> Software craftsmen should be egoless, humble, with a focus on the outcome rather than the code or the process.
That sounds good. But developers aren't like that. We are concerned about getting the job done in a way that promotes our career and/or keeps us from getting fired, well- most of the time.
> I also think there should be a way for passionate, skilled programmers to differentiate themselves from the mainstream commodity bodies, and also to recognise one another, and demonstrate their value to potential employers. What could that be, and how could we make it work?
These are called certifications, and their value has diminished. Here's why:
Many of us survive by Google searching, using stackoverflow and better documented frameworks. And, there still aren't enough of us. Many of us feel we are overpaid, but most would never admit it.
By deciding on a way to determine who is proficient and who isn't, you risk a lot of people not being able to find work, and for what goal? Right now programming is an art. If you make it into a trade with the federal, state, or county regulations saying that the developer must be qualified in X, and they have tests for X (that become irrelevant daily), then you are going to (1) eliminate a lot of developers from the workforce and (2) stagnate the art because right now it develops at a faster pace than any of us can keep up with.
"Many of us feel we are overpaid, but most would never admit it."
Really? I've always felt underpaid. Most business owners don't understand software or deadlines and me (and my developer co-workers) have always had to suffer as a result of this by working insane hours for weeks at a time to get things done.
But keep thinking this way. It will only help me when I need to hire developers for my own business.
I think the sentence before the one you quoted clears things up:
>> Many of us survive by Google searching, using stackoverflow and better documented frameworks. And, there still aren't enough of us. Many of us feel we are overpaid, but most would never admit it.
If you're shipping real software for real businesses that weaves a half-dozen technologies together in a way that none of the business guys knew was even possible, and you proposed and executed on the idea.
If you're in a large corporation working 40 hours a week, always clocking out at five, and there are no consequences for dates slipping, then yeah, I could maybe understand feeling overpaid.
But if I'm building the systems that make the business? The business could not operate without this software? About to make 5 salaried employees 1.4x productive? Yes, I'll charge a lot, and yes, I'm worth every penny.
I look out for myself. My salary is a lot better than my experience level for what I do.
I'm talking about guilt. I have done this for many years now and I see people that work harder than I do each day with more skill to make much less salarywise. And it isn't just me.
I think a lot of what we get paid for is the ability to adapt and endure not knowing how to do what we do when it changes all the time.
BTW- those running their own business often are in the lower income bracket, which is why I haven't made that jump yet. More power to ya.
Why did you pin this on Marissa instead of Yahoo? She signed her name to it, but if Bill Gates or Steve Jobs did that, you would have said Microsoft or Apple.
Granted, her name has a better brand than Yahoo still, but she's working on that. What you said sounded sexist, and I'm not even a feminist or a female.
How could you possibly claim his post was sexist? There is literally nothing about what he said that is even remotely sexist.
Perhaps he's pinning the blame on Mayer because the announcement was written and signed by her! It's the role of the CEO to represent his or her company in this manner and serve as the lightning rod for any feedback. The fact that Mayer is a woman is completely irrelevant. Both Jobs and Gates (and many other male and female CEO's) took on that role, and there is absolutely no shortage of rants and raves over the years directly addressed at them.
In fact, I would say that you are the one being sexist, since you are apparently accusing jpdoctor of sexism based solely on the gender of Yahoo's CEO.
"Why did you pin this on Marissa instead of Yahoo?"
It's not unexpected for newly-joining execs to be blamed for recent decisions.
"What you said sounded sexist, and I'm not even a feminist or a female."
Possibly because you don't understand what a feminist perspective is? There are plenty of ways to be sexist, but strong personalities, male and female certainly get associated with brands.
The screenshots are horribly small with no way to resize, so I can't tell what is better than Gmail.
If it had 2 factor auth and a way to trust a particular machine or application (which I think it does?), SMTP and IMAP were free (are they? used to have to pay), there were no ads (even though GMail's aren't terrible), and it guaranteed it would not delete my account or email if unused for years, if it guaranteed a better uptime than GMail (which is already good enough), had contact dupe fixer as good as or better than GMail, had plugin for Thunderbird, etc. to keep contacts in sync so didn't have to use a 3rd party free plugin that breaks at times, and I could see that it was easier to use than GMail, and they guaranteed great security (better than GMail) and that they didn't ever look at the content of my mail or my contacts, that they would never sell me out to anyone, that they were as conspiracy-conscious as I was and apolitical, and if it allowed clutter-free integration with Facebook, etc. to mine them for email addresses when I connected to someone, and if they hated spam and would help me organize my life with easy calendar integration to every major smartphone and other devices, share calendar only with family or have other calendars to share with diff groups, get things done without integrating a tasklist, and ignore the stupid stuff, and guarantee email for life, then I might use it.
> Furthermore, the server should periodically change the encryption key used to generate the TFO cookies, so as to prevent attackers harvesting many cookies over time to use in a coordinated attack against the server.
