant to someone other than yourself. >>> Freecell Solver is such a case. Many people actively used it and contacted me about it. It was integrated into kpat, the KDE solitaire suite. It is also an essential component of Freecell 3D, which is a shareware Freecell program for Windows. And my Perl tutorial proved of use to other people. And my other lectures may also be of use. Moreover, my gradient-fu patch (google for it) for the GIMP enables scripting the gradients, and will be integrated until GIMP 2.2, and I also contributed patches to Perl, GIMP and Subversion. You may do well to take a better look at what I have in these resources, and take a thorough look, because there's a lot of material there. And you may also wish to think again before calling what you wrote 'constructive'. |
| Sat 31 Jan | Shlomi Fish | Dennis Atkins: <<< 'I don't invest a very large amount of my time in studying.' And thus it is likely you would not spend a lot of time studying after you graduated either. Keeping up with the trade is a prerequisite for being a good engineer. >>> When I said studying, I meant studying for my university requirements. Of course I learn new things all the time. In the duration of my studies alone, I tought myself (with the help of my peers and web resources) LaTeX, XML, DocBook/XML, CVS, Subversion, Python (which I don't like), a much greater sub-set of Perl (which I like a lot), lots of interesting C techniques, a greater subset of UNIX, Haskell, O'Caml, Scheme, Web Meta Language, and the list goes on. Recently, I started borrowing books out of the Israeli Perl Mongers Library and am reading them for fun and for learning. So, I 'study' quite a bit, thank you. <<< 'I couldn't care less what my GPA is.' And thus it is likely you couldn't care less what your bug count is or whether customers are able to use your software. >>> That's not true. If we take my programs as examples (Freecell Solver, Quad Pres, LM-Solve), then I do care about such things. In Freecell Solver, I fixed a lot of bugs and released new version as I found them. I also kindly answered the questions of people who contacted me about it, and even engineered it to be more user friendly. <<< 'Really, I know that it doesn't say squat about how good an engineer I am' That is not true. Those things do say a great deal about how good a engineer you are - you are not very good. >>> Why? Some very good programmers out there graduated with low grade averages. Some straight-A students write horrible code. So how can this say a great deal about how good an engineer I am? <<< 'I many time prefer to hack... maintain web-sites, read my mail and surf the web' Right. The only way to become a good engineer is to do good engineering. Anyone who says otherwise is not a good engineer. >>> Please refer to the definition of 'hack' next time. It means to program, make a useful composition, or to tweak existing programs. I do that a lot and so can be considered an engineer. Whether good or not that is something only others can judge, but I received my share of compliments. |
| Sat 31 Jan | Dennis Atkins | Shlomi, I've looked through your FreeCell Solver code. It's Ok but it's not very good. Your code is well formatted but that's all I can really say about it. Documentation is poor, variable names are cryptic, your code doesn't show a very deep awareness of C, and you use extremely poor coding practices like massive uses of goto, an assembly programming spaghetti style, and functions made up as defines. It's Ok for a sophomore undergraduate but it's not what I would be expecting from someone calling themselves a top engineer. You have a long way to go before you can call yourself that. |
| Sat 31 Jan | Shlomi Fish | Re "unfair" tests. I do not claim all my tests were unfair. Very much the contrary. And I do not whine about them, either. However, it is a fact that there were tests which I prepared for them throughout the semester and beforehand as much as I could and yet did not do well in, and felt they were unfair. And other students agreed with me. If many students who studied hard for the test and are very intelligent and knowledgable consider it unfair, don't you think it is safe to say it is? |
| Sat 31 Jan | Dennis Atkins | I understand that. I really do. I had many unfair tests as well. Well all did. But don't you see that the tests were just as unfair to the other students as well? So, compared across the entire grading population, and eliminating stuff like cheaters (who actually always end up doing poorly despite their best offorts so nevermind them), the grading was fair. Are you following this? Surely you are not saying that the professor specifically targetted you in creating an unfair test? |
| Sat 31 Jan | Shlomi Fish | Dennis Atkins: <<< Shlomi, I've looked through your FreeCell Solver code. It's Ok but it's not very good. Your code is well formatted but that's all I can really say about it. Documentation is poor, >>> There's an architecture document available for it here: http://fc-solve.berlios.de/arch_doc/ but you are right that the code is not very legible. <<< variable names are cryptic, >>> Maybe, I can understand them, though, and I have a good naming scheme most of the time. <<< your code doesn't show a very deep awareness of C, >>> Please contact me by E-mail if you want to explain to me why this is the case. I think my coding style is as deeply aware of C as humanly possible. Sometimes even overly aware. <<< and you use extremely poor coding practices like massive uses of goto, >>> For the last time: gotos are not considered harmful! As Don Knuth noted in his article 'Strucutred Programming Using Goto Statements' - they are fully legitimate in many programs. I used them where I found appropriate but don't think I over did them. My code has many loops and conditionals where appropriate. They are many times a necessity with C's extremely poor looping and branching constructs. <<< an assembly programming spaghetti style, >>> My code is not spaghetti. <<< and functions made up as defines. >>> Welcome to the world of Freecell solvers where every microsecond counts! My code is heavily optimized for speed, and I guess it shows. Do you think I would use defines instead of functions if I did not have a very good reason to? ;-) This was a micro-optimization I did at a time to reduce the running time. <<< It's Ok for a sophomore undergraduate but it's not what I would be expecting from someone calling themselves a top engineer. You have a long way to go before you can call yourself that. >>> What I think may mislead you is the fact that Freecell Solver is heavily optimized for speed and memory consumption, even where modularity and legibility are sacrificed. I suggest you take a second look after perhaps reading the architecture document. Version 2.4.x was less heavily optimized than the subsequent versions, so you may be less flavourgusted. |
| Sat 31 Jan | Shlomi Fish | Dennis: yes I realize the tests were unfair to almost everybody, and everybody suffered from it. The bad thing about them, though, is that when you come to the test you don't know what |