What is going to do this? I hope this is built-in somehow.
It looks like the key will be accessible via the proc filesystem. But it's anyone's guess how many distros will faithfully schedule a cron job to rotate the key.
EDIT: Looks like the key is chosen at kernel module "late init" time. I think this is before any init scripts have had the opportunity to add back any entropy persisted from previous boots. So the entropy in the kernel pool is minimal. It may be plausible for a remote attacker to guess the key for a bunch of servers.
Also, if the key is not rotated by cron, it provides a single-packet method for a remote attacker to observe that a server has been rebooted since he last checked. This will give a good indication of how often security patches have been applied.
Might be better to have the keys rotated after a certain number of TFO cookies are generated rather than on a time-based schedule. This will prevent attackers from trying to make a huge number of requests in a set period of time.
The TFO cookie is only generated once per client "source IP" and is good until the key is changed on the server. (Scare quotes because at the source IP may be spoofed).
For an attacker to learn a cookie that's valid for a given victim "source IP", he only needs to be passive observer somewhere along the route. Even if we believe that's very hard in most cases, if it's possible at all, he has the mother-of-all anonymous reflected DoS amplifiers. http://tools.ietf.org/html/draft-ietf-tcpm-fastopen-02#secti...
So, yeah, using a key that's rotated after a short amount of time -or- number of uses (whichever comes first) seems like a good idea.
It's very easy to do in NAT'ed environments and the Linux kernel doesn't implement the suggestion of the RFC draft to include timestamps too.
An attacker who doesn't want to do a MITM attack because that might be noticed can set up sessions to all kinds of servers outside the NAT which support TFO. Then all these TFO cookies are used in spoofed SYN packets with the source IP being set to the host behind the NAT that the attacker wants to flood. Easy enough.
That will be more difficult if you've got a cluster of servers in which each new connection request of a client can end up at any of these servers at any given time. So the keys would have to be rotated simultaneously for all servers in the cluster.
Am a user, but primarily as free storage for live show recordings. It's a great service and should be supported for all they do, but unfortunately I won't be a donor anytime soon.
It's too bad that I got a -3 for my post- I was just being honest. Thanks for asking.
I upload content, and used to listen to it, but now I don't. Some others have downloaded the content, but it wasn't critical. I don't use the site enough on my own to justify donation. I think it is a great service- really! But, I would bet many feel the same way. Unless it is really helping others that you care about, why donate? It has never significantly helped me personally, or any that I know. I would rather donate to a charity that helps those in need. But I'm glad others donate. It is preserving history. It is just a matter of priority.
Every futurist claim I've ever heard has overestimated human capability and underestimated the impact of other things they possibly should have seen coming.
mmhm, for one thing, I wonder why there's no mention of what's going to replace/augment the relatively cheap fossil fuels of today. And point at some massive current developments in that area.
TEDx talks aren't science, they're popularization. Whereas investigating new and untried ideas scientifically is important, promulgating them to laymen isn't.
When Galileo made his discoveries he didn't start handing out pamphlets in the city square, he worked to persuade other astronomers first.
It isn't as if scientific discourse is off limits to non-professionals. Many journals are free, and you can probably get most at a good public library. But if you find journals to be too hard to read, then you don't know enough about the field to usefully have an opinion on heterodox viewpoints in it.
When Galileo made his discoveries he didn't start handing out pamphlets in the city square, he worked to persuade other astronomers first.
And when he failed at that, he did the equivalent of handing out pamphlets in the city square - he wrote a popular book. That is what he got punished for.
I don't even think they are popularization to be honest. As that would involve an effort to educate or inform about the state of the art. Neil deGrasse Tyson is an effective popularizer (but not a very good one); Richard Feynman excelled as a popularizer.
TEDx seems to be more about entertaining than informing a certain audience that attends because they want to feel part of the brand. It's like how Reader's Digest and Book-of-the-Month clubs formulated middlebrow culture and profited from middle class desire.
It could be argued that TEDx is the contemporary equivalent of salon culture that flourished in the 17th and 18th centuries. [0]
The thing that makes TED(x) interesting is the broad range of topics, new ideas and unknown facts being presented, even if they are on the fringe of science. It's supposed to provoke thought, questioning and insights. If instead it becomes just another platform for established, proven ideas, what makes it different from a guest speaker round in a local school?
Now granted, I'm still in (probably) the first third of my life, but one thing I've come to realize is that there is too much stuff for me to learn. Even if all I ever did was sit in a room and learn stuff, I would never learn it all. Not just that, but if I sat in a room and learned only the interesting stuff, I'd still probably croak from natural causes before finishing. And even if that was all I did, why would I want to just sit in a room learning stuff if I never had time to apply it and build interesting things?
Maybe you learn faster than me. So be it. But, given all that--that I don't even have enough time in my life to learn all the interesting, no, fascinating, things that are so boring as to be considered the current scientific consensus--why should I want to waste my time listening to things that are likely to be bullshit? I don't. I don't have time for bullshit, and neither should you. But the thing is this: Just because you exclude the bullshit it doesn't follow that you can't have talks that cover the cutting edge of research in science and the humanities.
First, there's a continuum here, with perpetual motion and crystals on one end, and "bacteria cause ulcers" on the other. We aren't required to toss out all judgment just because some bits of the line may be true. I myself have some beliefs that I would currently put around "bacteria cause ulcers" on the line, but that doesn't mean I have to believe in crystal healing.
Second, this is not a scientific forum. It's an educational one. It is not particularly obligated to give equal airing to any ideas. The ones in the "bacteria cause cancer" area can make for very interesting talks, especially if the presenter passes the test mentioned in the article (secure enough to acknowledge doubts), but if they choose to close the door on those so they can avoid crystal healing, that's a fine and valid choice.
Agreed, and I'd go further than you in saying that TEDx has a duty not to try to lead scientific discussion or research by presenting cutting edge information. They rightly identify that they have a role as a credible purveyor of science, but lack the domain expertise to do more than popularize the scientific consensus.
Which is fine: If they do nothing more than make the current consensus more easily available to everyone, that's a worthwhile activity in itself.
It's basically impossible for people outside the scientific community related to a specific field to independently test or verify extremely progressive science in that field; if scientists working in that field are unable or unwilling to validate extremely progressive theories that is a separate problem from the fact that, to the layman, those theories are entirely indistinguishable from pseudo-science.
I can understand why an organisation like TED would prefer to err on the side of false positives over true negatives when it comes to their bullshit detector.
"It's basically impossible for people outside the scientific community related to a specific field to independently test or verify extremely progressive science in that field..."
That's not necessarily true. For example, a statistician may not know anything about biology or medicine, but she could prove that a paper in a biomedical research journal was worthless by showing that the authors didn't get statistically significant results or made errors in their statistical computations.
Or someone with no knowledge of the field at all could notice that a paper that was cited as a supporting reference for a claim had been later withdrawn by its authors after being busted for scientific misconduct.
99.9999% of scientific discovery is incremental progress. Even general relativity didn't throw out Newton's work - it just added an entire new dimension to it (so to speak).
Good science isn't identical to the truth. Rather, science is a social process whereby large groups of imperfect humans with their various vanities and weaknesses can eventually converge on the truth. Someone might come up with an idea that happens to be true, but until it's tested it isn't good science - and we have easy way to know it's true.
For a popularizer of science, sticking to current consensus is fine, and a good way to avoid promoting pseudoscience. No one's claiming TEDx is the last word on these topics, or on science in general, and if they accomplish nothing more than making mainstream science more accessible, that's pretty good by itself.
Right. It's a tricky line to walk. But the TedX name grants a certain level of mainstream acceptance to ideas. And it seems like they're trying to prevent people from taking advantage of that to pimp their latest miracle, effort free, libido enhancing, hair increasing, bicep growing treatment.
An earlier comment mentioned that it's a question of what's the right forum to debate new ideas. Going to direct to the public is probably not the right one. Another hallmark of these hoaxes tends to be the notion that "main stream scientists don't want you to know" etc... It's trash.
I wish the letter had ended by admitting that it's tough to exactly define bad science but it's a lot like porn, you know it when you see it.
Yes, but all legitimate sciences (a) put forth falsifiable theories, and (b) abandon those theories that fail comparison with reality.
The fact that cosmologists don't perform laboratory experiments with miniature black holes doesn't reduce the scientific standing of cosmology, as long as there are equally persuasive sources of evidence to support the theories.
"Google today announced that it has 135 million active users checking their Google+ streams each month"
I usually check mine accidentally, one every few weeks. I have an account and lots of circles that are populated, but I don't post on it or look at others posts unless someone points me to something which happens once every month or two.
They should have stats on the number of hits G+ gets vs. FB. I know many of you use G+, but you are in a bubble. It isn't as big as FB and won't be anytime soon.
That sounds good. But developers aren't like that. We are concerned about getting the job done in a way that promotes our career and/or keeps us from getting fired, well- most of the time.
> I also think there should be a way for passionate, skilled programmers to differentiate themselves from the mainstream commodity bodies, and also to recognise one another, and demonstrate their value to potential employers. What could that be, and how could we make it work?
These are called certifications, and their value has diminished. Here's why:
Many of us survive by Google searching, using stackoverflow and better documented frameworks. And, there still aren't enough of us. Many of us feel we are overpaid, but most would never admit it.
By deciding on a way to determine who is proficient and who isn't, you risk a lot of people not being able to find work, and for what goal? Right now programming is an art. If you make it into a trade with the federal, state, or county regulations saying that the developer must be qualified in X, and they have tests for X (that become irrelevant daily), then you are going to (1) eliminate a lot of developers from the workforce and (2) stagnate the art because right now it develops at a faster pace than any of us can keep up with.